55 research outputs found
A comparative analysis of cyber-threat intelligence sources, formats and languages
The sharing of cyber-threat intelligence is an essential part of multi-layered tools used to protect systems and organisations from various threats. Structured standards, such as STIX, TAXII and CybOX, were introduced to provide a common means of sharing cyber-threat intelligence and have been subsequently much-heralded as the de facto industry standards. In this paper, we investigate the landscape of the available formats and languages, along with the publicly available sources of threat feeds, how these are implemented and their suitability for providing rich cyber-threat intelligence. We also analyse at a sample of cyber-threat intelligence feeds, the type of data they provide and the issues found in aggregating and sharing the data. Moreover, the type of data supported by various formats and languages is correlated with the data needs for several use cases related to typical security operations. The main conclusions drawn by our analysis suggest that many of the standards have a poor level of adoption and implementation, with providers opting for custom or traditional simple formats
IoT Malware Network Traffic Classification using Visual Representation and Deep Learning
With the increase of IoT devices and technologies coming into service,
Malware has risen as a challenging threat with increased infection rates and
levels of sophistication. Without strong security mechanisms, a huge amount of
sensitive data is exposed to vulnerabilities, and therefore, easily abused by
cybercriminals to perform several illegal activities. Thus, advanced network
security mechanisms that are able of performing a real-time traffic analysis
and mitigation of malicious traffic are required. To address this challenge, we
are proposing a novel IoT malware traffic analysis approach using deep learning
and visual representation for faster detection and classification of new
malware (zero-day malware). The detection of malicious network traffic in the
proposed approach works at the package level, significantly reducing the time
of detection with promising results due to the deep learning technologies used.
To evaluate our proposed method performance, a dataset is constructed which
consists of 1000 pcap files of normal and malware traffic that are collected
from different network traffic sources. The experimental results of Residual
Neural Network (ResNet50) are very promising, providing a 94.50% accuracy rate
for detection of malware traffic.Comment: 10 pages, 5 figures, 2 table
A machine-learning approach to Detect users' suspicious behaviour through the Facebook wall
Facebook represents the current de-facto choice for social media, changing
the nature of social relationships. The increasing amount of personal
information that runs through this platform publicly exposes user behaviour and
social trends, allowing aggregation of data through conventional intelligence
collection techniques such as OSINT (Open Source Intelligence). In this paper,
we propose a new method to detect and diagnose variations in overall Facebook
user psychology through Open Source Intelligence (OSINT) and machine learning
techniques. We are aggregating the spectrum of user sentiments and views by
using N-Games charts, which exhibit noticeable variations over time, validated
through long term collection. We postulate that the proposed approach can be
used by security organisations to understand and evaluate the user psychology,
then use the information to predict insider threats or prevent insider attacks.Comment: 8 page
A Novel Blockchain-based Trust Model for Cloud Identity Management
Secure and reliable management of identities has become one of the greatest
challenges facing cloud computing today, mainly due to the huge number of new
cloud-based applications generated by this model, which means more user
accounts, passwords, and personal information to provision, monitor, and
secure. Currently, identity federation is the most useful solution to overcome
the aforementioned issues and simplify the user experience by allowing
efficient authentication mechanisms and use of identity information from data
distributed across multiple domains. However, this approach creates
considerable complexity in managing trust relationships for both the cloud
service providers and their clients. Poor management of trust in federated
identity management systems brings with it many security, privacy and
interoperability issues, which contributes to the reluctance of organizations
to move their critical identity data to the cloud. In this paper, we aim to
address these issues by introducing a novel trust and identity management model
based on the Blockchain for cloud identity management with security and privacy
improvements
Agent-based Vs Agent-less Sandbox for Dynamic Behavioral Analysis
Malicious software is detected and classified by either static analysis or dynamic analysis. In static analysis, malware samples are reverse engineered and analyzed so that signatures of malware can be constructed. These techniques can be easily thwarted through polymorphic, metamorphic malware, obfuscation and packing techniques, whereas in dynamic analysis malware samples are executed in a controlled environment using the sandboxing technique, in order to model the behavior of malware. In this paper, we have analyzed Petya, Spyeye, VolatileCedar, PAFISH etc. through Agent-based and Agentless dynamic sandbox systems in order to investigate and benchmark their efficiency in advanced malware detection
- ā¦