avatar
Articles
113
Tags
82
Categories
14

Home
Archives
Tags
Categories
About
odymit's blog
Search
Home
Archives
Tags
Categories
About

odymit's blog

DeepHunter: A Graph Neural Network Based Approach for Robust Cyber Threat Hunting
Created2021-08-26|papersabstract
abstract 1Cyber Threat hunting is a proactive search for known attack behaviors in the organizational information system. It is an important component to mitigate advanced persistent threats (APTs). However, the attack behaviors recorded in provenance data may not be completely consistent with the known attack behaviors. In this paper, we propose DeepHunter, a graph neural network (GNN) based graph pattern matching approach that can match provenance data against known attack behaviors in a robus ...
HOLMES: Real-time APT Detection through Correlation of Suspicious Information Flows
Created2021-08-14|papersabstract
abstract 1In this paper, we present HOLMES, a system that implements a new approach to the detection of Advanced and Persistent Threats (APTs). HOLMES is inspired by several case studies of real-world APTs that highlight some common goals of APT actors. In a nutshell, HOLMES aims to produce a detection signal that indicates the presence of a coordinated set of activities that are part of an APT campaign. One of the main challenges addressed by our approach involves developing a suite of techniqu ...
ATLAS: A Sequence-based Learning Approach for Attack Investigation
Created2021-08-11|papersabstract
abstract 1In this paper, we present ATLAS, a framework that constructs an end-to-end attack story from off-the-shelf audit logs. Our key observation is that different attacks may share similar abstract attack strategies, regardless of the vulnerabilities exploited and payloads executed. ATLAS leverages a novel combination of causality analysis, natural language processing, and machine learning techniques to build a sequence-based model, which establishes key patterns of attack and non-attack beh ...
基于攻击路径图的入侵意图识别
Created2021-07-13|papersabstract
abstract 1为了预测攻击者高层次的攻击目标,感知网络的安全态势,提出入侵意图识别方法.给出入侵意图的概念及其分类,提出一种基于层次化的攻击路径图.利用攻击路径图对攻击者的意图可达性、意图实现概率、意图实现 的最短路径和攻击路径预测进行定量分析.应用有向图的最小割理论制定防护措施阻止攻击者意图的实现,为管 理员的决策提供依据.实验验证了该方法的可行性和有效性. abstract指出论文内容主要有: 给出入侵意图的分类 提出基于层次化的攻击路径图 可用于意图可达性、意图实现概率、意图实现最短路径和攻击路径预测进行定量分析 意图识别内容 入侵意图 层次化的攻击路径图 定义: 弱点集合 V:{v_CVE, v_pre, v_post} 主机集合 H,端口集合 theta 攻击者可能达到的意图集合 I,I 为一个四元组 {i_name, i_target, i_pre, i_post} 模型输入为:网络拓扑信息、弱点信息、入侵意图信息 推理生成的路径图有:弱点级、主机级、保护域级 攻击路径图生成 算法简介: 攻击者已经获得了较高的权 ...
A New Algorithm to Estimate the Similarity between the Intentions of the Cyber Crimes for Network Forensics
Created2021-07-13|papersabstract
abstract 1This paper proposes a new algorithm called the Similarity of Attack Intention (SAI), which uses cosine similarity as a distance-based similarity measure to estimate similar cyber crime intentions. The algorithm is based on the Attack Intention Analysis (AIA) algorithm to predict new cyber crime intentions and assigned the probability values for these intentions. A similarity metric for the new cyber crimes intentions with others is generated in order to identify the similar intentions. ...
Threat Modeling and Attack Simulations of Connected Vehicles: Proof of Concept
Created2021-07-08|papersabstract
abstract 1This paper reviews research in the field, showing that not much work has been done in the combined area of connected vehicles and threat modeling with attack simulations. We have implemented and conducted attack simulations on two vehicle threat models using a tool called securiCAD. Our work serves as a proof of concept of the approach and indicates that the approach is useful. Especially if more research of vehicle-specific vulnerabilities, weaknesses, and countermeasures is done in o ...
Cyber security threat modeling based on the MITRE Enterprise ATT&CK Matrix
Created2021-07-08|papersabstract
abstract 1To proactively address these security issues in enterprise systems, this paper proposes a threat modeling language for enterprise security based on the MITRE Enterprise ATT&CK Matrix. It is designed using the Meta Attack Language framework and focuses on describing system assets, attack steps, defenses, and asset associations. The attack steps in the language represent adversary techniques as listed and described by MITRE. This entity-relationship model describes enterprise IT syst ...
Design and Implementation of a Novel Testbed for Automotive Security Analysis
Created2021-07-08|papersabstract
abstract 1In this paper, we introduce design and implementation of an emulating internal vehicular network as a testbed that can be used to perform an intuitive analysis on the data set collected from the real vehicular network for different situations and replayed through the testing environment similar to an actual vehicle. abstract中指出: 该文章设计并实现了汽车内部网络的一个模拟工具 可以用来执行数据分析和数据重放 设计与实施 其设计模型图如下: 可用性评估 1The implemented framework was compared with the actual vehicle to evaluate its adequacy as an ...
CAN、ECU安全检测工具调研
Created2021-07-02|tools
做了简单的了解之后发现关于CAN、ECU的安全测试工具比较多,所以简单做了一个分类如下所示: 分析 总结 硬件 开发工具 接入和数据采集工具 无线 有线 混合 分析测试工具 软件及相关库 软件 监控分析 硬件发现 其他 相关库 C Python 声明 分析 对于CAN、ECU执行安全检测主要用到的工具,功能主要分为: 建立数据通道 - 常用的设备为ELM327、USB2CAN、USBtin等。 捕获数据 - O2OO 分析数据 - Wireshark、Intrepid Tools、CANToolz等 渗透测试 - metasploit、CANtact、CANSPY等 现有的常用的工具可能包含一个或多个上述功能。考虑成本和使用现有以下推荐: 采用ELM327作为连接,进行CAN总线数据分析可以使用wireshark,进行CAN总线安全测试可以使用metasploit框架的硬件桥接 使用USB2CAN,可以采用Linux平台的socketCAN库来进行相关的分析以及渗透操作。 最后可以采用个人或者团队开发的价格合适的相关硬件可以直接通过ODB-II ...
codechecker概览
Created2021-07-02|tools
codechecker介绍 codechecker 是一款代码审计工具,可以扫描源码中可能存在的漏洞。该工具的主要特点有两个: clang sa/clang tidy 的多文件扫描,使用 tu_collector 对多个文件做了翻译单元的聚合,然后调用 clang sa/clang tidy 进行扫描 项目管理服务器和报告展示界面 工具仓库地址:https://github.com/Ericsson/codechecker 整体架构 目录: 编译命令记录 记录编译器指令,如make, cmake 将编译器指令转化成为JSON格式 编译命令处理 参数过滤 C/C++标准检查 编译目标检测 gcc/g++ 硬编码路径收集 交叉编译单元和静态分析的预处理 交叉编译单元:针对每一个编译动作生成AST输出 统计分析:收集不同的信息,返回值检查等,这些信息可以在静态分析步骤被重用 分析运行 Multiple analyzers run parallel using the collected information in the pre a ...
1…101112
avatar
odymit
Reading, thinking and writing.
Articles
113
Tags
82
Categories
14
Follow Me
Announcement
Peace and love!
Recent Post
Topology-Aware Network Pruning using Multi-stage Graph Embedding and Reinforcement Learning2023-09-27
centos volume management2023-09-27
OpenBackdoor: A Unified Evaluation of Textual Backdoor Learning: Frameworks and Benchmarks2023-03-16
BACKDOORBOX: A PYTHON TOOLBOX FOR BACKDOOR LEARNIN2023-03-13
BackdoorBench: A Comprehensive Benchmark of Backdoor Learning2023-03-12
Categories
  • papers82
    • abstract79
    • innovation1
    • survey2
  • readings22
    • bug analysis21
    • dynamic taint analysis1
  • techniques5
Tags
AI Survey 自然语言处理 运维 信息提取 Federated Learning tools AI Backdoor Attacks 人工智能 centos toolbox 数据投毒检测 robustness AI安全 攻击模拟 Poisoning Defences assessment 数据压缩 意图识别 mitre-attack 溯源图 聚类算法 ATT&CK Mysql CALDERA Graph Classification 图卷积神经网络 CAR 日志分析 reinforcement learning 威胁情报 溯源采集工具 异常值检测 项目管理 git Vue 日志近似方法验证 backdoor 代码审计 图
Archives
  • September 20232
  • March 20235
  • August 20223
  • July 20225
  • June 20226
  • May 20226
  • April 202239
  • March 20227
Info
Article :
113
UV :
PV :
Last Update :
©2020 - 2023 By odymit
Framework Hexo|Theme Butterfly
Search
Loading the Database