Assessment of potential sediment disasters and resilience management of mountain roads using environmental indicators

In recent years, extreme rainfall events occur frequently, causing serious watershed sediment disasters, destroying mountain roads, and endangering the safety of residents' lives and property. This study aims to deal with the spatial change of potential sediment movement on the road slope pre-disaster and to screen disaster hot spots for early warning and control system. The conceptual model is used to simulate the distribution of primary and/or derived disasters on a watershed scale to assess the impact of sediment disasters caused by heavy rain event. Correlation analysis shows that the models in assessment of primary disaster and derived disaster are significantly correlated with the collapse ratio and disaster ratio, respectively. Since the primary disaster has been considered when calculating the derived disaster risk, the terrain subdivision along Provincial Highway 21 (Tai-21) is extracted to understand the derived sediment disaster on the road slope. The model can effectively evaluate the road sections prone to disasters. According to the risk level, the hot spot of road slope disasters and the management of disaster resilience are determined and can be the reference for disaster prevention and control.

G-CAS: Greedy Algorithm-Based Security Event Correlation System for Critical Infrastructure Network

The attacks on the critical infrastructure network have increased sharply, and the strict management measures of the critical infrastructure network have caused its correlation analysis technology for security events to be relatively backward; this makes the critical infrastructure network’s security situation more severe. Currently, there is no common correlation analysis technology for the critical infrastructure network, and most technologies focus on expanding the dimension of data analysis, but with less attention to the optimization of analysis performance. The analysis performance does not meet the practical environment, and real-time analysis is even more impossible; as a result, the efficiency of security threat detection is greatly declined. To solve this issue, we propose the greedy tree algorithm, a correlation analysis approach based on the greedy algorithm, which optimizes event analysis steps and significantly improves the performance, so the real-time correlation analysis can be realized. We first verify the performance of the algorithm through formalization, and then the G-CAS (Greedy Correlation Analysis System) is implemented based on this algorithm and is applied in a real critical infrastructure network, which outperformed the current mainstream products.

An Empirical Assessment of Endpoint Detection and Response Systems against Advanced Persistent Threats Attack Vectors

Advanced persistent threats pose a significant challenge for blue teams as they apply various attacks over prolonged periods, impeding event correlation and their detection. In this work, we leverage various diverse attack scenarios to assess the efficacy of EDRs against detecting and preventing APTs. Our results indicate that there is still a lot of room for improvement as state-of-the-art EDRs fail to prevent and log the bulk of the attacks that are reported in this work. Additionally, we discuss methods to tamper with the telemetry providers of EDRs, allowing an adversary to perform a more stealth attack.

Threat Hunting Early Experiment through Event Correlation and Memory Forensic

The cyber threat landscapes nowadays are dynamically evolving over time, the cyber security practitioner in corporations need to adapt with more sophisticated way with the latest cyber threat attacks are launched. Cyber Threat Intelligence is one of the tools that can be utilized as a cyber threat detection. Generally, CTI operates by integrating its directory with events collected from Security Information and Event Management (SIEM) to correlates all of the appliances logs within corporation and providing summarized and meaningful information that can be reviewed to identify legitimate malicious cyber threat activity. However, relying only CTI subscription that only contains blacklist domain and ip addresses integrated with SIEM will only provide passive detection for known cyber threats. The needs for proactive cyber threat detection is required to compete with the modern threat landscape. This research work will try to explore the possibility of detecting unknown or undetected cyber threats using network event correlation and memory forensic to validate its existence. Throughout this research time span, we’re able to discover malicious network pattern that is proven to be undetected within internal organization endpoint protection. Therefore, this research will provide baseline for threat hunting activity based on network behavioural pattern.

Dynamic Vision Sensor Tracking Method Based on Event Correlation Index

Dynamic vision sensor is a kind of bioinspired sensor. It has the characteristics of fast response, large dynamic range, and asynchronous output event stream. These characteristics make it have advantages that traditional image sensors do not have in the field of tracking. The output form of the dynamic vision sensor is asynchronous event stream, and the object information needs to be provided by the relevant event cluster. This article proposes a method based on the event correlation index to obtain the object’s position, contour, and other information and is compatible with traditional tracking methods. Experiments show that this method can obtain the position information of the moving object and its continuous motion trajectory and analyze the influence of the parameters on the tracking effect. This method will have broad application prospects in security, transportation, etc.