다중혈관 관상동맥 환자에서 y-문합을 이용하여 양쪽 내흉동맥만을 사용한 우회술의 조기 성적

[신간의 별자리x] 우리/미술, 그리고 ‘슬픔의 박물관’

An attack graph is a succinct representation of all paths through a system that end in a state where an intruder has successfully achieved his goal. Today Red Teams determine the vulnerability of networked systems by drawing gigantic attack graphs by hand. Constructing attack graphs by hand is tedious, error-prone, and impractical for large systems. By viewing an attack as a violation of a safety property, we can use off-the-shelf model checking technology to produce attack graphs automatically: a successful path from the intruder's viewpoint is a counterexample produced by the model checker In this paper we present an algorithm for generating attack graphs using model checking as a subroutine. Security analysts use attack graphs for detection, defense and forensics. In this paper we present a minimization analysis technique that allows analysts to decide which minimal set of security measures would guarantee the safety of the system. We provide a formal characterization of this problem: we prove that it is polynomially equivalent to the minimum hitting set problem and we present a greedy algorithm with provable bounds. We also present a reliability analysis technique that allows analysts to perform a simple cost-benefit trade-off depending on the likelihoods of attacks. By interpreting attack graphs as Markov Decision Processes we can use the value iteration algorithm to compute the probabilities of intruder success for each attack the graph.

Two Formal Analyses of Attack Graphs

Blockchain for smart cities: A review of architectures, integration trends and future research directions

This paper provides a survey of prediction, and forecasting methods used in cyber security. Four main tasks are discussed first, attack projection and intention recognition, in which there is a need to predict the next move or the intentions of the attacker, intrusion prediction, in which there is a need to predict upcoming cyber attacks, and network security situation forecasting, in which we project cybersecurity situation in the whole network. Methods and approaches for addressing these tasks often share the theoretical background and are often complementary. In this survey, both methods based on discrete models, such as attack graphs, Bayesian networks, and Markov models, and continuous models, such as time series and grey models, are surveyed, compared, and contrasted. We further discuss machine learning and data mining approaches, that have gained a lot of attention recently and appears promising for such a constantly changing environment, which is cyber security. The survey also focuses on the practical usability of the methods and problems related to their evaluation.

/pdf/survey-of-attack-projection-prediction-and-forecasting-in-6flrittvms.pdf

Survey of Attack Projection, Prediction, and Forecasting in Cyber Security

Internet of Things (IoT) represents a fundamental infrastructure and set of techniques that support innovative services in various application domains. Trust management plays an important role in enabling the reliable data collection and mining, context-awareness, and enhanced user security in the IoT. The main tasks of trust management include trust architecture design and reputation evaluation. However, existing trust architectures and reputation evaluation solutions cannot be directly applied to the IoT, due to the large number of physical entities, the limited computation ability of physical entities, and the highly dynamic nature of the network. In comparison, it generally requires a general and flexible architecture to manage trust in such a dynamic environment as IoT. In this paper, we present IoTrust, a trust architecture that integrates Soft Defined Network (SDN) in IoT, and a cross-layer authorization protocol based on IoTrust. IoTrust and the protocol together provide a new insight for research on trust management in the IoT. For trust establishment, we further propose a Behavior-based Reputation Evaluation Scheme for the Node (BES) and an Organization Reputation Evaluation Scheme (ORES). Both our theoretical analysis and simulation results validate the efficiency of BES and ORES.

/pdf/trust-architecture-and-reputation-evaluation-for-internet-of-1seu8gl3ih.pdf

Trust architecture and reputation evaluation for internet of things

Smart campus is an exciting, new, and emerging research area that uses technology and infrastructure to support and improve its processes in campus services, teaching, learning, and research, especially, the explosive growth in knowledge makes the role of cybersecurity of smart campus become increasingly important. Cyber range is an adaptable virtualization platform consisting of computers, networks, and systems on which various real-world cyber threat scenarios and systems can be evaluated to provide a comprehensive, unbiased assessment of the security of information and automated control systems. As an important part of features, cyber range must provide the capability of data collection, aggregation, correlation, and replay for the scenario owner or any “specialized users” to review attacks–defense processes on known targets and future zero-day research. To this end, based on our previous work, the Heetian cyber range, we proposed a method named C2RS meaning “a real-time correlation of host-level events in cyber range service.” C2RS implements out-of-band data capturing for greater attack resistance with virtual machine introspection technique. This approach allows C2RS to isolate the data captured from monitored hosts. C2RS leverages these captured data by incorporating them into the volatility framework to aid in simplifying the analysis of operating system memory structures. Finally, we proposed an object-dependent method to analyze the evidence of illegal activity. We conduct extensive experiments to evaluate the functions and performance of C2RS in a dynamic service. Through the test, we confirm that the proposed method is effective for real-time correlation of host-level events in cyber range service.

A Real-Time Correlation of Host-Level Events in Cyber Range Service for Smart Campus

As 5G and mobile computing are growing rapidly, deep learning services in the Social Computing and Social Internet of Things (IoT) have enriched our lives over the past few years. Mobile devices and IoT devices with computing capabilities can join social computing anytime and anywhere. Federated learning allows for the full use of decentralized training devices without the need for raw data, providing convenience in breaking data silos further and delivering more precise services. However, the various attacks illustrate that the current training process of federal learning is still threatened by disclosures at both the data and content levels. In this paper, we propose a new hybrid privacy-preserving method for federal learning to meet the challenges above. First, we employ an advanced function encryption algorithm that not only protects the characteristics of the data uploaded by each client, but also protects the weight of each participant in the weighted summation procedure. By designing local Bayesian differential privacy, the noise mechanism can effectively improve the adaptability of different distributed data sets. In addition, we also use Sparse Differential Gradient to improve the transmission and storage efficiency in federal learning training. Experiments show that when we use the sparse differential gradient to improve the transmission efficiency, the accuracy of the model is only dropped by 3% at most.

A Privacy-Preserving Federated Learning for Multiparty Data Sharing in Social IoTs

The development of Internet of Things (IoT) dramatically facilitates the integration of computing systems with the physical world. However, as IoT devices are more easy to compromise than desktop computers, cybercriminals have founded IoT-based botnets to launch Distributed Denial of Service (DDoS) attacks with unprecedented traffic volume. To mitigate the damages associated with these attacks, the detection of IoT-based botnet has to preempt the command and control (C&C) communication to prevent the delivery of the attack codes. Motivated by the extensively implementation of domain generation algorithm in botnets, in this article, we propose ConnSpoiler, a lightweight system that detects IoT-based botnets by identifying the stream of algorithmically generated domains (AGDs) in a fast way. ConnSpoiler only needs negligible system resources to take effect and thus can execute well on the resource-restraint IoT devices. By outfitting a powerful statistical algorithm, i.e., threshold random walk, ConnSpoiler has a high probability (about 94%) of detecting infection before the compromised devices connect C&C servers, which can help to prevent the succeeding attacks. Moreover, ConnSpoiler only requires the benign domains to take effect and therefore does not need extra effort to label malicious samples for training phase. We evaluate ConnSpoiler based on real-world DNS traffics collected from two different large ISP networks and show that it accurately identifies devices that are compromised by unknown botnets.

ConnSpoiler: Disrupting C&C Communication of IoT-Based Botnet Through Fast Detection of Anomalous Domain Queries

Cyber attacks prediction is an important part of risk management. Existing cyber attacks prediction methods did not fully consider the specific environment factors of the target network, which may make the results deviate from the true situation. In this paper, we propose a cyber attacks prediction model based on Bayesian network. We use attack graphs to represent all the vulnerabilities and possible attack paths. Then we capture the using environment factors using Bayesian network model. Cyber attacks predictions are performed on the constructed Bayesian network. Experimental analysis shows that our method gets more accurate results.

Lihua Yin

Papers

Trust architecture and reputation evaluation for internet of things

A Real-Time Correlation of Host-Level Events in Cyber Range Service for Smart Campus

A Privacy-Preserving Federated Learning for Multiparty Data Sharing in Social IoTs

ConnSpoiler: Disrupting C&C Communication of IoT-Based Botnet Through Fast Detection of Anomalous Domain Queries

Cyber Attacks Prediction Model Based on Bayesian Network