Network Security Risk Assessment System Based on Attack Graph and Markov Chain.
Automatically and periodically collect network topology and vulnerability data
Combining the improved CVSS and probability evaluation of attack path
Network scanning is the process of gathering detailed information about targets on a network through complex reconnaissance techniques. It identifies active machines, operating systems, open ports and services. This enables attackers to profile organizations by discovering specific IP addresses, OSs, system architectures and services running on each computer. Common types of scanning include port scanning to identify open ports and services, network scanning to find active hosts and IP addresses, and vulnerability scanning to detect known weaknesses. The objectives of network scanning are to discover live hosts and open ports, identify OSs and applications to determine the best means of entry and exploit vulnerabilities. Nmap is a widely used security scanner that sends crafted packets to analyze responses and map networks by identifying hosts, ports, services, firewalls
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
Replay of Malicious Traffic in Network TestbedsDETER-Project
In this paper we present tools and methods to integrate attack measurements from the Internet with controlled experimentation on a network testbed. We show that this approach provides greater fidelity than synthetic models. We compare the statistical properties of real-world attacks with synthetically generated constant bit rate attacks on the testbed. Our results indicate that trace replay provides fine time-scale details that may be absent in constant bit rate attacks. Additionally, we demonstrate the effectiveness of our approach to study new and emerging attacks. We replay an Internet attack captured by the LANDER system on the DETERLab testbed within two hours.
Data and tools from the paper are available at: http://montage.deterlab.net/magi/hst2013tools
Also read the LANDER Blog entry at: http://ant.isi.edu/blog/?p=411
USE OF MARKOV CHAIN FOR EARLY DETECTING DDOS ATTACKSIJNSA Journal
DDoS has a variety of types of mixed attacks. Botnet attackers can chain different types of DDoS attacks to confuse cybersecurity defenders. In this article, the attack type can be represented as the state of the model. Considering the attack type, we use this model to calculate the final attack probability. The final attack probability is then converted into one prediction vector, and the incoming attacks can be detected early before IDS issues an alert. The experiment results have shown that the prediction model that can make multi-vector DDoS detection and analysis easier.
This document summarizes a project analyzing cyber attack hotspots in real time from streaming data. It discusses using anti-virus company data at 4000-6000 events per minute, scaling up using augmented data, and calculating Getis-Ord scores to identify statistically significant clusters of attacks. It also covers implementing a data pipeline using Kafka streams, handling different data formats with custom serializers, and addressing errors like inability to create internal topics. Screenshots show examples of visualizing hotspots and trends.
The document discusses security issues related to the RSA cryptosystem. It outlines four approaches to attacking RSA: brute force, mathematical attacks, timing attacks, and chosen ciphertext attacks. It then focuses on mathematical attacks, explaining that the primary mathematical attack is factoring the product of the two primes used to generate the public and private keys. It also discusses timing attacks and defenses against them, as well as chosen ciphertext attacks and defenses through padding.
Applying Provenance in APT Monitoring and Analysis Practical Challenges for S...Graeme Jenkinson
Advanced Persistent Threats (APT) are a class of security threats in which a well-resourced attacker targets a specific individual or organisation with a predefined goal. This typically involves exfiltration of confidential material, although increasingly attacks target the encryption or destruction of mission critical data. With traditional prevention and detection mechanisms failing to stem the tide of such attacks, there is a pressing need for new monitoring and analysis tools that reduce both false-positive rates and the cognitive burden on human analysts. We propose that local and distributed provenance meta-data can simplify and improve monitoring and analysis of APTs by providing a single, authoritative sequence of events that captures the context (and side effects) of potentially malicious activities. Provenance metadata allows a human analyst to backtrack from detection of malicious activity to the point of intrusion and, similarly, to work forward to fully understand the consequences. Applying provenance to APT monitoring and analysis introduces some significantly different challenges and requirements in comparison to more traditional applications. Drawing from our experiences working with and adapting the OPUS (Observed Provenance in User Space) system to an APT monitoring and analysis use case, we introduce and discuss some of the key challenges in this space. These preliminary observations are intended [Copyright notice will appear here once 'preprint' option is removed.] to prime a discussion within the community about the design space for scalable, efficient and trustworthy distributed provenance for scenarios that impose different constraints from traditional provenance applications such as workflow and data processing frameworks.
This document describes a project to develop an intrusion detection system using data mining techniques. It discusses approaches to intrusion detection including signature-based and anomaly-based methods. For the project, a hybrid network-based and host-based intrusion detection system is proposed. Data preprocessing and mining techniques including clustering, outlier detection, and classification are applied to network packet data and system call logs to detect attacks.
Network scanning is the process of gathering detailed information about targets on a network through complex reconnaissance techniques. It identifies active machines, operating systems, open ports and services. This enables attackers to profile organizations by discovering specific IP addresses, OSs, system architectures and services running on each computer. Common types of scanning include port scanning to identify open ports and services, network scanning to find active hosts and IP addresses, and vulnerability scanning to detect known weaknesses. The objectives of network scanning are to discover live hosts and open ports, identify OSs and applications to determine the best means of entry and exploit vulnerabilities. Nmap is a widely used security scanner that sends crafted packets to analyze responses and map networks by identifying hosts, ports, services, firewalls
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
Replay of Malicious Traffic in Network TestbedsDETER-Project
In this paper we present tools and methods to integrate attack measurements from the Internet with controlled experimentation on a network testbed. We show that this approach provides greater fidelity than synthetic models. We compare the statistical properties of real-world attacks with synthetically generated constant bit rate attacks on the testbed. Our results indicate that trace replay provides fine time-scale details that may be absent in constant bit rate attacks. Additionally, we demonstrate the effectiveness of our approach to study new and emerging attacks. We replay an Internet attack captured by the LANDER system on the DETERLab testbed within two hours.
Data and tools from the paper are available at: http://montage.deterlab.net/magi/hst2013tools
Also read the LANDER Blog entry at: http://ant.isi.edu/blog/?p=411
USE OF MARKOV CHAIN FOR EARLY DETECTING DDOS ATTACKSIJNSA Journal
DDoS has a variety of types of mixed attacks. Botnet attackers can chain different types of DDoS attacks to confuse cybersecurity defenders. In this article, the attack type can be represented as the state of the model. Considering the attack type, we use this model to calculate the final attack probability. The final attack probability is then converted into one prediction vector, and the incoming attacks can be detected early before IDS issues an alert. The experiment results have shown that the prediction model that can make multi-vector DDoS detection and analysis easier.
This document summarizes a project analyzing cyber attack hotspots in real time from streaming data. It discusses using anti-virus company data at 4000-6000 events per minute, scaling up using augmented data, and calculating Getis-Ord scores to identify statistically significant clusters of attacks. It also covers implementing a data pipeline using Kafka streams, handling different data formats with custom serializers, and addressing errors like inability to create internal topics. Screenshots show examples of visualizing hotspots and trends.
The document discusses security issues related to the RSA cryptosystem. It outlines four approaches to attacking RSA: brute force, mathematical attacks, timing attacks, and chosen ciphertext attacks. It then focuses on mathematical attacks, explaining that the primary mathematical attack is factoring the product of the two primes used to generate the public and private keys. It also discusses timing attacks and defenses against them, as well as chosen ciphertext attacks and defenses through padding.
Applying Provenance in APT Monitoring and Analysis Practical Challenges for S...Graeme Jenkinson
Advanced Persistent Threats (APT) are a class of security threats in which a well-resourced attacker targets a specific individual or organisation with a predefined goal. This typically involves exfiltration of confidential material, although increasingly attacks target the encryption or destruction of mission critical data. With traditional prevention and detection mechanisms failing to stem the tide of such attacks, there is a pressing need for new monitoring and analysis tools that reduce both false-positive rates and the cognitive burden on human analysts. We propose that local and distributed provenance meta-data can simplify and improve monitoring and analysis of APTs by providing a single, authoritative sequence of events that captures the context (and side effects) of potentially malicious activities. Provenance metadata allows a human analyst to backtrack from detection of malicious activity to the point of intrusion and, similarly, to work forward to fully understand the consequences. Applying provenance to APT monitoring and analysis introduces some significantly different challenges and requirements in comparison to more traditional applications. Drawing from our experiences working with and adapting the OPUS (Observed Provenance in User Space) system to an APT monitoring and analysis use case, we introduce and discuss some of the key challenges in this space. These preliminary observations are intended [Copyright notice will appear here once 'preprint' option is removed.] to prime a discussion within the community about the design space for scalable, efficient and trustworthy distributed provenance for scenarios that impose different constraints from traditional provenance applications such as workflow and data processing frameworks.
This document describes a project to develop an intrusion detection system using data mining techniques. It discusses approaches to intrusion detection including signature-based and anomaly-based methods. For the project, a hybrid network-based and host-based intrusion detection system is proposed. Data preprocessing and mining techniques including clustering, outlier detection, and classification are applied to network packet data and system call logs to detect attacks.
A Network Intrusion Detection System (NIDS) monitors a network for malicious activities or policy violations [1]. The Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on x86 hardware virtualization extensions [2]. We design and implement a back-propagation network intrusion detection system in KVM. Compared to traditional Back Propagation (BP) NIDS, the Particle Swarm Optimization (PSO) algorithm is applied to improve efficiency. The results show an improved system in terms of recall and precision along with missing detection rates.
Security Mechanisms for Organic Mesh Networks - CAST Security Award 2007Kalman Graffi
The document proposes security frameworks for organic mesh networks. It discusses challenges around node authentication, secure routing, and misbehavior detection in networks without a trusted third party. The contribution includes a bootstrapping mechanism for node authentication, the AntSec secure routing protocol, the WatchAnt one-hop misbehavior detector, and a reputation management system. Simulation results show AntSec improves throughput over traditional protocols and WatchAnt quickly and robustly detects misbehavior.
This document presents an overview of a project titled "Network Intrusion Detection and Countermeasure Selection in Virtual Network Systems". It discusses the need for effective intrusion detection and response systems to identify attacks in cloud systems and minimize their impact. It introduces NICE, a proposed multi-phase distributed mechanism that uses attack graph models and virtual network countermeasures. NICE includes network intrusion detection agents that monitor traffic and vulnerabilities. When threats are detected, countermeasures like packet inspection or virtual network reconfigurations are deployed.
Identifying attack propagation patterns in Honeypots using Markov Chains Mode...Preeti M Sobarad
Identifying attack propagation patterns in Honeypots using Markov Chains Modelling and Complex Networks analysis
Honeypot frameworks (a set of deployed and monitored Honeypots) are designed to attract attackers by presenting false or misleading information that an attacker will want to gain, attack or control.
Honeypot propagation models try to detect phenomena that reflect the propagation of attacks through different honeypots in the system.
Here we use a two-phased method for modeling honeypot propagation patterns within a honeypot framework. They are,
1. Markov Chains
2. Complex network analysis
OBJECTIVES:
1. The probability distribution of the next expected attacked honeypot in an attack session.
2. The Honeypots that are co-attacked together.
3. To know about the attack propagation combinations that are considered new and evolving.
4. To know which Honeypots contribute the most to the attack propagation within the framework.
5. To know more about contextual differences between attack propagations.(E.g. Do attack propagation patterns vary by the attacking country?).
APPROACH
Propagation is said to occur from honeypot to honeypot , when the same attacker attacks immediately after .
The suggested model is a propagation graph, where each node represents a honeypot; a link between two nodes represents propagation between two honeypots; and each link is assigned with a probability.
PROPOSED MODEL
1. First we give a formal representation to the propagation graph by considering it as the graph representation of a Markov Chains model.
2. Second, we extend it by adding a new layer of analysis methods that are adapted from the Complex networks research area .
The document describes an approach to analytical attack modeling using two main techniques: analytical modeling through generating multi-level attack graphs and service dependencies, and fine-grained modeling and simulation. It then outlines the key components of an attack modeling architecture, including generators for system specifications, attack graphs, and service dependencies, as well as modules for security evaluation, decision support, and interactive visualization.
APPLICATION-LAYER DDOS DETECTION BASED ON A ONE-CLASS SUPPORT VECTOR MACHINEIJNSA Journal
Application-layer Distributed Denial-of-Service (DDoS) attack takes advantage of the complexity and
diversity of network protocols and services. This kind of attacks is more difficult to prevent than other kinds
of DDoS attacks. This paper introduces a novel detection mechanism for application-layer DDoS attack
based on a One-Class Support Vector Machine (OC-SVM). Support vector machine (SVM) is a relatively
new machine learning technique based on statistics. OC-SVM is a special variant of the SVM and since
only the normal data is required for training, it is effective for detection of application-layer DDoS attack.
In this detection strategy, we first extract 7 features from normal users’ sessions. Then, we build normal
users’ browsing models by using OC-SVM. Finally, we use these models to detect application-layer DDoS
attacks. Numerical results based on simulation experiments demonstrate the efficacy of our detection
method.
This document describes a system for alert aggregation of cyber attacks and intrusions using generative data stream modeling. The system aims to reduce false positive and negative alerts by correlating alerts that exhibit similar patterns into single meta-alerts. It also aims to distinguish between different instances of the same attack type. The system architecture includes layers for detection, alert processing, and reaction. It evaluates intrusions using the KDD dataset and detects attacks falling into categories like probing, DoS, U2R, and R2L.
This project aims to analyze and emulate anomaly detection techniques for low-rate TCP denial of service attacks using the DETERLab testbed. The researchers plan to design an extensive anomaly checkpoint detection methodology. They propose a modified likelihood ratio algorithm to detect changes in network traffic statistics. The algorithm will be tested on legitimate and attack traffic in DETERLab while analyzing detection statistics and congestion windows. Results will help evaluate the ability to rapidly detect attacks while limiting false alarms.
Machine learning techniques applied to detect cyber attacks on web applicationsVenkat Projects
This document discusses using machine learning techniques to detect cyber attacks on web applications. It proposes using a graph-based approach and regular expressions to model normal HTTP request behavior during a learning phase. This would establish a baseline for detecting anomalies and potential attacks. Existing approaches are also reviewed that use algorithms like NSG, LSEG and F-Sign to generate signatures for detecting malware based on network traffic patterns or software code. Supervised machine learning methods have also been applied using features extracted from network data and classifiers like k-NN, Naive Bayes and neural networks. The proposed system would adapt this machine learning paradigm to specifically detect attacks on web applications.
Machine learning techniques applied to detect cyber attacks on web applicationsVenkat Projects
Machine learning techniques applied to detect cyber attacks on web applications
The increased usage of cloud services, growing number of web applications users, changes in network infrastructure that connects devices running mobile operating systems and constantly evolving network technology cause novel challenges for cyber security. As a result, to counter arising threats, network security mechanisms, sensors and protection schemes also have to evolve, to address the needs and problems of the users. In this article, we focus on countering emerging application layer cyber attacks since those are listed as top threats and the main challenge for network and cyber security. The major contribution of the article is the proposition of machine learning approach to model normal behaviour of application and to detect cyber attacks. The model consists of patterns (in form of Perl Compatible Regular Expressions (PCRE) regular expressions) that are obtained using graph-based segmentation technique and dynamic programming. The model is based on information obtained from HTTP requests generated by client to a web server. We have evaluated our method on CSIC 2010 HTTP Dataset achieving satisfactory results.
This document discusses network security metrics based on attack graphs. It provides background on attack graphs and how they can be used to analyze network security vulnerabilities. Attack graphs model relationships between vulnerabilities and how attackers could progress through a network. The document proposes several new network security metrics based on attack graphs, such as the K-step Condition Accumulation metric, and presents a new method for measuring network security that involves generating attack graphs, reducing them, and evaluating network security. Future work is needed to develop models for applying attack graphs to individual hosts and to formalize relationships between attributes and attackability.
Investigation of detection & prevention sinkhole attack in manetijctet
This document discusses sinkhole attacks in mobile ad hoc networks (MANETs) and wireless sensor networks (WSNs). It provides background on sinkhole attacks, where a compromised node advertises a high quality route to attract network traffic. This can disrupt data transmission to the base station. The document reviews several existing detection techniques for sinkhole attacks, including algorithms using hop counting and mobile agents. It then proposes a new lightweight algorithm to detect sinkhole attacks in MANETs using network flow information collected by the base station and analysis of routing patterns to identify the intruder. The algorithm aims to provide secure and efficient sinkhole detection with low overhead.
Intrusion Detection System Using Self Organizing Map AlgorithmsEditor IJCATR
This document presents a study on using self-organizing map (SOM) algorithms for intrusion detection systems. The study explores using SOM, an artificial neural network technique, to map high-dimensional network traffic data onto a 2D space to detect anomalies and network attacks. The authors describe the SOM algorithm and evaluate its performance on detecting different types of attacks in a test data set with an accuracy of 50.07% and a false positive rate of 0.06%. The study demonstrates the potential of SOM for building intrusion detection systems capable of handling complex network traffic data.
Image morphing has been the subject of much attention in recent years. It has proven to be a powerful visual effects tool
in film and television, depicting the fluid transformation of one digital image into another. This paper reviews the growth of this field
and describes recent advances in image morphing in terms of three areas: feature specification, warp generation methods, and
transition control. These areas relate to the ease of use and quality of results. We will describe the role of radial basis functions, thin
plate splines, energy minimization, and multilevel free-form deformations in advancing the state-of-the-art in image morphing. A
comparison of various techniques for morphing one digital image in to another is made. We will compare various morphing techniques
such as Feature based image morphing, Mesh and Thin Plate Splines based image morphing based on different attributes such as
Computational Time, Visual Quality of Morphs obtained and Complexity involved in Selection of features. We will demonstrate the
pros and cons of various techniques so as to allow the user to make an informed decision to suit his particular needs. Recent work on a
generalized framework for morphing among multiple images will be described.
Intrusion Detection System Using Self Organizing Map AlgorithmsEditor IJCATR
With the rapid expansion of computer usage and computer network the security of the computer system has became very
important. Every day new kind of attacks are being faced by industries. Many methods have been proposed for the development of
intrusion detection system using artificial intelligence technique. In this paper we will have a look at an algorithm based on neural
networks that are suitable for Intrusion Detection Systems (IDS). The name of this algorithm is "Self Organizing Maps" (SOM). So
far, many different methods have been used to build a detector that Wide variety of different ways in the covers. Among the methods
used to detect attacks in intrusion detection is done, In this paper we investigate the Self-Organizing Map method.
Secure intrusion detection and attack measure selectionUvaraj Shan
This document proposes NICE, a framework for secure intrusion detection and attack mitigation in virtual network systems. NICE uses distributed agents on cloud servers to monitor traffic, detect vulnerabilities, and generate attack graphs. It profiles virtual machines to identify their state and vulnerabilities. When potential attacks are detected, NICE can quarantine suspicious VMs and inspect their traffic. The attack analyzer correlates alerts, constructs attack graphs, and selects appropriate countermeasures based on the graphs. Evaluations show NICE can effectively detect attacks while minimizing performance overhead for the cloud system.
Secure intrusion detection and attack measure selection in virtual network sy...Uvaraj Shan
This document proposes NICE, a framework for secure intrusion detection and attack mitigation in virtual network systems. NICE uses distributed agents on cloud servers to monitor traffic, detect vulnerabilities, and generate attack graphs. It profiles virtual machines to identify their state and vulnerabilities. When potential attacks are detected, NICE can quarantine suspicious VMs and inspect their traffic. The attack analyzer correlates alerts, constructs attack graphs, and selects appropriate countermeasures based on the graphs. Evaluations show NICE can effectively detect attacks while minimizing performance overhead for the cloud system.
Generative adversarial networks (GANs) are a class of machine learning frameworks where two neural networks contest with each other in a game. One network generates new data instances, while the other evaluates them for authenticity. The generator creates synthetic instances to fool the discriminator, while the discriminator learns to identify the generator's fakes from true instances.
Interpretable Learning Model for Lower Dimensional Feature Space: A Case stud...Kishor Datta Gupta
Detecting brown spot in rice leaf is an urgent complication in the agricultural field as Brown Spot disease lessen the rice yield remarkably. Several segmentation techniques have been applied to identify and extract the infected portion of the rice-leaf and machine learning algorithms such as decision trees, support vector machines are applied to detect this infection. In particular, a combination of Convolution Neural Networks with these algorithms has also tried to resolve this problem. Although this attempt has achieved success in providing accuracy (96.8%), these kinds of approaches raise issues regarding the size and interpretability of feature space and interpretability of the decision model. Indeed, Deep learning networks automatically create a feature space that usually contains a massive number of features (numerous of them are not necessarily appropriate). This vast number of features extends the non-interpretability of the machine learning model. Furthermore, training the model with these many features is computationally expensive. To resolve these issues, we propose a method to extract a few interpretable features from rice-leaf images and construct a low-dimensional feature space; however, interpretation shows that they deserve significant credit for the decent accuracy of our classification model.
A Network Intrusion Detection System (NIDS) monitors a network for malicious activities or policy violations [1]. The Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on x86 hardware virtualization extensions [2]. We design and implement a back-propagation network intrusion detection system in KVM. Compared to traditional Back Propagation (BP) NIDS, the Particle Swarm Optimization (PSO) algorithm is applied to improve efficiency. The results show an improved system in terms of recall and precision along with missing detection rates.
Security Mechanisms for Organic Mesh Networks - CAST Security Award 2007Kalman Graffi
The document proposes security frameworks for organic mesh networks. It discusses challenges around node authentication, secure routing, and misbehavior detection in networks without a trusted third party. The contribution includes a bootstrapping mechanism for node authentication, the AntSec secure routing protocol, the WatchAnt one-hop misbehavior detector, and a reputation management system. Simulation results show AntSec improves throughput over traditional protocols and WatchAnt quickly and robustly detects misbehavior.
This document presents an overview of a project titled "Network Intrusion Detection and Countermeasure Selection in Virtual Network Systems". It discusses the need for effective intrusion detection and response systems to identify attacks in cloud systems and minimize their impact. It introduces NICE, a proposed multi-phase distributed mechanism that uses attack graph models and virtual network countermeasures. NICE includes network intrusion detection agents that monitor traffic and vulnerabilities. When threats are detected, countermeasures like packet inspection or virtual network reconfigurations are deployed.
Identifying attack propagation patterns in Honeypots using Markov Chains Mode...Preeti M Sobarad
Identifying attack propagation patterns in Honeypots using Markov Chains Modelling and Complex Networks analysis
Honeypot frameworks (a set of deployed and monitored Honeypots) are designed to attract attackers by presenting false or misleading information that an attacker will want to gain, attack or control.
Honeypot propagation models try to detect phenomena that reflect the propagation of attacks through different honeypots in the system.
Here we use a two-phased method for modeling honeypot propagation patterns within a honeypot framework. They are,
1. Markov Chains
2. Complex network analysis
OBJECTIVES:
1. The probability distribution of the next expected attacked honeypot in an attack session.
2. The Honeypots that are co-attacked together.
3. To know about the attack propagation combinations that are considered new and evolving.
4. To know which Honeypots contribute the most to the attack propagation within the framework.
5. To know more about contextual differences between attack propagations.(E.g. Do attack propagation patterns vary by the attacking country?).
APPROACH
Propagation is said to occur from honeypot to honeypot , when the same attacker attacks immediately after .
The suggested model is a propagation graph, where each node represents a honeypot; a link between two nodes represents propagation between two honeypots; and each link is assigned with a probability.
PROPOSED MODEL
1. First we give a formal representation to the propagation graph by considering it as the graph representation of a Markov Chains model.
2. Second, we extend it by adding a new layer of analysis methods that are adapted from the Complex networks research area .
The document describes an approach to analytical attack modeling using two main techniques: analytical modeling through generating multi-level attack graphs and service dependencies, and fine-grained modeling and simulation. It then outlines the key components of an attack modeling architecture, including generators for system specifications, attack graphs, and service dependencies, as well as modules for security evaluation, decision support, and interactive visualization.
APPLICATION-LAYER DDOS DETECTION BASED ON A ONE-CLASS SUPPORT VECTOR MACHINEIJNSA Journal
Application-layer Distributed Denial-of-Service (DDoS) attack takes advantage of the complexity and
diversity of network protocols and services. This kind of attacks is more difficult to prevent than other kinds
of DDoS attacks. This paper introduces a novel detection mechanism for application-layer DDoS attack
based on a One-Class Support Vector Machine (OC-SVM). Support vector machine (SVM) is a relatively
new machine learning technique based on statistics. OC-SVM is a special variant of the SVM and since
only the normal data is required for training, it is effective for detection of application-layer DDoS attack.
In this detection strategy, we first extract 7 features from normal users’ sessions. Then, we build normal
users’ browsing models by using OC-SVM. Finally, we use these models to detect application-layer DDoS
attacks. Numerical results based on simulation experiments demonstrate the efficacy of our detection
method.
This document describes a system for alert aggregation of cyber attacks and intrusions using generative data stream modeling. The system aims to reduce false positive and negative alerts by correlating alerts that exhibit similar patterns into single meta-alerts. It also aims to distinguish between different instances of the same attack type. The system architecture includes layers for detection, alert processing, and reaction. It evaluates intrusions using the KDD dataset and detects attacks falling into categories like probing, DoS, U2R, and R2L.
This project aims to analyze and emulate anomaly detection techniques for low-rate TCP denial of service attacks using the DETERLab testbed. The researchers plan to design an extensive anomaly checkpoint detection methodology. They propose a modified likelihood ratio algorithm to detect changes in network traffic statistics. The algorithm will be tested on legitimate and attack traffic in DETERLab while analyzing detection statistics and congestion windows. Results will help evaluate the ability to rapidly detect attacks while limiting false alarms.
Machine learning techniques applied to detect cyber attacks on web applicationsVenkat Projects
This document discusses using machine learning techniques to detect cyber attacks on web applications. It proposes using a graph-based approach and regular expressions to model normal HTTP request behavior during a learning phase. This would establish a baseline for detecting anomalies and potential attacks. Existing approaches are also reviewed that use algorithms like NSG, LSEG and F-Sign to generate signatures for detecting malware based on network traffic patterns or software code. Supervised machine learning methods have also been applied using features extracted from network data and classifiers like k-NN, Naive Bayes and neural networks. The proposed system would adapt this machine learning paradigm to specifically detect attacks on web applications.
Machine learning techniques applied to detect cyber attacks on web applicationsVenkat Projects
Machine learning techniques applied to detect cyber attacks on web applications
The increased usage of cloud services, growing number of web applications users, changes in network infrastructure that connects devices running mobile operating systems and constantly evolving network technology cause novel challenges for cyber security. As a result, to counter arising threats, network security mechanisms, sensors and protection schemes also have to evolve, to address the needs and problems of the users. In this article, we focus on countering emerging application layer cyber attacks since those are listed as top threats and the main challenge for network and cyber security. The major contribution of the article is the proposition of machine learning approach to model normal behaviour of application and to detect cyber attacks. The model consists of patterns (in form of Perl Compatible Regular Expressions (PCRE) regular expressions) that are obtained using graph-based segmentation technique and dynamic programming. The model is based on information obtained from HTTP requests generated by client to a web server. We have evaluated our method on CSIC 2010 HTTP Dataset achieving satisfactory results.
This document discusses network security metrics based on attack graphs. It provides background on attack graphs and how they can be used to analyze network security vulnerabilities. Attack graphs model relationships between vulnerabilities and how attackers could progress through a network. The document proposes several new network security metrics based on attack graphs, such as the K-step Condition Accumulation metric, and presents a new method for measuring network security that involves generating attack graphs, reducing them, and evaluating network security. Future work is needed to develop models for applying attack graphs to individual hosts and to formalize relationships between attributes and attackability.
Investigation of detection & prevention sinkhole attack in manetijctet
This document discusses sinkhole attacks in mobile ad hoc networks (MANETs) and wireless sensor networks (WSNs). It provides background on sinkhole attacks, where a compromised node advertises a high quality route to attract network traffic. This can disrupt data transmission to the base station. The document reviews several existing detection techniques for sinkhole attacks, including algorithms using hop counting and mobile agents. It then proposes a new lightweight algorithm to detect sinkhole attacks in MANETs using network flow information collected by the base station and analysis of routing patterns to identify the intruder. The algorithm aims to provide secure and efficient sinkhole detection with low overhead.
Intrusion Detection System Using Self Organizing Map AlgorithmsEditor IJCATR
This document presents a study on using self-organizing map (SOM) algorithms for intrusion detection systems. The study explores using SOM, an artificial neural network technique, to map high-dimensional network traffic data onto a 2D space to detect anomalies and network attacks. The authors describe the SOM algorithm and evaluate its performance on detecting different types of attacks in a test data set with an accuracy of 50.07% and a false positive rate of 0.06%. The study demonstrates the potential of SOM for building intrusion detection systems capable of handling complex network traffic data.
Image morphing has been the subject of much attention in recent years. It has proven to be a powerful visual effects tool
in film and television, depicting the fluid transformation of one digital image into another. This paper reviews the growth of this field
and describes recent advances in image morphing in terms of three areas: feature specification, warp generation methods, and
transition control. These areas relate to the ease of use and quality of results. We will describe the role of radial basis functions, thin
plate splines, energy minimization, and multilevel free-form deformations in advancing the state-of-the-art in image morphing. A
comparison of various techniques for morphing one digital image in to another is made. We will compare various morphing techniques
such as Feature based image morphing, Mesh and Thin Plate Splines based image morphing based on different attributes such as
Computational Time, Visual Quality of Morphs obtained and Complexity involved in Selection of features. We will demonstrate the
pros and cons of various techniques so as to allow the user to make an informed decision to suit his particular needs. Recent work on a
generalized framework for morphing among multiple images will be described.
Intrusion Detection System Using Self Organizing Map AlgorithmsEditor IJCATR
With the rapid expansion of computer usage and computer network the security of the computer system has became very
important. Every day new kind of attacks are being faced by industries. Many methods have been proposed for the development of
intrusion detection system using artificial intelligence technique. In this paper we will have a look at an algorithm based on neural
networks that are suitable for Intrusion Detection Systems (IDS). The name of this algorithm is "Self Organizing Maps" (SOM). So
far, many different methods have been used to build a detector that Wide variety of different ways in the covers. Among the methods
used to detect attacks in intrusion detection is done, In this paper we investigate the Self-Organizing Map method.
Secure intrusion detection and attack measure selectionUvaraj Shan
This document proposes NICE, a framework for secure intrusion detection and attack mitigation in virtual network systems. NICE uses distributed agents on cloud servers to monitor traffic, detect vulnerabilities, and generate attack graphs. It profiles virtual machines to identify their state and vulnerabilities. When potential attacks are detected, NICE can quarantine suspicious VMs and inspect their traffic. The attack analyzer correlates alerts, constructs attack graphs, and selects appropriate countermeasures based on the graphs. Evaluations show NICE can effectively detect attacks while minimizing performance overhead for the cloud system.
Secure intrusion detection and attack measure selection in virtual network sy...Uvaraj Shan
This document proposes NICE, a framework for secure intrusion detection and attack mitigation in virtual network systems. NICE uses distributed agents on cloud servers to monitor traffic, detect vulnerabilities, and generate attack graphs. It profiles virtual machines to identify their state and vulnerabilities. When potential attacks are detected, NICE can quarantine suspicious VMs and inspect their traffic. The attack analyzer correlates alerts, constructs attack graphs, and selects appropriate countermeasures based on the graphs. Evaluations show NICE can effectively detect attacks while minimizing performance overhead for the cloud system.
Generative adversarial networks (GANs) are a class of machine learning frameworks where two neural networks contest with each other in a game. One network generates new data instances, while the other evaluates them for authenticity. The generator creates synthetic instances to fool the discriminator, while the discriminator learns to identify the generator's fakes from true instances.
Interpretable Learning Model for Lower Dimensional Feature Space: A Case stud...Kishor Datta Gupta
Detecting brown spot in rice leaf is an urgent complication in the agricultural field as Brown Spot disease lessen the rice yield remarkably. Several segmentation techniques have been applied to identify and extract the infected portion of the rice-leaf and machine learning algorithms such as decision trees, support vector machines are applied to detect this infection. In particular, a combination of Convolution Neural Networks with these algorithms has also tried to resolve this problem. Although this attempt has achieved success in providing accuracy (96.8%), these kinds of approaches raise issues regarding the size and interpretability of feature space and interpretability of the decision model. Indeed, Deep learning networks automatically create a feature space that usually contains a massive number of features (numerous of them are not necessarily appropriate). This vast number of features extends the non-interpretability of the machine learning model. Furthermore, training the model with these many features is computationally expensive. To resolve these issues, we propose a method to extract a few interpretable features from rice-leaf images and construct a low-dimensional feature space; however, interpretation shows that they deserve significant credit for the decent accuracy of our classification model.
A safer approach to build recommendation systems on unidentifiable dataKishor Datta Gupta
Conference: 14th International Conference on Agents and Artificial Intelligence (ICAART 2022)
In recent years, data security has been one of the biggest concerns, and individuals have grown increasingly worried about the security of their personal information. Personalization typically necessitates the collection of individual data for analysis, exposing customers to privacy concerns. Companies create an illusion of safety to make people feel safe using a mainstream word, "encryption". Though encryption protects personal data from an external breach, the companies can still exploit personal data collected from users as they own the encryption keys. We present a naive yet secure approach for recommending movies to consumers without collecting any personally identifiable information. Our proposed approach can assist a movie recommendation system understand user preferences using the user's movie watch-time and watch history only. We conducted a comprehensive and comparative study on the performance of three deep reinforcement learning architectures, namely DQN, DDQN, and D3QN, on the same task. We observed that D3QN outperformed the other two architectures and achieved a precision of 0.880, recall of 0.805, and F1 score of 0.830. The results show that we can build a competitive movie recommendation system using unidentifiable data.
This document summarizes a presentation on machine learning models, adversarial attacks, and defense strategies. It discusses adversarial attacks on machine learning systems, including GAN-based attacks. It then covers various defense strategies against adversarial attacks, such as filter-based adaptive defenses and outlier-based defenses. The presentation also addresses issues around bias in AI systems and the need for explainable and accountable AI.
The document discusses adversarial attacks (AAs) on AI/ML systems. It outlines different types of attacks like poisoning attacks, evasion attacks, and Trojan attacks. It also describes various evasion-based attack methods like one pixel attacks and gradient attacks. Additionally, it notes that AAs can be transferable between models and are less effective in physical environments. The document discusses current defense strategies like retraining models, input reconstruction, and model modifications. However, it notes limitations like reduced accuracy and vulnerability to adaptive attacks. It also does not sufficiently test defense practicality or computational costs. In conclusion, the document argues that defending against adaptive attacks and Trojan attacks is particularly challenging and requires end-to-end protections.
Robust Filtering Schemes for Machine Learning Systems to Defend Adversarial A...Kishor Datta Gupta
This presentation discusses robust filtering schemes to defend machine learning systems against adversarial attacks. It outlines three main defense schemes: input filtering, output filtering, and an end-to-end protection scheme. The input filtering scheme uses a genetic algorithm to determine an optimal sequence of filters to detect adversarial examples. The output filtering scheme formulates the detection of adversarial inputs as an outlier detection problem. The end-to-end scheme integrates components for adversarial detection, filtering, and classification into a unified framework for protection. Experimental results show the proposed approaches can effectively detect various adversarial attack types while maintaining high classification accuracy.
Zero-shot learning allows a model to recognize classes that it was not trained on by utilizing auxiliary information about both seen and unseen classes during training. The model is trained to predict this auxiliary information, like word embeddings or manually designed features, for the seen classes. During testing, the model predicts the auxiliary information for an unseen class and assigns it to the class whose auxiliary information is closest, even if that class was not part of the training data. This allows the model to generalize to new classes without requiring labeled examples of those classes.
Using Negative Detectors for Identifying Adversarial Data Manipulation in Mac...Kishor Datta Gupta
With the increased popularity of Machine Learning (ML) in real-world applications, adversarial attacks are emerging to subvert the ML-based decision support systems. It appears that the existing adversarial defenses are ineffective against adaptive attacks since these are highly depend on knowledge of prior attacks and the ML model architecture. To alleviate the challenges, We propose a negative filtering strategy that does not require any adversarial knowledge and can work independent of ML models. This filtering strategy relies on salient features of clean (training) data and employs a complementary approach to cover possible attack surface in an application. Our empirical experiments with different data sets demonstrate that the negative filters could effectively detect wide-range of adversarial inputs and update itself to protect against adaptive attacks.
Deep Reinforcement Learning based Recommendation with Explicit User-ItemInter...Kishor Datta Gupta
—Recommendation is crucial in both academia andindustry, and various techniques are proposed such as content-based collaborative filtering, matrix factorization, logistic re-gression, factorization machines, neural networks and multi-armed bandits. However, most of the previous studies sufferfrom two limitations: (1) considering the recommendation asa static procedure and ignoring the dynamic interactive naturebetween users and the recommender systems; (2) focusing on theimmediate feedback of recommended items and neglecting thelong-term rewards. To address the two limitations, in this paperwe propose a novel recommendation framework based on deepreinforcement learning, called DRR. The DRR framework treatsrecommendation as a sequential decision making procedure andadopts an “Actor-Critic” reinforcement learning scheme to modelthe interactions between the users and recommender systems,which can consider both the dynamic adaptation and long-term rewards. Further more, a state representation module isincorporated into DRR, which can explicitly capture the interac-tions between items and users. Three instantiation structures aredeveloped. Extensive experiments on four real-world datasets areconducted under both the offline and online evaluation settings.The experimental results demonstrate the proposed DRR methodindeed outperforms the state-of-the-art competitors
Machine learning can be applied in various areas of computer security like network security, endpoint protection, application security, user behavior analysis, and process behavior analysis. Some common machine learning techniques that are useful for security include regression for prediction and detection of anomalies, classification to identify threats and attacks, and clustering for forensic analysis and to detect outliers. Example applications of machine learning in security include using regression to detect anomalies in network traffic, classification to identify malware, and clustering to separate malware from legitimate files.
Policy Based reinforcement Learning for time series Anomaly detectionKishor Datta Gupta
This document discusses a policy-based reinforcement learning approach called PTAD for time series anomaly detection. PTAD formulates anomaly detection as a Markov Decision Process and uses an asynchronous actor-critic algorithm to learn a stochastic policy. The agent takes as input current and previous time series data and actions, and outputs a decision of normal or anomalous. It is rewarded based on a confusion matrix calculation. Experimental results show PTAD achieves best performance both within and across datasets by adjusting to different behaviors. The stochastic policy allows exploring precision-recall tradeoffs. While interesting, it is not compared to neural network based techniques like autoencoders.
This document discusses intrusion detection systems (IDS). It covers the key components of an IDS, including methods of intrusion detection like audit trail processing, on-the-fly processing, profiles of normal behavior, signatures of abnormal behavior, and parameter pattern matching. The document also discusses building network-based IDS using tools like Snort and host-based IDS. It provides examples of labs to analyze network and wireless intrusion detection using machine learning techniques.
understanding the pandemic through mining covid news using natural language p...Kishor Datta Gupta
This document summarizes a research presentation on analyzing Covid-19 news reports from newspapers in developed and developing countries using natural language processing. It introduces the research aim to understand how newspapers portray the pandemic using NLP techniques on reports from the US and Bangladesh. The researchers collected over 1000 news articles to create the NNK Dataset, which they preprocessed and analyzed to extract keywords, sentiments, and case numbers. Word clouds of frequent terms and numeric extractions showed how coverage evolved over time. The dataset was made publicly available to encourage further analysis of portraying pandemics through newspapers.
The document discusses using different representation spaces for digits when classifying MNIST data. It shows that classifying digits when each digit has its own best representation space that other digits are compared to leads to much higher accuracy, ranging from 97-99%, compared to using the same representation space for all digits which only achieves 64% accuracy.
"Can NLP techniques be utilized as a reliable tool for medical science?" -Bui...Kishor Datta Gupta
Artificial intelligence persists on being a right-hand tool for many branches of biology. From preliminary advices and treatments, such as understanding if symptoms related to fever or cold, to critical detection of cancerous cell or classification of X-rays, traditional machine learning and deep learning techniques achieved remarkable feats. However, total dependency on machine-based prediction is yet a far fetched concept. In this paper, we provide a framework utilizing several Natural Language Processing (NLP) algorithms to construct a comparative analysis. We create an ensemble of top-performing algorithms to accomplish classification task on medical reports. We compare both the traditional machine learning and deep learning techniques and evaluate their probabilities of being reliable on analyzing medical diagnosis. We concluded that an ensemble approach can provide reliable outcomes with accuracy over 92% and that the current state of the art is unequipped to provide the result with the standard needed for health sectors but an ensemble of these techniques can be a pathway for future research direction.
Conference: IEEE 11th Annual Information Technology, Electronics and Mobile Communication Conference (IEEE IEMCON 2020)At: Vancouver
Applicability issues of Evasion-Based Adversarial Attacks and Mitigation Tech...Kishor Datta Gupta
Adversarial attacks are considered security risks for Artificial Intelligence-based systems. Researchers have been studying different defense techniques appropriate for adversarial attacks. Evaluation strategies of these attacks and corresponding defenses are primarily conducted on trivial benchmark analysis. We have observed that most of these analyses have practical limitations for both attacks and for defense methods. In this work, we analyzed the adversarial attacks based on how these are performed in real-world problems and what steps can be taken to mitigate their effects. We also studied practicability issues of well-established defense techniques against adversarial attacks and proposed some guidelines for better and effective solutions. We demonstrated that the adversarial attacks detection rate and destruction rate co-related inversely, which can be used in designing defense techniques. Based on our experimental results, we suggest an adversarial defense model incorporating security policies that are suitable for practical purposes.
https://www.researchgate.net/publication/344463103_Applicability_issues_of_Evasion-Based_Adversarial_Attacks_and_Mitigation_Techniques
Adversarial Input Detection Using Image Processing Techniques (IPT)Kishor Datta Gupta
Modern deep learning models for the computer vision domain are vulnerable against adversarial attacks. Image prepossessing technique based defense against malicious input is currently considered obsolete as this defense is not effective against all types of attacks. The advanced adaptive attack can easily defeat pre-processing based defenses. In this paper, we proposed a framework that will generate a set of image processing sequences (several image processing techniques in a series). We randomly select a set of Image processing technique sequences (IPTS) dynamically to answer the obscurity question in testing time. This paper outlines methodology utilizing varied datasets examined with various adversarial data manipulations. For specific attack types and dataset, it produces unique IPTS. The outcome of our empirical experiments shows that the method can efficiently employ as processing for any machine learning models. The research also showed that our process works against adaptive attacks as we are using a non-deterministic set of IPTS for each adversarial input.
This document discusses clustering clean and adversarial images from the MNIST dataset using K-means, LDA, and T-SNE clustering methods. It contains 10,000 clean images and 10,000 adversarial images generated using the FGSM attack method from 10 classes in MNIST. The document applies principal component analysis to extract features from the images before clustering them to visualize how the different methods group the clean and adversarial samples.
This document discusses basic digital image concepts including image data representations, color channels, bit depth, CMYK vs RGB color models, image blur filters using kernels, and kernel operations used in convolutional neural networks (CNN).
An empirical study on algorithmic bias (aiml compsac2020)Kishor Datta Gupta
In all goal-oriented selection activities, an existence of certain level of bias is unavoidable and may be desired for efficient artificial intelligence based decision support systems. However, a fair independent comparison of all eligible entities is essential to alleviate explicit bias in competitive marketplace. For example, searching online for a good or service, it is expected that the underlying algorithm will provide fair results by searching all available entities in the category mentioned. However, a biased search can make a narrow or collaborative query, ignoring competitive outcomes, resulting customers in costing more or getting lower quality products or services for the money they spend. This paper describes algorithmic bias in different contexts with examples and scenarios, best practices to detect bias, and two case studies to identify algorithmic bias.
Generating privacy-protected synthetic data using Secludy and MilvusZilliz
During this demo, the founders of Secludy will demonstrate how their system utilizes Milvus to store and manipulate embeddings for generating privacy-protected synthetic data. Their approach not only maintains the confidentiality of the original data but also enhances the utility and scalability of LLMs under privacy constraints. Attendees, including machine learning engineers, data scientists, and data managers, will witness first-hand how Secludy's integration with Milvus empowers organizations to harness the power of LLMs securely and efficiently.
Programming Foundation Models with DSPy - Meetup SlidesZilliz
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfChart Kalyan
A Mix Chart displays historical data of numbers in a graphical or tabular form. The Kalyan Rajdhani Mix Chart specifically shows the results of a sequence of numbers over different periods.
Have you ever been confused by the myriad of choices offered by AWS for hosting a website or an API?
Lambda, Elastic Beanstalk, Lightsail, Amplify, S3 (and more!) can each host websites + APIs. But which one should we choose?
Which one is cheapest? Which one is fastest? Which one will scale to meet our needs?
Join me in this session as we dive into each AWS hosting service to determine which one is best for your scenario and explain why!
Letter and Document Automation for Bonterra Impact Management (fka Social Sol...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on automated letter generation for Bonterra Impact Management using Google Workspace or Microsoft 365.
Interested in deploying letter generation automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
GraphRAG for Life Science to increase LLM accuracyTomaz Bratanic
GraphRAG for life science domain, where you retriever information from biomedical knowledge graphs using LLMs to increase the accuracy and performance of generated answers
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdfflufftailshop
When it comes to unit testing in the .NET ecosystem, developers have a wide range of options available. Among the most popular choices are NUnit, XUnit, and MSTest. These unit testing frameworks provide essential tools and features to help ensure the quality and reliability of code. However, understanding the differences between these frameworks is crucial for selecting the most suitable one for your projects.
Trusted Execution Environment for Decentralized Process MiningLucaBarbaro3
Presentation of the paper "Trusted Execution Environment for Decentralized Process Mining" given during the CAiSE 2024 Conference in Cyprus on June 7, 2024.
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-und-domino-lizenzkostenreduzierung-in-der-welt-von-dlau/
DLAU und die Lizenzen nach dem CCB- und CCX-Modell sind für viele in der HCL-Community seit letztem Jahr ein heißes Thema. Als Notes- oder Domino-Kunde haben Sie vielleicht mit unerwartet hohen Benutzerzahlen und Lizenzgebühren zu kämpfen. Sie fragen sich vielleicht, wie diese neue Art der Lizenzierung funktioniert und welchen Nutzen sie Ihnen bringt. Vor allem wollen Sie sicherlich Ihr Budget einhalten und Kosten sparen, wo immer möglich. Das verstehen wir und wir möchten Ihnen dabei helfen!
Wir erklären Ihnen, wie Sie häufige Konfigurationsprobleme lösen können, die dazu führen können, dass mehr Benutzer gezählt werden als nötig, und wie Sie überflüssige oder ungenutzte Konten identifizieren und entfernen können, um Geld zu sparen. Es gibt auch einige Ansätze, die zu unnötigen Ausgaben führen können, z. B. wenn ein Personendokument anstelle eines Mail-Ins für geteilte Mailboxen verwendet wird. Wir zeigen Ihnen solche Fälle und deren Lösungen. Und natürlich erklären wir Ihnen das neue Lizenzmodell.
Nehmen Sie an diesem Webinar teil, bei dem HCL-Ambassador Marc Thomas und Gastredner Franz Walder Ihnen diese neue Welt näherbringen. Es vermittelt Ihnen die Tools und das Know-how, um den Überblick zu bewahren. Sie werden in der Lage sein, Ihre Kosten durch eine optimierte Domino-Konfiguration zu reduzieren und auch in Zukunft gering zu halten.
Diese Themen werden behandelt
- Reduzierung der Lizenzkosten durch Auffinden und Beheben von Fehlkonfigurationen und überflüssigen Konten
- Wie funktionieren CCB- und CCX-Lizenzen wirklich?
- Verstehen des DLAU-Tools und wie man es am besten nutzt
- Tipps für häufige Problembereiche, wie z. B. Team-Postfächer, Funktions-/Testbenutzer usw.
- Praxisbeispiele und Best Practices zum sofortigen Umsetzen
Digital Marketing Trends in 2024 | Guide for Staying AheadWask
https://www.wask.co/ebooks/digital-marketing-trends-in-2024
Feeling lost in the digital marketing whirlwind of 2024? Technology is changing, consumer habits are evolving, and staying ahead of the curve feels like a never-ending pursuit. This e-book is your compass. Dive into actionable insights to handle the complexities of modern marketing. From hyper-personalization to the power of user-generated content, learn how to build long-term relationships with your audience and unlock the secrets to success in the ever-shifting digital landscape.
Your One-Stop Shop for Python Success: Top 10 US Python Development Providersakankshawande
Simplify your search for a reliable Python development partner! This list presents the top 10 trusted US providers offering comprehensive Python development services, ensuring your project's success from conception to completion.
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...Tatiana Kojar
Skybuffer AI, built on the robust SAP Business Technology Platform (SAP BTP), is the latest and most advanced version of our AI development, reaffirming our commitment to delivering top-tier AI solutions. Skybuffer AI harnesses all the innovative capabilities of the SAP BTP in the AI domain, from Conversational AI to cutting-edge Generative AI and Retrieval-Augmented Generation (RAG). It also helps SAP customers safeguard their investments into SAP Conversational AI and ensure a seamless, one-click transition to SAP Business AI.
With Skybuffer AI, various AI models can be integrated into a single communication channel such as Microsoft Teams. This integration empowers business users with insights drawn from SAP backend systems, enterprise documents, and the expansive knowledge of Generative AI. And the best part of it is that it is all managed through our intuitive no-code Action Server interface, requiring no extensive coding knowledge and making the advanced AI accessible to more users.
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slackshyamraj55
Discover the seamless integration of RPA (Robotic Process Automation), COMPOSER, and APM with AWS IDP enhanced with Slack notifications. Explore how these technologies converge to streamline workflows, optimize performance, and ensure secure access, all while leveraging the power of AWS IDP and real-time communication via Slack notifications.
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on integration of Salesforce with Bonterra Impact Management.
Interested in deploying an integration with Salesforce for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...alexjohnson7307
Predictive maintenance is a proactive approach that anticipates equipment failures before they happen. At the forefront of this innovative strategy is Artificial Intelligence (AI), which brings unprecedented precision and efficiency. AI in predictive maintenance is transforming industries by reducing downtime, minimizing costs, and enhancing productivity.
Skybuffer SAM4U tool for SAP license adoptionTatiana Kojar
Manage and optimize your license adoption and consumption with SAM4U, an SAP free customer software asset management tool.
SAM4U, an SAP complimentary software asset management tool for customers, delivers a detailed and well-structured overview of license inventory and usage with a user-friendly interface. We offer a hosted, cost-effective, and performance-optimized SAM4U setup in the Skybuffer Cloud environment. You retain ownership of the system and data, while we manage the ABAP 7.58 infrastructure, ensuring fixed Total Cost of Ownership (TCO) and exceptional services through the SAP Fiori interface.
1. Paper Presentation
“Network Security Risk Assessment System
Based on Attack Graph and Markov Chain”
written by
Fuxiong Sun, Juntao Pi, Jin Lv and Tian Cao
presented by
Kishor Datta Gupta
COMP-8327
Friday 14 Feb 2018
2. Introduction
Propose new model for Network Security Risk Assessment
Model (NSRAM)
Based on
• Penetration test
• Attack graph
• CVSS
By Using
Markov chain : For Calculate the risk value
End result:
Detect the risk level with magnitude of probability
3. Background
• Markov chain :
A stochastic model describing a sequence of possible events in which the probability of
each event depends only on the state attained in the previous event.
• Attack Graphs:
Attack graphs depict ways in which an adversary exploits system vulnerabilities to achieve
a desired state.
• CVSS
Common Vulnerability Scoring System
4. Related works
NSRAM model based on
• Bayesian network and event tree by Jinsoo shin
• Fuzzy, AHP and D-S evidence theories by Fang yang
• Risk theory by Advanced material research
• Immunity algorithm by Yuah Ha
• Polynomial complexity with network flow Attack
• Attack Graph based on graph kernel by Yu yanjun
• Markov time varying model by Wang Xiao
7. Information Acquisition
• Network Environment
• Test steps
• Target information – five tuple pattern
Host_id : host identifier
Host_vulSet : Vulnerabilities in host with CVE score
Host_con: Network of Host
Host_port: Open ports in host
Host_data: Host weight based on location & importance
8. Penetration Implementation
• Ruby script call security tools
• Tools scan and penetrate network
• Use host_vulset to generate report
Used tools: burp suite, nikto, metasploit
9. Automatic Generation of Attack Graph
Breadth-First traversal use to generate graph
• Att _id represents an attacker.
• Att_start is the Host_id which starts to attack.
• Att_target is the Host_id of target host.
• Att_getAuth is access rights obtained after a successful attack.
• Att_other refers to the attack path, attack time, attack ability
and other information.
10. Attack Graph Evaluation
• CVSS standard is used to score vulnerabilities on an
atomic node.
• According to Host_con, all attack paths are drawn
• NSRAM takes the largest probability of attack path as
the whole risk probability of the system
11. System Modeling(Attack Graph)
Attack graph is defined as 𝐴 = (𝐴𝑠 ∪ 𝐴𝑑 , 𝑇, 𝑅, 𝐸).
As=Starting node
Ad=destination node
T=an attack of node
R=Relation between state
E= Directed edges
12. Markov Chain Risk Assessment
MC=(I, P, A)
where
• I= {𝑏1, 𝑏2, … 𝑏𝑚} is the state space
• P =transition probability matrix.
• A={𝐺1, 𝐺2, 𝐺3, . . . , 𝐺𝑘 }. The A is called the set of all available
attack actions.
19. Conclusion
• Automatically and periodically collect network
topology and vulnerability data
• Combining the improved CVSS and probability
evaluation of attack path
Future work:
Incremental evaluation of attack graph and path will
greatly improve the efficiency of the model
The End – Thank You!