发布求助
文献互助 智能选刊 最新文献

2021 IEEE International Conference on Cyber Security and Resilience (CSR)最新文献

筛选
英文 中文
Insider Threat Detection using Deep Autoencoder and Variational Autoencoder Neural Networks 利用深度自编码器和变分自编码器神经网络进行内部威胁检测
2021 IEEE International Conference on Cyber Security and Resilience (CSR) Pub Date : 2021-07-26 DOI: 10.1109/CSR51186.2021.9527925
Efthimios Pantelidis, G. Bendiab, S. Shiaeles, N. Kolokotronis
{"title":"Insider Threat Detection using Deep Autoencoder and Variational Autoencoder Neural Networks","authors":"Efthimios Pantelidis, G. Bendiab, S. Shiaeles, N. Kolokotronis","doi":"10.1109/CSR51186.2021.9527925","DOIUrl":"https://doi.org/10.1109/CSR51186.2021.9527925","url":null,"abstract":"Internal attacks are one of the biggest cybersecurity issues to companies and businesses. Despite the implemented perimeter security systems, the risk of adversely affecting the security and privacy of the organization’s information remains very high. Actually, the detection of such a threat is known to be a very complicated problem, presenting many challenges to the research community. In this paper, we investigate the effectiveness and usefulness of using Autoencoder and Variational Autoencoder deep learning algorithms to automatically defend against insider threats, without human intervention. The performance evaluation of the proposed models is done on the public CERT dataset (CERT r4.2) that contains both benign and malicious activities generated from 1000 simulated users. The comparison results with other models show that the Variational Autoencoder neural network provides the best overall performance with a higher detection accuracy and a reasonable false positive rate.","PeriodicalId":253300,"journal":{"name":"2021 IEEE International Conference on Cyber Security and Resilience (CSR)","volume":"27 4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-07-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132374816","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Rapid Ransomware Detection through Side Channel Exploitation 利用侧信道快速检测勒索软件
2021 IEEE International Conference on Cyber Security and Resilience (CSR) Pub Date : 2021-07-26 DOI: 10.1109/CSR51186.2021.9527943
Michael A. Taylor, Eric C. Larson, Mitchell A. Thornton
{"title":"Rapid Ransomware Detection through Side Channel Exploitation","authors":"Michael A. Taylor, Eric C. Larson, Mitchell A. Thornton","doi":"10.1109/CSR51186.2021.9527943","DOIUrl":"https://doi.org/10.1109/CSR51186.2021.9527943","url":null,"abstract":"A new method for the detection of ransomware in an infected host is described and evaluated. The method utilizes data streams from on-board sensors to fingerprint the initiation of a ransomware infection. These sensor streams, which are common in modern computing systems, are used as a side channel for understanding the state of the system. It is shown that ransomware detection can be achieved in a rapid manner and that the use of slight, yet distinguishable changes in the physical state of a system as derived from a machine learning predictive model is an effective technique. A feature vector, consisting of various sensor outputs, is coupled with a detection criteria to predict the binary state of ransomware present versus normal operation. An advantage of this approach is that previously unknown or zero-day version s of ransomware are vulnerable to this detection method since no apriori knowledge of the malware characteristics are required. Experiments are carried out with a variety of different system loads and with different encryption methods used during a ransomware attack. Two test systems were utilized with one having a relatively low amount of available sensor data and the other having a relatively high amount of available sensor data. The average time for attack detection in the \"sensor-rich\" system was 7.79 seconds with an average Matthews correlation coefficient of 0.8905 for binary system state predictions regardless of encryption method and system load. The model flagged all attacks tested.","PeriodicalId":253300,"journal":{"name":"2021 IEEE International Conference on Cyber Security and Resilience (CSR)","volume":"10 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-07-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133188781","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Detecting Attacks on IoT Devices using Featureless 1D-CNN 使用无特征1D-CNN检测对物联网设备的攻击
2021 IEEE International Conference on Cyber Security and Resilience (CSR) Pub Date : 2021-07-26 DOI: 10.1109/CSR51186.2021.9527910
Arshiya Khan, Chase Cotton
{"title":"Detecting Attacks on IoT Devices using Featureless 1D-CNN","authors":"Arshiya Khan, Chase Cotton","doi":"10.1109/CSR51186.2021.9527910","DOIUrl":"https://doi.org/10.1109/CSR51186.2021.9527910","url":null,"abstract":"The generalization of deep learning has helped us, in the past, address challenges such as malware identification and anomaly detection in the network security domain. However, as effective as it is, scarcity of memory and processing power makes it difficult to perform these tasks in Internet of Things (IoT) devices. This research finds an easy way out of this bottleneck by depreciating the need for feature engineering and subsequent processing in machine learning techniques. In this study, we introduce a Featureless machine learning process to perform anomaly detection. It uses unprocessed byte streams of packets as training data. Featureless machine learning enables a low cost and low memory time-series analysis of network traffic. It benefits from eliminating the significant investment in subject matter experts and the time required for feature engineering.","PeriodicalId":253300,"journal":{"name":"2021 IEEE International Conference on Cyber Security and Resilience (CSR)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-07-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125750528","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
Frankenstack: Real-time Cyberattack Detection and Feedback System for Technical Cyber Exercises 科学怪人:用于网络技术演习的实时网络攻击检测和反馈系统
2021 IEEE International Conference on Cyber Security and Resilience (CSR) Pub Date : 2021-07-26 DOI: 10.1109/CSR51186.2021.9527923
Mauno Pihelgas, Markus Kont
{"title":"Frankenstack: Real-time Cyberattack Detection and Feedback System for Technical Cyber Exercises","authors":"Mauno Pihelgas, Markus Kont","doi":"10.1109/CSR51186.2021.9527923","DOIUrl":"https://doi.org/10.1109/CSR51186.2021.9527923","url":null,"abstract":"This paper describes a situation awareness framework, Frankenstack, that is the result of a multi-faceted endeavor to enhance the expertise of cybersecurity specialists by providing them with real-time feedback during cybersecurity exercises and verifying the performance and applicability of monitoring tools during those exercises. Frankenstack has been recently redeveloped to improve data collection and processing functions as well as cyberattack detection capability. This extensive R&D effort has combined various system and network security monitoring tools into a single cyberattack detection and exercise feedback framework.Although Frankenstack was specifically developed for the NATO CCD COE’s Crossed Swords exercise, the architecture provides a clear point of reference for others who are building such monitoring frameworks. Thus, the paper contains many technical descriptions to reduce the gap between theoretical research and practitioners seeking advice on how to implement such complex systems.","PeriodicalId":253300,"journal":{"name":"2021 IEEE International Conference on Cyber Security and Resilience (CSR)","volume":"126 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-07-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124212236","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Open Source and Commercial Capture The Flag Cyber Security Learning Platforms - A Case Study 开源和商业捕获标志网络安全学习平台-案例研究
2021 IEEE International Conference on Cyber Security and Resilience (CSR) Pub Date : 2021-07-26 DOI: 10.1109/CSR51186.2021.9527941
Matt Swann, Joseph R. Rose, G. Bendiab, S. Shiaeles, Fudong Li
{"title":"Open Source and Commercial Capture The Flag Cyber Security Learning Platforms - A Case Study","authors":"Matt Swann, Joseph R. Rose, G. Bendiab, S. Shiaeles, Fudong Li","doi":"10.1109/CSR51186.2021.9527941","DOIUrl":"https://doi.org/10.1109/CSR51186.2021.9527941","url":null,"abstract":"The use of gamified learning platforms as a method of introducing cyber security education, training and awareness has risen greatly. With this rise, the availability of platforms to create, host or otherwise provide the challenges that make up the foundation of this education has also increased. In order to identify the best of these platforms, we need a method to compare their feature sets. In this paper, we compare related work on identifying the best platforms for a gamified cyber security learning platform as well as contemporary literature that describes the most needed feature sets for an ideal platform. We then use this to develop a metric for comparing these platforms, before then applying this metric to popular current platforms.","PeriodicalId":253300,"journal":{"name":"2021 IEEE International Conference on Cyber Security and Resilience (CSR)","volume":"31 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-07-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130258801","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
Towards Automated Matching of Cyber Threat Intelligence Reports based on Cluster Analysis in an Internet-of-Vehicles Environment 车联网环境下基于聚类分析的网络威胁情报报告自动匹配研究
2021 IEEE International Conference on Cyber Security and Resilience (CSR) Pub Date : 2021-07-26 DOI: 10.1109/CSR51186.2021.9527983
G. Raptis, C. Katsini, C. Alexakos
{"title":"Towards Automated Matching of Cyber Threat Intelligence Reports based on Cluster Analysis in an Internet-of-Vehicles Environment","authors":"G. Raptis, C. Katsini, C. Alexakos","doi":"10.1109/CSR51186.2021.9527983","DOIUrl":"https://doi.org/10.1109/CSR51186.2021.9527983","url":null,"abstract":"Connected and automated vehicles are a transformative technology that is getting closer to maturity and offers many benefits to the Internet-of-Vehicles ecosystem. Considering their multi-diverse nature and the vast amount of data they collect, process, and exchange, they attract varying malicious activities that jeopardize security and safety aspects. Therefore, the successful confrontation of such activities is crucial. When detecting such activities, information about the incoming threat is collected and analyzed during and after the incident. Organizations and security experts use cyber threat intelligence to organize such information. Considering that threats can be related to each other, it is important to provide the security experts with tools that would help them identify and attribute the threats. Towards this direction, in this paper, we present a tool that automatically matches cyber threat intelligence reports based on cluster analysis. Through this tool, the security experts can correlate an incoming attack with previously reported ones and follow similar methods to analyze it, aiming to speed up the attack attribution process.","PeriodicalId":253300,"journal":{"name":"2021 IEEE International Conference on Cyber Security and Resilience (CSR)","volume":"49 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-07-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128876835","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
Named Entity Recognition in Cyber Threat Intelligence Using Transformer-based Models 基于变压器模型的网络威胁情报命名实体识别
2021 IEEE International Conference on Cyber Security and Resilience (CSR) Pub Date : 2021-07-26 DOI: 10.1109/CSR51186.2021.9527981
Pavlos Evangelatos, Christos Iliou, T. Mavropoulos, Konstantinos Apostolou, T. Tsikrika, S. Vrochidis, Y. Kompatsiaris
{"title":"Named Entity Recognition in Cyber Threat Intelligence Using Transformer-based Models","authors":"Pavlos Evangelatos, Christos Iliou, T. Mavropoulos, Konstantinos Apostolou, T. Tsikrika, S. Vrochidis, Y. Kompatsiaris","doi":"10.1109/CSR51186.2021.9527981","DOIUrl":"https://doi.org/10.1109/CSR51186.2021.9527981","url":null,"abstract":"The continuous increase in sophistication of threat actors over the years has made the use of actionable threat intelligence a critical part of the defence against them. Such Cyber Threat Intelligence is published daily on several online sources, including vulnerability databases, CERT feeds, and social media, as well as on forums and web pages from the Surface and the Dark Web. Named Entity Recognition (NER) techniques can be used to extract the aforementioned information in an actionable form from such sources. In this paper we investigate how the latest advances in the NER domain, and in particular transformer-based models, can facilitate this process. To this end, the dataset for NER in Threat Intelligence (DNRTI) containing more than 300 pieces of threat intelligence reports from open source threat intelligence websites is used. Our experimental results demonstrate that transformer-based techniques are very effective in extracting cybersecurity-related named entities, by considerably outperforming the previous state- of-the-art approaches tested with DNRTI.","PeriodicalId":253300,"journal":{"name":"2021 IEEE International Conference on Cyber Security and Resilience (CSR)","volume":"12 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-07-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115607907","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
Semi-Automatic Bug Generation Using Test Case Negation 使用测试用例否定的半自动Bug生成
2021 IEEE International Conference on Cyber Security and Resilience (CSR) Pub Date : 2021-07-26 DOI: 10.1109/CSR51186.2021.9527992
Tyler Westland, Nan Niu, R. Jha, David Kapp, T. Kebede
{"title":"Semi-Automatic Bug Generation Using Test Case Negation","authors":"Tyler Westland, Nan Niu, R. Jha, David Kapp, T. Kebede","doi":"10.1109/CSR51186.2021.9527992","DOIUrl":"https://doi.org/10.1109/CSR51186.2021.9527992","url":null,"abstract":"This paper considers the threat of a rogue developer introducing a bug in third party software. The threat model is explored by flipping a patch generation system to generate bugs, instead of removing them. The intended effects of the bugs are described with negated test cases, which are automatically chosen through clustering. The system is then applied to seven programs, with a bug being generated in three that would be undetectable by conventional anti-virus software. Identifying potential attack surfaces is key to expanding cyber security research. This work concludes that a concise and non-redundant program is resistant to a patch generation system using line insertion, replacement, or deletion. Further research is proposed to investigate patch generation systems using different transformation operations as well as other test negation methods.","PeriodicalId":253300,"journal":{"name":"2021 IEEE International Conference on Cyber Security and Resilience (CSR)","volume":"115 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-07-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132603141","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Increasing resilience of power systems using intentional islanding; a comparison of Binary genetic algorithm and deep learning based method 利用有意孤岛提高电力系统的恢复能力;二值遗传算法与基于深度学习方法的比较
2021 IEEE International Conference on Cyber Security and Resilience (CSR) Pub Date : 2021-07-26 DOI: 10.1109/CSR51186.2021.9527918
Pol Paradell, Yannis Spyridis, Alba Colet, A. Ivanova, J. Domínguez-García, Achilleas Sesis, G. Efstathopoulos
{"title":"Increasing resilience of power systems using intentional islanding; a comparison of Binary genetic algorithm and deep learning based method","authors":"Pol Paradell, Yannis Spyridis, Alba Colet, A. Ivanova, J. Domínguez-García, Achilleas Sesis, G. Efstathopoulos","doi":"10.1109/CSR51186.2021.9527918","DOIUrl":"https://doi.org/10.1109/CSR51186.2021.9527918","url":null,"abstract":"Several algorithms combining qualitative and quantitative components are currently used for splitting a large interconnected power grid into islands as a measure to provide the best reconfiguration option when a fault appears. The aim of this article is to compare the clustering results of a binary genetic algorithm and a deep learning based method in order to identify the differences and to find in which cases it is rather better applicable each of the techniques.","PeriodicalId":253300,"journal":{"name":"2021 IEEE International Conference on Cyber Security and Resilience (CSR)","volume":"14 5","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-07-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114023799","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Real-time, Simulation-based Identification of Cyber-Security Attacks of Industrial Plants 基于仿真的工业厂房网络安全攻击实时识别
2021 IEEE International Conference on Cyber Security and Resilience (CSR) Pub Date : 2021-07-26 DOI: 10.1109/CSR51186.2021.9527938
A. Patel, T. Schenk, S. Knorn, H. Patzlaff, D. Obradovic, Andrés Botero Halblaub
{"title":"Real-time, Simulation-based Identification of Cyber-Security Attacks of Industrial Plants","authors":"A. Patel, T. Schenk, S. Knorn, H. Patzlaff, D. Obradovic, Andrés Botero Halblaub","doi":"10.1109/CSR51186.2021.9527938","DOIUrl":"https://doi.org/10.1109/CSR51186.2021.9527938","url":null,"abstract":"This paper considers the problem of cyber attacks onto industrial plants and proposes to use a digital twin to detect and localize such attacks. The digital twin consists of a representation of the nominal plant behavior, i.e., not under attack, for which differential-algebraic equation systems or discrete state models may be used. By simulating the nominal behavior of the system online, i.e., in parallel to the process, and continuously comparing the simulated behavior to the measured values allows to detect attacks. Their localization is facilitated through a root-cause analysis, which is also based on the model description of the plant. The concept has been implemented and tested on a small scale industrial prototype.","PeriodicalId":253300,"journal":{"name":"2021 IEEE International Conference on Cyber Security and Resilience (CSR)","volume":"78 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-07-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121509885","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信