Tight Arms Race: Overview of Current Malware Threats and Trends in Their Detection

Cyber attacks are currently blooming, as the attackers reap significant profits from them and face a limited risk when compared to committing the "classical" crimes. One of the major components that leads to the successful compromising of the targeted system is malicious software. It allows using the victim's machine for various nefarious purposes, e.g., making it a part of the botnet, mining cryptocurrencies, or holding hostage the data stored there. At present, the complexity, proliferation, and variety of malware pose a real challenge for the existing countermeasures and require their constant improvements. That is why, in this paper we first perform a detailed meta-review of the existing surveys related to malware and its detection techniques, showing an arms race between these two sides of a barricade. On this basis, we review the evolution of modern threats in the communication networks, with a particular focus on the techniques employing information hiding. Next, we present the bird's eye view portraying the main development trends in detection methods with a special emphasis on the machine learning techniques. The survey is concluded with the description of potential future research directions in the field of malware detection

Intelligenza artificiale e sicurezza: opportunità, rischi e raccomandazioni

L'IA (o intelligenza artificiale) è una disciplina in forte espansione negli ultimi anni e lo sarà sempre più nel prossimo futuro: tuttavia è dal 1956 che l’IA studia l’emulazione dell’intelligenza da parte delle macchine, intese come software e in certi casi hardware. L’IA è nata dall’idea di costruire macchine che - ispirandosi ai processi legati all’intelligenza umana - siano in grado di risolvere problemi complessi, per i quali solitamente si ritiene che sia necessario un qualche tipo di ragionamento intelligente. La principale area di ricerca e applicazione attuale dell’IA è il machine learning (algoritmi che imparano e si adattano in base ai dati che ricevono), che negli ultimi anni ha trovato ampie applicazioni grazie alle reti neurali (modelli matematici composti da neuroni artificiali) che a loro volta hanno consentito la nascita del deep learning (reti neurali di maggiore complessità). Appartengono al mondo dell’IA anche i sistemi esperti, la visione artificiale, il riconoscimento vocale, l’elaborazione del linguaggio naturale, la robotica avanzata e alcune soluzioni di cybersecurity. Quando si parla di IA c'è chi ne è entusiasta pensando alle opportunità, altri sono preoccupati poiché temono tecnologie futuristiche di un mondo in cui i robot sostituiranno l'uomo, gli toglieranno il lavoro e decideranno al suo posto. In realtà l'IA è ampiamente utilizzata già oggi in molti campi, ad esempio nei cellulari, negli oggetti smart (IoT), nelle industry 4.0, per le smart city, nei sistemi di sicurezza informatica, nei sistemi di guida autonoma (drive o parking assistant), nei chat bot di vari siti web; questi sono solo alcuni esempi basati tutti su algoritmi tipici dell’intelligenza artificiale. Grazie all'IA le aziende possono avere svariati vantaggi nel fornire servizi avanzati, personalizzati, prevedere trend, anticipare le scelte degli utenti, ecc. Ma non è tutto oro quel che luccica: ci sono talvolta problemi tecnici, interrogativi etici, rischi di sicurezza, norme e legislazioni non del tutto chiare. Le organizzazioni che già adottano soluzioni basate sull’IA, o quelle che intendono farlo, potrebbero beneficiare di questa pubblicazione per approfondirne le opportunità, i rischi e le relative contromisure. La Community for Security del Clusit si augura che questa pubblicazione possa fornire ai lettori un utile quadro d’insieme di una realtà, come l’intelligenza artificiale, che ci accompagnerà sempre più nella vita personale, sociale e lavorativa.AI (or artificial intelligence) is a booming discipline in recent years and will be increasingly so in the near future.However, it is since 1956 that AI has been studying the emulation of intelligence by machines, understood as software and in some cases hardware. AI arose from the idea of building machines that-inspired by processes related to human intelligence-are able to solve complex problems, for which it is usually believed that some kind of intelligent reasoning is required. The main current area of AI research and application is machine learning (algorithms that learn and adapt based on the data they receive), which has found wide applications in recent years thanks to neural networks (mathematical models composed of artificial neurons), which in turn have enabled the emergence of deep learning (neural networks of greater complexity). Also belonging to the AI world are expert systems, computer vision, speech recognition, natural language processing, advanced robotics and some cybersecurity solutions. When it comes to AI there are those who are enthusiastic about it thinking of the opportunities, others are concerned as they fear futuristic technologies of a world where robots will replace humans, take away their jobs and make decisions for them. In reality, AI is already widely used in many fields, for example, in cell phones, smart objects (IoT), industries 4.0, for smart cities, cybersecurity systems, autonomous driving systems (drive or parking assistant), chat bots on various websites; these are just a few examples all based on typical artificial intelligence algorithms. Thanks to AI, companies can have a variety of advantages in providing advanced, personalized services, predicting trends, anticipating user choices, etc. But not all that glitters is gold: there are sometimes technical problems, ethical questions, security risks, and standards and legislation that are not entirely clear. Organizations already adopting AI-based solutions, or those planning to do so, could benefit from this publication to learn more about the opportunities, risks, and related countermeasures. Clusit's Community for Security hopes that this publication will provide readers with a useful overview of a reality, such as artificial intelligence, that will increasingly accompany us in our personal, social and working lives

Adversarial attacks against intrusion detection systems: Taxonomy, solutions and open issues

Intrusion Detection Systems (IDSs) are one of the key components for securing computing infrastructures. Their objective is to protect against attempts to violate defense mechanisms. Indeed, IDSs themselves are part of the computing infrastructure, and thus they may be attacked by the same adversaries they are designed to detect. This is a relevant aspect, especially in safety–critical environments, such as hospitals, aircrafts, nuclear power plants, etc. To the best of our knowledge, this survey is the first work to present an overview on adversarial attacks against IDSs. In particular, this paper will provide the following original contributions: (a) a general taxonomy of attack tactics against IDSs; (b) an extensive description of how such attacks can be implemented by exploiting IDS weaknesses at different abstraction levels; (c) for each attack implementation, a critical investigation of proposed solutions and open points. Finally, this paper will highlight the most promising research directions for the design of adversary-aware, harder-to-defeat IDS solutions. To this end, we leverage on our research experience in the field of intrusion detection, as well as on a thorough investigation of the relevant related works published so far

Intrusion Detection in Computer Systems using Multiple Classifer Systems

Multiple Classifier Systems (MCS) have been applied successfully in many different research fields, among them the detection of intrusions in computer systems. As an example, in the intrusion detection field, MCS may be motivated by the presence of different network protocols (and related services, with specific features), multiple concurrent network connections, distinct host applications and operating systems. In such a heterogeneous environment the MCS approach is particularly suitable, so that different MCS designs have been proposed. In this work we present an overview of different MCS paradigms used in the intrusion detection field, and discuss their peculiarities. In particular, MCS appear to be suited to the anomaly detection paradigm, where attacks are detected as anomalies when compared to a model of normal (legitimate) event patterns. In addition, MCS may be used to increase the robustness of Intrusion Detection System (IDS) against attacks to the IDS itself. Finally, a practical application of MCS for the designing of anomaly-based IDS is presented. © 2008 Springer-Verlag Berlin Heidelberg