Rafael Salema Marques scite author profile

The initial access achieved by cyber adversaries conducting a systematic attack against a targeted network is unlikely to be an asset of interest. Therefore, it is necessary to use lateral movement techniques to expand access to different devices within the network to accomplish the strategic attack’s objectives. The pivot attack technique is widely used in this context; the attacker creates an indirect communication tunnel with the target and uses traffic forwarding methods to send and receive commands. Recognising and classifying this technique in large corporate networks is a complex task, due to the number of different events and traffic generated. In this paper, we present a pivot attack classification criteria based on perceived indicators of attack (IoA) to identify the level of connectivity achieved by the adversary. Additionally, an automatic pivot classifier algorithm is proposed to include a classification attribute to introduce a novel capability for the APIVADS pivot attack detection scheme. The new algorithm includes an attribute to differentiate between types of pivot attacks and contribute to the threat intelligence capabilities regarding the adversary modus operandi. To the best of our knowledge, this is the first academic peer-reviewed study providing a pivot attack classification criteria.

show abstract

APIVADS: A Novel Privacy-Preserving Pivot Attack Detection Scheme Based on Statistical Pattern Recognition

Marques

Al-Khateeb

Epiphaniou

et al. 2022

IEEE Trans.Inform.Forensic Secur.

View full text Add to dashboard Cite

show abstract

A Flow-based Multi-agent Data Exfiltration Detection Architecture for Ultra-low Latency Networks

Marques

Epiphaniou

Al-Khateeb

et al. 2021

ACM Trans. Internet Technol.

View full text Add to dashboard Cite

Modern network infrastructures host converged applications that demand rapid elasticity of services, increased security, and ultra-fast reaction times. The Tactile Internet promises to facilitate the delivery of these services while enabling new economies of scale for high fidelity of machine-to-machine and human-to-machine interactions. Unavoidably, critical mission systems served by the Tactile Internet manifest high demands not only for high speed and reliable communications but equally, the ability to rapidly identify and mitigate threats and vulnerabilities. This article proposes a novel Multi-Agent Data Exfiltration Detector Architecture (MADEX), inspired by the mechanisms and features present in the human immune system. MADEX seeks to identify data exfiltration activities performed by evasive and stealthy malware that hides malicious traffic from an infected host in low-latency networks. Our approach uses cross-network traffic information collected by agents to effectively identify unknown illicit connections by an operating system subverted. MADEX does not require prior knowledge of the characteristics or behavior of the malicious code or a dedicated access to a knowledge repository. We tested the performance of MADEX in terms of its capacity to handle real-time data and the sensitivity of our algorithm’s classification when exposed to malicious traffic. Experimental evaluation results show that MADEX achieved 99.97% sensitivity, 98.78% accuracy, and an error rate of 1.21% when compared to its best rivals. We created a second version of MADEX, called MADEX level 2, that further improves its overall performance with a slight increase in computational complexity. We argue for the suitability of MADEX level 1 in non-critical environments, while MADEX level 2 can be used to avoid data exfiltration in critical mission systems. To the best of our knowledge, this is the first article in the literature that addresses the detection of rootkits real-time in an agnostic way using an artificial immune system approach while it satisfies strict latency requirements.

show abstract

Otimização paramétrica através de busca Hill Climbing distribuída em sistemas multiagentes / Parametric optimization via distributed Hill Climbing search in multi-agent systems

Vieira¹,

Marques²,

Castro³

2021

BJDV

View full text Add to dashboard Cite

Diversos problemas enfrentados por sistemas inteligentes podem ser modelados como problemas de busca. Um desses problemas é a definição de parâmetros de algoritmos de modo a maximizar (ou minimizar) uma função objetivo. Este tipo de problema pode demandar considerável gasto de tempo para realizar testes com vários valores de parâmetros e assim determinar os melhores valores para cada parâmetro. Descrevemos neste trabalho um sistema multiagente construído com a plataforma JADE capaz de realizar buscas de modo autônomo utilizando o algoritmo Hill Climbing por pontos de máximo (ou mínimo) em funções objetivo reais explorando a paralelização de processamento natural em sistemas multiagentes. Foram realizados diversos experimentos com os problemas clássicos das N-Rainhas e Caixeiro Viajante. Realizouse ainda a otimização paramétrica de um agente operador em mercado financeiro desenvolvido construído para o simulador AgEx. Os resultados obtidos demonstram a eficácia e eficiência do sistema.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.