Pub Date : 2021-12-06DOI: 10.1109/FMEC54266.2021.9732562
Vu San Ha Huynh, Milena Radenkovic, Ning Wang
Current edge cloud providers offer a wide range of on-demand private and public cloud services for customers. Predictive demand monitoring and supply optimisation are necessary to deliver truly elastic distributed edge cloud services with resizable resource and compute capacity to adapt to dynamically changing customer requirements. However, current state-of-the-art monitoring and provisioning systems remain reactive which often results in over or under service provisioning, incurring unnecessary costs for customers or deterioration in the quality of service for the end-user. This paper proposes an adaptive protocol, ARPP, that enables distributed real-time demand monitoring and automatic resource provision based on the dynamically changing spatial-temporal workload patterns. ARPP leverages distributed predictive analytics and deep reinforcement learning at the edges to predict the dynamically changing spatial-temporal demand and allocate the appropriate amount of resources at the right times and right locations. We show that ARPP outperforms benchmark and state of the art algorithms across a range of criteria in the face of dynamically changing mobile real-world topologies and user interest patterns.
{"title":"Distributed Spatial-Temporal Demand and Topology Aware Resource Provisioning for Edge Cloud Services","authors":"Vu San Ha Huynh, Milena Radenkovic, Ning Wang","doi":"10.1109/FMEC54266.2021.9732562","DOIUrl":"https://doi.org/10.1109/FMEC54266.2021.9732562","url":null,"abstract":"Current edge cloud providers offer a wide range of on-demand private and public cloud services for customers. Predictive demand monitoring and supply optimisation are necessary to deliver truly elastic distributed edge cloud services with resizable resource and compute capacity to adapt to dynamically changing customer requirements. However, current state-of-the-art monitoring and provisioning systems remain reactive which often results in over or under service provisioning, incurring unnecessary costs for customers or deterioration in the quality of service for the end-user. This paper proposes an adaptive protocol, ARPP, that enables distributed real-time demand monitoring and automatic resource provision based on the dynamically changing spatial-temporal workload patterns. ARPP leverages distributed predictive analytics and deep reinforcement learning at the edges to predict the dynamically changing spatial-temporal demand and allocate the appropriate amount of resources at the right times and right locations. We show that ARPP outperforms benchmark and state of the art algorithms across a range of criteria in the face of dynamically changing mobile real-world topologies and user interest patterns.","PeriodicalId":217996,"journal":{"name":"2021 Sixth International Conference on Fog and Mobile Edge Computing (FMEC)","volume":"5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-12-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116499295","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-12-06DOI: 10.1109/FMEC54266.2021.9732556
M. Kourtis, Andreas Oikonomakis, D. Papadopoulos, G. Xilouris, I. Chochliouros
Novel cybersecurity solutions tend to adopt new mechanisms from emerging fields in order to confront zero-day attacks and unknown signature threats. Deep learning techniques have attracted the interest of the cybersecurity domain, as they offer the flexibility to be trained for various objects and targets, amongst them network anomaly detection. Traditional network anomaly detection methods rely on predefined threats signature pattern, whereas deep learning ones can combine different attributes of network flows and packet payloads. In this paper a deep learning-based method for network anomaly detection is presented in the frame of the PALANTIR project. PALANTIR aims to develop an end-to-end cybersecurity solution for SMEs, providing virtualized security services for various attack threats. Regarding the current study, the proposed deep learning method was evaluated for its accuracy on two widely used security databases, performing anomaly detection, while performing flow monitoring. The developed framework shows promising results in terms of accuracy and sets the steppingstone for further adoption of deep learning mechanisms in the cybersecurity field.
{"title":"Leveraging Deep Learning for Network Anomaly Detection","authors":"M. Kourtis, Andreas Oikonomakis, D. Papadopoulos, G. Xilouris, I. Chochliouros","doi":"10.1109/FMEC54266.2021.9732556","DOIUrl":"https://doi.org/10.1109/FMEC54266.2021.9732556","url":null,"abstract":"Novel cybersecurity solutions tend to adopt new mechanisms from emerging fields in order to confront zero-day attacks and unknown signature threats. Deep learning techniques have attracted the interest of the cybersecurity domain, as they offer the flexibility to be trained for various objects and targets, amongst them network anomaly detection. Traditional network anomaly detection methods rely on predefined threats signature pattern, whereas deep learning ones can combine different attributes of network flows and packet payloads. In this paper a deep learning-based method for network anomaly detection is presented in the frame of the PALANTIR project. PALANTIR aims to develop an end-to-end cybersecurity solution for SMEs, providing virtualized security services for various attack threats. Regarding the current study, the proposed deep learning method was evaluated for its accuracy on two widely used security databases, performing anomaly detection, while performing flow monitoring. The developed framework shows promising results in terms of accuracy and sets the steppingstone for further adoption of deep learning mechanisms in the cybersecurity field.","PeriodicalId":217996,"journal":{"name":"2021 Sixth International Conference on Fog and Mobile Edge Computing (FMEC)","volume":"37 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-12-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131626498","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-12-06DOI: 10.1109/FMEC54266.2021.9732568
F. Siddiqui, Rafiullah Khan, S. Sezer
The integration of intelligent functionalities in con-nected and autonomous automotive system has great potential to deliver personalised user experience and improve traffic manage-ment. It can benefit the society by improving highway capacity and safety of road users. The adoption of data-driven Artificial Intelligence and Machine Learning models in the automotive sector is opening venues to new services and business models such as autonomous fleet management, self-driving trucks, robo-taxi etc. However, where the sharing of mix-critical data brings opportunities, it simultaneously presents serious cybersecurity and functional safety risks. In recent years, the cyber attacks have impacted every segment of automotive system including electronic control unit, infotainment, communications, firmware, mobile apps etc. This adoption of AI and ML as enabling technology for next-generation autonomous transportation systems is going to significantly widen the automotive attack surface. This trend has increasing tendency of exposing both vehicle and road -side infrastructure to a wide range of sophisticated cyber attacks. This paper aims to review and build a body of knowledge on the topic of automotive cybersecurity, by bridging a domain-specific knowledge gap among automotive system designers, engineers and system security architects. For this purpose, it discuss the autonomous driving system data processing pipeline and threat analysis and risk assessment process of automotive cybersecurity standard ISO/SAE 21434 to harness and harden automotive cybersecurity. It highlights automotive system architectural and ecosystem challenges in adopting AI and ML driven decision making.
{"title":"Bird's-eye view on the Automotive Cybersecurity Landscape & Challenges in adopting AI/ML","authors":"F. Siddiqui, Rafiullah Khan, S. Sezer","doi":"10.1109/FMEC54266.2021.9732568","DOIUrl":"https://doi.org/10.1109/FMEC54266.2021.9732568","url":null,"abstract":"The integration of intelligent functionalities in con-nected and autonomous automotive system has great potential to deliver personalised user experience and improve traffic manage-ment. It can benefit the society by improving highway capacity and safety of road users. The adoption of data-driven Artificial Intelligence and Machine Learning models in the automotive sector is opening venues to new services and business models such as autonomous fleet management, self-driving trucks, robo-taxi etc. However, where the sharing of mix-critical data brings opportunities, it simultaneously presents serious cybersecurity and functional safety risks. In recent years, the cyber attacks have impacted every segment of automotive system including electronic control unit, infotainment, communications, firmware, mobile apps etc. This adoption of AI and ML as enabling technology for next-generation autonomous transportation systems is going to significantly widen the automotive attack surface. This trend has increasing tendency of exposing both vehicle and road -side infrastructure to a wide range of sophisticated cyber attacks. This paper aims to review and build a body of knowledge on the topic of automotive cybersecurity, by bridging a domain-specific knowledge gap among automotive system designers, engineers and system security architects. For this purpose, it discuss the autonomous driving system data processing pipeline and threat analysis and risk assessment process of automotive cybersecurity standard ISO/SAE 21434 to harness and harden automotive cybersecurity. It highlights automotive system architectural and ecosystem challenges in adopting AI and ML driven decision making.","PeriodicalId":217996,"journal":{"name":"2021 Sixth International Conference on Fog and Mobile Edge Computing (FMEC)","volume":"7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-12-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133248958","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-12-06DOI: 10.1109/FMEC54266.2021.9732583
Muhammad Zohaib Siddique
In real-time scenario, job allocation for individuals is the most important process of scheduling work. The cloud environment is enhancing rapidly and the consumers requests for better services and good results are also increasing. Meanwhile, there are some immense issues that are associated with job scheduling such as response time, deadline exception, and scalability. To overcome these problems, this research work proposed three enhanced real-time scheduling algorithms namely, Unfair Semi Greedy (USG), Earliest Dead-line First (EDF), and Earliest Dead-line until Zero Laxity (EDZL). This study enhances the previous research using real-time scheduling algorithm and resolving the scalability issues. With the addition of resource table, records of working virtual machines (VM's) updating simultaneously and as a result the response time of jobs has improved a lot, and a clear decrease in the average deadline exception can be observed. When the resource table updated dynamically, the efficiency of scheduling work is also improved. In the USG Algorithm, deadline-exception is found to be at minimum level. The EDZL and USG produce the least response-time, but the deadline-exception is found in increasing numbers in some cases.
{"title":"A Novel Technique for Job Scheduling Algorithm in Real- Time Virtual Cloud Environment","authors":"Muhammad Zohaib Siddique","doi":"10.1109/FMEC54266.2021.9732583","DOIUrl":"https://doi.org/10.1109/FMEC54266.2021.9732583","url":null,"abstract":"In real-time scenario, job allocation for individuals is the most important process of scheduling work. The cloud environment is enhancing rapidly and the consumers requests for better services and good results are also increasing. Meanwhile, there are some immense issues that are associated with job scheduling such as response time, deadline exception, and scalability. To overcome these problems, this research work proposed three enhanced real-time scheduling algorithms namely, Unfair Semi Greedy (USG), Earliest Dead-line First (EDF), and Earliest Dead-line until Zero Laxity (EDZL). This study enhances the previous research using real-time scheduling algorithm and resolving the scalability issues. With the addition of resource table, records of working virtual machines (VM's) updating simultaneously and as a result the response time of jobs has improved a lot, and a clear decrease in the average deadline exception can be observed. When the resource table updated dynamically, the efficiency of scheduling work is also improved. In the USG Algorithm, deadline-exception is found to be at minimum level. The EDZL and USG produce the least response-time, but the deadline-exception is found in increasing numbers in some cases.","PeriodicalId":217996,"journal":{"name":"2021 Sixth International Conference on Fog and Mobile Edge Computing (FMEC)","volume":"63 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-12-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114963587","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-12-06DOI: 10.1109/FMEC54266.2021.9732577
C. Roth, Marc Roßberger, Christoph Schreyer, D. Kesdogan
Efficient and intelligent traffic networks rely on the constant exchange of information between participants. For instance, navigation services benefit directly from the availability of real-time traffic information to suggest the most time-optimized and ecologically sustainable routes. This type of information is now commonplace and is formed based on extensive, microscopic movement profiles. This imposes direct constraints on the location privacy of users who implicitly or explicitly share such information. In this paper, we present STRIDE as a component of an ITS to gather real-time traffic information in a privacy-friendly manner, ultimately protecting data sources (i.e., users) against data misuse. Our architecture is designed around the concept of distributed trust, preventing attackers from tracking vehicles across the network, even if they succeed in compromising network components. We also achieve conformity to ETSI standards and conclude that real-world implementation of our architecture would be feasible. Thus, we evaluate STRIDE using SUMO and a real-world data set to analyze STRIDE's potential to provide accurate traffic information. Furthermore, we show that STRIDE ensures k-anonymity even in sparse traffic scenarios, eventually protecting location privacy of each vehicle.
{"title":"STRIDE: Secure Traffic Reporting Infrastructure based on Distributed Entities","authors":"C. Roth, Marc Roßberger, Christoph Schreyer, D. Kesdogan","doi":"10.1109/FMEC54266.2021.9732577","DOIUrl":"https://doi.org/10.1109/FMEC54266.2021.9732577","url":null,"abstract":"Efficient and intelligent traffic networks rely on the constant exchange of information between participants. For instance, navigation services benefit directly from the availability of real-time traffic information to suggest the most time-optimized and ecologically sustainable routes. This type of information is now commonplace and is formed based on extensive, microscopic movement profiles. This imposes direct constraints on the location privacy of users who implicitly or explicitly share such information. In this paper, we present STRIDE as a component of an ITS to gather real-time traffic information in a privacy-friendly manner, ultimately protecting data sources (i.e., users) against data misuse. Our architecture is designed around the concept of distributed trust, preventing attackers from tracking vehicles across the network, even if they succeed in compromising network components. We also achieve conformity to ETSI standards and conclude that real-world implementation of our architecture would be feasible. Thus, we evaluate STRIDE using SUMO and a real-world data set to analyze STRIDE's potential to provide accurate traffic information. Furthermore, we show that STRIDE ensures k-anonymity even in sparse traffic scenarios, eventually protecting location privacy of each vehicle.","PeriodicalId":217996,"journal":{"name":"2021 Sixth International Conference on Fog and Mobile Edge Computing (FMEC)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-12-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129721507","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-12-06DOI: 10.1109/fmec54266.2021.9732544
{"title":"[Title page]","authors":"","doi":"10.1109/fmec54266.2021.9732544","DOIUrl":"https://doi.org/10.1109/fmec54266.2021.9732544","url":null,"abstract":"","PeriodicalId":217996,"journal":{"name":"2021 Sixth International Conference on Fog and Mobile Edge Computing (FMEC)","volume":"6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-12-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117164591","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-12-06DOI: 10.1109/FMEC54266.2021.9732564
Momo Shiraishi
Of late, a variety of data associated with individuals and organizations have been connected to the cyberspace. This trend is expected to become more increased in the future. This paper proposes a scheme to manage the database in an open network, particularly picking up the case of financial data. We confirm that the financial data is highly required to be managed maintaining the authenticity of users and transaction contents. Then, in order to manage the financial data in more realistic situations, a data management scheme is suggested that the data with small amounts and high frequency is transacted in an Internet environment, while high-value and infrequent transactions are conducted under a conventional system managed by banks, even connecting them one another. The technology that underpins the security of the data in open networks is a digital signature based on a key generated by a personal device. We summarize the data management scheme by ensuring security based on digital signature and by connecting the data with the database in a private network according to the need from the general prospect.
{"title":"Customized Database Management based on Digital Signature","authors":"Momo Shiraishi","doi":"10.1109/FMEC54266.2021.9732564","DOIUrl":"https://doi.org/10.1109/FMEC54266.2021.9732564","url":null,"abstract":"Of late, a variety of data associated with individuals and organizations have been connected to the cyberspace. This trend is expected to become more increased in the future. This paper proposes a scheme to manage the database in an open network, particularly picking up the case of financial data. We confirm that the financial data is highly required to be managed maintaining the authenticity of users and transaction contents. Then, in order to manage the financial data in more realistic situations, a data management scheme is suggested that the data with small amounts and high frequency is transacted in an Internet environment, while high-value and infrequent transactions are conducted under a conventional system managed by banks, even connecting them one another. The technology that underpins the security of the data in open networks is a digital signature based on a key generated by a personal device. We summarize the data management scheme by ensuring security based on digital signature and by connecting the data with the database in a private network according to the need from the general prospect.","PeriodicalId":217996,"journal":{"name":"2021 Sixth International Conference on Fog and Mobile Edge Computing (FMEC)","volume":"121 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-12-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116959262","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-12-06DOI: 10.1109/FMEC54266.2021.9732538
T. Welsh, E. Benkhelifa
Providing resilience, the notion of persistence service delivery in the face of challenges to operation, is seen as increasingly vital with the continued evolution of service-delivery paradigms such as Fog and Edge operating in hostile and uncertain environments. Additionally, to achieve resilience in these environments, a number of unconventional system and network architectures have been produced, which also require novel methods of resilience evaluation. Using a novel bio-inspired embryonic fog service delivery platform, we evaluate a number of graph resilience metrics and propose a new method using assortativity to evaluate the state of service fluctuations over time.
{"title":"The Resilient Edge: Evaluating Graph-based Metrics for Decentralised Service Delivery","authors":"T. Welsh, E. Benkhelifa","doi":"10.1109/FMEC54266.2021.9732538","DOIUrl":"https://doi.org/10.1109/FMEC54266.2021.9732538","url":null,"abstract":"Providing resilience, the notion of persistence service delivery in the face of challenges to operation, is seen as increasingly vital with the continued evolution of service-delivery paradigms such as Fog and Edge operating in hostile and uncertain environments. Additionally, to achieve resilience in these environments, a number of unconventional system and network architectures have been produced, which also require novel methods of resilience evaluation. Using a novel bio-inspired embryonic fog service delivery platform, we evaluate a number of graph resilience metrics and propose a new method using assortativity to evaluate the state of service fluctuations over time.","PeriodicalId":217996,"journal":{"name":"2021 Sixth International Conference on Fog and Mobile Edge Computing (FMEC)","volume":"179 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-12-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121842370","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-12-06DOI: 10.1109/FMEC54266.2021.9732550
Tianxiang He, Chansu Han, Takeshi Takahashi, S. Kijima, Jun’ichi Takeuchi
The number of IoT malware specimens has in-creased rapidly and diversified in recent years. To efficiently analyze a large number of malware specimens, we aim to reduce the calculation cost by clustering specimens with an incomplete distance matrix. Towards this goal, we applied the active clustering algorithm. In this algorithm, Mean-Field An-nealing (MFA) is used to determine the best clustering and the expected value of information criterion to actively choose which pair of specimens to observe its distance. We evaluated the active clustering algorithm with 3,008 mal ware specimens. By applying the active clustering algorithm, we only need to calculate 2.6 % of the whole distance matrix. The active clustering algorithm achieved 86.9% of family name accuracy and 96.5% of architecture name accuracy. Furthermore, the active clustering algorithm achieved the same level of accuracy as our former clustering algorithm with only 2.6 % observation, while our former algorithm needs to observe 7.2 % of the distance matrix. The observation reduction rate is 64 %.
{"title":"Scalable and Fast Hierarchical Clustering of IoT Malware Using Active Data Selection","authors":"Tianxiang He, Chansu Han, Takeshi Takahashi, S. Kijima, Jun’ichi Takeuchi","doi":"10.1109/FMEC54266.2021.9732550","DOIUrl":"https://doi.org/10.1109/FMEC54266.2021.9732550","url":null,"abstract":"The number of IoT malware specimens has in-creased rapidly and diversified in recent years. To efficiently analyze a large number of malware specimens, we aim to reduce the calculation cost by clustering specimens with an incomplete distance matrix. Towards this goal, we applied the active clustering algorithm. In this algorithm, Mean-Field An-nealing (MFA) is used to determine the best clustering and the expected value of information criterion to actively choose which pair of specimens to observe its distance. We evaluated the active clustering algorithm with 3,008 mal ware specimens. By applying the active clustering algorithm, we only need to calculate 2.6 % of the whole distance matrix. The active clustering algorithm achieved 86.9% of family name accuracy and 96.5% of architecture name accuracy. Furthermore, the active clustering algorithm achieved the same level of accuracy as our former clustering algorithm with only 2.6 % observation, while our former algorithm needs to observe 7.2 % of the distance matrix. The observation reduction rate is 64 %.","PeriodicalId":217996,"journal":{"name":"2021 Sixth International Conference on Fog and Mobile Edge Computing (FMEC)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-12-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130324292","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-12-06DOI: 10.1109/FMEC54266.2021.9732414
Akira Tanaka, Chansu Han, Takeshi Takahashi, K. Fujisawa
Identifying individual scan activities is a crucial and challenging activity for mitigating emerging cyber threats or gaining insights into security scans. Sophisticated adversaries distribute their scans over multiple hosts and operate with stealth; therefore, low-rate scans hide beneath other benign traffic. Although previous studies attempted to discover such stealth scans by observing the distribution of ports and hosts, well-organized scans are difficult to find. However, a scanner can embed a fingerprint into the packet fields to distinguish between the scan and other traffic. In this study, we propose a new algorithm to identify the flexible fingerprint in consideration of the genetic algorithm idea. To the best of our knowledge, this is the first such attempt. We successfully identified previously unknown fingerprints rather than existing ones through numer-ical experiments on darknet traffic. We analyzed the packets and discovered distinctive scan activities. Further, we collated the results with both cyber threat intelligence and investigation/large-scale scanner lists to ascertain the reliability of our model.
{"title":"Internet-Wide Scanner Fingerprint Identifier Based on TCP/IP Header","authors":"Akira Tanaka, Chansu Han, Takeshi Takahashi, K. Fujisawa","doi":"10.1109/FMEC54266.2021.9732414","DOIUrl":"https://doi.org/10.1109/FMEC54266.2021.9732414","url":null,"abstract":"Identifying individual scan activities is a crucial and challenging activity for mitigating emerging cyber threats or gaining insights into security scans. Sophisticated adversaries distribute their scans over multiple hosts and operate with stealth; therefore, low-rate scans hide beneath other benign traffic. Although previous studies attempted to discover such stealth scans by observing the distribution of ports and hosts, well-organized scans are difficult to find. However, a scanner can embed a fingerprint into the packet fields to distinguish between the scan and other traffic. In this study, we propose a new algorithm to identify the flexible fingerprint in consideration of the genetic algorithm idea. To the best of our knowledge, this is the first such attempt. We successfully identified previously unknown fingerprints rather than existing ones through numer-ical experiments on darknet traffic. We analyzed the packets and discovered distinctive scan activities. Further, we collated the results with both cyber threat intelligence and investigation/large-scale scanner lists to ascertain the reliability of our model.","PeriodicalId":217996,"journal":{"name":"2021 Sixth International Conference on Fog and Mobile Edge Computing (FMEC)","volume":"120 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-12-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114521062","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: