Circular Image

164 records found

Carpet bombing-type DDoS attacks targeting a wide-range network rather than a single IP address have threatened the Internet. Some researchers have investigated the characteristics of single-target DDoS attacks. Still, much less is known about the characteristics of carpet bombin ...
The AI Act represents a significant legislative effort by the European Union to govern the use of AI systems according to different risk-related classes, imposing different degrees of compliance obligations to users and providers of AI systems. However, it is often critiqued due ...
In recent years, the intelligence domain has transformed and become more cyber-oriented. This has been accompanied by governance reforms of intelligence agencies’ powers and oversight mechanisms. However, opinions on key points of these reforms diverge and diverging professional ...

Pushing boundaries

An empirical view on the digital sovereignty of six governments in the midst of geopolitical tensions

In just a few years, the issue of “digital sovereignty” has emerged as an important security issue for governments across the globe, reflecting a growing unease about the security risks associated with government services that depend on foreign service providers for digital infra ...
We investigate the potential for abuse of recent AI advances by developing seven malware programs and two attack tools using ChatGPT, OpenAI Playground's "text-davinci-003"model, and Auto-GPT - an open-source AI agent capable of generating automated prompts to accomplish user-def ...

No One Drinks From the Firehose

How Organizations Filter and Prioritize Vulnerability Information

The number of published software vulnerabilities is increasing every year. How do organizations stay in control of their attack surface despite their limited staff resources? Prior work has analyzed the overall software vulnerability ecosystem as well as patching processes within ...

Bin there, target that

Analyzing the target selection of IoT vulnerabilities in malware binaries

For years, attackers have exploited vulnerabilities in Internet of Things (IoT) devices. Previous research has examined target selection in cybercrime, but there has been little investigation into the factors that influence target selection in attacks on IoT. This study aims to b ...
The AI Act represents a significant legislative effort by the European Union to govern the use of AI systems according to different risk-related classes, linking varying degrees of compliance obligations to the system's classification. However, it is often critiqued due to the la ...

Alert Alchemy

SOC Workflows and Decisions in the Management of NIDS Rules

Signature-based network intrusion detection systems (NIDSs) and network intrusion prevention systems (NIPSs) remain at the heart of network defense, along with the rules that enable them to detect threats. These rules allow Security Operation Centers (SOCs) to properly defend a n ...

DomainPrio

Prioritizing Domain Name Investigations to Improve SOC Efficiency

Security Operations Centers (SOCs) are in need of automation for triaging alerts. Current approaches focus on analyzing and enriching individual alerts. We take a different approach and analyze the population of alerts. In an observational study over 24 weeks, we find a surprisin ...

Ruling the Rules

Quantifying the Evolution of Rulesets, Alerts and Incidents in Network Intrusion Detection

Notwithstanding the predicted demise of signature-based network monitoring, it is still part of the bedrock of security operations. Rulesets are fundamental to the efficacy of Network Intrusion Detection Systems (NIDS). Yet, they have rarely been studied in production environment ...
Geographically distributed infrastructures, such as buildings, dams, and solar power plants, are commonly maintained via Internet-connected remote management devices. Previous studies on detecting and securing industrial control systems (ICS) have overlooked these remote manageme ...
IP spoofing, sending IP packets with a false source IP address, continues to be a primary attack vector for large-scale Denial of Service attacks. To combat spoofing, various interventions have been tried to increase the adoption of source address validation (SAV) among network o ...

No Spring Chicken

Quantifying the Lifespan of Exploits in IoT Malware Using Static and Dynamic Analysis

The Internet of things (IoT) is composed by a wide variety of software and hardware components that inherently contain vulnerabilities. Previous research has shown that it takes only a few minutes from the moment an IoT device is connected to the Internet to the first infection a ...

Disposable Botnets

Long-term Analysis of IoT Botnet Infrastructure

Large botnets made up of Internet-of-Things (IoT) devices have a steady presence in the threat landscape since 2016. However, it has not explained how attackers maintain control over their botnets. In this paper, we present a long-term analysis of the infrastructure of IoT botnet ...

Difficult for Thee, But Not for Me

Measuring the Difficulty and User Experience of Remediating Persistent IoT Malware

Consumer IoT devices may suffer malware attacks, and be recruited into botnets or worse. There is evidence that generic advice to device owners to address IoT malware can be successful, but this does not account for emerging forms of persistent IoT malware. Less is known about pe ...
We tracked the largest volunteer security information sharing community known to date: the COVID-19 Cyber Threat Coalition, with over 4,000 members. This enabled us to address long-standing questions on threat information sharing. First, does collaboration at scale lead to better ...
The emergence of Cybercrime-as-a-Service (CaaS) is a critical evolution in the cybercrime landscape. A key area of research on CaaS is where and how the supply of CaaS is being matched with demand. Next to underground marketplaces and custom websites, cybercrime forums provide an ...

SoK: A framework for asset discovery

Systematizing advances in network measurements for protecting organizations

Asset discovery is fundamental to any organization's cybersecurity efforts. Indeed, one must accurately know which assets belong to an IT infrastructure before the infrastructure can be secured. While practitioners typically rely on a relatively small set of well-known techniques ...
Instead of only considering technology, computer security research now strives to also take into account the human factor by studying regular users and, to a lesser extent, experts like operators and developers of systems. We focus our analysis on the research on the crucial popu ...