OnionBots: Subverting Privacy Infrastructure for Cyber Attacks

Over the last decade botnets survived by adopting a sequence of increasingly sophisticated strategies to evade detection and take overs, and to monetize their infrastructure. At the same time, the success of privacy infrastructures such as Tor opened the door to illegal activities, including botnets, ransomware, and a marketplace for drugs and contraband. We contend that the next waves of botnets will extensively subvert privacy infrastructure and cryptographic mechanisms. In this work we propose to preemptively investigate the design and mitigation of such botnets. We first, introduce OnionBots, what we believe will be the next generation of resilient, stealthy botnets. OnionBots use privacy infrastructures for cyber attacks by completely decoupling their operation from the infected host IP address and by carrying traffic that does not leak information about its source, destination, and nature. Such bots live symbiotically within the privacy infrastructures to evade detection, measurement, scale estimation, observation, and in general all IP-based current mitigation techniques. Furthermore, we show that with an adequate self-healing network maintenance scheme, that is simple to implement, OnionBots achieve a low diameter and a low degree and are robust to partitioning under node deletions. We developed a mitigation technique, called SOAP, that neutralizes the nodes of the basic OnionBots. We also outline and discuss a set of techniques that can enable subsequent waves of Super OnionBots. In light of the potential of such botnets, we believe that the research community should proactively develop detection and mitigation methods to thwart OnionBots, potentially making adjustments to privacy infrastructure.Comment: 12 pages, 8 figure

The future of Cybersecurity in Italy: Strategic focus area

This volume has been created as a continuation of the previous one, with the aim of outlining a set of focus areas and actions that the Italian Nation research community considers essential. The book touches many aspects of cyber security, ranging from the definition of the infrastructure and controls needed to organize cyberdefence to the actions and technologies to be developed to be better protected, from the identification of the main technologies to be defended to the proposal of a set of horizontal actions for training, awareness raising, and risk management

Insertion Detection System Employing Neural Network MLP and Detection Trees Using Different Techniques

by addressing intruder attacks, network security experts work to maintain services available at all times. The Intrusion Detection System (IDS) is one of the available mechanisms for detecting and classifying any abnormal behavior. As a result, the IDS must always be up to date with the most recent intruder attack signatures to maintain the confidentiality, integrity, and availability of the services. This paper shows how the NSL-KDD dataset may be used to test and evaluate various Machine Learning techniques. It focuses mostly on the NLS-KDD pre-processing step to create an acceptable and balanced experimental data set to improve accuracy and minimize false positives. For this study, the approaches J48 and MLP were employed. The Decision Trees classifier has been demonstrated to have the highest accuracy rate for detecting and categorizing all NSL-KDD dataset attacks

Applying Artificial Intelligence Techniques on Cyber Security Datasets: Detecting Cyber Attacks.

The rapid expansion of government and corporate services to the online sphere has spurred a notable surge in internet usage among individuals. However, this increased connectivity also amplifies the risks posed by cyber threats, as hackers exploit external networking avenues and corporate networks for personal activities. Consequently, proactive measures must be taken to mitigate potential financial losses and resource drain from cyber attacks. To this end, numerous machine-learning techniques have been developed for cybercrime detection and threat mitigation. This study evaluates several prominent machine learning methods to identify and address significant cyber threats. The research scrutinizes the effectiveness of five techniques: Random Forest, Decision Tree, Convolutional Neural Network (CNN), K-Nearest Neighbors (KNN), and Naive Bayes. Among these, Random Forest demonstrates superior performance with an accuracy rate of 99.69%, outperforming ensemble models such as Decision Tree, CNN, KNN, and Naive Bayes

Real-time Adaptive Sensor Attack Detection and Recovery in Autonomous Cyber-physical Systems

Cyber-Physical Systems (CPS) tightly couple information technology with physical processes, which rises new vulnerabilities such as physical attacks that are beyond conventional cyber attacks.Attackers may non-invasively compromise sensors and spoof the controller to perform unsafe actions. This issue is even emphasized with the increasing autonomy in CPS. While this fact has motivated many defense mechanisms against sensor attacks, a clear vision of the timing and usability (or the false alarm rate) of attack detection still remains elusive. Existing works tend to pursue an unachievable goal of minimizing the detection delay and false alarm rate at the same time, while there is a clear trade-off between the two metrics. Instead, this dissertation argues that attack detection should bias different metrics (detection delay and false alarm) when a system sits in different states. For example, if the system is close to unsafe states, reducing the detection delay is preferable to lowering the false alarm rate, and vice versa. This dissertation proposes two real-time adaptive sensor attack detection frameworks. The frameworks can dynamically adapt the detection delay and false alarm rate so as to meet a detection deadline and improve usability according to different system statuses. We design and implement the proposed frameworks and validate them using realistic sensor data of automotive CPS to demonstrate its efficiency and efficacy. Further, this dissertation proposes \textit{Recovery-by-Learning}, a data-driven attack recovery framework that restores CPS from sensor attacks. The importance of attack recovery is emphasized by the need to mitigate the attack\u27s impact on a system and restore it to continue functioning. We propose a double sliding window-based checkpointing protocol to remove compromised data and keep trustful data for state estimation. Together, the proposed solutions enable a holistic attack resilient solution for automotive cyber-physical systems