5 research outputs found
A Characterization of Cybersecurity Posture from Network Telescope Data
Data-driven understanding of cybersecurity posture is an important problem
that has not been adequately explored. In this paper, we analyze some real data
collected by CAIDA's network telescope during the month of March 2013. We
propose to formalize the concept of cybersecurity posture from the perspectives
of three kinds of time series: the number of victims (i.e., telescope IP
addresses that are attacked), the number of attackers that are observed by the
telescope, and the number of attacks that are observed by the telescope.
Characterizing cybersecurity posture therefore becomes investigating the
phenomena and statistical properties exhibited by these time series, and
explaining their cybersecurity meanings. For example, we propose the concept of
{\em sweep-time}, and show that sweep-time should be modeled by stochastic
process, rather than random variable. We report that the number of attackers
(and attacks) from a certain country dominates the total number of attackers
(and attacks) that are observed by the telescope. We also show that
substantially smaller network telescopes might not be as useful as a large
telescope
Network intrusion detection with semantics-aware capability
© 2006 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works. Pre-print of article that appeared at the 2 nd International Workshop on Security i
Analysis of Automated Generation of Signatures Using Honeypots
V této práci je diskutován systém automatického zpracování útoků za pomoci honeypotů. Prvním cílem diplomové práce je seznámení se s problematikou tvorby signatur pro detekci škodlivého kódu na síti, především pak analýza a popis existujících metod automatického generování signatur za pomoci honeypotu. Hlavním cílem práce je využít získaných znalostí k navržení a implementaci nástroje, který bude provádět detekci nově odchyceného škodlivého software na síti či koncové uživatelské stanici.In this paper, system of automatic processing of attacks using honeypots is discussed. The first goal of the thesis is to become familiar with the issue of signatures to detect malware on the network, especially the analysis and description of existing methods for automatic generation of signatures using honeypots. The main goal is to use the acquired knowledge to the design and implementation of tool which will perform the detection of new malicious software on the network or end user's workstation.
Machine Learning and other Computational-Intelligence Techniques for Security Applications
L'abstract è presente nell'allegato / the abstract is in the attachmen