7,706 research outputs found
User-profile-based analytics for detecting cloud security breaches
While the growth of cloud-based technologies has benefited the society tremendously, it has also increased the surface area for cyber attacks. Given that cloud services are prevalent today, it is critical to devise systems that detect intrusions. One form of security breach in the cloud is when cyber-criminals compromise Virtual Machines (VMs) of unwitting users and, then, utilize user resources to run time-consuming, malicious, or illegal applications for their own benefit. This work proposes a method to detect unusual resource usage trends and alert the user and the administrator in real time. We experiment with three categories of methods: simple statistical techniques, unsupervised classification, and regression. So far, our approach successfully detects anomalous resource usage when experimenting with typical trends synthesized from published real-world web server logs and cluster traces. We observe the best results with unsupervised classification, which gives an average F1-score of 0.83 for web server logs and 0.95 for the cluster traces
Autonomic computing meets SCADA security
© 2017 IEEE. National assets such as transportation networks, large manufacturing, business and health facilities, power generation, and distribution networks are critical infrastructures. The cyber threats to these infrastructures have increasingly become more sophisticated, extensive and numerous. Cyber security conventional measures have proved useful in the past but increasing sophistication of attacks dictates the need for newer measures. The autonomic computing paradigm mimics the autonomic nervous system and is promising to meet the latest challenges in the cyber threat landscape. This paper provides a brief review of autonomic computing applications for SCADA systems and proposes architecture for cyber security
Increasing resilience of ATM networks using traffic monitoring and automated anomaly analysis
Systematic network monitoring can be the cornerstone for
the dependable operation of safety-critical distributed
systems. In this paper, we present our vision for informed
anomaly detection through network monitoring and
resilience measurements to increase the operators'
visibility of ATM communication networks. We raise the
question of how to determine the optimal level of
automation in this safety-critical context, and we present a
novel passive network monitoring system that can reveal
network utilisation trends and traffic patterns in diverse
timescales. Using network measurements, we derive
resilience metrics and visualisations to enhance the
operators' knowledge of the network and traffic behaviour,
and allow for network planning and provisioning based on
informed what-if analysis
Outsmarting Network Security with SDN Teleportation
Software-defined networking is considered a promising new paradigm, enabling
more reliable and formally verifiable communication networks. However, this
paper shows that the separation of the control plane from the data plane, which
lies at the heart of Software-Defined Networks (SDNs), introduces a new
vulnerability which we call \emph{teleportation}. An attacker (e.g., a
malicious switch in the data plane or a host connected to the network) can use
teleportation to transmit information via the control plane and bypass critical
network functions in the data plane (e.g., a firewall), and to violate security
policies as well as logical and even physical separations. This paper
characterizes the design space for teleportation attacks theoretically, and
then identifies four different teleportation techniques. We demonstrate and
discuss how these techniques can be exploited for different attacks (e.g.,
exfiltrating confidential data at high rates), and also initiate the discussion
of possible countermeasures. Generally, and given today's trend toward more
intent-based networking, we believe that our findings are relevant beyond the
use cases considered in this paper.Comment: Accepted in EuroSP'1
- âŠ