Malware detection and prevention system based on multi-stage rules

The continuously rising Internet attacks pose severe challenges to develop an effective Intrusion Detection System (IDS) to detect known and unknown malicious attack. In order to address the problem of detecting known, unknown attacks and identify an attack grouped, the authors provide a new multi stage rules for detecting anomalies in multi-stage rules. The authors used the RIPPER for rule generation, which is capable to create rule sets more quickly and can determine the attack types with smaller numbers of rules. These rules would be efficient to apply for Signature Intrusion Detection System (SIDS) and Anomaly Intrusion Detection System (AIDS)

CACTUSS: Clustering of Attack Tracks using Significant Services

Network analysts are bombarded with large amounts of low level data, posing great challenges for them to differentiate and recognize critical multistage attacks. Multistage attacks are performed by hackers to compromise one or more machines in a network to gradually gain access to critical information or network operation hidden behind layers of firewall rules. These multistage attacks, composed of correlated Intrusion Detection System (IDS) alerts, can be diverse in the way they progress and penetrate the network. There exists no current literature defining how these diverse multistage attacks may be classified or categorized. This work aims to perform unsupervised learning to cluster and identify types of multistage attacks. Multistage attacks may attack services of different types, often indicating the behavior of attack penetration into the network. Divisive Hierarchical Clustering has been shown to effectively uncover underlying community structure of entities sharing similar features. This work investigates the use of attacked services as the feature and performs Divisive Hierarchical Clustering to identify groups of similar multistage attacks. The notion of social network analysis is leveraged to determine the optimal community structure with the highest modularity. The resulting clusters and dendrograms provide not only insights on characterizing multistage attacks, but also a means of reducing the data volume while enhancing the level of analysis. The outcomes of the proposed methodology are expected to improve situation awareness in the presence of many diverse multistage attacks

Similarity dan Peer Review Analysis on factors affecting consumers decision on purchasing simpletype houses

Body crematedhttps://stars.library.ucf.edu/cfm-ch-memoranda-1938/1084/thumbnail.jp

A Comprehensive Review on Adaptability of Network Forensics Frameworks for Mobile Cloud Computing

Network forensics enables investigation and identification of network attacks through the retrieved digital content. The proliferation of smartphones and the cost-effective universal data access through cloud has made Mobile Cloud Computing (MCC) a congenital target for network attacks. However, confines in carrying out forensics in MCC is interrelated with the autonomous cloud hosting companies and their policies for restricted access to the digital content in the back-end cloud platforms. It implies that existing Network Forensic Frameworks (NFFs) have limited impact in the MCC paradigm. To this end, we qualitatively analyze the adaptability of existing NFFs when applied to the MCC. Explicitly, the fundamental mechanisms of NFFs are highlighted and then analyzed using the most relevant parameters. A classification is proposed to help understand the anatomy of existing NFFs. Subsequently, a comparison is given that explores the functional similarities and deviations among NFFs. The paper concludes by discussing research challenges for progressive network forensics in MCC

Minimization of DDoS false alarm rate in Network Security; Refining fusion through correlation

Intrusion Detection Systems are designed to monitor a network environment and generate alerts whenever abnormal activities are detected. However, the number of these alerts can be very large making their evaluation a difficult task for a security analyst. Alert management techniques reduce alert volume significantly and potentially improve detection performance of an Intrusion Detection System. This thesis work presents a framework to improve the effectiveness and efficiency of an Intrusion Detection System by significantly reducing the false positive alerts and increasing the ability to spot an actual intrusion for Distributed Denial of Service attacks. Proposed sensor fusion technique addresses the issues relating the optimality of decision-making through correlation in multiple sensors framework. The fusion process is based on combining belief through Dempster Shafer rule of combination along with associating belief with each type of alert and combining them by using Subjective Logic based on Jøsang theory. Moreover, the reliability factor for any Intrusion Detection System is also addressed accordingly in order to minimize the chance of false diagnose of the final network state. A considerable number of simulations are conducted in order to determine the optimal performance of the proposed prototype