Investigating Episode Prioritisation in Alert-Driven Attack Graphs: Analysing PICA: A Novel Approach to Episode Prioritisation

Intrusion Detection Systems (IDSes) detect malicious traffic in computer networks and generate a large volume of alerts, which cannot be processed manually. SAGE is a deterministic algorithm that works without a priori network/expert knowledge and can compress these alerts into attack graphs (AGs), modelling intruders’ paths in the network....

AGONI: Adversarial Generation Of Network Intrusions

Network Intrusion Detection Systems (NIDSs) defend our computer networks against malicious network attacks. Anomaly-based NIDSs use machine learning classifiers to categorise incoming traffic. Research has shown that classifiers are vulnerable to adversarial examples, perturbed inputs that lead the classifier into misclassifying the input....

GNN4IFA: Interest Flooding Attack Detection With Graph Neural Networks

In the context of Information-Centric Networking, Interest Flooding Attacks (IFAs) represent a new and dangerous sort of distributed denial of service. Since existing proposals targeting IFAs mainly focus on local information, in this paper we propose GNN4IFA as the first mechanism exploiting complex non-local knowledge for IFA detection by...

Attack Graph Model for Cyber-Physical Power Systems Using Hybrid Deep Learning

Electrical power grids are vulnerable to cyber attacks, as seen in Ukraine in 2015 and 2016. However, existing attack detection methods are limited. Most of them are based on power system measurement anomalies that occur when an attack is successfully executed at the later stages of the cyber kill chain. In contrast, the attacks on the Ukrainian...

Cyber Threat Intelligence: Analysis of adversaries and their methods

The growing dependency on interconnected devices makes cyber crime increasingly lucrative. Together with the rise of premade tools to perform exploits, the number of cyber incidents grows rapidly each year. Defending against these threats becomes increasingly difficult as organizations depend heavily on the Internet and have many different...

Exploitation of P4 Programmable Switch Networks

P4 programmable data-planes provide operators with a flexible method to set up data-plane forwarding logic. To deploy networks with confidence, a switch's forwarding logic should correspond with its intended behavior. Programs loaded onto programmable data-planes don't necessarily go through as much testing as traditional fixed-function devices...

Time-Sensitive Networking IEEE 802.1CB: Security and Reliability

The upcoming IEEE 802.1CB standard aims to solve performance and reliability issues in Time-Sensitive Networking (TSN). Mission-critical systems often use these standards for communication in automotive, industrial, and avionic networks. However, researchers did not sufficiently investigate the security risks and possible mitigation solutions to...

The Cross-evaluation of Machine Learning-based Network Intrusion Detection Systems

Enhancing Network Intrusion Detection Systems (NIDS) with supervised Machine Learning (ML) is tough. ML-NIDS must be trained and evaluated, operations requiring data where benign and malicious samples are clearly labeled. Such labels demand costly expert knowledge, resulting in a lack of real deployments, as well as on papers always relying...

The performance of the routing protocol for low-power and lossy networks in mobile networks

The IPv6 routing protocol for low-power and lossy networks (RPL) is a routing protocol that is standardized for constrained devices. This standard only considers static nodes and consequently underperforms in networks with moving nodes. Several studies exist intending to mend this problem, but analyses of RPL's performance in mobile situations...

Design for a TCP/IP transparent FPGA-based network diode: To what extent is it possible to implement a network diode on an FPGA under realistic network environments, using the Transmission Control Protocol?

The urgency for high-security products for industrial networks is increasing as malicious hackers are improving their accessibility tools. A common practice for a company to protect its sensitive data is network segmentation. The network is segmented in different domains with distinctive security levels. The sensitive data is stored and managed...

Real Time Threat Detection Through Network Analysis

Intermax Cloudsourcing B.V. designs, implements and manages critical IT-infrastructures for Dutch clients from the medical, public and financial sectors. The information that passes over these IT-infrastructures is highly confidential and privacy-sensitive, therefore it is essential that these infrastructures are secure. To improve the security...

Platforms in Everything: Analyzing Ground-Truth Data on the Anatomy and Economics of Bullet-Proof Hosting

This paper presents the first empirical study based on ground-truth data of a major Bullet-Proof Hosting (BPH) provider, a company called Maxided. BPH allows miscreants to host criminal activities in support of various cybercrime business models such as phishing, botnets, DDoS, spam, and counterfeit pharmaceutical websites. Maxided was legally...

DECANTeR: DEteCtion of Anomalous outbouNd HTTP Traffic by Passive Application Fingerprinting

We present DECANTeR, a system to detect anomalous outbound HTTP communication, which passively extracts fingerprints for each application running on a monitored host. The goal of our system is to detect unknown malware and backdoor communication indicated by unknown fingerprints extracted from a host's network traffic. We evaluate a prototype...