How to trick the Borg: threat models against manual and automated techniques for detecting network attacks

Sabottke Carl; Chen Daniel; Layman Lucas; Dumitras Tudor

首页> 外文期刊>Computers & Security >How to trick the Borg: threat models against manual and automated techniques for detecting network attacks

【24h】

How to trick the Borg: threat models against manual and automated techniques for detecting network attacks

机译：如何欺骗Borg：针对用于检测网络攻击的手动和自动技术的威胁模型

获取原文

获取原文并翻译 | 示例

开具论文收录证明 >>

页面导航

摘要
著录项
引文网络
相似文献
相关主题

摘要

Cyber attackers constantly craft new attacks previously unknown to the security community. There are two approaches for detecting such attacks: (1) employing human analysts who can observe the data and identify anomalies that correspond to malicious intent; and (2) utilizing unsupervised automated techniques, such as clustering, that do not rely on ground truth. We conduct a security analysis of the two approaches, utilizing attacks against a real-world website. Through two experiments-a user study with 65 security analysts and an experimental analysis of attack discovery using DBSCAN clustering-we compare the strategies and features employed by human analysts and clustering system for detecting attacks. Building on these observations, we propose threat models for the human analysis process and for the unsupervised techniques when operating in adversarial settings. Based on our analysis, we propose and evaluate two attacks against the DBSCAN clustering algorithm and a defense. Finally, we discuss the implications of our insights for hybrid systems that utilize the strengths of automation and of human analysis to complement their respective weaknesses. (C) 2018 Elsevier Ltd. All rights reserved.

机译：网络攻击者不断地进行安全社区以前未知的新攻击。有两种方法可以检测到此类攻击：（1）雇用可以观察数据并识别与恶意意图相对应的异常的分析人员；（2）利用不依赖地面事实的无监督自动化技术，例如聚类。我们利用对真实网站的攻击来对这两种方法进行安全性分析。通过两个实验（对65位安全分析师的用户研究和使用DBSCAN集群的攻击发现的实验分析），我们比较了人类分析师和集群系统用于检测攻击的策略和功能。在这些观察的基础上，我们提出了在对抗性环境中进行操作时，人体分析过程和无监督技术的威胁模型。根据我们的分析，我们提出并评估了针对DBSCAN聚类算法和防御的两种攻击。最后，我们讨论了我们的见解对混合系统的影响，这些系统利用自动化和人工分析的优势来弥补各自的弱点。（C）2018 Elsevier Ltd.保留所有权利。

著录项

来源
《Computers & Security》 |2019年第3期|25-40|共16页
作者
Sabottke Carl; Chen Daniel; Layman Lucas; Dumitras Tudor;
展开▼
作者单位

Univ Maryland, Inst Adv Comp Studies, 2126 AVW Bldg, College Pk, MD 20742 USA;

Univ Maryland, Inst Adv Comp Studies, 2126 AVW Bldg, College Pk, MD 20742 USA;

Fraunhofer Ctr Expt Software Engn, 5825 Univ Res Ct,Suite 1300, College Pk, MD 20740 USA|Univ N Carolina, CIS Bldg,601 S Coll Rd, Wilmington, NC 28403 USA;

Univ Maryland, Inst Adv Comp Studies, 2126 AVW Bldg, College Pk, MD 20742 USA;

展开▼
收录信息美国《科学引文索引》(SCI);美国《工程索引》(EI);
原文格式 PDF
正文语种 eng
中图分类
关键词
Cyber attack; Human factors; Unsupervised learning; DBSCAN; Log analysis;

机译：网络攻击;人为因素;无监督学习;DBSCAN;日志分析;

相似文献

外文文献
中文文献
专利

1. Threat Detection Model in Edge for the Internet of Things - A Comprehensive Multi-Layer Solution to Detect Threats in Edge and Cluster Large Networks of IoT [J] . Karthika Venkatraman, Jihad Qaddour International Journal of Internet of Things . 2019,第1期

机译：物联网边缘的威胁检测模型-一种全面的多层解决方案，可检测物联网的边缘和集群大型网络中的威胁
2. Re-evaluation of MIB-1 immunostaining for diagnosing hyalinizing trabecular tumour of the thyroid: semi-automated techniques with manual antigen retrieval are more accurate than fully automated techniques [J] . Nami Takada, Mitsuyoshi Hirokawa, Chiho Ohbayashi, Endocrine journal . 2017,第2期

机译：MIB-1免疫染色的重新评估，以诊断甲状腺透明化的小梁肿瘤：带有手动抗原修复的半自动化技术比全自动技术更准确
3. Modeling and detection of the multi-stages of Advanced Persistent Threats attacks based on semi-supervised learning and complex networks characteristics [J] . AaronZimba, Hongsong Chen, Zhaoshun Wang, Future generation computer systems . 2020,第May期

机译：基于半监督学习和复杂网络特征的高级持续威胁攻击的多阶段建模和检测
4. SECURITY THREATS/ATTACKS VIA BOTNETS AND BOTNET DETECTION PREVENTION TECHNIQUES IN COMPUTER NETWORKS: A REVIEW [C] . Emerald Simkhada, Elisha Shrestha, Sujan Pandit, Annual midwest instruction and computing symposium . 2019

机译：计算机网络中通过僵尸网络进行安全威胁/攻击以及僵尸网络检测和预防技术的回顾
5. On-line adaptive IDS scheme for detecting unknown network attacks using HMM models. [D] . Bojanic, Irena. 2005

机译：在线自适应IDS方案，用于使用HMM模型检测未知网络攻击。
6. A Randomized Watermarking Technique for Detecting Malicious Data Injection Attacks in Heterogeneous Wireless Sensor Networks for Internet of Things Applications [O] . Arwa Alromih, Mznah Al-Rodhaan, Yuan Tian 2018

机译：一种用于物联网应用的异构无线传感器网络中恶意数据注入攻击检测的随机水印技术
7. MODERATED EPOSTERS1385Longitudinal strain assessment in dilated cardiomyopathy patients using a novel accelerated DENSE sequence1407Simultaneous T1 and T2 cardiac quantification with CABIRIA: initial clinical experience1423Head-to-head comparison of acceleration algorithms in 4-dimensional flow CMR1502Left ventricular function and size evaluated by hybrid cardiac positron emission tomography-magnetic resonance: Intraindividual comparison of left ventricular ejection fraction and ventricular volumes derived by two modalities1510Left Atrium assessed by Cardiovascular Magnetic Resonance at 1.5 and 3 Tesla – age and gender effects1514Comparison of Free Breathing Cardiac MRI Radial technique to the Standard Multi breath-hold cine SSFP CMR technique for the assessment of LV Volumes and Function1536Self-navigated free-breathing isotropic 3D whole heart phase sensitive inversion recovery magnetic resonance without navigator for detection of myocardial infarction1547Assessment of Right Ventricular Strain Using Myocardial Deformation Recovery Semi Automated Technique: Initial Experience and Normal Values1586Tissue tracking myocardial deformation analysis and prediction of left ventricular remodeling in acute myocardial infarction1589Investigating strategies for optimal 31P MRS clinical cardiac at 3T: Initial Results1620Quantitative Criteria for the Diagnosis of the Congenital Absence of Pericardium by Cardiac Magnetic Resonance1632Widespread tissue injury during acute myocardial infarction: evidence from advanced CMR relaxometry1322Computed tomography coronary angiography verSus sTRess cArdiac magneTic rEsonance for the manaGement of sYmptomatic revascularized patients: a cost effectiveness study (STRATEGY study)1339Comparison of low- versus high-dose of gadobutrol for late gadolinium enhancement imaging at 1.5 Tesla: a clinical feasibility study1347Multi-parametric Cardiac Magnetic Resonance for Prediction of Cardiac Complications in Thalassemia Intermedia: a Prospective Multicenter Study1461Prognostic value of Cardiovascular Magnetic Resonance derived indexes of myocardial fibrosis in heart transplant recipients1523The role of CMR in the acute phase of hospitalization: changing paradigms1542Preoperative CMR-based score predict ventricular response after surgical left ventricular reconstruction in ischemic heart failure patients1555Excellent response rate to cardiac resynchronization therapy guided with magnetic resonance imaging1626The ECG as a predictor of arrhythmogenic substrate on Cardiac Magnetic Resonance Imaging in patients undergoing ablation for premature ventricular contractions1649Comparison of T1-mapping at 3.0T CMR and angiographic APPROACH score for area at risk assessment in ST-segment elevation myocardial infarction1340Pathological correlates of left bundle branch disease in patients with non-ischemic cardiomyopathy: a cardiovascular magnetic resonance study1342Myocardial remodelling and fibrosis in nonischaemic dilated cardiomyopathy: insights from cardiovascular magnetic resonance1411The association between fibrosis and contractile dysfunction in hypertrophic cardiomyopathy assessed by cardiovascular magnetic resonance1622Persistent myocardial inflammation due to intramyocardial haemorrhage in reperfused STEMI as a precursor to adverse LV remodelling - insights from multi-parametric mapping1566Semiquantitative analysis of low and high b value DWI for detecting myocardial edema in acute myocarditis1567Value of Cardiac MRI In Detecting Coronary Artery Disease In Newly Diagnosed Systolic Dysfunction1570Usefulness of cardiac magnetic resonance in tuberous sclerosis complex1578Papillary muscles offer further insight into hypertrophied hearts: a cardiovascular magnetic resonance study1627Diagnostic and clinical implications of CMR timing (early versus late) in patients with troponin positive acute coronary syndromes and unobstructed coronary arteries: Table 1. [O] . Upasana Tayal, Alexandros Kallifatidis, P. Garg, 2016

机译：在使用新的扩张型心肌病的患者缓和EPOSTERS1385Longitudinal应变评估加速DENSE sequence1407Simultaneous T1和T2与CABIRIA心脏定量：在4维流动的加速算法初始临床experience1423Head对头比较CMR1502Left心室功能和尺寸由混合心脏正电子发射断层摄影术评价 - 磁性共振：由两个modalities1510Left庭派生左室射血分数和心室体积的个体间的比较，在1.5和3特斯拉评估心血管磁共振 - 免费的年龄和性别effects1514Comparison呼吸心脏MRI径向技术标准的多屏气电影SSFP CMR技术的LV卷和Function1536Self-导航自由呼吸各向同性3D整个心脏相位敏感反转恢复磁共振导航仪没有检测右Ventricu心肌infarction1547Assessment的评估拉尔菌株使用心肌变形恢复半自动技术：初步经验和正常Values1586Tissue跟踪心肌变形分析和预测左室重构急性心肌infarction1589Investigating策略优化31P MRS临床心脏在3T：初始Results1620Quantitative标准的先天缺失的诊断心包心脏磁Resonance1632Widespread组织损伤急性心肌梗死时：证据先进CMR relaxometry1322Computed CT冠状动脉成像与压力心脏磁共振对症的管理吻合血管患者：成本效益研究（战略研究）1339Comparison低与高剂量钆布醇在1.5特斯拉晚钆增强成像的临床可行性，在中间型地贫心脏并发症的预测study1347Multi参数心脏核磁共振的前瞻性德穆尔心血管磁共振的ticenter Study1461Prognostic价值衍生心肌纤维化指标在住院的急性期CMR的心脏移植recipients1523The作用：改变基于CMR-paradigms1542Preoperative比分预测缺血性心脏衰竭patients1555Excellent响应速度外科左心室重建心脏再同步化后心室反应治疗与磁共振imaging1626The ECG导引作为心脏磁共振成像致心律失常性基板的在ST段抬高心肌infarction1340Pathological在风险评估经历在3.0T CMR T1映射的室性早搏contractions1649Comparison和血管造影APPROACH分数区域消融患者的预测左束支传导疾病的患者与非缺血性心肌病相关因素：心血管磁共振study1342Myocardial重塑和纤维化nonischaemic扩张型心肌病：在从在由心血管磁性resonance1622Persistent心肌炎症评估肥厚型心肌病的纤维化和收缩功能障碍之间心血管磁性resonance1411The协会由于心肌内出血景点在再灌注STEMI为先导，以不利的LV重塑 - 从低的多参数mapping1566Semiquantitative分析和高的b值DWI的见解为在心脏MRI检测冠状动脉疾病急性myocarditis1567Value在结节性硬化症complex1578Papillary肌肉初诊收缩期Dysfunction1570Usefulness心脏磁共振检测心肌水肿提供进一步的深入了解肥大心脏：心血管磁共振study1627Diagnostic和CMR定时的临床意义（早期与晚）患者肌钙蛋白阳性的急性冠脉综合征和通畅的冠状动脉：表1。
8. On-line Adaptive IDS Scheme for Detecting Unknown Network Attacks Using HMM Models [R] . Bojanic, I. 2005

机译：基于Hmm模型检测未知网络攻击的在线自适应IDs方案

How to trick the Borg: threat models against manual and automated techniques for detecting network attacks

摘要

著录项

引文网络

相似文献

相关主题

期刊订阅