1,721,068 research outputs found
Cyber attacks and defenses: Current capabilities and future trends
No full textIn the new cyber landscape, the legal rules apply only to defenders. Even nonprimary countries and companies may constitute a harmful adversarial scenario for politics, military, intelligence, and enterprises. Attackers can leverage physical distance from targets, different laws, anonymity, and almost impossible attribution, known and unknown software vulnerabilities, human weaknesses, and many freely available tools. Defenders need expensive security frameworks, cyber procedures and competent people guarding vulnerable surfaces with no defined perimeters. This asymmetric scenario generates a dangerous cyber arms race where national investments focus more on aggressive tools and attackers than on defense technologies. Two emerging factors - integration of cyber-attacks with artificial intelligence and the diffusion of smart devices and autonomous vehicles - are creating an even more risky battleground where cyber security will permeate social safety. This paper analyzes the main cyber capabilities and actors involved in the past, present and visible future cyber landscape
Digital Forensics in Vessel Transportation Systems
No full textLarge vessels are safety-critical systems where operations, performance and component availability are continuously monitored by means of multiple sensors producing large amount of data. Relevant information is preserved in Event Data Recorders that are fundamental for the reconstruction of scenarios related to serious malfunctions and incidents in technical and legal terms. By considering the state-of-the-art and two important naval accidents we evidence some issues related to the exploitation of recorded data in reconstructing the events timeline and the semantics of the scenarios. These studies motivate our proposal that aims to guarantee strong data integrity and availability of all information registered in Event Data Recorders. Our results are fundamental for the precise identification of the sequences of events and for the correct attribution of human and/or machine responsibilities
Adversarial fingerprinting of cyber attacks based on stateful honeypots
No full textThe cyber defenses of Critical Infrastructures require early detection of new threats and attacks. This includes defensive systems that are able to learn from novel attacks and to detect 0-day vulnerabilities as early as possible. Honeypots are not defensive systems based on prevention, but they still represent an effective way to gather information about attacks from the source. Nevertheless, most existing solutions operate in a stateless way. As a consequence, they are easily identified by expert attackers, and they are unable to track progress of individual attacks in large applications. We propose a novel approach that enables a so called stateful honeypot. The idea comes from the observation that a typical cyber attack to a Critical Infrastructure is carried out through multiple attempts and intrusions. Hence the main goal is to fingerprint each attacker by observing and registering his adopted methods, tools and actions. Once identified, the adversary is redirected to his specific environment that preserves the history of his previous operations including the installation of rootkits or backdoors. The proposed solution paves the way to a more effective generation of honeypots that are necessary to face the augmented complexity of cyber attacks
Fog-based secure communications for low-power IoT devices
No full textDesigning secure, scalable, and resilient IoT networks is a challenging task because of resource-constrained devices and no guarantees of reliable network connectivity. Fog computing improves the resiliency of IoT, but its security model assumes that fog nodes are fully trusted. We relax this latter constraint by proposing a solution that guarantees confidentiality of messages exchanged through semi-honest fog nodes thanks to a lightweight proxy re-encryption scheme. We demonstrate the feasibility of the solution by applying it to IoT networks of low-power devices through experiments on microcontrollers and ARM-based architectures
Efficient state estimators for load control policies in scalable web server clusters
No full textReplication of information across a server cluster provides a promising way to support popular Web sites. However, a Web server cluster requires some mechanism for directing requests to the best server. One common approach is to use the Domain Name Server (DNS) as a centralized scheduler. However, address caching mechanisms and the non-uniformity of the load from different client domains complicate the load balancing issue and make existing scheduling algorithms for traditional distributed systems not applicable to Web server clusters. In this paper, we consider the theoretical DNS policies that require some system state information. We extend them to realistic situations where state information needs to be estimated with low computation and communication overhead. We show that, by incorporating these estimators into the DNS policies, load balancing improves substantially, even if the DNS control is limited to a small portion of client requests
First International Workshop on Advanced Architectures and Algorithms for Internet Delivery and Applications (AAA-IDEA 2005)
No full textScalable, Confidential and Survivable Software Updates
No full textSoftware update systems must guarantee high availability, integrity and security even in presence of cyber attacks. We propose the first survivable software update framework for the secure distribution of confidential updates that is based on a distributed infrastructure with no single points of failure. Previous works guarantee either survivability or confidentiality of software updates but do not ensure both properties. Our proposal is based on an original application of a multi-authority attribute-based encryption scheme in the context of decentralized access control management that avoids single-point-of-vulnerability. We describe the original framework, propose the protocols to implement it, and demonstrate its feasibility through a security and performance evaluation
Evading botnet detectors based on flows and random forest with adversarial samples
No full textMachine learning is increasingly adopted for a wide array of applications, due to its promising results and autonomous capabilities. However, recent research efforts have shown that, especially within the image processing field, these novel techniques are susceptible to adversarial perturbations. In this paper, we present an analysis that highlights and evaluates experimentally the fragility of network intrusion detection systems based on machine learning algorithms against adversarial attacks. In particular, our study involves a random forest classifier that utilizes network flows to distinguish between botnet and benign samples. Our results, derived from experiments performed on a public real dataset of labelled network flows, show that attackers can easily evade such defensive mechanisms by applying slight and targeted modifications to the network activity generated by their controlled bots. These findings pave the way for future techniques that aim to strengthen the performance of machine learning-based network intrusion detection systems
- …
