The Challenges in SDN/ML Based Network Security : A Survey

Machine Learning is gaining popularity in the network security domain as many more network-enabled devices get connected, as malicious activities become stealthier, and as new technologies like Software Defined Networking (SDN) emerge. Sitting at the application layer and communicating with the control layer, machine learning based SDN security models exercise a huge influence on the routing/switching of the entire SDN. Compromising the models is consequently a very desirable goal. Previous surveys have been done on either adversarial machine learning or the general vulnerabilities of SDNs but not both. Through examination of the latest ML-based SDN security applications and a good look at ML/SDN specific vulnerabilities accompanied by common attack methods on ML, this paper serves as a unique survey, making a case for more secure development processes of ML-based SDN security applications.Comment: 8 pages. arXiv admin note: substantial text overlap with arXiv:1705.0056

Knowledge-based Decision Making for Simulating Cyber Attack Behaviors

Computer networks are becoming more complex as the reliance on these network increases in this era of exponential technological growth. This makes the potential gains for criminal activity on these networks extremely serious and can not only devastate organizations or enterprises but also the general population. As complexity of the network increases so does the difficulty to protect the networks as more potential vulnerabilities are introduced. Despite best efforts, traditional defenses like Intrusion Detection Systems and penetration tests are rendered ineffective to even amateur cyber adversaries. Networks now need to be analyzed at all times to preemptively detect weaknesses which harbored a new research field called Cyber Threat Analytics. However, current techniques for cyber threat analytics typically perform static analysis on the network and system vulnerabilities but few address the most variable and most critical piece of the puzzle -- the attacker themselves. This work focuses on defining a baseline framework for modeling a wide variety of cyber attack behaviors which can be used in conjunction with a cyber attack simulator to analyze the effects of individual or multiple attackers on a network. To model a cyber attacker\u27s behaviors with reasonable accuracy and flexibility, the model must be based on aspects of an attacker that are used in real scenarios. Real cyber attackers base their decisions on what they know and learn about the network, vulnerabilities, and targets. This attacker behavior model introduces the aspect of knowledge-based decision making to cyber attack behavior modeling with the goal of providing user configurable options. This behavior model employs Cyber Attack Kill Chain along with an ensemble of the attacker capabilities, opportunities, intent, and preferences. The proposed knowledge-based decision making model is implemented to enable the simulation of a variety of network attack behaviors and their effects. This thesis will show a number of simulated attack scenarios to demonstrate the capabilities and limitations of the proposed model

The Emerging Threat of Ai-driven Cyber Attacks: A Review

Cyberattacks are becoming more sophisticated and ubiquitous. Cybercriminals are inevitably adopting Artificial Intelligence (AI) techniques to evade the cyberspace and cause greater damages without being noticed. Researchers in cybersecurity domain have not researched the concept behind AI-powered cyberattacks enough to understand the level of sophistication this type of attack possesses. This paper aims to investigate the emerging threat of AI-powered cyberattacks and provide insights into malicious used of AI in cyberattacks. The study was performed through a three-step process by selecting only articles based on quality, exclusion, and inclusion criteria that focus on AI-driven cyberattacks. Searches in ACM, arXiv Blackhat, Scopus, Springer, MDPI, IEEE Xplore and other sources were executed to retrieve relevant articles. Out of the 936 papers that met our search criteria, a total of 46 articles were finally selected for this study. The result shows that 56% of the AI-Driven cyberattack technique identified was demonstrated in the access and penetration phase, 12% was demonstrated in exploitation, and command and control phase, respectively; 11% was demonstrated in the reconnaissance phase; 9% was demonstrated in the delivery phase of the cybersecurity kill chain. The findings in this study shows that existing cyber defence infrastructures will become inadequate to address the increasing speed, and complex decision logic of AI-driven attacks. Hence, organizations need to invest in AI cybersecurity infrastructures to combat these emerging threats.publishedVersio

Securing Machine Learning in the Cloud: A Systematic Review of Cloud Machine Learning Security.

With the advances in machine learning (ML) and deep learning (DL) techniques, and the potency of cloud computing in offering services efficiently and cost-effectively, Machine Learning as a Service (MLaaS) cloud platforms have become popular. In addition, there is increasing adoption of third-party cloud services for outsourcing training of DL models, which requires substantial costly computational resources (e.g., high-performance graphics processing units (GPUs)). Such widespread usage of cloud-hosted ML/DL services opens a wide range of attack surfaces for adversaries to exploit the ML/DL system to achieve malicious goals. In this article, we conduct a systematic evaluation of literature of cloud-hosted ML/DL models along both the important dimensions-attacks and defenses-related to their security. Our systematic review identified a total of 31 related articles out of which 19 focused on attack, six focused on defense, and six focused on both attack and defense. Our evaluation reveals that there is an increasing interest from the research community on the perspective of attacking and defending different attacks on Machine Learning as a Service platforms. In addition, we identify the limitations and pitfalls of the analyzed articles and highlight open research issues that require further investigation

A cyber-kill-chain based taxonomy of crypto-ransomware features

In spite of being just a few years old, ransomware is quickly becoming a serious threat to our digital infrastructures, data and services. Majority of ransomware families are requesting for a ransom payment to restore a custodian access or decrypt data which were encrypted by the ransomware earlier. Although the ransomware attack strategy seems to be simple, security specialists ranked ransomware as a sophisticated attack vector with many variations and families. Wide range of features which are available in different families and versions of ransomware further complicates their detection and analysis. Though the existing body of research provides significant discussions about ransomware details and capabilities, the all research body is fragmented. Therefore, a ransomware feature taxonomy would advance cyber defenders’ understanding of associated risks of ransomware. In this paper we provide, to the best of our knowledge, the first scientific taxonomy of ransomware features, aligned with Lockheed Martin Cyber Kill Chain (CKC) model. CKC is a well-established model in industry that describes stages of cyber intrusion attempts. To ease the challenge of applying our taxonomy in real world, we also provide the corresponding ransomware defence taxonomy aligned with Courses of Action matrix (an intelligence-driven defence model). We believe that this research study is of high value for the cyber security research community, as it provides the researchers with a means of assessing the vulnerabilities and attack vectors towards the intended victims