4,076 research outputs found
Command & Control: Understanding, Denying and Detecting - A review of malware C2 techniques, detection and defences
In this survey, we first briefly review the current state of cyber attacks,
highlighting significant recent changes in how and why such attacks are
performed. We then investigate the mechanics of malware command and control
(C2) establishment: we provide a comprehensive review of the techniques used by
attackers to set up such a channel and to hide its presence from the attacked
parties and the security tools they use. We then switch to the defensive side
of the problem, and review approaches that have been proposed for the detection
and disruption of C2 channels. We also map such techniques to widely-adopted
security controls, emphasizing gaps or limitations (and success stories) in
current best practices.Comment: Work commissioned by CPNI, available at c2report.org. 38 pages.
Listing abstract compressed from version appearing in repor
Applications of Machine Learning to Threat Intelligence, Intrusion Detection and Malware
Artificial Intelligence (AI) and Machine Learning (ML) are emerging technologies with applications to many fields. This paper is a survey of use cases of ML for threat intelligence, intrusion detection, and malware analysis and detection. Threat intelligence, especially attack attribution, can benefit from the use of ML classification. False positives from rule-based intrusion detection systems can be reduced with the use of ML models. Malware analysis and classification can be made easier by developing ML frameworks to distill similarities between the malicious programs. Adversarial machine learning will also be discussed, because while ML can be used to solve problems or reduce analyst workload, it also introduces new attack surfaces
A Machine-Synesthetic Approach To DDoS Network Attack Detection
In the authors' opinion, anomaly detection systems, or ADS, seem to be the
most perspective direction in the subject of attack detection, because these
systems can detect, among others, the unknown (zero-day) attacks. To detect
anomalies, the authors propose to use machine synesthesia. In this case,
machine synesthesia is understood as an interface that allows using image
classification algorithms in the problem of detecting network anomalies, making
it possible to use non-specialized image detection methods that have recently
been widely and actively developed. The proposed approach is that the network
traffic data is "projected" into the image. It can be seen from the
experimental results that the proposed method for detecting anomalies shows
high results in the detection of attacks. On a large sample, the value of the
complex efficiency indicator reaches 97%.Comment: 12 pages, 2 figures, 5 tables. Accepted to the Intelligent Systems
Conference (IntelliSys) 201
- …