27 research outputs found
Introducing a New Alert Data Set for Multi-Step Attack Analysis
Intrusion detection systems (IDS) reinforce cyber defense by autonomously
monitoring various data sources for traces of attacks. However, IDSs are also
infamous for frequently raising false positives and alerts that are difficult
to interpret without context. This results in high workloads on security
operators who need to manually verify all reported alerts, often leading to
fatigue and incorrect decisions. To generate more meaningful alerts and
alleviate these issues, the research domain focused on multi-step attack
analysis proposes approaches for filtering, clustering, and correlating IDS
alerts, as well as generation of attack graphs. Unfortunately, existing data
sets are outdated, unreliable, narrowly focused, or only suitable for IDS
evaluation. Since hardly any suitable benchmark data sets are publicly
available, researchers often resort to private data sets that prevent
reproducibility of evaluations. We therefore generate a new alert data set that
we publish alongside this paper. The data set contains alerts from three
distinct IDSs monitoring eight executions of a multi-step attack as well as
simulations of normal user behavior. To illustrate the potential of our data
set, we experiment with alert prioritization as well as two open-source tools
for meta-alert generation and attack graph extraction
Malicious URL Website Detection using Selective Hyper Feature Link Stability based on Soft-Max Deep Featured Convolution Neural Network
The web resource contains many domains with different users' Uniform Resource Locators (URLs). Due to the increasing amount of information on the Internet resource, malicious activities are done by hackers by expecting malicious websites in URL sub-links. Increasing information theft leads data sources to be vested in huge mediums. So, to analyze the web features to find the malicious webpage based on the deep learning approach, we propose a Selective Hyper Feature Link stability rate (SHFLSR) based on Soft-max Deep featured convolution neural network (SmDFCNN) for identifying the malicious website detection depends on the actions performed and its feature responses. Initially, the URL Signature Frame rate (USFR) is estimated to verify the domain-specific hosting. Then the link stability was confirmed by post-response rate using HyperLink stability post-response state (LSPRS). Depending upon the Spectral successive Domain propagation rate (S2DPR), the features were selected and trained with a deep neural classifier with a logically defined Softmax- Logical activator (SmLA) using Deep featured Convolution neural network (DFCNN). The proposed system performs a high-performance rate by detecting the malicious URL based on the behavioral response of the domain. It increases the detection rate, prediction rate, and classifier performance
Network-based APT profiler
Constant innovation in attack methods presents a significant problem for the security community which struggles to remain current in attack prevention, detection and response. The practice of threat hunting provides a proactive approach to identify and mitigate attacks in real-time before the attackers complete their objective. In this research, I present a matrix of adversary techniques inspired by MITRE’s ATT&CK matrix. This study allows threat hunters to classify the actions of advanced persistent threats (APTs) according to network-based behaviors
Cyber Security
This open access book constitutes the refereed proceedings of the 18th China Annual Conference on Cyber Security, CNCERT 2022, held in Beijing, China, in August 2022. The 17 papers presented were carefully reviewed and selected from 64 submissions. The papers are organized according to the following topical sections: ​​data security; anomaly detection; cryptocurrency; information security; vulnerabilities; mobile internet; threat intelligence; text recognition
Cyber Security
This open access book constitutes the refereed proceedings of the 18th China Annual Conference on Cyber Security, CNCERT 2022, held in Beijing, China, in August 2022. The 17 papers presented were carefully reviewed and selected from 64 submissions. The papers are organized according to the following topical sections: ​​data security; anomaly detection; cryptocurrency; information security; vulnerabilities; mobile internet; threat intelligence; text recognition
Cyber Security
This open access book constitutes the refereed proceedings of the 16th International Annual Conference on Cyber Security, CNCERT 2020, held in Beijing, China, in August 2020. The 17 papers presented were carefully reviewed and selected from 58 submissions. The papers are organized according to the following topical sections: access control; cryptography; denial-of-service attacks; hardware security implementation; intrusion/anomaly detection and malware mitigation; social network security and privacy; systems security