To counter data breaches, we introduce a new data leak prevention (DLP) approach. Unlike regular expression methods, our approach extracts a small number of critical semantic features and requires a small training set. Existing tools concentrate mostly on data format where most defense and industry applications would be better served by monitoring the semantics of information in the enterprise. We demonstrate our approach by comparing its performance with other state-of-the-art methods, such as latent dirichlet allocation (LDA) and support vector machine (SVM). The experiment results suggest that the proposed approach have superior accuracy in terms of detection rate and false-positive (FP) rate.
{"title":"Semantic Similarity Detection For Data Leak Prevention","authors":"Dan Du, Lu Yu, R. Brooks","doi":"10.1145/2746266.2746270","DOIUrl":"https://doi.org/10.1145/2746266.2746270","url":null,"abstract":"To counter data breaches, we introduce a new data leak prevention (DLP) approach. Unlike regular expression methods, our approach extracts a small number of critical semantic features and requires a small training set. Existing tools concentrate mostly on data format where most defense and industry applications would be better served by monitoring the semantics of information in the enterprise. We demonstrate our approach by comparing its performance with other state-of-the-art methods, such as latent dirichlet allocation (LDA) and support vector machine (SVM). The experiment results suggest that the proposed approach have superior accuracy in terms of detection rate and false-positive (FP) rate.","PeriodicalId":106769,"journal":{"name":"Proceedings of the 10th Annual Cyber and Information Security Research Conference","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-04-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131329768","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Michael D. Iannacone, S. Bohn, Grant C. Nakamura, J. Gerth, Kelly M. T. Huffer, R. A. Bridges, Erik M. Ferragut, J. Goodall
In this paper we describe an ontology developed for a cyber security knowledge graph database. This is intended to provide an organized schema that incorporates information from a large variety of structured and unstructured data sources, and includes all relevant concepts within the domain. We compare the resulting ontology with previous efforts, discuss its strengths and limitations, and describe areas for future work.
{"title":"Developing an Ontology for Cyber Security Knowledge Graphs","authors":"Michael D. Iannacone, S. Bohn, Grant C. Nakamura, J. Gerth, Kelly M. T. Huffer, R. A. Bridges, Erik M. Ferragut, J. Goodall","doi":"10.1145/2746266.2746278","DOIUrl":"https://doi.org/10.1145/2746266.2746278","url":null,"abstract":"In this paper we describe an ontology developed for a cyber security knowledge graph database. This is intended to provide an organized schema that incorporates information from a large variety of structured and unstructured data sources, and includes all relevant concepts within the domain. We compare the resulting ontology with previous efforts, discuss its strengths and limitations, and describe areas for future work.","PeriodicalId":106769,"journal":{"name":"Proceedings of the 10th Annual Cyber and Information Security Research Conference","volume":"10 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-04-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128627907","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The important backbone of the Smart Grid is the cyber/information infrastructure, which is primarily used to communicate with different grid components. Smart grid is a complex cyber physical system containing a numerous and variety number of sources, devices, controllers and loads. Therefore, smart grid is vulnerable to the grid related disturbances. For such a dynamic system, disturbance and intrusion detection is a paramount issue. This paper presents a Simulink and Opnet based co-simulated platform to carry out a cyber-intrusion in a cyber-network for modern power systems and smart grid. The IEEE 30 bus power system model is used to demonstrate the effectiveness of the simulated testbed. The experiments were performed by disturbing the circuit breakers reclosing time through a cyber-attack. Different disturbance situations in the considered test system are considered and the results indicate the effectiveness of the proposed co-simulated scheme.
{"title":"OPNET/Simulink Based Testbed for Disturbance Detection in the Smart Grid","authors":"M. Sadi, M. Ali, D. Dasgupta, R. Abercrombie","doi":"10.1145/2746266.2746283","DOIUrl":"https://doi.org/10.1145/2746266.2746283","url":null,"abstract":"The important backbone of the Smart Grid is the cyber/information infrastructure, which is primarily used to communicate with different grid components. Smart grid is a complex cyber physical system containing a numerous and variety number of sources, devices, controllers and loads. Therefore, smart grid is vulnerable to the grid related disturbances. For such a dynamic system, disturbance and intrusion detection is a paramount issue. This paper presents a Simulink and Opnet based co-simulated platform to carry out a cyber-intrusion in a cyber-network for modern power systems and smart grid. The IEEE 30 bus power system model is used to demonstrate the effectiveness of the simulated testbed. The experiments were performed by disturbing the circuit breakers reclosing time through a cyber-attack. Different disturbance situations in the considered test system are considered and the results indicate the effectiveness of the proposed co-simulated scheme.","PeriodicalId":106769,"journal":{"name":"Proceedings of the 10th Annual Cyber and Information Security Research Conference","volume":"98 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-04-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124970888","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The introduction of wireless interfaces into cars raises new security-related risks to the vehicle and passengers. Vulnerabilities of the vehicle electronics to remote attacks through internet connections have been demonstrated recently. The introduction of industrial-scale processes, methods and tools for the development and quality assurance of appropriate security-controls into vehicle electronics is an essential task for system providers and vehicle manufacturers to cope with security hazards. In this contribution a process model for security analysis tasks during automotive systems development is presented. The proposed model is explained on the vulnerabilities in a vehicle's remote unlock function recently published by Spaar.
{"title":"A Model of an Automotive Security Concept Phase","authors":"Christopher Robinson-Mallett, Sebastian Hansack","doi":"10.1145/2746266.2746282","DOIUrl":"https://doi.org/10.1145/2746266.2746282","url":null,"abstract":"The introduction of wireless interfaces into cars raises new security-related risks to the vehicle and passengers. Vulnerabilities of the vehicle electronics to remote attacks through internet connections have been demonstrated recently. The introduction of industrial-scale processes, methods and tools for the development and quality assurance of appropriate security-controls into vehicle electronics is an essential task for system providers and vehicle manufacturers to cope with security hazards. In this contribution a process model for security analysis tasks during automotive systems development is presented. The proposed model is explained on the vulnerabilities in a vehicle's remote unlock function recently published by Spaar.","PeriodicalId":106769,"journal":{"name":"Proceedings of the 10th Annual Cyber and Information Security Research Conference","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-04-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125635180","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Corinne L. Jones, R. A. Bridges, Kelly M. T. Huffer, J. Goodall
In order to assist security analysts in obtaining information pertaining to their network, such as novel vulnerabilities, exploits, or patches, information retrieval methods tailored to the security domain are needed. As labeled text data is scarce and expensive, we follow developments in semi-supervised Natural Language Processing and implement a bootstrapping algorithm for extracting security entities and their relationships from text. The algorithm requires little input data, specifically, a few relations or patterns (heuristics for identifying relations), and incorporates an active learning component which queries the user on the most important decisions to prevent drifting from the desired relations. Preliminary testing on a small corpus shows promising results, obtaining precision of .82.
{"title":"Towards a Relation Extraction Framework for Cyber-Security Concepts","authors":"Corinne L. Jones, R. A. Bridges, Kelly M. T. Huffer, J. Goodall","doi":"10.1145/2746266.2746277","DOIUrl":"https://doi.org/10.1145/2746266.2746277","url":null,"abstract":"In order to assist security analysts in obtaining information pertaining to their network, such as novel vulnerabilities, exploits, or patches, information retrieval methods tailored to the security domain are needed. As labeled text data is scarce and expensive, we follow developments in semi-supervised Natural Language Processing and implement a bootstrapping algorithm for extracting security entities and their relationships from text. The algorithm requires little input data, specifically, a few relations or patterns (heuristics for identifying relations), and incorporates an active learning component which queries the user on the most important decisions to prevent drifting from the desired relations. Preliminary testing on a small corpus shows promising results, obtaining precision of .82.","PeriodicalId":106769,"journal":{"name":"Proceedings of the 10th Annual Cyber and Information Security Research Conference","volume":"17 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-04-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127286307","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This paper describes the cyber security implications of additive manufacturing (also known as 3-D printing). Three-D printing has the potential to revolutionize manufacturing and there is substantial concern for the security of the storage, transfer and execution of 3-D models across digital networks and systems. While rapidly gaining in popularity and adoption by many entities, additive manufacturing is still in its infancy. Supporting the broadest possible applications the technology will demand the ability to demonstrate secure processes from ideas, design, prototyping, production and delivery. As with other technologies in the information revolution, additive manufacturing technology is at risk of outpacing a competent security infrastructure so research and solutions need to be tackled in concert with the 3-D boom.
{"title":"Cyber Security for Additive Manufacturing","authors":"S. Bridges, K. Keiser, Nathan Sissom, S. Graves","doi":"10.1145/2746266.2746280","DOIUrl":"https://doi.org/10.1145/2746266.2746280","url":null,"abstract":"This paper describes the cyber security implications of additive manufacturing (also known as 3-D printing). Three-D printing has the potential to revolutionize manufacturing and there is substantial concern for the security of the storage, transfer and execution of 3-D models across digital networks and systems. While rapidly gaining in popularity and adoption by many entities, additive manufacturing is still in its infancy. Supporting the broadest possible applications the technology will demand the ability to demonstrate secure processes from ideas, design, prototyping, production and delivery. As with other technologies in the information revolution, additive manufacturing technology is at risk of outpacing a competent security infrastructure so research and solutions need to be tackled in concert with the 3-D boom.","PeriodicalId":106769,"journal":{"name":"Proceedings of the 10th Annual Cyber and Information Security Research Conference","volume":"25 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-04-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130968624","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Xingsi Zhong, Paranietharan Arunagirinathan, A. Ahmadi, R. Brooks, G. Venayagamoorthy
The deployment of synchrophasor devices such as Phasor Measurement Units (PMUs) in an electric power grid enhances real-time monitoring, analysis and control of grid operations. PMU information is sensitive, and any missing or incorrect PMU data could lead to grid failure and/or damage. Therefore, it is important to use encrypted communication channels to avoid any cyber attack. However, encrypted communication channels are vulnerable to side-channel attacks. In this study, side-channel attacks using packet sizes and/or inter-packet timing delays differentiate the stream of packets from any given PMU within an encrypted tunnel. This is investigated under different experimental settings. Also, virtual private network vulnerabilities due to side-channel analysis are discussed.
{"title":"Side-Channels in Electric Power Synchrophasor Network Data Traffic","authors":"Xingsi Zhong, Paranietharan Arunagirinathan, A. Ahmadi, R. Brooks, G. Venayagamoorthy","doi":"10.1145/2746266.2746269","DOIUrl":"https://doi.org/10.1145/2746266.2746269","url":null,"abstract":"The deployment of synchrophasor devices such as Phasor Measurement Units (PMUs) in an electric power grid enhances real-time monitoring, analysis and control of grid operations. PMU information is sensitive, and any missing or incorrect PMU data could lead to grid failure and/or damage. Therefore, it is important to use encrypted communication channels to avoid any cyber attack. However, encrypted communication channels are vulnerable to side-channel attacks. In this study, side-channel attacks using packet sizes and/or inter-packet timing delays differentiate the stream of packets from any given PMU within an encrypted tunnel. This is investigated under different experimental settings. Also, virtual private network vulnerabilities due to side-channel analysis are discussed.","PeriodicalId":106769,"journal":{"name":"Proceedings of the 10th Annual Cyber and Information Security Research Conference","volume":"435 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-04-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133684211","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Botnets evolve quickly to outwit police and security researchers. Since they first appeared in 1993, there have been significant botnet countermeasures. Unfortunately, countermeasures, especially takedown operations, are not particularly effective. They destroy research honeypots and stimulate botmasters to find creative ways to hide. Botnet reactions to countermeasures are more effective than countermeasures. Also, botnets are no longer confined to PCs. Android and iOS platforms are increasingly attractive targets. This paper focuses on recent countermeasures against botnets and counter-countermeasures of botmasters. We look at side effects of botnet takedowns as insight into botnet countermeasures. Then, botnet counter-countermeasures against two-factor-authentication (2FA) are discussed in Android and iOS platform. Representative botnet-in-the-mobile (BITM) implementations against 2FA are compared, and a theoretical iOS-based botnet against 2FA is described. Botnet counter-countermeasures against keyloggers are discussed. More attention needs to be paid to botnet issues.
{"title":"Analysis of Botnet Counter-Counter-Measures","authors":"Yu Fu, Benafsh Husain, R. Brooks","doi":"10.1145/2746266.2746275","DOIUrl":"https://doi.org/10.1145/2746266.2746275","url":null,"abstract":"Botnets evolve quickly to outwit police and security researchers. Since they first appeared in 1993, there have been significant botnet countermeasures. Unfortunately, countermeasures, especially takedown operations, are not particularly effective. They destroy research honeypots and stimulate botmasters to find creative ways to hide. Botnet reactions to countermeasures are more effective than countermeasures. Also, botnets are no longer confined to PCs. Android and iOS platforms are increasingly attractive targets. This paper focuses on recent countermeasures against botnets and counter-countermeasures of botmasters. We look at side effects of botnet takedowns as insight into botnet countermeasures. Then, botnet counter-countermeasures against two-factor-authentication (2FA) are discussed in Android and iOS platform. Representative botnet-in-the-mobile (BITM) implementations against 2FA are compared, and a theoretical iOS-based botnet against 2FA is described. Botnet counter-countermeasures against keyloggers are discussed. More attention needs to be paid to botnet issues.","PeriodicalId":106769,"journal":{"name":"Proceedings of the 10th Annual Cyber and Information Security Research Conference","volume":"40 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-04-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128687107","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In this paper, an observer based cyber-attack detection and estimation methodology for cyber physical systems is presented. The cyber-attack is considered to influence the physical part of the cyber physical system that compromises human safety. The cyber-attacks are considered to affect the sensors and the actuators in the sub-systems as well as the software programs of the control systems in the cyber physical system. The whole system is modeled as a hybrid system to incorporate the discrete and continuous part of the cyber physical system and a sliding mode based observer is designed for the detection of these cyber-attacks. For simulation purposes, this paper considers different cyber-attacks on the battery sub-system of modern automobiles and the simulation results of attack detection are presented in the paper.
{"title":"Observer Design Based Cyber Security for Cyber Physical Systems","authors":"Z. Biron, P. Pisu, B. Homchaudhuri","doi":"10.1145/2746266.2746272","DOIUrl":"https://doi.org/10.1145/2746266.2746272","url":null,"abstract":"In this paper, an observer based cyber-attack detection and estimation methodology for cyber physical systems is presented. The cyber-attack is considered to influence the physical part of the cyber physical system that compromises human safety. The cyber-attacks are considered to affect the sensors and the actuators in the sub-systems as well as the software programs of the control systems in the cyber physical system. The whole system is modeled as a hybrid system to incorporate the discrete and continuous part of the cyber physical system and a sliding mode based observer is designed for the detection of these cyber-attacks. For simulation purposes, this paper considers different cyber-attacks on the battery sub-system of modern automobiles and the simulation results of attack detection are presented in the paper.","PeriodicalId":106769,"journal":{"name":"Proceedings of the 10th Annual Cyber and Information Security Research Conference","volume":"25 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-04-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126268702","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
J. M. Hernández, Aaron Ferber, S. Prowell, L. Hively
Energy Delivery Systems (EDS) are a network of processes that produce, transfer and distribute energy. EDS are increasingly dependent on networked computing assets, as are many Industrial Control Systems. Consequently, cyber-attacks pose a real and pertinent threat, as evidenced by Stuxnet, Shamoon and Dragonfly. Hence, there is a critical need for novel methods to detect, prevent, and mitigate effects of such attacks. To detect cyber-attacks in EDS, we developed a framework for gathering and analyzing timing data that involves establishing a baseline execution profile and then capturing the effect of perturbations in the state from injecting various malware. The data analysis was based on nonlinear dynamics and graph theory to improve detection of anomalous events in cyber applications. The goal was the extraction of changing dynamics or anomalous activity in the underlying computer system. Takens' theorem in nonlinear dynamics allows reconstruction of topologically invariant, time-delay-embedding states from the computer data in a sufficiently high-dimensional space. The resultant dynamical states were nodes, and the state-to-state transitions were links in a mathematical graph. Alternatively, sequential tabulation of executing instructions provides the nodes with corresponding instruction-to-instruction links. Graph theorems guarantee graph-invariant measures to quantify the dynamical changes in the running applications. Results showed a successful detection of cyber events.
{"title":"Phase-Space Detection of Cyber Events","authors":"J. M. Hernández, Aaron Ferber, S. Prowell, L. Hively","doi":"10.1145/2746266.2746279","DOIUrl":"https://doi.org/10.1145/2746266.2746279","url":null,"abstract":"Energy Delivery Systems (EDS) are a network of processes that produce, transfer and distribute energy. EDS are increasingly dependent on networked computing assets, as are many Industrial Control Systems. Consequently, cyber-attacks pose a real and pertinent threat, as evidenced by Stuxnet, Shamoon and Dragonfly. Hence, there is a critical need for novel methods to detect, prevent, and mitigate effects of such attacks. To detect cyber-attacks in EDS, we developed a framework for gathering and analyzing timing data that involves establishing a baseline execution profile and then capturing the effect of perturbations in the state from injecting various malware. The data analysis was based on nonlinear dynamics and graph theory to improve detection of anomalous events in cyber applications. The goal was the extraction of changing dynamics or anomalous activity in the underlying computer system. Takens' theorem in nonlinear dynamics allows reconstruction of topologically invariant, time-delay-embedding states from the computer data in a sufficiently high-dimensional space. The resultant dynamical states were nodes, and the state-to-state transitions were links in a mathematical graph. Alternatively, sequential tabulation of executing instructions provides the nodes with corresponding instruction-to-instruction links. Graph theorems guarantee graph-invariant measures to quantify the dynamical changes in the running applications. Results showed a successful detection of cyber events.","PeriodicalId":106769,"journal":{"name":"Proceedings of the 10th Annual Cyber and Information Security Research Conference","volume":"56 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-04-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126675030","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: