Search for: All records

While network attacks play a critical role in many advanced persistent threat (APT) campaigns, an arms race exists between the network defenders and the adversary: to make APT campaigns stealthy, the adversary is strongly motivated to evade the detection system. However, new studies have shown that neural network is likely a game-changer in the arms race: neural network could be applied to achieve accurate, signature-free, and low-false-alarm-rate detection. In this work, we investigate whether the adversary could fight back during the next phase of the arms race. In particular, noticing that none of the existing adversarial example generation methods could generate malicious packets (and sessions) that can simultaneously compromise the target machine and evade the neural network detection model, we propose a novel attack method to achieve this goal. We have designed and implemented the new attack. We have also used Address Resolution Protocol (ARP) Poisoning and Domain Name System (DNS) Cache Poisoning as the case study to demonstrate the effectiveness of the proposed attack. 

Not AvailableThis paper presents and advocates for an initiative to expand access to secure programming education. The Strengthening Workforce Education: Excellence in Programming Securely (SWEEPS) initiative, funded by the National Centers of Academic Excellence in Cybersecurity (NCAE-C) program, seeks to advance secure programming and help achieve security aims. SWEEPS establishes a secure programming curriculum and workforce development coalition of seven institutions across two CAE (Center of Academic Excellence) regions (Northeast and Southwest) and five states (California, Massachusetts, Maryland, Indiana, and North Carolina). This coalition includes industry-based stakeholders collaborating with the US Army and government agencies on various projects. SWEEPS draws on prior work establishing critical concepts in secure programming, assessment tools, learning aids, and system infrastructure. The initiative offers a series of interconnected, stackable learning experiences tailored for early to mid-career professionals looking to enhance their cybersecurity skills. These experiences, which include practical one-day workshops and comprehensive year-long graduate certificates, provide a reassuring path for upskilling in secure programming. This paper recommends the efficacy of stackable training approaches in secure programming by exploring the practices of targeting and training individuals with diverse proficiency levels of programming experience who would benefit from increased knowledge and training. 

This article reviews the current human–large language models collaboration approach to bug fixing and points out the research directions toward (the development of) autonomous program repair artificial intelligence agents.