Next Gen Rat Trap: Evolving Sandbox Techniques for Malware
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Proceedings - 8th IEEE International Symposium on Cloud and Services Computing, SC2 2018
The cloud has been leveraged for many applications across different industries. Despite its popularity, the cloud technologies are still immature. The security implications of cloud computing also dominate the research space. Many confidentiality-and integrity-based (C-I) security controls concerning data-at-rest and data-in-transit are focused on encryption. In the world where social-media platforms transparently gather data about user behaviors and user interests, the need for user privacy and data protection is of the utmost importance. However, how can a user know that his data is safe, that her data is secure, that his data's integrity is upheld; to be confident that her communications only reach the intended recipients? We propose: They can't. Many threats have been hypothesized in the shared-service arena, with many solutions formulated to avert those threats; however, we illustrate that many technologies and standards supporting C-I controls may be ineffective, not just against the adversarial actors, but also against trusted entities. Service providers and malicious insiders can intercept and decrypt network-and host-based data without any guest or user knowledge.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Critical infrastructure systems continue to foster predictable communication patterns and static configurations over extended periods of time. The static nature of these systems eases the process of gathering reconnaissance information that can be used to design, develop, and launch attacks by adversaries. In this research effort, the early phases of an attack vector will be disrupted by randomizing application port numbers, IP addresses, and communication paths dynamically through the use of overlay networks within Industrial Control Systems (ICS). These protective measures convert static systems into "moving targets," adding an additional layer of defense. Additionally, we have developed a framework that automatically detects and defends against threats within these systems using an ensemble of machine learning algorithms that classify and categorize abnormal behavior. Our proof-of-concept has been demonstrated within a representative ICS environment. Performance metrics of our proof-of-concept have been captured with latency impacts of less than a millisecond, on average.
Proceedings - International Carnahan Conference on Security Technology
Computer network defense has traditionally been provided using reactionary tools such as signature-based detectors, white/blacklisting, intrusion detection/protection systems, etc. While event detection/correlation techniques may identify threats - those threats are then dealt with manually, often employing obstruction-based responses (e.g., blocking). As threat sophistication grows, we find these perimeter-planted security efforts ineffective in combating competent adversaries. In 2015 Gartner, Inc. examined the potential for organizations to use deception as a strategy for thwarting attackers and making it costlier for adversaries to engage in threat campaigns. In today's current research, there are a limited number of deception platforms (tools, etc.) that have successfully been shown to enable strategic deception in a computer network operations environment. Through a deception framework, we conjecture that deception platforms can aid and assist in deceiving the adversary by: obscuring the real target, devaluing information gathering, causing the adversary to waste time and resources, forcing the adversary to reveal advanced capabilities, exposing adversary intent, increasing the difficulty of attack planning, limiting the scope of the attack, and limiting the duration of a successful attack. The objective of this paper is to survey the technological trends in cyber deception research, identify gaps in the techniques, and provide research in the emergent environment. Current findings suggest that network deception tools are attracting the interest of researchers as a valuable security technique that can be implemented to learn more about the nature of cyber attacks; however, there are significant shortcomings in the current approaches and the ability to reason about the adversary.
Abstract not provided.
Abstract not provided.
2017 IEEE International Symposium on Technologies for Homeland Security, HST 2017
A cybersecurity training environment or platform provides an excellent foundation tool for the cyber protection team (CPT) to practice and enhance their cybersecurity skills, develop and learn new knowledge, and experience advanced and emergent cyber threat concepts in information security. The cyber training platform is comprised of similar components and usage methods as system testbeds which are used for assessing system security posture as well as security devices. To enable similar cyber behaviors as in operational systems, the cyber training platforms must incorporate realism of operation for the system the cyber workforce desires to protect. The system's realism is obtained by constructing training models that include a broad range of system and specific device-level fidelity. However, for cyber training purposes the training platform must go beyond computer network topology and computer host model fidelity - it must include realistic models of cyber intrusions and attacks to enable the realism necessary for training purposes. In this position paper we discuss the benefits that such a cyber training platform provides, to include a discussion on the challenges of creating, deploying, and maintaining the platform itself. With the current availability of networked information system emulation and virtualization technologies, coupled with the capability to federate with other system simulators and emulators, including those used for training, the creation of powerful cyber training platforms are possible.