1,720,976 research outputs found
Effects of Geohashing and K-Means Clustering on Uniqueness in a Mobility Dataset
No full textIn the era of ubiquitous computing, the collection of users' geographical location is increasingly widespread. This represents an enabling technology, capable of creating new type of services but at the same time represents a new digital asset that needs to be protected in order to safeguard the users' privacy. In fact, exploiting everyday movements, it is possible for a threat actor to gather sensible information about the victims that can be leveraged afterwards. In this preliminary paper, we reproduced some major results in the field of re-identification of users' trajectories, validating them under scenarios where different countermeasures for geographical data are in place. Specifically, we tested generalization of spatial data using geohashing and K-means clustering. The results were obtained using a dataset that collects users from all over the world, allowing the clustering methods to range on very different scales. Results shows that, even if a strong data generalization is applied, users' trajectories keep their uniqueness, showing high re-identification ratios. Nevertheless, the usability issues typical of these techniques are still present, having only few tens of points for covering the entire globe which cannot be considered a general solution for every possible use case of such data
Hardening Random Forest Cyber Detectors Against Adversarial Attacks
Full text linkMachine learning algorithms are effective in several applications, but they are not as much successful when applied to intrusion detection in cyber security. Due to the high sensitivity to their training data, cyber detectors based on machine learning are vulnerable to targeted adversarial attacks that involve the perturbation of initial samples. Existing defenses assume unrealistic scenarios; their results are underwhelming in non-adversarial settings; or they can be applied only to machine learning algorithms that perform poorly for cyber security. We present an original methodology for countering adversarial perturbations targeting intrusion detection systems based on random forests. As a practical application, we integrate the proposed defense method in a cyber detector analyzing network traffic. The experimental results on millions of labelled network flows show that the new detector has a twofold value: it outperforms state-of-the-art detectors that are subject to adversarial attacks; it exhibits robust results both in adversarial and non-adversarial scenarios
DReLAB - Deep REinforcement Learning Adversarial Botnet: A benchmark dataset for adversarial attacks against botnet Intrusion Detection Systems
Full text linkWe present the first dataset that aims to serve as a benchmark to validate the resilience of botnet detectors against adversarial attacks. This dataset includes realistic adversarial samples that are generated by leveraging two widely used Deep Reinforcement Learning (DRL) techniques. These adversarial samples are proved to evade state of the art detectors based on Machine- and Deep-Learning algorithms. The initial corpus of malicious samples consists of network flows belonging to different botnet families presented in three public datasets containing real enterprise network traffic. We use these datasets to devise detectors capable of achieving state-of-the-art performance. We then train two DRL agents, based on Double Deep Q-Network and Deep Sarsa, to generate realistic adversarial samples: the goal is achieving misclassifications by performing small modifications to the initial malicious samples. These alterations involve the features that can be more realistically altered by an expert attacker, and do not compromise the underlying malicious logic of the original samples. Our dataset represents an important contribution to the cybersecurity research community as it is the first including thousands of automatically generated adversarial samples that are able to thwart state of the art classifiers with a high evasion rate. The adversarial samples are grouped by malware variant and provided in a CSV file format. Researchers can validate their defensive proposals by testing their detectors against the adversarial samples of the proposed dataset. Moreover, the analysis of these samples can pave the way to a deeper comprehension of adversarial attacks and to some sort of explainability of machine learning defensive algorithms. They can also support the definition of novel effective defensive techniques
Resilient and adaptive networked systems
No full textNowadays, networks form the backbone of most of the computing systems, and modern system infrastructures must accommodate continuously changing demands for different types of workloads and time constraints. In a similar context, adaptive management of virtualized application environments among networked systems is becoming one of the most important strategies to guarantee resilience and performance of available computing resources. In this chapter, Mauro Andreolini et al. analyze the management algorithms that decide, in an adaptive manner, the transparent reallocation of live sessions of virtual machines in large numbers of networked hosts. They discuss the main challenges and solutions related to the adaptive activation of the migration process
Survivable zero trust for cloud computing environments
No full textThe security model relying on the traditional defense of the perimeter cannot protect modern dynamic organizations. The emerging paradigm called zero trust proposes a modern alternative that enforces access control on every request and avoids implicit trust based on the physical location of people and devices. These architectures rely on several trusted components, but existing proposals make the unrealistic assumption that attackers cannot compromise some of them. We overcome these assumptions and present a novel survivable zero trust architecture that can guarantee the necessary security level for cloud computing environments. The proposed architecture guarantees a high level of security and robustness and under specific conditions it can tolerate intrusions and can recover from failures and successful attacks. (c) 2021 Elsevier Ltd. All rights reserved
A Framework for the Evaluation of Trainee Performance in Cyber Range Exercises
Full text linkThis paper proposes a novel approach for the evaluation of the performance achieved by trainees involved in cyber security exercises implemented in modern cyber ranges. Our main contributions include: the definition of a distributed monitoring architecture for gathering relevant information about trainees activities; an algorithm for modeling the trainee activities using directed graphs; novel scoring algorithms, based on graph operations, that evaluate different aspects (speed, precision) of a trainee during an exercise. With respect to previous work, our proposal allows to measure exactly how fast a user is progressing towards an objective and where he does wrong. We highlight that this is currently not possible in the most popular cyber ranges
Dynamic load management of virtual machines in cloud architectures
No full textCloud infrastructures must accommodate changing demands for different types of processing with heterogeneous workloads and time constraints. In a similar context, dynamic management of virtualized application environments is becoming very important to exploit computing resources, especially with recent virtualization capabilities that allow live sessions to be moved transparently between servers. This paper proposes novel management algorithms to decide about reallocations of virtual machines in a cloud context characterized by large numbers of hosts. The novel algorithms identify just the real critical instances and take decisions without recurring to typical thresholds. Moreover, they consider load trend behavior of the resources instead of instantaneous or average measures. Experimental results show that proposed algorithms are truly selective and robust even in variable contexts, thus reducing system instability and limit migrations when really necessary. © Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering 2010
Deep Reinforcement Adversarial Learning against Botnet Evasion Attacks
No full textAs cybersecurity detectors increasingly rely on machine learning mechanisms, attacks to these defenses escalate as well. Supervised classifiers are prone to adversarial evasion, and existing countermeasures suffer from many limitations. Most solutions degrade performance in the absence of adversarial perturbations; they are unable to face novel attack variants; they are applicable only to specific machine learning algorithms. We propose the first framework that can protect botnet detectors from adversarial attacks through deep reinforcement learning mechanisms. It automatically generates realistic attack samples that can evade detection, and it uses these samples to produce an augmented training set for producing hardened detectors. In such a way, we obtain more resilient detectors that can work even against unforeseen evasion attacks with the great merit of not penalizing their performance in the absence of specific attacks. We validate our proposal through an extensive experimental campaign that considers multiple machine learning algorithms and public datasets. The results highlight the improvements of the proposed solution over the state-of-the-art. Our method paves the way to novel and more robust cybersecurity detectors based on machine learning applied to network traffic analytics
- …
