The Experts below are selected from a list of 2019 Experts worldwide ranked by ideXlab platform
Jianting Ning - One of the best experts on this subject based on the ideXlab platform.
-
privacy preserving personal data operation on mobile cloud chances and challenges over advanced persistent threat
Future Generation Computer Systems, 2018Co-Authors: Man Ho Allen Au, Rongxing Lu, Kaitai Alexander Liang, Jianting NingAbstract:Abstract Bring your own devices have become a new symbol of industrial and education institutional culture to date. A single individual can gain access to personal data anytime at anywhere of his/her workplace due to the advanced WiFi/5G network and cloud technology. The most convenient way for us to access to cloud data is to use personal smartphone. However, smartphone is somewhat vulnerable (because of its innate disadvantage, e.g., low security protection and limited computation resource) while encountering with malicious attacks in open network. Mobile users may be the victims of a recent new type of attack - advanced persistent threat (APT), since attackers may penetrate into different levels of cloud and mobile infrastructures to eavesdrop, steal and temper data. This survey paper introduces some security/privacy risks on mobile cloud in the view point of applied cryptography. Meanwhile, it provides some insights as possible solutions for the risks.
-
Privacy-preserving personal data operation on mobile cloud—Chances and challenges over advanced persistent threat
Future Generation Computer Systems, 2018Co-Authors: Man Ho Au, Rongxing Lu, Kaitai Liang, J. K. Liu, Jianting NingAbstract:Bring your own devices have become a new symbol of industrial and education institutional culture to date. A single individual can gain access to personal data anytime at anywhere of his/her workplace due to the advanced WiFi/5G network and cloud technology. The most convenient way for us to access to cloud data is to use personal smartphone. However, smartphone is somewhat vulnerable (because of its innate disadvantage, e.g., low security protection and limited computation resource) while encountering with malicious attacks in open network. Mobile users may be the victims of a recent new type of attack - advanced persistent threat (APT), since attackers may penetrate into different levels of cloud and mobile infrastructures to eavesdrop, steal and temper data. This survey paper introduces some security/privacy risks on mobile cloud in the view point of applied cryptography. Meanwhile, it provides some insights as possible solutions for the risks.
Ibrahim Ghafir - One of the best experts on this subject based on the ideXlab platform.
-
disguised executable files in spear phishing emails detecting the point of entry in advanced persistent threat
International Conference on Future Networks, 2018Co-Authors: Ibrahim Ghafir, Vaclav Prenosil, Mohammad Hammoudeh, Francisco J Aparicionavarro, Khaled M Rabie, Ahmad JabbanAbstract:In recent years, cyber attacks have caused substantial financial losses and been able to stop fundamental public services. Among the serious attacks, advanced persistent threat (APT) has emerged as a big challenge to the cyber security hitting selected companies and organisations. The main objectives of APT are data exfiltration and intelligence appropriation. As part of the APT life cycle, an attacker creates a Point of Entry (PoE) to the target network. This is usually achieved by installing malware on the targeted machine to leave a back-door open for future access. A common technique employed to breach into the network, which involves the use of social engineering, is the spear phishing email. These phishing emails may contain disguised executable files. This paper presents the disguised executable file detection (DeFD) module, which aims at detecting disguised exe files transferred over the network connections. The detection is based on a comparison between the MIME type of the transferred file and the file name extension. This module was experimentally evaluated and the results show a successful detection of disguised executable files.
-
Defending against the advanced persistent threat: Detection of disguised executable files
2018Co-Authors: Ibrahim Ghafir, Mohammad Hammoudeh, Vaclav PrenosilAbstract:advanced persistent threat (APT) is one of the most serious types of cyber attacks, which is a new and more complex version of multi-step attack. Within the APT life cycle, the most common technique used to get the point of entry is spear-phishing emails which may contain disguised executable files. This paper presents the disguised executable file detection (DeFD) module, which aims at detecting disguised exe files transferred over the connections. The detection is based on a comparison between the MIME type of the transferred file and the file name extension. This module was experimentally evaluated and the results show successful detection of disguised executable files.
-
detection of advanced persistent threat using machine learning correlation analysis
Future Generation Computer Systems, 2018Co-Authors: Ibrahim Ghafir, Vaclav Prenosil, Mohammad Hammoudeh, Khaled M Rabie, Robert Hegarty, Francisco J AparicionavarroAbstract:As one of the most serious types of cyber attack, advanced persistent threats (APT) have caused major concerns on a global scale. APT refers to a persistent, multi-stage attack with the intention to compromise the system and gain information from the targeted system, which has the potential to cause significant damage and substantial financial loss. The accurate detection and prediction of APT is an ongoing challenge. This work proposes a novel machine learning-based system entitled MLAPT, which can accurately and rapidly detect and predict APT attacks in a systematic way. The MLAPT runs through three main phases: (1) threat detection, in which eight methods have been developed to detect different techniques used during the various APT steps. The implementation and validation of these methods with real traffic is a significant contribution to the current body of research; (2) Alert correlation, in which a correlation framework is designed to link the outputs of the detection methods, aims to identify alerts that could be related and belong to a single APT scenario; and (3) Attack prediction, in which a machine learning-based prediction module is proposed based on the correlation framework output, to be used by the network security team to determine the probability of the early alerts to develop a complete APT attack. MLAPT is experimentally evaluated and the presented system is able to predict APT in its early steps with a prediction accuracy of 84.8%.
-
malicious ssl certificate detection a step towards advanced persistent threat defence
International Conference on Future Networks, 2017Co-Authors: Ibrahim Ghafir, Vaclav Prenosil, Mohammad Hammoudeh, Umar RazaAbstract:advanced persistent threat (APT) is one of the most serious types of cyber attacks, which is a new and more complex version of multistep attack. Within the APT life cycle, continuous communication between infected hosts and Command and Control (C&C) servers is maintained to instruct and guide the compromised machines. These communications are usually protected by Secure Sockets Layer (SSL) encryption, making it difficult to identify if the traffic directed to sites is malicious. This paper presents a Malicious SSL certificate Detection (MSSLD) module, which aims at detecting the APT C&C communications based on a blacklist of malicious SSL certificates. This blacklist consists of two forms of SSL certificates, the SHA1 fingerprints and the serial & subject, that are associated with malware and malicious activities. In this detection module, the network traffic is processed and all secure connections are filtered. The SSL certificate of each secure connection is then matched with the SSL certificate blacklist. This module was experimentally evaluated and the results show successful detection of malicious SSL certificates.
-
Disguised executable files in spear-phishing emails: Detecting the point of entry in advanced persistent threat
2017Co-Authors: Ibrahim Ghafir, Mohammad Hammoudeh, Vaclav PrenosilAbstract:advanced persistent threat (APT) is one of the most serious types of cyber attacks, which is a new and more complex version of multi-step attack. Within the APT life cycle, the most common technique used to get the point of entry is spear-phishing emails which may contain disguised executable files. This paper presents the disguised executable file detection (DeFD) module, which aims at detecting disguised exe files transferred over the connections. The detection is based on a comparison between the MIME type of the transferred file and the file name extension. This module was experimentally evaluated and the results show successful detection of disguised executable files.
Rongxing Lu - One of the best experts on this subject based on the ideXlab platform.
-
privacy preserving personal data operation on mobile cloud chances and challenges over advanced persistent threat
Future Generation Computer Systems, 2018Co-Authors: Man Ho Allen Au, Rongxing Lu, Kaitai Alexander Liang, Jianting NingAbstract:Abstract Bring your own devices have become a new symbol of industrial and education institutional culture to date. A single individual can gain access to personal data anytime at anywhere of his/her workplace due to the advanced WiFi/5G network and cloud technology. The most convenient way for us to access to cloud data is to use personal smartphone. However, smartphone is somewhat vulnerable (because of its innate disadvantage, e.g., low security protection and limited computation resource) while encountering with malicious attacks in open network. Mobile users may be the victims of a recent new type of attack - advanced persistent threat (APT), since attackers may penetrate into different levels of cloud and mobile infrastructures to eavesdrop, steal and temper data. This survey paper introduces some security/privacy risks on mobile cloud in the view point of applied cryptography. Meanwhile, it provides some insights as possible solutions for the risks.
-
Privacy-preserving personal data operation on mobile cloud—Chances and challenges over advanced persistent threat
Future Generation Computer Systems, 2018Co-Authors: Man Ho Au, Rongxing Lu, Kaitai Liang, J. K. Liu, Jianting NingAbstract:Bring your own devices have become a new symbol of industrial and education institutional culture to date. A single individual can gain access to personal data anytime at anywhere of his/her workplace due to the advanced WiFi/5G network and cloud technology. The most convenient way for us to access to cloud data is to use personal smartphone. However, smartphone is somewhat vulnerable (because of its innate disadvantage, e.g., low security protection and limited computation resource) while encountering with malicious attacks in open network. Mobile users may be the victims of a recent new type of attack - advanced persistent threat (APT), since attackers may penetrate into different levels of cloud and mobile infrastructures to eavesdrop, steal and temper data. This survey paper introduces some security/privacy risks on mobile cloud in the view point of applied cryptography. Meanwhile, it provides some insights as possible solutions for the risks.
Chiamei Chen - One of the best experts on this subject based on the ideXlab platform.
-
evolution of advanced persistent threat apt attacks and actors
International Conference on Supercomputing, 2018Co-Authors: Chiamei ChenAbstract:advanced persistent threat (APT) has become one of the most complicated and intractable cyber attack over the last decade. As APT attacks are conducted through series of actions that comprise social engineering, phishing, command and control servers, and remote desktop control, conventional anti-virus mechanisms become insufficient because they were designed to cope with traditional stand-alone malware attacks. Furthermore, data transmission from the compromised network to the APT actors is usually well disguised and embedded in normal transmission, exacerbating the detection of APT attacks to the point that even major anti-virus firms are not sure about the ratio of discovered APT attacks against real attacks. To make things worse, APT actors tend to be well-organized and potentially government-funded groups of hackers and professionals who are capable of developing and maintaining malware specifically made for their own purposes and interpret the stolen data. While most efforts in defending against APT attacks focus on related technologies, this research argues the importance of constructing a holistic understanding by analyzing the behaviors and changes of ATP attacks and actors. This research aims to understand the evolution of technologies and malware on the one hand and the behavioral changes of attacking groups. By doing so, this research is expected to contribute to constructing a clearer roadmap of APT attacks and actors that cyber security providers can use as reference.
-
ICS - Evolution of advanced persistent threat (APT) Attacks and Actors.
Communications in Computer and Information Science, 2018Co-Authors: Chiamei ChenAbstract:advanced persistent threat (APT) has become one of the most complicated and intractable cyber attack over the last decade. As APT attacks are conducted through series of actions that comprise social engineering, phishing, command and control servers, and remote desktop control, conventional anti-virus mechanisms become insufficient because they were designed to cope with traditional stand-alone malware attacks. Furthermore, data transmission from the compromised network to the APT actors is usually well disguised and embedded in normal transmission, exacerbating the detection of APT attacks to the point that even major anti-virus firms are not sure about the ratio of discovered APT attacks against real attacks. To make things worse, APT actors tend to be well-organized and potentially government-funded groups of hackers and professionals who are capable of developing and maintaining malware specifically made for their own purposes and interpret the stolen data. While most efforts in defending against APT attacks focus on related technologies, this research argues the importance of constructing a holistic understanding by analyzing the behaviors and changes of ATP attacks and actors. This research aims to understand the evolution of technologies and malware on the one hand and the behavioral changes of attacking groups. By doing so, this research is expected to contribute to constructing a clearer roadmap of APT attacks and actors that cyber security providers can use as reference.
Fan Zhang - One of the best experts on this subject based on the ideXlab platform.
-
extended petri net based advanced persistent threat analysis model
2014Co-Authors: Wentao Zhao, Pengfei Wang, Fan ZhangAbstract:In order to display the attack scene in the description of the multistep process-oriented attack—advanced persistent threat, a specific model on advanced persistent threat behavior analysis—EPNAM is proposed, which is based on the Petri net and combined with the characteristics of APT. Firstly we carry out hierarchical analysis on the attack scene with AHP method to build the APT architecture and extract scene factors, then associate the attack scene with Petri net to construct extended Petri net, and finally, traverse the extended Petri net to generate the formal expression. The proposed model can achieve the combination of the attack scene, attack process, and state space, and its feasibility is proved by the application on actual case analysis of the RSA SecurID theft attack.
-
Extended Petri Net-Based advanced persistent threat Analysis Model
Proceedings of the 2013 International Conference on Computer Engineering and Network (CENet2013), 2013Co-Authors: Wentao Zhao, Pengfei Wang, Fan ZhangAbstract:The objective of wireless sensor networks is to extract the synoptic structures (spatiotemporal sequence) of the phenomena of ROI (region of interest) in order to make effective predictive and analytical characterizations. Energy limitation is one of the main obstacles to the universal application of wireless sensor networks. Recently, adaptive sampling strategy is regarded as a much promising method for improving energy efficiency. In this paper, we dedicate to investigating how to regulate sampling frequency of sensor nodes in different clusters dynamically following the change of signal frequency. The adaptive frequency-based sampling (FAS) algorithm proposed in this literature is to measure periodic signal frequency online in different clustered region, afterwards regulate signal sampling frequency following with minimal necessary frequency criterion; as a result, the previous desired level of accuracy is achieved, and the energy consumption is decreased. The simulation results are compared with that of fixed sampling rate approach with respect to energy conservation. © 2014 Springer International Publishing Switzerland.
