Hidden Markov Model and Cyber Deception for the Prevention of Adversarial Lateral Movement

Amin, Ali; Shetty, Sachin; Njilla, Laurent; Tosh, Deepak K.; Kamhoua, Charles A.

doi:10.1109/access.2021.3069105

Cited by 24 publications

(10 citation statements)

References 42 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Here, all the information is stored and processed from the cloud server, which is a time-consuming process that leads to high latency during intrusion detection, increasing the resource wastage of the devices. In addition, a hidden Markov-based cyber deception method is proposed for predicting the attack paths [25]. The proposed method includes graph analysis (reactive) and cyber deception method (proactive) for detecting attack paths.…”

Section: Literature Surveymentioning

confidence: 99%

Multi-Zone-Wise Blockchain Based Intrusion Detection and Prevention System for IoT Environment

Kably¹,

Benbarrad²,

Alaoui³

et al. 2023

Computers, Materials &Amp; Continua

View full text Add to dashboard Cite

Blockchain merges technology with the Internet of Things (IoT) for addressing security and privacy-related issues. However, conventional blockchain suffers from scalability issues due to its linear structure, which increases the storage overhead, and Intrusion detection performed was limited with attack severity, leading to performance degradation. To overcome these issues, we proposed MZWB (Multi-Zone-Wise Blockchain) model. Initially, all the authenticated IoT nodes in the network ensure their legitimacy by using the Enhanced Blowfish Algorithm (EBA), considering several metrics. Then, the legitimately considered nodes for network construction for managing the network using Bayesian-Direct Acyclic Graph (B-DAG), which considers several metrics. The intrusion detection is performed based on two tiers. In the first tier, a Deep Convolution Neural Network (DCNN) analyzes the data packets by extracting packet flow features to classify the packets as normal, malicious, and suspicious. In the second tier, the suspicious packets are classified as normal or malicious using the Generative Adversarial Network (GAN). Finally, intrusion scenario performed reconstruction to reduce the severity of attacks in which Improved Monkey Optimization (IMO) is used for attack path discovery by considering several metrics, and the Graph cut utilized algorithm for attack scenario reconstruction (ASR). UNSW-NB15 and BoT-IoT utilized datasets for the MZWB method simulated using a Network simulator (NS-3.26). Compared with previous performance metrics such as energy consumption, storage overhead accuracy, response time, attack detection rate, precision, recall, and F-measure. The simulation result shows that the proposed MZWB method achieves high performance than existing works

show abstract

Section: Literature Surveymentioning

confidence: 99%

Multi-Zone-Wise Blockchain Based Intrusion Detection and Prevention System for IoT Environment

Kably¹,

Benbarrad²,

Alaoui³

et al. 2023

Computers, Materials &Amp; Continua

View full text Add to dashboard Cite

show abstract

“…In addition, there is a research trend that is also popularly used in research in the use of technology to detect fake news since 2021, namely cyber deception. Some studies present a cyber fraud approach that combines reactive (graphic analysis) and proactive (cyber fraud technology) defenses (Al Amin et al, 2021). In addition, there are studies to explore cyber fraud approaches from threats that include fraudulent methods (Steingartner & Galinec, 2021).…”

Section: State-of-the-art Research In the Use Of Technology For Fake ...mentioning

confidence: 99%

Research Mapping in the Use of Technology for Fake News Detection: Bibliometric Analysis from 2011 to 2021

Gunawan

Ratmono

Abdullah

et al. 2022

Indonesian J. Sci. Technol

View full text Add to dashboard Cite

This study aims to (1) determine research developments, (2) produce research distribution maps based on co-authorship analysis, (3) produce research distribution maps based on citation analysis, (4) produce research distribution maps based on co-citation analysis, (5) produce a research distribution map based on co-occurrence analysis, and (6) find out the state-of-the-art research in the use of technology for fake news detection. This study uses a quantitative method with a descriptive approach in bibliometric analysis from 2011 to 2021. From the research results obtained (1) the development of research publications in the field of the use of technology for fake news detection shows an increase, (2) the interrelationships between countries of authors, organizations affiliated with the authors, and among authors, (3) distribution map of citation analysis based on units of countries, sources, and authors, (4) distribution map of co-citation analysis based on unit cited sources and cited authors, (5) connection of keyword in the use of technology for fake news detection publications is related to literacy skills such as media literacy and information literacy, and (6) several research trends that researchers have widely used in the last 2 years including COVID-19, media literacy, and cyber deception. The research results can be used to determine the development of research o in the use of technology for fake news detection and as a reference for developing further research in the use of technology for fake news detection.

show abstract

“…Takabi and Jafarian [26] proposed a defense idea that combines deception defense with MTD, which can be used to mitigate internal attacks. Amin et al [27] combined POMCP and Hidden Markov Model and proposed a new path prediction method to prevent the attacker from moving laterally in the internal network.…”

Section: Related Workmentioning

confidence: 99%

A Multiphase Dynamic Deployment Mechanism of Virtualized Honeypots Based on Intelligent Attack Path Prediction

Gao

Zhang

Xing

2021

Security and Communication Networks

View full text Add to dashboard Cite

As an important deception defense method, a honeypot can be used to enhance the network’s active defense capability effectively. However, the existing rigid deployment method makes it difficult to deal with the uncertain strategic attack behaviors of the attackers. To solve such a problem, we propose a multiphase dynamic deployment mechanism of virtualized honeypots (MD2VH) based on the intelligent attack path prediction method. MD2VH depicts the attack and defense characteristics of both attackers and defenders through the Bayesian state attack graph, establishes a multiphase dynamic deployment optimization model of the virtualized honeypots based on the extended Markov’s decision-making process, and generates the deployment strategies dynamically by combining the online and offline reinforcement learning methods. Besides, we also implement a prototype system based on software-defined network and virtualization container, so as to evaluate the effectiveness of MD2VH. Experiments results show that the capture rate of MD2VH is maintained at about 90% in the case of both simple topology and complex topology. Compared with the simple intelligent deployment strategy, such a metric is increased by 20% to 60%, and the result is more stable under different types of the attacker’s strategy.

show abstract

Hidden Markov Model and Cyber Deception for the Prevention of Adversarial Lateral Movement

Cited by 24 publications

References 42 publications

Multi-Zone-Wise Blockchain Based Intrusion Detection and Prevention System for IoT Environment

Multi-Zone-Wise Blockchain Based Intrusion Detection and Prevention System for IoT Environment

Research Mapping in the Use of Technology for Fake News Detection: Bibliometric Analysis from 2011 to 2021

A Multiphase Dynamic Deployment Mechanism of Virtualized Honeypots Based on Intelligent Attack Path Prediction

Contact Info

Product

Resources

About