Search for: All records

In light of the numerous peculiar events that persistently challenge the world, it is paramount to possess the capacity to thoroughly analyze the realm of cyberspace and cyber threats in the context of these circumstances. As such, adequately integrating data-driven intelligence in cyber analytics can help strengthen security postures and enable effective decision making. In this paper, we introduce a multifaceted Internet-scale, data-driven framework to enable the consistent measurement, identification and characterization of cyber threat dynamics amid real-world events. Particularly, our proposed framework scrutinizes Internet-wide security data feeds from multiple sources, including, (i) a large network telescope to infer illicit activities at large, (ii) a cluster of globally distributed sensor and honeypot to quantify reflective amplification attempts, and (iii) a set of BGP collectors to analyze Remotely Triggered Black Hole (RTBH) events. Specifically, we employ our framework to shed light on the 2022 Russo-Ukrainian cyber threat activities by drawing upon Terabytes of real network and security data feeds. We infer DDoS and UDP reflective attacks targeting federal agencies in Russia, and media entities in Ukraine. We further perceive an upsurge of Russian and Ukrainian RTBH techniques employed to block attacks targeting. ru domains and media companies. Additionally, we uncover an escalation of reconnaissance events, some of which are generated by the IoT-centric Mirai malware and others which target critical infrastructure. We report our findings objectively while postulating thoughts on intriguing observations on that particular event. Our Internet-scale data-driven framework offers a robust approach for empirical analysis of cyber threats in the face of real-world challenges; enabling effective and well-informed decision making. 

Ransomware is a form of malware that uses encryption methods to prevent legitimate users from accessing their data files. To date, many ransomware families have been released, causing immense damage and financial losses for private users, corporations, and governments. As a result, researchers have proposed a range of ransomware detection schemes using various machine learning (ML) methods to analyze binary files and action sequences. However as this threat continues to proliferate, it is becoming increasingly difficult to collect and analyze massive amounts of ransomware executables and trace data at a common site (due to data privacy and scalability concerns). Hence this paper presents a novel distributed ransomware analysis (DRA) solution for detection and attribution using the decentralized federated learning (FL) framework. Detailed performance evaluation is then conducted for the case of static analysis with rapid/lightweight feature extraction using an up-to-date ransomware repository. Overall results confirm the effectiveness the FL-based solution.