发布求助
文献互助 智能选刊 最新文献

Digital Threats: Research and Practice最新文献

筛选
英文 中文
Web Application Security: A Pragmatic Exposé 网络应用安全:务实揭秘
Digital Threats: Research and Practice Pub Date : 2024-02-07 DOI: 10.1145/3644394
Clement C. Aladi
{"title":"Web Application Security: A Pragmatic Exposé","authors":"Clement C. Aladi","doi":"10.1145/3644394","DOIUrl":"https://doi.org/10.1145/3644394","url":null,"abstract":"\u0000 Many individuals, organizations, and industries rely on web applications for the daily operations of their businesses. With the increasing deployment and dependence on these applications, significant attention has been directed towards developing more accurate and secure mechanisms to safeguard them from malicious web-based attacks. The slow adoption of the latest security protocols, coupled with the utilization of inaccurate and inadequately tested security measures, has hindered the establishment of efficient and effective security measures for web apps. This paper reviews recent research and their recommendations for web security over the last four years. It identifies code injection as one of the recent most prevalent web-based attacks. The recommendations presented in this paper offer a practical guide, enabling individuals and security personnel across various industries and organizations to implement tested and proven security measures for web applications. Furthermore, it serves as a roadmap for security developers, aiding them in creating more accurate and quantifiable measures and mechanisms for web security\u0000 .\u0000","PeriodicalId":202552,"journal":{"name":"Digital Threats: Research and Practice","volume":"75 4","pages":""},"PeriodicalIF":0.0,"publicationDate":"2024-02-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139855473","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
A Machine Learning and Optimization Framework for Efficient Alert Management in a Cybersecurity Operations Center 网络安全运营中心高效警报管理的机器学习和优化框架
Digital Threats: Research and Practice Pub Date : 2024-02-05 DOI: 10.1145/3644393
Jalal Ghadermazi, Ankit Shah, Sushil Jajodia
{"title":"A Machine Learning and Optimization Framework for Efficient Alert Management in a Cybersecurity Operations Center","authors":"Jalal Ghadermazi, Ankit Shah, Sushil Jajodia","doi":"10.1145/3644393","DOIUrl":"https://doi.org/10.1145/3644393","url":null,"abstract":"Cybersecurity operations centers (CSOCs) protect organizations by monitoring network traffic and detecting suspicious activities in the form of alerts. The security response team within CSOCs is responsible for investigating and mitigating alerts. However, an imbalance between alert volume and available analysts creates a backlog, putting the network at risk of exploitation. Recent research has focused on improving the alert management process by triaging alerts, optimizing analyst scheduling, and reducing analyst workload through systematic discarding of alerts. However, these works overlook the delays caused in alert investigations by several factors, including: (i) False or benign alerts contributing to the backlog. (ii) Analysts experiencing cognitive burden from repeatedly reviewing unrelated alerts. (iii) Analysts being assigned to alerts that do not match well with their expertise. We propose a novel framework that considers these factors and utilizes machine learning and mathematical optimization methods to dynamically improve throughput during work shifts. The framework achieves efficiency by automating the identification and removal of a portion of benign alerts, forming clusters of similar alerts, and assigning analysts to alerts with matching attributes. Experiments conducted using real-world CSOC data demonstrate a 60.16% reduction in the alert backlog for an 8-hour work shift compared to currently employed approach.","PeriodicalId":202552,"journal":{"name":"Digital Threats: Research and Practice","volume":"30 6","pages":""},"PeriodicalIF":0.0,"publicationDate":"2024-02-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139804195","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
A Machine Learning and Optimization Framework for Efficient Alert Management in a Cybersecurity Operations Center 网络安全运营中心高效警报管理的机器学习和优化框架
Digital Threats: Research and Practice Pub Date : 2024-02-05 DOI: 10.1145/3644393
Jalal Ghadermazi, Ankit Shah, Sushil Jajodia
{"title":"A Machine Learning and Optimization Framework for Efficient Alert Management in a Cybersecurity Operations Center","authors":"Jalal Ghadermazi, Ankit Shah, Sushil Jajodia","doi":"10.1145/3644393","DOIUrl":"https://doi.org/10.1145/3644393","url":null,"abstract":"Cybersecurity operations centers (CSOCs) protect organizations by monitoring network traffic and detecting suspicious activities in the form of alerts. The security response team within CSOCs is responsible for investigating and mitigating alerts. However, an imbalance between alert volume and available analysts creates a backlog, putting the network at risk of exploitation. Recent research has focused on improving the alert management process by triaging alerts, optimizing analyst scheduling, and reducing analyst workload through systematic discarding of alerts. However, these works overlook the delays caused in alert investigations by several factors, including: (i) False or benign alerts contributing to the backlog. (ii) Analysts experiencing cognitive burden from repeatedly reviewing unrelated alerts. (iii) Analysts being assigned to alerts that do not match well with their expertise. We propose a novel framework that considers these factors and utilizes machine learning and mathematical optimization methods to dynamically improve throughput during work shifts. The framework achieves efficiency by automating the identification and removal of a portion of benign alerts, forming clusters of similar alerts, and assigning analysts to alerts with matching attributes. Experiments conducted using real-world CSOC data demonstrate a 60.16% reduction in the alert backlog for an 8-hour work shift compared to currently employed approach.","PeriodicalId":202552,"journal":{"name":"Digital Threats: Research and Practice","volume":"37 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2024-02-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139864173","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Introduction to the Special Issue on Information Sharing 信息共享特刊导言
Digital Threats: Research and Practice Pub Date : 2024-01-17 DOI: 10.1145/3635391
Angel Hueca, Sharon Mudd, Timothy Shimeall
{"title":"Introduction to the Special Issue on Information Sharing","authors":"Angel Hueca, Sharon Mudd, Timothy Shimeall","doi":"10.1145/3635391","DOIUrl":"https://doi.org/10.1145/3635391","url":null,"abstract":"","PeriodicalId":202552,"journal":{"name":"Digital Threats: Research and Practice","volume":"35 5","pages":"1 - 2"},"PeriodicalIF":0.0,"publicationDate":"2024-01-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139527092","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
A Survey on Network Attack Surface Mapping 网络攻击面映射调查
Digital Threats: Research and Practice Pub Date : 2024-01-10 DOI: 10.1145/3640019
D. Everson, Long Cheng
{"title":"A Survey on Network Attack Surface Mapping","authors":"D. Everson, Long Cheng","doi":"10.1145/3640019","DOIUrl":"https://doi.org/10.1145/3640019","url":null,"abstract":"Network services are processes running on a system with network exposure. A key activity for any network defender, penetration tester, or red team is network attack surface mapping, the act of detecting and categorizing those services through which a threat actor could attempt malicious activity. Many tools have arisen over the years to probe, identify, and classify these services for information and vulnerabilities. In this paper, we survey network attack surface mapping by reviewing several prominent tools and their features and then discussing recent works reflecting unique research using those tools. We conclude by covering several promising directions for future research.","PeriodicalId":202552,"journal":{"name":"Digital Threats: Research and Practice","volume":"3 8","pages":""},"PeriodicalIF":0.0,"publicationDate":"2024-01-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139440044","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Multi-SpacePhish: Extending the Evasion-space of Adversarial Attacks against Phishing Website Detectors using Machine Learning 多空间网络钓鱼:利用机器学习扩展针对钓鱼网站检测器的对抗性攻击的规避空间
Digital Threats: Research and Practice Pub Date : 2023-12-20 DOI: 10.1145/3638253
Ying Yuan, Giovanni Apruzzese, Mauro Conti
{"title":"Multi-SpacePhish: Extending the Evasion-space of Adversarial Attacks against Phishing Website Detectors using Machine Learning","authors":"Ying Yuan, Giovanni Apruzzese, Mauro Conti","doi":"10.1145/3638253","DOIUrl":"https://doi.org/10.1145/3638253","url":null,"abstract":"Existing literature on adversarial Machine Learning (ML) focuses either on showing attacks that break every ML model, or defenses that withstand most attacks. Unfortunately, little consideration is given to the actual feasibility of the attack or the defense. Moreover, adversarial samples are often crafted in the “feature-space”, making the corresponding evaluations of questionable value. Simply put, the current situation does not allow to estimate the actual threat posed by adversarial attacks, leading to a lack of secure ML systems. We aim to clarify such confusion in this paper. By considering the application of ML for Phishing Website Detection (PWD), we formalize the “evasion-space” in which an adversarial perturbation can be introduced to fool an ML-PWD—demonstrating that even perturbations in the “feature-space” are useful. Then, we propose a realistic threat model describing evasion attacks against ML-PWD that are cheap to stage, and hence intrinsically more attractive for real phishers. After that, we perform the first statistically validated assessment of state-of-the-art ML-PWD against 12 evasion attacks. Our evaluation shows (i) the true efficacy of evasion attempts that are more likely to occur; and (ii) the impact of perturbations crafted in different evasion-spaces; Our realistic evasion attempts induce a statistically significant degradation (3–10% at p < 0.05), and their cheap cost makes them a subtle threat. Notably, however, some ML-PWD are immune to our most realistic attacks (p=0.22). Finally, as an additional contribution of this journal publication, we are the first to propose and empirically evaluate the intriguing case wherein an attacker introduces perturbations in multiple evasion-spaces at the same time. These new results show that simultaneously applying perturbations in the problem- and feature-space can cause a drop in the detection rate from 0.95 to 0. Our contribution paves the way for a much-needed re-assessment of adversarial attacks against ML systems for cybersecurity.","PeriodicalId":202552,"journal":{"name":"Digital Threats: Research and Practice","volume":"25 10","pages":""},"PeriodicalIF":0.0,"publicationDate":"2023-12-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"138955882","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Spacelord: Private and Secure Smart Space Sharing Spacelord:私密安全的智能空间共享
Digital Threats: Research and Practice Pub Date : 2023-12-19 DOI: 10.1145/3637879
Yechan Bae, Sarbartha Banerjee, Sangho Lee, Marcus Peinado
{"title":"Spacelord: Private and Secure Smart Space Sharing","authors":"Yechan Bae, Sarbartha Banerjee, Sangho Lee, Marcus Peinado","doi":"10.1145/3637879","DOIUrl":"https://doi.org/10.1145/3637879","url":null,"abstract":"Space sharing services like vacation rentals and meeting rooms are being equipped with smart devices such as cameras, door locks and many other sensors. However, the sharing of such devices poses privacy and security problems, as there is typically no clear control transfer between owners and users. In this paper, we propose Spacelord, a system to time-share smart devices contained in a shared space privately and securely while allowing users to configure them. When a user stays at a space, Spacelord ensures that the smart devices contained in it run code and configurations the user trusts while removing pre-installed code and configurations. When the user leaves the space, Spacelord reverts any changes the user has introduced to the smart devices, deletes any remaining private data and lets the owner take back control over the devices. We evaluate Spacelord for two realistic space-sharing cases—smart home and coworking meeting room—and observe smart space provisioning delays of ∼ 82 s across three different platforms. Moreover, the average runtime overhead of our system varies from 7.8% to 11.8% across different hub hardware, running native applications.","PeriodicalId":202552,"journal":{"name":"Digital Threats: Research and Practice","volume":" 17","pages":""},"PeriodicalIF":0.0,"publicationDate":"2023-12-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"138961355","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Introduction to the Special Issue on Ransomware 勒索软件特刊简介
Digital Threats: Research and Practice Pub Date : 2023-11-17 DOI: 10.1145/3629999
Budi Arief, Lena Connolly, Julio Hernandez-Castro, Allan Liska, Peter Y A. Ryan
{"title":"Introduction to the Special Issue on Ransomware","authors":"Budi Arief, Lena Connolly, Julio Hernandez-Castro, Allan Liska, Peter Y A. Ryan","doi":"10.1145/3629999","DOIUrl":"https://doi.org/10.1145/3629999","url":null,"abstract":"","PeriodicalId":202552,"journal":{"name":"Digital Threats: Research and Practice","volume":"64 10","pages":""},"PeriodicalIF":0.0,"publicationDate":"2023-11-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139262841","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Unveiling the Threat: Investigating Distributed and Centralized Backdoor Attacks in Federated Graph Neural Networks 揭示威胁:研究联盟图神经网络中的分布式和集中式后门攻击
Digital Threats: Research and Practice Pub Date : 2023-11-16 DOI: 10.1145/3633206
Jing Xu, Stefanos Koffas, S. Picek
{"title":"Unveiling the Threat: Investigating Distributed and Centralized Backdoor Attacks in Federated Graph Neural Networks","authors":"Jing Xu, Stefanos Koffas, S. Picek","doi":"10.1145/3633206","DOIUrl":"https://doi.org/10.1145/3633206","url":null,"abstract":"Graph Neural Networks (GNNs) have gained significant popularity as powerful deep learning methods for processing graph data. However, centralized GNNs face challenges in data-sensitive scenarios due to privacy concerns and regulatory restrictions. Federated learning (FL) has emerged as a promising technology that enables collaborative training of a shared global model while preserving privacy. While FL has been applied to train GNNs, no research focuses on the robustness of Federated GNNs against backdoor attacks. This paper bridges this research gap by investigating two types of backdoor attacks in Federated GNNs: centralized backdoor attacks (CBA) and distributed backdoor attacks (DBA). Through extensive experiments, we demonstrate that DBA exhibits a higher success rate than CBA across various scenarios. To further explore the characteristics of these backdoor attacks in Federated GNNs, we evaluate their performance under different scenarios, including varying numbers of clients, trigger sizes, poisoning intensities, and trigger densities. Additionally, we explore the resilience of DBA and CBA against two defense mechanisms. Our findings reveal that both defenses can not eliminate DBA and CBA without affecting the original task. This highlights the necessity of developing tailored defenses to mitigate the novel threat of backdoor attacks in Federated GNNs.","PeriodicalId":202552,"journal":{"name":"Digital Threats: Research and Practice","volume":"23 5","pages":""},"PeriodicalIF":0.0,"publicationDate":"2023-11-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139270573","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
IronNetInjector: Weaponizing .NET Dynamic Language Runtime Engines 使。net动态语言运行时引擎武器化
Digital Threats: Research and Practice Pub Date : 2023-10-06 DOI: 10.1145/3603506
Anthony Rose, S. Graham, Jacob Krasnov
{"title":"IronNetInjector: Weaponizing .NET Dynamic Language Runtime Engines","authors":"Anthony Rose, S. Graham, Jacob Krasnov","doi":"10.1145/3603506","DOIUrl":"https://doi.org/10.1145/3603506","url":null,"abstract":"As adversaries evolve their Tactics, Techniques, and Procedures (TTPs) to stay ahead of defenders, Microsoft’s .NET Framework emerges as a common component found in the tradecraft of many contemporary Advanced Persistent Threats (APTs), whether through PowerShell or C#. Because of .NET’s ease of use and availability on every recent Windows system, it is at the forefront of modern TTPs and is a primary means of exploitation. This article considers the .NET Dynamic Language Runtime as an attack vector, and how APTs have utilized it for offensive purposes. The technique under scrutiny is Bring Your Own Interpreter (BYOI), which is the ability of developers to embed dynamic languages into .NET using an engine. The focus of this analysis is an adversarial use case in which APT Turla utilized BYOI as an evasion technique, using an IronPython .NET Injector named IronNetInjector. This research analyzes IronNetInjector and how it was used to reflectively load .NET assemblies. It also evaluates the role of Antimalware Scan Interface (AMSI) in defending Windows. Due to AMSI being at the core of Windows malware mitigation, this article further evaluates the memory patching bypass technique by demonstrating a novel AMSI bypass method in IronPython using Platform Invoke (P/Invoke).","PeriodicalId":202552,"journal":{"name":"Digital Threats: Research and Practice","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-10-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132231616","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信