19,398 research outputs found
Synthetic Data Generation and Defense in Depth Measurement of Web Applications
Measuring security controls across multiple layers of defense requires realistic data sets and repeatable experiments. However, data sets that are collected from real users often cannot be freely exchanged due to privacy and regulatory concerns. Synthetic datasets, which can be shared, have in the past had critical flaws or at best been one time collections of data focusing on a single layer or type of data. We present a framework for generating synthetic datasets with normal and attack data for web applications across multiple layers simultaneously. The framework is modular and designed for data to be easily recreated in order to vary parameters and allow for inline testing. We build a prototype data generator using the framework to generate nine datasets with data logged on four layers: network, file accesses, system calls, and database simultaneously. We then test nineteen security controls spanning all four layers to determine their sensitivity to dataset changes, compare performance even across layers, compare synthetic data to real production data, and calculate combined defense in depth performance of sets of controls
On Small Satellites for Oceanography: A Survey
The recent explosive growth of small satellite operations driven primarily
from an academic or pedagogical need, has demonstrated the viability of
commercial-off-the-shelf technologies in space. They have also leveraged and
shown the need for development of compatible sensors primarily aimed for Earth
observation tasks including monitoring terrestrial domains, communications and
engineering tests. However, one domain that these platforms have not yet made
substantial inroads into, is in the ocean sciences. Remote sensing has long
been within the repertoire of tools for oceanographers to study dynamic large
scale physical phenomena, such as gyres and fronts, bio-geochemical process
transport, primary productivity and process studies in the coastal ocean. We
argue that the time has come for micro and nano satellites (with mass smaller
than 100 kg and 2 to 3 year development times) designed, built, tested and
flown by academic departments, for coordinated observations with robotic assets
in situ. We do so primarily by surveying SmallSat missions oriented towards
ocean observations in the recent past, and in doing so, we update the current
knowledge about what is feasible in the rapidly evolving field of platforms and
sensors for this domain. We conclude by proposing a set of candidate ocean
observing missions with an emphasis on radar-based observations, with a focus
on Synthetic Aperture Radar.Comment: 63 pages, 4 figures, 8 table
Building an Emulation Environment for Cyber Security Analyses of Complex Networked Systems
Computer networks are undergoing a phenomenal growth, driven by the rapidly
increasing number of nodes constituting the networks. At the same time, the
number of security threats on Internet and intranet networks is constantly
growing, and the testing and experimentation of cyber defense solutions
requires the availability of separate, test environments that best emulate the
complexity of a real system. Such environments support the deployment and
monitoring of complex mission-driven network scenarios, thus enabling the study
of cyber defense strategies under real and controllable traffic and attack
scenarios. In this paper, we propose a methodology that makes use of a
combination of techniques of network and security assessment, and the use of
cloud technologies to build an emulation environment with adjustable degree of
affinity with respect to actual reference networks or planned systems. As a
byproduct, starting from a specific study case, we collected a dataset
consisting of complete network traces comprising benign and malicious traffic,
which is feature-rich and publicly available
Automating Cyberdeception Evaluation with Deep Learning
A machine learning-based methodology is proposed and implemented for conducting evaluations of cyberdeceptive defenses with minimal human involvement. This avoids impediments associated with deceptive research on humans, maximizing the efficacy of automated evaluation before human subjects research must be undertaken. Leveraging recent advances in deep learning, the approach synthesizes realistic, interactive, and adaptive traffic for consumption by target web services. A case study applies the approach to evaluate an intrusion detection system equipped with application-layer embedded deceptive responses to attacks. Results demonstrate that synthesizing adaptive web traffic laced with evasive attacks powered by ensemble learning, online adaptive metric learning, and novel class detection to simulate skillful adversaries constitutes a challenging and aggressive test of cyberdeceptive defenses
Towards a set of metrics to guide the generation of fake computer file systems
Fake file systems are used in the field of cyber deception to bait intruders and fool forensic investigators. File system researchers also frequently generate their own synthetic document repositories, due to data privacy and copyright concerns associated with experimenting on real-world corpora. For both these fields, realism is critical. Unfortunately, after creating a set of files and folders, there are no current testing standards that can be applied to validate their authenticity, or conversely, reliably automate their detection. This paper reviews the previous 30 years of file system surveys on real world corpora, to identify a set of discrete measures for generating synthetic file systems. Statistical distributions, such as size, age and lifetime of files, common file types, compression and duplication ratios, directory distribution and depth (and its relationship with numbers of files and sub-directories) were identified and the respective merits discussed. Additionally, this paper highlights notable absences in these surveys, which could be beneficial, such as analysing, on mass, the text content distribution, file naming habits, and comparing file access times against traditional working hours
Command & Control: Understanding, Denying and Detecting - A review of malware C2 techniques, detection and defences
In this survey, we first briefly review the current state of cyber attacks,
highlighting significant recent changes in how and why such attacks are
performed. We then investigate the mechanics of malware command and control
(C2) establishment: we provide a comprehensive review of the techniques used by
attackers to set up such a channel and to hide its presence from the attacked
parties and the security tools they use. We then switch to the defensive side
of the problem, and review approaches that have been proposed for the detection
and disruption of C2 channels. We also map such techniques to widely-adopted
security controls, emphasizing gaps or limitations (and success stories) in
current best practices.Comment: Work commissioned by CPNI, available at c2report.org. 38 pages.
Listing abstract compressed from version appearing in repor
- …