Cyber Threat Intelligence (eBook)
334 Seiten
Springer International Publishing (Verlag)
978-3-319-73951-9 (ISBN)
This book provides readers with up-to-date research of emerging cyber threats and defensive mechanisms, which are timely and essential. It covers cyber threat intelligence concepts against a range of threat actors and threat tools (i.e. ransomware) in cutting-edge technologies, i.e., Internet of Things (IoT), Cloud computing and mobile devices. This book also provides the technical information on cyber-threat detection methods required for the researcher and digital forensics experts, in order to build intelligent automated systems to fight against advanced cybercrimes.
The ever increasing number of cyber-attacks requires the cyber security and forensic specialists to detect, analyze and defend against the cyber threats in almost real-time, and with such a large number of attacks is not possible without deeply perusing the attack features and taking corresponding intelligent defensive actions - this in essence defines cyber threat intelligence notion. However, such intelligence would not be possible without the aid of artificial intelligence, machine learning and advanced data mining techniques to collect, analyze, and interpret cyber-attack campaigns which is covered in this book. This book will focus on cutting-edge research from both academia and industry, with a particular emphasis on providing wider knowledge of the field, novelty of approaches, combination of tools and so forth to perceive reason, learn and act on a wide range of data collected from different cyber security and forensics solutions. This book introduces the notion of cyber threat intelligence and analytics and presents different attempts in utilizing machine learning and data mining techniques to create threat feeds for a range of consumers. Moreover, this book sheds light on existing and emerging trends in the field which could pave the way for future works.
The inter-disciplinary nature of this book, makes it suitable for a wide range of audiences with backgrounds in artificial intelligence, cyber security, forensics, big data and data mining, distributed systems and computer networks. This would include industry professionals, advanced-level students and researchers that work within these related fields.
Contents 6
Cyber Threat Intelligence: Challenges and Opportunities 8
1 Introduction 8
1.1 Cyber Threat Intelligence Challenges 9
1.1.1 Attack Vector Reconnaissance 9
1.1.2 Attack Indicator Reconnaissance 10
1.2 Cyber Threat Intelligence Opportunities 10
2 A Brief Review of the Book Chapters 10
References 12
Machine Learning Aided Static Malware Analysis:A Survey and Tutorial 14
1 Introduction 15
2 An Overview of Machine Learning-Aided Static Malware Detection 16
2.1 Static Characteristics of PE Files 17
2.2 Machine Learning Methods Used for Static-Based Malware Detection 19
2.2.1 Statistical Methods 19
2.2.2 Rule Based 22
2.2.3 Distance Based 24
2.2.4 Neural Networks 25
2.2.5 Open Source and Freely Available ML Tools 26
2.2.6 Feature Selection and Construction Process 27
2.3 Taxonomy of Malware Static Analysis Using Machine Learning 27
3 Approaches for Malware Feature Construction 32
4 Experimental Design 33
5 Results and Discussions 36
5.1 Accuracy of ML-Aided Malware Detection Using Static Characteristics 38
5.1.1 PE32 Header 38
5.1.2 Bytes n-Gram 39
5.1.3 Opcode n-Gram 41
5.1.4 API Call n-Grams 46
6 Conclusion 47
References 47
Application of Machine Learning Techniques to Detecting Anomalies in Communication Networks: Datasets and Feature Selection Algorithms 53
1 Introduction 53
1.1 Border Gateway Protocol (BGP) 54
1.2 Approaches for Detecting Network Anomalies 56
2 Examples of BGP Anomalies 57
3 Analyzed BGP Datasets 61
3.1 Processing of Collected Data 63
4 Extraction of Features from BGP Update Messages 64
5 Review of Feature Selection Algorithms 67
5.1 Fisher Algorithm 68
5.2 Minimum Redundancy Maximum Relevance (mRMR) Algorithms 69
5.3 Odds Ratio Algorithms 70
5.4 Decision Tree Algorithm 71
6 Conclusion 73
References 73
Application of Machine Learning Techniques to Detecting Anomalies in Communication Networks: Classification Algorithms 77
1 Introduction 77
1.1 Machine Learning Techniques 79
2 Classification Algorithms 79
2.1 Performance Metrics 80
3 Support Vector Machine (SVM) 81
4 Long Short-Term Memory (LSTM) Neural Network 86
5 Hidden Markov Model (HMM) 89
6 Naive Bayes 90
7 Decision Tree Algorithm 94
8 Extreme Learning Machine Algorithm (ELM) 94
9 Discussion 95
10 Conclusion 96
References 96
Leveraging Machine LearningTechniques for Windows Ransomware Network Traffic Detection 99
1 Introduction 99
2 Related Works 100
3 Methodology 101
3.1 Data Collection Phase 101
3.1.1 Malicious Applications 102
3.1.2 Benign Applications 102
3.2 Feature Selection and Extraction 103
3.3 Machine Learning Classifiers 105
4 Experiments and Results 105
4.1 Evaluation Measures 107
4.2 Malware Experiment and Results 107
4.3 Result Comparison 109
5 Conclusion and Future Works 109
References 110
Leveraging Support Vector Machine for Opcode Density Based Detection of Crypto-Ransomware 113
1 Introduction 114
2 Related Works and Research Literature 115
3 Methodology 117
3.1 Data Collection 117
3.2 Feature Extraction 118
3.3 Dataset Creation 119
3.3.1 Merging the Data 119
3.3.2 Normalising the Data 119
3.3.3 Opcode Breakdown 120
3.4 Machine Learning Classification 122
3.4.1 SVM and Kernel Functions 122
3.4.2 Feature/Attribute Selection Process 122
3.5 Implementation 123
3.5.1 Pre-processing the Dataset (1) 124
3.5.2 Creating the Training and Test Datasets (2) 125
3.5.3 Training and Testing the SVM Classifier (3.1) 125
3.5.4 Training and Testing the Attribute Selection Evaluators 126
3.5.5 Evaluation Metrics 127
3.5.6 Machine Specifications 127
4 Experiments and Results 129
4.1 SMO (Two Classes) 129
4.2 SMO (Six Classes) 130
4.3 Training and Testing the Attribute Selection Evaluators 130
4.3.1 CFSSubsetEval 132
4.3.2 CorrelationAttributeEval 133
4.3.3 GainRatioAttributeEval 133
4.3.4 InfoGainAttributeEval 134
4.3.5 OneRAttributeEval 134
4.3.6 PrincipalComponents 135
4.3.7 RelieffAttributeEval 136
4.3.8 SymmetricalUncertAttributeEval 136
4.4 Tuning the Attribute Selection Evaluators to Achieve Further Feature Reduction (4) 137
4.5 Important Opcodes 137
5 Conclusion 138
References 140
BoTShark: A Deep Learning Approach for Botnet Traffic Detection 143
1 Introduction 144
2 Related Work 145
3 Background: Deep Learning 147
3.1 Autoencoders 147
3.2 Convolutional Neural Network (CNN) 148
4 Data Collection and Primary Feature Extraction 149
5 Proposed BoTShark 151
5.1 BoTShark-SA: Using Stacked Autoencoders 151
5.2 SocialBoTShrak-CNN: Using CNNs 153
6 Evaluation 154
7 Conclusion 156
References 156
A Practical Analysis of the Rise in Mobile Phishing 160
1 Introduction 160
2 Measuring the Impact of Phishing 162
3 Methodology for Visitors to Phishing Websites 163
4 Mobile Phishing Kits in the Wild 165
5 Mobile Phishing Campaigns 166
6 Recommended Changes 169
7 Conclusion 170
A.1 Appendix 171
References 172
PDF-Malware Detection: A Survey and Taxonomyof Current Techniques 174
1 Introduction 174
2 Background on Malicious PDF Files 176
2.1 The Portable Document Format 176
2.2 PDF Document Obfuscation Techniques 179
3 Taxonomy of PDF Malware Detection Approaches 180
3.1 Features 180
3.1.1 Metadata 182
3.1.2 JavaScript 183
3.1.3 Whole File 185
3.1.4 Feature Selection 186
3.2 Detection Approaches 186
3.2.1 Statistical Analysis 187
3.2.2 Machine Learning Classification 187
3.2.3 Clustering 187
3.2.4 Signature Matching 189
4 State of the Art Discussion 191
4.1 Related Works 193
5 Conclusions 194
References 194
Adaptive Traffic Fingerprinting for Darknet Threat Intelligence 197
1 Introduction 198
2 Background 200
2.1 Analysis of Attack Vectors in Tor 200
2.2 Hidden Services 202
2.3 Combining Methods 203
3 Adaptive Traffic Association and BGP Interception Algorithm (ATABI) 204
3.1 BGP Interception Component 206
3.2 MITM Component 207
3.3 Detection Scheme 208
4 Experimentation and Results 211
4.1 Experiment Setup 211
4.2 Evaluation Criteria 212
4.3 Results 213
5 Discussion 214
5.1 Use Cases 216
5.2 Proposed Defences 217
6 Conclusion and Future Work 218
References 219
A Model for Android and iOS Applications Risk Calculation: CVSS Analysis and Enhancement Using Case-Control Studies 222
1 Introduction 222
1.1 Background 224
1.2 Impact Sub-Score 225
1.3 Exploitability Sub-Score 227
1.4 Research Data Set 227
1.5 The CVSS Analysis of Data Set 229
2 Proposed Model 230
2.1 Results and Discussion 234
3 Conclusions and Future Works 237
References 238
A Honeypot Proxy Framework for Deceiving Attackers with Fabricated Content 241
1 Introduction 241
2 Deceiving Cyber Adversaries 242
3 Desirable Properties for a Fake Content Generator 244
4 The Design and Implementation of a Fake Content Generator 245
4.1 A Conceptual Design of a Fake Content Generator 245
4.2 The Implementation 246
4.3 An Example on the Usage of Honeyproxy 247
4.4 Recognizing Names Using Regular Expressions 249
4.5 Fake Entity Generation 250
5 Experiments 251
5.1 Recognizing Entity Attributes 251
5.2 Performance 252
6 Discussion and Limitations 254
7 Related Work 256
8 Conclusions and Future Work 257
References 258
Investigating the Possibility of Data Leakage in Time of Live VM Migration 261
1 Introduction 262
2 Background on Live Virtual Machine Migration 263
2.1 Memory Migration 264
2.2 Migration Algorithms 265
2.3 Live VM Migration Process 265
3 Security Threat Model 266
3.1 Threat Model 266
3.2 Security Threats and Attacks 266
3.2.1 Control Plane 267
3.2.2 Data Plane 267
3.2.3 Migration Module 268
3.2.4 Insecure Algorithms and Implementations 268
4 Secure Live Migration 269
4.1 Essential Security Requirements 269
4.2 Existing Solutions 269
4.2.1 Trusted Computing 270
4.2.2 VM-vTPM Live Migration 270
4.2.3 Trusted Third Party 272
4.2.4 Role-Based Migration 273
4.2.5 VLANs 274
5 Uncovered Threats with Potential Research Directions 275
5.1 Bugs in VMM 275
5.2 Replay of VM Data Messages 276
5.3 Privileged Access 277
5.4 Lack of Access Control 277
6 Proposed Secure Live VM Migration Protocol 278
7 Conclusion 280
References 280
Forensics Investigation of OpenFlow-Based SDN Platforms 282
1 Introduction 283
2 Related Work 284
3 Framework Specification and Design 285
4 Framework Development and Implementation 287
5 SDN Southbound Forensics Tool 288
6 Testing Environment Setup 290
7 Evaluation and Discussion 292
8 Conclusion 294
References 295
Mobile Forensics: A Bibliometric Analysis 298
1 Introduction 299
2 Methodology 299
2.1 Web of Science 301
3 Finding in Publications Distribution 301
3.1 Productivity 303
3.2 Research Areas 305
3.3 Institutions 306
3.4 Impact Journals 307
3.5 Highly Cited Articles 309
4 Conclusion and Future Works 309
References 310
Emerging from the Cloud: A Bibliometric Analysis of Cloud Forensics Studies 312
1 Introduction 312
2 Methodology 315
3 Results and Discussion 316
3.1 Productivity 317
3.2 Research Areas 320
3.3 Institutions 321
3.4 Impact Journals 321
3.5 Highly-Cited Articles 324
3.6 Keywords Frequency 324
4 Challenges and Future Trends 327
4.1 Evidence Identification 327
4.2 Legal Issues in the Cloud 328
4.3 Data Collection and Preservation 328
4.4 Analysis and Presentation 329
4.5 Future Trends 329
5 Conclusion 329
References 330
Index 333
| Erscheint lt. Verlag | 27.4.2018 |
|---|---|
| Reihe/Serie | Advances in Information Security | Advances in Information Security |
| Zusatzinfo | VI, 334 p. 105 illus., 77 illus. in color. |
| Verlagsort | Cham |
| Sprache | englisch |
| Themenwelt | Informatik ► Theorie / Studium ► Künstliche Intelligenz / Robotik |
| Mathematik / Informatik ► Informatik ► Web / Internet | |
| Schlagworte | Cyber defense • cyber forensics • Cyber Kill Chain • cyber security • cyber threat • evidence correlation • Hacking • Incident Response • indicators of compromise • Intrusion Detection • machine learning • malware analysis • malware campaign detection • threat analysis • Threat intelligence |
| ISBN-10 | 3-319-73951-4 / 3319739514 |
| ISBN-13 | 978-3-319-73951-9 / 9783319739519 |
| Informationen gemäß Produktsicherheitsverordnung (GPSR) | |
| Haben Sie eine Frage zum Produkt? |
PDF (Wasserzeichen)DRM: Digitales Wasserzeichen
Dieses eBook enthält ein digitales Wasserzeichen und ist damit für Sie personalisiert. Bei einer missbräuchlichen Weitergabe des eBooks an Dritte ist eine Rückverfolgung an die Quelle möglich.
Dateiformat: PDF (Portable Document Format)
Mit einem festen Seitenlayout eignet sich die PDF besonders für Fachbücher mit Spalten, Tabellen und Abbildungen. Eine PDF kann auf fast allen Geräten angezeigt werden, ist aber für kleine Displays (Smartphone, eReader) nur eingeschränkt geeignet.
Systemvoraussetzungen:
PC/Mac: Mit einem PC oder Mac können Sie dieses eBook lesen. Sie benötigen dafür einen PDF-Viewer - z.B. den Adobe Reader oder Adobe Digital Editions.
eReader: Dieses eBook kann mit (fast) allen eBook-Readern gelesen werden. Mit dem amazon-Kindle ist es aber nicht kompatibel.
Smartphone/Tablet: Egal ob Apple oder Android, dieses eBook können Sie lesen. Sie benötigen dafür einen PDF-Viewer - z.B. die kostenlose Adobe Digital Editions-App.
Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.
aus dem Bereich
