1,720,969 research outputs found
Privacy risk analysis and metrics in capturing and storing network traffic
No full textNetwork traffic analysis is a process of paramount importance to monitor network availability and operational activity, identify anomalies, maximize performance, find threats, and detect attacks. Due to this fact, in everyday work network managers need to capture, analyze and store a tremendous amount of data which can definitely be classified as 'Big Data'. On the other side, it is crucial to point out that the captured network traffic has significant privacy implications, in particular in the territorial scope of GDPR or other similar regulations because, according to GDPR, not only the payload but also the IP address of the sender and the receiver of packets have to be considered personal data. This paper deals with the privacy issues related to network traffic capture/processing/storage, the risks, and the associated mitigation techniques. As a conclusion of the work, a privacy risk analysis using PIA, together with the methodology developed by the French Data Protection Authority (CNIL) is discussed. The analysis performed highlights the effect of the use of some well-known anonymization and pseudonymization techniques on the severity and likelihood of risk
Effective Rules for a Rule-Based SIEM System in Detecting DoS Attacks: An Association Rule Mining Approach
No full textIn today’s interconnected digital landscape, Security Information and Event Management (SIEM) systems play a vital role as the frontline defense against cyber threats, providing prompt detection of the most common cyber-threats. As Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks remain among the most challenging hazards for organizations worldwide, their quick and effective detection is a major concern. This research paper explores innovative methods to enhance the effectiveness of rule-based SIEM systems in detecting DoS and DDoS attacks. The SIEM rule sets are augmented leveraging Association Rule Mining (ARM), a data mining technique for uncovering hidden relationships within dataset’s features. By identifying and applying association rules to network traffic data, our methodology aims to strengthen SIEM rules, ultimately leading to more accurate DDoS attack detection
An Innovative Approach to Real-Time Concept Drift Detection in Network Security
No full textIn the realm of cybersecurity, the detection of Concept Drift holds the potential to improve the adaptability and effectiveness of security systems. In particular, Security Information and Event Management (SIEM) frameworks can benefit from real-time Drift Detection, enabling prompt detection of changing attack patterns, and consequent update of the detection criteria. To explore such an opportunity, the proposed approach extends a previously introduced SIEM solution with Concept Drift Detectors. An experimental evaluation is presented using two well-known unsupervised detectors on a merged dataset featuring Concept Drift, taking into consideration metrics such as Error Rate, Precision, Recall, and Window Average Error Rate. The results demonstrate that the integrated mechanism successfully identifies Concept Drift, triggering SIEM alerts and prompting timely updates to correlation rules. The experiment’s implications, limitations, and future directions are discussed, emphasizing the importance of continuous improvement in cybersecurity measures
Going Beyond Counting First Authors in Author Co-citation Analysis
Full text linkThe present study examines one of the fundamental aspects of author co-citation analysis (ACA) - the way co-citation
counts are defined. Co-citation counting provides the data on which all subsequent statistical analyses and mappings
are based, and we compare ACA results based on two different types of co-citation counting - the traditional type that
only counts the first one among a cited work's authors on the one hand and a non-traditional type that takes into
account the first 5 authors of a cited work on the other hand. Results indicate that the picture produced through this non-traditional author co-citation counting contains more coherent author groups and is therefore considerably clearer. However, this picture represents fewer specialties in the research field being studied than that produced through the traditional first-author co-citation counting when the same number of top-ranked authors is selected and analyzed. Reasons for these effects are discussed
Evaluating the necessity of the multiple metrics for assessing explainable AI: A critical examination
No full textThis paper investigates the specific properties of Explainable Artificial Intelligence (xAI), particularly when implemented in AI/ML models across high-stakes sectors, in this case cybersecurity. The authors execute a comprehensive systematic review of xAI properties, various evaluation metrics, and existing frameworks to assess their utility and relevance. Subsequently, the experimental sections evaluate selected xAI techniques against these metrics, delivering key insights into their practical utility and effectiveness. The findings highlight that the proliferation of metrics enhances the understanding of xAI systems but simultaneously exposes challenges such as metric duplication, inefficacy, and confusion. These issues underscore the pressing need for standardized evaluation frameworks to streamline their application and strengthen their effectiveness, thereby improving the overall utility of xAI in critical domains
Enhancing Network Security Through Granular Computing: A Clustering-by-Time Approach to NetFlow Traffic Analysis
No full textThis paper presents a study of the effect of the size of the time window from which network features are derived on the predictive ability of a Random Forest classifier implemented as a network intrusion detection component. The network data is processed using granular computing principles, gradually increasing the time windows to allow the detection algorithm to find patterns in the data at different levels of granularity. Experiments were conducted iteratively with time windows ranging in size from 2 to 1024 seconds. Each iteration involved time-based clustering of the data, followed by splitting into training and test sets at a ratio of 67% - 33%. The Random Forest algorithm was applied as part of a 10-fold cross-validation. Assessments included standard detection metrics: accuracy, precision, F1 score, BCC, MCC and recall. The results show a statistically significant improvement in the detection of cyber attacks in network traffic with a larger time window size (p-value 0.001953125). These results highlight the effectiveness of using longer time intervals in network data analysis, resulting in increased anomaly detection
When explainability turns into a threat - using xAI to fool a fake news detection method
No full textThe inclusion of Explainability of Artificial Intelligence (xAI) has become a mandatory requirement for designing and implementing reliable, interpretable and ethical AI solutions in numerous domains. xAI is now the subject of extensive research, from both the technical and social science perspectives. It is being received enthusiastically by legislative bodies and regular users of machine-learning-boosted applications alike. However, opening the black box of AI comes at a cost. This paper presents the results of the first study proving that xAI can enable successful adversarial attacks in the domain of fake news detection and lead to a decrease in AI security. We postulate the novel concept that xAI and security should strike a balance, especially in critical applications, such as fake news detection. An attack scheme against fake news detection methods is presented that employs an explainable solution. The described experiment demonstrates that the well-established SHAP explainer can be used to reshape the structure of the original message in such a way that the value of the model's prediction could be arbitrarily forced, whilst the meaning of the message stays the same. The paper presents various examples for which the SHAP values are used to point the adversary to the words and phrases that have to be changed to flip the label on the model prediction. To the best of the authors' knowledge, it has been the first research work to experimentally demonstrate the sinister side of xAI. As the generation and spreading of fake news has become a tool of modern warfare and a grave threat to democracy, the potential impact of explainable AI should be addressed as soon as possible
Variations on the Author
Full text link“Variations on the Author” discusses two of Eduardo Coutinho’s recent films (Um Dia na Vida, from 2010, and Últimas Conversas, posthumously released in 2015) and their contribution to the general question of documentary authorship. The director’s filmography is characterized by a consistent yet self-effacing form of authorial self-inscription: Coutinho often features as an interviewer that rather than express opinions propels discourses; an interviewer that is good at listening. This mode of self-inscription characterizes him as an author who is not expressive but who is nonetheless markedly present on the screen. In Um Dia na Vida, however, Coutinho is completely absent form the image, while Últimas Conversas, on the contrary, includes a confessional prologue that moves the director from the margins to the center of his films. This article examines the ways in which these works stand out in the filmography of a director who offers new insights into the notion of cinematic authorship
- …
