Investigating the modeling assumptions of alert-driven attack graphs: A cognitive load-based quantification approach of interpretability in attack graphs

The interpretability of an attack graph is a key principle as it reflects the difficulty of a specialist to take insights into attacker strategies. However, the quantification of interpretability is considered to be a subjective manner and complex attack graphs can be challenging to read and interpret. In this research paper, we propose a new...

Investigating Episode Prioritisation in Alert-Driven Attack Graphs: Analysing PICA: A Novel Approach to Episode Prioritisation

Intrusion Detection Systems (IDSes) detect malicious traffic in computer networks and generate a large volume of alerts, which cannot be processed manually. SAGE is a deterministic algorithm that works without a priori network/expert knowledge and can compress these alerts into attack graphs (AGs), modelling intruders’ paths in the network....

AGONI: Adversarial Generation Of Network Intrusions

Network Intrusion Detection Systems (NIDSs) defend our computer networks against malicious network attacks. Anomaly-based NIDSs use machine learning classifiers to categorise incoming traffic. Research has shown that classifiers are vulnerable to adversarial examples, perturbed inputs that lead the classifier into misclassifying the input....

Exploitation of P4 Programmable Switch Networks

P4 programmable data-planes provide operators with a flexible method to set up data-plane forwarding logic. To deploy networks with confidence, a switch's forwarding logic should correspond with its intended behavior. Programs loaded onto programmable data-planes don't necessarily go through as much testing as traditional fixed-function devices...

Time-Sensitive Networking IEEE 802.1CB: Security and Reliability

The upcoming IEEE 802.1CB standard aims to solve performance and reliability issues in Time-Sensitive Networking (TSN). Mission-critical systems often use these standards for communication in automotive, industrial, and avionic networks. However, researchers did not sufficiently investigate the security risks and possible mitigation solutions to...

Network intrusion prediction model using external data

Nowadays does the internet presence of companies increase, and with it, their attack surface and the probability of breaches: every information system in the company's network may be an entry point for an outsider. Therefore, companies need to secure their information systems. However, current risk assessment frameworks fail to connect the...

NURSE: eNd-UseR IoT malware detection tool for Smart homEs

IoT devices keep entering our homes with the promise of delivering more services and enhancing user experience; however, these new devices also carry along an alarming number of vulnerabilities and security issues. In most cases, the users of these devices are completely unaware of the security risks that connecting these devices entail. Current...

The performance of the routing protocol for low-power and lossy networks in mobile networks

The IPv6 routing protocol for low-power and lossy networks (RPL) is a routing protocol that is standardized for constrained devices. This standard only considers static nodes and consequently underperforms in networks with moving nodes. Several studies exist intending to mend this problem, but analyses of RPL's performance in mobile situations...

Analysis of sequential feature engineering and statistical features for malware behavior discovery

Malware Packet-sequence Clustering and Analysis (MalPaCA) is a unsupervised clustering application for malicious network behavior, it currently uses solely sequential features to characterize network behavior. In this paper an extensive comparison between those features and statistical features is performed. During the comparison a better...

Design for a TCP/IP transparent FPGA-based network diode: To what extent is it possible to implement a network diode on an FPGA under realistic network environments, using the Transmission Control Protocol?

The urgency for high-security products for industrial networks is increasing as malicious hackers are improving their accessibility tools. A common practice for a company to protect its sensitive data is network segmentation. The network is segmented in different domains with distinctive security levels. The sensitive data is stored and managed...

Real Time Threat Detection Through Network Analysis

Intermax Cloudsourcing B.V. designs, implements and manages critical IT-infrastructures for Dutch clients from the medical, public and financial sectors. The information that passes over these IT-infrastructures is highly confidential and privacy-sensitive, therefore it is essential that these infrastructures are secure. To improve the security...

Classification of Distributed Strategies for Port Scan Reconnaissance

Prior to exploiting a vulnerable service, adversaries perform a port scan to detect open ports on a target machine. If an adversary is aiming for multiple targets, multiple IP addresses need to be scanned for possible open ports. As sending all this probing traffic with one source IP address causes a lot of suspicion in an intrusion detection...

Efficient pre-filtering techniques for packet inspection

Network Security is a significant issue nowadays. The information flow is enormous and the attacks have been substantially evolved.Every single packet of the flow must be scanned in deep and checked with all known attack rules (Deep Packet Inspection) to determine whether it is malicious. However, the task of Deep Packet Inspection requires a...