Crook-sourced intrusion detection as a service
Tài liệu tham khảo
2019
2018
2017
Denning, 1987, An intrusion-detection model, IEEE Trans Softw Eng (TSE), 13, 222, 10.1109/TSE.1987.232894
Sager, 2014, Killing advanced threats in their tracks: An intelligent approach to attack prevention, InfoSec Read Room
DiMaggio, 2015, The Black Vine cyberespionage group
Jeng, 2015, Minimizing damage from J.P. Morgan’s data breach, InfoSec Read Room
2016
Forrest S, Hofmeyr SA, Somayaji A, Longstaff TA. A Sense of Self for Unix Processes, In: Proceedings of the 17th IEEE Symposium on Security & Privacy (S&P): 1996, p. 120–128.
Lee W, Stolfo SJ. Data Mining Approaches for Intrusion Detection, In: Proceedings of the 7th USENIX Security Symposium, 1998; p. 79–93.
Yao, 2017, Anomaly detection as a service: Challenges, advances, and opportunities
Tsai, 2009, Intrusion detection by machine learning: A review, Expert Syst Appl, 36, 11994, 10.1016/j.eswa.2009.05.029
Sommer R, Paxson V. Outside the Closed World: On Using Machine Learning for Network Intrusion Detection, In: Proceedings of the 31st IEEE Symposium on Security & Privacy (S&P), 2010; p. 305–316.
Bhuyan, 2014, Network anomaly detection: Methods, systems and tools, IEEE Commun Surv Tutor, 16, 303, 10.1109/SURV.2013.052213.00046
Chandola, 2009, Anomaly detection: A survey, ACM Comput Surv (CSUR), 41, 15, 10.1145/1541880.1541882
Garcia-Teodoro, 2009, Anomaly-based network intrusion detection: Techniques, systems and challenges, Comput Secur, 28, 18, 10.1016/j.cose.2008.08.003
Patcha, 2007, An overview of anomaly detection techniques: Existing solutions and latest technological trends, Comput Netw, 51, 3448, 10.1016/j.comnet.2007.02.001
Araujo F, Ayoade G, Al-Naami K, Gao Y, Hamlen KW, Khan L. Improving Intrusion Detectors by Crook-sourcing, In: Procceedings of the 35th Annual Computer Security Applications Conference (ACSAC), 2019; p. 245–256.
Yuill, 2006, Using deception to hide things from hackers: Processes, principles, and techniques, J Inform Warfare, 5, 26
Vasilomanolakis, 2015, Taxonomy and survey of collaborative intrusion detection, ACM Comput Surv, 47, 10.1145/2716260
Araujo F, Hamlen KW, Biedermann S, Katzenbeisser S. From Patches to Honey-Patches: Lightweight Attacker Misdirection, Deception, and Disinformation, In: Proceedings of the 21st ACM Conference on Computer and Communications Security (CCS), 2014; p. 942–953.
Blum, 1997, Selection of relevant features and examples in machine learning, Artificial Intelligence, 97, 245, 10.1016/S0004-3702(97)00063-5
Axelsson S. The Base-rate Fallacy and its Implications for the Difficulty of Intrusion Detection, In: Proceedings of the 6th ACM Conference on Computer and Communications Security (CCS), 1999; p. 1–7.
Intelligence, 2018
Sadowski, 2019
Araujo F, Shapouri M, Pandey S, Hamlen K. Experiences with Honey-patching in Active Cyber Security Education, In: Proceedings of the 8th USENIX Conference on Cyber Security Experimentation and Test (CSET): 2015.
Araujo F, Taylor T. Improving cybersecurity hygiene through JIT patching, In: Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE), 2020; p. 1421–1432.
Araujo, 2015, Compiler-instrumented, dynamic secret-redaction of legacy processes for attacker deception
Hamlen, 2006, Computability classes for enforcement mechanisms, ACM Trans Program Lang Syst (TOPLAS), 28, 175, 10.1145/1111596.1111601
Banerjee, 2011, Everything as a service: Powering the new information economy, IEEE Comput, 44, 36, 10.1109/MC.2011.67
Burger, 2013
Khan SM, Hamlen KW. Hatman: Intra-cloud Trust Management for Hadoop, In: Proceedings of the 5th IEEE International Conference on Cloud Computing (CLOUD), 2012; p. 494–501.
Santos N, Gummadi KP, Rodrigues R. Towards Trusted Cloud Computing, In: Proceedings of the USENIX Workshop in Hot Topics in Cloud Computing (HotCloud): 2009.
Chow R, Golle P, Jakobsson M, Shi E, Staddon J, Masuoka R, Molina J. Controlling Data in the Cloud: Outsourcing Computation Without Outsourcing Control, In: Proceedings of the ACM Workshop on Cloud Computing Security, 2009; p. 85–90.
Takabi, 2010, Security and privacy challenges in cloud computing environments, IEEE Secur Privacy, 8, 24, 10.1109/MSP.2010.186
Bowers KD, Juels A, Oprea A. HAIL: A High-availability and Integrity Layer for Cloud Storage, In: Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS), 2009; p. 187–198.
Nepal S, Chen S, Yao J, Thilakanathan D. DIaaS: Data Integrity as a Service in the Cloud, In: Proceedings of the 4th IEEE International Conference on Cloud Computing (CLOUD), 2011; p. 308–315.
Khan SM, Hamlen KW. AnonymousCloud: A Data Ownership Privacy Provider Framework in Cloud Computing, In: Proceedings of the 11th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), 2012; p. 170–176.
Pearson, 2009, Taking account of privacy when designing cloud computing services, 44
Khan SM, Hamlen KW. Computation Certification as a Service in the Cloud, In: Proceedings of the IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CCGrid), 2013; p. 434–441.
Khan SM, Hamlen KW, Kantarcioglu M. Silver Lining: Enforcing Secure Information Flow at the Cloud Edge, In: Proceedings of the 2nd IEEE International Conference on Cloud Engineering (IC2E), 2014; p. 37–46.
2021
2021
2019
2016
2020
2016
2021
Alnaami K, Ayoade G, Siddiqui A, Ruozzi N, Khan L, Thuraisingham B. P2V: Effective Website Fingerprinting Using Vector Space Representations, In: Proceedings of the IEEE Symposium on Computational Intelligence, 2015; p. 59–66.
Dyer KP, Coull SE, Ristenpart T, Shrimpton T. Peek-a-boo, I Still See You: Why Efficient Traffic Analysis Countermeasures Fail, In: Proceedings of the 33rd IEEE Symposium on Security & Privacy (S&P), 2012; p. 332–346.
Panchenko A, Niessen L, Zinnen A, Engel T. Website Fingerprinting in Onion Routing Based Anonymization Networks, In: Proceedings of the 10th Annual ACM Workshop on Privacy in the Electronic Society (WPES), 2011; p. 103–114.
Wang T, Cai X, Nithyanand R, Johnson R, Goldberg I. Effective Attacks and Provable Defenses for Website Fingerprinting, In: Proceedings of the 23rd USENIX Security Symposium, 2014:.
Cortes, 1995, Support-vector networks, Mach Learn, 20, 273, 10.1007/BF00994018
LeCun, 2015, Deep learning, Nature, 521, 436, 10.1038/nature14539
Platt, 1999, Probabilistic outputs for support vector machines and comparisons to regularized likelihood methods, 61
Gao Y, Li Y-F, Chandra S, Khan L, Thuraisingham B. Towards Self-adaptive Metric Learning on the Fly, In: Proceedings of the 28th International World Wide Web Conference (WWW), 2019; p. 503–513.
Ayoade G, Araujo F, Al-Naami K, Mustafa AM, Gao Y, Hamlen KW, Khan L. Automating Cyberdeception Evaluation with Deep Learning, In: Proceedings of the 53rd Hawaii International Conference on System Sciences (HICSS), 2020.
Li, 2018, OPML: A one-pass closed-form solution for online metric learning, Pattern Recognit, 75, 302, 10.1016/j.patcog.2017.03.016
Chechik, 2010, Large scale online learning of image similarity through ranking, J Mach Learn Res (JMLR), 11, 1109
Jain P, Kulis B, Dhillon IS, Grauman K. Online Metric Learning and Fast Similarity Search, In: Proceedings of the 21st International Conference on Neural Information Processing Systems (NIPS), 2008; p. 761–768.
Jin R, Wang S, Zhou Y. Regularized Distance Metric Learning: Theory and Algorithm, In: Proceedings of the 22nd International Conference on Neural Information Processing Systems (NIPS), 2009: 862–870.
Breen C, Khan L, Ponnusamy A. Image Classification Using Neural Networks and Ontologies, In: Proceedings of the 13th International Workshop on Database and Expert Systems Applications, 2002; p. 98–102.
Xiang, 2008, Learning a mahalanobis distance metric for data clustering and classification, Pattern Recognit, 41, 3600, 10.1016/j.patcog.2008.05.018
Masud MM, Al-Khateeb TM, Khan L, Aggarwal C, Gao J, Han J, Thuraisingham B. Detecting Recurring and Novel Classes in Concept-Drifting Data Streams, In: Proceedings of the 11th International IEEE Conference on Data Mining, 2011; p. 1176–1181.
Al-Khateeb, 2016, Recurring and novel class detection using class-based ensemble for evolving data stream, IEEE Trans Knowl Data Eng, 28, 2752, 10.1109/TKDE.2015.2507123
Masud MM, Gao J, Khan L, Han J, Thuraisingham B. A Practical Approach to Classify Evolving Data Streams: Training with Limited Amount of Labeled Data, In: Proceedings of the International Conference on Data Mining (ICDM), 2008; p. 929–934.
Vincent, 2008, Extracting and composing robust features with denoising autoencoders, 1096
Vincent, 2010, Stacked denoising autoencoders: Learning useful representations in a deep network with a local denoising criterion, J Mach Learn Res, 11, 3371
Chen, 2014, Marginalized denoising auto-encoders for nonlinear representations., 1476
Bengio, 2009, Learning deep architectures for AI, Found Trends Mach Learn, 2, 1, 10.1561/2200000006
Hall, 2009, The WEKA data mining software: An update, ACM SIGKDD Explor Newsl, 11, 10, 10.1145/1656274.1656278
Chang, 2011, LIBSVM: A library for support vector machines, ACM Trans Intell Syst Technol (TIST), 2
2019
2019
Boggs N, Zhao H, Du S, Stolfo SJ. Synthetic Data Generation and Defense in Depth Measurement of Web Applications, In: Proceedings of the 17th International Symposium on Recent Advances in Intrusion Detection (RAID), 2014; p. 234–254.
2019
Greene D, Cunningham P. Practical Solutions to the Problem of Diagonal Dominance in Kernel Document Clustering, In: Proceedings of the 23rd International Conference on Machine Learning (ICML), 2006; p. 377–384.
2018
Dudorov D, Stupples D, Newby M. Probability Analysis of Cyber Attack Paths Against Business and Commercial Enterprise Systems, In: Proceedings of the IEEE European Intelligence and Security Informatics Conference (EISIC), 2013; p. 38–44.
Juarez M, Afroz S, Acar G, Diaz C, Greenstadt R. A Critical Evaluation of Website Fingerprinting Attacks, In: Proceedings of the 21st ACM Conference on Computer and Communications Security (CCS), 2014; p. 263–274.
Wright CV, Coull SE, Monrose F. Traffic Morphing: An Efficient Defense Against Statistical Traffic Analysis, In: Proceedings of the 16th IEEE Network and Distributed Security Symposium, 2009; p. 237–250.
van der Maaten, 2008, Visualizing high-dimensional data using t-SNE, J Mach Learn Res, 9, 2579
Souders, 2007
Haque A, Khan L, Baron M. SAND: Semi-supervised Adaptive Novel Class Detection and Classification Over Data Stream, In: Proceedings of the 30th Conference on Artificial Intelligence (AAAI), 2016; p. 1652–1658.
He, 2009, Learning from imbalanced data, IEEE Trans Knowl Data Eng (TKDE), 21, 1263, 10.1109/TKDE.2008.239
Cieslak DA, Chawla NV, Striegel A. Combating Imbalance in Network Intrusion Datasets, In: Proceedings of the IEEE International Conference on Granular Computing (GrC), 2006; p. 732–737.
Ring, 2019, A survey of network-based intrusion detection data sets, Comput Secur, 86, 147, 10.1016/j.cose.2019.06.005
Ahmed, 2016, A survey of network anomaly detection techniques, J Netw Comput Appl, 60, 19, 10.1016/j.jnca.2015.11.016
Kovanen T, David G, Hämäläinen T. Survey: Intrusion Detection Systems in Encrypted Traffic, In: Proceedings of the 16th International Conference on Next Generation Wired/Wireless Networking (NEW2AN), 2016; p. 281–293.
Manandhar P, Aung Z. Towards Practical Anomaly-based Intrusion Detection by Outlier Mining on TCP Packets, In: Proceedings of the 25th International Conference on Database and Expert Systems Applications (DEXA), 2014; p. 164–173.
Zhang M, Xu B, Wang D. An Anomaly Detection Model for Network Intrusions Using One-class SVM and Scaling Strategy, In: Proceedings of the 11th International Conference on Collaborative Computing: Networking, Applications, and Worksharing (CollaborateCom), 2015; p. 267–278.
2020
Sharafaldin I, Lashkari AH, Ghorbani AA. Toward generating a new intrusion detection dataset and intrusion traffic characterization, In: Proceedings of the International Conference on Information Systems Security and Privacy, 2018; p. 108–116.
Masud, 2008, Cloud-based malware detection for evolving data streams, ACM Trans Manage Inform Syst (TMIS), 2
Masud MM, Gao J, Khan L, Han J, Thuraisingham B. Classification and Novel Class Detection in Data Streams with Active Mining, In: Proceedings of the 14th Pacific-Asia Conference on Knowledge Discovery and Data Mining (PAKDD), 2010; p. 311–324.
Ferrag, 2020, Deep learning for cyber security intrusion detection: Approaches, datasets, and comparative study, J Inform Secur Appl, 50
Yuan, 2021, Deep learning for insider threat detection: Review, challenges and opportunities, Comput Secur, 10.1016/j.cose.2021.102221
Eskin, 2002, A geometric framework for unsupervised anomaly detection, 77
Awad M, Khan L, Bastani F, Yen I-L. An Effective Support Vector Machines (SVMs) Performance Using Hierarchical Clustering, In: Proceedings of the 16th IEEE International Conference on Tools with Artificial Intelligence (ICTAI), 2004: p. 663–667.
Valdes, 2000, Adaptive, model-based monitoring for cyber attack detection, 80
Lee W, Xiang D. Information-theoretic Measures for Anomaly Detection, In: Proceedings of the 22nd IEEE Symposium on Security & Privacy (S&P), 2001; p. 130–143.
Krügel C, Toth T, Kirda E. Service Specific Anomaly Detection for Network Intrusion Detection, In: Proceedings of the 17th ACM Symposium on Applied Computing (SAC), 2002; p. 201–208.
Kruegel C, Vigna G. Anomaly Detection of Web-based Attacks, In: Proceedings of the 10th ACM Conference on Computer and Communications Security (CCS), 2003; p. 251–261.
Kruegel, 2005, A multi-model approach to the detection of web-based attacks, Comput Netw, 48, 717, 10.1016/j.comnet.2005.01.009
Marceau C. Characterizing the Behavior of a Program Using Multiple-length N-grams, In: Proceedings of the New Security Paradigms Workshop (NSPW), 2001: p. 101–110.
Cohen WW. Fast Effective Rule Induction, In: Proceedings of the 12th International Conference on Machine Learning, 1995; p. 115–123.
Warrender C, Forrest S, Pearlmutter B. Detecting Intrusions Using System Calls: Alternative Data Models, In: Proceedings of the 20th IEEE Symposium on Security & Privacy (S&P), 1999; p. 133–145.
Shu X, Yao D, Ramakrishnan N. Unearthing Stealthy Program Attacks Buried in Extremely Long Execution Paths, In: Proceedings of the 22nd ACM Conference on Computer and Communications Security (CCS), 2015; p. 401–413.
Liu F, Wen Y, Zhang D, Jiang X, Xing X, Meng D. Log2vec: a heterogeneous graph embedding based approach for detecting cyber threats within enterprise, In: Proceedings of the ACM Conference on Computer and Communications Security (CCS), 2019; p. 1777–1794.
Han X, Pasquier T, Bates A, Mickens J, Seltzer M. Unicorn: Runtime provenance-based detector for advanced persistent threats, In: Proceedings of the Network & Distributed System Security Symposium (NDSS), 2020.
Yuan, 2018, Insider threat detection with deep neural network, 43
Yuan, 2019, Insider threat detection via hierarchical neural temporal point processes, 1343
Portokalidis, 2006, Argos: An emulator for fingerprinting zero-day attacks for advertised honeypots with automatic signature generation, Oper Syst Rev, 40, 15, 10.1145/1218063.1217938
Tang Y, Chen S. Defending Against Internet Worms: A Signature-based Approach, In: Proceedings of the 24th Annual Joint Conference of the IEEE Computer and Communications Societies (INFOCOM), 2005; p. 1384–1394.
Kreibichi, 2004, Honeycomb – creating intrusion detection signatures using honeypots, ACM SIGCOMM Comput Commun Rev, 34, 51, 10.1145/972374.972384
Anagnostakis KG, Sidiroglou S, Akritidis P, Xinidis K, Markatos E, Keromytis AD. Detecting Targeted Attacks Using Shadow Honeypots, In: Proceedings of the 14th USENIX Security Symposium, 2005:.
Anagnostakis, 2010, Shadow honeypots, Int J Comput Netw Secur (IJCNS), 2, 1
Hofmeyr, 1998, Intrusion detection using sequences of system calls, J Comput Secur, 6, 151, 10.3233/JCS-980109
Kim, 2007, Immune system approaches to intrusion detection—A review, Nat Comput, 6, 413, 10.1007/s11047-006-9026-4
Kapravelos A, Shoshitaishvili Y, Cova M, Kruegel C, Vigna G. Revolver: An Automated Approach to the Detection of Evasive Web-based Malware, In: Proceedings of the 22nd USENIX Security Symposium, 2013; p. 637–652.
Canali D, Cova M, Vigna G, Kruegel C. Prophiler: A Fast Filter for the Large-scale Detection of Malicious Web Pages, In: Proceedings of the 20th International World Wide Web Conference (WWW), 2011; p. 197–206.
Bartos K, Sofka M, Franc V. Optimized Invariant Representation of Network Traffic for Detecting Unseen Malware Variants, In: Proceedings of the 25th USENIX Security Symposium, 2016; p. 807–822.
Spitzner, 2002
Masud, 2011
Cabrera, 2001, Detection and classification of intrusions and faults using sequences of system calls, ACM SIGMOD Record, 30, 25, 10.1145/604264.604269