442 research outputs found
Practical Attacks Against Graph-based Clustering
Graph modeling allows numerous security problems to be tackled in a general
way, however, little work has been done to understand their ability to
withstand adversarial attacks. We design and evaluate two novel graph attacks
against a state-of-the-art network-level, graph-based detection system. Our
work highlights areas in adversarial machine learning that have not yet been
addressed, specifically: graph-based clustering techniques, and a global
feature space where realistic attackers without perfect knowledge must be
accounted for (by the defenders) in order to be practical. Even though less
informed attackers can evade graph clustering with low cost, we show that some
practical defenses are possible.Comment: ACM CCS 201
Benchmark-Based Reference Model for Evaluating Botnet Detection Tools Driven by Traffic-Flow Analytics
Botnets are some of the most recurrent cyber-threats, which take advantage of the wide heterogeneity of endpoint devices at the Edge of the emerging communication environments for enabling the malicious enforcement of fraud and other adversarial tactics, including malware, data leaks or denial of service. There have been significant research advances in the development of accurate botnet detection methods underpinned on supervised analysis but assessing the accuracy and performance of such detection methods requires a clear evaluation model in the pursuit of
enforcing proper defensive strategies. In order to contribute to the mitigation of botnets, this paper
introduces a novel evaluation scheme grounded on supervised machine learning algorithms that enable the detection and discrimination of different botnets families on real operational environments. The proposal relies on observing, understanding and inferring the behavior of
each botnet family based on network indicators measured at flow-level. The assumed evaluation methodology contemplates six phases that allow building a detection model against botnet-related malware distributed through the network, for which five supervised classifiers were instantiated were instantiated for further comparisons—Decision Tree, Random Forest, Naive Bayes Gaussian,
Support Vector Machine and K-Neighbors. The experimental validation was performed on two public
datasets of real botnet traffic—CIC-AWS-2018 and ISOT HTTP Botnet. Bearing the heterogeneity of the datasets, optimizing the analysis with the Grid Search algorithm led to improve the classification results of the instantiated algorithms. An exhaustive evaluation was carried out demonstrating the adequateness of our proposal which prompted that Random Forest and Decision Tree models are the most suitable for detecting different botnet specimens among the chosen algorithms. They exhibited
higher precision rates whilst analyzing a large number of samples with less processing time.
The variety of testing scenarios were deeply assessed and reported to set baseline results for future benchmark analysis targeted on flow-based behavioral patterns
Benchmark-Based Reference Model for Evaluating Botnet Detection Tools Driven by Traffic-Flow Analytics
Botnets are some of the most recurrent cyber-threats, which take advantage of the wide
heterogeneity of endpoint devices at the Edge of the emerging communication environments for
enabling the malicious enforcement of fraud and other adversarial tactics, including malware, data
leaks or denial of service. There have been significant research advances in the development of
accurate botnet detection methods underpinned on supervised analysis but assessing the accuracy
and performance of such detection methods requires a clear evaluation model in the pursuit of
enforcing proper defensive strategies. In order to contribute to the mitigation of botnets, this paper
introduces a novel evaluation scheme grounded on supervised machine learning algorithms that
enable the detection and discrimination of different botnets families on real operational
environments. The proposal relies on observing, understanding and inferring the behavior of each
botnet family based on network indicators measured at flow-level. The assumed evaluation
methodology contemplates six phases that allow building a detection model against botnet-related
malware distributed through the network, for which five supervised classifiers were instantiated
were instantiated for further comparisons—Decision Tree, Random Forest, Naive Bayes Gaussian,
Support Vector Machine and K-Neighbors. The experimental validation was performed on two public
datasets of real botnet traffic—CIC-AWS-2018 and ISOT HTTP Botnet. Bearing the heterogeneity of
the datasets, optimizing the analysis with the Grid Search algorithm led to improve the classification
results of the instantiated algorithms. An exhaustive evaluation was carried out demonstrating the
adequateness of our proposal which prompted that Random Forest and Decision Tree models are the
most suitable for detecting different botnet specimens among the chosen algorithms. They exhibited
higher precision rates whilst analyzing a large number of samples with less processing time. The
variety of testing scenarios were deeply assessed and reported to set baseline results for future
benchmark analysis targeted on flow-based behavioral patterns
Intelligent Detection and Recovery from Cyberattacks for Small and Medium-Sized Enterprises
Cyberattacks threaten continuously computer security in companies. These attacks evolve everyday, being more and more sophisticated and robust. In addition, they take advantage of security breaches in organizations and companies, both public and private. Small and Medium-sized Enterprises (SME), due to their structure and economic characteristics, are particularly damaged when a cyberattack takes place. Although organizations and companies put lots of efforts in implementing security solutions, they are not always effective. This is specially relevant for SMEs, which do not have enough economic resources to introduce such solutions. Thus, there is a need of providing SMEs with affordable, intelligent security systems with the ability of detecting and recovering from the most detrimental attacks. In this paper, we propose an intelligent cybersecurity platform, which has been designed with the objective of helping SMEs to make their systems and network more secure. The aim of this platform is to provide a solution optimizing detection and recovery from attacks. To do this, we propose the application of proactive security techniques in combination with both Machine Learning (ML) and blockchain. Our proposal is enclosed in the IASEC project, which allows providing security in each of the phases of an attack. Like this, we help SMEs in prevention, avoiding systems and network from being attacked; detection, identifying when there is something potentially harmful for the systems; containment, trying to stop the effects of an attack; and response, helping to recover the systems to a normal state
Command & Control: Understanding, Denying and Detecting - A review of malware C2 techniques, detection and defences
In this survey, we first briefly review the current state of cyber attacks,
highlighting significant recent changes in how and why such attacks are
performed. We then investigate the mechanics of malware command and control
(C2) establishment: we provide a comprehensive review of the techniques used by
attackers to set up such a channel and to hide its presence from the attacked
parties and the security tools they use. We then switch to the defensive side
of the problem, and review approaches that have been proposed for the detection
and disruption of C2 channels. We also map such techniques to widely-adopted
security controls, emphasizing gaps or limitations (and success stories) in
current best practices.Comment: Work commissioned by CPNI, available at c2report.org. 38 pages.
Listing abstract compressed from version appearing in repor
- …