Pub Date : 2018-10-09DOI: 10.4108/EAI.13-7-2018.155168
Tommy Chin, Kaiqi Xiong, M. Rahouti
Software-Defined Networking (SDN) has encountered serious Denial of Service (DoS) attacks. However, existing approaches cannot sufficiently address the serious attacks in the real world because they often present significant overhead and they require long detection and mitigation time. In this paper, we propose a lightweight kernel-level intrusion detection and prevention framework called KernelDetect, which leverages modular string searching and filtering mechanisms with SDN techniques. In KernelDetect, we sufficiently utilize the strengths of the Aho-Corasick and Bloom filter to design KernelDetect by using SDN. We further experimentally compare it with SNORT and BROS, two conventional and popular Intrusion Detection and Prevention System (IDPS) on the Global Environment for Networking Innovations (GENI), a real-world testbed. Our comprehensive studies through experimental data and analysis show that KernelDetect is more efficient and effective than SNORT and BROS. Received on 01 May 2018; accepted on 02 June 2018; published on 09 October 2018
{"title":"Kernel-Space Intrusion Detection Using Software-Defined Networking","authors":"Tommy Chin, Kaiqi Xiong, M. Rahouti","doi":"10.4108/EAI.13-7-2018.155168","DOIUrl":"https://doi.org/10.4108/EAI.13-7-2018.155168","url":null,"abstract":"Software-Defined Networking (SDN) has encountered serious Denial of Service (DoS) attacks. However, existing approaches cannot sufficiently address the serious attacks in the real world because they often present significant overhead and they require long detection and mitigation time. In this paper, we propose a lightweight kernel-level intrusion detection and prevention framework called KernelDetect, which leverages modular string searching and filtering mechanisms with SDN techniques. In KernelDetect, we sufficiently utilize the strengths of the Aho-Corasick and Bloom filter to design KernelDetect by using SDN. We further experimentally compare it with SNORT and BROS, two conventional and popular Intrusion Detection and Prevention System (IDPS) on the Global Environment for Networking Innovations (GENI), a real-world testbed. Our comprehensive studies through experimental data and analysis show that KernelDetect is more efficient and effective than SNORT and BROS. Received on 01 May 2018; accepted on 02 June 2018; published on 09 October 2018","PeriodicalId":335727,"journal":{"name":"EAI Endorsed Trans. Security Safety","volume":"82 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-10-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116447923","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Many traditional machine learning and deep learning algorithms work as a black box and lack interpretability. Attention-based mechanisms can be used to address the interpretability of such models by providing insights into the features that a model uses to make its decisions. Recent success of attention-based mechanisms in natural language processing motivates us to apply the idea for security vetting of Android apps. An Android app’s code contains API-calls that can provide clues regarding the malicious or benign nature of an app. By observing the pattern of the API-calls being invoked, we can interpret the predictions of a model trained to separate benign apps from malicious apps. In this paper, using the attention mechanism, we aim to find the API-calls that are predictive with respect to the maliciousness of Android apps. More specifically, we target to identify a set of API-calls that malicious apps exploit, which might help the community discover new signatures of malware. In our experiment, we work with two attention-based models: Bi-LSTM Attention and Self-Attention. Our classification models achieve high accuracy in malware detection. Using the attention weights, we also extract the top 200 API-calls (that reflect the malicious behavior of the apps) from each of these two models, and we observe that there is significant overlap between the top 200 API-calls identified by the two models. This result increases our confidence that the top 200 API-calls can be used to improve the interpretability of the models. Received on 14 July 2021; accepted on 03 August 2021; published on 27 September 2021
{"title":"Leveraging attention-based deep neural networks for security vetting of Android applications","authors":"Prabesh Pathak, Prabesh Poudel, Sankardas Roy, Doina Caragea","doi":"10.4108/eai.27-9-2021.171168","DOIUrl":"https://doi.org/10.4108/eai.27-9-2021.171168","url":null,"abstract":"Many traditional machine learning and deep learning algorithms work as a black box and lack interpretability. Attention-based mechanisms can be used to address the interpretability of such models by providing insights into the features that a model uses to make its decisions. Recent success of attention-based mechanisms in natural language processing motivates us to apply the idea for security vetting of Android apps. An Android app’s code contains API-calls that can provide clues regarding the malicious or benign nature of an app. By observing the pattern of the API-calls being invoked, we can interpret the predictions of a model trained to separate benign apps from malicious apps. In this paper, using the attention mechanism, we aim to find the API-calls that are predictive with respect to the maliciousness of Android apps. More specifically, we target to identify a set of API-calls that malicious apps exploit, which might help the community discover new signatures of malware. In our experiment, we work with two attention-based models: Bi-LSTM Attention and Self-Attention. Our classification models achieve high accuracy in malware detection. Using the attention weights, we also extract the top 200 API-calls (that reflect the malicious behavior of the apps) from each of these two models, and we observe that there is significant overlap between the top 200 API-calls identified by the two models. This result increases our confidence that the top 200 API-calls can be used to improve the interpretability of the models. Received on 14 July 2021; accepted on 03 August 2021; published on 27 September 2021","PeriodicalId":335727,"journal":{"name":"EAI Endorsed Trans. Security Safety","volume":"70 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-07-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124878251","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-07-13DOI: 10.4108/eai.28-1-2021.168506
Tianrou Xia, Yuanyi Sun, Sencun Zhu, Z. Rasheed, K. Shafique
Ransomware is a kind of malware using cryptographic mechanisms to prevent victims from normal use of their computers. As a result, victims lose the access to their files and desktops unless they pay the ransom to the attackers. By the end of 2019, ransomware attack had caused more than 10 billion dollars of financial loss to enterprises and individuals. In this work, we propose Network-Assisted Approach (NAA), which contains effective local detection and network-level detection mechanisms, to help users determine whether a machine has been infected by ransomware. To evaluate its performance, we built 100 containers in Docker to simulate network scenarios. A hybrid ransomware sample which is close to real-world ransomware is deployed on stimulative infected machines. The experiment results show that our network-level detection mechanisms are separately applicable to WAN and LAN environments for ransomware detection.
{"title":"Toward A Network-Assisted Approach for Effective Ransomware Detection","authors":"Tianrou Xia, Yuanyi Sun, Sencun Zhu, Z. Rasheed, K. Shafique","doi":"10.4108/eai.28-1-2021.168506","DOIUrl":"https://doi.org/10.4108/eai.28-1-2021.168506","url":null,"abstract":"Ransomware is a kind of malware using cryptographic mechanisms to prevent victims from normal use of their computers. As a result, victims lose the access to their files and desktops unless they pay the ransom to the attackers. By the end of 2019, ransomware attack had caused more than 10 billion dollars of financial loss to enterprises and individuals. In this work, we propose Network-Assisted Approach (NAA), which contains effective local detection and network-level detection mechanisms, to help users determine whether a machine has been infected by ransomware. To evaluate its performance, we built 100 containers in Docker to simulate network scenarios. A hybrid ransomware sample which is close to real-world ransomware is deployed on stimulative infected machines. The experiment results show that our network-level detection mechanisms are separately applicable to WAN and LAN environments for ransomware detection.","PeriodicalId":335727,"journal":{"name":"EAI Endorsed Trans. Security Safety","volume":"382 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-07-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126842296","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-07-13DOI: 10.4108/eai.4-2-2021.168648
Deeraj Nagothu, Yu Chen, Alexander J. Aved, E. Blasch
Large scale Internet of Video Things (IoVT) supports situation awareness for smart cities; however, the rapid development in artificial intelligence (AI) technologies enables fake video/audio streams and doctored images to fool smart city security operators. Authenticating visual/audio feeds becomes essential for safety and security, from which an Electric Network Frequency (ENF) signal collected from the power grid is a prominent authentication mechanism. This paper proposes an ENF-based Video Authentication method using steady Superpixels (EVAS). Video superpixels group the pixels with uniform intensities and textures to eliminate the impacts from the fluctuations in the ENF estimation. An extensive experimental study validated the effectiveness of the EVAS system. Aiming at the environments with interconnected surveillance camera systems at the edge powered by an electricity grid, the proposed EVAS system achieved the design goal of detecting dissimilarities in the image sequences. Received on 14 December 2020; accepted on 26 January 2021; published on 04 February 2021
{"title":"Authenticating Video Feeds using Electric Network Frequency Estimation at the Edge","authors":"Deeraj Nagothu, Yu Chen, Alexander J. Aved, E. Blasch","doi":"10.4108/eai.4-2-2021.168648","DOIUrl":"https://doi.org/10.4108/eai.4-2-2021.168648","url":null,"abstract":"Large scale Internet of Video Things (IoVT) supports situation awareness for smart cities; however, the rapid development in artificial intelligence (AI) technologies enables fake video/audio streams and doctored images to fool smart city security operators. Authenticating visual/audio feeds becomes essential for safety and security, from which an Electric Network Frequency (ENF) signal collected from the power grid is a prominent authentication mechanism. This paper proposes an ENF-based Video Authentication method using steady Superpixels (EVAS). Video superpixels group the pixels with uniform intensities and textures to eliminate the impacts from the fluctuations in the ENF estimation. An extensive experimental study validated the effectiveness of the EVAS system. Aiming at the environments with interconnected surveillance camera systems at the edge powered by an electricity grid, the proposed EVAS system achieved the design goal of detecting dissimilarities in the image sequences. Received on 14 December 2020; accepted on 26 January 2021; published on 04 February 2021","PeriodicalId":335727,"journal":{"name":"EAI Endorsed Trans. Security Safety","volume":"62 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-07-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121958236","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-07-13DOI: 10.4108/eai.30-6-2020.166283
Najm-u Saqib, Vasileios Germanos, W. Zeng, L. Maglaras
Privacy and information security have consistently been a priority for the European Union lawmaker. This paper investigates the security requirements of the General Data Protection Regulation (GDPR) and the Directive on security of network and information systems (NISD). This investigation incorporates what is unique about the NISD; how it overlaps with existing frameworks; and how security requirements in the GDPR influence the NISD. This mapping of requirements can help businesses and organizations to distinguish possible difficulties that may experience while conforming to GDPR and NISD, and help them create a consistent cybersecurity framework and structure new security plans. Received on 06 July 2020; accepted on 31 August 2020; published on 03 September 2020
{"title":"Mapping of the Security Requirements of GDPR and NISD","authors":"Najm-u Saqib, Vasileios Germanos, W. Zeng, L. Maglaras","doi":"10.4108/eai.30-6-2020.166283","DOIUrl":"https://doi.org/10.4108/eai.30-6-2020.166283","url":null,"abstract":"Privacy and information security have consistently been a priority for the European Union lawmaker. This paper investigates the security requirements of the General Data Protection Regulation (GDPR) and the Directive on security of network and information systems (NISD). This investigation incorporates what is unique about the NISD; how it overlaps with existing frameworks; and how security requirements in the GDPR influence the NISD. This mapping of requirements can help businesses and organizations to distinguish possible difficulties that may experience while conforming to GDPR and NISD, and help them create a consistent cybersecurity framework and structure new security plans. Received on 06 July 2020; accepted on 31 August 2020; published on 03 September 2020","PeriodicalId":335727,"journal":{"name":"EAI Endorsed Trans. Security Safety","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-07-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126062091","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-07-13DOI: 10.4108/eai.13-7-2018.165516
Mazen Alwadi, Amro Awad
The constant need for larger memories and the diversity of workloads have drove the system vendors away from the conventional processor-centric architecture into a memory-centric architecture. Memorycentric architecture, allows multiple computing nodes to connect to a huge shared memory pool and access it directly. To improve the performance, each node uses a small local memory to cache the data. These architectures introduce several problems when memory encryption and integrity verification are implemented. For instance, using a single integrity tree to protect both memories can introduce unnecessary overheads. Therefore, we propose Split-Tree, which implements a separate integrity tree for each memory. Later, we analyze the system performance, and the security metadata caches behavior when separate trees are used. We use the gathered insights to improve the security metadata caching for the separate trees and ultimately improve the system performance. Received on 16 June 2020; accepted on 07 July 2020; published on 11 August 2020
{"title":"Caching Techniques for Security Metadata in Integrity-Protected Fabric-Attached Memories","authors":"Mazen Alwadi, Amro Awad","doi":"10.4108/eai.13-7-2018.165516","DOIUrl":"https://doi.org/10.4108/eai.13-7-2018.165516","url":null,"abstract":"The constant need for larger memories and the diversity of workloads have drove the system vendors away from the conventional processor-centric architecture into a memory-centric architecture. Memorycentric architecture, allows multiple computing nodes to connect to a huge shared memory pool and access it directly. To improve the performance, each node uses a small local memory to cache the data. These architectures introduce several problems when memory encryption and integrity verification are implemented. For instance, using a single integrity tree to protect both memories can introduce unnecessary overheads. Therefore, we propose Split-Tree, which implements a separate integrity tree for each memory. Later, we analyze the system performance, and the security metadata caches behavior when separate trees are used. We use the gathered insights to improve the security metadata caching for the separate trees and ultimately improve the system performance. Received on 16 June 2020; accepted on 07 July 2020; published on 11 August 2020","PeriodicalId":335727,"journal":{"name":"EAI Endorsed Trans. Security Safety","volume":"62 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-07-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133263141","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-05-15DOI: 10.4108/eai.15-5-2018.154769
L. Maglaras, G. Drivas, Kleanthis Noou, Stylianos Rallis
The directive on security of network and information systems (NIS directive) is one of the latest steps that the EU has taken in order to strengthen security of its systems. The directive describes specific steps that each member state should follow. Greece that has recently published its cyber security strategy is moving towards the implementation of the NIS directive. The road ahead is long and a cooperation in both technical and strategic level is needed. This article describes the roadmap of the implementation of the NIS directive in Greece, the milestones, the problems and possible solutions.
{"title":"NIS directive: The case of Greece","authors":"L. Maglaras, G. Drivas, Kleanthis Noou, Stylianos Rallis","doi":"10.4108/eai.15-5-2018.154769","DOIUrl":"https://doi.org/10.4108/eai.15-5-2018.154769","url":null,"abstract":"The directive on security of network and information systems (NIS directive) is one of the latest steps that the EU has taken in order to strengthen security of its systems. The directive describes specific steps that each member state should follow. Greece that has recently published its cyber security strategy is moving towards the implementation of the NIS directive. The road ahead is long and a cooperation in both technical and strategic level is needed. This article describes the roadmap of the implementation of the NIS directive in Greece, the milestones, the problems and possible solutions.","PeriodicalId":335727,"journal":{"name":"EAI Endorsed Trans. Security Safety","volume":"115 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-05-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133652494","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-05-15DOI: 10.4108/eai.15-5-2018.154773
Ebrima N. Ceesay, K. Myers, P. Watters
Human error contributes to information system losses. Exposure to significant risk will continue and is not effectively addressed with conventional training. Broader strategy that addresses the social system is recommended. Such strategies have been successfully developed in industrial settings to deal with workplace hazards that are functionally similar to cyber loss. Four of these strategies are reviewed and found to be relevant to the needs of the IT-enabled organization in mitigating cyber security risks. These strategies are not consistent with each other or uniformly applicable, however, and would need to be adapted to contemporary knowledge work settings and used cautiously. Long-term institutionalization and development of organizational practices pose further challenges. While a holistic, sociotechnical systems (STS) approach to cyber security requires significant effort, IT-enabled organizations, as industrial organizations before them, will realize the effort is justified.
{"title":"Human-centered strategies for cyber-physical systems security","authors":"Ebrima N. Ceesay, K. Myers, P. Watters","doi":"10.4108/eai.15-5-2018.154773","DOIUrl":"https://doi.org/10.4108/eai.15-5-2018.154773","url":null,"abstract":"Human error contributes to information system losses. Exposure to significant risk will continue and is not effectively addressed with conventional training. Broader strategy that addresses the social system is recommended. Such strategies have been successfully developed in industrial settings to deal with workplace hazards that are functionally similar to cyber loss. Four of these strategies are reviewed and found to be relevant to the needs of the IT-enabled organization in mitigating cyber security risks. These strategies are not consistent with each other or uniformly applicable, however, and would need to be adapted to contemporary knowledge work settings and used cautiously. Long-term institutionalization and development of organizational practices pose further challenges. While a holistic, sociotechnical systems (STS) approach to cyber security requires significant effort, IT-enabled organizations, as industrial organizations before them, will realize the effort is justified.","PeriodicalId":335727,"journal":{"name":"EAI Endorsed Trans. Security Safety","volume":"184 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-05-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115218021","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-05-07DOI: 10.4108/eai.10-1-2019.156245
I. Homoliak, Martin Teknos, Martín Ochoa, Dominik Breitenbacher, S. Hosseini, P. Hanáček
Machine-learning based intrusion detection classifiers are able to detect unknown attacks, but at the same time, they may be susceptible to evasion by obfuscation techniques. An adversary intruder which possesses a crucial knowledge about a protection system can easily bypass the detection module. The main objective of our work is to improve the performance capabilities of intrusion detection classifiers against such adversaries. To this end, we firstly propose several obfuscation techniques of remote attacks that are based on the modification of various properties of network connections; then we conduct a set of comprehensive experiments to evaluate the effectiveness of intrusion detection classifiers against obfuscated attacks. We instantiate our approach by means of a tool, based on NetEm and Metasploit, which implements our obfuscation operators on any TCP communication. This allows us to generate modified network traffic for machine learning experiments employing features for assessing network statistics and behavior of TCP connections. We perform the evaluation of five classifiers: Gaussian Naive Bayes, Gaussian Naive Bayes with kernel density estimation, Logistic Regression, Decision Tree, and Support Vector Machines. Our experiments confirm the assumption that it is possible to evade the intrusion detection capability of all classifiers trained without prior knowledge about obfuscated attacks, causing an exacerbation of the TPR ranging from 7.8% to 66.8%. Further, when widening the training knowledge of the classifiers by a subset of obfuscated attacks, we achieve a significant improvement of the TPR by 4.21% - 73.3%, while the FPR is deteriorated only slightly (0.1% - 1.48%). Finally, we test the capability of an obfuscations-aware classifier to detect unknown obfuscated attacks, where we achieve over 90% detection rate on average for most of the obfuscations.
{"title":"Improving Network Intrusion Detection Classifiers by Non-payload-Based Exploit-Independent Obfuscations: An Adversarial Approach","authors":"I. Homoliak, Martin Teknos, Martín Ochoa, Dominik Breitenbacher, S. Hosseini, P. Hanáček","doi":"10.4108/eai.10-1-2019.156245","DOIUrl":"https://doi.org/10.4108/eai.10-1-2019.156245","url":null,"abstract":"Machine-learning based intrusion detection classifiers are able to detect unknown attacks, but at the same time, they may be susceptible to evasion by obfuscation techniques. An adversary intruder which possesses a crucial knowledge about a protection system can easily bypass the detection module. The main objective of our work is to improve the performance capabilities of intrusion detection classifiers against such adversaries. To this end, we firstly propose several obfuscation techniques of remote attacks that are based on the modification of various properties of network connections; then we conduct a set of comprehensive experiments to evaluate the effectiveness of intrusion detection classifiers against obfuscated attacks. We instantiate our approach by means of a tool, based on NetEm and Metasploit, which implements our obfuscation operators on any TCP communication. This allows us to generate modified network traffic for machine learning experiments employing features for assessing network statistics and behavior of TCP connections. We perform the evaluation of five classifiers: Gaussian Naive Bayes, Gaussian Naive Bayes with kernel density estimation, Logistic Regression, Decision Tree, and Support Vector Machines. Our experiments confirm the assumption that it is possible to evade the intrusion detection capability of all classifiers trained without prior knowledge about obfuscated attacks, causing an exacerbation of the TPR ranging from 7.8% to 66.8%. Further, when widening the training knowledge of the classifiers by a subset of obfuscated attacks, we achieve a significant improvement of the TPR by 4.21% - 73.3%, while the FPR is deteriorated only slightly (0.1% - 1.48%). Finally, we test the capability of an obfuscations-aware classifier to detect unknown obfuscated attacks, where we achieve over 90% detection rate on average for most of the obfuscations.","PeriodicalId":335727,"journal":{"name":"EAI Endorsed Trans. Security Safety","volume":"100 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-05-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122314164","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: