Search

Your search keyword '"Jin B. Hong"' showing total 88 results
Start Over Author "Jin B. Hong"
88 results on '"Jin B. Hong"'

1. On the Effectiveness of Perturbations in Generating Evasive Malware Variants

Author

Beomjin Jin, Jusop Choi, Jin B. Hong, and Hyoungshick Kim

Subjects
Malware detection, malware mitigation, malware analysis, malware generation, metamorphic malware, genetic algorithm, Electrical engineering. Electronics. Nuclear engineering, TK1-9971
Abstract

Malware variants are generated using various evasion techniques to bypass malware detectors, so it is important to understand what properties make them evade malware detection techniques. To do this, a framework is proposed to effectively generate fully-working, unseen malware samples on Windows portable executable (PE) files with various perturbations such as code obfuscation and benign Section addition. Using this framework, we were able to bypass various commercial anti-malware solutions (e.g., BitDefender, AVG, Kaspersky, and Avast) using the generated malware variants, with up to 86% more evasiveness than the original malware samples, and up to 28% more evasive compared with our previously proposed solution FUMVar. Our results are useful in terms of improving malware detection techniques, by analyzing different perturbations and their effectiveness, which leads to a better understanding of how malware variants could be generated that are more evasive and which malware categories they belong to. We found that the most effective perturbation is the code obfuscation using XOR– the malware variants generated by the code obfuscation can evade the detection of 28 anti-malware engines on average. Therefore, our experimental results and observations would be useful to develop anti-malware solutions that would be effective in detecting malware variants that have not been seen previously.

Published
2023
Full Text
View/download PDF

2. Toward Automated Security Analysis and Enforcement for Cloud Computing Using Graphical Models for Security

Author

Seongmo An, Asher Leung, Jin B. Hong, Taehoon Eom, and Jong Sou Park

Subjects
Cloud computing, cloud security, graphical security models, security assessment, Electrical engineering. Electronics. Nuclear engineering, TK1-9971
Abstract

Cloud computing has become widely adopted by businesses for hosting applications with improved performance at a fraction of the operational costs and complexity. The rise of cloud applications has been coupled with an increase in security threat vectors and vulnerabilities. In this paper, we propose a new security assessment and enforcement tool for the cloud named CloudSafe, which provides an automated security assessment and enforce best security control for the cloud by collating various security tools. To demonstrate the applicability and usability of CloudSafe, we implemented CloudSafe and conducted security assessment in Amazon AWS. Also, we analyzed four different security countermeasure options in depth; Vulnerability Patching, Virtual Patching, Network Hardening and Moving Target Defence. Virtual Patching, Network Hardening and Moving Target Defence were determined to be feasible with regards to deployment implementation for the project. Proof of concepts were developed demonstrating the effectiveness of each feasible countermeasure option. These results indicate that the proposed tool CloudSafe is effective and efficient in helping security administrators to select optimal countermeasures to secure their cloud by conducting an in-depth security assessment.

Published
2022
Full Text
View/download PDF

3. A Privacy-Preserving Framework Using Homomorphic Encryption for Smart Metering Systems

Author

Weiyan Xu, Jack Sun, Rachel Cardell-Oliver, Ajmal Mian, and Jin B. Hong

Subjects
smart metering system, homomorphic encryption, trust boundary, Chemical technology, TP1-1185
Abstract

Smart metering systems (SMSs) have been widely used by industrial users and residential customers for purposes such as real-time tracking, outage notification, quality monitoring, load forecasting, etc. However, the consumption data it generates can violate customers’ privacy through absence detection or behavior recognition. Homomorphic encryption (HE) has emerged as one of the most promising methods to protect data privacy based on its security guarantees and computability over encrypted data. However, SMSs have various application scenarios in practice. Consequently, we used the concept of trust boundaries to help design HE solutions for privacy protection under these different scenarios of SMSs. This paper proposes a privacy-preserving framework as a systematic privacy protection solution for SMSs by implementing HE with trust boundaries for various SMS scenarios. To show the feasibility of the proposed HE framework, we evaluated its performance on two computation metrics, summation and variance, which are often used for billing, usage predictions, and other related tasks. The security parameter set was chosen to provide a security level of 128 bits. In terms of performance, the aforementioned metrics could be computed in 58,235 ms for summation and 127,423 ms for variance, given a sample size of 100 households. These results indicate that the proposed HE framework can protect customer privacy under varying trust boundary scenarios in SMS. The computational overhead is acceptable from a cost–benefit perspective while ensuring data privacy.

Published
2023
Full Text
View/download PDF

4. Do Many Models Make Light Work? Evaluating Ensemble Solutions for Improved Rumor Detection

Author

Younghwan Kim, Huy Kang Kim, Hyoungshick Kim, and Jin B. Hong

Subjects
Feature analysis, machine learning, rumor detection, social media, ensemble solution, Twitter, Electrical engineering. Electronics. Nuclear engineering, TK1-9971
Abstract

There have been many efforts to detect rumors using various machine learning (ML) models, but there is still a lack of understanding of their performance against different rumor topics and available features, resulting in a significant performance degrade against completely new and unseen (unknown) rumors. To address this issue, we investigate the relationship between ML models, features, and rumor topics to select the best rumor detection model under specific conditions using 13 different ML models. Our experiment results demonstrate that there is no clear winner among the ML models in all different rumor topics with respect to the detection performance. To overcome this problem, a possible way is to use an ensemble of ML models. Although previous work presents an improved detection of rumors using ensemble solutions (ES), their evaluation did not consider detecting unknown rumors. Further, they did not present nor evaluate the configuration of the ES to ensure that it indeed performs better than using a single ML model. Based on these observations, we propose to evaluate the use of an ES by examining their unknown rumor detection performance compared with single ML models but as well as different configurations of the ESes. Our experimental results using real-world datasets found that an ES of Random Forest, XGBoost and Multilayer perceptron overall produced the best F1 score of 0.79 for detecting unknown rumors, a significant improvement compared with a single best ML model which only achieved a 0.58 F1 score. We also showed that not all ESes are the same, with significantly degraded detection and large variations in performance when different ML models are used to construct the ES. Hence, it is infeasible to rely on any single ML model-based rumor detector. Finally, our solution also performed better than other recent detectors, such as eventAI and NileTMRG that performed similar to using a single ML model - making it a much more attractive solution to detect unknown rumors in practice.

Published
2020
Full Text
View/download PDF

5. A Systematic Approach to Threat Modeling and Security Analysis for Software Defined Networking

Author

Taehoon Eom, Jin B. Hong, Seongmo An, Jong Sou Park, and Dong Seong Kim

Subjects
Attack graphs, graphical security models, security analysis, software defined networking, Electrical engineering. Electronics. Nuclear engineering, TK1-9971
Abstract

Software Defined Networking (SDN) extends capabilities of existing networks by providing various functionalities, such as flexible networking controls. However, there are many security threat vectors in SDN, including existing and emerging ones arising from new functionalities, that may hinder the use of SDN. To tackle this problem, many countermeasures have been developed to mitigate various threats faced in SDN. However, their effectiveness must be analyzed and compared to fully understand how security posture of SDN changes when the countermeasure is adopted. Also, it becomes difficult to optimize the security of SDN without using a systematic approach to evaluate the security posture of SDN. In this paper, we propose a novel framework to systematically model and analyze the security posture of SDN. We develop a novel graphical security model formalism named Threat Vector Hierarchical Attack Representation Model (TV-HARM), which provides a systematic approach to evaluate threats, attacks and countermeasures for SDN. The TV-HARM captures different threats and their combinations, enabling security risk assessment of SDN. In addition, we define three new security metrics to represent security of SDN. Our experimental results showed that the proposed security assessment framework can capture and evaluate various security threats to SDN, demonstrating the applicability and feasibility of the proposed framework.

Published
2019
Full Text
View/download PDF

23. Quantifying Satisfaction of Security Requirements of Cloud Software Systems

Author

Jin B. Hong, Noora Fetais, Dong Seong Dan Kim, Rachael Fernandez, Khaled M. Khan, and Armstrong Nhlabatsi

Subjects
Structure (mathematical logic), Requirements engineering, Computer Networks and Communications, Computer science, business.industry, Cloud computing, Satisfiability, Field (computer science), Computer Science Applications, Risk analysis (engineering), Hardware and Architecture, Software system, Software requirements, business, Boolean data type, Software, Information Systems
Abstract

The satisfaction of a software requirement is commonly stated as a Boolean value, that is, a security requirement is either satisfied (true) or not (false). However, a discrete Boolean value to measure the satisfaction level of a security requirement by deployed mechanisms is not very useful. Rather, it would be more effective if we could quantify the level of satisfaction of security requirements on a continuous scale. We propose an approach to achieve this for cloud software systems based on relationships between defense strength, exploitability of vulnerabilities, and attack severity. We extend the concept of entailment relationship from the field of requirements engineering with the satisfiability aspects of security requirements. The proposed approach enables us to systematically structure security concepts into three sets of related descriptions to quantify the satisfaction level of security requirements with the deployed security solutions. To demonstrate the feasibility of the proposed approach, we evaluate the approach in a case study. As a result, security administrators are able to deploy more effective and appropriate security solutions based on their assessment.

Published
2023

38. Threat-Specific Security Risk Evaluation in the Cloud

Author

Alaa Hussein, Jin B. Hong, Khaled M. Khan, Noora Fetais, Dong Seong Kim, Armstrong Nhlabatsi, and Rachael Fernandez

Subjects
Security administrator, 021110 strategic, defence & security studies, Computer Networks and Communications, Computer science, business.industry, 0211 other engineering and technologies, 020206 networking & telecommunications, Cloud computing, 02 engineering and technology, Computer security, computer.software_genre, Asset (computer security), Computer Science Applications, Risk evaluation, Outsourcing, Hardware and Architecture, Order (exchange), 0202 electrical engineering, electronic engineering, information engineering, business, computer, Software, Risk management, Information Systems, Vulnerability (computing)
Abstract

Existing security risk evaluation approaches (e.g., asset-based) do not consider specific security requirements of individual cloud computing clients in the security risk evaluation. In this paper, we propose a threat-specific risk evaluation approach that uses various security attributes of the cloud (e.g., vulnerability information, the probability of an attack, and the impact of each attack associated with the identified threat(s)) as well as the client-specific security requirements in the cloud. Our approach allows a security administrator of the cloud provider to make fine-grained decisions for selecting mitigation strategies in order to protect the outsourced computing assets of individual clients based on their specific security needs against specific threats. This is different from the existing asset-based approaches where they do not have the functionalities to provide the security evaluation of the cloud with respect to specific threats. On the other hand, the proposed approach enables security administrators to compute a range of more effective client-specific countermeasures with respect to the importance of security requirements and threats. The experimental evaluation results demonstrate that effective security solutions vary due to specific threats prioritized by different clients for an application in the cloud. Further, the proposed approach is not limited to only the cloud-based systems, but can easily be adopted to other networked systems. We have also developed a software tool to support the proposed approach.

Published
2021

39. Do Many Models Make Light Work? Evaluating Ensemble Solutions for Improved Rumor Detection

Author

Huy Kang Kim, Younghwan Kim, Hyoungshick Kim, and Jin B. Hong

Subjects
General Computer Science, Computer science, social media, Twitter, 02 engineering and technology, Machine learning, computer.software_genre, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, General Materials Science, Light Work, Feature analysis, business.industry, General Engineering, rumor detection, ensemble solution, Rumor, Random forest, machine learning, Multilayer perceptron, Detection performance, 020201 artificial intelligence & image processing, Artificial intelligence, lcsh:Electrical engineering. Electronics. Nuclear engineering, F1 score, business, computer, lcsh:TK1-9971
Abstract

There have been many efforts to detect rumors using various machine learning (ML) models, but there is still a lack of understanding of their performance against different rumor topics and available features, resulting in a significant performance degrade against completely new and unseen (unknown) rumors. To address this issue, we investigate the relationship between ML models, features, and rumor topics to select the best rumor detection model under specific conditions using 13 different ML models. Our experiment results demonstrate that there is no clear winner among the ML models in all different rumor topics with respect to the detection performance. To overcome this problem, a possible way is to use an ensemble of ML models. Although previous work presents an improved detection of rumors using ensemble solutions (ES), their evaluation did not consider detecting unknown rumors. Further, they did not present nor evaluate the configuration of the ES to ensure that it indeed performs better than using a single ML model. Based on these observations, we propose to evaluate the use of an ES by examining their unknown rumor detection performance compared with single ML models but as well as different configurations of the ESes. Our experimental results using real-world datasets found that an ES of Random Forest, XGBoost and Multilayer perceptron overall produced the best F1 score of 0.79 for detecting unknown rumors, a significant improvement compared with a single best ML model which only achieved a 0.58 F1 score. We also showed that not all ESes are the same, with significantly degraded detection and large variations in performance when different ML models are used to construct the ES. Hence, it is infeasible to rely on any single ML model-based rumor detector. Finally, our solution also performed better than other recent detectors, such as eventAI and NileTMRG that performed similar to using a single ML model - making it a much more attractive solution to detect unknown rumors in practice.

Published
2020

40. ARGH!

Author

Thai Nguyen, Larry Huynh, Jin B. Hong, Joshua Goh, and Hyoungshick Kim

Subjects
Computer science, Human–computer interaction, TheoryofComputation_ANALYSISOFALGORITHMSANDPROBLEMCOMPLEXITY, media_common.quotation_subject, Quality (business), Rumor, media_common, Task (project management)
Abstract

It is still challenging to effectively identify rumors due to rapid changes in people's interests and perceptions. To enhance rumor detectors, we first need to better understand which rumors are effective (in terms of bypassing detection) and their characteristics. In this paper, we introduce ARGH, a novel framework to automatically generate rumors using recent advancements in natural language processing, customized to target and generate specific topics. To show the effectiveness of ARGH, we conducted a user study with 212 participants and analyzed how well humans can detect the rumors generated by ARGH, and we also tested its performance against the state-of-the-art rumor detection model PLAN [17]. Surprisingly, the experimental results demonstrate that the generated rumors are significantly harder to identify as rumors than hand-written rumors, degrading the detection accuracy by both humans and machines by 18.87% and 17.62%, respectively. We believe that ARGH will be a useful tool to obtain high quality and evasive rumor datasets quickly, which is often a tedious and time consuming task. Further, our analysis results provide valuable insight into how to characterize evasive rumors and how they can be generated, which will help to enhance the existing rumor detection techniques.

Published
2021

41. Systematic identification of threats in the cloud: A survey

Author

Dong Seong Kim, Khaled M. Khan, Alaa Hussein, Noora Fetais, Armstrong Nhlabatsi, and Jin B. Hong

Subjects
Exploit, Computer Networks and Communications, business.industry, Computer science, Vulnerability, Threat identification, 020206 networking & telecommunications, Cloud computing, Provisioning, 02 engineering and technology, Attack surface, Computer security, computer.software_genre, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Elasticity (cloud computing), Countermeasure, Threats classification, Threat model, Vulnerabilities, 0202 electrical engineering, electronic engineering, information engineering, Attack classification, 020201 artificial intelligence & image processing, business, computer
Abstract

When a vulnerability is discovered in a system, some key questions often asked by the security analyst are what threat(s) does it pose, what attacks may exploit it, and which parts of the system it affects. Answers to those questions provide the necessary information for the security assessment and to implement effective countermeasures. In the cloud, this problem is more challenging due to the dynamic characteristics, such as elasticity, virtualization, and migration - changing the attack surface over time. This survey explores threats to the cloud by investigating the linkages between threats, attacks and vulnerabilities, and propose a method to identify threats systematically in the cloud using the threat classifications. First, we trace vulnerabilities to threats by relating vulnerabilities-to-attacks, and then relating attacks-to-threats. We have established the traceability through an extensive literature review and synthesis that resulted in a classification of attacks in the cloud, where we use the Microsoft STRIDE threat modeling approach as a guide for relating attacks to threats. Our approach is the genesis towards a concrete method for systematically identifying potential threats to assets provisioned and managed through the cloud. We demonstrate the approach through its application using a cloud deployment case study scenario. This paper was made possible by Grant NPRP8-531-1-111 from Qatar National Research Fund (QNRF) Scopus

Published
2019

42. Model-based Cybersecurity Analysis: Past Work and Future Directions

Author

Mengmeng Ge, Dong Seong Kim, Jin B. Hong, and Simon Yusuf Enoch

Subjects
FOS: Computer and information sciences, Security analysis, Computer Science - Cryptography and Security, business.industry, Computer science, Usability, Cloud computing, Computer security model, Computer security, computer.software_genre, Variety (cybernetics), Tree (data structure), Hybrid security, Scalability, business, Cryptography and Security (cs.CR), computer
Abstract

Model-based evaluation in cybersecurity has a long history. Attack Graphs (AGs) and Attack Trees (ATs) were the earlier developed graphical security models for cybersecurity analysis. However, they have limitations (e.g., scalability problem, state-space explosion problem, etc.) and lack the ability to capture other security features (e.g., countermeasures). To address the limitations and to cope with various security features, a graphical security model named attack countermeasure tree (ACT) was developed to perform security analysis by taking into account both attacks and countermeasures. In our research, we have developed different variants of a hierarchical graphical security model to solve the complexity, dynamicity, and scalability issues involved with security models in the security analysis of systems. In this paper, we summarize and classify security models into the following; graph-based, tree-based, and hybrid security models. We discuss the development of a hierarchical attack representation model (HARM) and different variants of the HARM, its applications, and usability in a variety of domains including the Internet of Things (IoT), Cloud, Software-Defined Networking, and Moving Target Defenses. We provide the classification of the security metrics, including their discussions. Finally, we highlight existing problems and suggest future research directions in the area of graphical security models and applications. As a result of this work, a decision-maker can understand which type of HARM will suit their network or security analysis requirements., 10 pages

Published
2021

43. FUMVar

Author

Beomjin Jin, Jin B. Hong, Hyoungshick Kim, and Jusop Choi

Subjects
Software_OPERATINGSYSTEMS, Computer science, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, Malware, 020207 software engineering, 02 engineering and technology, computer.file_format, Data mining, computer.software_genre, computer, Portable Executable
Abstract

It is crucial to understand how malware variants are generated to bypass malware detection systems and understand their characteristics to improve the detectors' performances. To achieve this goal, we propose an evolutionary-based framework named FUMVar to generate Fully-working and Unseen Malware Variants. In particular, we applied FUMVar on portable executable (PE) files that have been used extensively to infect Windows operating systems. Compared to the state-of-the-art approach named AIMED, our experimental results show that FUMVar generated 25% more evasive malware variants while reducing the time taken to generate them by 23%. Furthermore, FUMVar generated malware variants that bypassed commercial anti-malware engines, such as TrendMicro, with an alarming rate of up to 73% false-negative rate. To improve the detection techniques, we evaluate how different perturbations enhance the evasiveness and how different malware categories are affected by those perturbations. The results show that perturbations' effectiveness varies significantly by up to 6 times (e.g., section add v.s. unpack), and more suitable perturbations can be selected for different malware categories due to their varying applications. This information can then be used to develop more robust malware detection systems to detect unseen malware variants more effectively.

Published
2021

46. Composite Metrics for Network Security Analysis

Author

Dong Seong Kim, Jin B. Hong, Simon Enoch Yusuf, and Mengmeng Ge

Subjects
FOS: Computer and information sciences, Security analysis, Computer Science - Cryptography and Security, Computer science, Network security, business.industry, 020206 networking & telecommunications, 02 engineering and technology, Security assessment, Computer security, computer.software_genre, Harm, Reachability, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Representation (mathematics), Security level, business, computer, Host (network), Cryptography and Security (cs.CR), Computer Science::Cryptography and Security
Abstract

Security metrics present the security level of a system or a network in both qualitative and quantitative ways. In general, security metrics are used to assess the security level of a system and to achieve security goals. There are a lot of security metrics for security analysis, but there is no systematic classification of security metrics that are based on network reachability information. To address this, we propose a systematic classification of existing security metrics based on network reachability information. Mainly, we classify the security metrics into host-based and network-based metrics. The host-based metrics are classified into metrics ``without probability" and "with probability", while the network-based metrics are classified into "path-based" and "non-path based". Finally, we present and describe an approach to develop composite security metrics and it's calculations using a Hierarchical Attack Representation Model (HARM) via an example network. Our novel classification of security metrics provides a new methodology to assess the security of a system., Comment: 21 pages journal

Published
2020
Full Text
View/download PDF

47. A Framework for Real-Time Intrusion Response in Software Defined Networking Using Precomputed Graphical Security Models

Author

Dong Seong Kim, Jong Sou Park, Jin B. Hong, Taehoon Eom, and Seongmo An

Subjects
021110 strategic, defence & security studies, Science (General), Computational complexity theory, Article Subject, Computer Networks and Communications, Computer science, Distributed computing, Control (management), 0211 other engineering and technologies, 020206 networking & telecommunications, 02 engineering and technology, Computer security model, Flow network, Q1-390, Precomputation, Component (UML), 0202 electrical engineering, electronic engineering, information engineering, T1-995, Table (database), Software-defined networking, Technology (General), Information Systems
Abstract

Software defined networking (SDN) has been adopted in many application domains as it provides functionalities to dynamically control the network flow more robust and more economical compared to the traditional networks. In order to strengthen the security of the SDN against cyber attacks, many security solutions have been proposed. However, those solutions need to be compared in order to optimize the security of the SDN. To assess and evaluate the security of the SDN systematically, one can use graphical security models (e.g., attack graphs and attack trees). However, it is difficult to provide defense against an attack in real time due to their high computational complexity. In this paper, we propose a real-time intrusion response in SDN using precomputation to estimate the likelihood of future attack paths from an ongoing attack. We also take into account various SDN components to conduct a security assessment, which were not available when addressing only the components of an existing network. Our experimental analysis shows that we are able to estimate possible attack paths of an ongoing attack to mitigate it in real time, as well as showing the security metrics that depend on the flow table, including the SDN component. Hence, the proposed approach can be used to provide effective real-time mitigation solutions for securing SDN.

Published
2020
Full Text
View/download PDF

48. Dynamic security metrics for measuring the effectiveness of moving target defense techniques

Author

Simon Yusuf Enoch, Dong Seong Kim, Jin B. Hong, Noora Fetais, Armstrong Nhlabatsi, and Khaled M. Khan

Subjects
Flexibility (engineering), Security model, 021110 strategic, defence & security studies, Security analysis, Security metric, General Computer Science, Computer science, 0211 other engineering and technologies, 020206 networking & telecommunications, 02 engineering and technology, Attack surface, Computer security model, computer.software_genre, Network topology, Emerging networking technology, Set (abstract data type), Moving target defense, Elasticity (cloud computing), 0202 electrical engineering, electronic engineering, information engineering, Graph (abstract data type), Data mining, Law, computer
Abstract

Moving Target Defense (MTD) utilizes granularity, flexibility and elasticity properties of emerging networking technologies in order to continuously change the attack surface. There are many different MTD techniques proposed in the past decade to thwart cyberattacks. Due to the diverse range of different MTD techniques, it is of paramount importance to assess and compare their effectiveness. However, each technique causes distinct (dynamic) changes in the network, making an objective comparison difficult. In this paper, we incorporate MTD techniques into a temporal graph-based graphical security model, and develop a new set of dynamic security metrics to assess and compare their effectiveness. To this end, we first categorize and compare different attack and defense efforts. Second, we describe the temporal graph-based graphical security model to capture dynamic changes made by various MTD techniques in the network. We then develop a new set of security metrics for attack and defense efforts to evaluate the effectiveness of the MTD techniques. We implement two different MTD techniques, namely network topology shuffle and software diversity, and show their effectiveness against a targeted attack scenario in our experimental analysis. The results demonstrate that the proposed dynamic security metrics can capture different properties of MTD techniques, permitting a more fine-grained comparison and offering guidance for selecting the most effective MTD technique. This work was made possible by the support of a grant ( NPRP 8-531-1-111 ) from the Qatar National Research Fund (QNRF). The statements made herein are solely the responsibility of the authors. Scopus

Published
2018

49. A systematic evaluation of cybersecurity metrics for dynamic networks

Author

Mengmeng Ge, Hani Alzaid, Jin B. Hong, Dong Seong Kim, and Simon Yusuf Enoch

Subjects
021110 strategic, defence & security studies, Computer Networks and Communications, Computer science, 0211 other engineering and technologies, 020206 networking & telecommunications, Topology (electrical circuits), 02 engineering and technology, Computer security model, computer.software_genre, Firewall (construction), Path (graph theory), 0202 electrical engineering, electronic engineering, information engineering, Data mining, Representation (mathematics), computer
Abstract

It is difficult to assess the security of modern networks because they are usually dynamic with configuration changes (such as changes in topology, firewall rules, etc). Graphical security models (e.g., Attack Graphs and Attack Trees) are widely used to systematically analyse the security posture of network systems using security metrics. However, there are problems using them to assess the security of dynamic networks. First, most models are unable to capture dynamic changes occurring in the networks over time. Second, the existing security metrics are not designed for the analysis of dynamic networks and hence their effectiveness to the dynamic changes in the network still remains unclear. In this paper, we systematically categorise network changes into two categories (i.e., changes in hosts and changes in edges). We conduct a comprehensive analysis to evaluate the effectiveness of security metrics using a Temporal Hierarchical Attack Representation Model, which can capture and analyse the changes in the security of network systems. Further, we investigate the varying effects of security metrics when changes are observed in the dynamic networks. Our simulation results show that different security metrics (except the shortest attack path) have varying security posture changes with respect to changes in the network (when we introduce time to them). However, none of the security metrics consistently changes for all the network changes that we observe in our scenarios. Hence, the results provide some insights into what security metrics can change (accordingly) when a particular network change is observed. It also provides a foundation for further research in this area.

Published
2018

50. AMVG: Adaptive Malware Variant Generation Framework Using Machine Learning

Author

Jin B. Hong, Dongsoon Shin, Hyoungshick Kim, Jason Seotis, and Jusop Choi

Subjects
Software_OPERATINGSYSTEMS, business.industry, Computer science, Specific detection, 02 engineering and technology, Machine learning, computer.software_genre, Task (computing), 020204 information systems, Genetic algorithm, 0202 electrical engineering, electronic engineering, information engineering, Malware, 020201 artificial intelligence & image processing, Artificial intelligence, business, computer
Abstract

There are advances in detecting malware using machine learning (ML), but it is still a challenging task to detect advanced malware variants (e.g., polymorphic and metamorphic variations). To detect such variants, we first need to understand the methods used to generate them to bypass the detection methods. In this paper, we introduce an adaptive malware variant generation (AMVG) framework to study bypassing malware detection methods efficiently. The AMVG framework uses ML (e.g., genetic algorithm (GA)) to generate malware variants that satisfy specific detection criteria. The use of GA automates the malware variant generations with appropriate modules to handle various input formats. For the experiment, we use malware samples retrieved from theZoo, a collection of malware samples. The results show that we can automatically generate malware variants that satisfy varying detection criteria in a practical amount of time, as well as showing the capabilities to handle different input formats.

Published
2019

Catalog

Books, media, physical & digital resources
See catalog results