发布求助
文献互助 智能选刊 最新文献

Proceedings of the 14th Cyber Security Experimentation and Test Workshop最新文献

筛选
英文 中文
Towards Labeling On-Demand IoT Traffic 面向按需标注物联网流量
Proceedings of the 14th Cyber Security Experimentation and Test Workshop Pub Date : 2021-08-09 DOI: 10.1145/3474718.3474727
Daniel Campos, T. OConnor
{"title":"Towards Labeling On-Demand IoT Traffic","authors":"Daniel Campos, T. OConnor","doi":"10.1145/3474718.3474727","DOIUrl":"https://doi.org/10.1145/3474718.3474727","url":null,"abstract":"A lack of transparency has accompanied the rapid proliferation of Internet of Things (IoT) devices. To this end, a growing body of work exists to classify IoT device traffic to identify unexpected or surreptitious device activity. However, this work requires fine-grained labeled datasets of device activity. This paper proposes a holistic approach for IoT device traffic collection and automated event labeling. Our work paves the way for future research by thoroughly examining different techniques for synthesizing and labeling on-demand traffic from IoT sensors and actuators. To demonstrate this approach, we instrumented a smart home environment consisting of 57 IoT devices spanning cameras, doorbells, locks, alarm systems, lights, plugs, environmental sensors, and hubs. We publish an open-source dataset consisting of 16,686 labeled events over 468,933 network flows. Our results indicate that vendor APIs, trigger-action frameworks, and companion notifications can be used to generate scientifically valuable labeled datasets of IoT traffic.","PeriodicalId":128435,"journal":{"name":"Proceedings of the 14th Cyber Security Experimentation and Test Workshop","volume":"2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-08-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115175477","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Proceedings of the 14th Cyber Security Experimentation and Test Workshop 第十四届网络安全实验与测试研讨会论文集
Proceedings of the 14th Cyber Security Experimentation and Test Workshop Pub Date : 2021-08-09 DOI: 10.1145/3474718
{"title":"Proceedings of the 14th Cyber Security Experimentation and Test Workshop","authors":"","doi":"10.1145/3474718","DOIUrl":"https://doi.org/10.1145/3474718","url":null,"abstract":"","PeriodicalId":128435,"journal":{"name":"Proceedings of the 14th Cyber Security Experimentation and Test Workshop","volume":"48 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-08-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115780776","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
D2U: Data Driven User Emulation for the Enhancement of Cyber Testing, Training, and Data Set Generation D2U:用于增强网络测试、培训和数据集生成的数据驱动用户仿真
Proceedings of the 14th Cyber Security Experimentation and Test Workshop Pub Date : 2021-08-09 DOI: 10.1145/3474718.3475718
Sean Oesch, R. A. Bridges, Miki E. Verma, Brian Weber, O. Diallo
{"title":"D2U: Data Driven User Emulation for the Enhancement of Cyber Testing, Training, and Data Set Generation","authors":"Sean Oesch, R. A. Bridges, Miki E. Verma, Brian Weber, O. Diallo","doi":"10.1145/3474718.3475718","DOIUrl":"https://doi.org/10.1145/3474718.3475718","url":null,"abstract":"Whether testing intrusion detection systems, conducting training exercises, or creating data sets to be used by the broader cybersecurity community, realistic user behavior is a critical component of a cyber range. Existing methods either rely on network level data or replay recorded user actions to approximate real users in a network. Our work produces generative models trained on actual user data (sequences of application usage) collected from endpoints. Once trained to the user’s behavioral data, these models can generate novel sequences of actions from the same distribution as the training data. These sequences of actions are then fed to our custom software via configuration files, which replicate those behaviors on end devices. Notably, our models are platform agnostic and could generate behavior data for any emulation software package. In this paper we present our model generation process, software architecture, and an investigation of the fidelity of our models. Specifically, we consider two different representations of the behavioral sequences, on which three standard generative models for sequential data—Markov Chain, Hidden Markov Model, and Random Surfer—are employed. Additionally, we examine adding a latent variable to faithfully capture time-of-day trends. Best results are observed when sampling a unique next behavior (regardless of the specific sequential model used) and the duration to take the behavior, paired with the temporal latent variable. Our software is currently deployed in a cyber range to help evaluate the efficacy of defensive cyber technologies, and we suggest additional ways that the cyber community as a whole can benefit from more realistic user behavior emulation.","PeriodicalId":128435,"journal":{"name":"Proceedings of the 14th Cyber Security Experimentation and Test Workshop","volume":"29 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-08-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116455199","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Case Studies in Experiment Design on a minimega Based Network Emulation Testbed 微型网络仿真试验台实验设计实例研究
Proceedings of the 14th Cyber Security Experimentation and Test Workshop Pub Date : 2021-08-09 DOI: 10.1145/3474718.3474730
Brian Kocoloski, Alefiya Hussain, Matthew Troglia, Calvin Ardi, Steven Cheng, D. DeAngelis, Christopher Symonds, Michael Collins, R. Goodfellow, S. Schwab
{"title":"Case Studies in Experiment Design on a minimega Based Network Emulation Testbed","authors":"Brian Kocoloski, Alefiya Hussain, Matthew Troglia, Calvin Ardi, Steven Cheng, D. DeAngelis, Christopher Symonds, Michael Collins, R. Goodfellow, S. Schwab","doi":"10.1145/3474718.3474730","DOIUrl":"https://doi.org/10.1145/3474718.3474730","url":null,"abstract":"This paper describe our team’s experience using minimega, a network emulation system using node and network virtualization, to support evaluation of a set of networked and distributed systems for topology discovery, traffic classification and engineering in the DARPA Searchlight program [18]. We present the methodology we developed to encode network and traffic definitions into an experiment description model, and how our tools compile this model onto the underlying minimega API. We then present three cases studies which demonstrate the ability of our EDM to support experiments with diverse network topologies, diverse traffic mixes, and networks with specialized layer-2 connectivity requirements. We conclude with the overall takeaways from using minimega to support our evaluation process.","PeriodicalId":128435,"journal":{"name":"Proceedings of the 14th Cyber Security Experimentation and Test Workshop","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-08-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116838510","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Getting to the HART of the Matter: An Evaluation of Real-World Safety System OT/IT Interfaces, Attacks, and Countermeasures 达到问题的核心:对现实世界安全系统OT/IT接口、攻击和对策的评估
Proceedings of the 14th Cyber Security Experimentation and Test Workshop Pub Date : 2021-08-09 DOI: 10.1145/3474718.3474726
L. Tinnel, Michael E. Cochrane
{"title":"Getting to the HART of the Matter: An Evaluation of Real-World Safety System OT/IT Interfaces, Attacks, and Countermeasures","authors":"L. Tinnel, Michael E. Cochrane","doi":"10.1145/3474718.3474726","DOIUrl":"https://doi.org/10.1145/3474718.3474726","url":null,"abstract":"This paper discusses our experience evaluating attack paths and security controls in commonly used, real-world ICS safety system architectures. Specifically, we sought to determine if an SIS-mediated architecture could provide better protection against unauthorized and malicious safety instrument configuration changes than could a MUX-mediated architecture. An assessment question-driven approach was layered on top of standard penetration assessment methods. Test cases were planned around the questions and a sample set of vendor products typically used in the oil and gas sector. Four systems were composed from different product subsets and were assessed using the test cases. We analyzed results from the four assessments to illuminate issues that existed regardless of system composition. Analysis revealed recurring vulnerabilities that exist in all safety systems due to issues in the design of safety instruments and the HART protocol. We found that device-native hardware write-protections provide the best defense, followed by SIS write protections. We concluded that, when using SIS security controls, an SIS-mediated system can protect against unauthorized device reconfigurations better than can a MUX-based system. When SIS security controls are not used, there is no added security benefit. We present lessons learned for ICS stakeholders and for people who are interested in conducting this kind of evaluation.","PeriodicalId":128435,"journal":{"name":"Proceedings of the 14th Cyber Security Experimentation and Test Workshop","volume":"25 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-08-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132145434","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Through the Spyglass: Towards IoT Companion App Man-in-the-Middle Attacks 通过望远镜:对物联网配套应用程序的中间人攻击
Proceedings of the 14th Cyber Security Experimentation and Test Workshop Pub Date : 2021-08-09 DOI: 10.1145/3474718.3474729
T. OConnor, D. Jessee, Daniel Campos
{"title":"Through the Spyglass: Towards IoT Companion App Man-in-the-Middle Attacks","authors":"T. OConnor, D. Jessee, Daniel Campos","doi":"10.1145/3474718.3474729","DOIUrl":"https://doi.org/10.1145/3474718.3474729","url":null,"abstract":"The lack of mature development in smart home companion applications complicates Internet of Things (IoT) security and privacy. Companion applications offer transparency and control for smart home devices that otherwise lack displays or interfaces. We access our smart home devices through a distributed communication architecture that seamlessly integrates smart home devices, cloud-based servers, and our mobile devices. This paper seeks to better understand IoT security and privacy by studying the design flaws of this distributed communications channel for smart home devices. To understand this, we then assess the vulnerability of 20 popular smart home vendors to this attack. Our analysis discovers pervasive failures in the distributed communications channels across 16 different vendors. A successful attack allows adversaries to conceal device users, manipulate the state of locks, spoof camera images, and manipulate history log files. While our work uncovers pervasive failures, vendors can take measures to improve confidentiality and integrity in smart home devices and their applications.","PeriodicalId":128435,"journal":{"name":"Proceedings of the 14th Cyber Security Experimentation and Test Workshop","volume":"29 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-08-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133589787","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
Combat Security Alert Fatigue with AI-Assisted Techniques 利用人工智能辅助技术消除安全警报疲劳
Proceedings of the 14th Cyber Security Experimentation and Test Workshop Pub Date : 2021-08-09 DOI: 10.1145/3474718.3474723
Tao Ban, Samuel Ndichu, Takeshi Takahashi, D. Inoue
{"title":"Combat Security Alert Fatigue with AI-Assisted Techniques","authors":"Tao Ban, Samuel Ndichu, Takeshi Takahashi, D. Inoue","doi":"10.1145/3474718.3474723","DOIUrl":"https://doi.org/10.1145/3474718.3474723","url":null,"abstract":"The main challenge for security information and event management (SIEM) is to find critical security incidents among a huge number of false alerts generated from separate security products. To address the alert fatigue problem that is common for security experts operating the SIEM, we propose a new alert screening scheme that leverages artificial intelligence (AI)-assisted tools to distinguish actual threats from false alarms without investigating every alert. The proposed scheme incorporates carefully chosen learning algorithms and newly designed visualization tools to facilitate speedy alert analysis and incident response. The proposed scheme is evaluated on an alert dataset collected in the security operation center of an enterprise. With a recall rate of 99.598% for highly critical alerts and a false positive rate of 0.001% reported, the proposed scheme demonstrated very promising potential for real world security operations. We believe the proposed scheme is effective in addressing the alert fatigue problem, and therefore paves the way for a consolidated security solution for network security at the enterprise level.","PeriodicalId":128435,"journal":{"name":"Proceedings of the 14th Cyber Security Experimentation and Test Workshop","volume":"78 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-08-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128397960","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 18
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信