scispace - formally typeset
Search or ask a question
Author

Tingting Lu

Bio: Tingting Lu is an academic researcher from Sichuan University. The author has contributed to research in topics: Profiling (computer programming) & Data science. The author has an hindex of 1, co-authored 1 publications receiving 2 citations.

Papers
More filters
Journal ArticleDOI
TL;DR: This work indicates that DFI may be ineffective against the exploitation of memory corruption vulnerabilities in certain circumstances, and that DFB can circumvent DFI to carry out memory corruption attacks.

7 citations

Journal ArticleDOI
TL;DR: A systematic review of intelligent threat profiling techniques for APT attacks, covering three aspects: data, methods, and applications, is provided in this paper , which summarizes the latest research in applications, proposes the research framework and technical architecture, and provides insights into future research trends.

4 citations


Cited by
More filters
Journal ArticleDOI
TL;DR: This systematization of knowledge on PDA exploits and effective defence mechanisms suggests that stronger policies are needed, especially protection methods against DOP attacks, and that performance and compatibility problems are the main barriers to widespread adoption.

8 citations

Proceedings ArticleDOI
07 Jul 2020
TL;DR: This paper presents a technique to detect attacks in RTES based on timing information, designed for single-core processors, based on a monitor implemented in hardware to preserve the predictability of instrumented programs.
Abstract: Real-time embedded systems (RTES) are required to interact more and more with their environment, thereby increasing their attack surface. Recent security breaches on car brakes and other critical components have already proven the feasibility of attacks on RTES. Such attacks may change the control-flow of the programs, which may lead to violations of the system's timing constraints. In this paper, we present a technique to detect attacks in RTES based on timing information. Our technique, designed for single-core processors, is based on a monitor implemented in hardware to preserve the predictability of instrumented programs. The monitor uses timing information (Worst-Case Execution Time-WCET) of code regions to detect attacks. The proposed technique guarantees that attacks that delay the run-time of any region beyond its WCET are detected. Since the number of regions in programs impacts the memory resources consumed by the hardware monitor, our method includes a region selection algorithm that limits the amount of memory consumed by the monitor. An implementation of the hardware monitor and its simulation demonstrates the practicality of our approach. In particular, an experimental study evaluates the attack detection latency.

6 citations

Proceedings ArticleDOI
30 Jan 2023
TL;DR: TTPHunter as discussed by the authors fine-tunes linear classifiers, which take input as BERT (Bidirectional Encoder Representations from Transformers) embeddings of sentences, to extract TTPs from APT reports.
Abstract: With the proliferation of attacks from various Advanced Persistent Threats (APT) groups, it is essential to comprehend the threat actor’s attack patterns to accelerate threat detection and response. The MITRE ATT&CK framework’s Tactics, Techniques, and Procedures (TTPs) help to decipher attack patterns. The APT reports, published by security firms, contain rich information on tools and techniques used by threat actors. These reports are available in unstructured and natural language texts. There is a need for an automated tool to extract TTPs present in natural language text. However, there are few tools available in the literature, but their performance is not very satisfactory. In this work, we propose TTPHunter, to extract TTPs from APT reports by mapping sentence context to relevant TTPs. We fine-tune linear classifiers, which take input as BERT (Bidirectional Encoder Representations from Transformers) embeddings of sentences. We create two datasets: sentence-based (8,387 sentence samples) and document-based (50 threat reports) to validate TTPHunter. TTPHunter achieves the F1-score of 88% and 75% for both datasets, respectively. We compare the TTPHunter with rcATT and AttacKG baseline models, and it outperforms both baselines.

1 citations

Journal ArticleDOI
TL;DR: In this paper , the authors describe different standards for IOC representation and discuss the associated challenges that restrict security investigators from developing IOCs in the industrial sectors, and also discuss the potential IOCs against cyber-attacks in ICS systems.
Abstract: Numerous sophisticated and nation-state attacks on Industrial Control Systems (ICSs) have increased in recent years, exemplified by Stuxnet and Ukrainian Power Grid. Measures to be taken post-incident are crucial to reduce damage, restore control, and identify attack actors involved. By monitoring Indicators of Compromise (IOCs), the incident responder can detect malicious activity triggers and respond quickly to a similar intrusion at an earlier stage. However, to implement IOCs in critical infrastructures, we need to understand their contexts and requirements. Unfortunately, there is no survey paper in the literature on IOC in the ICS environment, and only limited information is provided in research articles. In this article, we describe different standards for IOC representation and discuss the associated challenges that restrict security investigators from developing IOCs in the industrial sectors. We also discuss the potential IOCs against cyber-attacks in ICS systems. Furthermore, we conduct a critical analysis of existing works and available tools in this space. We evaluate the effectiveness of identified IOCs’ by mapping these indicators to the most frequently targeted attacks in the ICS environment. Finally, we highlight the lessons to be learned from the literature and the future problems in the domain along with the approaches that might be taken.