Recent years have witnessed the rise of Internet-of-Things (IoT) based cyber attacks. These attacks, as expected, are launched from compromised IoT devices by exploiting security flaws already known. Less clear, however, are the fundamental causes of the pervasiveness of IoT device vulnerabilities and their security implications, particularly in how they affect ongoing cybercrimes. To better understand the problems and seek effective means to suppress the wave of IoT-based attacks, we conduct a comprehensive study based on a large number of real-world attack traces collected from our honeypots, attack tools purchased from the underground, and information collected from high-profile IoT attacks.more »
Employing attack graphs for intrusion detection
Intrusion detection systems are a commonly deployed defense that
examines network traffic, host operations, or both to detect attacks.
However, more attacks bypass IDS defenses each year, and with the
sophistication of attacks increasing as well, we must examine new
perspectives for intrusion detection. Current intrusion detection
systems focus on known attacks and/or vulnerabilities, limiting
their ability to identify new attacks, and lack the visibility into all
system components necessary to confirm attacks accurately, particularly
programs. To change the landscape of intrusion detection,
we propose that future IDSs track how attacks evolve across system
layers by adapting the concept of attack graphs. Attack graphs were
proposed to study how multi-stage attacks could be launched by
exploiting known vulnerabilities. Instead of constructing attacks
reactively, we propose to apply attack graphs proactively to detect
sequences of events that fulfill the requirements for vulnerability
exploitation. Using this insight, we examine how to generate modular
attack graphs automatically that relate adversary accessibility
for each component, called its attack surface, to flaws that provide
adversaries with permissions that create threats, called attack states,
and exploit operations from those threats, called attack actions. We
evaluate the proposed approach by applying it to two case studies:
(1) attacks on file retrieval, such as TOCTTOU attacks, and
(2) attacks propagated among processes, such as attacks on Shellshock
vulnerabilities. In these case more »
- Publication Date:
- NSF-PAR ID:
- 10163950
- Journal Name:
- New Security Paradigms Workshop
- Page Range or eLocation-ID:
- 16 to 30
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
Recent years have witnessed the rise of Internet-of-Things (IoT) based cyber attacks. These attacks, as expected, are launched from compromised IoT devices by exploiting security flaws already known. Less clear, however, are the fundamental causes of the pervasiveness of IoT device vulnerabilities and their security implications, particularly in how they affect ongoing cybercrimes. To better understand the problems and seek effective means to suppress the wave of IoT-based attacks, we conduct a comprehensive study based on a large number of real-world attack traces collected from our honeypots, attack tools purchased from the underground, and information collected from high-profile IoT attacks.more »
-
Cyber-threats are continually evolving and growing in numbers and extreme complexities with the increasing connectivity of the Internet of Things (IoT). Existing cyber-defense tools seem not to deter the number of successful cyber-attacks reported worldwide. If defense tools are not seldom, why does the cyber-chase trend favor bad actors? Although cyber-defense tools monitor and try to diffuse intrusion attempts, research shows the required agility speed against evolving threats is way too slow. One of the reasons is that many intrusion detection tools focus on anomaly alerts’ accuracy, assuming that pre-observed attacks and subsequent security patches are adequate. Well, that ismore »
-
One of the effective ways of detecting malicious traffic in computer networks is intrusion detection systems (IDS). Though IDS identify malicious activities in a network, it might be difficult to detect distributed or coordinated attacks because they only have single vantage point. To combat this problem, cooperative intrusion detection system was proposed. In this detection system, nodes exchange attack features or signatures with a view of detecting an attack that has previously been detected by one of the other nodes in the system. Exchanging of attack features is necessary because a zero-day attacks (attacks without known signature) experienced in differentmore »
-
Industrial control systems (ICS) include systems that control industrial processes in critical infrastructure such as electric grids, nuclear power plants, manufacturing plans, water treatment systems, pharmaceutical plants, and building automation systems. ICS represent complex systems that contain an abundance of unique devices all of which may hold different types of software, including applications, firmware and operating systems. Due to their ability to control physical infrastructure, ICS have more and more become targets of cyber-attacks, increasing the risk of serious damage, negative financial impact, disruption to business operations, disruption to communities, and even the loss of life. Ethical hacking represents onemore »