Detection of DoS attack and zero day threat with SIEM

Sornalakshmi, K.

doi:10.1109/iccons.2017.8250515

Cited by 17 publications

(16 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…General prototype of a Network: Models, network architecture and services that protect information from the following references [11], [14], [30] and [39] were considered; Server protection was decided as they do in [32], [33] and [34] to continue providing services offered by an organization through its applications.…”

Section: Methodology To Generate Resultsmentioning

confidence: 99%

“…• The proposed research is related to the results with the following references: in [8] a management and monitoring architecture was defined through software to filter attacks; in [9] an algorithm of classification of the characteristics in the attacks was used; in [21] security levels were defined to prevent attacks; in [22] a set of policies for storage and data security was applied; in [27] a package registration procedure was used to minimize the denial of service in the network; in [29] the application of security policy and user control was used; in [30] an attack mitigation algorithm was used when entering ip addresses and invalid requests; in [32] the detection of attacks in the request and delivery messages was analyzed; in [33] and [34] they defined an architecture to detect attacks on the server and analysis of network traffic; in [37] analyzed a responsibility approach and rules to minimize individual and community risks; in [39] a security policy was applied to computer equipment.…”

Section: Discussionmentioning

confidence: 99%

“…To detect DoS attack on the server, the authors proposed to work with the server's Log, network characteristics, connection time, packets and addresses; uses a rule implementation which verifies against the records, alarms are notified to the administrator and saved; this process works permanently [34]. The authors described 2 potential risks, defending themselves with a weak system or defending themselves with greater intensity in direct attacks on the attackers [35].…”

Section: Related Jobsmentioning

confidence: 99%

See 2 more Smart Citations

Analysis of Cyberattacks in Public Organizations in Latin America

Toapanta¹,

Cobeña²,

Gallegos³

2020

Adv. sci. technol. eng. syst. j.

View full text Add to dashboard Cite

It was analyzed certain information about cyberattacks in Latin America and methods to counteract the aggressions that affect services, data and infrastructure. The problem is the cyberattack on information networks where there is interdependence between processes, people and devices within public organizations with the negative consequence of denial of services. The objective is to propose a protection model against cyberattacks in public organizations in Latin America to minimize the denial of public services. It was applied the deductive method and exploration to examine the information of cited articles. It resulted a General Model of Protection against Attacks, a Prototype of a network, a Algorithm in flowchart to minimize the attack arrival and a Formula of probability of attack arrival. It was concluded that in order to maintain the continuity of services and activities of public organizations, secure platforms must be in place to monitor and minimize possible attacks; our proposal has an attack detection accuracy of 87.49%.

show abstract

Section: Methodology To Generate Resultsmentioning

confidence: 99%

Section: Discussionmentioning

confidence: 99%

Section: Related Jobsmentioning

confidence: 99%

See 1 more Smart Citation

Analysis of Cyberattacks in Public Organizations in Latin America

Toapanta¹,

Cobeña²,

Gallegos³

2020

Adv. sci. technol. eng. syst. j.

View full text Add to dashboard Cite

show abstract

“…Malware attackers can choose different targets or cyber-physical devices and attack them like mobile devices and connected vehicles. Many of the targets the threat actor attack are susceptible to malware attacks due to mismanagement issues, poor patching behaviors, and dangerous 0-day attacks [16].…”

Section: Related Workmentioning

confidence: 99%

A Machine Learning Framework for Domain Generation Algorithm-Based Malware Detection

Li¹,

Xiong²,

Chin³

et al. 2019

IEEE Access

View full text Add to dashboard Cite

Attackers usually use a command and control (C2) server to manipulate the communication. In order to perform an attack, threat actors often employ a domain generation algorithm (DGA), which can allow malware to communicate with C2 by generating a variety of network locations. Traditional malware control methods, such as blacklisting, are insufficient to handle DGA threats. In this paper, we propose a machine learning framework for identifying and detecting DGA domains to alleviate the threat. We collect real-time threat data from the real-life traffic over a one-year period. We also propose a deep learning model to classify a large number of DGA domains. The proposed machine learning framework consists of a two-level model and a prediction model. In the two-level model, we first classify the DGA domains apart from normal domains and then use the clustering method to identify the algorithms that generate those DGA domains. In the prediction model, a time-series model is constructed to predict incoming domain features based on the hidden Markov model (HMM). Furthermore, we build a deep neural network (DNN) model to enhance the proposed machine learning framework by handling the huge dataset we gradually collected. Our extensive experimental results demonstrate the accuracy of the proposed framework and the DNN model. To be precise, we achieve an accuracy of 95.89% for the classification in the framework and 97.79% in the DNN model, 92.45% for the second-level clustering, and 95.21% for the HMM prediction in the framework. INDEX TERMS Malware, domain generation algorithm, machine learning, security, networking.

show abstract

“…Many of the targets the threat actor attack are susceptible to malware attacks due to mismanagement issues, poor patching behaviors, and dangerous 0-day attacks. 4 To differentiate DGA domain names from normal domain names, researchers have discovered that DGA-generated domain names contain significant features. 5 Therefore, many studies aim to target blocking those DGA domain names as a defense approach.…”

Section: Related Workmentioning

confidence: 99%

A machine learning framework for domain generating algorithm based malware detection

Akhila

Keerthana

et al. 2020

Security and Privacy

View full text Add to dashboard Cite

Real-time detection of domain names that are generated using the domain generating algorithms (DGA) is a challenging cyber security challenge. Traditional malware control methods, such as blacklisting, are insufficient to handle DGA threats. In this paper, a machine learning framework for identifying and detecting DGA domains is proposed to alleviate the threat. The proposed machine learning framework consists of a two-level model. In the two-level model, the DGA domains are classified apart from normal domains and then the clustering method is used to identify the algorithms that generate those DGA domains. K E Y W O R D S density-based spatial clustering of applications with noise, DGA, gradient boosting tree, J48, Jaccard-index, logistic regression, machine learning, malware, n-grams entropy ordering points to identify the clustering

show abstract

Detection of DoS attack and zero day threat with SIEM

Cited by 17 publications

References 10 publications

Analysis of Cyberattacks in Public Organizations in Latin America

Analysis of Cyberattacks in Public Organizations in Latin America

A Machine Learning Framework for Domain Generation Algorithm-Based Malware Detection

A machine learning framework for domain generating algorithm based malware detection

Contact Info

Product

Resources

About