A baseline for unsupervised advanced persistent threat detection in system-level provenance

Advanced persistent threats (APT) are stealthy, sophisticated, and unpredictable cyberattacks that can steal intellectual property, damage critical infrastructure, or cause millions of dollars in damage. Detecting APTs by monitoring system-level activity is difficult because manually inspecting the high volume of normal system activity is overwhelming for security analysts. We evaluate the effectiveness of unsupervised batch and streaming anomaly detection algorithms over multiple gigabytes of provenance traces recorded on four different operating systems to determine whether they can detect realistic APT-like attacks reliably and efficiently. This report is the first detailed study of the effectiveness of generic unsupervised anomaly detection techniques in this setting

WebAppShield: an approach exploiting machine learning to detect SQLi attacks in an application layer in run-time

In recent years, SQL injection attacks have been identified as being prevalent against web applications. They affect network security and user data, which leads to a considerable loss of money and data every year. This paper presents the use of classification algorithms in machine learning using a method to classify the login data filtering inputs into "SQLi" or "Non-SQLi,” thus increasing the reliability and accuracy of results in terms of deciding whether an operation is an attack or a valid operation. A method as a Web-App is developed for auto-generated data replication to provide a twin of the targeted data structure. Shielding against SQLi attacks (WebAppShield) that verifies all users and prevents attackers (SQLi attacks) from entering and or accessing the database, which the machine learning module predicts as "Non-SQLi", has been developed. A special login form has been developed with a special instance of the data validation; this verification process secures the web application from its early stages. The system has been tested and validated, and up to 99% of SQLi attacks have been prevented

Amenazas avanzadas persistentes: impacto en las PYMES colombianas y buenas prácticas para su prevención y manejo

En este trabajo se presenta una solución para las pequeñas y medianas empresas colombianas (PYMES), para informar sobre el impacto actual en las organizaciones de los ataques e incidentes por Amenazas Persistentes Avanzadas (Roldán, Verdugo, & Romero, 2016) y propone una metodología de prevención y contención de este tipo de amenazas.This paper presents a solution for small and medium-sized Colombian companies (SMES), to report on the current impact on organizations of attacks and incidents by Advanced Persistent Threats (Roldán, Verdugo, & Romero, 2016) and proposes a methodology for preventing and containing such threats