Duc T. Ha scite author profile

The platform will undergo maintenance on Sep 14 at about 7:45 AM EST and will be unavailable for approximately 2 hours.

Duc T. Ha

4Publications

35Citation Statements Received

33Citation Statements Given

How they've been cited

How they cite others

Affiliations

University at Buffalo, State University of New York, New York University

Publications

Order By: Most citations

Insider Threat Analysis Using Information-Centric Modeling

Ha¹,

Upadhyaya

Ngo

et al.

View full text Add to dashboard Cite

Capability acquisition graphs (CAGs) provide a powerful framework for modeling insider threats, network attacks and system vulnerabilities. However, CAG-based security modeling systems have yet to be deployed in practice. This paper demonstrates the feasibility of applying CAGs to insider threat analysis. In particular, it describes the design and operation of an information-centric, graphics-oriented tool called ICMAP. ICMAP enables an analyst without any theoretical background to apply CAGs to answer security questions about vulnerabilities and likely attack scenarios, as well as to monitor network nodes. This functionality makes the tool very useful for attack attribution and forensics.Keyv^ords: Insider threats, capability acquisition graphs, key challenge graphs IntroductionA comprehensive model is required for understanding, reducing and preventing enterprise network attacks, and for identifying and combating system vulnerabihties and insider threats. Attacks on enterprise networks are often complex, involving multiple sites, multiple stages and the exploitation of various vulnerabilities. As a consequence, security analysts must consider massive amounts of information about network topology, system configurations, software vulnerabilities, and even social information. Integrating and analyzing all this information is an overwhelming task.A security analyst has to determine how best to represent individual components and interactions when developing a model of a computing environment. Depending on the environment and task at hand, the analyst may deal with network traffic data [15]

show abstract

AntBot: Anti-pollution peer-to-peer botnets

Yan

Eidenbenz

2011

Computer Networks

View full text Add to dashboard Cite

On the effectiveness of structural detection and defense against P2P-based botnets

Yan

Eidenbenz

et al. 2009

View full text Add to dashboard Cite

Recently, peer-to-peer (P2P) networks have emerged as a covert communication platform for malicious programs known as bots. As popular distributed systems, they allow bots to communicate easily while protecting the botmaster from being discovered. Existing work on P2P-based botnets mainly focuses on measurement-based studies of botnet behaviors. In this work, through simulation, we study extensively the structure of P2P networks running Kademlia, one of a few widely used P2P protocols in practice. Our simulation testbed not only incorporates the actual code of a real Kademlia client software to achieve high realism, but also applies distributed event-driven simulation techniques to achieve high scalability. Using this testbed, we analyze the scaling, clustering, reachability, and various centrality properties of P2P-based botnets from a graph-theoretical perspective. We further demonstrate experimentally and theoretically that monitoring bot activities in a P2P network is difficult, suggesting that the P2P mechanism indeed helps botnets hide their communication effectively. Finally, we evaluate the effectiveness of some potential mitigation techniques, such as content poisoning, sybil-based and eclipse-based mitigation. Conclusions drawn from this work shed light on the structure of P2P botnets, how to monitor bot activities in P2P networks, and how to mitigate botnet operations effectively.

show abstract

Insider Threat Assessment: Model, Analysis and Tool

Chinchani¹,

Ha²,

Iyer³

et al. 2010

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Duc T. Ha

Insider Threat Analysis Using Information-Centric Modeling

AntBot: Anti-pollution peer-to-peer botnets

On the effectiveness of structural detection and defense against P2P-based botnets

Insider Threat Assessment: Model, Analysis and Tool

Contact Info

Product

Resources

About