Tiresias

Shen, Yun; Mariconti, Enrico; Vervier, Pierre-Antoine; Stringhini, Gianluca

doi:10.1145/3243734.3243811

Cited by 97 publications

(18 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…CNNs are a type of neural network first designed for 2-dimensional convolutions as inspired by the biological processes of animals' visual cortex [28]. They are primarily used for image classification, but in recent years, they have proven to be a powerful tool in security applications [29], [30]. CNNs are similar to ordinary neural networks (e.g., MLP): they consist of a number of layers where each layer is made up of neurons.…”

Section: ) Convolutional Neural Network (Cnn)mentioning

confidence: 99%

See 1 more Smart Citation

Mind the Portability: A Warriors Guide through Realistic Profiled Side-channel Analysis

Bhasin¹,

Chattopadhyay²,

Heuser³

et al. 2020

Proceedings 2020 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

Profiled side-channel attacks represent a practical threat to digital devices, thereby having the potential to disrupt the foundation of e-commerce, the Internet of Things (IoT), and smart cities. In the profiled side-channel attack, the adversary gains knowledge about the target device by getting access to a cloned device. Though these two devices are different in realworld scenarios, yet, unfortunately, a large part of research works simplifies the setting by using only a single device for both profiling and attacking. There, the portability issue is conveniently ignored to ease the experimental procedure. In parallel to the above developments, machine learning techniques are used in recent literature, demonstrating excellent performance in profiled side-channel attacks. Again, unfortunately, the portability is neglected. In this paper, we consider realistic side-channel scenarios and commonly used machine learning techniques to evaluate the influence of portability on the efficacy of an attack. Our experimental results show that portability plays an important role and should not be disregarded as it contributes to a significant overestimate of the attack efficiency, which can easily be an order of magnitude size. After establishing the importance of portability, we propose a new model called the Multiple Device Model (MDM) that formally incorporates the device to device variation during a profiled side-channel attack. We show through experimental studies how machine learning and MDM significantly enhance the capacity for practical side-channel attacks. More precisely, we demonstrate how MDM can improve the performance of an attack by order of magnitude, completely negating the influence of portability.

show abstract

Section: ) Convolutional Neural Network (Cnn)mentioning

confidence: 99%

“…Based on the results, we use 400 trees with no limit to the tree depth. c) Multilayer Perceptron: When considering scenarios with 50 features, we investigate [relu, tanh] activation functions and the following number of hidden layers [1,2,3,4,5] and a number of neurons [10,20,25,30,40,50].…”

Section: E Hyper-parameter Tuningmentioning

confidence: 99%

Mind the Portability: A Warriors Guide through Realistic Profiled Side-channel Analysis

Bhasin¹,

Chattopadhyay²,

Heuser³

et al. 2020

Proceedings 2020 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

show abstract

“…Previous researches about intrusion prediction 15,16 have proven that prediction of attackers' behavior is possible because all network attack behaviors follow the law of Cyber Kill Chain 17 . The result of intrusion prediction changes based on how we define the attack behavior.…”

Section: Game Model Based On Honeynet and Intrusion Predictionmentioning

confidence: 99%

Game-theoretical cyber deception strategy generation based on honeynet and intrusion prediction

Zhang

Yang

2023

International Conference on Computer Application and Information Security (ICCAIS 2022)

View full text Add to dashboard Cite

Cyber deception is a critical component of proactive cyber defense. It releases false information about devices, applications and networks to attackers to mislead attackers, sabotage attack actions and mitigate impact of intrusion based on cyber deception strategy. There have been many researches about cyber deception strategy. Most of them consider the process of cyber attack and defense as non-cooperative game theory model and design algorithms to find optimal solutions. However, most existing researches abstract attackers and defenders into simple characters, having limitations in applicability. To supplement this part of research, we introduce intrusion prediction and honeynet to game-theoretical cyber deception and propose a novel cyber deception strategy model. We run some simulations to verify the effectiveness of our proposed model. Based on the simulation results, the rules of multi-stage cyber deception and model application are summarized, which can provide a novel and effective guidance of cyber deception.

show abstract

“…Sequence approaches such as [14,3,27,28,2] take log entries and concatenate them chronologically into sequences. These techniques are primarily concerned with capturing temporal and sequential connections between log entries, and often make use of deep learning techniques such as Long Short-Term Memory (LSTM) or machine learning tool such as signature kernel, to learn from previous events and forecast future events.…”

Section: Related Workmentioning

confidence: 99%

TapTree: Process-Tree Based Host Behavior Modeling and Threat Detection Framework via Sequential Pattern Mining

Mamun

Buffett

2022

Information and Communications Security

View full text Add to dashboard Cite

Host behaviour modelling is widely deployed in today's corporate environments to aid in the detection and analysis of cyber attacks. Audit logs containing system-level events are frequently used for behavior modeling as they can provide detailed insight into cyber-threat occurrences. However, mapping low-level system events in audit logs to highlevel behaviors has been a major challenge in identifying host contextual behavior for the purpose of detecting potential cyber threats. Relying on domain expert knowledge may limit its practical implementation. This paper presents TapTree, an automated process-tree based technique to extract host behavior by compiling system events' semantic information. After extracting behaviors as system generated process trees, TapTree integrates event semantics as a representation of behaviors. To further reduce pattern matching workloads for the analyst, TapTree aggregates semantically equivalent patterns and optimizes representative behaviors. In our evaluation against a recent benchmark audit log dataset (DARPA OpTC), TapTree employs tree pattern queries and sequential pattern mining techniques to deduce the semantics of connected system events, achieving high accuracy for behavior abstraction and then Advanced Persistent Threat (APT) attack detection. Moreover, we illustrate how to update the baseline model gradually online, allowing it to adapt to new log patterns over time.

show abstract

Tiresias

Cited by 97 publications

References 19 publications

Mind the Portability: A Warriors Guide through Realistic Profiled Side-channel Analysis

Mind the Portability: A Warriors Guide through Realistic Profiled Side-channel Analysis

Game-theoretical cyber deception strategy generation based on honeynet and intrusion prediction

TapTree: Process-Tree Based Host Behavior Modeling and Threat Detection Framework via Sequential Pattern Mining

Contact Info

Product

Resources

About