4,683 research outputs found
TRIDEnT: Building Decentralized Incentives for Collaborative Security
Sophisticated mass attacks, especially when exploiting zero-day
vulnerabilities, have the potential to cause destructive damage to
organizations and critical infrastructure. To timely detect and contain such
attacks, collaboration among the defenders is critical. By correlating
real-time detection information (alerts) from multiple sources (collaborative
intrusion detection), defenders can detect attacks and take the appropriate
defensive measures in time. However, although the technical tools to facilitate
collaboration exist, real-world adoption of such collaborative security
mechanisms is still underwhelming. This is largely due to a lack of trust and
participation incentives for companies and organizations. This paper proposes
TRIDEnT, a novel collaborative platform that aims to enable and incentivize
parties to exchange network alert data, thus increasing their overall detection
capabilities. TRIDEnT allows parties that may be in a competitive relationship,
to selectively advertise, sell and acquire security alerts in the form of
(near) real-time peer-to-peer streams. To validate the basic principles behind
TRIDEnT, we present an intuitive game-theoretic model of alert sharing, that is
of independent interest, and show that collaboration is bound to take place
infinitely often. Furthermore, to demonstrate the feasibility of our approach,
we instantiate our design in a decentralized manner using Ethereum smart
contracts and provide a fully functional prototype.Comment: 28 page
Byzantine Attack and Defense in Cognitive Radio Networks: A Survey
The Byzantine attack in cooperative spectrum sensing (CSS), also known as the
spectrum sensing data falsification (SSDF) attack in the literature, is one of
the key adversaries to the success of cognitive radio networks (CRNs). In the
past couple of years, the research on the Byzantine attack and defense
strategies has gained worldwide increasing attention. In this paper, we provide
a comprehensive survey and tutorial on the recent advances in the Byzantine
attack and defense for CSS in CRNs. Specifically, we first briefly present the
preliminaries of CSS for general readers, including signal detection
techniques, hypothesis testing, and data fusion. Second, we analyze the spear
and shield relation between Byzantine attack and defense from three aspects:
the vulnerability of CSS to attack, the obstacles in CSS to defense, and the
games between attack and defense. Then, we propose a taxonomy of the existing
Byzantine attack behaviors and elaborate on the corresponding attack
parameters, which determine where, who, how, and when to launch attacks. Next,
from the perspectives of homogeneous or heterogeneous scenarios, we classify
the existing defense algorithms, and provide an in-depth tutorial on the
state-of-the-art Byzantine defense schemes, commonly known as robust or secure
CSS in the literature. Furthermore, we highlight the unsolved research
challenges and depict the future research directions.Comment: Accepted by IEEE Communications Surveys and Tutoiral
ATTACK2VEC: Leveraging Temporal Word Embeddings to Understand the Evolution of Cyberattacks
Despite the fact that cyberattacks are constantly growing in complexity, the
research community still lacks effective tools to easily monitor and understand
them. In particular, there is a need for techniques that are able to not only
track how prominently certain malicious actions, such as the exploitation of
specific vulnerabilities, are exploited in the wild, but also (and more
importantly) how these malicious actions factor in as attack steps in more
complex cyberattacks. In this paper we present ATTACK2VEC, a system that uses
temporal word embeddings to model how attack steps are exploited in the wild,
and track how they evolve. We test ATTACK2VEC on a dataset of billions of
security events collected from the customers of a commercial Intrusion
Prevention System over a period of two years, and show that our approach is
effective in monitoring the emergence of new attack strategies in the wild and
in flagging which attack steps are often used together by attackers (e.g.,
vulnerabilities that are frequently exploited together). ATTACK2VEC provides a
useful tool for researchers and practitioners to better understand cyberattacks
and their evolution, and use this knowledge to improve situational awareness
and develop proactive defenses
CK-RAID: Collaborative Knowledge Repository for Intrusion Detection System
Intrusion Detection Systems (IDSs) are an integral part of an organization\u27s infrastructure. Without an IDS facility in place to monitor network and host activities, attempted and successful intrusion attempts may go unnoticed. This study proposed a Collaborative Knowledge Repository Architecture for Intrusion Detection (CK-RAID). It is based on a distributed network of computer nodes, each with their individual IDS with a centralized knowledge repository system, and firewall acting as a defence. When an unfamiliar attack hits any node, the first step the intrusion monitor takes is to request from Knowledge Repository Server the most effective intrusion response. To improve performance, Intrusion Update module collaborates with IDSs sensor and log by updating their expert rule and intrusion information respectively and removing the old intrusion signature from the knowledge base with the aid of Intrusion Detector Pruning. To ensure security of information exchange, RSA encryption and Digital Signature were used to encode information during transit. The result showed that CK-RAID had a detection rate of 97.2%, compared with Medoid Clustering, Y-means, FCM and K-means that have an accuracy of 96.38%, 87.15%, 82.13% and 77.25% respectively. Therefore, CK-RAID can be deployed for efficient detection of all categories of intrusion detection and response
Large-scale coordinated attacks : Impact on the cloud security
International audienceCloud Computing has emerged as a model to process large volumetric data. Though Cloud Computing is very popular, cloud security could delay its adoption. Security of the cloud must provide data confidentiality and protection of resources. Such architecture seems to be vulnerable when confronted to distributed attacks also known as large-scale coordinated attacks. In this paper, we study the impact of large-scale coordinated attacks on Cloud Computing and its current security solutions. We experiment the open-source IDS Snort and a commercialized firewall using distributed portscan. Our results show that these security solutions are not designed to detect distributed attacks. Indeed, an attacker who controls about 32 hosts can easily achieve a distributed portscan without being detected
- …