ترغب بنشر مسار تعليمي؟ اضغط هنا

Empirical analysis and statistical modeling of attack processes based on honeypots

191   0   0.0 ( 0 )
 نشر من قبل Mohamed Kaaniche
 تاريخ النشر 2007
  مجال البحث الهندسة المعلوماتية
والبحث باللغة English
 تأليف Mohamed Kaaniche




اسأل ChatGPT حول البحث

Honeypots are more and more used to collect data on malicious activities on the Internet and to better understand the strategies and techniques used by attackers to compromise target systems. Analysis and modeling methodologies are needed to support the characterization of attack processes based on the data collected from the honeypots. This paper presents some empirical analyses based on the data collected from the Leurr{e}.com honeypot platforms deployed on the Internet and presents some preliminary modeling studies aimed at fulfilling such objectives.



قيم البحث

اقرأ أيضاً

Link dimensioning is used by ISPs to properly provision the capacity of their network links. Operators have to make provisions for sudden traffic bursts and network failures to assure uninterrupted operations. In practice, traffic averages are used t o roughly estimate required capacity. More accurate solutions often require traffic statistics easily obtained from packet captures, e.g. variance. Our investigations on real Internet traffic have emphasized that the traffic shows high variations at small aggregation times, which indicates that the traffic is self-similar and has a heavy-tailed characteristics. Self-similarity and heavy-tailedness are of great importance for network capacity planning purposes. Traffic modeling process should consider all Internet traffic characteristics. Thereby, the quality of service (QoS) of the network would not affected by any mismatching between the real traffic properties and the reference statistical model. This paper proposes a new class of traffic profiles that is better suited for metering bursty Internet traffic streams. We employ bandwidth provisioning to determine the lowest required bandwidth capacity level for a network link, such that for a given traffic load, a desired performance target is met. We validate our approach using packet captures from real IP-based networks. The proposed link dimensioning approach starts by measuring the statistical parameters of the available traces, and then the degree of fluctuations in the traffic has been measured. This is followed by choosing a proper model to fit the traffic such as lognormal and generalized extreme value distributions. Finally, the optimal capacity for the link can be estimated by deploying the bandwidth provisioning approach. It has been shown that the heavy tailed distributions give more precise values for the link capacity than the Gaussian model.
An unobservable false data injection (FDI) attack on AC state estimation (SE) is introduced and its consequences on the physical system are studied. With a focus on understanding the physical consequences of FDI attacks, a bi-level optimization probl em is introduced whose objective is to maximize the physical line flows subsequent to an FDI attack on DC SE. The maximization is subject to constraints on both attacker resources (size of attack) and attack detection (limiting load shifts) as well as those required by DC optimal power flow (OPF) following SE. The resulting attacks are tested on a more realistic non-linear system model using AC state estimation and ACOPF, and it is shown that, with an appropriately chosen sub-network, the attacker can overload transmission lines with moderate shifts of load.
Blockchain has become one of the most attractive technologies for applications, with a large range of deployments such as production, economy, or banking. Under the hood, Blockchain technology is a type of distributed database that supports untrusted parties. In this paper we focus Hyperledger Fabric, the first blockchain in the market tailored for a private environment, allowing businesses to create a permissioned network. Hyperledger Fabric implements a PBFT consensus in order to maintain a non forking blockchain at the application level. We deployed this framework over an area network between France and Germany in order to evaluate its performance when potentially large network delays are observed. Overall we found that when network delay increases significantly (i.e. up to 3.5 seconds at network layer between two clouds), we observed that the blocks added to our blockchain had up to 134 seconds offset after 100 th block from one cloud to another. Thus by delaying block propagation, we demonstrated that Hyperledger Fabric does not provide sufficient consistency guaranties to be deployed in critical environments. Our work, is the fist to evidence the negative impact of network delays on a PBFT-based blockchain.
Concepts in a certain domain of science are linked via intrinsic connections reflecting the structure of knowledge. To get a qualitative insight and a quantitative description of this structure, we perform empirical analysis and modeling of the netwo rk of scientific concepts in the domain of physics. To this end we use a collection of manuscripts submitted to the e-print repository arXiv and the vocabulary of scientific concepts collected via the ScienceWISE.info platform and construct a network of scientific concepts based on their co-occurrences in publications. The resulting complex network possesses a number of specific features (high node density, dissortativity, structural correlations, skewed node degree distribution) that can not be understood as a result of simple growth by several commonly used network models. We show that the model based on a simultaneous account of two factors, growth by blocks and preferential selection, gives an explanation of empirically observed properties of the concepts network.
Deep neural networks (DNN) are known to be vulnerable to adversarial attacks. Numerous efforts either try to patch weaknesses in trained models, or try to make it difficult or costly to compute adversarial examples that exploit them. In our work, we explore a new honeypot approach to protect DNN models. We intentionally inject trapdoors, honeypot weaknesses in the classification manifold that attract attackers searching for adversarial examples. Attackers optimization algorithms gravitate towards trapdoors, leading them to produce attacks similar to trapdoors in the feature space. Our defense then identifies attacks by comparing neuron activation signatures of inputs to those of trapdoors. In this paper, we introduce trapdoors and describe an implementation of a trapdoor-enabled defense. First, we analytically prove that trapdoors shape the computation of adversarial attacks so that attack inputs will have feature representations very similar to those of trapdoors. Second, we experimentally show that trapdoor-protected models can detect, with high accuracy, adversarial examples generated by state-of-the-art attacks (PGD, optimization-based CW, Elastic Net, BPDA), with negligible impact on normal classification. These results generalize across classification domains, including image, facial, and traffic-sign recognition. We also present significant results measuring trapdoors robustness against customized adaptive attacks (countermeasures).
التعليقات
جاري جلب التعليقات جاري جلب التعليقات
سجل دخول لتتمكن من متابعة معايير البحث التي قمت باختيارها
mircosoft-partner

هل ترغب بارسال اشعارات عن اخر التحديثات في شمرا-اكاديميا