Relevant bibliographies by topics / Malicious behavior pattern

Contents

  1. Journal articles
  2. Dissertations / Theses
  3. Book chapters
  4. Conference papers

Academic literature on the topic 'Malicious behavior pattern'

Author: Grafiati
Published: 28 June 2021
Last updated: 1 February 2022

Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles

Select a source type:

Consult the lists of relevant articles, books, theses, conference reports, and other scholarly sources on the topic 'Malicious behavior pattern.'

Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.

You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.

Journal articles on the topic "Malicious behavior pattern"

1

Seo, Jungwoo, and Sangjin Lee. "Abnormal Behavior Detection to Identify Infected Systems Using the APChain Algorithm and Behavioral Profiling." Security and Communication Networks 2018 (September 4, 2018): 1–24. http://dx.doi.org/10.1155/2018/9706706.

Full text
Abstract:
Recent cyber-attacks have used unknown malicious code or advanced attack techniques, such as zero-day attacks, making them extremely difficult to detect using traditional intrusion detection systems. Botnet attacks, for example, are a very sophisticated type of cyber-security threat. Malicious code or vulnerabilities are used to infect endpoints. Systems infected with this malicious code connect a communications channel to a command and control (C&C) server and receive commands to perform attacks on target servers. To effectively protect a corporate network’s resources against such threats, we must be able to detect infected systems before an attack occurs. In this paper, an attack pattern chain algorithm (APChain) is proposed to identify infected systems in real-time network environments, and a methodology for detecting abnormal behavior through network-based behavioral profiling is explained. APChain analyzes the attribute information of real-time network traffic, connects chains over time, and conducts behavioral profiling of different attack types to detect abnormal behavior. The dataset used in the experiment employed real-time traffic accumulated over a period of six months, and the proposed algorithm was developed into a prototype for the experiment. The C&C channel detection accuracy was measured at 0.996, the true positive rate at 1.0, and the false positive rate at 0.003. This study proposes a methodology that can overcome the limitations of conventional security mechanisms and suggests an approach to the detection of abnormal behavior in a real-time network environment.
APA, Harvard, Vancouver, ISO, and other styles
2

Khan, Abdul Karim, Chris M. Bell, and Samina Quratulain. "The two faces of envy: perceived opportunity to perform as a moderator of envy manifestation." Personnel Review 46, no. 3 (April 3, 2017): 490–511. http://dx.doi.org/10.1108/pr-12-2014-0279.

Full text
Abstract:
Purpose The purpose of this paper is to investigate, with a Pakistani sample, the destructive and constructive behavioral intentions associated with benign and malicious envy in the context of perceived opportunity to perform. Design/methodology/approach The authors conducted two cross-sectional studies to test the hypotheses. In Study 1, data were obtained from students (n=90), whereas in Study 2, the authors used an executive sample (n=83). Findings The primary motivation of benign envy was to bring oneself up by improving performance on the comparison dimension, whereas the primary motive of malicious envy was to pull the envied other down. The relationship between malicious envy and behavioral “pulling down” intentions of derogating envied other was conditional on perceived opportunity on the comparison dimension. Consistent with a motive to improve self-evaluation, this study also found that perceived opportunity to perform interacted with benign envy to promote performance intentions on an alternative dimension. Furthermore, malicious envy was also associated with self-improving performance intentions on the comparison dimension, conditional upon perceived opportunity to perform. Practical implications Envy, depending on its nature, can become a positive or negative force in organizational life. The pattern of effects for opportunity structure differs from previous findings on control. The negative and positive effects of malicious envy may be managed by attention to opportunity structures. Originality/value This study supports the proposition that benign envy and malicious envy are linguistically and conceptually distinct phenomena, and it is the first to do so in a sample from Pakistan, a non-western and relatively more collectivistic culture. The authors also showed that negative and hostile envy-based behaviors are conditional upon the perceived characteristics of the context.
APA, Harvard, Vancouver, ISO, and other styles
3

Song, Chongya, Alexander Pons, and Kang Yen. "AA-HMM: An Anti-Adversarial Hidden Markov Model for Network-Based Intrusion Detection." Applied Sciences 8, no. 12 (November 28, 2018): 2421. http://dx.doi.org/10.3390/app8122421.

Full text
Abstract:
In the field of network intrusion, malware usually evades anomaly detection by disguising malicious behavior as legitimate access. Therefore, detecting these attacks from network traffic has become a challenge in this an adversarial setting. In this paper, an enhanced Hidden Markov Model, called the Anti-Adversarial Hidden Markov Model (AA-HMM), is proposed to effectively detect evasion pattern, using the Dynamic Window and Threshold techniques to achieve adaptive, anti-adversarial, and online-learning abilities. In addition, a concept called Pattern Entropy is defined and acts as the foundation of AA-HMM. We evaluate the effectiveness of our approach employing two well-known benchmark data sets, NSL-KDD and CTU-13, in terms of the common performance metrics and the algorithm’s adaptation and anti-adversary abilities.
APA, Harvard, Vancouver, ISO, and other styles
4

Dhiyanesh, B., and S. Sakthivel. "UBP-Trust: User Behavioral Pattern Based Secure Trust Model for Mitigating Denial of Service Attacks in Software as a Service (SaaS) Cloud Environment." Journal of Computational and Theoretical Nanoscience 13, no. 10 (October 1, 2016): 7649–54. http://dx.doi.org/10.1166/jctn.2016.5766.

Full text
Abstract:
The problem of security enforcement in cloud environment has been discussed in number of situations and the most approaches uses minimum number of features to mitigate the denial of service attacks in cloud environment. The methods suffers with the problem of poor detection accuracy and false classification ratio, to overcome the issue, we propose a novel approach to mitigate the denial of service attacks in SaaS layer of cloud environment. This paper discusses a UBP-Trust model, which monitors the behavioral patterns of the users of cloud environment at different situations. Based on the monitored results, the method generates user behavior pattern which represents, the number of times the user has accessed the service, the number of times the service has been accessed and finished successfully, the amount of data being sent, the number of false invocation, the variance of protocol and so on. Using all these features considered the method generates the behavioral pattern and used to compute the user trust weight for each user being monitored. Based on the weight computed, he will be decided as malicious or genuine and based on which the method restrict the user from accessing the service. The proposed method produces efficient results in DDOS detection accuracy and produces less time complexity and false classification ratio.
APA, Harvard, Vancouver, ISO, and other styles
5

Sureda Riera, Tomás, Juan-Ramón Bermejo Higuera, Javier Bermejo Higuera, José-Javier Martínez Herraiz, and Juan-Antonio Sicilia Montalvo. "Prevention and Fighting against Web Attacks through Anomaly Detection Technology. A Systematic Review." Sustainability 12, no. 12 (June 17, 2020): 4945. http://dx.doi.org/10.3390/su12124945.

Full text
Abstract:
Numerous techniques have been developed in order to prevent attacks on web servers. Anomaly detection techniques are based on models of normal user and application behavior, interpreting deviations from the established pattern as indications of malicious activity. In this work, a systematic review of the use of anomaly detection techniques in the prevention and detection of web attacks is undertaken; in particular, we used the standardized method of a systematic review of literature in the field of computer science, proposed by Kitchenham. This method is applied to a set of 88 papers extracted from a total of 8041 reviewed papers, which have been published in notable journals. This paper discusses the process carried out in this systematic review, as well as the results and findings obtained to identify the current state of the art of web anomaly detection.
APA, Harvard, Vancouver, ISO, and other styles
6

Soleymani, Ali, and Fatemeh Arabgol. "A Novel Approach for Detecting DGA-Based Botnets in DNS Queries Using Machine Learning Techniques." Journal of Computer Networks and Communications 2021 (July 5, 2021): 1–13. http://dx.doi.org/10.1155/2021/4767388.

Full text
Abstract:
In today’s security landscape, advanced threats are becoming increasingly difficult to detect as the pattern of attacks expands. Classical approaches that rely heavily on static matching, such as blacklisting or regular expression patterns, may be limited in flexibility or uncertainty in detecting malicious data in system data. This is where machine learning techniques can show their value and provide new insights and higher detection rates. The behavior of botnets that use domain-flux techniques to hide command and control channels was investigated in this research. The machine learning algorithm and text mining used to analyze the network DNS protocol and identify botnets were also described. For this purpose, extracted and labeled domain name datasets containing healthy and infected DGA botnet data were used. Data preprocessing techniques based on a text-mining approach were applied to explore domain name strings with n-gram analysis and PCA. Its performance is improved by extracting statistical features by principal component analysis. The performance of the proposed model has been evaluated using different classifiers of machine learning algorithms such as decision tree, support vector machine, random forest, and logistic regression. Experimental results show that the random forest algorithm can be used effectively in botnet detection and has the best botnet detection accuracy.
APA, Harvard, Vancouver, ISO, and other styles
7

Heigl, Michael, Enrico Weigelt, Andreas Urmann, Dalibor Fiala, and Martin Schramm. "Exploiting the Outcome of Outlier Detection for Novel Attack Pattern Recognition on Streaming Data." Electronics 10, no. 17 (September 4, 2021): 2160. http://dx.doi.org/10.3390/electronics10172160.

Full text
Abstract:
Future-oriented networking infrastructures are characterized by highly dynamic Streaming Data (SD) whose volume, speed and number of dimensions increased significantly over the past couple of years, energized by trends such as Software-Defined Networking or Artificial Intelligence. As an essential core component of network security, Intrusion Detection Systems (IDS) help to uncover malicious activity. In particular, consecutively applied alert correlation methods can aid in mining attack patterns based on the alerts generated by IDS. However, most of the existing methods lack the functionality to deal with SD data affected by the phenomenon called concept drift and are mainly designed to operate on the output from signature-based IDS. Although unsupervised Outlier Detection (OD) methods have the ability to detect yet unknown attacks, most of the alert correlation methods cannot handle the outcome of such anomaly-based IDS. In this paper, we introduce a novel framework called Streaming Outlier Analysis and Attack Pattern Recognition, denoted as SOAAPR, which is able to process the output of various online unsupervised OD methods in a streaming fashion to extract information about novel attack patterns. Three different privacy-preserving, fingerprint-like signatures are computed from the clustered set of correlated alerts by SOAAPR, which characterizes and represents the potential attack scenarios with respect to their communication relations, their manifestation in the data’s features and their temporal behavior. Beyond the recognition of known attacks, comparing derived signatures, they can be leveraged to find similarities between yet unknown and novel attack patterns. The evaluation, which is split into two parts, takes advantage of attack scenarios from the widely-used and popular CICIDS2017 and CSE-CIC-IDS2018 datasets. Firstly, the streaming alert correlation capability is evaluated on CICIDS2017 and compared to a state-of-the-art offline algorithm, called Graph-based Alert Correlation (GAC), which has the potential to deal with the outcome of anomaly-based IDS. Secondly, the three types of signatures are computed from attack scenarios in the datasets and compared to each other. The discussion of results, on the one hand, shows that SOAAPR can compete with GAC in terms of alert correlation capability leveraging four different metrics and outperforms it significantly in terms of processing time by an average factor of 70 in 11 attack scenarios. On the other hand, in most cases, all three types of signatures seem to reliably characterize attack scenarios such that similar ones are grouped together, with up to 99.05% similarity between the FTP and SSH Patator attack.
APA, Harvard, Vancouver, ISO, and other styles
8

Lange, Jens, Delroy L. Paulhus, and Jan Crusius. "Elucidating the Dark Side of Envy: Distinctive Links of Benign and Malicious Envy With Dark Personalities." Personality and Social Psychology Bulletin 44, no. 4 (December 22, 2017): 601–14. http://dx.doi.org/10.1177/0146167217746340.

Full text
Abstract:
Researchers have recently drawn a contrast between two forms of envy: benign and malicious envy. In three studies (total N = 3,123), we challenge the assumption that malicious envy is destructive, whereas benign envy is entirely constructive. Instead, both forms have links with the Dark Triad of personality. Benign envy is associated with Machiavellian behaviors, whereas malicious envy is associated with both Machiavellian and psychopathic behaviors. In Study 1, this pattern emerged from meta-analyzed trait correlations. In Study 2, a manipulation affecting the envy forms mediated an effect on antisocial behavioral intentions. Study 3 replicated these patterns by linking envy to specific antisocial behaviors and their impact on status in the workplace. Together, our correlational and experimental results suggest that the two forms of envy can both be malevolent. Instead of evaluating envy’s morality, we propose to focus on its functional value.
APA, Harvard, Vancouver, ISO, and other styles
9

Sikder, Amit Kumar, Leonardo Babun, and A. Selcuk Uluagac. "A egis +." Digital Threats: Research and Practice 2, no. 1 (March 2021): 1–33. http://dx.doi.org/10.1145/3428026.

Full text
Abstract:
The introduction of modern Smart Home Systems (SHSs) is redefining the way we perform everyday activities. Today, myriad SHS applications and the devices they control are widely available to users. Specifically, users can easily download and install the apps from vendor-specific app markets, or develop their own, to effectively implement their SHS solutions. However, despite their benefits, app-based SHSs unfold diverse security risks. Several attacks have already been reported to SHSs and current security solutions only consider smart home devices and apps individually to detect malicious actions, rather than the context of the SHS as a whole. Thus, the current security solutions applied to SHSs cannot capture user activities and sensor-device-user interactions in a holistic fashion. To address these limitations, in this article, we introduce A egis +, a novel context-aware platform-independent security framework to detect malicious behavior in an SHS. Specifically, A egis + observes the states of the connected smart home entities (sensors and devices) for different user activities and usage patterns in an SHS and builds a contextual model to differentiate between malicious and benign behavior. We evaluated the efficacy and performance of A egis + in multiple smart home settings (i.e., single bedroom, double bedroom, duplex) and platforms (i.e., Samsung SmartThings, Amazon Alexa) where real users perform day-to-day activities using real SHS devices. We also measured the performance of A egis + against five different malicious behaviors. Our detailed evaluation shows that A egis + can detect malicious behavior in SHS with high accuracy (over 95%) and secure the SHS regardless of the smart home layout and platforms, device configurations, installed apps, controller devices, and enforced user policies. Finally, A egis + yields minimum overhead to the SHS, ensuring effective deployability in real-life smart environments.
APA, Harvard, Vancouver, ISO, and other styles
10

Yu, WangYang, Chun Gang Yan, ZhiJun Ding, ChangJun Jiang, and MengChu Zhou. "Modeling and Verification of Online Shopping Business Processes by Considering Malicious Behavior Patterns." IEEE Transactions on Automation Science and Engineering 13, no. 2 (April 2016): 647–62. http://dx.doi.org/10.1109/tase.2014.2362819.

Full text
APA, Harvard, Vancouver, ISO, and other styles
More sources

Dissertations / Theses on the topic "Malicious behavior pattern"

1

Khan, Saad Usman. "Identification of malicious behavior patterns for software." Thesis, Norges teknisk-naturvitenskapelige universitet, Institutt for telematikk, 2014. http://urn.kb.se/resolve?urn=urn:nbn:no:ntnu:diva-26603.

Full text
Abstract:
Over the years malware has increased in number and became increasingly harmful. Traditionally, anti-virus suites are used to protect the computers from various forms of malware. In recent years a new technique called “behavior based malware analysis” has become famous which overcomes some of shortcomings of traditional anti-virus suites. Just like antivirus suites require signatures, behavior analysis systems require patterngroups for malware identification. This thesis presents the design and implementation of a Malware Pattern Generator (MPG). MPG is built to automatically generate behavior based pattern groups from a given malicious dataset. MPG uses hierarchical clustering to find similarities between malware and extracts the similarities to generate pattern groups. Three variants of MPG are developed during the work on this thesis and the results of their evaluation against malicious datasets are presented.
APA, Harvard, Vancouver, ISO, and other styles
2

Varga, Adam. "Identifikace a charakterizace škodlivého chování v grafech chování." Master's thesis, Vysoké učení technické v Brně. Fakulta elektrotechniky a komunikačních technologií, 2021. http://www.nusl.cz/ntk/nusl-442388.

Full text
Abstract:
Za posledné roky je zaznamenaný nárast prác zahrňujúcich komplexnú detekciu malvéru. Pre potreby zachytenia správania je často vhodné pouziť formát grafov. To je prípad antivírusového programu Avast, ktorého behaviorálny štít deteguje škodlivé správanie a ukladá ich vo forme grafov. Keďže sa jedná o proprietárne riešenie a Avast antivirus pracuje s vlastnou sadou charakterizovaného správania bolo nutné navrhnúť vlastnú metódu detekcie, ktorá bude postavená nad týmito grafmi správania. Táto práca analyzuje grafy správania škodlivého softvéru zachytené behavioralnym štítom antivírusového programu Avast pre proces hlbšej detekcie škodlivého softvéru. Detekcia škodlivého správania sa začína analýzou a abstrakciou vzorcov z grafu správania. Izolované vzory môžu efektívnejšie identifikovať dynamicky sa meniaci malware. Grafy správania sú uložené v databáze grafov Neo4j a každý deň sú zachytené tisíce z nich. Cieľom tejto práce bolo navrhnúť algoritmus na identifikáciu správania škodlivého softvéru s dôrazom na rýchlosť skenovania a jasnosť identifikovaných vzorcov správania. Identifikácia škodlivého správania spočíva v nájdení najdôležitejších vlastností natrénovaných klasifikátorov a následnej extrakcie podgrafu pozostávajúceho iba z týchto dôležitých vlastností uzlov a vzťahov medzi nimi. Následne je navrhnuté pravidlo pre hodnotenie extrahovaného podgrafu. Diplomová práca prebehla v spolupráci so spoločnosťou Avast Software s.r.o.
APA, Harvard, Vancouver, ISO, and other styles

Book chapters on the topic "Malicious behavior pattern"

1

Mao, Hing-Hao, Chung-Jung Wu, Evangelos E. Papalexakis, Christos Faloutsos, Kuo-Chen Lee, and Tien-Cheu Kao. "MalSpot: Multi2 Malicious Network Behavior Patterns Analysis." In Advances in Knowledge Discovery and Data Mining, 1–14. Cham: Springer International Publishing, 2014. http://dx.doi.org/10.1007/978-3-319-06608-0_1.

Full text
APA, Harvard, Vancouver, ISO, and other styles
2

Gelles, Michael G. "Insider Threat Prevention, Detection, and Mitigation." In International Handbook of Threat Assessment, edited by J. Reid Meloy and Jens Hoffmann, 669–79. Oxford University Press, 2021. http://dx.doi.org/10.1093/med-psych/9780190940164.003.0037.

Full text
Abstract:
This chapter looks at the history of insider threat from its roots in espionage to individuals who have access to people, information, material, and facilities and who could compromise the critical assets of an organization in the government or private sector. It examines behaviors associated with an insider threat from the decades of the past when things were driven by pen and paper, to the current world in which activity is deeply rooted in technology and where business is conducted virtually and globally. In addition to understanding the threat and the dimensions of a malicious complacent or ignorant insider, focus will be directed toward thinking about mitigating that threat, through the development of a holistic and risk-based insider threat program. The use of a framework that is focused on prevention, detection, and response is presented. Key issues addressed include policy and its relationship to setting behavioral expectations, communication and training, vetting employees and third parties, and defining potential risk indicators that reflect critical behaviors indicating a potential risk. The chapter defines and outlines how behavior can be captured in data and correlated using technology (user behavioral analytics) to proactively identify changes in behavioral patterns over time. Such technology identifies escalation and triages alerts to anomalous activity in the service of interrupting forward motion of a potential threat. Finally, the chapter highlights several statistics that define the change of insider threats today, and leading practices to help develop a strategy to mitigate the insider threat and focus on a holistic and risk-based approach to this threat management issue.
APA, Harvard, Vancouver, ISO, and other styles
3

Aridoss, Manimaran. "Defensive Mechanism Against DDoS Attack to Preserve Resource Availability for IoT Applications." In Securing the Internet of Things, 1429–42. IGI Global, 2020. http://dx.doi.org/10.4018/978-1-5225-9866-4.ch065.

Full text
Abstract:
The major challenge of Internet of Things (IoT) generated data is its hypervisor level vulnerabilities. Malicious VM deployment and termination are so simple due to its multitenant shared nature and distributed elastic cloud features. These features enable the attackers to launch Distributed Denial of Service attacks to degrade cloud server performance. Attack detection techniques are applied to the VMs that are used by malicious tenants to hold the cloud resources by launching DDoS attacks at data center subnets. Traditional dataflow-based attack detection methods rely on the similarities of incoming requests which consist of IP and TCP header information flows. The proposed approach classifies the status patterns of malicious VMs and ideal VMs to identify the attackers. In this article, information theory is used to calculate the entropy value of the malicious virtual machines for detecting attack behaviors. Experimental results prove that the proposed system works well against DDoS attacks in IoT applications.
APA, Harvard, Vancouver, ISO, and other styles
4

Khan, Muhammad Imran, Simon N. Foley, and Barry O'Sullivan. "DBMS Log Analytics for Detecting Insider Threats in Contemporary Organizations." In Advances in Electronic Government, Digital Divide, and Regional Development, 207–34. IGI Global, 2019. http://dx.doi.org/10.4018/978-1-5225-5984-9.ch010.

Full text
Abstract:
Insiders are legitimate users of a system; however, they pose a threat because of their granted access privileges. Anomaly-based intrusion detection approaches have been shown to be effective in the detection of insiders' malicious behavior. Database management systems (DBMS) are the core of any contemporary organization enabling them to store and manage their data. Yet insiders may misuse their privileges to access stored data via a DBMS with malicious intentions. In this chapter, a taxonomy of anomalous DBMS access detection systems is presented. Secondly, an anomaly-based mechanism that detects insider attacks within a DBMS framework is proposed whereby a model of normative behavior of insiders n-grams are used to capture normal query patterns in a log of SQL queries generated from a synthetic banking application system. It is demonstrated that n-grams do capture the short-term correlations inherent in the application. This chapter also outlines challenges pertaining to the design of more effective anomaly-based intrusion detection systems to detect insider attacks.
APA, Harvard, Vancouver, ISO, and other styles
5

Jorquera Valero, José María, Manuel Gil Pérez, Alberto Huertas Celdrán, and Gregorio Martínez Pérez. "Identification and Classification of Cyber Threats Through SSH Honeypot Systems." In Handbook of Research on Intrusion Detection Systems, 105–29. IGI Global, 2020. http://dx.doi.org/10.4018/978-1-7998-2242-4.ch006.

Full text
Abstract:
As the number and sophistication of cyber threats increases year after year, security systems such as antivirus, firewalls, or Intrusion Detection Systems based on misuse detection techniques are improved in detection capabilities. However, these traditional systems are usually limited to detect potential threats, since they are inadequate to spot zero-day attacks or mutations in behaviour. Authors propose using honeypot systems as a further security layer able to provide an intelligence holistic level in detecting unknown threats, or well-known attacks with new behaviour patterns. Since brute-force attacks are increasing in recent years, authors opted for an SSH medium-interaction honeypot to acquire a log set from attacker's interactions. The proposed system is able to acquire behaviour patterns of each attacker and link them with future sessions for early detection. Authors also generate a feature set to feed Machine Learning algorithms with the main goal of identifying and classifying attacker's sessions, and thus be able to learn malicious intentions in executing cyber threats.
APA, Harvard, Vancouver, ISO, and other styles
6

M., Srikanth Yadav, and Kalpana R. "A Survey on Network Intrusion Detection Using Deep Generative Networks for Cyber-Physical Systems." In Advances in Systems Analysis, Software Engineering, and High Performance Computing, 137–59. IGI Global, 2021. http://dx.doi.org/10.4018/978-1-7998-5101-1.ch007.

Full text
Abstract:
In the present computing world, network intrusion detection systems are playing a vital part in detecting malicious activities, and enormous attention has been given to deep learning from several years. During the past few years, cyber-physical systems (CPSs) have become ubiquitous in modern critical infrastructure and industrial applications. Safety is therefore a primary concern. Because of the success of deep learning (DL) in several domains, DL-based CPS security applications have been developed in the last few years. However, despite the wide range of efforts to use DL to ensure safety for CPSs. The major challenges in front of the research community are developing an efficient and reliable ID that is capable of handling a large amount of data, in analyzing the changing behavioral patterns of attacks in real-time. The work presented in this manuscript reviews the various deep learning generative methodologies and their performance in detecting anomalies in CPSs. The metrics accuracy, precision, recall, and F1-score are used to measure the performance.
APA, Harvard, Vancouver, ISO, and other styles

Conference papers on the topic "Malicious behavior pattern"

1

Choi, Chang, Xuefeng Piao, Junho Choi, Mungyu Lee, and Pankoo Kim. "Malicious behavior pattern mining using control flow graph." In the 2015 Conference. New York, New York, USA: ACM Press, 2015. http://dx.doi.org/10.1145/2811411.2811518.

Full text
APA, Harvard, Vancouver, ISO, and other styles
2

Demachi, Kazuyuki, and Shi Chen. "Development of Malicious Hand Behaviors Detection Method by Movie Analysis." In 2018 26th International Conference on Nuclear Engineering. American Society of Mechanical Engineers, 2018. http://dx.doi.org/10.1115/icone26-81643.

Full text
Abstract:
An urgent lesson learned from Fukushima Daiichi accident is what can happen by natural disaster can also occur by human design. The accident raised a fear that terrorists could cause a similar accident by acts of sabotage against nuclear power plant (NPP) and it is noticeable that threats of terrorism for nuclear security are increased after the accident. When considering sabotage, the prime threat to nuclear power plants, due attention should be paid to sabotage by insiders. Generally, insiders are the individuals with authorized access to nuclear facilities in transport who could attempt unauthorized sabotage. They could take advantage of their access authority and knowledge, to bypass dedicated physical protection elements or other provisions [1]. Thus, we should value the catastrophic consequences of the attack or act of insider sabotage which may lead to loss of safety functions of NPP. International Atomic Energy Agency (IAEA) indicated that the physical protection system (PPS) of a nuclear facility should be integrated and effective against both sabotage and unauthorized removal. The primary PPS functions are deterrence, detection, delay and response. It is noticeable that if detection failed, delay and response would become invalid. Thus, detection of insiders’ sabotage should be enhanced. Considering current countermeasures of PPS to insiders’ sabotage, the most significant challenge is how to distinguish ordinary maintenance behaviors and malicious behaviors since some malicious behaviors may hidden in ordinary maintenance behaviors. It appears that hand behavior has high contribution to human activity and a significant portion of maintenance behaviors and malicious behaviors. In this study, we proposed a hand behavior detection algorithm for insiders’ malicious behaviors for nuclear security [2]. We focused on the fact that the hand shape is uniquely determined by the fingertip coordinates. First, the depth image of the hand was captured with Kinect v2, and after removing the five fingers were remained by removing the palm and wrist parts, and the five fingers were identified using the K-means clustering [3], and the farthest point of each finger from wrist pixel was taken as the fingertip coordinates. The fingertip coordinates of the five fingers were combined for 60 frames to be time-series data, and this was used as the training data of the neural network. Time-series data obtained from five kinds of behaviors of five hands was used for training data. For the machine learning method, the Stacked-Auto Encoder (SAE) [4–5] which is one of popular methods was used. It extracts the feature of input data at intermediate layer of the first stage. In the second layer, the extracted feature is input and its feature is extracted to be used as the input of the softmax layer for pattern classification. Meanwhile, a real-time fingertip tracking system was developed and time-series data of each fingertip was successfully obtained with 29.8fps using MATLAB whose CPU was Intel Xeon Processor E5-2630v4 (25M Cache, 2.20 GHz). Moreover, a time-series data analysis based behavior recognition method was developed and all assumed malicious behaviors were detected with high accuracy (82.555% in overall) and speed (0.0023 seconds per frame) in the same computing environment. Also, robustness of the behavior recognition method was verified.
APA, Harvard, Vancouver, ISO, and other styles
3

Dornhackl, Hermann, Konstantin Kadletz, Robert Luh, and Paul Tavolato. "Malicious Behavior Patterns." In 2014 IEEE 8th International Symposium on Service Oriented System Engineering (SOSE). IEEE, 2014. http://dx.doi.org/10.1109/sose.2014.52.

Full text
APA, Harvard, Vancouver, ISO, and other styles
4

Dalal, Siddhartha, Zihe Wang, and Siddhanth Sabharwal. "Identifying Ransomware Actors in the Bitcoin Network." In 2nd International Conference on Machine Learning, IOT and Blockchain (MLIOB 2021). Academy and Industry Research Collaboration Center (AIRCC), 2021. http://dx.doi.org/10.5121/csit.2021.111201.

Full text
Abstract:
Due to the pseudo-anonymity of the Bitcoin network, users can hide behind their bitcoin addresses that can be generated in unlimited quantity, on the fly, without any formal links between them. Thus, it is being used for payment transfer by the actors involved in ransomware and other illegal activities. The other activity we consider is related to gambling since gambling is often used for transferring illegal funds. The question addressed here is that given temporally limited graphs of Bitcoin transactions, to what extent can one identify common patterns associated with these fraudulent activities and apply themto find other ransomware actors. The problem is rather complex, given that thousands of addresses can belong to the same actor without any obvious links between them and any common pattern of behavior. The main contribution of this paper is to introduce and apply new algorithms for local clustering and supervised graph machine learning for identifying malicious actors. We show that very local subgraphsof the known such actors are sufficient to differentiate between ransomware, random and gambling actors with 85%prediction accuracy on the test data set.
APA, Harvard, Vancouver, ISO, and other styles
5

Xiaoyan Sun, Ning Guo, and Yuefei Zhu. "Reduction of malicious behavior patterns based on attribute order." In 2010 IEEE International Conference on Intelligent Computing and Intelligent Systems (ICIS 2010). IEEE, 2010. http://dx.doi.org/10.1109/icicisys.2010.5658544.

Full text
APA, Harvard, Vancouver, ISO, and other styles
6

Pengkui Luo, Ruben Torres, Zhi-Li Zhang, Sabyasachi Saha, Sung-Ju Lee, Antonio Nucci, and Marco Mellia. "Leveraging client-side DNS failure patterns to identify malicious behaviors." In 2015 IEEE Conference on Communications and Network Security (CNS). IEEE, 2015. http://dx.doi.org/10.1109/cns.2015.7346852.

Full text
APA, Harvard, Vancouver, ISO, and other styles
7

Silva, Emanuel, and Johannes Lochter. "A study on Anomaly Detection GAN-based methods on image data." In Encontro Nacional de Inteligência Artificial e Computacional. Sociedade Brasileira de Computação - SBC, 2019. http://dx.doi.org/10.5753/eniac.2019.9337.

Full text
Abstract:
The anomaly detection task is a well know problem being researched among a variety of areas, including machine learning. The task is to identify data patterns that have a non expected behaviour, that can be a malicious data sent by an attacker or a unexpected valid behaviour, in both cases the anomaly need to be identified. With the advance of deep learning based techniques showing that this class of algorithms can learn high-dimensional and complex data patterns, naturally it became an option to the anomaly detection task. Recent researches in literature are using a sub-field of deep learning algorithms named Generative Adversarial Networks for predicting anomalous samples, since the original method can learn the data distribution. These new techniques make some changes for the anomaly detection task, and this work provides a briefly review on these methods and provides a comparison with well known methods.
APA, Harvard, Vancouver, ISO, and other styles
8

Nimje, Chetan, and Prashil Junghare. "A review on node activity detection, selfish & malicious behavioral patterns using watchdog algorithm." In 2017 International Conference on Inventive Systems and Control (ICISC). IEEE, 2017. http://dx.doi.org/10.1109/icisc.2017.8068663.

Full text
APA, Harvard, Vancouver, ISO, and other styles
9

Chen, Huili, Cheng Fu, Jishen Zhao, and Farinaz Koushanfar. "DeepInspect: A Black-box Trojan Detection and Mitigation Framework for Deep Neural Networks." In Twenty-Eighth International Joint Conference on Artificial Intelligence {IJCAI-19}. California: International Joint Conferences on Artificial Intelligence Organization, 2019. http://dx.doi.org/10.24963/ijcai.2019/647.

Full text
Abstract:
Deep Neural Networks (DNNs) are vulnerable to Neural Trojan (NT) attacks where the adversary injects malicious behaviors during DNN training. This type of ‘backdoor’ attack is activated when the input is stamped with the trigger pattern specified by the attacker, resulting in an incorrect prediction of the model. Due to the wide application of DNNs in various critical fields, it is indispensable to inspect whether the pre-trained DNN has been trojaned before employing a model. Our goal in this paper is to address the security concern on unknown DNN to NT attacks and ensure safe model deployment. We propose DeepInspect, the first black-box Trojan detection solution with minimal prior knowledge of the model. DeepInspect learns the probability distribution of potential triggers from the queried model using a conditional generative model, thus retrieves the footprint of backdoor insertion. In addition to NT detection, we show that DeepInspect’s trigger generator enables effective Trojan mitigation by model patching. We corroborate the effectiveness, efficiency, and scalability of DeepInspect against the state-of-the-art NT attacks across various benchmarks. Extensive experiments show that DeepInspect offers superior detection performance and lower runtime overhead than the prior work.
APA, Harvard, Vancouver, ISO, and other styles
You might also be interested in the extended bibliographies on the topic 'Malicious behavior pattern' for particular source types:
Journal articles
We offer discounts on all premium plans for authors whose works are included in thematic literature selections. Contact us to get a unique promo code!

To the bibliography