Book Chapter10.1007/978-3-319-98385-1_15
An Enhanced Cyber Attack Attribution Framework
Nikolaos Pitropakis,Emmanouil Panaousis,Alkiviadis Giannakoulias,George Kalpakis,Rodrigo Diaz Rodriguez,Panayiotis Sarigiannidis +5 more
- 05 Sep 2018
- pp 213-228
27
TL;DR: The Enhanced Cyber Attack Attribution (NEON) Framework is proposed, which performs attribution of malicious parties behind APT campaigns and is designed to increase societal resiliency to APTs.
read more
Abstract: Advanced Persistent Threats (APTs) are considered as the threats that are the most challenging to detect and defend against. As APTs use sophisticated attack methods, cyber situational awareness and especially cyber attack attribution are necessary for the preservation of security of cyber infrastructures. Recent challenges faced by organizations in the light of APT proliferation are related to the: collection of APT knowledge; monitoring of APT activities; detection and classification of APTs; and correlation of all these to result in the attribution of the malicious parties that orchestrated an attack. We propose the Enhanced Cyber Attack Attribution (NEON) Framework, which performs attribution of malicious parties behind APT campaigns. NEON is designed to increase societal resiliency to APTs. NEON combines the following functionalities: (i) data collection from APT campaigns; (ii) collection of publicly available data from social media; (iii) honeypots and virtual personas; (iv) network and system behavioural monitoring; (v) incident detection and classification; (vi) network forensics; (vii) dynamic response based on game theory; and (viii) adversarial machine learning; all designed with privacy considerations in mind.
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
Citations
Secure Intelligent Fuzzy Blockchain Framework: Effective Threat Detection in IoT Networks
TL;DR: In this article , the authors proposed a secure, intelligent fuzzy blockchain framework that utilizes a novel fuzzy DL model, optimized adaptive neuro-fuzzy inference system (ANFIS)-based attack detection, fuzzy matching (FM), and fuzzy control system (FCS) for detection of network attacks.
137
Towards a Machine Learning Based Situational Awareness Framework for Cybersecurity: An SDN Implementation.
Yannis Nikoloudakis,Ioannis Kefaloukos,Stylianos Klados,Spyros Panagiotakis,Evangelos Pallis,Charalabos Skianis,Evangelos K. Markakis +6 more
TL;DR: In this article, a machine learning-based situational awareness framework that detects existing and newly introduced network-enabled entities, utilizing the real-time awareness feature provided by the SDN paradigm, assesses them against known vulnerabilities, and assigns them to a connectivity-appropriate network slice.
34
A Comparative Analysis of Honeypots on Different Cloud Platforms.
TL;DR: In this paper, the authors deploy multiple honeypots on the popular cloud providers, namely Amazon Web Services (AWS), Google Cloud Platform (GCP) and Microsoft Azure, and operate them in multiple regions.
27
Testing And Hardening IoT Devices Against the Mirai Botnet
Christopher Kelly,Nikolaos Pitropakis,Sean McKeown,Costas Lambrinoudakis +3 more
- 15 Jun 2020
TL;DR: By analysing the Mirai libraries and its attack vectors, this work was able to determine appropriate device configuration countermeasures to harden the devices against this botnet, which were successfully validated through experimentation.
25
Towards Attribution in Mobile Markets: Identifying Developer Account Polymorphism
Silvia Gomez Sebastian,Juan Caballero +1 more
- 30 Oct 2020
TL;DR: This work presents a novel approach for identifying developer accounts, and other indicators of compromise (IOCs) in mobile markets, that belong to the same operation, i.e., to the the same owners.
24
References
Stuxnet: Dissecting a Cyberwarfare Weapon
R Langner
- 01 May 2011
TL;DR: Last year marked a turning point in the history of cybersecurity-the arrival of the first cyber warfare weapon ever, known as Stuxnet, which followed a completely new approach that's no longer aligned with confidentiality, integrity, and availability thinking.
1.9K
Learning in the presence of concept drift and hidden contexts
Gerhard Widmer,Miroslav Kubat +1 more
TL;DR: A family of learning algorithms that flexibly react to concept drift and can take advantage of situations where contexts reappear are described, including a heuristic that constantly monitors the system's behavior.
Adversarial machine learning
Ling Huang,Anthony D. Joseph,Blaine Nelson,Benjamin I. P. Rubinstein,J. D. Tygar +4 more
- 21 Oct 2011
TL;DR: In this article, the authors discuss an emerging field of study: adversarial machine learning (AML), the study of effective machine learning techniques against an adversarial opponent, and give a taxonomy for classifying attacks against online machine learning algorithms.
Adversarial Machine Learning
TL;DR: The author briefly introduces the emerging field of adversarial machine learning, in which opponents can cause traditional machine learning algorithms to behave poorly in security applications.
Self-labeled techniques for semi-supervised learning: taxonomy, software and empirical study
TL;DR: This paper provides a survey of self-labeled methods for semi-supervised classification and proposes a taxonomy based on the main characteristics presented in them, aiming to measure their performance in terms of transductive and inductive classification capabilities.
Related Papers (5)
Martin Ussath,David Jaeger,Feng Cheng,Christoph Meinel +3 more
- 16 Mar 2016
Kumar Sanjeev,B. Janet,R. Eswari +2 more
- 01 Jan 2020
Ekta Gandotra,Divya Bansal,Sanjeev Sofat +2 more
- 01 Jan 2015