skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


  • NSF Public Access
  • Search Results
  • A Novel Keystroke Dataset for Preventing Advanced Persistent Threats [A Novel Keystroke Dataset for Preventing Advanced Persistent Threats]
Title: A Novel Keystroke Dataset for Preventing Advanced Persistent Threats [A Novel Keystroke Dataset for Preventing Advanced Persistent Threats]
Award ID(s):
2122746
PAR ID:
10519793
Author(s) / Creator(s):
; ; ; ;
Publisher / Repository:
SCITEPRESS - Science and Technology Publications
Date Published:
ISBN:
978-989-758-684-2
Page Range / eLocation ID:
894 to 901
Format(s):
Medium: X
Location:
Rome, Italy
Sponsoring Org:
National Science Foundation
More Like this
  1. (, International Conferences on Software Engineering and Knowledge Engineering)
  2. ; (, Information Systems Frontiers)
    null (Ed.)
  3. ; ; ; ; (, Network and Distributed System Security Symposium)
    Advanced Persistent Threats (APTs) are difficult to detect due to their “low-and-slow” attack patterns and frequent use of zero-day exploits. We present UNICORN, an anomaly-based APT detector that effectively leverages data provenance analysis. From modeling to detection, UNICORN tailors its design specifically for the unique characteristics of APTs. Through extensive yet time-efficient graph analysis, UNICORN explores provenance graphs that provide rich contextual and historical information to identify stealthy anomalous activities without pre-defined attack signatures. Using a graph sketching technique, it summarizes long-running system execution with space efficiency to combat slow-acting attacks that take place over a long time span. UNICORN further improves its detection capability using a novel modeling approach to understand long-term behavior as the system evolves. Our evaluation shows that UNICORN outperforms an existing state-of-the-art APT detection system and detects real-life APT scenarios with high accuracy. 
    more » « less
  4. ; (, 2nd Conference on Risk Analysis, Decision Analysis and Security, Niagara Falls, NY)
    Deception has been proposed in the literature as an effective defense mechanism to address Advanced Persistent Threats (APT). However, administering deception in a cost-effective manner requires a good understanding of the attack landscape. In this paper, we develop a Hidden Markov Model based framework where the indicators of compromise (IoC) are used as the observables. This framework would help in selecting an appropriate deception script and triggering the proper defensive strategy when faced with APTs or other malware. The effectiveness of the model and the associated framework are illustrated by considering ransomware as the offending APT in a networked system. 
    more » « less
  5. ; ; ; ; (, IEEE Journal on Selected Areas in Communications)
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email