DNS query failure and algorithmically generated domain-flux detection

Ghafir, Ibrahim; Přenosil, Václav

doi:10.1049/cp.2014.1410

Cited by 7 publications

(4 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…False data assaults require the insertion of false software into meters. A linear factor of the Jacobian power system matrix can be used to manipulate measurements across the network for FDI attacks [37], [42]. The current state approximation methods do not notice this shift in the calculation.…”

Section: Security Systems and Issuesmentioning

confidence: 99%

Cyber Security Challenges in Smart Grids

Khan¹

2020

Preprint

View full text Add to dashboard Cite

show abstract

Section: Security Systems and Issuesmentioning

confidence: 99%

Cyber Security Challenges in Smart Grids

Khan¹

2020

Preprint

View full text Add to dashboard Cite

show abstract

“…First, eight detection modules are employed to detect the individual APT steps. ese modules are Tor connection detection [11], malicious SSL certicate detection [12], malicious le hash detection [13], malicious domain name detection [14], domain ux detection [15], malicious IP address detection [16], scan detection and disguised exe le detection. Second, a correlation methodology including clustering algorithms is utilised to correlate the steps related to one APT campaign.…”

Section: Introductionmentioning

confidence: 99%

Disguised executable files in spear-phishing emails

Ghafir

Přenosil

Hammoudeh

et al. 2018

Proceedings of the 2nd International Conference on Future Networks and Distributed Systems

View full text Add to dashboard Cite

In recent years, cyber a acks have caused substantial nancial losses and been able to stop fundamental public services. Among the serious a acks, Advanced Persistent reat (APT) has emerged as a big challenge to the cyber security hi ing selected companies and organisations. e main objectives of APT are data ex ltration and intelligence appropriation. As part of the APT life cycle, an a acker creates a Point of Entry (PoE) to the target network. is is usually achieved by installing malware on the targeted machine to leave a back-door open for future access. A common technique employed to breach into the network, which involves the use of social engineering, is the spear phishing email. ese phishing emails may contain disguised executable les. is paper presents the disguised executable le detection (DeFD) module, which aims at detecting disguised exe les transferred over the network connections. e detection is based on a comparison between the MIME type of the transferred le and the le name extension. is module was experimentally evaluated and the results show a successful detection of disguised executable les.

show abstract

“…For that purpose, eight detection modules are presented, which are disguised exe file detection, malicious file hash detection [15], malicious domain name detection [16], malicious IP address detection [17], malicious SSL certificate detection [18], domain flux detection [19], scan detection, and Tor connection detection [20]. The second phase includes a correlation framework to link the outputs of the detection modules.…”

mentioning

confidence: 99%

Defending against the advanced persistent threat: Detection of disguised executable files

Ghafir

Hammoudeh

Přenosil

2018

Preprint

View full text Add to dashboard Cite

Advanced Persistent Threat (APT) is one of the most serious types of cyber attacks, which is a new and more complex version of multi-step attack. Within the APT life cycle, the most common technique used to get the point of entry is spear-phishing emails which may contain disguised executable files. This paper presents the disguised executable file detection (DeFD) module, which aims at detecting disguised exe files transferred over the connections. The detection is based on a comparison between the MIME type of the transferred file and the file name extension.This module was experimentally evaluated and the results show successful detection of disguised executable files.

show abstract

DNS query failure and algorithmically generated domain-flux detection

Cited by 7 publications

References 6 publications

Cyber Security Challenges in Smart Grids

Cyber Security Challenges in Smart Grids

Disguised executable files in spear-phishing emails

Defending against the advanced persistent threat: Detection of disguised executable files

Contact Info

Product

Resources

About