- document
-
de Smale, S. (author), van Dijk, Rik (author), Bouwman, X.B. (author), van der Ham, Jeroen (author), van Eeten, M.J.G. (author)The number of published software vulnerabilities is increasing every year. How do organizations stay in control of their attack surface despite their limited staff resources? Prior work has analyzed the overall software vulnerability ecosystem as well as patching processes within organizations, but not how these two are connected. We investigate...conference paper 2023
- document
-
Al Alsadi, Arwa (author), Sameshima, Kaichi (author), Yoshioka, Katsunari (author), van Eeten, M.J.G. (author), Hernandez Ganan, C. (author)For years, attackers have exploited vulnerabilities in Internet of Things (IoT) devices. Previous research has examined target selection in cybercrime, but there has been little investigation into the factors that influence target selection in attacks on IoT. This study aims to better understand how attackers choose their targets by analyzing...conference paper 2023
- document
-
Vermeer, M. (author), Kadenko, N.I. (author), van Eeten, M.J.G. (author), Hernandez Ganan, C. (author), Parkin, S.E. (author)Signature-based network intrusion detection systems (NIDSs) and network intrusion prevention systems (NIPSs) remain at the heart of network defense, along with the rules that enable them to detect threats. These rules allow Security Operation Centers (SOCs) to properly defend a network, yet we know almost nothing about how rules are created,...conference paper 2023
- document
-
Oomens, E.C. (author), van Wegberg, R.S. (author), Klievink, A. J. (author), van Eeten, M.J.G. (author)In recent years, the intelligence domain has transformed and become more cyber-oriented. This has been accompanied by governance reforms of intelligence agencies’ powers and oversight mechanisms. However, opinions on key points of these reforms diverge and diverging professional opinions may affect how reforms achieve intended goals. Using Q...journal article 2023
- document
-
Jansen, B.A. (author), Kadenko, N.I. (author), Broeders, Dennis (author), van Eeten, M.J.G. (author), Borgolte, K. (author), Fiebig, T. (author)In just a few years, the issue of “digital sovereignty” has emerged as an important security issue for governments across the globe, reflecting a growing unease about the security risks associated with government services that depend on foreign service providers for digital infrastructure and traffic routing. This work investigates to which...journal article 2023
- document
-
Pa Pa, Yin Minn (author), Tanizaki, Shunsuke (author), Kou, Tetsui (author), van Eeten, M.J.G. (author), Yoshioka, Katsunari (author), Matsumoto, Tsutomu (author)We investigate the potential for abuse of recent AI advances by developing seven malware programs and two attack tools using ChatGPT, OpenAI Playground's "text-davinci-003"model, and Auto-GPT - an open-source AI agent capable of generating automated prompts to accomplish user-defined goals. We confirm that: 1) Under the safety and moderation...conference paper 2023
- document
-
Hanif, Hilmy (author), Constantino Torres, J.E. (author), Sekwenz, M.T. (author), van Eeten, M.J.G. (author), Ubacht, J. (author), Wagner, Ben (author), Zhauniarovich, Y. (author)The AI Act represents a significant legislative effort by the European Union to govern the use of AI systems according to different risk-related classes, linking varying degrees of compliance obligations to the system's classification. However, it is often critiqued due to the lack of general public comprehension and effectiveness regarding...conference paper 2023
- document
-
Bouwman, X.B. (author), Le Pochat, Victor (author), Foremski, Pawel (author), Van Goethem, Tom (author), Hernandez Ganan, C. (author), Moura, Giovane C.M. (author), Tajalizadehkhoob, Samaneh (author), Joosen, Wouter (author), van Eeten, M.J.G. (author)We tracked the largest volunteer security information sharing community known to date: the COVID-19 Cyber Threat Coalition, with over 4,000 members. This enabled us to address long-standing questions on threat information sharing. First, does collaboration at scale lead to better coverage? And second, does making threat data freely available...conference paper 2022
- document
-
Vermeer, M. (author), van Eeten, M.J.G. (author), Hernandez Ganan, C. (author)Notwithstanding the predicted demise of signature-based network monitoring, it is still part of the bedrock of security operations. Rulesets are fundamental to the efficacy of Network Intrusion Detection Systems (NIDS). Yet, they have rarely been studied in production environments. We partner with a Managed Security Service Provider (MSSP) to...conference paper 2022
- document
-
Al Alsadi, Arwa (author), Sameshima, Kaichi (author), Bleier, Jakob (author), Yoshioka, Katsunari (author), Lindorfer, Martina (author), van Eeten, M.J.G. (author), Hernandez Ganan, C. (author)The Internet of things (IoT) is composed by a wide variety of software and hardware components that inherently contain vulnerabilities. Previous research has shown that it takes only a few minutes from the moment an IoT device is connected to the Internet to the first infection attempts. Still, we know little about the evolution of exploit...conference paper 2022
- document
-
Rodriguez, Elsa (author), Fukkink, Max (author), Parkin, S.E. (author), van Eeten, M.J.G. (author), Hernandez Ganan, C. (author)Consumer IoT devices may suffer malware attacks, and be recruited into botnets or worse. There is evidence that generic advice to device owners to address IoT malware can be successful, but this does not account for emerging forms of persistent IoT malware. Less is known about persistent malware, which resides on persistent storage, requiring...conference paper 2022
- document
-
Sasaki, Takayuki (author), Fujita, Akira (author), Hernandez Ganan, C. (author), van Eeten, M.J.G. (author), Yoshioka, Katsunari (author), Matsumoto, Tsutomu (author)Geographically distributed infrastructures, such as buildings, dams, and solar power plants, are commonly maintained via Internet-connected remote management devices. Previous studies on detecting and securing industrial control systems (ICS) have overlooked these remote management devices, as they do not expose ICS-specific services like Modbus...conference paper 2022
- document
-
Lone, Q.B. (author), Frik, Alisa (author), Luckie, Matthew (author), Korczyński, MacIej (author), van Eeten, M.J.G. (author), Hernandez Ganan, C. (author)IP spoofing, sending IP packets with a false source IP address, continues to be a primary attack vector for large-scale Denial of Service attacks. To combat spoofing, various interventions have been tried to increase the adoption of source address validation (SAV) among network operators. How can SAV deployment be increased? In this work, we...conference paper 2022
- document
-
Chiba, Daiki (author), Akiyama, Mitsuaki (author), Otsuki, Yuto (author), Hada, Hiroki (author), Yagi, Takeshi (author), Fiebig, Tobias (author), van Eeten, M.J.G. (author)Security Operations Centers (SOCs) are in need of automation for triaging alerts. Current approaches focus on analyzing and enriching individual alerts. We take a different approach and analyze the population of alerts. In an observational study over 24 weeks, we find a surprising pattern: some domains get analyzed again and again by different...journal article 2022
- document
-
Tanabe, Rui (author), Watanabe, Tsuyufumi (author), Fujita, Akira (author), Isawa, Ryoichi (author), Hernandez Ganan, C. (author), van Eeten, M.J.G. (author), Yoshioka, Katsunari (author), Matsumoto, Tsutomu (author)Large botnets made up of Internet-of-Things (IoT) devices have a steady presence in the threat landscape since 2016. However, it has not explained how attackers maintain control over their botnets. In this paper, we present a long-term analysis of the infrastructure of IoT botnets based on 36 months of data gathered via honeypots and the...journal article 2022
- document
-
Akyazi, U. (author), van Eeten, M.J.G. (author), Hernandez Ganan, C. (author)The emergence of Cybercrime-as-a-Service (CaaS) is a critical evolution in the cybercrime landscape. A key area of research on CaaS is where and how the supply of CaaS is being matched with demand. Next to underground marketplaces and custom websites, cybercrime forums provide an important channel for CaaS suppliers to attract customers. Our...conference paper 2021
- document
-
Bouwmeester, Brennen (author), Turcios Rodriguez, E.R. (author), Hernandez Ganan, C. (author), van Eeten, M.J.G. (author), Parkin, S.E. (author)Many consumer Internet-of-Things (IoT) devices are, and will remain, subject to compromise, often without the owner's knowledge. Internet Service Providers (ISPs) are among the actors best-placed to coordinate the remediation of these problems. They receive infection data and can notify customers of recommended remediation actions. There is...conference paper 2021
- document
-
Noroozian, A. (author), Turcios Rodriguez, E.R. (author), Lastdrager, Elmer (author), Kasama, Takahiro (author), van Eeten, M.J.G. (author), Hernandez Ganan, C. (author)For the mitigation of compromised Internet of Things (IoT) devices we rely on Internet Service Providers (ISPs) and their users. Given that devices are in the hands of their subscribers, what can ISPs realistically do? This study examines the effects of ISP countermeasures on infections caused by variants of the notorious Mirai family of IoT...conference paper 2021
- document
-
Turcios Rodriguez, E.R. (author), Verstegen, S. (author), Noroozian, A. (author), Inoue, Daisuke (author), Kasama, Takahiro (author), van Eeten, M.J.G. (author), Hernandez Ganan, C. (author)Internet Service Providers (ISPs) are getting involved in remediating Internet of Things (IoT) infections of end users. This endeavor runs into serious usability problems. Given that it is usually unknown what kind of device is infected, they can only provide users with very generic cleanup advice, trying to cover all device types and...journal article 2021
- document
-
Bouwman, X.B. (author), Griffioen, Harm (author), Egbers, Jelle (author), Doerr, Christian (author), Klievink, Bram (author), van Eeten, M.J.G. (author)Commercial threat intelligence is thought to provide unmatched coverage on attacker behavior, but it is out of reach for many organizations due to its hefty price tag. This paper presents the first empirical assessment of the services of commercial threat intelligence providers. For two leading vendors, we describe what these services consist of...conference paper 2020