Do you want to publish a course? Click here

Detecting Threat E-mails using Bayesian Approach

154   0   0.0 ( 0 )
 Added by M. Tariq Banday
 Publication date 2011
and research's language is English




Ask ChatGPT about the research

Fraud and terrorism have a close connect in terms of the processes that enables and promote them. In the era of Internet, its various services that include Web, e-mail, social networks, blogs, instant messaging, chats, etc. are used in terrorism not only for communication but also for i) creation of ideology, ii) resource gathering, iii) recruitment, indoctrination and training, iv) creation of terror network, and v) information gathering. A major challenge for law enforcement and intelligence agencies is efficient and accurate gathering of relevant and growing volume of crime data. This paper reports on use of established Naive Bayesian filter for classification of threat e-mails. Efficiency in filtering threat e-mail by use of three different Naive Bayesian filter approaches i.e. single keywords, weighted multiple keywords and weighted multiple keywords with keyword context matching are evaluated on a threat e-mail corpus created by extracting data from sources that are very close to terrorism.



rate research

Read More

In todays business environment, it is difficult to imagine a workplace without access to the web, yet a variety of email born viruses, spyware, adware, Trojan horses, phishing attacks, directory harvest attacks, DoS attacks, and other threats combine to attack businesses and customers. This paper is an attempt to review phishing - a constantly growing and evolving threat to Internet based commercial transactions. Various phishing approaches that include vishing, spear phishng, pharming, keyloggers, malware, web Trojans, and others will be discussed. This paper also highlights the latest phishing analysis made by Anti-Phishing Working Group (APWG) and Korean Internet Security Center.
Insider threats entail major security issues in geopolitics, cyber risk management and business organization. The game theoretic models proposed so far do not take into account some important factors such as the organisational culture and whether the attacker was detected or not. They also fail to model the defensive mechanisms already put in place by an organisation to mitigate an insider attack. We propose two new models which incorporate these settings and hence are more realistic. %Most earlier work in the field has focused on %standard game theoretic approaches to find the solutions. We use the adversarial risk analysis (ARA) approach to find the solution to our models. ARA does not assume common knowledge and solves the problem from the point of view of one of the players, taking into account their knowledge and uncertainties regarding the choices available to them, to their adversaries, the possible outcomes, their utilities and their opponents utilities. Our models and the ARA solutions are general and can be applied to most insider threat scenarios. A data security example illustrates the discussion.
352 - Peng Gao , Fei Shao , Xiaoyuan Liu 2020
Log-based cyber threat hunting has emerged as an important solution to counter sophisticated attacks. However, existing approaches require non-trivial efforts of manual query construction and have overlooked the rich external threat knowledge provided by open-source Cyber Threat Intelligence (OSCTI). To bridge the gap, we propose ThreatRaptor, a system that facilitates threat hunting in computer systems using OSCTI. Built upon system auditing frameworks, ThreatRaptor provides (1) an unsupervised, light-weight, and accurate NLP pipeline that extracts structured threat behaviors from unstructured OSCTI text, (2) a concise and expressive domain-specific query language, TBQL, to hunt for malicious system activities, (3) a query synthesis mechanism that automatically synthesizes a TBQL query for hunting, and (4) an efficient query execution engine to search the big audit logging data. Evaluations on a broad set of attack cases demonstrate the accuracy and efficiency of ThreatRaptor in practical threat hunting.
Cyber attacks are becoming more frequent and sophisticated, introducing significant challenges for organizations to protect their systems and data from threat actors. Today, threat actors are highly motivated, persistent, and well-founded and operate in a coordinated manner to commit a diversity of attacks using various sophisticated tactics, techniques, and procedures. Given the risks these threats present, it has become clear that organizations need to collaborate and share cyber threat information (CTI) and use it to improve their security posture. In this paper, we present TRADE -- TRusted Anonymous Data Exchange -- a collaborative, distributed, trusted, and anonymized CTI sharing platform based on blockchain technology. TRADE uses a blockchain-based access control framework designed to provide essential features and requirements to incentivize and encourage organizations to share threat intelligence information. In TRADE, organizations can fully control their data by defining sharing policies enforced by smart contracts used to control and manage CTI sharing in the network. TRADE allows organizations to preserve their anonymity while keeping organizations fully accountable for their action in the network. Finally, TRADE can be easily integrated within existing threat intelligence exchange protocols - such as trusted automated exchange of intelligence information (TAXII) and OpenDXL, thereby allowing a fast and smooth technology adaptation.
136 - Peng Gao , Fei Shao , Xiaoyuan Liu 2021
Log-based cyber threat hunting has emerged as an important solution to counter sophisticated cyber attacks. However, existing approaches require non-trivial efforts of manual query construction and have overlooked the rich external knowledge about threat behaviors provided by open-source Cyber Threat Intelligence (OSCTI). To bridge the gap, we build ThreatRaptor, a system that facilitates cyber threat hunting in computer systems using OSCTI. Built upon mature system auditing frameworks, ThreatRaptor provides (1) an unsupervised, light-weight, and accurate NLP pipeline that extracts structured threat behaviors from unstructured OSCTI text, (2) a concise and expressive domain-specific query language, TBQL, to hunt for malicious system activities, (3) a query synthesis mechanism that automatically synthesizes a TBQL query from the extracted threat behaviors, and (4) an efficient query execution engine to search the big system audit logging data.
comments
Fetching comments Fetching comments
Sign in to be able to follow your search criteria
mircosoft-partner

هل ترغب بارسال اشعارات عن اخر التحديثات في شمرا-اكاديميا