3,128 research outputs found
Adversarial behaviours knowledge area
The technological advancements witnessed by our society in recent decades have brought
improvements in our quality of life, but they have also created a number of opportunities for
attackers to cause harm. Before the Internet revolution, most crime and malicious activity
generally required a victim and a perpetrator to come into physical contact, and this limited
the reach that malicious parties had. Technology has removed the need for physical contact
to perform many types of crime, and now attackers can reach victims anywhere in the world, as long as they are connected to the Internet. This has revolutionised the characteristics of crime and warfare, allowing operations that would not have been possible before. In this document, we provide an overview of the malicious operations that are happening on the Internet today. We first provide a taxonomy of malicious activities based on the attacker’s motivations and capabilities, and then move on to the technological and human elements that adversaries require to run a successful operation. We then discuss a number of frameworks that have been proposed to model malicious operations. Since adversarial behaviours are not a purely technical topic, we draw from research in a number of fields (computer science, criminology, war studies). While doing this, we discuss how these frameworks can be used by researchers and practitioners to develop effective mitigations against malicious online operations.Published versio
Applications of Machine Learning to Threat Intelligence, Intrusion Detection and Malware
Artificial Intelligence (AI) and Machine Learning (ML) are emerging technologies with applications to many fields. This paper is a survey of use cases of ML for threat intelligence, intrusion detection, and malware analysis and detection. Threat intelligence, especially attack attribution, can benefit from the use of ML classification. False positives from rule-based intrusion detection systems can be reduced with the use of ML models. Malware analysis and classification can be made easier by developing ML frameworks to distill similarities between the malicious programs. Adversarial machine learning will also be discussed, because while ML can be used to solve problems or reduce analyst workload, it also introduces new attack surfaces
Epidemic Spreading with External Agents
We study epidemic spreading processes in large networks, when the spread is
assisted by a small number of external agents: infection sources with bounded
spreading power, but whose movement is unrestricted vis-\`a-vis the underlying
network topology. For networks which are `spatially constrained', we show that
the spread of infection can be significantly speeded up even by a few such
external agents infecting randomly. Moreover, for general networks, we derive
upper-bounds on the order of the spreading time achieved by certain simple
(random/greedy) external-spreading policies. Conversely, for certain common
classes of networks such as line graphs, grids and random geometric graphs, we
also derive lower bounds on the order of the spreading time over all
(potentially network-state aware and adversarial) external-spreading policies;
these adversarial lower bounds match (up to logarithmic factors) the spreading
time achieved by an external agent with a random spreading policy. This
demonstrates that random, state-oblivious infection-spreading by an external
agent is in fact order-wise optimal for spreading in such spatially constrained
networks
Epidemic Thresholds with External Agents
We study the effect of external infection sources on phase transitions in
epidemic processes. In particular, we consider an epidemic spreading on a
network via the SIS/SIR dynamics, which in addition is aided by external agents
- sources unconstrained by the graph, but possessing a limited infection rate
or virulence. Such a model captures many existing models of externally aided
epidemics, and finds use in many settings - epidemiology, marketing and
advertising, network robustness, etc. We provide a detailed characterization of
the impact of external agents on epidemic thresholds. In particular, for the
SIS model, we show that any external infection strategy with constant virulence
either fails to significantly affect the lifetime of an epidemic, or at best,
sustains the epidemic for a lifetime which is polynomial in the number of
nodes. On the other hand, a random external-infection strategy, with rate
increasing linearly in the number of infected nodes, succeeds under some
conditions to sustain an exponential epidemic lifetime. We obtain similar sharp
thresholds for the SIR model, and discuss the relevance of our results in a
variety of settings.Comment: 12 pages, 2 figures (to appear in INFOCOM 2014
Applications of Machine Learning in Medical Prognosis Using Electronic Medical Records
Approximately 84 % of hospitals are adopting electronic medical records (EMR) In the United States. EMR is a vital resource to help clinicians diagnose the onset or predict the future condition of a specific disease. With machine learning advances, many research projects attempt to extract medically relevant and actionable data from massive EMR databases using machine learning algorithms. However, collecting patients\u27 prognosis factors from Electronic EMR is challenging due to privacy, sensitivity, and confidentiality. In this study, we developed medical generative adversarial networks (GANs) to generate synthetic EMR prognosis factors using minimal information collected during routine care in specialized healthcare facilities. The generated prognosis variables used in developing predictive models for (1) chronic wound healing in patients diagnosed with Venous Leg Ulcers (VLUs) and (2) antibiotic resistance in patients diagnosed with Skin and soft tissue infections (SSTIs). Our proposed medical GANs, EMR-TCWGAN and DermaGAN, can produce both continuous and categorical features from EMR. We utilized conditional training strategies to enhance training and generate classified data regarding healing vs. non-healing in EMR-TCWGAN and susceptibility vs. resistance in DermGAN. The ability of the proposed GAN models to generate realistic EMR data was evaluated by TSTR (test on the synthetic, train on the real), discriminative accuracy, and visualization. We analyzed the synthetic data augmentation technique\u27s practicality in improving the wound healing prognostic model and antibiotic resistance classifier. We achieved the area under the curve (AUC) of 0.875 in the wound healing prognosis model and an average AUC of 0.830 in the antibiotic resistance classifier by using the synthetic samples generated by GANs in the training process. These results suggest that GANs can be considered a data augmentation method to generate realistic EMR data
Practical Attacks Against Graph-based Clustering
Graph modeling allows numerous security problems to be tackled in a general
way, however, little work has been done to understand their ability to
withstand adversarial attacks. We design and evaluate two novel graph attacks
against a state-of-the-art network-level, graph-based detection system. Our
work highlights areas in adversarial machine learning that have not yet been
addressed, specifically: graph-based clustering techniques, and a global
feature space where realistic attackers without perfect knowledge must be
accounted for (by the defenders) in order to be practical. Even though less
informed attackers can evade graph clustering with low cost, we show that some
practical defenses are possible.Comment: ACM CCS 201
xLED: Covert Data Exfiltration from Air-Gapped Networks via Router LEDs
In this paper we show how attackers can covertly leak data (e.g., encryption
keys, passwords and files) from highly secure or air-gapped networks via the
row of status LEDs that exists in networking equipment such as LAN switches and
routers. Although it is known that some network equipment emanates optical
signals correlated with the information being processed by the device
('side-channel'), intentionally controlling the status LEDs to carry any type
of data ('covert-channel') has never studied before. A malicious code is
executed on the LAN switch or router, allowing full control of the status LEDs.
Sensitive data can be encoded and modulated over the blinking of the LEDs. The
generated signals can then be recorded by various types of remote cameras and
optical sensors. We provide the technical background on the internal
architecture of switches and routers (at both the hardware and software level)
which enables this type of attack. We also present amplitude and frequency
based modulation and encoding schemas, along with a simple transmission
protocol. We implement a prototype of an exfiltration malware and discuss its
design and implementation. We evaluate this method with a few routers and
different types of LEDs. In addition, we tested various receivers including
remote cameras, security cameras, smartphone cameras, and optical sensors, and
also discuss different detection and prevention countermeasures. Our experiment
shows that sensitive data can be covertly leaked via the status LEDs of
switches and routers at a bit rates of 10 bit/sec to more than 1Kbit/sec per
LED
- …