1,688 research outputs found
Recommended from our members
The online stolen data market: disruption and intervention approaches
This article brings a new taxonomy and collation of intervention and disruption methods that can be applied to the online stolen data market. These online market-places are used to buy and sell identity and financial information, as well as the products and services that enable this economy. This article combines research findings from computer science with criminology to provide a multidisciplinary approach to crimes committed with the use of technology.This work was supported by the Department of Homeland Security (DHS) Science and Technology Directorate, Cyber Security Division (DHSS&T/CSD) Broad Agency Announcement 11.02, the Government of Australia and SPAWAR Systems Center Pacific under contract number N66001-13-C-0131, to A.H.; and the National Institute of Justice, Office of Justice Programs, U.S. Department of Justice under grant number 2010-IJ-CX-1676, 2010, to T. H.This is the author accepted manuscript. The final version is available from Taylor & Francis via http://dx.doi.org/10.1080/17440572.2016.119712
Harnessing the Speed and Accuracy of Machine Learning to Advance Cybersecurity
As cyber attacks continue to increase in frequency and sophistication,
detecting malware has become a critical task for maintaining the security of
computer systems. Traditional signature-based methods of malware detection have
limitations in detecting complex and evolving threats. In recent years, machine
learning (ML) has emerged as a promising solution to detect malware
effectively. ML algorithms are capable of analyzing large datasets and
identifying patterns that are difficult for humans to identify. This paper
presents a comprehensive review of the state-of-the-art ML techniques used in
malware detection, including supervised and unsupervised learning, deep
learning, and reinforcement learning. We also examine the challenges and
limitations of ML-based malware detection, such as the potential for
adversarial attacks and the need for large amounts of labeled data.
Furthermore, we discuss future directions in ML-based malware detection,
including the integration of multiple ML algorithms and the use of explainable
AI techniques to enhance the interpret ability of ML-based detection systems.
Our research highlights the potential of ML-based techniques to improve the
speed and accuracy of malware detection, and contribute to enhancing
cybersecurit
Man in the Browser Attacks
In the present world, everyone uses the Internet and to access the internet they would need to use a browser. Unfortunately, the benefits of the Web are also available to hackers to exploit its weaknesses. Man-in-the-Browser (MITB) attacks are utilized through Trojan malware that infects an Internet browser. This attack is dangerous because of its ability to hide from anti-virus software and steal information from a user from the browser. MITB is able to see information within the browser since no encryption occurs in a browser. This is a serious threat to financial institutions and many other secret institutions as well. No one is safe from a MITB once it is installed because it easily bypasses the security mechanisms we all rely on. This paper explains what MITB attacks are, and how dangerous are those, and how it can be identified and how can we prevent it by discussing various preventive techniques and its effectiveness. This paper will also help to create awareness to the people about this attac
Malware in the Future? Forecasting of Analyst Detection of Cyber Events
There have been extensive efforts in government, academia, and industry to
anticipate, forecast, and mitigate cyber attacks. A common approach is
time-series forecasting of cyber attacks based on data from network telescopes,
honeypots, and automated intrusion detection/prevention systems. This research
has uncovered key insights such as systematicity in cyber attacks. Here, we
propose an alternate perspective of this problem by performing forecasting of
attacks that are analyst-detected and -verified occurrences of malware. We call
these instances of malware cyber event data. Specifically, our dataset was
analyst-detected incidents from a large operational Computer Security Service
Provider (CSSP) for the U.S. Department of Defense, which rarely relies only on
automated systems. Our data set consists of weekly counts of cyber events over
approximately seven years. Since all cyber events were validated by analysts,
our dataset is unlikely to have false positives which are often endemic in
other sources of data. Further, the higher-quality data could be used for a
number for resource allocation, estimation of security resources, and the
development of effective risk-management strategies. We used a Bayesian State
Space Model for forecasting and found that events one week ahead could be
predicted. To quantify bursts, we used a Markov model. Our findings of
systematicity in analyst-detected cyber attacks are consistent with previous
work using other sources. The advanced information provided by a forecast may
help with threat awareness by providing a probable value and range for future
cyber events one week ahead. Other potential applications for cyber event
forecasting include proactive allocation of resources and capabilities for
cyber defense (e.g., analyst staffing and sensor configuration) in CSSPs.
Enhanced threat awareness may improve cybersecurity.Comment: Revised version resubmitted to journa
JABBERWOCK: A Tool for WebAssembly Dataset Generation and Its Application to Malicious Website Detection
Machine learning is often used for malicious website detection, but an
approach incorporating WebAssembly as a feature has not been explored due to a
limited number of samples, to the best of our knowledge. In this paper, we
propose JABBERWOCK (JAvascript-Based Binary EncodeR by WebAssembly Optimization
paCKer), a tool to generate WebAssembly datasets in a pseudo fashion via
JavaScript. Loosely speaking, JABBERWOCK automatically gathers JavaScript code
in the real world, convert them into WebAssembly, and then outputs vectors of
the WebAssembly as samples for malicious website detection. We also conduct
experimental evaluations of JABBERWOCK in terms of the processing time for
dataset generation, comparison of the generated samples with actual WebAssembly
samples gathered from the Internet, and an application for malicious website
detection. Regarding the processing time, we show that JABBERWOCK can construct
a dataset in 4.5 seconds per sample for any number of samples. Next, comparing
10,000 samples output by JABBERWOCK with 168 gathered WebAssembly samples, we
believe that the generated samples by JABBERWOCK are similar to those in the
real world. We then show that JABBERWOCK can provide malicious website
detection with 99\% F1-score because JABBERWOCK makes a gap between benign and
malicious samples as the reason for the above high score. We also confirm that
JABBERWOCK can be combined with an existing malicious website detection tool to
improve F1-scores. JABBERWOCK is publicly available via GitHub
(https://github.com/c-chocolate/Jabberwock).Comment: Accepted in DCDS 2023 (co-located in DSN 2023
- …