59,811 research outputs found
Detection of advanced persistent threat using machine-learning correlation analysis
As one of the most serious types of cyber attack, Advanced Persistent Threats (APT) have caused major concerns on a global scale. APT refers to a persistent, multi-stage attack with the intention to compromise the system and gain information from the targeted system, which has the potential to cause significant damage and substantial financial loss. The accurate detection and prediction of APT is an ongoing challenge. This work proposes a novel machine learning-based system entitled MLAPT, which can accurately and rapidly detect and predict APT attacks in a systematic way. The MLAPT runs through three main phases: (1) Threat detection, in which eight methods have been developed to detect different techniques used during the various APT steps. The implementation and validation of these methods with real traffic is a significant contribution to the current body of research; (2) Alert correlation, in which a correlation framework is designed to link the outputs of the detection methods, aims to identify alerts that could be related and belong to a single APT scenario; and (3) Attack prediction, in which a machine learning-based prediction module is proposed based on the correlation framework output, to be used by the network security team to determine the probability of the early alerts to develop a complete APT attack. MLAPT is experimentally evaluated and the presented sy
Tiresias: Predicting Security Events Through Deep Learning
With the increased complexity of modern computer attacks, there is a need for
defenders not only to detect malicious activity as it happens, but also to
predict the specific steps that will be taken by an adversary when performing
an attack. However this is still an open research problem, and previous
research in predicting malicious events only looked at binary outcomes (e.g.,
whether an attack would happen or not), but not at the specific steps that an
attacker would undertake. To fill this gap we present Tiresias, a system that
leverages Recurrent Neural Networks (RNNs) to predict future events on a
machine, based on previous observations. We test Tiresias on a dataset of 3.4
billion security events collected from a commercial intrusion prevention
system, and show that our approach is effective in predicting the next event
that will occur on a machine with a precision of up to 0.93. We also show that
the models learned by Tiresias are reasonably stable over time, and provide a
mechanism that can identify sudden drops in precision and trigger a retraining
of the system. Finally, we show that the long-term memory typical of RNNs is
key in performing event prediction, rendering simpler methods not up to the
task
IoT Security Vulnerabilities and Predictive Signal Jamming Attack Analysis in LoRaWAN
Internet of Things (IoT) gains popularity in recent times due to its flexibility, usability, diverse applicability and ease of
deployment. However, the issues related to security is less explored. The IoT devices are light weight in nature and have low
computation power, low battery life and low memory. As incorporating security features are resource expensive, IoT devices are
often found to be less protected and in recent times, more IoT devices have been routinely attacked due to high profile security
flaws. This paper aims to explore the security vulnerabilities of IoT devices particularly that use Low Power Wide Area Networks
(LPWANs). In this work, LoRaWAN based IoT security vulnerabilities are scrutinised and loopholes are identified. An attack was
designed and simulated with the use of a predictive model of the device data generation. The paper demonstrated that by predicting
the data generation model, jamming attack can be carried out to block devices from sending data successfully. This research will
aid in the continual development of any necessary countermeasures and mitigations for LoRaWAN and LPWAN functionality of
IoT networks in general
- …