The Experts below are selected from a list of 66 Experts worldwide ranked by ideXlab platform
Jeffrey Wu - One of the best experts on this subject based on the ideXlab platform.
-
GLOBECOM - Targeted Malicious Email Detection Using Hypervisor-Based Dynamic Analysis and Ensemble Learning
2019 IEEE Global Communications Conference (GLOBECOM), 2019Co-Authors: Jian Zhang, Wenzhen Li, Liangyi Gong, Zhaojun Gu, Jeffrey WuAbstract:At present, email is still one of the most frequently used communication tools for organizations and individuals. With the leakage of personal privacy information, Targeted malicious email (TME) is becoming a prominent Targeted Cyber Attack vector in today's Internet. This type of Attack often uses personal information, about an individual, group of individuals, or an organization, to make a TME more believable and personalized. TME is effective to penetrate email defense system because it is fundamentally difficult for traditional email security method to distinguish legitimate emails from malicious emails. And TMEs often contain malicious URLs or malicious attachments, which are extremely aggressive and destructive. In order to effectively deal with this new type of malicious email Attack, this paper proposes a dynamic detection method for malicious email. We simulate the recipient opening the email in the virtual machine (VM), accessing the URL and activating the attachment. And we use the virtual machine introspection (VMI) and memory forensics analysis (MFA) technology to obtain the dynamic features of the email by the out-of-VM. Then we use AdaBoostM1 ensemble learning method and Voting combination strategy to combine three base classifiers such as BayesNet, SMO and J48 to build a powerful classification model for detecting TME Attacks. The AdaBoostM1 classifier achieved the high detection rates, with an AUC of 0.997, true positive rate (TPR) of 0.997, and false positive rate (FPR) of 0.015. In addition, our proposed detection method is superior to the 56 anti-virus engines on VirusTotal and most of the existing research works.
-
Targeted Malicious Email Detection Using Hypervisor-Based Dynamic Analysis and Ensemble Learning
2019 IEEE Global Communications Conference (GLOBECOM), 2019Co-Authors: Jian Zhang, Wenzhen Li, Liangyi Gong, Zhaojun Gu, Jeffrey WuAbstract:At present, email is still one of the most frequently used communication tools for organizations and individuals. With the leakage of personal privacy information, Targeted malicious email (TME) is becoming a prominent Targeted Cyber Attack vector in today's Internet. This type of Attack often uses personal information, about an individual, group of individuals, or an organization, to make a TME more believable and personalized. TME is effective to penetrate email defense system because it is fundamentally difficult for traditional email security method to distinguish legitimate emails from malicious emails. And TMEs often contain malicious URLs or malicious attachments, which are extremely aggressive and destructive. In order to effectively deal with this new type of malicious email Attack, this paper proposes a dynamic detection method for malicious email. We simulate the recipient opening the email in the virtual machine (VM), accessing the URL and activating the attachment. And we use the virtual machine introspection (VMI) and memory forensics analysis (MFA) technology to obtain the dynamic features of the email by the out-of-VM. Then we use AdaBoostM1 ensemble learning method and Voting combination strategy to combine three base classifiers such as BayesNet, SMO and J48 to build a powerful classification model for detecting TME Attacks. The AdaBoostM1 classifier achieved the high detection rates, with an AUC of 0.997, true positive rate (TPR) of 0.997, and false positive rate (FPR) of 0.015. In addition, our proposed detection method is superior to the 56 anti-virus engines on VirusTotal and most of the existing research works.
Jian Zhang - One of the best experts on this subject based on the ideXlab platform.
-
GLOBECOM - Targeted Malicious Email Detection Using Hypervisor-Based Dynamic Analysis and Ensemble Learning
2019 IEEE Global Communications Conference (GLOBECOM), 2019Co-Authors: Jian Zhang, Wenzhen Li, Liangyi Gong, Zhaojun Gu, Jeffrey WuAbstract:At present, email is still one of the most frequently used communication tools for organizations and individuals. With the leakage of personal privacy information, Targeted malicious email (TME) is becoming a prominent Targeted Cyber Attack vector in today's Internet. This type of Attack often uses personal information, about an individual, group of individuals, or an organization, to make a TME more believable and personalized. TME is effective to penetrate email defense system because it is fundamentally difficult for traditional email security method to distinguish legitimate emails from malicious emails. And TMEs often contain malicious URLs or malicious attachments, which are extremely aggressive and destructive. In order to effectively deal with this new type of malicious email Attack, this paper proposes a dynamic detection method for malicious email. We simulate the recipient opening the email in the virtual machine (VM), accessing the URL and activating the attachment. And we use the virtual machine introspection (VMI) and memory forensics analysis (MFA) technology to obtain the dynamic features of the email by the out-of-VM. Then we use AdaBoostM1 ensemble learning method and Voting combination strategy to combine three base classifiers such as BayesNet, SMO and J48 to build a powerful classification model for detecting TME Attacks. The AdaBoostM1 classifier achieved the high detection rates, with an AUC of 0.997, true positive rate (TPR) of 0.997, and false positive rate (FPR) of 0.015. In addition, our proposed detection method is superior to the 56 anti-virus engines on VirusTotal and most of the existing research works.
-
Targeted Malicious Email Detection Using Hypervisor-Based Dynamic Analysis and Ensemble Learning
2019 IEEE Global Communications Conference (GLOBECOM), 2019Co-Authors: Jian Zhang, Wenzhen Li, Liangyi Gong, Zhaojun Gu, Jeffrey WuAbstract:At present, email is still one of the most frequently used communication tools for organizations and individuals. With the leakage of personal privacy information, Targeted malicious email (TME) is becoming a prominent Targeted Cyber Attack vector in today's Internet. This type of Attack often uses personal information, about an individual, group of individuals, or an organization, to make a TME more believable and personalized. TME is effective to penetrate email defense system because it is fundamentally difficult for traditional email security method to distinguish legitimate emails from malicious emails. And TMEs often contain malicious URLs or malicious attachments, which are extremely aggressive and destructive. In order to effectively deal with this new type of malicious email Attack, this paper proposes a dynamic detection method for malicious email. We simulate the recipient opening the email in the virtual machine (VM), accessing the URL and activating the attachment. And we use the virtual machine introspection (VMI) and memory forensics analysis (MFA) technology to obtain the dynamic features of the email by the out-of-VM. Then we use AdaBoostM1 ensemble learning method and Voting combination strategy to combine three base classifiers such as BayesNet, SMO and J48 to build a powerful classification model for detecting TME Attacks. The AdaBoostM1 classifier achieved the high detection rates, with an AUC of 0.997, true positive rate (TPR) of 0.997, and false positive rate (FPR) of 0.015. In addition, our proposed detection method is superior to the 56 anti-virus engines on VirusTotal and most of the existing research works.
Dong-joo Kang - One of the best experts on this subject based on the ideXlab platform.
-
Key Distribution Process for Encryption of SCADA Communication using Game Theory applied Multiagent System
Journal of The Korean Institute of Illuminating and Electrical Installation Engineers, 2009Co-Authors: Dong-joo KangAbstract:SCADA (Supervisory Control and Data Acquisition) system has been used for remote measurement and control on the critical infrastructures as well as modern industrial facilities. As Cyber Attacks increase on communication networks, SCADA network has been also exposed to Cyber security problems. Especially, SCADA systems of energy industry such as electric power, gas and oil are vulnerable to Targeted Cyber Attack and terrorism. Recently, many research efforts to solve the problems have made progress on SCADA network security. In this paper, flexible key distribution concept is proposed for improving the security of SCADA network using Multiagent System (MAS).
-
BLISS - Flexible Key Distribution for SCADA Network using Multi-Agent System
2007 ECSIS Symposium on Bio-inspired Learning and Intelligent Systems for Security (BLISS 2007), 2007Co-Authors: Dong-joo KangAbstract:SCADA (Supervisory Control and Data Acquisition) system has been used for remote measurement and control on the critical infrastructures as well as modern industrial facilities. As Cyber Attacks increase on communication networks, SCADA network has been also exposed to Cyber security problems. Especially, SCADA systems of energy industry such as electric power, gas and oil are vulnerable to Targeted Cyber Attack and terrorism. Recently, many research efforts to solve the problems have made progress on SCADA network security. In this paper, flexible key distribution concept is proposed for improving the security of SCADA network using multi-agent system (MAS).
Wenzhen Li - One of the best experts on this subject based on the ideXlab platform.
-
GLOBECOM - Targeted Malicious Email Detection Using Hypervisor-Based Dynamic Analysis and Ensemble Learning
2019 IEEE Global Communications Conference (GLOBECOM), 2019Co-Authors: Jian Zhang, Wenzhen Li, Liangyi Gong, Zhaojun Gu, Jeffrey WuAbstract:At present, email is still one of the most frequently used communication tools for organizations and individuals. With the leakage of personal privacy information, Targeted malicious email (TME) is becoming a prominent Targeted Cyber Attack vector in today's Internet. This type of Attack often uses personal information, about an individual, group of individuals, or an organization, to make a TME more believable and personalized. TME is effective to penetrate email defense system because it is fundamentally difficult for traditional email security method to distinguish legitimate emails from malicious emails. And TMEs often contain malicious URLs or malicious attachments, which are extremely aggressive and destructive. In order to effectively deal with this new type of malicious email Attack, this paper proposes a dynamic detection method for malicious email. We simulate the recipient opening the email in the virtual machine (VM), accessing the URL and activating the attachment. And we use the virtual machine introspection (VMI) and memory forensics analysis (MFA) technology to obtain the dynamic features of the email by the out-of-VM. Then we use AdaBoostM1 ensemble learning method and Voting combination strategy to combine three base classifiers such as BayesNet, SMO and J48 to build a powerful classification model for detecting TME Attacks. The AdaBoostM1 classifier achieved the high detection rates, with an AUC of 0.997, true positive rate (TPR) of 0.997, and false positive rate (FPR) of 0.015. In addition, our proposed detection method is superior to the 56 anti-virus engines on VirusTotal and most of the existing research works.
-
Targeted Malicious Email Detection Using Hypervisor-Based Dynamic Analysis and Ensemble Learning
2019 IEEE Global Communications Conference (GLOBECOM), 2019Co-Authors: Jian Zhang, Wenzhen Li, Liangyi Gong, Zhaojun Gu, Jeffrey WuAbstract:At present, email is still one of the most frequently used communication tools for organizations and individuals. With the leakage of personal privacy information, Targeted malicious email (TME) is becoming a prominent Targeted Cyber Attack vector in today's Internet. This type of Attack often uses personal information, about an individual, group of individuals, or an organization, to make a TME more believable and personalized. TME is effective to penetrate email defense system because it is fundamentally difficult for traditional email security method to distinguish legitimate emails from malicious emails. And TMEs often contain malicious URLs or malicious attachments, which are extremely aggressive and destructive. In order to effectively deal with this new type of malicious email Attack, this paper proposes a dynamic detection method for malicious email. We simulate the recipient opening the email in the virtual machine (VM), accessing the URL and activating the attachment. And we use the virtual machine introspection (VMI) and memory forensics analysis (MFA) technology to obtain the dynamic features of the email by the out-of-VM. Then we use AdaBoostM1 ensemble learning method and Voting combination strategy to combine three base classifiers such as BayesNet, SMO and J48 to build a powerful classification model for detecting TME Attacks. The AdaBoostM1 classifier achieved the high detection rates, with an AUC of 0.997, true positive rate (TPR) of 0.997, and false positive rate (FPR) of 0.015. In addition, our proposed detection method is superior to the 56 anti-virus engines on VirusTotal and most of the existing research works.
Liangyi Gong - One of the best experts on this subject based on the ideXlab platform.
-
GLOBECOM - Targeted Malicious Email Detection Using Hypervisor-Based Dynamic Analysis and Ensemble Learning
2019 IEEE Global Communications Conference (GLOBECOM), 2019Co-Authors: Jian Zhang, Wenzhen Li, Liangyi Gong, Zhaojun Gu, Jeffrey WuAbstract:At present, email is still one of the most frequently used communication tools for organizations and individuals. With the leakage of personal privacy information, Targeted malicious email (TME) is becoming a prominent Targeted Cyber Attack vector in today's Internet. This type of Attack often uses personal information, about an individual, group of individuals, or an organization, to make a TME more believable and personalized. TME is effective to penetrate email defense system because it is fundamentally difficult for traditional email security method to distinguish legitimate emails from malicious emails. And TMEs often contain malicious URLs or malicious attachments, which are extremely aggressive and destructive. In order to effectively deal with this new type of malicious email Attack, this paper proposes a dynamic detection method for malicious email. We simulate the recipient opening the email in the virtual machine (VM), accessing the URL and activating the attachment. And we use the virtual machine introspection (VMI) and memory forensics analysis (MFA) technology to obtain the dynamic features of the email by the out-of-VM. Then we use AdaBoostM1 ensemble learning method and Voting combination strategy to combine three base classifiers such as BayesNet, SMO and J48 to build a powerful classification model for detecting TME Attacks. The AdaBoostM1 classifier achieved the high detection rates, with an AUC of 0.997, true positive rate (TPR) of 0.997, and false positive rate (FPR) of 0.015. In addition, our proposed detection method is superior to the 56 anti-virus engines on VirusTotal and most of the existing research works.
-
Targeted Malicious Email Detection Using Hypervisor-Based Dynamic Analysis and Ensemble Learning
2019 IEEE Global Communications Conference (GLOBECOM), 2019Co-Authors: Jian Zhang, Wenzhen Li, Liangyi Gong, Zhaojun Gu, Jeffrey WuAbstract:At present, email is still one of the most frequently used communication tools for organizations and individuals. With the leakage of personal privacy information, Targeted malicious email (TME) is becoming a prominent Targeted Cyber Attack vector in today's Internet. This type of Attack often uses personal information, about an individual, group of individuals, or an organization, to make a TME more believable and personalized. TME is effective to penetrate email defense system because it is fundamentally difficult for traditional email security method to distinguish legitimate emails from malicious emails. And TMEs often contain malicious URLs or malicious attachments, which are extremely aggressive and destructive. In order to effectively deal with this new type of malicious email Attack, this paper proposes a dynamic detection method for malicious email. We simulate the recipient opening the email in the virtual machine (VM), accessing the URL and activating the attachment. And we use the virtual machine introspection (VMI) and memory forensics analysis (MFA) technology to obtain the dynamic features of the email by the out-of-VM. Then we use AdaBoostM1 ensemble learning method and Voting combination strategy to combine three base classifiers such as BayesNet, SMO and J48 to build a powerful classification model for detecting TME Attacks. The AdaBoostM1 classifier achieved the high detection rates, with an AUC of 0.997, true positive rate (TPR) of 0.997, and false positive rate (FPR) of 0.015. In addition, our proposed detection method is superior to the 56 anti-virus engines on VirusTotal and most of the existing research works.
