Cyber Threats Monitoring: Experimental Analysis of Malware Behavior in Cyberspace

Colombini, Clara Maria; Colella, Antonio; Mattiucci, Marco; Castiglione, Aniello

doi:10.1007/978-3-642-40588-4_17

Cited by 5 publications

(4 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Honeypots serve to deflect attacks from hitting the systems they are protecting as well as serving as a means for gaining information about attackers by storing a record of their activity and learning what types of attacks and software tools the attacker is using. The goal of this type of honeypots is to lure an attacker to install either handler or agent code within the honeypot, thereby allowing the honeypot's [17] owner to track the handler or agent behavior and better understand how to defend against future DDoS installation attacks. Honeypots are also helpful because they can store event logfiles during a DDoS attack.…”

Section: The Proposed Solutionmentioning

confidence: 99%

See 1 more Smart Citation

Amplification DDoS Attacks: Emerging Threats and Defense Strategies

Colella¹,

Colombini

2014

Advanced Information Systems Engineering

Self Cite

View full text Add to dashboard Cite

Part 2: 4th International Workshop on Security and Cognitive Informatics for Homeland Defense (SeCIHD 2014)International audienceThere are too many servers on the Internet that have already been used, or that are vulnerable and can potentially be used to launch DDoS attacks. Even though awareness increases and organizations begin to lock down those systems, there are plenty of other protocols that can be exploited to be used instead of them. One example is the Simple Network Management Protocol (SNMP), which is a common UDP protocol used for network management. Several types of network devices actually come with SNMP ”on” by default. A request sent to an SNMP server returns a response that is larger than the query that came in.The main aim of this paper is to investigate on the increasing prevalence and destructive power of amplification-based distributed denial of service (DDoS) attacks in order to present a solution based on a profiling methodology. The paper encompass three aspects: amplification DDoS attacks and main port used, the profiling methodology as a mean of identifying the threat and shape it. Finally, a proposal solution is given by considering both strategic and technical aspects

show abstract

Section: The Proposed Solutionmentioning

confidence: 99%

“…As we have explained in a previous paper [17] the analysis cycle takes place in 6 steps (see Figure 5) Step 1 -Identification of the target.…”

Section: The Proposed Solutionmentioning

confidence: 99%

Amplification DDoS Attacks: Emerging Threats and Defense Strategies

Colella¹,

Colombini

2014

Advanced Information Systems Engineering

Self Cite

View full text Add to dashboard Cite

show abstract

“…e-banking and e-payment systems) are becoming the norm in developing and developed nations. Such systems and services can and have been targeted by cyber criminals [1]- [6], and malware is a popular or common tool used by cyber criminals [7]- [9]. For example, a cyber-attack in South Korea reportedly saw 32,000 computers belonging to broadcasting organizations and banks infected with a malware that overwrote the Master Boot Record (MBR) [8].…”

Section: Introductionmentioning

confidence: 99%

A cyber kill chain based taxonomy of banking Trojans for evolutionary computational intelligence

Kiwia

Dehghantanha

Choo

et al. 2018

Journal of Computational Science

View full text Add to dashboard Cite

Malware such as banking Trojans are popular with financially-motivated cybercriminals. Detection of banking Trojans remains a challenging task, due to the constant evolution of techniques used to obfuscate and circumvent existing detection and security solutions. Having a malware taxonomy can facilitate the design of mitigation strategies such as those based on evolutionary computational intelligence. Specifically, in this paper, we propose a cyber kill chain based taxonomy of banking Trojans features. This threat intelligence based taxonomy providing a stage-by-stage operational understanding of a cyber-attack, can be highly beneficial to security practitioners and the design of evolutionary computational intelligence on Trojans detection and mitigation strategy. The proposed taxonomy is validated by using a real-world dataset of 127 banking Trojans

show abstract

“…However, several threats have proven that many people's passwords are vulnerable to being cracked. Thus the security of user's information is threatened all the time [1].…”

Section: Introductionmentioning

confidence: 99%

Design of Password Guessing Prevention Protocol for Levelled-Security System

2018

Helix

View full text Add to dashboard Cite

Most applications use the password for authentication of the legitimate user. These applications maintain a database of username and corresponding password. In databases, passwords are stored in the form of hash values which are irreversible. A potential hacker may use brute force attack or dictionary attack for guessing the password. In brute force attack; hacker tries all possible combinations of passwords to gain unauthorized access to user's account. In a dictionary attack, the hacker uses dictionary file containing possible passwords and tries every password from that file. It is noted that, even though password with certain patterns is accepted as strong by existing systems, they are vulnerable to dictionary attack. The proposed system allows the user to choose a password which is not present in the dictionary. Also, all possible alterations of passwords are matched against the supplied dictionary. Password containing personal information is not accepted by the system. The present study proposes a security method based on login attempts and respective security levels for the password. The concept of security levels is introduced which aims at increasing the strength of the password on detection of malicious activity such as invalid login attempts, login attempts performed for the same user account from two different locations in little time difference which are far away from each other, etc. On detection of any suspicious activity, the security level of the password gets upgraded to the higher level which increases length and strength of the password by making it more complex and hard to crack.

show abstract

Cyber Threats Monitoring: Experimental Analysis of Malware Behavior in Cyberspace

Cited by 5 publications

References 22 publications

Amplification DDoS Attacks: Emerging Threats and Defense Strategies

Amplification DDoS Attacks: Emerging Threats and Defense Strategies

A cyber kill chain based taxonomy of banking Trojans for evolutionary computational intelligence

Design of Password Guessing Prevention Protocol for Levelled-Security System

Contact Info

Product

Resources

About