YS
Y. Song
info
Please Note
<p>This page displays the records of the person named above and is not linked to a unique person identifier. This record may need to be merged to a profile.</p>
2 records found
1
In the digital age, the proliferation of personal data within databases has made them prime targets for cyberattacks. As the volume of data increases, so does the frequency and sophistication of these attacks. This thesis investigates database security threats by deploying open source database honeypots to gather threat intelligence. We utilized five different honeypots at various interaction levels, deploying a total of 275 low-interaction, 50 medium-interaction, and 8 high-interaction honeypots over 20 to 23 days to collect a wide range of adversarial data. Through this deployment, we gathered 37, 618, 111 log entries from 8, 786 IPs.
Our analysis of these logs indicate that databases exposed to the internet are most likely to be dis-covered within an hour of deployment due to pervasive internet scanning. Additionally, we found that adversaries exhibit preferences for attacking certain database management systems, engage in irregular attack frequencies marked by short bursts, utilize diverse tools, and exploit both cloud service providers and infected machines. The findings also provide a high-level overview and analysis of observed attacks, including remote code execution, worms, botnets, data theft, and cryptojacking. ...
Our analysis of these logs indicate that databases exposed to the internet are most likely to be dis-covered within an hour of deployment due to pervasive internet scanning. Additionally, we found that adversaries exhibit preferences for attacking certain database management systems, engage in irregular attack frequencies marked by short bursts, utilize diverse tools, and exploit both cloud service providers and infected machines. The findings also provide a high-level overview and analysis of observed attacks, including remote code execution, worms, botnets, data theft, and cryptojacking. ...
In the digital age, the proliferation of personal data within databases has made them prime targets for cyberattacks. As the volume of data increases, so does the frequency and sophistication of these attacks. This thesis investigates database security threats by deploying open source database honeypots to gather threat intelligence. We utilized five different honeypots at various interaction levels, deploying a total of 275 low-interaction, 50 medium-interaction, and 8 high-interaction honeypots over 20 to 23 days to collect a wide range of adversarial data. Through this deployment, we gathered 37, 618, 111 log entries from 8, 786 IPs.
Our analysis of these logs indicate that databases exposed to the internet are most likely to be dis-covered within an hour of deployment due to pervasive internet scanning. Additionally, we found that adversaries exhibit preferences for attacking certain database management systems, engage in irregular attack frequencies marked by short bursts, utilize diverse tools, and exploit both cloud service providers and infected machines. The findings also provide a high-level overview and analysis of observed attacks, including remote code execution, worms, botnets, data theft, and cryptojacking.
Our analysis of these logs indicate that databases exposed to the internet are most likely to be dis-covered within an hour of deployment due to pervasive internet scanning. Additionally, we found that adversaries exhibit preferences for attacking certain database management systems, engage in irregular attack frequencies marked by short bursts, utilize diverse tools, and exploit both cloud service providers and infected machines. The findings also provide a high-level overview and analysis of observed attacks, including remote code execution, worms, botnets, data theft, and cryptojacking.
In research there is often a need to choose between multiple competing models. Two popular criteria for model selection are the AIC and BIC. The AIC excels in estimating the best model for the unknown data generating process. The BIC on the other hand is consistent in finding the true model. It is clear that for model selection these two information criterion give answers to different selection criteria. The question that arises is whether it is possible to construct a model selection criterion which combines the strengths of both AIC and BIC. In this study we will show that it is impossible to construct a model selection criterion which shares the above mentioned two strenghts by revisiting the proof of \cite{yang2005can} : That is, any consistent model selection criterion must be sub-optimal in the minimax convergence rate for regression estimation compared to the AIC.
...
In research there is often a need to choose between multiple competing models. Two popular criteria for model selection are the AIC and BIC. The AIC excels in estimating the best model for the unknown data generating process. The BIC on the other hand is consistent in finding the true model. It is clear that for model selection these two information criterion give answers to different selection criteria. The question that arises is whether it is possible to construct a model selection criterion which combines the strengths of both AIC and BIC. In this study we will show that it is impossible to construct a model selection criterion which shares the above mentioned two strenghts by revisiting the proof of \cite{yang2005can} : That is, any consistent model selection criterion must be sub-optimal in the minimax convergence rate for regression estimation compared to the AIC.