Sheng Xu,Yongxiang Xia,Hui-Liang Shen

DOI: https://doi.org/10.1109/jsyst.2022.3150576

IF: 4.802

2022-01-01

IEEE Systems Journal

Abstract:In this article, we study how to resist malware attacks in cyber-physical power systems (CPPSs) through cyber protection. A model that incorporates the power flow analysis, the cyber monitoring and control, and the factor of cyber protection is proposed to simulate malware attacks in CPPSs. Meanwhile, an evaluation method is also developed to estimate the effectiveness of different cyber protection strategies. Through simulations, we conduct case studies in a test CPPS generated by coupling the IEEE 118 Bus System with a scale-free communication network. The protection effects of three heuristic cyber protection strategies, namely, target protection, random protection, and acquaintance protection are compared and analyzed. Simulation results reveal that compared with the other two strategies, target protection can suppress malware propagation and resist malware attacks more effectively. Moreover, we also investigate the optimal cyber protection problem in CPPSs and formulate it as a zero-one integer programming problem. We solve the problem by genetic algorithm and find that some low-degree cyber nodes also play a significant role in resisting malware attacks in CPPSs, especially when the protection budget is tight.

Zijian Fang,Peng Zhao,Maochao Xu,Shouhuai Xu,Taizhong Hu,Xing Fang

DOI: https://doi.org/10.1080/02664763.2020.1845621

IF: 1.416

2020-01-01

Journal of Applied Statistics

Abstract:Modeling cyber threats, such as the computer malicious software (malware) propagation dynamics in cyberspace, is an important research problem because models can deepen our understanding of dynamical cyber threats. In this paper, we study the statistical modeling of the macro-level evolution of dynamical cyber attacks. Specifically, we propose a Bayesian structural time series approach for modeling the computer malware propagation dynamics in cyberspace. Our model not only possesses the parsimony property (i.e. using few model parameters) but also can provide the predictive distribution of the dynamics by accommodating uncertainty. Our simulation study shows that the proposed model can fit and predict the computer malware propagation dynamics accurately, without requiring to know the information about the underlying attack-defense interaction mechanism and the underlying network topology. We use the model to study the propagation of two particular kinds of computer malware, namely the Conficker and Code Red worms, and show that our model has very satisfactory fitting and prediction accuracies.

Bao Gia Doan,Dang Quang Nguyen,Paul Montague,Tamas Abraham,Olivier De Vel,Seyit Camtepe,Salil S. Kanhere,Ehsan Abbasnejad,Damith C. Ranasinghe

2024-03-27

Abstract:The vulnerability of machine learning-based malware detectors to adversarial attacks has prompted the need for robust solutions. Adversarial training is an effective method but is computationally expensive to scale up to large datasets and comes at the cost of sacrificing model performance for robustness. We hypothesize that adversarial malware exploits the low-confidence regions of models and can be identified using epistemic uncertainty of ML approaches -- epistemic uncertainty in a machine learning-based malware detector is a result of a lack of similar training samples in regions of the problem space. In particular, a Bayesian formulation can capture the model parameters' distribution and quantify epistemic uncertainty without sacrificing model performance. To verify our hypothesis, we consider Bayesian learning approaches with a mutual information-based formulation to quantify uncertainty and detect adversarial malware in Android, Windows domains and PDF malware. We found, quantifying uncertainty through Bayesian learning methods can defend against adversarial malware. In particular, Bayesian models: (1) are generally capable of identifying adversarial malware in both feature and problem space, (2) can detect concept drift by measuring uncertainty, and (3) with a diversity-promoting approach (or better posterior approximations) lead to parameter instances from the posterior to significantly enhance a detectors' ability.

Cryptography and Security

Jiali Wang,Martin Neil

DOI: https://doi.org/10.48550/arXiv.2106.00471

2021-06-01

Abstract:Cybersecurity risk analysis plays an essential role in supporting organizations make effective decision about how to manage and control cybersecurity risk. Cybersecurity risk is a function of the interplay between the defender, i.e., the organisation, and the attacker: decisions and actions made by the defender second guess the decisions and actions taken by the attacker and vice versa. Insight into this game between these two agents provides a means for the defender to identify and make optimal decisions. To date, the adversarial risk analysis framework has provided a decision-analytical approach to solve such game problems in the presence of uncertainty and uses Monte Carlo simulation to calculate and identify optimal decisions. We propose an alternative framework to construct and solve a serial of sequential Defend-Attack models, that incorporates the adversarial risk analysis approach, but uses a new class of influence diagrams algorithm, called hybrid Bayesian network inference, to identify optimal decision strategies. Compared to Monte Carlo simulation the proposed hybrid Bayesian network inference is more versatile because it provides an automated way to compute hybrid Defend-Attack models and extends their use to involve mixtures of continuous and discrete variables, of any kind. More importantly, the hybrid Bayesian network approach is novel in that it supports dynamic decision making whereby new real-time observations can update the Defend-Attack model in practice. We also extend the Defend-Attack model to support cases involving extra variables and longer decision sequence. Examples are presented, illustrating how the proposed framework can be adjusted for more complicated scenarios, including dynamic decision making.

Computer Science and Game Theory

Malik Qasaimeh,Rand Abu Hammour,Muneer Bani Yassein,Raad S. Al‐Qassas,Juan Alfonso Lara Torralbo,David Lizcano

DOI: https://doi.org/10.1002/smr.2489

2022-08-16

Abstract:As the number of cyber‐attacks on financial institutions has increased over the past few years, an advanced system that is capable of predicting the target of an attack is essential. Such a system needs to be integrated into the existing detection systems of financial institutions as it provides them with proactive controls with which to halt an attack by predicting patterns. Advanced prediction systems also enhance the software design and security testing of new advanced cyber‐security measures by providing new testing scenarios supported by attack forecasting. This present study developed a model that forecasts future network‐based cyber‐attacks on financial institutions using a deep neural network. The dataset that was used to train and test the model consisted of some of the biggest cyber‐attacks on banking institutions over the past three years. This provided insight into new patterns that may end with a cyber‐crime. These new attacks were also evaluated to determine behavioral similarities with the nearest known attack or a combination of several existing attacks. The performance of the forecasting model was then evaluated in a real banking environment and provided a forecasting accuracy of 90.36%. As such, financial institutions can use the proposed forecasting model to improve their security testing measures.

computer science, software engineering

Konstantinos Panagiotis Grammatikakis,Ioannis Koufos,Nicholas Kolokotronis,Costas Vassilakis,Stavros Shiaeles

DOI: https://doi.org/10.48550/arXiv.2109.01610

2021-09-03

Cryptography and Security

Abstract:Banking Trojans came a long way in the past decade, and the recent case of Emotet showed their enduring relevance. The evolution of the modern computing landscape can be traced through Emotet and Zeus, both representative examples from the end of the past decade. As an example of earlier malware, Zeus only needed to employ simple anti-analysis techniques to stay undetected, while the more recent Emotet had to constantly evolve to stay a step ahead. Current host-based antimalware solutions face an increasing number of obstacles to perform their function. A multi-layer approach to network security is necessary for network-based intrusion response systems to secure modern networks of heterogeneous devices. A system based on a combination of a graphical network security model and a game theoretic model of cyber attacks was tested on a testbed with Windows machines infected with Trojans, experimental results showed that the proposed system effectively blocked Trojans network communications effectively preventing data leakage and yielding encouraging results for future work.

Yingying Huangfu,Liang Zhou,Chenming Yang

DOI: https://doi.org/10.1109/CyberC.2017.13

2017-01-01

Abstract:It is possible that an invisible adversary can damage a physical component with the cyber-attacks such as in the Stuxnet, which plays a havoc demonstration in cyber-security. In this paper, we propose a cyber-attacks analysis model based on the Bayesian network approaches. By the construction of attack graph covering all possible atomic attacking paths, we utilize the Bayesian reasoning to deduce the success likelihood for all attacking paths and then make tracing to the most probable attack path with the Junction Tree algorithm to compute the posterior probability of a specific exploit relative to prior knowledge on attackers. Especially, vulnerability exploit possibility is quantified by weighing the environmental factors and the non-environmental factors based on cyber-attack features.

Ahmed Alghamdi

DOI: https://doi.org/10.52783/cana.v31.1476

2024-09-02

Abstract:The growing sophistication of malware in exisiting environment poses tough demands on its detection methods of another kind. This paper introduces a framework for cyber security improvement, a means to solve strongly the probability issue of how to determine the behavior algorithmically in your system. This research is applied to malware detection systems based on methods (Support Vector Machines, Random Forest) and Neural Networks that are robust against deception. Statistical analysis of security threats and a review of current methods used for malware detection are given at its outset. The proposed framework, with its statistical framework analysis, looks for patterns and anomalies that indicate malice. It then integrates cryptographic techniques onto data transmission, computation processes; that the core of our system remains untouched by potential disturbances. The concept is further elaborated with open-source code from the field, Machine Learning (SVM, Random Forest, Neural Networks), As if with this variety of tools we can now detect and classify types of malware that generate irregular patterns but do not necessarily resemble known signatures at all. Such a hybrid security mechanism as described here, combining the best of statistics, cryptographic security, and machine learning, gives a precision of detection beyond compare to today's systems. The experiments show large gains in both detection accuracy and response speed, demonstrating this whole-element approach's potential to better safeguard cybersecurity in all manner of fields. It may be foreseen that this proposed line of research could well become a key new tool, capable of adaptation and expansion with the needs expanding around us.

Piotr Żebrowski,Aitor Couce-Vieira,Alessandro Mancuso

DOI: https://doi.org/10.1111/risa.13900

Abstract:Critical infrastructures are increasingly reliant on information and communications technology (ICT) for more efficient operations, which, at the same time, exposes them to cyber threats. As the frequency and severity of cyberattacks are increasing, so are the costs of critical infrastructure security. Efficient allocation of resources is thus a crucial issue for cybersecurity. A common practice in managing cyber threats is to conduct a qualitative analysis of individual attack scenarios through risk matrices, prioritizing the scenarios according to their perceived urgency and addressing them in order until all the resources available for cybersecurity are spent. Apart from methodological caveats, this approach may lead to suboptimal resource allocations, given that potential synergies between different attack scenarios and among available security measures are not taken into consideration. To overcome this shortcoming, we propose a quantitative framework that features: (1) a more holistic picture of the cybersecurity landscape, represented as a Bayesian network (BN) that encompasses multiple attack scenarios and thus allows for a better appreciation of vulnerabilities; and (2) a multiobjective optimization model built on top of the said BN that explicitly represents multiple dimensions of the potential impacts of successful cyberattacks. Our framework adopts a broader perspective than the standard cost-benefit analysis and allows the formulation of more nuanced security objectives. We also propose a computationally efficient algorithm that identifies the set of Pareto-optimal portfolios of security measures that simultaneously minimize various types of expected cyberattack impacts, while satisfying budgetary and other constraints. We illustrate our framework with a case study of electric power grids.

Dennis Kiwia,Ali Dehghantanha,Kim-Kwang Raymond Choo,Jim Slaughter

DOI: https://doi.org/10.48550/arXiv.1807.10446

2018-07-27

Cryptography and Security

Abstract:Malware such as banking Trojans are popular with financially-motivated cybercriminals. Detection of banking Trojans remains a challenging task, due to the constant evolution of techniques used to obfuscate and circumvent existing detection and security solutions. Having a malware taxonomy can facilitate the design of mitigation strategies such as those based on evolutionary computational intelligence. Specifically, in this paper, we propose a cyber kill chain based taxonomy of banking Trojans features. This threat intelligence based taxonomy providing a stage-by-stage operational understanding of a cyber-attack, can be highly beneficial to security practitioners and the design of evolutionary computational intelligence on Trojans detection and mitigation strategy. The proposed taxonomy is validated by using a real-world dataset of 127 banking Trojans collected from December 2014 to January 2016 by a major UK-based financial organisation.

Xi Chen,Indranil Bose,Alvin Leung,Chenhui Guo

2009-01-01

Abstract:We assess the severity of phishing attacks in terms of their risk levels and the potential loss in market value to the firms. We analyze 1,030 phishing alerts released on a public database as well as financial data related to the targeted firms using a hybrid text and data mining method that predicts the severity of the attack with high accuracy. Our research identifies the important textual and financial variables that impact the severity of the attacks and determine that different antecedents influence risk level and potential financial loss associated with phishing attacks.

Rahul Yumlembam,Biju Issac,Seibu Mary Jacob,Longzhi Yang

DOI: https://doi.org/10.1016/j.inffus.2024.102529

2024-09-01

Abstract:Botnets are computer networks controlled by malicious actors that present significant cybersecurity challenges. They autonomously infect, propagate, and coordinate to conduct cybercrimes, necessitating robust detection methods. This research addresses the sophisticated adversarial manipulations posed by attackers, aiming to undermine machine learning-based botnet detection systems. We introduce a flow-based detection approach, leveraging machine learning and deep learning algorithms trained on the ISCX and ISOT datasets. The detection algorithms are optimized using the Genetic Algorithm and Particle Swarm Optimization to obtain a baseline detection method. The Carlini & Wagner (C&W) attack and Generative Adversarial Network (GAN) generate deceptive data with subtle perturbations, targeting each feature used for classification while preserving their semantic and syntactic relationships, which ensures that the adversarial samples retain meaningfulness and realism. An in-depth analysis of the required L2 distance from the original sample for the malware sample to misclassify is performed across various iteration checkpoints, showing different levels of misclassification at different L2 distances of the Pertrub sample from the original sample. Our work delves into the vulnerability of various models, examining the transferability of adversarial examples from a Neural Network surrogate model to Tree-based algorithms. Subsequently, models that initially misclassified the perturbed samples are retrained, enhancing their resilience and detection capabilities. In the final phase, a conformal prediction layer is integrated, significantly rejecting incorrect predictions, of 58.20 % in the ISCX dataset and 98.94 % in the ISOT dataset.

Cryptography and Security,Artificial Intelligence

Hooman Alavizadeh,Julian Jang-Jaccard,Tansu Alpcan,Seyit A. Camtepe

DOI: https://doi.org/10.48550/arXiv.2107.09258

2021-07-20

Abstract:The new generation of cyber threats leverages advanced AI-aided methods, which make them capable to launch multi-stage, dynamic, and effective attacks. Current cyber-defense systems encounter various challenges to defend against such new and emerging threats. Modeling AI-aided threats through game theory models can help the defender to select optimal strategies against the attacks and make wise decisions to mitigate the attack's impact. This paper first explores the current state-of-the-art in the new generation of threats in which AI techniques such as deep neural network is used for the attacker and discusses further challenges. We propose a Markovian dynamic game that can evaluate the efficiency of defensive methods against the AI-aided attacker under a cloud-based system in which the attacker utilizes an AI technique to launch an advanced attack by finding the shortest attack path. We use the CVSS metrics to quantify the values of this zero-sum game model for decision-making.

Computer Science and Game Theory

Roberto Casado-Vara,Marcos Severt,Antonio Díaz-Longueira,Ángel Martín del Rey,Jose Luis Calvo-Rolle

DOI: https://doi.org/10.3390/math12020250

IF: 2.4

2024-01-13

Mathematics

Abstract:With the progress and evolution of the IoT, which has resulted in a rise in both the number of devices and their applications, there is a growing number of malware attacks with higher complexity. Countering the spread of malware in IoT networks is a vital aspect of cybersecurity, where mathematical modeling has proven to be a potent tool. In this study, we suggest an approach to enhance IoT security by installing security updates on IoT nodes. The proposed method employs a physically informed neural network to estimate parameters related to malware propagation. A numerical case study is conducted to evaluate the effectiveness of the mitigation strategy, and novel metrics are presented to test its efficacy. The findings suggest that the mitigation tactic involving the selection of nodes based on network characteristics is more effective than random node selection.

mathematics

Ali Mehrban,Shirin Karimi Geransayeh

2024-02-04

Abstract:In recent years, there has been a noticeable increase in cyberattacks using ransomware. Attackers use this malicious software to break into networks and harm computer systems. This has caused significant and lasting damage to various organizations, including government, private companies, and regular users. These attacks often lead to the loss or exposure of sensitive information, disruptions in normal operations, and persistent vulnerabilities. This paper focuses on a method for recognizing and identifying ransomware in computer networks. The approach relies on using machine learning algorithms and analyzing the patterns of network traffic. By collecting and studying this traffic, and then applying machine learning models, we can accurately identify and detect ransomware. The results of implementing this method show that machine learning algorithms can effectively pinpoint ransomware based on network traffic, achieving high levels of precision and accuracy.

Cryptography and Security,Machine Learning

Alesia Chernikova,Nicolò Gozzi,Simona Boboila,Priyanka Angadi,John Loughner,Matthew Wilden,Nicola Perra,Tina Eliassi-Rad,Alina Oprea

DOI: https://doi.org/10.1007/978-3-031-17140-6_26

2022-10-09

Abstract:Self-propagating malware (SPM) has led to huge financial losses, major data breaches, and widespread service disruptions in recent years. In this paper, we explore the problem of developing cyber resilient systems capable of mitigating the spread of SPM attacks. We begin with an in-depth study of a well-known self-propagating malware, WannaCry, and present a compartmental model called SIIDR that accurately captures the behavior observed in real-world attack traces. Next, we investigate ten cyber defense techniques, including existing edge and node hardening strategies, as well as newly developed methods based on reconfiguring network communication (NodeSplit) and isolating communities. We evaluate all defense strategies in detail using six real-world communication graphs collected from a large retail network and compare their performance across a wide range of attacks and network topologies. We show that several of these defenses are able to efficiently reduce the spread of SPM attacks modeled with SIIDR. For instance, given a strong attack that infects 97% of nodes when no defense is employed, strategically securing a small number of nodes (0.08%) reduces the infection footprint in one of the networks down to 1%.

Cryptography and Security,Dynamical Systems,Spectral Theory,Applications

Sundar Krishnan

DOI: https://doi.org/10.48550/arXiv.2002.11805

2020-02-27

Abstract:Despite defensive advances in the Internet realm, Malware (malicious software) remains a Cybersecurity threat. These days, Malware can be purchased and licensed on the Internet to further customize and deploy. With hundreds of Malware variants discovered every day, organizations and users experience enormous financial losses as cybercriminals steal financial and user data. In this article surveys the human characteristics that are key to the defense chain against Malware. The article starts with the attack models/vectors that humans often fall prey to and their fallouts. Next, analysis of their root cause and suggest preventive measures that may be employed is detailed. The article concludes that while Internet user education, training, awareness can reduce the chances of Malware attacks,it cannot entirely eliminate them.

Cryptography and Security

Jack W. Stokes,De Wang,Mady Marinescu,Marc Marino,Brian Bussone

DOI: https://doi.org/10.48550/arXiv.1712.05919

2017-12-16

Cryptography and Security

Abstract:Recently researchers have proposed using deep learning-based systems for malware detection. Unfortunately, all deep learning classification systems are vulnerable to adversarial attacks. Previous work has studied adversarial attacks against static analysis-based malware classifiers which only classify the content of the unknown file without execution. However, since the majority of malware is either packed or encrypted, malware classification based on static analysis often fails to detect these types of files. To overcome this limitation, anti-malware companies typically perform dynamic analysis by emulating each file in the anti-malware engine or performing in-depth scanning in a virtual machine. These strategies allow the analysis of the malware after unpacking or decryption. In this work, we study different strategies of crafting adversarial samples for dynamic analysis. These strategies operate on sparse, binary inputs in contrast to continuous inputs such as pixels in images. We then study the effects of two, previously proposed defensive mechanisms against crafted adversarial samples including the distillation and ensemble defenses. We also propose and evaluate the weight decay defense. Experiments show that with these three defensive strategies, the number of successfully crafted adversarial samples is reduced compared to a standard baseline system without any defenses. In particular, the ensemble defense is the most resilient to adversarial attacks. Importantly, none of the defenses significantly reduce the classification accuracy for detecting malware. Finally, we demonstrate that while adding additional hidden layers to neural models does not significantly improve the malware classification accuracy, it does significantly increase the classifier's robustness to adversarial attacks.

Stefano M. Nicoletti,Milan Lopuhaä-Zwakenberg,Mariëlle Stoelinga,Fabio Massacci,Carlos E. Budde

2024-10-19

Abstract:The landscape of cyber threats grows more complex by the day. Advanced Persistent Threats carry out systematic attack campaigns against which cybersecurity practitioners must defend. Examples of such organized attacks are operations Dream Job, Wocao, WannaCry or the SolarWinds Compromise. To evaluate which risks are most threatening, and which campaigns to prioritize against when defending, cybersecurity experts must be equipped with the right toolbox. In particular, they must be able to (a) obtain likelihood values for each attack campaign recorded in the wild and (b) reliably and transparently operationalize these values to carry out quantitative comparisons among campaigns. This will allow security experts to perform quantitatively-informed decision making that is transparent and accountable. In this paper we construct such a framework by: (1) quantifying the likelihood of attack campaigns via data-driven procedures on the MITRE knowledge base and (2) introducing a methodology for automatic modelling of MITRE intelligence data: this is complete in the sense that it captures any attack campaign via template attack tree models. (3) We further propose a computational framework to carry out this comparisons based on the cATM formal logic, and implement this into an open-source Python tool. Finally, we validate our approach by quantifying the likelihood of all MITRE campaigns, and comparing the likelihood of the Wocao and Dream Job MITRE campaigns -- generated with our proposed approach -- against "ad hoc" traditionally-built attack tree models, demonstrating how our methodology is substantially lighter in modelling effort, and still capable of capturing all the quantitative relevant data.

Cryptography and Security,Logic in Computer Science

Tam N. Nguyen

DOI: https://doi.org/10.48550/arXiv.1705.00564

2017-05-01

Cryptography and Security

Abstract:Machine learning is gaining popularity in the network security domain as many more network-enabled devices get connected, as malicious activities become stealthier, and as new technologies like Software Defined Networking emerge. Compromising machine learning model is a desirable goal. In fact, spammers have been quite successful getting through machine learning enabled spam filters for years. While previous works have been done on adversarial machine learning, none has been considered within a defense-in-depth environment, in which correct classification alone may not be good enough. For the first time, this paper proposes a cyber kill-chain for attacking machine learning models together with a proof of concept. The intention is to provide a high level attack model that inspire more secure processes in research/design/implementation of machine learning based security solutions.