5,626 research outputs found
OwlSight: Platform for Real-time Detection and Visualization of Cyber Threats
ecurity reports published by leading companies
reveal the growing number of cyber attacks. Thefts of money or
sensitive data, harm the reputation of organizations and sabotage
of national critical infrastructures are some of the motivations
behind these attacks. The sophistication of these attacks is very
high, creating major challenges to the detection and mitigation
in useful time. In this context the development of systems to
provide situational awareness, to detect cyber threats and alert
them in real-time are very important to mitigate the impact of
the attacks.
In this paper we present a cyber threat platform targeted
for real-time detection and visualization of cyber threats. The
platform is composed by several building blocks and it is able
to collect huge amounts of data from multiple sources, prepare
and analyze the data and present the findings through a set
of insightful dashboards. A version of the platform is already
available and used in a real-context. It collects more than 107
million of malware events daily from different data sources and
provides visualization and alerts in real-time for more than 2.7
million of infected unique IPs spread around the world.info:eu-repo/semantics/publishedVersio
Sound and Complete Runtime Security Monitor for Application Software
Conventional approaches for ensuring the security of application software at
run-time, through monitoring, either produce (high rates of) false alarms (e.g.
intrusion detection systems) or limit application performance (e.g. run-time
verification). We present a runtime security monitor that detects both known
and unknown cyber attacks by checking that the run-time behavior of the
application is consistent with the expected behavior modeled in application
specification. This is crucial because, even if the implementation is
consistent with its specification, the application may still be vulnerable due
to flaws in the supporting infrastructure (e.g. the language runtime system,
libraries and operating system). This runtime security monitor is sound and
complete, eliminating false alarms, as well as efficient, so that it does not
limit runtime application performance and so that it supports real-time
systems. The security monitor takes as input the application specification and
the application implementation, which may be expressed in different languages.
The specification language of the application software is formalized based on
monadic second order logic and event calculus interpreted over algebraic data
structures. This language allows us to express behavior of an application at
any desired (and practical) level of abstraction as well as with high degree of
modularity. The security monitor detects every attack by systematically
comparing the application execution and specification behaviors at runtime,
even though they operate at two different levels of abstraction. We define the
denotational semantics of the specification language and prove that the monitor
is sound and complete. Furthermore, the monitor is efficient because of the
modular application specification at appropriate level(s) of abstraction
A spatio-temporal entropy-based approach for the analysis of cyber attacks (demo paper)
Computer networks are ubiquitous systems growing exponentially with a predicted 50 billion devices connected by 2050. This dramatically increases the potential attack surface of Internet networks. A key issue in cyber defense is to detect, categorize and identify these attacks, the way they are propagated and their potential impacts on the systems affected. The research presented in this paper models cyber attacks at large by considering the Internet as a complex system in which attacks are propagated over a network. We model an attack as a path from a source to a target, and where each attack is categorized according to its intention. We setup an experimental testbed with the concept of honeypot that evaluates the spatiotemporal distribution of these Internet attacks. The preliminary results show a series of patterns in space and time that illustrate the potential of the approach, and how cyber attacks can be categorized according to the concept and measure of entropy
- …