Your search keyword '"targeted attacks"' showing total 77 results

51. Exploring Reliable Strategies for Defending Power Systems Against Targeted Attacks.

Author

Chen, Guo, Dong, Zhao Yang, Hill, David J., and Xue, Yu Sheng

Subjects

*ELECTRIC power system security measures, *GAME theory, *RELIABILITY in engineering, *ALGORITHMS, *DECISION making, *COMPUTER simulation, *MATHEMATICAL programming

Abstract

Recently, game theory has been used to design optimized strategies for defending an electric power system against deliberate attacks. In this paper, we extend the current static model to a more generalized framework which includes several interaction models between defenders and attackers. A new criterion of reliable strategies for defending power systems has been derived. In addition, two allocation algorithms have been developed to seek reliable strategies for two types of defense tasks. The new criterion and algorithms are complementary to current security criteria and can provide useful information for decision-makers to protect their power systems against possible targeted attacks. Numerical simulation examples using the proposed methods are given as well. [ABSTRACT FROM PUBLISHER]

Published

2011

52. Semantics-aware detection of targeted attacks: a survey

Author

Luh, Robert, Marschalek, Stefan, Kaiser, Manfred, Janicke, Helge, and Schrittwieser, Sebastian

Published

2017

53. Cloud banking: An anonymous approach to mitigate insiders and targeted threats

Author

Singh, Utkarsh, Jaiswal, Sumit, and Singh, R. S.

Published

2016

54. Adversarial Attacks in Image Classification

Author

Sović, Iva and Šegvić, Siniša

Subjects

PGD, neprijateljski primjeri, TEHNIČKE ZNANOSTI. Računarstvo, usmjereni napadi, robustness, adversarial examples, untargeted attacks, adversarial attacks, TECHNICAL SCIENCES. Computing, FGSM, diferencijabilno programiranje, neprijateljski napadi, neusmjereni napadi, targeted attacks, robusnost, differentiable programming

Abstract

Ovaj rad dotiče temu diferencijabilnog programiranja kao novog pogleda na područje neuronskih mreža. Definiraju se neprijateljski napadi i opisuje njihova podjela na usmjerene i neusmjerene napade. Implementirana su tri modela na kojima je testirana dana teoretska podloga: dva potpuno povezana modela (s jednim i dva skrivena sloja) i konvolucijski model. U nastavku je opisano treniranje robusnih modela. Detaljno su opisani FGSM i PGD napadi. Predstavljen je kratak osvrt na programski okvir TensorFlow i skup podataka MNIST koji je korišten za testiranje teoretskih kocepata opisanih u radu. Potpuno povezani modeli (s jednim odnosno dva skrivena sloja) i konvolucijski model prilikom normalnog treniranja postižu točnost od oko 87%, 88% odnosno 97%. Prilikom neprijateljskih napada isti modeli za apsolutnu vrijednost neprijateljske perturbacije od 0.1 postižu točnost od 0.6%, 0.8% odnosno 2.3% kada se radi o PGD napadima. Za FGSM napade i jednaku vrijednost perturbacije točnosti su 3.6%, 1.3% i 27.9%. Treniranjem robusnih modela postignuto je poboljšanje u točnosti prilikom napada na 87% za vrijednost perturbacije 0.3. Dodatno, u radu je prikazana i programska implementacija opisanih napada. This work addresses the topic of differentiable programming as a new shift in perspective on the field of neural networks. The definition of adversarial attacks are presented, as well as their classification into two major groups: targeted and untargeted attacks. In the scope of this work, three different models were implemented and used for testing the theoretical background: two dense fully connected neural networks (with one and two hidden layers, respectively), and one convolutional model. The process of training these models is given, as well as a detailed description of the FGSM and PGD types of attacks. Further, the work presents a brief introduction to the TensorFlow library and the MNIST dataset. During the normal training procedure, the tested models achieved accuracies of 87%, 88% and 97% (respectively), while under adversarial attacks with perturbation of 0.1 the same models achieve accuracies of 0.6%, 0.8% and 2.3% (respectively) for the PGD type, and 3.6%, 1.3% and 27.9% for the FGSM type (respectively). By training the robust model, the accuracy was significantly improved, up to 87% for the perturbation value of 0.3. Additionally, this work also presents the software implementation of the described adversarial attacks.

Published

2019

55. Nodal vulnerability to targeted attacks in power grids

Author

Cetinay, Hale, Devriendt, Karel, and Van Mieghem, Piet

Published

2018

56. Nodal vulnerability to targeted attacks in power grids

Author

Çetinay Iyicil, H. (author), Devriendt, K.L.T. (author), Van Mieghem, P.F.A. (author), Çetinay Iyicil, H. (author), Devriendt, K.L.T. (author), and Van Mieghem, P.F.A. (author)

Abstract

Due to the open data policies, nowadays, some countries have their power grid data available online. This may bring a new concern to the power grid operators in terms of malicious threats. In this paper, we assess the vulnerability of power grids to targeted attacks based on network science. By employing two graph models for power grids as simple and weighted graphs, we first calculate the centrality metrics of each node in a power grid. Subsequently, we formulate different node-attack strategies based on those centrality metrics, and empirically analyse the impact of targeted attacks on the structural and the operational performance of power grids. We demonstrate our methodology in the high-voltage transmission networks of 5 European countries and in commonly used IEEE test power grids., Network Architectures and Services

Published

2018

57. Analysis and planning of power grids: A network perspective

Author

Çetinay Iyicil, H. (author) and Çetinay Iyicil, H. (author)

Abstract

Electric power has become an essential part of daily life: we plug our electronic devices in, switch our lights on, and expect to have power. As the availability of power is usually taken for granted in modern societies, we mostly feel annoyed at its absence and perceive the importance of power during outages which have severe effects on the public order. Blackouts have had disastrous consequences for many countries and they continue to occur frequently. Such examples demonstrate the necessity for careful analysis and planning of power grids, to ultimately increase the reliability of power grids. The power grids have evolved due to economic, environmental and human-caused factors. In addition to the contingency analysis, nowadays, the operation and planning of power grids are facing many other challenges (such as demand growth, targeted attacks, cascading failures, and renewable energy integration). Thus, many questions arise, including: which buses (nodes) to connect with a new line (link)? What are the impacts of malicious attacks on power grids? How may an initial failure result in a cascade of failures? How to prepare for the integration of renewable energy? Answering such questions requires developing new concepts and tools for analysing and planning of power grids. Power grids are one of the largest and the most complex man-made systems on earth. The complex nature of power grids and its underlying structure make it possible to analyse power grids relying on network science. The applications of network science on power grids have shown the promising potential to capture the interdependencies between components and to understand the collective emergent behaviour of complex power grids. This thesis is motivated by the increasing need of reliable power grids and the merits of network science on the investigation of power grids. In this context, relying on network science, we model and analyse the power grid and its near-future challenges in terms of line, Network Architectures and Services

Published

2018

58. Analysis and planning of power grids

Subjects

cascading failures, network science, targeted attacks, power grids, wind power, centrality metrics, sensitivity analyses

Abstract

Electric power has become an essential part of daily life: we plug our electronic devices in, switch our lights on, and expect to have power. As the availability of power is usually taken for granted in modern societies, we mostly feel annoyed at its absence and perceive the importance of power during outages which have severe effects on the public order. Blackouts have had disastrous consequences for many countries and they continue to occur frequently. Such examples demonstrate the necessity for careful analysis and planning of power grids, to ultimately increase the reliability of power grids. The power grids have evolved due to economic, environmental and human-caused factors. In addition to the contingency analysis, nowadays, the operation and planning of power grids are facing many other challenges (such as demand growth, targeted attacks, cascading failures, and renewable energy integration). Thus, many questions arise, including: which buses (nodes) to connect with a new line (link)? What are the impacts of malicious attacks on power grids? How may an initial failure result in a cascade of failures? How to prepare for the integration of renewable energy? Answering such questions requires developing new concepts and tools for analysing and planning of power grids.Power grids are one of the largest and the most complex man-made systems on earth. The complex nature of power grids and its underlying structure make it possible to analyse power grids relying on network science. The applications of network science on power grids have shown the promising potential to capture the interdependencies between components and to understand the collective emergent behaviour of complex power grids. This thesis is motivated by the increasing need of reliable power grids and the merits of network science on the investigation of power grids. In this context, relying on network science, we model and analyse the power grid and its near-future challenges in terms of line removals/additions, malicious attacks, cascading failures, and renewable integration.

Published

2018

59. Analysis and planning of power grids: A network perspective

Author

Çetinay Iyicil, H., Van Mieghem, P.F.A., Kuipers, F.A., and Delft University of Technology

Subjects

cascading failures, network science, targeted attacks, power grids, wind power, centrality metrics, sensitivity analyses

Abstract

Electric power has become an essential part of daily life: we plug our electronic devices in, switch our lights on, and expect to have power. As the availability of power is usually taken for granted in modern societies, we mostly feel annoyed at its absence and perceive the importance of power during outages which have severe effects on the public order. Blackouts have had disastrous consequences for many countries and they continue to occur frequently. Such examples demonstrate the necessity for careful analysis and planning of power grids, to ultimately increase the reliability of power grids. The power grids have evolved due to economic, environmental and human-caused factors. In addition to the contingency analysis, nowadays, the operation and planning of power grids are facing many other challenges (such as demand growth, targeted attacks, cascading failures, and renewable energy integration). Thus, many questions arise, including: which buses (nodes) to connect with a new line (link)? What are the impacts of malicious attacks on power grids? How may an initial failure result in a cascade of failures? How to prepare for the integration of renewable energy? Answering such questions requires developing new concepts and tools for analysing and planning of power grids.Power grids are one of the largest and the most complex man-made systems on earth. The complex nature of power grids and its underlying structure make it possible to analyse power grids relying on network science. The applications of network science on power grids have shown the promising potential to capture the interdependencies between components and to understand the collective emergent behaviour of complex power grids. This thesis is motivated by the increasing need of reliable power grids and the merits of network science on the investigation of power grids. In this context, relying on network science, we model and analyse the power grid and its near-future challenges in terms of line removals/additions, malicious attacks, cascading failures, and renewable integration.

Published

2018

60. Geographical interdependent robustness measures in transportation networks

Author

Rueda Pepinosa, Diego Fernando, Calle Ortega, Eusebi, and Universitat de Girona. Departament d'Arquitectura i Tecnologia de Computadors

Subjects

Propagación de fallos, Redes interdependientes, Sistemes de telecomunicació, Targeted attacks, Telecommunication systems, Xarxes interdependents, Robustez, Robustesa, Failure propagation, Sistemas de telecomunicación, 68 - Indústries, oficis i comerç d'articles acabats. Tecnologia cibernètica i automàtica, Propagació de fallades, Interdependent networks, Atacs dirigits, Ataques dirigidos, Robustness

Abstract

Most of transportation networks interacts with other to support our modern society way of life. The proper performance of interdependent networks depends on the normal operation of the networks that are interconnected. The aim of this thesis is to measure and analyze the robustness of different interdependent networks models under large-scale failures and, in particular, to consider interdependent networks where at least one of the networks is a telecommunication network. Both, the effects of different network models and the dynamic process of failure propagation between networks are considered. New interconnection strategies are proposed to improve the robustness of the interconnected networks by analyzing the vulnerability of networks to failures and targeted attacks. Moreover, an enhanced region-based interconnection model is proposed by considering a limit to the number of interlinks between the interconnected nodes. La mayoría de redes de transporte interactúan con otras para para soportar el modo de vida de la sociedad moderna. En las redes interdependientes, el correcto funcionamiento depende de la operación normal de las redes que están interconectadas. El objetivo de esta tesis es medir y analizar la robustez de diferentes modelos de redes interdependientes bajo fallas de gran escala y, en particular, considerar redes interdependientes donde al menos una de las redes es una red de telecomunicaciones. Los efectos de diferentes modelos de red y procesos dinámicos de propagación de fallos entre redes son considerados. Nuevas estrategias de interconexión son propuestas para mejorar la robustez de las redes interconectadas mediante el análisis de la vulnerabilidad de las redes a fallas y ataques dirigidos. Además, se propone un modelo mejorado para la interconexión basada en regiones considerando un límite para el número de enlaces de interconexión entre las redes interconectadas

Published

2018

61. Android botnets for multi-targeted attacks

Author

Hamon, Valentin

Published

2015

62. Assessing the effects of physical layer attacks on content accessibility and latency in optical CDNs

Author

da Silva, Carlos Natalino, Yayimli, Aysegul, Wosinska, Lena, Furdek, Marija, da Silva, Carlos Natalino, Yayimli, Aysegul, Wosinska, Lena, and Furdek, Marija

Abstract

Content Delivery Networks (CDNs) are a major enabler of large-scale content distribution for Internet applications. Many of these applications require high bandwidth and low latency for a satisfactory user experience, e.g., cloud gaming, augmented reality, tactile Internet and vehicular communications. Replication is one of the most prominent solutions to meet the requirements of latency-sensitive applications. However, infrastructure disruptions can greatly degrade the performance of such applications, or even cease their proper execution. The extent of degradation can be exacerbated by malicious attackers that target the critical elements of the CDN physical infrastructure to disconnect or severely degrade services., QC 20171002

Published

2017

63. Localisation of Attacks, Combating Browser-Based Geo-Information and IP Tracking Attacks

Author

Welch, Ian, Mansoori, Masood, Welch, Ian, and Mansoori, Masood

Abstract

Accessing and retrieving users’ browser and network information is a common practice used by advertisers and many online services to deliver targeted ads and explicit improved services to users belonging to a particular group. They provide a great deal of information about a user’s geographical location, ethnicity, language, culture and general interests. However, in the same way these techniques have proven effective in advertising services, they can be used by attackers to launch targeted attacks against specific user groups. Targeted attacks have been proven more effective against user groups than their blind untargeted counterparts (e.g.spam, phishing). Their detection is more challenging as the detection tools need to be located within the targeted user group. This is one of the challenges faced by security researchers and organisations involved in the detection of new malware and exploits, using client honeypots. Client honeypots are detection systems used in the identification of malicious web sites. The client honeypot needs to mimic users in a pre-defined location, system, network and personality for which the malware is intended. The case is amplified by the use of Browser Exploit Packs/kits (BEPs), supporting these features. BEPs provide simplicity in deployment of targeted malicious web sites. They allow attackers to utilise specific geographical locations, network information, visit patterns or browser header information obtained from a visiting user to determine if a user should be subjected to an attack. Malicious web sites that operate based on targeted techniques can disguise themselves as legitimate web sites and bypass detection. Benign content is delivered to attacker-specified users while avoiding delivery to suspicious systems such as well-known or possible subnets that may host client honeypots. A client honeypot deployed in a single location with a single IP address will fail to detect an attack targeted at users in different demographic and

Published

2017

64. Network Attack Detection and Defense (Dagstuhl Seminar 16361)

Author

Marc C. Dacier and Sven Dietrich and Frank Kargl and Hartmut König, Dacier, Marc C., Dietrich, Sven, Kargl, Frank, König, Hartmut, Marc C. Dacier and Sven Dietrich and Frank Kargl and Hartmut König, Dacier, Marc C., Dietrich, Sven, Kargl, Frank, and König, Hartmut

Abstract

This report documents the program and the outcomes of Dagstuhl Seminar 16361 "Network Attack Detection and Defense: Security Challenges and Opportunities of Software-Defined Networking". Software-defined networking (SDN) has attracted a great attention both in industry and academia since the beginning of the decade. This attention keeps undiminished. Security-related aspects of software-defined networking have only been considered more recently. Opinions differ widely. The main objective of the seminar was to discuss the various contrary facets of SDN security. The seminar continued the series of Dagstuhl events Network Attack Detection and Defense held in 2008, 2012, and 2014. The objectives of the seminar were threefold, namely (1) to discuss the security challenges of SDN, (2) to debate strategies to monitor and protect SDN-enabled networks, and (3) to propose methods and strategies to leverage on the flexibility brought by SDN for designing new security mechanisms. At the seminar, which brought together participants from academia and industry, we discussed the advantages and disadvantages of using software-defined networks from the security point of view. We agreed that SDN provides new possibilities to better secure networks, but also offers a number of serious security problems which require further research. The outcome of these discussions and the proposed research directions are presented in this report.

Published

2017

65. Assessing the effects of physical layer attacks on content accessibility and latency in optical CDNs

Author

Marija Furdek, Carlos Natalino, Aysegul Yayimli, and Lena Wosinska

Subjects

Engineering, Cloud gaming, content delivery networks, 02 engineering and technology, Communications system, Computer security, computer.software_genre, content accessibility, 0203 mechanical engineering, User experience design, 0202 electrical engineering, electronic engineering, information engineering, targeted attacks, Latency (engineering), latency, business.industry, Communication Systems, Physical layer, 020302 automobile design & engineering, 020206 networking & telecommunications, Content delivery, The Internet, Augmented reality, link cut attacks, business, computer, Kommunikationssystem, Computer network

Abstract

Content Delivery Networks (CDNs) are a major enabler of large-scale content distribution for Internet applications. Many of these applications require high bandwidth and low latency for a satisfactory user experience, e.g., cloud gaming, augmented reality, tactile Internet and vehicular communications. Replication is one of the most prominent solutions to meet the requirements of latency-sensitive applications. However, infrastructure disruptions can greatly degrade the performance of such applications, or even cease their proper execution. The extent of degradation can be exacerbated by malicious attackers that target the critical elements of the CDN physical infrastructure to disconnect or severely degrade services. QC 20171002

Published

2017

66. The Contemporary Software Security Landscape.

Author

Ahmad, D.

Abstract

Microsoft's release of Windows Vista marks the arrival of a new era for software security. Fundamental changes have gradually occurred, bringing us to a point now where the threat landscape no longer resembles what it was just a few years ago. Vista's release is ideal to consider as a culmination point; it's from here that software attack strategies will move into new directions. In this article, the author examines some of these new directions, as well as some of the changes related to Vista that most encapsulate the current threat landscape for software security. Eight characterirstics most strongly define the new software security threat landscape. Let's take a look at them: actualization of Web vulnerability threats; advances in code analysis; more advanced techniques; client-side vulnerabilities; remote exploitation; targeted attacks; sale of vulnerability information; and anti-exploitation technology. [ABSTRACT FROM PUBLISHER]

Published

2007

67. Systematic Review and Quantitative Comparison of Cyberattack Scenario Detection and Projection.

Author

Kovačević, Ivan, Groš, Stjepan, and Slovenec, Karlo

Subjects

META-analysis, DATA mining, SITUATIONAL awareness, KNOWLEDGE base

Abstract

Intrusion Detection Systems (IDSs) automatically analyze event logs and network traffic in order to detect malicious activity and policy violations. Because IDSs have a large number of false positives and false negatives and the technical nature of their alerts requires a lot of manual analysis, the researchers proposed approaches that automate the analysis of alerts to detect large-scale attacks and predict the attacker's next steps. Unfortunately, many such approaches use unique datasets and success metrics, making comparison difficult. This survey provides an overview of the state of the art in detecting and projecting cyberattack scenarios, with a focus on evaluation and the corresponding metrics. Representative papers are collected while using Google Scholar and Scopus searches. Mutually comparable success metrics are calculated and several comparison tables are provided. Our results show that commonly used metrics are saturated on popular datasets and cannot assess the practical usability of the approaches. In addition, approaches with knowledge bases require constant maintenance, while data mining and ML approaches depend on the quality of available datasets, which, at the time of writing, are not representative enough to provide general knowledge regarding attack scenarios, so more emphasis needs to be placed on researching the behavior of attackers. [ABSTRACT FROM AUTHOR]

Published

2020

68. Using a random road graph model to understand road networks robustness to link failures.

Author

Sohouenou, Philippe Y.R., Christidis, Panayotis, Christodoulou, Aris, Neves, Luis A.C., and Presti, Davide Lo

Abstract

Disruptions to the transport system have a greater impact on society and the economy now than ever before due to the increased interconnectivity and interdependency of the economic sectors. The ability of transport systems to maintain functionality despite various disturbances (i.e. robustness) is hence of tremendous importance and has been the focus of research seeking to support transport planning, design and management. These approaches and findings may nevertheless be only valid for the specific networks studied. The present study attempts to find universal insights into road networks robustness by exploring the correlation between different network attributes and network robustness to single, multiple, random and targeted link failures. For this purpose, the common properties of road graphs were identified through a literature review. On this basis, the GREREC model was developed to randomly generate a variety of abstract networks presenting the topological and operational characteristics of real-road networks, on which a robustness analysis was performed. This analysis quantifies the difference between the link criticality rankings when only single-link failures are considered as opposed to when multiple-link failures are considered and the difference between the impact of targeted and random attacks. The influence of the network attributes on the network robustness and on these two differences is shown and discussed. Finally, this analysis is also performed on a set of real road networks to validate the results obtained with the artificial networks. [ABSTRACT FROM AUTHOR]

Published

2020

69. Proposed Approach for Targeted Attacks Detection

Author

Ghafir Ibrahim and Přenosil Václav

Subjects

Cyber attacks, targeted attacks, advanced persistent threat, malware, intrusion detection system, Kybernetické útoky, cílené útoky, pokročilé přetrvávající hrozby, systém detekce narušení

Abstract

For years governments, organizations and companies have made great efforts to keep hackers, malware, cyber attacks at bay with different degrees of success. On the other hand, cyber criminals and miscreants produced more advanced techniques to compromise Internet infrastructure. Targeted attack or advanced persistent threat (APT) attack is a new challenge and aims to accomplish a specific goal, most often espionage. APTs are presently the biggest threat to governments and organizations. This paper states research questions and propose a novel approach to intrusion detection system processes network traffic and able to detect potential APT attack. This detection of APT attack is based on the correlation between the events which we get as outputs of our detection methods. Each detection method aims to detect one technique used in one of APT attack steps. Provozovatelé a uživatelé počítačových sítí se dlouhou dobu snaží eliminovat vliv hackerů a jejich škodlivého SW na své informační systémy s různým stupněm úspěšnosti. Na druhou stranu, počítačoví zločinci vytvářejí stále důmyslnější techniky pro kompromitaci internetové infrastruktury. Cílený útok typu pokročilá trvalá hrozba (APT) je novou metodou jak ovládnout atakovanou síť. APT jsou v současnosti největší hrozbou pro státní instituce a jejich organizace. Tento článek diskutuje související teoretický otázky a navrhnuje nový přístup ke struktuře systému detekcí průniků, který zpracovává síťový provoz a schopen odhalit potenciální APT útoky. Tato detekce APT útoků je založena na korelaci mezi událostmi, které získáme jako výstupy našich detekčních metod. Každá metoda detekce si klade za cíl odhalit jednu techniku používanou v jednom z kroků APT kroku. For years governments, organizations and companies have made great efforts to keep hackers, malware, cyber attacks at bay with different degrees of success. On the other hand, cyber criminals and miscreants produced more advanced techniques to compromise Internet infrastructure. Targeted attack or advanced persistent threat (APT) attack is a new challenge and aims to accomplish a specific goal, most often espionage. APTs are presently the biggest threat to governments and organizations. This paper states research questions and propose a novel approach to intrusion detection system processes network traffic and able to detect potential APT attack. This detection of APT attack is based on the correlation between the events which we get as outputs of our detection methods. Each detection method aims to detect one technique used in one of APT attack steps.

Published

2016

70. Automated detection and classification of malware used in targeted attacks via machine learning

Author

Korkmaz, Yakup, Körpeoğlu, İbrahim, and Bilgisayar Mühendisliği Anabilim Dalı

Subjects

Advanced Persistent Threats, Targeted attacks, Targeted malware classi cation, Dynamic analysis, Dynamic features, Memory analysis, Computer Engineering and Computer Science and Control, Bilgisayar Mühendisliği Bilimleri-Bilgisayar ve Kontrol

Abstract

Hedefli saldırılar devlet ve ticari kurumlar için büyük bir tehdit oluşturmaktadır. Her yıl giderek artan sayıda hedefli saldırı, özellikle Gelişmiş Sürekli Tehditler, çeşitli siber güvenlik firmaları tarafından tespit edilerek ortaya çıkarılmaktadır. Bu saldırıların temel özellikleri, iyi finanse edilen ve yetenekli aktörlerin devamlı olarak belirli kurumları hedef alması, karmaşık araç ve tekniklerin kullanımı, tespit edilene kadar sızılan ortamlarda uzun süreli kalınması ve gizli faaliyet yürütülmesidir. Zararlı yazılımlar hedefli saldırılarda sistemlerin ele geçirilmesi, kalıcılığın sağlanması, aktörlerle haberleşme, komutların yerine getirilmesi gibi çeşitli görevlerde çok hayati bir rol oynar. Gizli çalışma doğası gereği hedefli saldırılarda kullanılan zararlı yazılımların dinamik olarak kontrollü sanal bir ortamda incelendiğinde geleneksel zararlı yazılımlara göre farklı davranması beklenir.Bu tezde hedefli saldırılarda kullanılan zararlı yazılımlara odaklandık ve hedefli zararlı yazılımları davranışsal ve hafıza öznitelikleri kullanarak makine öğrenimi yoluyla tespit eden ve sınıflandıran bir yöntem sunduk. Çalışmanın hedefli zararlı yazılımların sınıflandırıldığı ve davranışsal özniteliklere hafıza özniteliklerinin eklendiği literatürdeki ilk çalışma olduğunu belirtmek gerekir. Sunulan yöntem, geleneksel ve hedefli zararlı yazılımların dinamik analiz sisteminde hafıza analizi aracıyla birlikte çalıştırılması, analiz raporlarında bulunan davranışsal ve hafıza izlerinden ayırt edici özniteliklerin çıkartılması ve çıkartılan öznitelikler üzerinde makine öğrenmesi uygulanması adımlarını içermektedir. Hedefli zararlı yazılımları daha etkili sınıflandırmak üzere yeni davranışsal ve hafıza öznitelikleri tanımlandı. Yöntem, hedefli ve geleneksel zararlı yazılımlardan oluşan bir veri kümesi üzerinde farklı gözetimli öğrenme algoritmaları ile test edilerek değerlendirildi. Elde edilen sonuçlar, dinamik analiz sonuçlarından davranışsal ve hafıza öznitelikleri çıkartılıp makine öğrenimi kullanılarak hedefli zararlı yazılımların başarılı bir şekilde tespit edilip sınıflandırılabileceğini gösterdi. Targeted attacks pose a great threat to governments and commercial entities. Increasing number of targeted attacks, especially Advanced Persistent Threats, are being discovered and exposed in each year by various cyber security organizations. Key characteristics of these attacks are well-funded and skilled actors persistently targeting specific entities, sophisticated tools and tactics, long-time presence in breached environments before detection and stealth operation. Malware plays a crucial role in a targeted attack for various tasks such as compromising systems, maintaining presence, communicating with the operators, carrying out commands, etc. Because of its stealthy nature, malware used in targeted attacks is expected to act different than the traditional malware when it is dynamically analyzed in a sandbox environment.In this thesis we focused on the malware used in targeted attacks and present a method to automatically detect and classify targeted malware through machine learning using behavioral and memory features. It's worth noting that it is a first work published in the literature that classifies targeted malware and incorporates memory features into the dynamic features. The method comprises the steps of running both traditional and targeted malware in a dynamic analysis system along with a memory analysis tool, extracting features from behavioral and memory artifacts found in analysis results and employing machine learning on the extracted features. New behavioral and memory features were defined in order to classify targeted malware more effectively. Method is then evaluated over a dataset comprised of targeted and traditional malware with different supervised learning algorithms. The results show that machine learning can be employed successfully to automatically detect and classify targeted malware from dynamic analysis results using behavioral and memory features. 53

Published

2015

71. Threat actors go to new depths to carry out devastating attacks.

Author

Enterprise Innovation editors

Subjects

INTERNET security, DATA security, INTERNET safety, CYBERTERRORISM

Abstract

According to Kaspersky Lab's predictions for 2019, the year ahead will see the APT world split into two groups: energetic, inexperienced newcomers; and traditional, well-resourced and most advanced actors. [ABSTRACT FROM AUTHOR]

Published

2018

72. Réseaux de transport complexes : résilience, modélisation et optimisation

Author

Holovatch, Taras, Groupe de Physique statistique = Statistical Physics Group [Institut Jean Lamour] (Equipe 106, IJL), Institut Jean Lamour (IJL), Institut de Chimie du CNRS (INC)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut de Chimie du CNRS (INC)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS), Université Henri Poincaré - Nancy 1, and Bertrand Berche

Subjects

effet harnais, preferential attachment, attaque ciblée, graph theory, [PHYS.PHYS.PHYS-SOC-PH]Physics [physics]/Physics [physics]/Physics and Society [physics.soc-ph], vulnerability, self-avoiding walk, complex networks, modèle du bus radial, radial bus model, réseau de transport public, résilience, random walk, attachement préférentiel, réseaux complexes, percolation, harness effect, marche aléatoire auto-évitante, théorie des graphes, vulnérabilité, targeted attacks, public transport network

Abstract

In this study, we have performed a comprehensive analysis of public transport networks(PTN) combining tools of complex network theory, computer modelling, and analytical calculations. We have started from an empirical analysis of the PTN of 14 major cities of the world and have determined their principal characteristics in terms of the complex network theory. Our empirical analysis gives a strong evidence, that the networks under consideration appear to be strongly correlated small-world structures with high values of clustering coefficients and comparatively low mean shortest path values. We further have introduced several PTN models. This was done both in 2d and 1d embedding spaces. In particular, our model of mutually interacting self-avoiding walks in 2d captures both special features of PTN as well as generating profiles of network characteristics in the various representations. We continued our analysis by studying the behavior of PTN under attacks. This enabled us to propose criteria that allow an a priori estimate of PTN robustness.; Dans cette étude, nous produisons une analyse des réseaux de transport publics (acronyme PTN en anglais) en combinant des outils de la théorie des réseaux complexes, des simulations numériques et des approches analytiques. Nous avons commencé par une analyse empirique des PTN de 14 villes importantes dans le monde et en avons déterminé les principales caractéristiques en termes de réseaux complexes. Cette apporche empirique montre que les PTN apparaissent comme des réseaux ("small world") fortement corrélés avec des "coefficients d'agrégation" élevés et des "distances les plus courtes moyennes" comparativement faibles. Nous avons ensuite introduit divers modèles de PTN à 1 et 2 dimensions. Le modèle de marches aléatoires auto-évitantes (SAW) en interactions mutuelles capture certaines des propriété statistiques des PTN dans les divers modes de représentation. Nous avons poursuivi cette étude en examinant la résistance des PTN à divers scénarios d'attaques, ce qui permet de définir des critères de robustesse des réseaux considérés.

Published

2011

73. Securing Critical Infrastructures from Targeted Attacks (Dagstuhl Seminar 12502)

Author

Marc Dacier and Frank Kargl and Alfonso Valdes, Dacier, Marc, Kargl, Frank, Valdes, Alfonso, Marc Dacier and Frank Kargl and Alfonso Valdes, Dacier, Marc, Kargl, Frank, and Valdes, Alfonso

Abstract

This report documents the program and the outcomes of Dagstuhl Seminar 12502 "Securing Critical Infrastructures from Targeted Attacks". Through a series of presentations, discussions, and working group meetings, the seminar achieved to shape a clearer picture of what actually constitutes a targeted attack on a critical infrastructure and defined the terms PEST (persistent, sophisticated and targeted) attacks and Critical Cyber Infrastructure in this context. This clearer view will hopefully help the research community and industry to address such threats in a more consistent and holistic way.

Published

2013

74. The Effects of Observation Errors on the Attack Vulnerability of Complex Networks

Author

MITRE CORP MCLEAN VA, Booker, Lashon B, MITRE CORP MCLEAN VA, and Booker, Lashon B

Abstract

Identifying the key nodes to target in a social network is an important problem in several application areas, including the disruption of terrorist networks and the crafting of effective immunization strategies. One important issue that has received limited attention is how such targeting strategies are affected by erroneous data about network structure. This paper describes simulation experiments that investigate this issue.

Published

2012

75. Abwehr-Strategien gegen Targeted Attacks.

Author

Jetter, Klaus

Abstract

Copyright of Bank is the property of Bank-Verlag Medien GmbH and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2014

76. Spotlight: Microsoft adds threat analytics, document tracking to EMS.

Author

Donovan, Fred

Subjects

MOBILE computing, COUNTERTERRORISM, CYBERTERRORISM, COMPUTER software

Abstract

The article reports on the expansion of the Enterprise Mobility Suite and Azure Rights Management offerings of technology company Microsoft Corp. with the addition of advanced threat analytics and document tracking solutions.

Published

2015

77. Detecting Targeted Malicious Email.

Author

Amin, Rohan, Ryan, Julie, and van Dorp, Johan

Abstract

Targeted malicious emails (TME) for computer network exploitation have become more insidious and more widely documented in recent years. Beyond spam or phishing designed to trick users into revealing personal information, TME can exploit computer networks and gather sensitive information. They can consist of coordinated and persistent campaigns that can span years. A new email-filtering technique based on email's persistent-threat and recipient-oriented features with a random forest classifier outperforms two traditional detection methods, SpamAssassin and ClamAV, while maintaining reasonable false positive rates. [ABSTRACT FROM PUBLISHER]

Published

2012