Design and evaluation of a system for network threat signatures generation

Szynkiewicz, Paweł; Kozakiewicz, Adam

doi:10.1016/j.jocs.2017.05.006

Cited by 14 publications

(5 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Most of them use relatively simple (computationally inexpensive) heuristic approaches. Another method is defined in [15], where the generation of multi-set signatures is formulated as an optimization problem. A specialized version of the genetic algorithm (GA) is used to solve it.…”

Section: A Signature-based Detection Methods Of 'Known' Attacksmentioning

confidence: 99%

Anomaly Detection In TCP/IP Networks

Kołodziej¹,

Krzyszton²,

Szynkiewicz³

2023

ECMS 2023 Proceedings Edited by Enrico Vicario, Romeo Bandinelli, Virginia Fani, Michele Mastroianni

View full text Add to dashboard Cite

Intrusion Detection Systems (IDS) should be capable of quickly detecting attacks and network traffic anomalies to reduce the damage to the network components. They may efficiently detect threats based on prior knowledge of attack characteristics and the potential threat impact ('known attacks'). However, IDS cannot recognize threats, and attacks ('unknown attacks') usually occur when using brand-new technologies for system damage. This paper presents two security services -- Net Anomaly Detector (NAD) and a signature-based PGA Filter for detecting attacks and anomalies in TCP/IP networks. Both services are modules of the cloud-based GUARD platform developed in the H2020 GUARD project. Such a platform was the main component of the simulation environment in the work presented in this paper. The provided experiments show that both modules achieved satisfactory results in detecting an unknown type of DoS attacks and signatures of DDoS attacks.

show abstract

Section: A Signature-based Detection Methods Of 'Known' Attacksmentioning

confidence: 99%

Anomaly Detection In TCP/IP Networks

Kołodziej¹,

Krzyszton²,

Szynkiewicz³

2023

ECMS 2023 Proceedings Edited by Enrico Vicario, Romeo Bandinelli, Virginia Fani, Michele Mastroianni

View full text Add to dashboard Cite

show abstract

“…Daniel Nahmias et al [15] presented TrustSign, a novel, trusted automatic malware signature generation method based on high-level deep features transferred from a VGG-19 neural network model pre-trained on the ImageNet dataset. Paweł Szynkiewicz et al [16] developed an efficient algorithm for token extraction and a novel method for automatic multi-token signature composition. Fangwei Wang et al [17] proposed an automatic signature extraction algorithm for polymorphic worms based on the improved Term Frequency-Inverse Document Frequency (TF-IDF).…”

Section: Related Workmentioning

confidence: 99%

A Worm Detection System Based on Deep Learning

Zhou

Yang

et al. 2020

IEEE Access

View full text Add to dashboard Cite

In today's cyber world, worms pose a great threat to the global network infrastructure. In this paper, we propose a worm detection system based on deep learning. It includes two main modules: one worm detection module based on a convolutional neural network (CNN) and one automatic worm signature generation module based on a deep neural network (DNN). In the CNN-based worm detection module, we propose three kinds of data preprocessing methods: frequency processing, frequency weighted processing, and difference processing, and use CNN to train the model for worm detection. In the DNN-based worm signature generation module, there are two phrase:DNN is firstly utilized for training the model with worm payloads and their corresponding signatures as input in the training phrase. After worm payloads are fed into the trained DNN model in the test phrase, worm signatures are generated by our proposed Signature Beam Search algorithm. In the experiment, we firstly analyzed the impact of different data preprocessing methods and the number of convolution-pooling layers in the CNN model on the worm detection performance. Then we analyzed the effects of different signatures in the DNN algorithm on the automatic generation of worm signatures. Experiments show that the generated signatures have a good detection performance.

show abstract

“…In order to perform the aforementioned security functions, system developers rely on a variety of tools to secure CPS. The classification of tools that were presented in [24] ( [25], [26].…”

Section: Cyber-security In Cyber-physical Systemsmentioning

confidence: 99%

Cyber-security for Mobile Service Robots – Challenges for Cyber-physical System Safety

Dudek

Szynkiewicz

2019

JTIT

View full text Add to dashboard Cite

A review of the known and an indication of the new threats for cyber-physical robotic systems, caused by cybernetic attacks, serves, in this paper, as a basis for the analysis of the known methods relied upon to detect and mitigate consequences of such attacks. A particular emphasis is placed on threats speciﬁc for cyber-physical systems, as they are a feature distinguishing these systems from their traditional Information and Communication Technologies (ICT) counterparts. Based on the review of literature and own analyses, unresolved issues regarding the cyber-security of robot systems are presented and discussed.

show abstract

Design and evaluation of a system for network threat signatures generation

Cited by 14 publications

References 10 publications

Anomaly Detection In TCP/IP Networks

Anomaly Detection In TCP/IP Networks

A Worm Detection System Based on Deep Learning

Cyber-security for Mobile Service Robots – Challenges for Cyber-physical System Safety

Contact Info

Product

Resources

About