Inferring the Purpose of Network Activities

推断网络活动的目的

• 批准号: EP/N008448/1
• 负责人: Gianluca Stringhini
• 金额: $ 12.52万
• 依托单位: University College London
• 依托单位国家: 英国
• 项目类别: Research Grant
• 财政年份: 2015
• 资助国家: 英国
• 起止时间: 2015 至 无数据
• 项目状态: 已结题
• 来源: https://gtr.ukri.org/projects?ref=EP%2FN008448%2F1
• 关键词: Inferring; Purpose; Network; Activities

The sophistication of attacks targeting computer networks is constantly increasing. Recently, we have witnessed multiple sophisticated targeted attacks against governments and companies. Such attacks are much different than traditional network attacks, because attackers have virtually unlimited resources and can tailor their operation to the victim's network, making these attacks very difficult to detect. In fact, current state of the art detection techniques are inadequate to protect computer networks against targeted attacks.In this proposal, we aim to make some fundamental steps towards being able to reliably detect targeted attacks on computer networks. To this end, we plan to abstract the observation from the actual manifestation of an attack, and focus on the purpose behind network activities instead. We believe that modern machine learning techniques such as deep belief networks can be used to automatically learn high-level features from network data. Such features are indicative of the purpose for which the network activity is performed, rather than of the specific techniques and tools used to accomplish that purpose. These high-level features can then be used in traditional supervised machine learning to detect whether a network activity is being performed with a malicious intention or a benign one.

针对计算机网络的攻击的复杂性不断增加。最近，我们目睹了针对政府和公司的多起复杂的有针对性的攻击。这类攻击与传统的网络攻击有很大不同，因为攻击者几乎拥有无限的资源，可以根据受害者的网络定制他们的操作，使得这些攻击很难被检测到。事实上，目前最先进的检测技术不足以保护计算机网络免受有针对性的攻击。在这项建议中，我们的目标是采取一些基本步骤，能够可靠地检测到对计算机网络的有针对性的攻击。为此，我们计划将观察结果从攻击的实际表现中抽象出来，转而关注网络活动背后的目的。我们相信，深度信念网络等现代机器学习技术可以用于从网络数据中自动学习高级特征。这些特征表示执行网络活动的目的，而不是用于实现该目的的特定技术和工具。然后，这些高级特征可以用于传统的有监督机器学习，以检测网络活动是出于恶意还是良性意图执行的。

项目成果

What's in a name?

名字里有什么？

• DOI: 10.7554/elife.32437
• 发表时间: 2017
• 期刊: eLife
• 影响因子: 7.7
• 作者: Schaller,MichaelD;McDowell,Gary;Porter,André;Shippen,Dorothy;Friedman,KatherineL;Gentry,MatthewS;Serio,TriciaR;Sundquist,WesleyI
• 通讯作者: Sundquist,WesleyI

What's Your Major Threat? On the Differences between the Network Behavior of Targeted and Commodity Malware

您的主要威胁是什么？

• DOI: 10.1109/ares.2016.36
• 发表时间: 2016
• 作者: Mariconti E

Permissions snapshots: Assessing users' adaptation to the Android runtime permission model

• DOI: 10.1109/wifs.2016.7823922
• 发表时间: 2016-10
• 期刊: 2016 IEEE International Workshop on Information Forensics and Security (WIFS)
• 作者: Panagiotis Andriotis;M. Sasse;G. Stringhini

Towards Detecting Compromised Accounts on Social Networks

• DOI: 10.1109/tdsc.2015.2479616
• 发表时间: 2015-09
• 期刊: IEEE Transactions on Dependable and Secure Computing
• 影响因子: 7.3
• 作者: Manuel Egele;G. Stringhini;C. Kruegel;Giovanni Vigna

Human Aspects of Information Security, Privacy and Trust - 5th International Conference, HAS 2017, Held as Part of HCI International 2017, Vancouver, BC, Canada, July 9-14, 2017, Proceedings

信息安全、隐私和信任的人为方面 - 第五届国际会议，HAS 2017，作为 HCI International 2017 的一部分举行，加拿大不列颠哥伦比亚省温哥华，2017 年 7 月 9-14 日，会议记录

• DOI: 10.1007/978-3-319-58460-7_19
• 发表时间: 2017
• 作者: Al Moubayed N