Relevant bibliographies by topics / Attack Detection Automation

Contents

  1. Journal articles
  2. Dissertations / Theses
  3. Book chapters
  4. Conference papers
  5. Reports

Academic literature on the topic 'Attack Detection Automation'

Author: Grafiati
Published: 16 November 2024

Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles

Select a source type:

Consult the lists of relevant articles, books, theses, conference reports, and other scholarly sources on the topic 'Attack Detection Automation.'

Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.

You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.

Journal articles on the topic "Attack Detection Automation"

1

Wressnegger, Christian. "Efficient machine learning for attack detection." it - Information Technology 62, no. 5-6 (December 16, 2020): 279–86. http://dx.doi.org/10.1515/itit-2020-0015.

Full text
Abstract:
AbstractDetecting and fending off attacks on computer systems is an enduring problem in computer security. In light of a plethora of different threats and the growing automation used by attackers, we are in urgent need of more advanced methods for attack detection. Manually crafting detection rules is by no means feasible at scale, and automatically generated signatures often lack context, such that they fall short in detecting slight variations of known threats.In the thesis “Efficient Machine Learning for Attack Detection” [35], we address the necessity of advanced attack detection. For the effective application of machine learning in this domain, a periodic retraining over time is crucial. We show that with the right data representation, efficient algorithms for mining substring statistics, and implementations based on probabilistic data structures, training the underlying model for establishing an higher degree of automation for defenses can be achieved in linear time.
APA, Harvard, Vancouver, ISO, and other styles
2

Beshah, Yonas Kibret, Surafel Lemma Abebe, and Henock Mulugeta Melaku. "Drift Adaptive Online DDoS Attack Detection Framework for IoT System." Electronics 13, no. 6 (March 7, 2024): 1004. http://dx.doi.org/10.3390/electronics13061004.

Full text
Abstract:
Internet of Things (IoT) security is becoming important with the growing popularity of IoT devices and their wide applications. Recent network security reports revealed a sharp increase in the type, frequency, sophistication, and impact of distributed denial of service (DDoS) attacks on IoT systems, making DDoS one of the most challenging threats. DDoS is used to commit actual, effective, and profitable cybercrimes. The current machine learning-based IoT DDoS attack detection systems use batch learning techniques, and hence are unable to maintain their performance over time in a dynamic environment. The dynamicity of heterogeneous IoT data causes concept drift issues that result in performance degradation and automation difficulties in detecting DDoS. In this study, we propose an adaptive online DDoS attack detection framework that detects and adapts to concept drifts in streaming data using a number of features often used in DDoS attack detection. This paper also proposes a novel accuracy update weighted probability averaging ensemble (AUWPAE) approach to detect concept drift and optimize zero-day DDoS detection. We evaluated the proposed framework using IoTID20 and CICIoT2023 dataset containing benign and DDoS traffic data. The results show that the proposed adaptive online DDoS attack detection framework is able to detect DDoS attacks with an accuracy of 99.54% and 99.33% for the respective datasets.
APA, Harvard, Vancouver, ISO, and other styles
3

Okello, Fredrick Ochieng, Dennis Kaburu, and Ndia G. John. "Automation-Based User Input Sql Injection Detection and Prevention Framework." Computer and Information Science 16, no. 2 (May 2, 2023): 51. http://dx.doi.org/10.5539/cis.v16n2p51.

Full text
Abstract:
Autodect framework protects management information systems (MIS) and databases from user input SQL injection attacks. This framework overcomes intrusion or penetration into the system by automatically detecting and preventing attacks from the user input end. The attack intentions is also known since                 it is linked to a proxy database, which has a normal and abnormal code vector profiles that      helps to gather information about the intent as well as knowing the areas of interest while conducting the attack. The information about the attack is forwarded to Autodect knowledge base (database), meaning that any successive attacks from the proxy database will be compared to the existing attack pattern logs in the knowledge base, in future this knowledge base-driven database will help organizations to analyze trends of attackers, profile them and deter them. The research evaluated the existing security frameworks used to prevent user input SQL injection; analysis was also done on the factors that lead to the detection of SQL injection. This knowledge-based framework     is able to predict the end goal of any injected attack vector. (Known and unknown signatures). Experiments were conducted on true and simulation websites and open-source datasets to analyze the performance and a comparison drawn between the Autodect framework and other existing tools. The research showed that Autodect framework has an accuracy level of 0.98. The research found a gap that all existing tools and frameworks never came up with a standard datasets for sql injection, neither do we have a universally accepted standard data set.
APA, Harvard, Vancouver, ISO, and other styles
4

Housh, Mashor, Noy Kadosh, and Jack Haddad. "Detecting and Localizing Cyber-Physical Attacks in Water Distribution Systems without Records of Labeled Attacks." Sensors 22, no. 16 (August 12, 2022): 6035. http://dx.doi.org/10.3390/s22166035.

Full text
Abstract:
Modern water distribution systems (WDSs) offer automated controls and operations to improve their efficiency and reliability. Nonetheless, such automation can be vulnerable to cyber-attacks. Therefore, various approaches have been suggested to detect cyber-attacks in WDSs. However, most of these approaches rely on labeled attack records which are rarely available in real-world applications. Thus, for a detection model to be practical, it should be able to detect and localize events without referring to a predetermined list of labeled attacks. This study proposes a semi-supervised approach that relies solely on attack-free datasets to address this challenge. The approach utilizes a reduction in dimensionality by using maximum canonical correlation analysis (MCCA) followed by support vector data description (SVDD). The developed algorithm was tested on two case studies and various datasets, demonstrating consistently high performance in detecting and localizing cyber-attacks.
APA, Harvard, Vancouver, ISO, and other styles
5

Karthik Krishnan, T., S. Sridevi, G. Bindu, and R. Anandan. "Comparison and detail study of attacks and detection methods for wireless sensor network." International Journal of Engineering & Technology 7, no. 2.21 (April 20, 2018): 405. http://dx.doi.org/10.14419/ijet.v7i2.21.12453.

Full text
Abstract:
Wireless sensor network is emanating technology in the field of telecommunications. WSNs can be applied in many fields like machine surveillance, precision agriculture, home automation and intelligent building environments. However the major aspect of WSN is the security as the sensor nodes are limited because of these facing several security threats such as black hole attack, worm hole attack, flooding etc. which is finally affecting the functioning of the whole network. These attacks are maximizing the consumption of power in the node and also it decreases life of the battery. In this paper, we discuss several types of security attacks in wireless sensor networks and also it introduces various intrusion detection systems to detect these attacks and prevent the compromised nodes in the WSN. And also we discuss about the different intrusion detection methods with the help of machine learning algorithms. In future these techniques can be helpful to create a safe and sophisticated network.
APA, Harvard, Vancouver, ISO, and other styles
6

Ye, Shengke, Kaiye Dai, Guoli Fan, Ling Zhang, and Zhihao Liang. "Exploring the intersection of network security and database communication: a PostgreSQL Socket Connection case study." Transactions on Computer Science and Intelligent Systems Research 3 (April 10, 2024): 1–9. http://dx.doi.org/10.62051/pzqebt34.

Full text
Abstract:
In this study, the network security of PostgreSQL database using Socket connection is deeply analyzed. By exploring Socket connections established by PostgreSQL over TCP, we find potential security threats and vulnerabilities during data transmission, which may expose database systems to network attacks such as unauthorized access and data leakage. In order to assess these security risks, this study simulated a variety of network attack scenarios, especially the implantation and detection of Webshell, to reveal the vulnerability of PostgreSQL to such network threats. Especially in defending against complex and changeable cyber threats such as Webshell attacks, this research also uses machine learning and artificial intelligence techniques to improve the automation level of security threat detection and response. These technologies can help identify complex attack patterns and improve resilience to emerging threats, thereby enhancing the overall security of PostgreSQL databases.
APA, Harvard, Vancouver, ISO, and other styles
7

Sztyber-Betley, Anna, Michał Syfert, Jan Maciej Kościelny, and Zuzanna Górecka. "Controller Cyber-Attack Detection and Isolation." Sensors 23, no. 5 (March 3, 2023): 2778. http://dx.doi.org/10.3390/s23052778.

Full text
Abstract:
This article deals with the cyber security of industrial control systems. Methods for detecting and isolating process faults and cyber-attacks, consisting of elementary actions named “cybernetic faults” that penetrate the control system and destructively affect its operation, are analysed. FDI fault detection and isolation methods and the assessment of control loop performance methods developed in the automation community are used to diagnose these anomalies. An integration of both approaches is proposed, which consists of checking the correct functioning of the control algorithm based on its model and tracking changes in the values of selected control loop performance indicators to supervise the control circuit. A binary diagnostic matrix was used to isolate anomalies. The presented approach requires only standard operating data (process variable (PV), setpoint (SP), and control signal (CV). The proposed concept was tested using the example of a control system for superheaters in a steam line of a power unit boiler. Cyber-attacks targeting other parts of the process were also included in the study to test the proposed approach’s applicability, effectiveness, and limitations and identify further research directions.
APA, Harvard, Vancouver, ISO, and other styles
8

Binbusayyis, Adel. "Reinforcing Network Security: Network Attack Detection Using Random Grove Blend in Weighted MLP Layers." Mathematics 12, no. 11 (May 31, 2024): 1720. http://dx.doi.org/10.3390/math12111720.

Full text
Abstract:
In the modern world, the evolution of the internet supports the automation of several tasks, such as communication, education, sports, etc. Conversely, it is prone to several types of attacks that disturb data transfer in the network. Efficient attack detection is needed to avoid the consequences of an attack. Traditionally, manual attack detection is limited by human error, less efficiency, and a time-consuming mechanism. To address the problem, a large number of existing methods focus on several techniques for better efficacy in attack detection. However, improvement is needed in significant factors such as accuracy, handling larger data, over-fitting versus fitting, etc. To tackle this issue, the proposed system utilized a Random Grove Blend in Weighted MLP (Multi-Layer Perceptron) Layers to classify network attacks. The MLP is used for its advantages in solving complex non-linear problems, larger datasets, and high accuracy. Conversely, it is limited by computation and requirements for a great deal of labeled training data. To resolve the issue, a random info grove blend and weight weave layer are incorporated into the MLP mechanism. To attain this, the UNSW–NB15 dataset, which comprises nine types of network attack, is utilized to detect attacks. Moreover, the Scapy tool (2.4.3) is utilized to generate a real-time dataset for classifying types of attack. The efficiency of the presented mechanism is calculated with performance metrics. Furthermore, internal and external comparisons are processed in the respective research to reveal the system’s better efficiency. The proposed model utilizing the advantages of Random Grove Blend in Weighted MLP attained an accuracy of 98%. Correspondingly, the presented system is intended to contribute to the research associated with enhancing network security.
APA, Harvard, Vancouver, ISO, and other styles
9

Kim, Ye-Eun, Yea-Sul Kim, and Hwankuk Kim. "Effective Feature Selection Methods to Detect IoT DDoS Attack in 5G Core Network." Sensors 22, no. 10 (May 18, 2022): 3819. http://dx.doi.org/10.3390/s22103819.

Full text
Abstract:
The 5G networks aim to realize a massive Internet of Things (IoT) environment with low latency. IoT devices with weak security can cause Tbps-level Distributed Denial of Service (DDoS) attacks on 5G mobile networks. Therefore, interest in automatic network intrusion detection using machine learning (ML) technology in 5G networks is increasing. ML-based DDoS attack detection in a 5G environment should provide ultra-low latency. To this end, utilizing a feature-selection process that reduces computational complexity and improves performance by identifying features important for learning in large datasets is possible. Existing ML-based DDoS detection technology mostly focuses on DDoS detection learning models on the wired Internet. In addition, studies on feature engineering related to 5G traffic are relatively insufficient. Therefore, this study performed feature selection experiments to reduce the time complexity of detecting and analyzing large-capacity DDoS attacks in real time based on ML in a 5G core network environment. The results of the experiment showed that the performance was maintained and improved when the feature selection process was used. In particular, as the size of the dataset increased, the difference in time complexity increased rapidly. The experiments show that the real-time detection of large-scale DDoS attacks in 5G core networks is possible using the feature selection process. This demonstrates the importance of the feature selection process for removing noisy features before training and detection. As this study conducted a feature study to detect network traffic passing through the 5G core with low latency using ML, it is expected to contribute to improving the performance of the 5G network DDoS attack automation detection technology using AI technology.
APA, Harvard, Vancouver, ISO, and other styles
10

Oruganti, Rakesh, Jeeshitha J, and Rama Koteswara Rao G. "A Extensive Study on DDosBotnet Attacks in Multiple Environments Using Deep Learning and Machine Learning Techniques." ECS Transactions 107, no. 1 (April 24, 2022): 15181–93. http://dx.doi.org/10.1149/10701.15181ecst.

Full text
Abstract:
Every organization provides security for their systems, servers, and other I.T. infrastructure resources using regular anti-viruses and malware detection software. With the increase of access to smart devices and appliances through secured and unsecured networks, there is a requirement to design an intelligent detection tool using deep learning techniques to handle complex vulnerabilities efficiently. The system should have the capability to prevent and control attacks from unreliable sources. The system administrator should immediately notify the system administrator—the proposed research studies about the DDoSBot net attacks in IoT devices. BotNets are Zombie servers, which can attack an extensive network with its automation process by designing a combination of prevention and detection mechanisms in a virtual environment that can access the cloud environment.
APA, Harvard, Vancouver, ISO, and other styles
More sources

Dissertations / Theses on the topic "Attack Detection Automation"

1

Toure, Almamy. "Collection, analysis and harnessing of communication flows for cyber-attack detection." Electronic Thesis or Diss., Valenciennes, Université Polytechnique Hauts-de-France, 2024. http://www.theses.fr/2024UPHF0023.

Full text
Abstract:
La complexité croissante des cyberattaques, caractérisée par une diversification des techniques d'attaque, une expansion des surfaces d'attaque et une interconnexion croissante d'applications avec Internet, rend impérative la gestion du trafic réseau en milieu professionnel. Les entreprises de tous types collectent et analysent les flux réseau et les journaux de logs pour assurer la sécurité des données échangées et prévenir la compromission des systèmes d'information. Cependant, les techniques de collecte et de traitement des données du trafic réseau varient d'un jeu de données à l'autre, et les approches statiques de détection d'attaque présentent des limites d'efficacité et précision, de temps d'exécution et de scalabilité. Cette thèse propose des approches dynamiques de détection de cyberattaques liées au trafic réseau, en utilisant une ingénierie d'attributs basée sur les différentes phases de communication d'un flux réseau, couplée aux réseaux de neurones à convolution (1D-CNN) et leur feature detector. Cette double extraction permet ainsi une meilleure classification des flux réseau, une réduction du nombre d'attributs et des temps d'exécution des modèles donc une détection efficace des attaques. Les entreprises sont également confrontées à des cybermenaces qui évoluent constamment, et les attaques "zero-day", exploitant des vulnérabilités encore inconnues, deviennent de plus en plus fréquentes. La détection de ces attaques zero-day implique une veille technologique constante et une analyse minutieuse, mais coûteuse en temps, de l'exploitation de ces failles. Les solutions proposées garantissent pour la plupart la détection de certaines techniques d'attaque. Ainsi, nous proposons un framework de détection de ces attaques qui traite toute la chaîne d'attaque, de la phase de collecte des données à l'identification de tout type de zero-day, même dans un environnement en constante évolution. Enfin, face à l'obsolescence des jeux de données et techniques de génération de données existants pour la détection d'intrusion et à la nature figée, non évolutive, et non exhaustive des scénarios d'attaques récents, l'étude d'un générateur de données de synthèse adapté tout en garantissant la confidentialité des données est abordée. Les solutions proposées dans cette thèse optimisent la détection des techniques d'attaque connues et zero-day sur les flux réseau, améliorent la précision des modèles, tout en garantissant la confidentialité et la haute disponibilité des données et modèles avec une attention particulière sur l'applicabilité des solutions dans un réseau d'entreprise
The increasing complexity of cyberattacks, characterized by a diversification of attack techniques, an expansion of attack surfaces, and growing interconnectivity of applications with the Internet, makes network traffic management in a professional environment imperative. Companies of all types collect and analyze network flows and logs to ensure the security of exchanged data and prevent the compromise of information systems. However, techniques for collecting and processing network traffic data vary from one dataset to another, and static attack detection approaches have limitations in terms of efficiency and precision, execution time, and scalability. This thesis proposes dynamic approaches for detecting cyberattacks related to network traffic, using feature engineering based on the different communication phases of a network flow, coupled with convolutional neural networks (1D-CNN) and their feature detector. This double extraction allows for better classification of network flows, a reduction in the number of attributes and model execution times, and thus effective attack detection. Companies also face constantly evolving cyber threats, and "zero-day" attacks that exploit previously unknown vulnerabilities are becoming increasingly frequent. Detecting these zero-day attacks requires constant technological monitoring and thorough but time-consuming analysis of the exploitation of these vulnerabilities. The proposed solutions guarantee the detection of certain attack techniques. Therefore, we propose a detection framework for these attacks that covers the entire attack chain, from the data collection phase to the identification of any type of zero-day, even in a constantly evolving environment. Finally, given the obsolescence of existing datasets and data generation techniques for intrusion detection, and the fixed, non-evolving, and non-exhaustive nature of recent attack scenarios, the study of an adapted synthetic data generator while ensuring data confidentiality is addressed. The solutions proposed in this thesis optimize the detection of known and zero-day attack techniques on network flows, improve the accuracy of models, while ensuring the confidentiality and high availability of data and models, with particular attention to the applicability of the solutions in a company network
APA, Harvard, Vancouver, ISO, and other styles
2

Štangler, Jan. "Architektura a správa zabezpečených sítí." Master's thesis, Vysoké učení technické v Brně. Fakulta elektrotechniky a komunikačních technologií, 2020. http://www.nusl.cz/ntk/nusl-413065.

Full text
Abstract:
This work is focused on the security of small to medium-sized networks with central administration, especially on the creation of a methodology for secure network design.The design of a secure network for a start-up IT company, using open-source software, is described. Deployment of the designed secure network, with central management, is performed and the connectivity of network elements are tested. The model simulates network traffic situations and network attacks using penetration testing techniques. In terms of the severity of the impact on network security, intercepted attacks are evaluated and immediately reported to responsible persons. Finally, the results of the intercepted attacks are processed and further actions are recommended.
APA, Harvard, Vancouver, ISO, and other styles
3

Nama, Sumanth. "Detecting attacks in building automation system." Thesis, California State University, Long Beach, 2015. http://pqdtopen.proquest.com/#viewpdf?dispub=1597784.

Full text
Abstract:

Building Automation System (BAS) was proposed to have the automatic centralized control of various appliances in the building such as heating, ventilating, air conditioning and other systems. Providing high security for the network layer in BAS was the major concern in recent times of studies. Researchers have been proposing different authentication protocols to stop the intruders from attacking the network, of which Time Efficient Stream Loss Authentication (TESLA) was the most secured protocol. Apart from its low computational and communicational overhead, there are few possible ways from which an intruder can attack a BAS network. Hence, to overcome this drawback we used a proposed algorithm in this paper, which uses the concept of Zero ? Knowledge Protocol (ZKP) in addition to TESLA for security. This combination of ZKP with time synchronization provides high authentication of packets in the network, thus making the network more secure and reliable. To test the security of the algorithm, we implement different wireless sensor network attacks such as sinkhole attack, and gray hole attack. Our proposed security algorithm is implemented by various WSN?s. We use Network Simulator 2 for simulation of the proposed algorithm. During the simulation, we observe detection of malicious nodes (intruders), thus proving the security of the proposed algorithm that in turn secures BAS.

APA, Harvard, Vancouver, ISO, and other styles
4

Yadav, Tarun Kumar. "Automatic Detection and Prevention of Fake Key Attacks in Signal." BYU ScholarsArchive, 2019. https://scholarsarchive.byu.edu/etd/9072.

Full text
Abstract:
The Signal protocol provides end-to-end encryption for billions of users in popular instant messaging applications like WhatsApp, Facebook Messenger, and Google Allo. The protocol relies on an app-specific central server to distribute public keys and relay encrypted messages between the users. Signal prevents passive attacks. However, it is vulnerable to some active attacks due to its reliance on a trusted key server. A malicious key server can distribute fake keys to users to perform man-in-the-middle or impersonation attacks. Signal applications support an authentication ceremony to detect these active attacks. However, this places an undue burden on the users to manually verify each other's public key. Recent studies reveal that the authentication ceremony is time-consuming and confusing, and almost nobody adopts it. Our goal is to explore various approaches for automatically detecting or preventing fake key attacks. We modified a local copy of the Signal server to demonstrate that active attacks are feasible. We then designed three defenses that automatically detect or prevent the attacks. We completed a threat analysis of the defenses and implemented some proof-of-concept prototypes for two of them. We analyze their strengths and weaknesses and outline avenues for future work.
APA, Harvard, Vancouver, ISO, and other styles
5

Giunta, Alberto. "Implementazione e analisi comparativa di tecniche di Face Morphing Detection." Master's thesis, Alma Mater Studiorum - Università di Bologna, 2018. http://amslaurea.unibo.it/17029/.

Full text
Abstract:
Il Face Morphing Attack consiste nel presentare ai portali di Automatic Border Control dei passaporti sostanzialmente validi e regolarmente emessi, ma con fotografie e quindi dati biometrici del volto che ne permettano l’uso da parte di più di un solo soggetto, e quindi da parte di soggetti diversi rispetto al legittimo proprietario del documento. Il campo di ricerca in ambito di Face Morphing Detection è ancora molto giovane e attivo, nonché frammentato: ciascuno studio sull’argomento propone tecniche in qualche modo differenti dalle precedenti e ne verifica l’efficacia su dataset proprietari e costruiti ad hoc da ciascun gruppo di ricercatori. Con il lavoro proposto in questo lavoro di Tesi si cerca di fare maggiore chiarezza sull’efficacia di diversi metodi di Face Morphing Detection noti in letteratura, applicandoli a situazioni e dataset più fedeli alla realtà e facendone un’estensiva analisi comparativa.
APA, Harvard, Vancouver, ISO, and other styles
6

Gill, Rupinder S. "Intrusion detection techniques in wireless local area networks." Thesis, Queensland University of Technology, 2009. https://eprints.qut.edu.au/29351/1/Rupinder_Gill_Thesis.pdf.

Full text
Abstract:
This research investigates wireless intrusion detection techniques for detecting attacks on IEEE 802.11i Robust Secure Networks (RSNs). Despite using a variety of comprehensive preventative security measures, the RSNs remain vulnerable to a number of attacks. Failure of preventative measures to address all RSN vulnerabilities dictates the need for a comprehensive monitoring capability to detect all attacks on RSNs and also to proactively address potential security vulnerabilities by detecting security policy violations in the WLAN. This research proposes novel wireless intrusion detection techniques to address these monitoring requirements and also studies correlation of the generated alarms across wireless intrusion detection system (WIDS) sensors and the detection techniques themselves for greater reliability and robustness. The specific outcomes of this research are: A comprehensive review of the outstanding vulnerabilities and attacks in IEEE 802.11i RSNs. A comprehensive review of the wireless intrusion detection techniques currently available for detecting attacks on RSNs. Identification of the drawbacks and limitations of the currently available wireless intrusion detection techniques in detecting attacks on RSNs. Development of three novel wireless intrusion detection techniques for detecting RSN attacks and security policy violations in RSNs. Development of algorithms for each novel intrusion detection technique to correlate alarms across distributed sensors of a WIDS. Development of an algorithm for automatic attack scenario detection using cross detection technique correlation. Development of an algorithm to automatically assign priority to the detected attack scenario using cross detection technique correlation.
APA, Harvard, Vancouver, ISO, and other styles
7

Gill, Rupinder S. "Intrusion detection techniques in wireless local area networks." Queensland University of Technology, 2009. http://eprints.qut.edu.au/29351/.

Full text
Abstract:
This research investigates wireless intrusion detection techniques for detecting attacks on IEEE 802.11i Robust Secure Networks (RSNs). Despite using a variety of comprehensive preventative security measures, the RSNs remain vulnerable to a number of attacks. Failure of preventative measures to address all RSN vulnerabilities dictates the need for a comprehensive monitoring capability to detect all attacks on RSNs and also to proactively address potential security vulnerabilities by detecting security policy violations in the WLAN. This research proposes novel wireless intrusion detection techniques to address these monitoring requirements and also studies correlation of the generated alarms across wireless intrusion detection system (WIDS) sensors and the detection techniques themselves for greater reliability and robustness. The specific outcomes of this research are: A comprehensive review of the outstanding vulnerabilities and attacks in IEEE 802.11i RSNs. A comprehensive review of the wireless intrusion detection techniques currently available for detecting attacks on RSNs. Identification of the drawbacks and limitations of the currently available wireless intrusion detection techniques in detecting attacks on RSNs. Development of three novel wireless intrusion detection techniques for detecting RSN attacks and security policy violations in RSNs. Development of algorithms for each novel intrusion detection technique to correlate alarms across distributed sensors of a WIDS. Development of an algorithm for automatic attack scenario detection using cross detection technique correlation. Development of an algorithm to automatically assign priority to the detected attack scenario using cross detection technique correlation.
APA, Harvard, Vancouver, ISO, and other styles
8

Bláha, Lukáš. "Analýza automatizovaného generování signatur s využitím Honeypotu." Master's thesis, Vysoké učení technické v Brně. Fakulta informačních technologií, 2012. http://www.nusl.cz/ntk/nusl-236430.

Full text
Abstract:
In this paper, system of automatic processing of attacks using honeypots is discussed. The first goal of the thesis is to become familiar with the issue of signatures to detect malware on the network, especially the analysis and description of existing methods for automatic generation of signatures using honeypots. The main goal is to use the acquired knowledge to the design and implementation of tool which will perform the detection of new malicious software on the network or end user's workstation.
APA, Harvard, Vancouver, ISO, and other styles
9

Lin, Yu-Ren, and 林育任. "Automatic Construction of Primitive Attack Templates for Primitive Attack-based Heterogeneous Intrusion Detection." Thesis, 2005. http://ndltd.ncl.edu.tw/handle/50928028528463091853.

Full text
Abstract:
碩士
國立臺灣科技大學
資訊工程系
93
The security of networked computers strongly affects network applications. Although we already have firewalls and encryption systems, intrusion still happens often. IDSs (Intrusion Detection Systems) with different techniques and characteristics have thus been developed to serve as the second layer protection. Problems associated with IDS include: (1) IDSs often produce lots of low level alerts which aren’t integrated. (2) IDSs produce lots of false alerts. (3) Heterogeneous IDSs have their specific capabilities of detecting attacks; however, their detection scopes are limited. To cope with the problems, we proposed a two-layered heterogeneous intrusion detection architecture, which advocates primitive attacks to work as a mediator for correlating alerts. The first layer is the construction and detection of primitive attacks, responsible for integrating heterogeneous alerts into primitive attacks. This equivalently transforms low-level, different formats of alerts into a unified, higher-level representation. The second layer is the correlation of attack scenarios, responsible for correlating primitive attacks into attack scenarios and reporting their priorities. This thesis focuses on improving the first layer, the construction and detection of primitive attacks, mainly by introducing a module to automatically construct primitive attack templates. The module involves the following techniques. First, we apply the constrained data mining technique to learn interactive relationships among the alerts. Second based on the interaction relationships and the support of alert ontology, we automatically create primitive attack templates. Finally, we anchor the auto-generated primitive attack templates into attack ontology. Our experiments showed the auto-generated primitive attack templates successfully subsumed all manually constructed real primitive attack templates. The contributions of the work are as follows. First, the automatic construction technique of primitive attack templates can reduce the difficulties with manual construction of primitive attack templates by experts. Second, the constrained data mining technique can effectively discover interactive relationships among (heterogeneous) alerts and allows us to use their common contents to describe the relevant attributes of a primitive attack. Finally, the completed alert ontology (including network-based and host-based alerts) comprehensively classifies the alerts attached with annotated information, not only supporting the automatic construction of primitive attack templates in this thesis but also serving as a valuable resource for design and analysis of intrusion detection systems.
APA, Harvard, Vancouver, ISO, and other styles
10

Liang, Ti-Hung, and 梁滌宏. "A Study on Network ARP Attack Detection, Prevention and Automatic Connection Restoration." Thesis, 2015. http://ndltd.ncl.edu.tw/handle/21127536084053917591.

Full text
Abstract:
碩士
國立臺灣海洋大學
電機工程學系
103
This research focuses on the analysis of network attacking via the NetCut software. This kind of software will send out huge ARP( Address Resolution Protocol ) packets to the network switch, whether the attacking is occurred or not. Using this characteristic, debugging mode through the layer3 of network switch will be used to collect the ARP information. The programming language Perl will be used to analyze the amount of ARP packets periodically. When the amount of ARP packets exceed the specific guarding value, the MAC of the host running NetCut will be blocked. After the amount of ARP packets is lower than the guarding value, the MAC of that host will be unblocked. The analysis processing will be executed automatically without human intervening.
APA, Harvard, Vancouver, ISO, and other styles

Book chapters on the topic "Attack Detection Automation"

1

Alsabbagh, Wael, and Peter Langendoerfer. "A Remote Attack Tool Against Siemens S7-300 Controllers: A Practical Report." In Technologien für die intelligente Automation, 3–21. Berlin, Heidelberg: Springer Berlin Heidelberg, 2022. http://dx.doi.org/10.1007/978-3-662-64283-2_1.

Full text
Abstract:
AbstractThis paper presents a series of attacks against Siemens S7-300 programmable logic controllers (PLCs), using our remote IHP-Attack tool. Due to the lack of integrity checks in S7-300 PLCs, such controllers execute commands whether or not they are delivered from a legitimate user. Thus, they were exposed to various kind of cyber-attacks over the last years such as reply, bypass authentication and access control attacks. In this work, we build up our tool to carry out a series of attacks based on the existing reported vulnerabilities of S7-300 PLCs in the research community. For real world experimental scenarios, our tool is implemented on real hardware/software used in industrial settings (water level control system). IHP-Attack consists of many functionalities as follows: PNIO Scanner to Scan the industrial network and detect any available PLCs/CPs, etc. Inner Scanner to collect critical data about the target PLC’s software blocks. Authentication Bypass to check whether the PLC is password protected, and compromise the PLC. Our tool also shows that once an adversary reaches the target, he is capable of carrying out severe attacks e.g. replay and control hijacking attacks against the compromised controller. All the functions used in our tool are written in Python and based on powerful libraries such as Python-Snap7 and Scapy. The attacks performed in this work generate a very small traffic overhead and a quite short attack time which make them hard to detect by the workstation. We eventually found that deploying traditional detection methods is not sufficient to secure the system. Therefore, we suggest some possible mitigation solutions to secure industrial systems based on S7-300 PLCs from such attacks.
APA, Harvard, Vancouver, ISO, and other styles
2

Zhang, Yanjing, Jianming Cui, and Ming Liu. "Research on Adversarial Patch Attack Defense Method for Traffic Sign Detection." In Communications in Computer and Information Science, 199–210. Singapore: Springer Nature Singapore, 2022. http://dx.doi.org/10.1007/978-981-19-8285-9_15.

Full text
Abstract:
AbstractAccurate and stable traffic sign detection is a key technology to achieve L3 driving automation, and its performance has been significantly improved by the development of deep learning technology in recent years. However, the current traffic sign detection has inadequate difficulty resisting anti-attack ability and even does not have basic defense capability. To solve this critical issue, an adversarial patch attack defense model IYOLO-TS is proposed in this paper. The main innovation is to simulate the conditions of traffic signs being partially damaged, obscured or maliciously modified in real world by training the attack patches, and then add the attacked classes in the last layer of the YOLOv2 which are corresponding to the original detection categories, and finally the attack patch obtained from the training is used to complete the adversarial training of the detection model. The attack patch is obtained by first using RP2 algorithm to attack the detection model and then training on the blank patch. In order to verify the defense effective of the proposed IYOLO-TS model, we constructed a patch dataset LISA-Mask containing 50 different mask generation patches of 33000 sheets, and then training dataset by combining LISA and LISA-Mask datasets. The experiment results show that the mAP of the proposed IYOLO-TS is up to 98.12%. Compared with YOLOv2, it improved the defense ability against patch attacks and has the real-time detection ability. It can be considered that the proposed method has strong practicality and achieves a tradeoff between design complexity and efficiency.
APA, Harvard, Vancouver, ISO, and other styles
3

Doniyorbek, Usmanbayev, and Bozorov Suhrobjon. "Analysis of Algorithm of Binary Classifiers to Improve Attack Detection Systems." In 12th World Conference “Intelligent System for Industrial Automation” (WCIS-2022), 81–87. Cham: Springer Nature Switzerland, 2024. http://dx.doi.org/10.1007/978-3-031-51521-7_12.

Full text
APA, Harvard, Vancouver, ISO, and other styles
4

Fritsch, Lothar, Aws Jaber, and Anis Yazidi. "An Overview of Artificial Intelligence Used in Malware." In Communications in Computer and Information Science, 41–51. Cham: Springer International Publishing, 2022. http://dx.doi.org/10.1007/978-3-031-17030-0_4.

Full text
Abstract:
AbstractArtificial intelligence (AI) and machine learning (ML) methods are increasingly adopted in cyberattacks. AI supports the establishment of covert channels, as well as the obfuscation of malware. Additionally, AI results in new forms of phishing attacks and enables hard-to-detect cyber-physical sabotage. Malware creators increasingly deploy AI and ML methods to improve their attack’s capabilities. Defenders must therefore expect unconventional malware with new, sophisticated and changing features and functions. AI’s potential for automation of complex tasks serves as a challenge in the face of defensive deployment of anti-malware AI techniques. This article summarizes the state of the art in AI-enhanced malware and the evasion and attack techniques it uses against AI-supported defensive systems. Our findings include articles describing targeted attacks against AI detection functions, advanced payload obfuscation techniques, evasion of networked communication with AI methods, malware for unsupervised-learning-based cyber-physical sabotage, decentralized botnet control using swarm intelligence and the concealment of malware payloads within neural networks that fulfill other purposes.
APA, Harvard, Vancouver, ISO, and other styles
5

Wurzenberger, Markus, Max Landauer, Agron Bajraktari, and Florian Skopik. "Automatic Attack Pattern Mining for Generating Actionable CTI Applying Alert Aggregation." In Cybersecurity of Digital Service Chains, 136–61. Cham: Springer International Publishing, 2022. http://dx.doi.org/10.1007/978-3-031-04036-8_7.

Full text
Abstract:
AbstractIntrusion Detection Systems (IDSs) monitor all kinds of IT infrastructures to automatically detect malicious activities related to cyber attacks. Unfortunately, especially anomaly-based IDS are known to produce large numbers of alerts, including false positives, that often become overwhelming for manual analysis. However, due to a fast changing threat landscape, quickly evolving attack techniques, and ever growing number of vulnerabilities, novel anomaly detection systems that enable detection of unknown attacks are indispensable. Therefore, to reduce the number of alerts that have to be reviewed by security analysts, aggregation methods have been developed for filtering, grouping, and correlating alerts. Yet, existing techniques either rely on manually defined attack scenarios or require specific alert formats, such as IDMEF that includes IP addresses. This makes the application of existing aggregation methods infeasible for alerts from host-based or anomaly-based IDSs that frequently lack such network-related data. In this chapter, we present a domain-independent alert aggregation technique that enables automatic attack pattern mining and generation of actionable CTI. The chapter describes the concept of the proposed alert aggregation process as well as a dashboard that enables visualization and filtering of the results. Finally, the chapter demonstrates all features in course of an application example.
APA, Harvard, Vancouver, ISO, and other styles
6

Hoyos, Isaias, Bruno Esposito, and Miguel Nunez-del-Prado. "DETECTOR: Automatic Detection System for Terrorist Attack Trajectories." In Information Management and Big Data, 160–73. Cham: Springer International Publishing, 2019. http://dx.doi.org/10.1007/978-3-030-11680-4_17.

Full text
APA, Harvard, Vancouver, ISO, and other styles
7

Lebrun, Stéphanie, Stéphane Kaloustian, Raphaël Rollier, and Colin Barschel. "GNSS Positioning Security: Automatic Anomaly Detection on Reference Stations." In Critical Information Infrastructures Security, 60–76. Cham: Springer International Publishing, 2021. http://dx.doi.org/10.1007/978-3-030-93200-8_4.

Full text
Abstract:
AbstractThe dependency of critical infrastructures on Global Navigation Satellite Systems (GNSS) keeps increasing over the years. This over-reliance brings concerns as those systems are vulnerable and consequently prone to human-made perturbations, such as jamming and spoofing attacks. Solutions for detecting such disturbances are therefore crucially needed to raise GNSS users’ awareness and protection. This paper suggests an approach for detecting anomalous events (i.e., potentially an attack attempt) based on measurements recorded by Continuously Operating GNSS Reference Stations (CORS). Precisely, the anomaly detection process first consists in modeling the normal behavior of a given signal thanks to a predictive model which combines the Seasonal and Trend decomposition using LOESS and ARIMA algorithms. This model can then be used to predict the upcoming measurement values. Finally, we compare the predictions to the actual observations with a statistical rule and assess if those are normal or anomalous. While our anomaly detection approach is intended for real-time use, we assess its effectiveness on historical data. For simplicity and independence, we also focus on the Carrier-to-Noise Ratio only, though similar methods could apply to other observables. Our results prove the sensitivity of the proposed detection on a reported case of unintentional disturbance. Other anomalies in the historical data are also uncovered using that methodology and presented in this paper.
APA, Harvard, Vancouver, ISO, and other styles
8

Yang, Xu, Qian Li, Cong Li, and Yong Qi. "Robust Malware Detection System Against Adversarial Attacks." In Advances in Intelligent Automation and Soft Computing, 1059–67. Cham: Springer International Publishing, 2021. http://dx.doi.org/10.1007/978-3-030-81007-8_122.

Full text
APA, Harvard, Vancouver, ISO, and other styles
9

Perkins, Jeff, Jordan Eikenberry, Alessandro Coglio, Daniel Willenson, Stelios Sidiroglou-Douskos, and Martin Rinard. "AutoRand: Automatic Keyword Randomization to Prevent Injection Attacks." In Detection of Intrusions and Malware, and Vulnerability Assessment, 37–57. Cham: Springer International Publishing, 2016. http://dx.doi.org/10.1007/978-3-319-40667-1_3.

Full text
APA, Harvard, Vancouver, ISO, and other styles
10

Jin, Shuyuan, Zhi Yang, and Xiang Cui. "Automatic Covert Channel Detection in Asbestos System (Poster Abstract)." In Research in Attacks, Intrusions, and Defenses, 380–81. Berlin, Heidelberg: Springer Berlin Heidelberg, 2012. http://dx.doi.org/10.1007/978-3-642-33338-5_22.

Full text
APA, Harvard, Vancouver, ISO, and other styles

Conference papers on the topic "Attack Detection Automation"

1

Zhang, Ruo, Guiqin Yang, and Wei Zhang. "DDoS Attack Detection System Based on GBDT Under SDN." In 2024 IEEE 7th Information Technology, Networking, Electronic and Automation Control Conference (ITNEC), 1415–19. IEEE, 2024. http://dx.doi.org/10.1109/itnec60942.2024.10733143.

Full text
APA, Harvard, Vancouver, ISO, and other styles
2

Zhang, Wei, Guiqin Yang, and Ruo Zhang. "DDoS Attack Detection Based on Rényi-RF in SDN Environment." In 2024 IEEE 7th Information Technology, Networking, Electronic and Automation Control Conference (ITNEC), 1365–69. IEEE, 2024. http://dx.doi.org/10.1109/itnec60942.2024.10733276.

Full text
APA, Harvard, Vancouver, ISO, and other styles
3

Zhu, Mengjiang, Tianfu Xu, Qun He, Rixuan Qiu, Jiang Zhu, Wei Wang, and Jianye Li. "Research on APT Attack Detection Methods for Power Information Systems." In 2024 IEEE 7th Information Technology, Networking, Electronic and Automation Control Conference (ITNEC), 1866–71. IEEE, 2024. http://dx.doi.org/10.1109/itnec60942.2024.10733125.

Full text
APA, Harvard, Vancouver, ISO, and other styles
4

Desnitsky, Vasily, and Alexey Meleshko. "Modeling and Analysis of Secure Blockchain-Driven Self-Organized Decentralized Wireless Sensor Networks for Attack Detection." In 2024 International Russian Automation Conference (RusAutoCon), 199–204. IEEE, 2024. http://dx.doi.org/10.1109/rusautocon61949.2024.10694225.

Full text
APA, Harvard, Vancouver, ISO, and other styles
5

Kha Nguyen, Dinh Duy, Cédric Escudero, Emil Dumitrescu, and Eric Zamaï. "Actuator and Sensor Attacks Detection Method based on Attack Reconstruction." In 2024 32nd Mediterranean Conference on Control and Automation (MED). IEEE, 2024. http://dx.doi.org/10.1109/med61351.2024.10566177.

Full text
APA, Harvard, Vancouver, ISO, and other styles
6

Sheng, Chen, and Chen Gang. "APT Attack and Detection Technology." In 2024 IEEE 6th Advanced Information Management, Communicates, Electronic and Automation Control Conference (IMCEC). IEEE, 2024. http://dx.doi.org/10.1109/imcec59810.2024.10575432.

Full text
APA, Harvard, Vancouver, ISO, and other styles
7

Qiu, Bohua, Muheng Wei, Wen Xi, Yongjie Li, and Qizhong Li. "CPS Attack Detection of Ships using Particle Filter." In 2021 China Automation Congress (CAC). IEEE, 2021. http://dx.doi.org/10.1109/cac53003.2021.9728218.

Full text
APA, Harvard, Vancouver, ISO, and other styles
8

Satam, Shruti Sanjay, Akansha Anadrao Patil, Devyani Bhagwan Narkhede, Sumit Singh, and Namita Pulgam. "Zero-Day Attack Detection and Prevention." In 2023 7th International Conference On Computing, Communication, Control And Automation (ICCUBEA). IEEE, 2023. http://dx.doi.org/10.1109/iccubea58933.2023.10392272.

Full text
APA, Harvard, Vancouver, ISO, and other styles
9

Gu, Tianbo, Allaukik Abhishek, Hao Fu, Huanle Zhang, Debraj Basu, and Prasant Mohapatra. "Towards Learning-automation IoT Attack Detection through Reinforcement Learning." In 2020 IEEE 21st International Symposium on "A World of Wireless, Mobile and Multimedia Networks" (WoWMoM). IEEE, 2020. http://dx.doi.org/10.1109/wowmom49955.2020.00029.

Full text
APA, Harvard, Vancouver, ISO, and other styles
10

Ruotsalainen, Henri, Albert Treytl, and Thilo Sauter. "Watermarking Based Sensor Attack Detection in Home Automation Systems." In 2021 IEEE 26th International Conference on Emerging Technologies and Factory Automation (ETFA). IEEE, 2021. http://dx.doi.org/10.1109/etfa45728.2021.9613634.

Full text
APA, Harvard, Vancouver, ISO, and other styles

Reports on the topic "Attack Detection Automation"

1

Berney, Ernest, Naveen Ganesh, Andrew Ward, J. Newman, and John Rushing. Methodology for remote assessment of pavement distresses from point cloud analysis. Engineer Research and Development Center (U.S.), April 2021. http://dx.doi.org/10.21079/11681/40401.

Full text
Abstract:
The ability to remotely assess road and airfield pavement condition is critical to dynamic basing, contingency deployment, convoy entry and sustainment, and post-attack reconnaissance. Current Army processes to evaluate surface condition are time-consuming and require Soldier presence. Recent developments in the area of photogrammetry and light detection and ranging (LiDAR) enable rapid generation of three-dimensional point cloud models of the pavement surface. Point clouds were generated from data collected on a series of asphalt, concrete, and unsurfaced pavements using ground- and aerial-based sensors. ERDC-developed algorithms automatically discretize the pavement surface into cross- and grid-based sections to identify physical surface distresses such as depressions, ruts, and cracks. Depressions can be sized from the point-to-point distances bounding each depression, and surface roughness is determined based on the point heights along a given cross section. Noted distresses are exported to a distress map file containing only the distress points and their locations for later visualization and quality control along with classification and quantification. Further research and automation into point cloud analysis is ongoing with the goal of enabling Soldiers with limited training the capability to rapidly assess pavement surface condition from a remote platform.
APA, Harvard, Vancouver, ISO, and other styles
You might also be interested in the extended bibliographies on the topic 'Attack Detection Automation' for particular source types:
Journal articles
We offer discounts on all premium plans for authors whose works are included in thematic literature selections. Contact us to get a unique promo code!

To the bibliography