3 research outputs found
A baseline for unsupervised advanced persistent threat detection in system-level provenance
Advanced persistent threats (APT) are stealthy, sophisticated, and
unpredictable cyberattacks that can steal intellectual property, damage
critical infrastructure, or cause millions of dollars in damage. Detecting APTs
by monitoring system-level activity is difficult because manually inspecting
the high volume of normal system activity is overwhelming for security
analysts. We evaluate the effectiveness of unsupervised batch and streaming
anomaly detection algorithms over multiple gigabytes of provenance traces
recorded on four different operating systems to determine whether they can
detect realistic APT-like attacks reliably and efficiently. This report is the
first detailed study of the effectiveness of generic unsupervised anomaly
detection techniques in this setting
Recommended from our members
WebAppShield: an approach exploiting machine learning to detect SQLi attacks in an application layer in run-time
In recent years, SQL injection attacks have been identified as being prevalent against web applications. They affect network security and user data, which leads to a considerable loss of money and data every year. This paper presents the use of classification algorithms in machine learning using a method to classify the login data filtering inputs into "SQLi" or "Non-SQLi,” thus increasing the reliability and accuracy of results in terms of deciding whether an operation is an attack or a valid operation. A method as a Web-App is developed for auto-generated data replication to provide a twin of the targeted data structure. Shielding against SQLi attacks (WebAppShield) that verifies all users and prevents attackers (SQLi attacks) from entering and or accessing the database, which the machine learning module predicts as "Non-SQLi", has been developed. A special login form has been developed with a special instance of the data validation; this verification process secures the web application from its early stages. The system has been tested and validated, and up to 99% of SQLi attacks have been prevented
Amenazas avanzadas persistentes: impacto en las PYMES colombianas y buenas prácticas para su prevención y manejo
En este trabajo se presenta una solución para las pequeñas y medianas empresas colombianas (PYMES), para informar sobre el impacto actual en las organizaciones de los ataques e incidentes por Amenazas Persistentes Avanzadas (Roldán, Verdugo, & Romero, 2016) y propone una metodología de prevención y contención de este tipo de amenazas.This paper presents a solution for small and medium-sized Colombian companies (SMES), to report on the current impact on organizations of attacks and incidents by Advanced Persistent Threats (Roldán, Verdugo, & Romero, 2016) and proposes a methodology for preventing and containing such threats