32,268 research outputs found
Addressing Multi-Stage Attacks Using Expert Knowledge and Contextual Information
New challenges in the cyber-threat domain are driven by tactical and meticulously designed Multi-Stage Attacks (MSAs). Current state-of-the-art (SOTA) Intrusion Detection Systems (IDSs) are developed to detect individual attacks through the use of signatures or identifying manifested anomalies in the network environment. However, an MSA differs from traditional one-off network attacks as it requires a set of sequential stages, whereby each stage may not be malicious when manifested individually, therefore, potentially be underestimated by current IDSs. This work proposes a new approach towards addressing this challenging type of cyber-attacks by employing external sources of information, beyond the conventional use of signatures and monitored network data. In particular, both expert knowledge and contextual information in the form of Pattern-of-Life (PoL) of the network are shown to be influential in giving an advantage against SOTA techniques. We compare our proposed anomaly-based IDS, based on decision making powered by the Dempster-Shafer (D-S) Theory and Fuzzy Cognitive Maps (FCMs), against Snort, one of the most widely deployed IDS in the world. Our results verify that the use of contextual information improves the efficiency of our IDS by enhancing the Detection Rate (DR) of MSAs by almost 50%
On Holistic Multi-Step Cyberattack Detection via a Graph-based Correlation Approach
While digitization of distribution grids through information and
communications technology brings numerous benefits, it also increases the
grid's vulnerability to serious cyber attacks. Unlike conventional systems,
attacks on many industrial control systems such as power grids often occur in
multiple stages, with the attacker taking several steps at once to achieve its
goal. Detection mechanisms with situational awareness are needed to detect
orchestrated attack steps as part of a coherent attack campaign. To provide a
foundation for detection and prevention of such attacks, this paper addresses
the detection of multi-stage cyber attacks with the aid of a graph-based cyber
intelligence database and alert correlation approach. Specifically, we propose
an approach to detect multi-stage attacks by leveraging heterogeneous data to
form a knowledge base and employ a model-based correlation approach on the
generated alerts to identify multi-stage cyber attack sequences taking place in
the network. We investigate the detection quality of the proposed approach by
using a case study of a multi-stage cyber attack campaign in a
future-orientated power grid pilot.Comment: IEEE International Conference on Communications, Control, and
Computing Technologies for Smart Grids (SmartGridComm) 202
Multi-Stage Attack Detection Using Contextual Information
The appearance of new forms of cyber-threats, such as Multi-Stage Attacks (MSAs), creates new challenges to which Intrusion Detection Systems (IDSs) need to adapt. An MSA is launched in multiple sequential stages, which may not be malicious when implemented individually, making the detection of MSAs extremely challenging for most current IDSs. In this paper, we present a novel IDS that exploits contextual information in the form of Pattern-of-Life (PoL), and information related to expert judgment on the network behaviour. This IDS focuses on detecting an MSA, in real-time, without previous training process. The main goal of the MSA is to create a Point of Entry (PoE) to a target machine, which could be used as part of an Advanced Persistent Threat (APT) like attack. Our results verify that the use of contextual information improves the efficiency of our IDS by enhancing the detection rate of MSAs in real-time by 58%
Multi-stage attack detection using contextual information
The appearance of new forms of cyber-threats, such as Multi-Stage Attacks (MSAs), creates new challenges to which Intrusion Detection Systems (IDSs) need to adapt. An MSA is launched in multiple sequential stages, which may not be malicious when implemented individually, making the detection of MSAs extremely challenging for most current IDSs. In this paper, we present a novel IDS that exploits
contextual information in the form of Pattern-of-Life (PoL), and information related to expert judgment on the network
behaviour. This IDS focuses on detecting an MSA, in real-time, without previous training process. The main goal of the MSA
is to create a Point of Entry (PoE) to a target machine, which could be used as part of an APT like attack. Our results verify that the use of contextual information improves the efficiency of our IDS by enhancing the detection rate of MSAs
in real-time by 58%
Recent Developments in Recommender Systems: A Survey
In this technical survey, we comprehensively summarize the latest
advancements in the field of recommender systems. The objective of this study
is to provide an overview of the current state-of-the-art in the field and
highlight the latest trends in the development of recommender systems. The
study starts with a comprehensive summary of the main taxonomy of recommender
systems, including personalized and group recommender systems, and then delves
into the category of knowledge-based recommender systems. In addition, the
survey analyzes the robustness, data bias, and fairness issues in recommender
systems, summarizing the evaluation metrics used to assess the performance of
these systems. Finally, the study provides insights into the latest trends in
the development of recommender systems and highlights the new directions for
future research in the field
How Technology Impacts and Compares to Humans in Socially Consequential Arenas
One of the main promises of technology development is for it to be adopted by
people, organizations, societies, and governments -- incorporated into their
life, work stream, or processes. Often, this is socially beneficial as it
automates mundane tasks, frees up more time for other more important things, or
otherwise improves the lives of those who use the technology. However, these
beneficial results do not apply in every scenario and may not impact everyone
in a system the same way. Sometimes a technology is developed which produces
both benefits and inflicts some harm. These harms may come at a higher cost to
some people than others, raising the question: {\it how are benefits and harms
weighed when deciding if and how a socially consequential technology gets
developed?} The most natural way to answer this question, and in fact how
people first approach it, is to compare the new technology to what used to
exist. As such, in this work, I make comparative analyses between humans and
machines in three scenarios and seek to understand how sentiment about a
technology, performance of that technology, and the impacts of that technology
combine to influence how one decides to answer my main research question.Comment: Doctoral thesis proposal. arXiv admin note: substantial text overlap
with arXiv:2110.08396, arXiv:2108.12508, arXiv:2006.1262
- …