Open Access. Powered by Scholars. Published by Universities.®
Articles 1 - 5 of 5
Full-Text Articles in Entire DC Network
Engaging Empirical Dynamic Modeling To Detect Intrusions In Cyber-Physical Systems, David R. Crow, Scott R. Graham, Brett J. Borghetti, Patrick J. Sweeney
Engaging Empirical Dynamic Modeling To Detect Intrusions In Cyber-Physical Systems, David R. Crow, Scott R. Graham, Brett J. Borghetti, Patrick J. Sweeney
Faculty Publications
Modern cyber-physical systems require effective intrusion detection systems to ensure adequate critical infrastructure protection. Developing an intrusion detection capability requires an understanding of the behavior of a cyber-physical system and causality of its components. Such an understanding enables the characterization of normal behavior and the identification and reporting of anomalous behavior. This chapter explores a relatively new time series analysis technique, empirical dynamic modeling, that can contribute to system understanding. Specifically, it examines if the technique can adequately describe causality in cyber-physical systems and provides insights into it serving as a foundation for intrusion detection.
Rethinking The Weakness Of Stream Ciphers And Its Application To Encrypted Malware Detection, William Stone, Daeyoung Kim, Victor Youdom Kemmoe, Mingon Kang, Junggab Son
Rethinking The Weakness Of Stream Ciphers And Its Application To Encrypted Malware Detection, William Stone, Daeyoung Kim, Victor Youdom Kemmoe, Mingon Kang, Junggab Son
Computer Science Faculty Research
One critical vulnerability of stream ciphers is the reuse of an encryption key. Since most stream ciphers consist of only a key scheduling algorithm and an Exclusive OR (XOR) operation, an adversary may break the cipher by XORing two captured ciphertexts generated under the same key. Various cryptanalysis techniques based on this property have been introduced in order to recover plaintexts or encryption keys; in contrast, this research reinterprets the vulnerability as a method of detecting stream ciphers from the ciphertexts it generates. Patterns found in the values (characters) expressed across the bytes of a ciphertext make the ciphertext distinguishable …
Applications Of Machine Learning To Threat Intelligence, Intrusion Detection And Malware, Charity Barker
Applications Of Machine Learning To Threat Intelligence, Intrusion Detection And Malware, Charity Barker
Senior Honors Theses
Artificial Intelligence (AI) and Machine Learning (ML) are emerging technologies with applications to many fields. This paper is a survey of use cases of ML for threat intelligence, intrusion detection, and malware analysis and detection. Threat intelligence, especially attack attribution, can benefit from the use of ML classification. False positives from rule-based intrusion detection systems can be reduced with the use of ML models. Malware analysis and classification can be made easier by developing ML frameworks to distill similarities between the malicious programs. Adversarial machine learning will also be discussed, because while ML can be used to solve problems or …
Packet Analysis For Network Forensics: A Comprehensive Survey, Leslie F. Sikos
Packet Analysis For Network Forensics: A Comprehensive Survey, Leslie F. Sikos
Research outputs 2014 to 2021
Packet analysis is a primary traceback technique in network forensics, which, providing that the packet details captured are sufficiently detailed, can play back even the entire network traffic for a particular point in time. This can be used to find traces of nefarious online behavior, data breaches, unauthorized website access, malware infection, and intrusion attempts, and to reconstruct image files, documents, email attachments, etc. sent over the network. This paper is a comprehensive survey of the utilization of packet analysis, including deep packet inspection, in network forensics, and provides a review of AI-powered packet analysis methods with advanced network traffic …
Rdtids: Rules And Decision Tree-Based Intrusion Detection System For Internet-Of-Things Networks, Mohammad Amine Ferrag, Leandros Maglaras, Ahmed Ahmim, Makhlouf Derdour, Helge Janicke
Rdtids: Rules And Decision Tree-Based Intrusion Detection System For Internet-Of-Things Networks, Mohammad Amine Ferrag, Leandros Maglaras, Ahmed Ahmim, Makhlouf Derdour, Helge Janicke
Research outputs 2014 to 2021
This paper proposes a novel intrusion detection system (IDS), named RDTIDS, for Internet-of-Things (IoT) networks. The RDTIDS combines different classifier approaches which are based on decision tree and rules-based concepts, namely, REP Tree, JRip algorithm and Forest PA. Specifically, the first and second method take as inputs features of the data set, and classify the network traffic as Attack/Benign. The third classifier uses features of the initial data set in addition to the outputs of the first and the second classifier as inputs. The experimental results obtained by analyzing the proposed IDS using the CICIDS2017 dataset and BoT-IoT dataset, attest …