Ransomware Detection and Classification Strategies

Ransomware uses encryption methods to make data inaccessible to legitimate users. To date a wide range of ransomware families have been developed and deployed, causing immense damage to governments, corporations, and private users. As these cyberthreats multiply, researchers have proposed a range of ransomware detection and classification schemes. Most of these methods use advanced machine learning techniques to process and analyze real-world ransomware binaries and action sequences. Hence this paper presents a survey of this critical space and classifies existing solutions into several categories, i.e., including network-based, host-based, forensic characterization, and authorship attribution. Key facilities and tools for ransomware analysis are also presented along with open challenges.Comment: 9 pages, 2 figure

IoT Threat Detection Testbed Using Generative Adversarial Networks

The Internet of Things(IoT) paradigm provides persistent sensing and data collection capabilities and is becoming increasingly prevalent across many market sectors. However, most IoT devices emphasize usability and function over security, making them very vulnerable to malicious exploits. This concern is evidenced by the increased use of compromised IoT devices in large scale bot networks (botnets) to launch distributed denial of service(DDoS) attacks against high value targets. Unsecured IoT systems can also provide entry points to private networks, allowing adversaries relatively easy access to valuable resources and services. Indeed, these evolving IoT threat vectors (ranging from brute force attacks to remote code execution exploits) are posing key challenges. Moreover, many traditional security mechanisms are not amenable for deployment on smaller resource-constrained IoT platforms. As a result, researchers have been developing a range of methods for IoT security, with many strategies using advanced machine learning(ML) techniques. Along these lines, this paper presents a novel generative adversarial network(GAN) solution to detect threats from malicious IoT devices both inside and outside a network. This model is trained using both benign IoT traffic and global darknet data and further evaluated in a testbed with real IoT devices and malware threats.Comment: 8 pages, 5 figure

Content Accessibility in Optical Cloud Networks Under Targeted Link Cuts

One of the key enablers of the digital society is a highly reliable information infrastructure that can ensure resiliency to a wide range of failures and attacks. In cloud networks, replicas of various content are located at geographically distributed data centers, thus inherently enhancing cloud network reliability through diversification and redundancy of user accessibility to the content. However, cloud networks rely on optical network infrastructure which can be a target of deliberate link cuts that may cause service disruption on a massive scale. This paper investigates the dependency between the extent of damage caused by link cuts and a particular replica placement solution, as a fundamental prerequisite of resilient cloud network design that lacks systematic theoretical quantification and understanding. To quantify the vulnerability of optical cloud networks based on anycast communication to targeted link cuts, we propose a new metric called Average Content Accessibility (ACA). Using this metric, we analyze the impact of the number and the placement of content replicas on cloud network resiliency and identify the best and the worst case scenarios for networks of different sizes and connectivity. We evaluate the efficiency of simultaneous and sequential targeted link cuts, the latter reassessing link criticality between subsequent cuts to maximize disruption. Comparison with Average Two-Terminal Reliability (A2TR), an existing robustness measure for unicast networks, shows great discrepancy in the vulnerability results, indicating the need for new measures tailored to anycast-based networks.QC 20170529</p

Assessing the effects of physical layer attacks on content accessibility and latency in optical CDNs

Content Delivery Networks (CDNs) are a major enabler of large-scale content distribution for Internet applications. Many of these applications require high bandwidth and low latency for a satisfactory user experience, e.g., cloud gaming, augmented reality, tactile Internet and vehicular communications. Replication is one of the most prominent solutions to meet the requirements of latency-sensitive applications. However, infrastructure disruptions can greatly degrade the performance of such applications, or even cease their proper execution. The extent of degradation can be exacerbated by malicious attackers that target the critical elements of the CDN physical infrastructure to disconnect or severely degrade services.QC 20171002</p

RASCAR: Recovery-Aware Switch-Controller Assignment and Routing in SDN

Decoupling control and data planes in a software-defined network (SDN) has its advantages along with its challenges. Especially, resilient communication between elements in the data plane (switches) and in the control plane (controllers) is key to SDN's success as disruption of this communication after a failure can severely affect data-plane functions. After a failure, simultaneous recovery of all switch-controller communication paths (control paths) may not be possible, and multiple recovery stages may be required. Since restoration of disrupted data paths depends on the recovery of disrupted control paths feeding control information to switches, the performance of control-path recovery seriously affects data-path recovery performance. The assignment of controller to switches and the routing of controller-switch control paths are what determines the control-plane recovery performance, and hence should be performed in conjunction with a recovery plan after failures. This study proposes an algorithm for recovery-aware switch-controller assignment and routing (RASCAR), which enables fast data-path recovery after a set of failures (e.g., single point of failures and disasters). We formulate the problem as an integer linear program and propose an efficient heuristic algorithm to solve large problem instances. Our illustrative numerical studies show that RASCAR significantly reduces the data-path restoration times after any failure with a minor increase in resource consumption of control paths