Detection of advanced persistent threat using machine-learning correlation analysis

As one of the most serious types of cyber attack, Advanced Persistent Threats (APT) have caused major concerns on a global scale. APT refers to a persistent, multi-stage attack with the intention to compromise the system and gain information from the targeted system, which has the potential to cause significant damage and substantial financial loss. The accurate detection and prediction of APT is an ongoing challenge. This work proposes a novel machine learning-based system entitled MLAPT, which can accurately and rapidly detect and predict APT attacks in a systematic way. The MLAPT runs through three main phases: (1) Threat detection, in which eight methods have been developed to detect different techniques used during the various APT steps. The implementation and validation of these methods with real traffic is a significant contribution to the current body of research; (2) Alert correlation, in which a correlation framework is designed to link the outputs of the detection methods, aims to identify alerts that could be related and belong to a single APT scenario; and (3) Attack prediction, in which a machine learning-based prediction module is proposed based on the correlation framework output, to be used by the network security team to determine the probability of the early alerts to develop a complete APT attack. MLAPT is experimentally evaluated and the presented sy

Preventing Advanced Persistent Threats in Complex Control Networks

An Advanced Persistent Threat (APT) is an emerging attack against Industrial Control and Automation Systems, that is executed over a long period of time and is difficult to detect. In this context, graph theory can be applied to model the interaction among nodes and the complex attacks affecting them, as well as to design recovery techniques that ensure the survivability of the network. Accordingly, we leverage a decision model to study how a set of hierarchically selected nodes can collaborate to detect an APT within the network, concerning the presence of changes in its topology. Moreover, we implement a response service based on redundant links that dynamically uses a secret sharing scheme and applies a flexible routing protocol depending on the severity of the attack. The ultimate goal is twofold: ensuring the reachability between nodes despite the changes and preventing the path followed by messages from being discovered.Universidad de Málaga. Campus de Excelencia Internacional Andalucía Tech

Engineering ambient visual sensors

Visual sensors are an indispensable prerequisite for those AmI environments that require a surveillance component. One practical issue concerns maximizing the operational longevity of such sensors as the operational lifetime of an AmI environment itself is dependent on that of its constituent components. In this paper, the intelligent agent paradigm is considered as a basis for managing a camera collective such that the conflicting demands of power usage optimization and system performance are reconciled

Robot swarming applications

This paper discusses the different modes of operation of a swarm of robots: (i) non-communicative swarming, (ii) communicative swarming, (iii) networking, (iv) olfactory-based navigation and (v) assistive swarming. I briefly present the state of the art in swarming and outline the major techniques applied for each mode of operation and discuss the related problems and expected results