Using Behavioral Modeling and Customized Normalcy Profiles as Protection against Targeted Cyber-Attacks

Dolgikh, Andrey; Nykodym, Tomas; Skormin, Victor A.; Birnbaum, Zachary

doi:10.1007/978-3-642-33704-8_17

Cited by 7 publications

(5 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…It is currently unknown if Wüchner's approach [156] could be used in combination with e.g. Wang's feature extraction system [155] or other graph-based approaches such as BinGraph [88] or the system introduced by Dolgikh [41]. Tags Dolgikh et al [41] conduct behavioral analysis capable to automatically create application profiles for both malicious and benign samples.…”

Section: Malware Analysis Solutionsmentioning

confidence: 99%

“…Wang's feature extraction system [155] or other graph-based approaches such as BinGraph [88] or the system introduced by Dolgikh [41]. Tags Dolgikh et al [41] conduct behavioral analysis capable to automatically create application profiles for both malicious and benign samples. Their system considers recorded API calls that are subsequently transformed into a labeled graph representing a stream of system calls.…”

Section: Malware Analysis Solutionsmentioning

confidence: 99%

“…An effective implementation will have to carefully consider available solutions and hand-pick a small number of providers suited to the respective task. This survey identified monitoring and data classification [12,27,121,124,148,156] as well as attack description, profiling and extraction to be a vital part of this stage of ATA identification [41,72,143,156]. Various detection systems spread across all the primary detection domains will help to assemble the picture [28,148,163].…”

Section: Data Provider Selectionmentioning

confidence: 99%

See 2 more Smart Citations

Semantics-aware detection of targeted attacks: a survey

Luh

Marschalek

Kaiser

et al. 2016

J Comput Virol Hack Tech

View full text Add to dashboard Cite

In today's interconnected digital world, targeted attacks have become a serious threat to conventional computer systems and critical infrastructure alike. Many researchers contribute to the fight against network intrusions or malicious software by proposing novel detection systems or analysis methods. However, few of these solutions have a particular focus on Advanced Persistent Threats or similarly sophisticated multi-stage attacks. This turns finding domainappropriate methodologies or developing new approaches into a major research challenge. To overcome these obstacles, we present a structured review of semantics-aware works that have a high potential for contributing to the analysis or detection of targeted attacks. We introduce a detailed literature evaluation schema in addition to a highly granular model for article categorization. Out of 123 identified papers, 60 were found to be relevant in the context of this study. The selected articles are comprehensively reviewed and assessed in accordance to Kitchenham's guidelines for systematic literature reviews. In conclusion, we combine new insights and the status quo of current research into the concept of an ideal systemic approach capable of semantically processing and evaluating information from different observation points.

show abstract

Section: Malware Analysis Solutionsmentioning

confidence: 99%

Section: Malware Analysis Solutionsmentioning

confidence: 99%

Section: Data Provider Selectionmentioning

confidence: 99%

See 1 more Smart Citation

Semantics-aware detection of targeted attacks: a survey

Luh

Marschalek

Kaiser

et al. 2016

J Comput Virol Hack Tech

View full text Add to dashboard Cite

show abstract

“…The body of work in communication security [18], host based security [19], and software security [20] can often be directly applied to UAVs. However, UAVs pose specific problems that cannot be addressed by simply applying known solutions [6,11,14].…”

Section: Related Workmentioning

confidence: 99%

Unmanned Aerial Vehicle security using Recursive parameter estimation

Birnbaum

Dolgikh

Skormin

et al. 2014

2014 International Conference on Unmanned Aircraft Systems (ICUAS)

Self Cite

View full text Add to dashboard Cite

The proliferation of Unmanned Aerial Vehicles (UAVs) raises a host of new security concerns. Our research resulted in a prototype UAV monitoring system, which captures flight data and performs real-time estimation/tracking of airframe and controller parameters utilizing the Recursive Least Squares Method. Subjected to statistical validation and trend analysis, parameter estimates are instrumental for the detection of some classes of cyber attacks and incipient hardware failures that can invariably jeopardize mission success. Our results demonstrate that achieving efficient anomaly detection during flight is possible through the intelligent application of statistical methods to system behavioral profiling.

show abstract

“…Dolgikh et al [11] conduct dynamic behavioral analysis of applications. Their system is capable of automatically creating application profiles for both malicious and benign samples.…”

mentioning

confidence: 99%

AIDIS: Detecting and classifying anomalous behavior in ubiquitous kernel processes

Luh

Janicke

Schrittwieser

2019

Computers & Security

View full text Add to dashboard Cite

Targeted attacks on IT systems are a rising threat against the confidentiality, integrity, and availability of critical information and infrastructures. With the rising prominence of advanced persistent threats (APTs), identifying and understanding such attacks has become increasingly important. Current signaturebased systems are heavily reliant on fixed patterns that struggle with unknown or evasive applications, while behavior-based solutions usually leave most of the interpretative work to a human analyst. In this article we propose AIDIS, an Advanced Intrusion Detection and Interpretation System capable to explain anomalous behavior within a network-enabled user session by considering kernel event anomalies identified through their deviation from a set of baseline process graphs. For this purpose we adapt star structures, a bipartite representation used to approximate the edit distance between two graphs. Baseline templates are generated automatically and adapt to the nature of the respective operating system process. We prototypically implemented smart anomaly classification through a set of competency questions applied to graph template deviations and evaluated the approach using both Random Forest and linear kernel support vector machines. The determined attack classes are ultimately mapped to a dedicated APT attacker/defender meta model that considers actions, actors, as well as assets and mitigating controls, thereby enabling decision support and contextual interpretation of ongoing attacks.

show abstract

Using Behavioral Modeling and Customized Normalcy Profiles as Protection against Targeted Cyber-Attacks

Cited by 7 publications

References 8 publications

Semantics-aware detection of targeted attacks: a survey

Semantics-aware detection of targeted attacks: a survey

Unmanned Aerial Vehicle security using Recursive parameter estimation

AIDIS: Detecting and classifying anomalous behavior in ubiquitous kernel processes

Contact Info

Product

Resources

About