2,482 Hits in 4.9 sec

Hidden Markov model for malicious hosts detection in a computer network

Yakov V. Bubnov, Nick N. Ivanov
2020 Journal of the Belarusian State University. Mathematics and Informatics  
The approach is based on hidden Markov chain model that analyses timeseries and consecutive search of the most probable final state of the model.  ...  Efficiency of the approach is based on assumption that advanced persisted threats are localised in time, therefore malicious hosts in a computer network can be detected by virtue of activity comparison  ...  Краткие сообщения Short Communications Hidden Markov model for malicious hosts detection Let the detector estimates probabilities referring transmitted network packet as a malicious one.  ... 
doi:10.33581/2520-6508-2020-3-73-79 fatcat:7igznkbdwnhhpdnagdztvlqph4

Technical research of detection algorithmically generated malicious domain names using machine learning methods

Hieu Duc Ho, Huong Van Ho
2020 Journal of Science and Technology on Information security  
In this paper, we present an approach for detecting malicious domain names using machine learning methods.  ...  The approach is demonstrated using a range of legitimate domains and a number of malicious algorithmically generated domain names.  ...  Hidden Markov Model Hidden Markov Model (HMM) is a statistical Markov model in which the system being modeled is assumed to be a Markov process with unobserved states [9] .  ... 
doi:10.54654/isj.v7i1.54 fatcat:ylef3oc5rfgi5btholtbur4hga

RAPTOR: Ransomware Attack PredicTOR [article]

Florian Quinkert, Thorsten Holz, KSM Tozammel Hossain, Emilio Ferrara,, Kristina Lerman
2018 arXiv   pre-print
malicious ones.  ...  In addition, RAPTOR uses time series forecasting techniques to learn models of historical ransomware activity and then leverages malicious domain registrations as an external signal to forecast future  ...  , of ODNI, IARPA, AFRL, or the U.S.  ... 
arXiv:1803.01598v1 fatcat:m7biniuejrcvvfkzasgzyajtoi

Attack Prediction using Hidden Markov Model [article]

Shuvalaxmi Dass, Prerit Datta, Akbar Siami Namin
2021 arXiv   pre-print
Often it is hard to label such activities as malicious ones without adequate analytical reasoning. We propose the use of Hidden Markov Model (HMM) to predict the family of related attacks.  ...  Our proposed model is based on the observations often agglomerated in the form of log files and from the target or the victim's perspective.  ...  CONCLUSION AND FUTURE WORK We presented a proof-of-concept of a prediction model based on Hidden Markov Model to identify the type of cyber attacks.  ... 
arXiv:2106.02012v1 fatcat:4ocqimgrszfurpqhxhbygvs4ga

Malicious Domain Detection Based on Machine Learning

2018 DEStech Transactions on Computer Science and Engineering  
At present, malicious domain detection, especially malicious domain detection based on machine learning, is one of the research hotspot in network security field.  ...  In this paper, we first introduce the background knowledge of malicious domain detection and classify the malicious domain according to its malicious behavior.  ...  Acknowledgements This work was financially supported by National Key R&D Program of China (2016YFB0801304)  ... 
doi:10.12783/dtcse/iceit2017/19866 fatcat:75wt7lq5zbct3elgcs7lbclo4e

Multi-Domain Information Fusion for Insider Threat Detection

Hoda Eldardiry, Evgeniy Bart, Juan Liu, John Hanley, Bob Price, Oliver Brdiczka
2013 2013 IEEE Security and Privacy Workshops  
In this paper we report our effort on detecting malicious insiders from large amounts of work practice data.  ...  Our first contribution focuses on detecting blend-in malicious insiders.  ...  Any opinions, findings, and conclusions or recommendations in this material are those of the authors and do not necessarily reflect the views of the government funding agencies.  ... 
doi:10.1109/spw.2013.14 dblp:conf/sp/EldardiryBLHPB13 fatcat:jrwayn6ihvd4hhyw3oj26izj5m

SoK: Applying Machine Learning in Security - A Survey [article]

Heju Jiang, Jasvir Nagra, Parvez Ahammad
2016 arXiv   pre-print
Based on our survey, we also suggest a point of view that treats security as a game theory problem instead of a batch-trained ML problem.  ...  The idea of applying machine learning(ML) to solve problems in security domains is almost 3 decades old.  ...  We survey cutting-edge research on applied ML in security, and provide a high-level overview taxonomy of ML paradigms and security domains. 2.  ... 
arXiv:1611.03186v1 fatcat:hfvc5hhu7ze77lrnjufslcg6gm

A short review on Applications of Deep learning for Cyber security [article]

Mohammed Harun Babu R, Vinayakumar R, Soman KP
2019 arXiv   pre-print
This paper outlines the survey of all the works related to deep learning based solutions for various cyber security use cases.  ...  Deep learning is an advanced model of traditional machine learning. This has the capability to extract optimal feature representation from raw input samples.  ...  The detailed study on DNS log collection and deep learning for detecting malicious domain names in large scale is discussed in [22] , [65] .  ... 
arXiv:1812.06292v2 fatcat:o7pcaf7xyncrpdn64byjxh47im

XDroid: An Android permission control using Hidden Markov chain and online learning

Bahman Rashidi, Carol Fung
2016 2016 IEEE Conference on Communications and Network Security (CNS)  
In this work, we present XDroid, an Android app and resource risk assessment framework using hidden Markov model.  ...  Our experimental results demonstrate that the proposed model can assess malicious apps risk-levels with high accuracy. It also provide adaptive risk assessment based on input from users.  ...  HIDDEN MARKOV MODEL FOR RISK ASSESSMENT In this work, we use Hidden Markov Model (HMM) for Android malicious apps risk assessment.  ... 
doi:10.1109/cns.2016.7860469 dblp:conf/cns/RashidiF16 fatcat:nm6wfadcmffw5iqy33chkzj2ma

Intrusion Detection for Wireless Sensor Network Based on Traffic Prediction Model

Han Zhijie, Wang Ruchuang
2012 Physics Procedia  
Based on this algorithm, a distributed anomaly detection scheme, TPID(Traffic Prediction based Intrusion Detection), is designed to detect the attacks which make more influence on packet traffic, such  ...  In this paper, the authors first propose an efficient traffic prediction algorithm for sensor nodes which exploits the Markov model.  ...  With the deployment of a small number in the network with more resources and energy in the high-end nodes, Doumit proposed based on hidden Markov models WSN anomaly detection scheme, low-end nodes will  ... 
doi:10.1016/j.phpro.2012.03.352 fatcat:oinbbnwhk5aaflhethrwkf733i

System for Detection of Malicious Wireless Device Patterns

Shikhar P Acharya, Ritesh Arora, Ivan G. Guardiola
2012 Procedia Computer Science  
The research within presents the use of Hidden Markov Models (HMM) for the detection of wireless devices in highly noisy environments using their unintended electromagnetic emissions (UEE).  ...  An experiment was performed where UEE of a device was detected by a spectrum analyzer. Experimental result shows that our model can accurately detect if there is a device nearby emitting UEE or not.  ...  Experimental Results We have two hidden markov models, one defined for the device and another defined for noise.  ... 
doi:10.1016/j.procs.2012.01.071 fatcat:562kyvlkxjejnnjm3hu44nfjsa

Preemptive intrusion detection

Phuong Cao, Eric Badger, Zbigniew Kalbarczyk, Ravishankar Iyer, Adam Slagell
2015 Proceedings of the 2015 Symposium and Bootcamp on the Science of Security - HotSoS '15  
This paper presents a Factor Graph based framework called AttackTagger for highly accurate and preemptive detection of attacks, i.e., before the system misuse.  ...  Finally, AttackTagger uncovered six hidden attacks that were not detected by intrusion detection systems during the incidents or by security analysts in post-incident forensic analysis.  ...  Previous sequence modeling techniques (such as variable length markov models or matrix-based recommendation systems) built models based on observed events [7] .  ... 
doi:10.1145/2746194.2746199 dblp:conf/hotsos/CaoBKIS15 fatcat:i6vstj62nrbjzicmzz36jq3v5i

SoK: A Systematic Review of Insider Threat Detection

Aram Kim, Junhyoung Oh, Jinho Ryu, Jemin Lee, Kookheui Kwon, Kyungho Lee
2019 Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications  
First, we examine the different types of insider threats based on insider characteristics and insider activities.  ...  Due to the subtle nature of the insider threat, government bodies and corporate organizations are forced to face the insider threat that is both malicious and accidental.  ...  1 : 1 Different Aspects of an Anomaly Detection Problem Problem Formulation Related Techniques Sequence based Similarity based, Window based, Markovian based Hidden Markov Models (HMM) based Contiguous  ... 
doi:10.22667/jowua.2019.12.31.046 dblp:journals/jowua/KimORLKL19 fatcat:qdw2eruvijhdjc3qsiit6yblda

Hidden Markov Models and Alert Correlations for the Prediction of Advanced Persistent Threats

Ibrahim Ghafir, Konstantinos G. Kyriakopoulos, Sangarapillai Lambotharan, Francisco J. Aparicio-Navarro, Basil AsSadhan, Hamad BinSalleeh, Diab M. Diab
2019 IEEE Access  
INDEX TERMS Advanced persistent threat, intrusion detection system, alert correlation, hidden Markov model, attack prediction.  ...  This phase utilizes the hidden Markov model (HMM) to determine the most likely sequence of APT stages for a given sequence of correlated alerts.  ...  HIDDEN MARKOV MODEL In a Markov chain, the states are visible and the transition probabilities can be obtained. Thus, the future state q t+1 is predicted based on the current state q t .  ... 
doi:10.1109/access.2019.2930200 fatcat:pmta766n7nginmg5g7ap4k4bcu

Detecting Multielement Algorithmically Generated Domain Names Based on Adaptive Embedding Model

Luhui Yang, Guangjie Liu, Weiwei Liu, Huiwen Bai, Jiangtao Zhai, Yuewei Dai, Jesús Díaz-Verdejo
2021 Security and Communication Networks  
To effectively improve the detection accuracy of algorithmically generated domain names based on multiple elements, a domain name syntax model is proposed, which analyzes the multiple elements in domain  ...  With the development of detection algorithms on malicious dynamic domain names, domain generation algorithms have developed to be more stealthy.  ...  Algorithm (SDGA) based on the Hidden Markov Model (HMM) [7] and the use of Generative Adversarial Networks GAN (GAN) to generate dynamic domain names [8] .  ... 
doi:10.1155/2021/5567635 fatcat:57z5dnqzk5fnhjtn2hfcqaxymy
« Previous Showing results 1 — 15 out of 2,482 results