3 research outputs found
Distributed architecture to enhance systems protection against unauthorized activity via USB devices
Cyberattacks exploiting Universal Serial Bus (USB) interfaces may have a high impact on individual and corporate systems. The BadUSB is an attack where a USB device’s firmware is spoofed and, once mounted, allows attackers to execute a set of malicious actions in a target system. The countermeasures against this type of attack can be grouped into two strategies: phyiscal blocking of USB ports and software blocking. This paper proposes a distributed architecture that uses software blocking to enhance system protection against BadUSB attacks. This architecture is composed of multiple agents and external databases, and it is designed for personal or corporate computers using Microsoft Windows Operating System. When a USB device is connected, the agent inspects the device, provides filtered information about its functionality and presents a threat assessment to the user, based on all previous user choices stored in external databases. By providing valuable information to the user, and also threat assessments from multiple users, the proposed distributed architecture improves system protection
Electrical Grid Anomaly Detection via Tensor Decomposition
Supervisory Control and Data Acquisition (SCADA) systems often serve as the
nervous system for substations within power grids. These systems facilitate
real-time monitoring, data acquisition, control of equipment, and ensure smooth
and efficient operation of the substation and its connected devices. Previous
work has shown that dimensionality reduction-based approaches, such as
Principal Component Analysis (PCA), can be used for accurate identification of
anomalies in SCADA systems. While not specifically applied to SCADA,
non-negative matrix factorization (NMF) has shown strong results at detecting
anomalies in wireless sensor networks. These unsupervised approaches model the
normal or expected behavior and detect the unseen types of attacks or anomalies
by identifying the events that deviate from the expected behavior. These
approaches; however, do not model the complex and multi-dimensional
interactions that are naturally present in SCADA systems. Differently,
non-negative tensor decomposition is a powerful unsupervised machine learning
(ML) method that can model the complex and multi-faceted activity details of
SCADA events. In this work, we novelly apply the tensor decomposition method
Canonical Polyadic Alternating Poisson Regression (CP-APR) with a probabilistic
framework, which has previously shown state-of-the-art anomaly detection
results on cyber network data, to identify anomalies in SCADA systems. We
showcase that the use of statistical behavior analysis of SCADA communication
with tensor decomposition improves the specificity and accuracy of identifying
anomalies in electrical grid systems. In our experiments, we model real-world
SCADA system data collected from the electrical grid operated by Los Alamos
National Laboratory (LANL) which provides transmission and distribution service
through a partnership with Los Alamos County, and detect synthetically
generated anomalies.Comment: 8 pages, 2 figures. In IEEE Military Communications Conference,
Artificial Intelligence for Cyber Workshop (MILCOM), 202
Investigating IPTV Malware in the Wild
Technologies providing copyright-infringing IPTV content are commonly used as an illegal alternative to legal IPTV subscriptions and services, as they usually have lower monetary costs and can be more convenient for users who follow content from different sources. These infringing IPTV technologies may include websites, software, software add-ons, and physical set-top boxes. Due to the free or low cost of illegal IPTV technologies, illicit IPTV content providers will often resort to intrusive advertising, scams, and the distribution of malware to increase their revenue. We developed an automated solution for collecting and analysing malware from illegal IPTV technologies and used it to analyse a sample of illicit IPTV websites, application (app) stores, and software. Our results show that our IPTV Technologies Malware Analysis Framework (IITMAF) classified 32 of the 60 sample URLs tested as malicious compared to running the same test using publicly available online antivirus solutions, which only detected 23 of the 60 sample URLs as malicious. Moreover, the IITMAF also detected malicious URLs and files from 31 of the sample’s websites, one of which had reported ransomware behaviour