3,752 research outputs found
The Challenges in SDN/ML Based Network Security : A Survey
Machine Learning is gaining popularity in the network security domain as many
more network-enabled devices get connected, as malicious activities become
stealthier, and as new technologies like Software Defined Networking (SDN)
emerge. Sitting at the application layer and communicating with the control
layer, machine learning based SDN security models exercise a huge influence on
the routing/switching of the entire SDN. Compromising the models is
consequently a very desirable goal. Previous surveys have been done on either
adversarial machine learning or the general vulnerabilities of SDNs but not
both. Through examination of the latest ML-based SDN security applications and
a good look at ML/SDN specific vulnerabilities accompanied by common attack
methods on ML, this paper serves as a unique survey, making a case for more
secure development processes of ML-based SDN security applications.Comment: 8 pages. arXiv admin note: substantial text overlap with
arXiv:1705.0056
Detection of advanced persistent threat using machine-learning correlation analysis
As one of the most serious types of cyber attack, Advanced Persistent Threats (APT) have caused major concerns on a global scale. APT refers to a persistent, multi-stage attack with the intention to compromise the system and gain information from the targeted system, which has the potential to cause significant damage and substantial financial loss. The accurate detection and prediction of APT is an ongoing challenge. This work proposes a novel machine learning-based system entitled MLAPT, which can accurately and rapidly detect and predict APT attacks in a systematic way. The MLAPT runs through three main phases: (1) Threat detection, in which eight methods have been developed to detect different techniques used during the various APT steps. The implementation and validation of these methods with real traffic is a significant contribution to the current body of research; (2) Alert correlation, in which a correlation framework is designed to link the outputs of the detection methods, aims to identify alerts that could be related and belong to a single APT scenario; and (3) Attack prediction, in which a machine learning-based prediction module is proposed based on the correlation framework output, to be used by the network security team to determine the probability of the early alerts to develop a complete APT attack. MLAPT is experimentally evaluated and the presented sy
Group-In: Group Inference from Wireless Traces of Mobile Devices
This paper proposes Group-In, a wireless scanning system to detect static or
mobile people groups in indoor or outdoor environments. Group-In collects only
wireless traces from the Bluetooth-enabled mobile devices for group inference.
The key problem addressed in this work is to detect not only static groups but
also moving groups with a multi-phased approach based only noisy wireless
Received Signal Strength Indicator (RSSIs) observed by multiple wireless
scanners without localization support. We propose new centralized and
decentralized schemes to process the sparse and noisy wireless data, and
leverage graph-based clustering techniques for group detection from short-term
and long-term aspects. Group-In provides two outcomes: 1) group detection in
short time intervals such as two minutes and 2) long-term linkages such as a
month. To verify the performance, we conduct two experimental studies. One
consists of 27 controlled scenarios in the lab environments. The other is a
real-world scenario where we place Bluetooth scanners in an office environment,
and employees carry beacons for more than one month. Both the controlled and
real-world experiments result in high accuracy group detection in short time
intervals and sampling liberties in terms of the Jaccard index and pairwise
similarity coefficient.Comment: This work has been funded by the EU Horizon 2020 Programme under
Grant Agreements No. 731993 AUTOPILOT and No.871249 LOCUS projects. The
content of this paper does not reflect the official opinion of the EU.
Responsibility for the information and views expressed therein lies entirely
with the authors. Proc. of ACM/IEEE IPSN'20, 202
Recommended from our members
A survey of intrusion detection techniques in Cloud
Cloud computing provides scalable, virtualized on-demand services to the end users with greater flexibility and lesser infrastructural investment. These services are provided over the Internet using known networking protocols, standards and formats under the supervision of different managements. Existing bugs and vulnerabilities in underlying technologies and legacy protocols tend to open doors for intrusion. This paper, surveys different intrusions affecting availability, confidentiality and integrity of Cloud resources and services. It examines proposals incorporating Intrusion Detection Systems (IDS) in Cloud and discusses various types and techniques of IDS and Intrusion Prevention Systems (IPS), and recommends IDS/IPS positioning in Cloud architecture to achieve desired security in the next generation networks
Command & Control: Understanding, Denying and Detecting - A review of malware C2 techniques, detection and defences
In this survey, we first briefly review the current state of cyber attacks,
highlighting significant recent changes in how and why such attacks are
performed. We then investigate the mechanics of malware command and control
(C2) establishment: we provide a comprehensive review of the techniques used by
attackers to set up such a channel and to hide its presence from the attacked
parties and the security tools they use. We then switch to the defensive side
of the problem, and review approaches that have been proposed for the detection
and disruption of C2 channels. We also map such techniques to widely-adopted
security controls, emphasizing gaps or limitations (and success stories) in
current best practices.Comment: Work commissioned by CPNI, available at c2report.org. 38 pages.
Listing abstract compressed from version appearing in repor
- …