Ali Ahmadian Ramaki; Abbas Ghaemi-Bafghi; Abbas Rasoolzadegan
Abstract
Nowadays, targeted attacks like Advanced Persistent Threats (APTs) has become one of the major concern of many enterprise networks. As a common approach to counter these attacks, security staff deploy a variety of heterogeneous security and non-security sensors at different lines of defense (Network, ...
Read More
Nowadays, targeted attacks like Advanced Persistent Threats (APTs) has become one of the major concern of many enterprise networks. As a common approach to counter these attacks, security staff deploy a variety of heterogeneous security and non-security sensors at different lines of defense (Network, Host, and Application) to track the attacker's behaviors during their kill chain. However, one of the drawbacks of this approach is the huge amount of events raised by heterogeneous sensors which makes it difficult to analyze logged events for later processing i.e. event correlation for timely detection of APT attacks. The main focus of the existing works is only on the degree to which the event volume is reduced, while the amount of security information lost during the event aggregation process is also very important. In this paper, we propose a three-phase event aggregation method to reduce the volume of heterogeneous events during APT attacks considering the lowest rate of loss of security information. To this aim, at first, low-level events of the sensors are clustered into some similar event groups and then, after filtering noisy event clusters, the remained clusters are summarized based on an Attribute-Oriented Induction (AOI) method in a controllable manner to reduce the unimportant or duplicated events. The method has been evaluated on the three publicly available datasets: SotM34, Bryant, and LANL. The experimental results show that the method is efficient enough in event aggregation and can reduce events volume up to 99.7 with an acceptable level of information loss ratio (ILR).
Zahra Eskandari; Abbas Ghaemi Bafghi
Abstract
Cube Attack is a successful case of Algebraic Attack. Cube Attack consists of two phases, linear equation extraction and solving the extracted equation system. Due to the high complexity of equation extraction phase in finding linear equations, we can extract nonlinear ones that could be approximated ...
Read More
Cube Attack is a successful case of Algebraic Attack. Cube Attack consists of two phases, linear equation extraction and solving the extracted equation system. Due to the high complexity of equation extraction phase in finding linear equations, we can extract nonlinear ones that could be approximated to linear equations with high probability. The probabilistic equations could be considered as linear ones under some noises. Existing approaches to solve noisy equation systems work well provided that the equation system has low error rate; however, as the error rate increases, the success rate of finding the exact solution diminishes, making them rather inefficient in high error rate. In this paper, we extend Cube Attack to probabilistic equations. First, an approximation approach based on linear combinations of nonlinear equations is presented to find probabilistic linear equations with high probability. Then, we present an approach to improve the efficiency of current solving approaches and make them practical to solve high error rate linear equation system. Finally, utilizing proposed approaches, we find the right key under extended noisy equation system with lower complexity in comparison to the original Cube Attack.
H. Shakeri; A. Ghaemi Bafghi
Abstract
It is a common and useful task in a web of trust to evaluate the trust value between two nodes using intermediate nodes. This technique is widely used when the source node has no experience of direct interaction with the target node, or the direct trust is not reliable enough by itself. If trust is used ...
Read More
It is a common and useful task in a web of trust to evaluate the trust value between two nodes using intermediate nodes. This technique is widely used when the source node has no experience of direct interaction with the target node, or the direct trust is not reliable enough by itself. If trust is used to support decision-making, it is important to have not only an accurate estimate of trust, but also a measure of confidence in the intermediate nodes as well as the final estimated value of trust. The present paper thus aims to introduce a novel framework for integrated representation of trust and confidence using intervals, which provides two operations of trust interval multiplication and summation. The former is used for computing propagated trust and confidence, whereas the latter provides a formula for aggregating different trust opinions. The properties of the two operations are investigated in details. This study also proposes a time-variant method that considers freshness, expertise level and two similarity measures in confidence estimation. The results indicate that this method is more accurate compared to the existing ones. In this regard, the results of experiments carried out on two well-known trust datasets are reported and analyzed, showing that the proposed method increases the accuracy of trust inference in comparison with the existing methods.