A framework for zero-day vulnerabilities detection and prioritization

Singh, Umesh Kumar; Joshi, Chanchala; Kanellopoulos, Dimitris

doi:10.1016/j.jisa.2019.03.011

Cited by 22 publications

(14 citation statements)

References 2 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Attack detection through graphical models has shown a significant improvement over the behavioral-based (or, anomaly-based) attack detection. Recent works [11,[22][23][24][25][26] have used different concepts to implement graphical models. In [27], authors have proposed an anomaly detector using the likelihood ratio of network attacks.…”

Section: Graph-basedmentioning

confidence: 99%

“…In [23], Wang et al have proposed the DaMask architecture to detect the variants of DDoS attack, which uses Bayesian network inference in which the model gets auto-update according to new observations. In [25], Singh et al have proposed a layered architecture for ZA detection using an attack graph. The layers of the architecture are the ZA path generator, risk analyzer, and physical layer.…”

Section: Graph-basedmentioning

confidence: 99%

See 1 more Smart Citation

A robust intelligent zero-day cyber-attack detection technique

Kumar

Sinha

2021

Complex Intell. Syst.

View full text Add to dashboard Cite

With the introduction of the Internet to the mainstream like e-commerce, online banking, health system and other day-to-day essentials, risk of being exposed to various are increasing exponentially. Zero-day attack(s) targeting unknown vulnerabilities of a software or system opens up further research direction in the field of cyber-attacks. Existing approaches either uses ML/DNN or anomaly-based approach to protect against these attacks. Detecting zero-day attacks through these techniques miss several parameters like frequency of particular byte streams in network traffic and their correlation. Covering attacks that produce lower traffic is difficult through neural network models because it requires higher traffic for correct prediction. This paper proposes a novel robust and intelligent cyber-attack detection model to cover the issues mentioned above using the concept of heavy-hitter and graph technique to detect zero-day attacks. The proposed work consists of two phases (a) Signature generation and (b) Evaluation phase. This model evaluates the performance using generated signatures at the training phase. The result analysis of the proposed zero-day attack detection shows higher performance for accuracy of 91.33% for the binary classification and accuracy of 90.35% for multi-class classification on real-time attack data. The performance against benchmark data set CICIDS18 shows a promising result of 91.62% for binary-class classification on this model. Thus, the proposed approach shows an encouraging result to detect zero-day attacks.

show abstract

Section: Graph-basedmentioning

confidence: 99%

Section: Graph-basedmentioning

confidence: 99%

A robust intelligent zero-day cyber-attack detection technique

Kumar

Sinha

2021

Complex Intell. Syst.

View full text Add to dashboard Cite

show abstract

“…The exploiting code inserted into the exploiting site by the attacker is a key element that creates an environment of running malicious code in the user's PC, becoming a key asset operated by the attacker. As the intelligent infringement attack exploits the Zero-Day vulnerability [32,33,34], existing security technologies cannot handle the attack properly.…”

Section: B Propagation-based Correlationmentioning

confidence: 99%

Cyber-attack group analysis method based on association of cyber-attack information

Son¹,

Kim²,

Lee³

2020

KSII TIIS

View full text Add to dashboard Cite

Cyber-attacks emerge in a more intelligent way, and various security technologies are applied to respond to such attacks. Still, more and more people agree that individual response to each intelligent infringement attack has a fundamental limit. Accordingly, the cyber threat intelligence analysis technology is drawing attention in analyzing the attacker group, interpreting the attack trend, and obtaining decision making information by collecting a large quantity of cyber-attack information and performing relation analysis. In this study, we proposed relation analysis factors and developed a system for establishing cyber threat intelligence, based on malicious code as a key means of cyber-attacks. As a result of collecting more than 36 million kinds of infringement information and conducting relation analysis, various implications that cannot be obtained by simple searches were derived. We expect actionable intelligence to be established in the true sense of the word if relation analysis logic is developed later.

show abstract

“…When Z 12 = 0, Player 1 exerts no effort to develop zero-day capabilities in Period 2; instead, it relies on the stockpiling S 1 from Period 1 to attack Player 2. Solving Player 2 s first-order condition in (7) when…”

Section: Solutions 4-8 (Zmentioning

confidence: 99%

A Two-Period Game Theoretic Model of Zero-Day Attacks with Stockpiling

Wang

Welburn

Hausken

2020

Games

View full text Add to dashboard Cite

In a two-period game, Player 1 produces zero-day exploits for immediate deployment or stockpiles for future deployment. In Period 2, Player 1 produces zero-day exploits for immediate deployment, supplemented by stockpiled zero-day exploits from Period 1. Player 2 defends in both periods. The article illuminates how players strike balances between how to exert efforts in the two periods, depending on asset valuations, asset growth, time discounting, and contest intensities, and when it is worthwhile for Player 1 to stockpile. Eighteen parameter values are altered to illustrate sensitivity. Player 1 stockpiles when its unit effort cost of developing zero-day capabilities is lower in Period 1 than in Period 2, in which case it may accept negative expected utility in Period 1 and when its zero-day appreciation factor of stockpiled zero-day exploits from Period 1 to Period 2 increases above one. When the contest intensity in Period 2 increases, the players compete more fiercely with each other in both periods, but the players only compete more fiercely in Period 1 if the contest intensity in Period 1 increases.

show abstract

A framework for zero-day vulnerabilities detection and prioritization

Cited by 22 publications

References 2 publications

A robust intelligent zero-day cyber-attack detection technique

A robust intelligent zero-day cyber-attack detection technique

Cyber-attack group analysis method based on association of cyber-attack information

A Two-Period Game Theoretic Model of Zero-Day Attacks with Stockpiling

Contact Info

Product

Resources

About