skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


Title: Use of Bash History Novelty Detection for Identification of Similar Source Attack Generation
When a cyberattack occurs, tracking the attack back to an actual individual person can be problematic. Even identifying the workstation or device that it originated from does not necessarily identify the attacker, as the attacking device could, itself, be compromised. A system to determine whether activities that occur are from the same user or not facilitates forensic analysis as well as the detection of concurrent attacks from different devices by the same user. This paper proposes a system for identifying attackers based on behaviors expressed via their use of the Bash command line interface, the most common shell on Linux distributions. Prior systems were limited by issues such as requiring labeled user data which is difficult to acquire or not being specific enough to monitor individual persons. The approach proposed herein does not require labeled data and is specific enough to target individual users. The proposed system analyzes the level of variance between commands used and calculates an anomaly score for each given command. It uses these anomaly scores to compare Bash history sets together to identify if they were created by the same user. © 2021 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.  more » « less
Award ID(s):
1757659
PAR ID:
10213652
Author(s) / Creator(s):
;
Date Published:
Journal Name:
Proceedings of the 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)
Volume:
2021
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. ; ; (, Proceedings of the 2019 International Conference on Computational Science and Computational Intelligence (CSCI))
    Anti-drone technologies that attack drone clusters or swarms autonomous command technologies may need to identify the type of command system being utilized and the various roles of particular UAVs within the system. This paper presents a set of algorithms to identify what swarm command method is being used and the role of particular drones within a swarm or cluster of UAVs utilizing only passive sensing techniques (which cannot be detected). A testing configuration for validating the algorithms is also discussed. © 2019 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works. 
    more » « less
  2. ; ; (, Proceedings of the 2019 IEEE 16th International Conference on Mobile Ad Hoc and Sensor Systems Workshops (MASSW))
    The use of deep neural networks for speech recognition and recognizing speech commands continues to grow. This necessitates an understanding of the security risks that goes along with this technology. This paper analyzes the ability to interfere with the performance of neural networks for speech pattern recognition. With the methods proposed herein, it is a simple matter to create adversarial data by overlaying audio of a command at a fairly unnoticeable amplitude. This causes the neural network to lose around 20% accuracy and misidentify commands for other commands with an average to high confidence value. Such an attack is virtually undetectable to the human ear. © 2019 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works. 
    more » « less
  3. ; ; ; (, Proceedings of the 2019 International Conference on Computational Science and Computational Intelligence (CSCI))
    News articles that are written with an intent to deliberately deceive or manipulate readers are inherently problematic. These so-called 'fake news' articles are believed to have contributed to election manipulation and even resulted in severe injury and death, by actions that they have triggered. Identifying intentionally deceptive and manipulative news article and alerting human readers is key to mitigating the damage that they can produce. The dataset presented in this paper includes manually identified and classified news stories that can be used for the training and testing of classification systems that identify legitimate versus fake and manipulative news stories. © 2019 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works. 
    more » « less
  4. ; ; ; (, 2022 IEEE Symposium on Security and Privacy (SP))
    Universal Serial Bus (USB) ports are a ubiquitous feature in computer systems and offer a cheap and efficient way to provide power and data connectivity between a host and peripheral devices. Even with the rise of cloud and off-site computing, USB has played a major role in enabling data transfer between devices. Its usage is especially prevalent in high-security environments where systems are ‘air-gapped’ and not connected to the Internet. However, recent research has demonstrated that USB is not nearly as secure as once thought, with different attacks showing that modified firmware on USB mass storage devices can compromise a host system. While many defenses have been proposed, they require user interaction, advanced hardware support (incompatible with legacy devices), or utilize device identifiers that can be subverted by an attacker. In this paper, we present Time-Print, a novel timing-based fingerprinting method, for identifying USB mass storage devices. We create a fingerprint by timing a series of read operations from different locations on a drive, as the timing variations are unique enough to identify individual USB devices. Time-Print is low overhead, completely software-based, and does not require any extra or specialized hardware. To validate the efficacy of Time-Print, we examine more than 40 USB flash drives and conduct experiments in multiple authentication scenarios. The experimental results show that Time-Print can (1) identify known/unknown brand/model USB devices with greater than 99.5% accuracy, (2) identify seen/unseen devices of the same brand/model with 95% accuracy, and (3) classify USB devices from the same brand/model with an average accuracy of 98.7%. 
    more » « less
  5. ; ; (, IEEE Applied Imagery Pattern Recognition Workshop)
    In emergency situations, such as the current COVID-19 pandemic, less immediate concerns such as cybersecurity and long-term economic impact can fall by the wayside. This paper presents a discussion of the impact of cybersecurity issues that occur during and are attributable to pandemics and other emergency situations. This discussion is facilitated by a simulation tool, the Disaster Vulnerability Threat and Impact Simulator System (DVTISS). DVTISS simulates the network structure, security measures, user characteristics and demographics, data, and devices of an organization or region’s computing infrastructure. The system is provided input parameters and performs analysis to identify the combined results of numerous different decisions, which are made in concert, to identify the types of vulnerabilities that may be present and the impact of their exploitation. The impacts of system unavailability are considered. This can aid businesses, governments and others in determining the level of prioritization that should be given to cybersecurity considerations. The simulator can also be used for disaster preparedness and planning, evaluating particular response strategies and the evaluation of laws and policies that impact IT decision making during emergencies. This paper uses the DVTISS tool to consider organizational responses to several example emergency situations. It demonstrates the utility of the tool as well as its efficacy for decision making support. Based on the example emergencies, the paper also discusses key areas of vulnerability during emergency situations and their financial, data and system outage impacts. © 2020 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email