23,085 research outputs found
Detection of advanced persistent threat using machine-learning correlation analysis
As one of the most serious types of cyber attack, Advanced Persistent Threats (APT) have caused major concerns on a global scale. APT refers to a persistent, multi-stage attack with the intention to compromise the system and gain information from the targeted system, which has the potential to cause significant damage and substantial financial loss. The accurate detection and prediction of APT is an ongoing challenge. This work proposes a novel machine learning-based system entitled MLAPT, which can accurately and rapidly detect and predict APT attacks in a systematic way. The MLAPT runs through three main phases: (1) Threat detection, in which eight methods have been developed to detect different techniques used during the various APT steps. The implementation and validation of these methods with real traffic is a significant contribution to the current body of research; (2) Alert correlation, in which a correlation framework is designed to link the outputs of the detection methods, aims to identify alerts that could be related and belong to a single APT scenario; and (3) Attack prediction, in which a machine learning-based prediction module is proposed based on the correlation framework output, to be used by the network security team to determine the probability of the early alerts to develop a complete APT attack. MLAPT is experimentally evaluated and the presented sy
CAIR: Using Formal Languages to Study Routing, Leaking, and Interception in BGP
The Internet routing protocol BGP expresses topological reachability and
policy-based decisions simultaneously in path vectors. A complete view on the
Internet backbone routing is given by the collection of all valid routes, which
is infeasible to obtain due to information hiding of BGP, the lack of
omnipresent collection points, and data complexity. Commonly, graph-based data
models are used to represent the Internet topology from a given set of BGP
routing tables but fall short of explaining policy contexts. As a consequence,
routing anomalies such as route leaks and interception attacks cannot be
explained with graphs.
In this paper, we use formal languages to represent the global routing system
in a rigorous model. Our CAIR framework translates BGP announcements into a
finite route language that allows for the incremental construction of minimal
route automata. CAIR preserves route diversity, is highly efficient, and
well-suited to monitor BGP path changes in real-time. We formally derive
implementable search patterns for route leaks and interception attacks. In
contrast to the state-of-the-art, we can detect these incidents. In practical
experiments, we analyze public BGP data over the last seven years
Using the Pattern-of-Life in Networks to Improve the Effectiveness of Intrusion Detection Systems
The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.As the complexity of cyber-attacks keeps increasing, new and more robust detection mechanisms need to be developed. The next generation of Intrusion Detection Systems (IDSs) should be able to adapt their detection characteristics based not only on the measureable network traffic, but also on the available high- level information related to the protected network to improve their detection results. We make use of the Pattern-of-Life (PoL) of a network as the main source of high-level information, which is correlated with the time of the day and the usage of the network resources. We propose the use of a Fuzzy Cognitive Map (FCM) to incorporate the PoL into the detection process. The main aim of this work is to evidence the improved the detection performance of an IDS using an FCM to leverage on network related contextual information. The results that we present verify that the proposed method improves the effectiveness of our IDS by reducing the total number of false alarms; providing an improvement of 9.68% when all the considered metrics are combined and a peak improvement of up to 35.64%, depending on particular metric combination
Intrusion Detection Systems for Community Wireless Mesh Networks
Wireless mesh networks are being increasingly used to provide affordable network connectivity to communities where wired deployment strategies are either not possible or are prohibitively expensive. Unfortunately, computer networks (including mesh networks) are frequently being exploited by increasingly profit-driven and insidious attackers, which can affect their utility for legitimate use. In response to this, a number of countermeasures have been developed, including intrusion detection systems that aim to detect anomalous behaviour caused by attacks. We present a set of socio-technical challenges associated with developing an intrusion detection system for a community wireless mesh network. The attack space on a mesh network is particularly large; we motivate the need for and describe the challenges of adopting an asset-driven approach to managing this space. Finally, we present an initial design of a modular architecture for intrusion detection, highlighting how it addresses the identified challenges
Leveraging Personal Navigation Assistant Systems Using Automated Social Media Traffic Reporting
Modern urbanization is demanding smarter technologies to improve a variety of
applications in intelligent transportation systems to relieve the increasing
amount of vehicular traffic congestion and incidents. Existing incident
detection techniques are limited to the use of sensors in the transportation
network and hang on human-inputs. Despite of its data abundance, social media
is not well-exploited in such context. In this paper, we develop an automated
traffic alert system based on Natural Language Processing (NLP) that filters
this flood of information and extract important traffic-related bullets. To
this end, we employ the fine-tuning Bidirectional Encoder Representations from
Transformers (BERT) language embedding model to filter the related traffic
information from social media. Then, we apply a question-answering model to
extract necessary information characterizing the report event such as its exact
location, occurrence time, and nature of the events. We demonstrate the adopted
NLP approaches outperform other existing approach and, after effectively
training them, we focus on real-world situation and show how the developed
approach can, in real-time, extract traffic-related information and
automatically convert them into alerts for navigation assistance applications
such as navigation apps.Comment: This paper is accepted for publication in IEEE Technology Engineering
Management Society International Conference (TEMSCON'20), Metro Detroit,
Michigan (USA
Air Traffic Safety: continued evolution or a new Paradigm.
The context here is Transport Risk Management. Is the philosophy of Air Traffic Safety different from other modes of transport? â yes, in many ways, it is. The focus is on Air Traffic Management (ATM), covering (eg) air traffic control and airspace structures, which is the part of the aviation system that is most likely to be developed through new paradigms. The primary goal of the ATM system is to control accident risk. ATM safety has improved over the decades for many reasons, from better equipment to additional safety defences. But ATM safety targets, improving on current performance, are now extremely demanding. What are the past and current methodologies for ATM risk assessment; and will they work effectively for the kinds of future systems that people are now imagining and planning? The title contrasts âContinued Evolutionâ and a âNew Paradigmâ. How will system designers/operators assure safety with traffic growth and operational/technical changes that are more than continued evolution from the current system? What are the design implications for ânew paradigmsâ, such as the USAâs âNext Generation Air Transportation Systemâ (NextGen) and Europeâs Single European Sky ATM Research Programme (SESAR)? Achieving and proving safety for NextGen and SESAR is an enormously tough challenge. For example, it will need to cover system resilience, human/automation issues, software/hardware performance/ground/air protection systems. There will be a need for confidence building programmes regarding system design/resilience, eg Human-in-the-Loop simulations with âseeded errorsâ
- âŠ