发布求助
文献互助 智能选刊 最新文献

2018 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA)最新文献

筛选
英文 中文
A Taxonomy of Malicious Traffic for Intrusion Detection Systems 入侵检测系统中的恶意流量分类
2018 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA) Pub Date : 2018-06-01 DOI: 10.1109/CyberSA.2018.8551386
Hanan Hindy, Elike Hodo, Ethan Bayne, A. Seeam, Robert C. Atkinson, X. Bellekens
{"title":"A Taxonomy of Malicious Traffic for Intrusion Detection Systems","authors":"Hanan Hindy, Elike Hodo, Ethan Bayne, A. Seeam, Robert C. Atkinson, X. Bellekens","doi":"10.1109/CyberSA.2018.8551386","DOIUrl":"https://doi.org/10.1109/CyberSA.2018.8551386","url":null,"abstract":"With the increasing number of network threats it is essential to have a knowledge of existing and new network threats in order to design better intrusion detection systems. In this paper we propose a taxonomy for classifying network attacks in a consistent way, allowing security researchers to focus their efforts on creating accurate intrusion detection systems and targeted datasets.","PeriodicalId":352813,"journal":{"name":"2018 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA)","volume":"44 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124845687","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 13
Cyber security: Influence of patching vulnerabilities on the decision-making of hackers and analysts 网络安全:修补漏洞对黑客和分析师决策的影响
2018 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA) Pub Date : 2018-06-01 DOI: 10.1109/CyberSA.2018.8551421
Zahid Maqbool, V. Pammi, V. Dutt
{"title":"Cyber security: Influence of patching vulnerabilities on the decision-making of hackers and analysts","authors":"Zahid Maqbool, V. Pammi, V. Dutt","doi":"10.1109/CyberSA.2018.8551421","DOIUrl":"https://doi.org/10.1109/CyberSA.2018.8551421","url":null,"abstract":"Patching of vulnerabilities on computer systems by analysts enables us to protect these systems from cyber-attacks. However, even after patching, the computer systems may still be vulnerable to cyber-attacks as the patching process may not be foolproof. Currently, little is known about how hacker’s attack actions would be influenced by the varying effectiveness of the patching process. The primary objective of this study was to investigate the influence of the patching process on the attack-and-defend decisions of hackers and analysts. In this study, we used a 2-player zero-sum stochastic Markov security game in a lab-based experiment involving participants performing as hackers and analysts. In the experiment, participants were randomly assigned to two between-subjects patching conditions: effective (N = 50) and less-effective (N = 50). In effective patching, the probability of the network to be in a non-vulnerable state was 90% after patching by the analyst; whereas, in less-effective patching, the probability of the network to be in the non-vulnerable state was 50% after patching by the analyst. Results revealed that the proportion of attack and defend actions were similar between effective and less-effective conditions. Furthermore, although the proportion of defend actions were similar between vulnerable and non-vulnerable states, the proportion of attack actions were smaller in the non-vulnerable state compared to the vulnerable state. A majority of time, both players deviated significantly from their Nash equilibria in different conditions and states. We highlight the implications of our results for patching and attack actions in computer networks.","PeriodicalId":352813,"journal":{"name":"2018 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA)","volume":"41 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116463209","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
CyberSA 2018 Invited Keynotes CyberSA 2018邀请主题演讲
2018 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA) Pub Date : 2018-06-01 DOI: 10.1109/cybersa.2018.8551451
{"title":"CyberSA 2018 Invited Keynotes","authors":"","doi":"10.1109/cybersa.2018.8551451","DOIUrl":"https://doi.org/10.1109/cybersa.2018.8551451","url":null,"abstract":"","PeriodicalId":352813,"journal":{"name":"2018 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA)","volume":"116 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124592663","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Towards Integrating Insurance Data into Information Security Investment Decision Making 将保险数据整合到信息安全投资决策中
2018 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA) Pub Date : 2018-06-01 DOI: 10.1109/CyberSA.2018.8551375
Daniel W. Woods, A. Simpson
{"title":"Towards Integrating Insurance Data into Information Security Investment Decision Making","authors":"Daniel W. Woods, A. Simpson","doi":"10.1109/CyberSA.2018.8551375","DOIUrl":"https://doi.org/10.1109/CyberSA.2018.8551375","url":null,"abstract":"Making security investment decisions involves giving consideration to a variety of risks. However, there is little robust empirical evidence that can be used to support this process. This paper builds a road-map for incorporating cyber insurance data into existing security investment models. We propose an approach for using this data as an input for one investment model and introduce three distinct methods for evaluating the effectiveness of a new investment. We then describe a road-map for improving the insurance data collection process that aims to improve data utility for researchers. This approach could benefit those trying to justify an investment at all levels by providing evidence for the return on security.","PeriodicalId":352813,"journal":{"name":"2018 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA)","volume":"350 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115983815","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Cluster analysis for deobfuscation of malware variants during ransomware attacks 在勒索软件攻击期间对恶意软件变体进行解混淆的聚类分析
2018 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA) Pub Date : 2018-06-01 DOI: 10.1109/CyberSA.2018.8551432
A. Arrott, Arun Lakhotia, F. Leitold, Charles LeDoux
{"title":"Cluster analysis for deobfuscation of malware variants during ransomware attacks","authors":"A. Arrott, Arun Lakhotia, F. Leitold, Charles LeDoux","doi":"10.1109/CyberSA.2018.8551432","DOIUrl":"https://doi.org/10.1109/CyberSA.2018.8551432","url":null,"abstract":"Risk managers attempting to reduce cyber-security vulnerability in enterprise IT networks rely on the \"malware detection rate\" as a primary measure at each layer of protection (e.g., network firewalls, breach detection systems, secure mail-servers, endpoint security suites). However, to be directly usable in risk assessments, separate malware detection rates are required for different malware categories that are quantitatively related to specific impacts of infection. A three-tier hierarchy of malware classification is formulated to assist cyber-risk decision-making. Malware is first categorized by victim impact (e.g., adware, data exfiltration, ransomware); second by malware technique (e.g., malware families), and third by evasion and obfuscation variants within individual malware families (e.g., polymorphs, metamorphs). The three-tier hierarchy is applied to a specific vertical: ransomware (impact); ransomware family (technique); and malware binary variants within one family, WannaCry (obfuscation and evasion).","PeriodicalId":352813,"journal":{"name":"2018 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA)","volume":"67 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114643441","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
The Landscape of Industrial Control Systems (ICS) Devices on the Internet 工业控制系统(ICS)设备在互联网上的前景
2018 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA) Pub Date : 2018-06-01 DOI: 10.1109/CyberSA.2018.8551422
W. Xu, Yaodong Tao, Xin Guan
{"title":"The Landscape of Industrial Control Systems (ICS) Devices on the Internet","authors":"W. Xu, Yaodong Tao, Xin Guan","doi":"10.1109/CyberSA.2018.8551422","DOIUrl":"https://doi.org/10.1109/CyberSA.2018.8551422","url":null,"abstract":"Industrial control systems are employed in numerous critical infrastructure assets. Originally designed for closed systems, these protocols do not have built-in security. If these systems are the target of a cyberattack, it will cause serious damage to the physical world, However, there is an increasing number of ICS devices on the Internet. In order to study the number, distribution and trend of these systems, we analyzed the Censys scanning data for the five protocols of Modbus, Siemens S7, DNP3, BACnet, Tridium Fox. We find that there are still a large number of devices exposed on the Internet, distributed in more than 100 countries around the world, and the overall number of devices has been on the rise in the last two years. Separately, in the past two years, the number of Modbus and Siemens S7 protocol continued to grow rapidly, the number of DNP3 protocol devices has declined, and the number of BACnet and Tridium Fox protocol devices has basically remained unchanged. By analyzing the IP addresses of these devices, we find that some of the devices are continually exposed to the Internet, and some of the devices are temporarily exposed. We also find some Conpot honeypot records in these data.","PeriodicalId":352813,"journal":{"name":"2018 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA)","volume":"47 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114685926","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 13
When to Treat Security Risks with Cyber Insurance 何时用网络保险来处理安全风险
2018 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA) Pub Date : 2018-06-01 DOI: 10.1109/CyberSA.2018.8551456
P. H. Meland, Fredrik Seehusen
{"title":"When to Treat Security Risks with Cyber Insurance","authors":"P. H. Meland, Fredrik Seehusen","doi":"10.1109/CyberSA.2018.8551456","DOIUrl":"https://doi.org/10.1109/CyberSA.2018.8551456","url":null,"abstract":"Transferring security risk to a third party through cyber insurance is an unfamiliar playing field for a lot of organisations, and therefore many hesitate to make such investments. Indeed, there is a general need for affordable and practical ways of performing risk quantification when determining risk treatment options. To address this concern, we propose a lightweight, data-driven approach for organisations to evaluate their own need for cyber insurance. A generic risk model, populated with available industry averages, is used as a starting point. Individual organisations can instantiate this model to obtain a risk profile for themselves related to relevant cyber threats. The risk profile is then used together with a cyber insurance profile to estimate the benefit and as a basis for comparing offers from different insurance providers.","PeriodicalId":352813,"journal":{"name":"2018 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA)","volume":"2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121693651","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
Cyber Risk Economics Capability Gaps Research Strategy 网络风险经济学能力差距研究策略
2018 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA) Pub Date : 2018-06-01 DOI: 10.1109/CyberSA.2018.8551399
Erin E. Kenneally, L. Randazzese, D. Balenson
{"title":"Cyber Risk Economics Capability Gaps Research Strategy","authors":"Erin E. Kenneally, L. Randazzese, D. Balenson","doi":"10.1109/CyberSA.2018.8551399","DOIUrl":"https://doi.org/10.1109/CyberSA.2018.8551399","url":null,"abstract":"This paper calls attention to a forthcoming publication produced by the Cyber Risk Economics Program within the U.S. Department of Homeland Security. It presents an overarching strategy for cyber security risk economics applied research and advanced development intended to address some of the most pressing capability gaps in government and industry.","PeriodicalId":352813,"journal":{"name":"2018 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA)","volume":"135 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127374302","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
Towards Situational Awareness of Botnet Activity in the Internet of Things 物联网中僵尸网络活动的态势感知研究
2018 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA) Pub Date : 2018-06-01 DOI: 10.1109/CyberSA.2018.8551408
Christopher D. McDermott, Andrei V. Petrovski, Farzan Majdani
{"title":"Towards Situational Awareness of Botnet Activity in the Internet of Things","authors":"Christopher D. McDermott, Andrei V. Petrovski, Farzan Majdani","doi":"10.1109/CyberSA.2018.8551408","DOIUrl":"https://doi.org/10.1109/CyberSA.2018.8551408","url":null,"abstract":"An IoT botnet detection model is designed to detect anomalous attack traffic utilised by the mirai botnet malware. The model uses a novel application of Deep Bidirectional Long Short Term Memory based Recurrent Neural Network (BLSTM-RNN), in conjunction with Word Embedding, to convert string data found in captured packets, into a format usable by the BLSTM-RNN. In doing so, this paper presents a solution to the problem of detecting and making consumers situationally aware when their IoT devices are infected, and forms part of a botnet. The proposed model addresses the issue of detection, and returns high accuracy and low loss metrics for four attack vectors used by the mirai botnet malware, with only one attack vector shown to be difficult to detect and predict. A labelled dataset was generated and used for all experiments, to test and validate the accuracy and data loss in the detection model. This dataset is available upon request.","PeriodicalId":352813,"journal":{"name":"2018 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA)","volume":"24 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127453372","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 10
Multilayer Perceptron Neural Network for Detection of Encrypted VPN Network Traffic 基于多层感知器神经网络的VPN加密流量检测
2018 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA) Pub Date : 2018-06-01 DOI: 10.1109/CyberSA.2018.8551395
Shane Miller, K. Curran, T. Lunney
{"title":"Multilayer Perceptron Neural Network for Detection of Encrypted VPN Network Traffic","authors":"Shane Miller, K. Curran, T. Lunney","doi":"10.1109/CyberSA.2018.8551395","DOIUrl":"https://doi.org/10.1109/CyberSA.2018.8551395","url":null,"abstract":"There has been a growth in popularity of privacy in the personal computing space and this has influenced the IT industry. There is more demand for websites to use more secure and privacy focused technologies such as HTTPS and TLS. This has had a knock-on effect of increasing the popularity of Virtual Private Networks (VPNs). There are now more VPN offerings than ever before and some are exceptionally simple to setup. Unfortunately, this ease of use means that businesses will have a need to be able to classify whether an incoming connection to their network is from an original IP address or if it is being proxied through a VPN. A method to classify an incoming connection is to make use of machine learning to learn the general patterns of VPN and non-VPN traffic in order to build a model capable of distinguishing between the two in real time. This paper outlines a framework built on a multilayer perceptron neural network model capable of achieving this goal.","PeriodicalId":352813,"journal":{"name":"2018 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA)","volume":"113 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116017579","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 26
下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信