In recent years, we witness the spreading of a significant variety of malware, which operate and propagate relying on network communications. Due to the staggering growth of traffic in the last years, detecting malicious software has become infeasible on a packet-by-packet basis. In this paper, we address this challenge by investigating malware behaviors and designing a method to detect them relying only on network flow-level data. In our analysis we identify malware types with regards to their impact on a network and the way they achieve their malicious purposes. Leveraging this knowledge, we propose a machine learning-based and privacy-preserving method to detect malware. We evaluate our results on two malware datasets (MalRec and CTU-13) containing traffic of over 65,000 malware samples, as well as one month of network traffic from the University of Oxford containing over 23 billion flows. We show that despite the coarse-grained information provided by network flows and the imbalance between legitimate and malicious traffic, MalAlert can distinguish between different types of malware with the F1 score of 90%.
Modern warfare increasingly depends on interconnected computers where cyber security plays an essential role. Events from the battlefield are reported to decision-makers verbally, in a textual format, but rarely graphically. In this paper we conduct a feasibility study of a real-time 3D simulation system that visually communicates cyber-physical data to obtain situational awareness. We identify whether such a system is plausible for the real-time planning of simulated battle scenarios, and how such a tool may help real-time decision-making. As part of this feasibility study, we investigate whether the addition of "presence" often described in VR literature helps or detracts value from such a simulation system. We hypothesise that experiencing the situation in virtual reality is beneficial for decision-makers' reaction time and quality of their decisions. Our simulation is built using Unreal Engine 4. It is then evaluated in a study involving four cyber security experts. The results indicate that the simulation is successful in the situational awareness aspect. Most users rate the regular monitor version higher than its virtual reality counterpart, stressing that while the immersion in VR is better, it is not as good in terms of controls, image quality, decision-making and comfort.
Network traffic monitoring has become fundamental to obtaining insights about a network and its activities. This knowledge allows network administrators to detect anomalies, identify faulty hardware, and make informed decisions. The increase of the number of connected devices and the consequent volume of traffic poses a serious challenge to carrying out the task of network monitoring. Such a task requires techniques that process traffic in an efficient and timely manner. Moreover, it is crucial to be able to store network traffic for forensic purposes for as long a period of time as possible. In this paper, we propose CompactFlow, a hybrid binary format for efficient storage and processing of network flow data. Our solution offers a trade-off between the space required and query performance via an optimized binary representation of flow records and optional indexing. We experimentally assess the efficiency of CompactFlow by comparing it to a wide range of binary flow storage formats. We show that Compact-Flow format improves the state of the art by reducing the size required to store network flows by more than 24%.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.