Log2vec Liu, Fucheng; Wen, Yu; Zhang, Dongxue ...
Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security,
11/2019
Conference Proceeding
Conventional attacks of insider employees and emerging APT are both major threats for the organizational information system. Existing detections mainly concentrate on users' behavior and usually ...analyze logs recording their operations in an information system. In general, most of these methods consider sequential relationship among log entries and model users' sequential behavior. However, they ignore other relationships, inevitably leading to an unsatisfactory performance on various attack scenarios. We propose log2vec, a heterogeneous graph embedding based modularized method. First, it involves a heuristic approach that converts log entries into a heterogeneous graph in the light of diverse relationships among them. Next, it utilizes an improved graph embedding appropriate to the above heterogeneous graph, which can automatically represent each log entry into a low-dimension vector. The third component of log2vec is a practical detection algorithm capable of separating malicious and benign log entries into different clusters and identifying malicious ones. We implement a prototype of log2vec. Our evaluation demonstrates that log2vec remarkably outperforms state-of-the-art approaches, such as deep learning and hidden markov model (HMM). Besides, log2vec shows its capability to detect malicious events in various attack scenarios.
Objectives The article includes a systemic analysis of Poland's potential and response capabilities to chemical, biological, radiological and nuclear (CBRN) threats. As a result of the conducted ...research, the dominant threats, technological resources, legal framework and socio-political reactions related to CBRN incidents in Poland were shown. In addition, Poland's technological capabilities in the detection of chemical agents, gamma and nucleoids were presented. The important role of protective clothing in responding to CBRN threats was emphasized. Material and methods In order to implement the adopted research assumptions, the method of analysis was used consisting in quantitative and qualitative analysis of the content contained in the analyzed documents, literature, legal acts, their ordering and interpretation in terms of the research objective. Results The article highlights the multifaceted nature of the Polish approach, which includes understanding CBRN threats, investing in advanced detection technologies, ensuring the security of response through protective equipment, implementing robust civil protection measures, and adhering to a comprehensive legal framework. The discussion additionally sheds light on the key role of international cooperation in the Polish CBRN strategy. Basically, the article presents Polish preparations as a comprehensive approach combining technological knowledge, legal infrastructure, public security measures Conclusions Poland's strategic preparation for potential CBRN incidents is an ongoing process. While significant progress has been made, the constantly evolving nature of CBRN threats requires a continuous commitment to policy improvement, technological innovation, capacity building and international cooperation.
Despite providing unparalleled connectivity and convenience, the exponential growth of the Internet of Things (IoT) ecosystem has triggered significant cybersecurity concerns. These concerns stem ...from various factors, including the heterogeneity of IoT devices, widespread deployment, and inherent computational limitations. Integrating emerging technologies to address these concerns becomes imperative as the dynamic IoT landscape evolves. Machine Learning (ML), a rapidly advancing technology, has shown considerable promise in addressing IoT security issues. It has significantly influenced and advanced research in cyber threat detection. This survey provides a comprehensive overview of current trends, methodologies, and challenges in applying machine learning for cyber threat detection in IoT environments. Specifically, we further perform a comparative analysis of state-of-the-art ML-based Intrusion Detection Systems (IDSs) in the landscape of IoT security. In addition, we shed light on the pressing unresolved issues and challenges within this dynamic field. We provide a future vision with Generative AI and large language models to enhance IoT security. The discussions present an in-depth understanding of different cyber threat detection methods, enhancing the knowledge base of researchers and practitioners alike. This paper is a valuable resource for those keen to delve into the evolving world of cyber threat detection leveraging ML and IoT security.
Unraveled is a novel cybersecurity dataset capturing Advanced Persistent Threat (APT) attacks not available in the public domain. Existing cybersecurity datasets lack coherent information about ...sophisticated and persistent cyber-attack features, including attack planning and deployment, stealthiness of the attacker(s), longer dorm period between attack activities, etc. Our APT attack scenario in Unraveled is implemented on a real network system established on a cloud platform to emulate an organization’s network system. The new dataset provides a comprehensive network flow and host-level log information about the normal user(s) traffic and the cyber attacks traffic. To emulate realistic network traffic scenarios, Unraveled also includes attacks at different skills reflecting a typical organization’s threat posture, and by utilizing APT attack information from one of the well-known APT attack databases, i.e., MITRE’s APT-group database. Furthermore, we design and develop an Employee Behavior Generation (EBG) model to emulate multiple normal employees’ traffic and activities during a 6-week time period based on their pre-defined business functions. Using well-known machine learning models for anomaly detection, we show that the APT attack activities in Unraveled are hardly detected, indicating the need for more effective solutions that are based on datasets representing real world APT attacks.
The safeguarding of critical zones aboard a marine vehicle, such as the engine room, wheelhouse, and pump room, assumes crucial significance while navigating through the open sea. Despite the ...existing pre-boarding security measures, Concealed Threat Detection (CTD) systems have emerged as a pressing need to prevent the ship from post-boarding damage with concealed dangers. Due to concerns regarding deployment cost and privacy, mmWave-based CTD systems have received significant attention. However, current solutions are not easily adapted to work in ships because of the large number of ghost targets resulting from multipath reflections in full metal cabins. To address these challenges, this paper proposes a new CTD system, called mmCTD, which utilizes two mmWave commercial radars. The proposed system addresses the multipath challenge by unifying multi-view perceptions with two distinct designs. First, we propose a ghost-point elimination algorithm that extracts the point clouds from real objects. Then, we design a multi-view domain adversarial framework to predict concealed threats in the human body using the extracted RF features. mmCTD is validated by both simulations and real ship experiments, and results demonstrate that the recognition accuracy in three scenarios reaches 89% with a low false alarm rate.
With the prevalence of Internet of Things (IoT) technologies, the huge growth of IoT devices has also brought attention of cyber attackers. IoT botnets are rapidly spreading and evolving worldwide, ...causing serious risks to users and data. Machine learning (ML) has shown its effectiveness on threat detection. However, existing feature encoding and learning methods are unsuitable for resource constrained edge devices like the IoT gateway. In this paper, we propose a lightweight threat detection scheme called FlowSpotter. The flow imaging mechanism requires less feature extraction but preserves more spatial and temporal information. A lite convolution neural network architecture based on the state-of-the-art efficient building blocks is devised. For performance evaluation, we develop an IoT honeypot system that captures hundreds of thousands of IoT intrusions in the wild. Besides, FlowSpotter is implemented on Raspberry Pi for measuring the efficiency. Experimental results show that FlowSpotter not only outperforms 8 baseline models by achieving 99.8% accuracy and 0.07% false positive rate, but also consumes the least computing resources by taking less than 11 ms and 61 MiB memory for each detection.
Abstract Insider threats refer to harmful actions carried out by authorized users within an organization, posing the most damaging risks. The increasing number of these threats has revealed the ...inadequacy of traditional methods for detecting and mitigating insider threats. These existing approaches lack the ability to analyze activity-related information in detail, resulting in delayed detection of malicious intent. Additionally, current methods lack advancements in addressing noisy datasets or unknown scenarios, leading to under-fitting or over-fitting of the models. To address these, our paper presents a hybrid insider threat detection framework. We not only enhance prediction accuracy by incorporating a layer of statistical criteria on top of machine learning-based classification but also present optimal parameters to address over/under-fitting of models. We evaluate the performance of our framework using a real-life threat test dataset (CERT r4.2) and compare it to existing methods on the same dataset (Glasser and Lindauer 2013). Our initial evaluation demonstrates that our proposed framework achieves an accuracy of 98.48% in detecting insider threats, surpassing the performance of most of the existing methods. Additionally, our framework effectively handles potential bias and data imbalance issues that can arise in real-life scenarios.
Detecting cluttered and overlapping contraband items from baggage scans is one of the most challenging tasks, even for human experts. Recently, considerable literature has grown up around the theme ...of deep learning-based X-ray screening for localizing contraband data. However, the existing threat detection systems are still vulnerable to high occlusion, clutter, and concealment. Furthermore, they require exhaustive training routines on large-scale and well-annotated data in order to produce accurate results. To overcome the above-mentioned limitations, this paper presents a novel convolutional transformer system that recognizes different overlapping instances of prohibited objects in complex baggage X-ray scans via a distillation-driven incremental instance segmentation scheme. Furthermore, unlike its competitors, the proposed framework allows an incremental integration of new item instances while avoiding costly training routines. In addition to this, the proposed framework also outperforms state-of-the-art approaches by achieving a mean average precision score of 0.7896, 0.5974, and 0.7569 on publicly available GDXray, SIXray, and OPIXray datasets for detecting concealed and cluttered baggage threats.
•This paper presents a novel incremental convolutional transformer model.•A β hyperparameter is introduced in the paper to control catastrophic forgetting.•A unique segmentation scheme is proposed to extract cluttered object instances.•The proposed system is thoroughly tested on three public X-ray datasets.
Phishing threats are real and are ever increasing in their reach and devastating effects. This study delves into the role of cognitive processing in detecting and curtailing phishing attacks. The ...proposed model is grounded on the Elaboration Likelihood Model and is tested empirically using data from 192 cases. Data was collected through direct observations of phishing susceptibility and self-reported questionnaires after staging a phishing attack targeting a university population in Nairobi, Kenya. The model was found to have excellent fit and was able to account for 50.8% of a person's cognitive processing of a phishing attack, 69.5% of their ability to detect phishing threats and could predict 28% of their actual phishing susceptibility. Analysis was done to test 25 hypothesis, and to examine the mediating effects of cognitive processing and threat detection. In addition, multi-group moderation analysis was done to examine if the model was invariant based on the level of knowledge. Results indicate that threat detection has the strongest effect in reducing phishing susceptibility. Threat detection was found to be what explains why people who expend cognitive effort processing phishing communication are less likely to fall for phishing threats.
•The model is theoretically grounded on the Elaboration Likelihood Model and examines more constructs than previous work.•Excellent fit achieved.•Analysis involves hypothesis testing and also examining of mediation and moderation effects.•Accounts for 69.5% of an individual's Threat Detection, 50.8% of Elaboration can predict 28% of Phishing Susceptibility.•Threat Detection accounts for strongest effect with regards to reducing phishing susceptibility as compared to Elaboration.