Comparison Between Different Growth Functions of the Jatropha Curcas Plant with Random Attack Pattern of Whitefly

We have proposed here two deterministic models of Jatropha Curcas plant and Whitefly that simulate the dynamics of interaction between them where the distribution of Whitefly on plant follows Poisson distribution.In the first model growth rate of the plant is assumed to be in logistic form whereas in the second model it is taken as exponential form. The attack pattern and the growth of the whitefly are assumed as Holling type II function.The first model results a globally stable state and in the second one we find a globally attracting steady state for some parameter values,and a stable limit cycle for some other parameter values. It is also shown that there exist Hopf bifurcation with respect to some parameter values. The paper also discusses the question about persistence and permanence of the model. It is found that the specific growth rate of both the population and attack pattern of the whitefly governs the dynamics of both the models.

Exploiting the Outcome of Outlier Detection for Novel Attack Pattern Recognition on Streaming Data

Future-oriented networking infrastructures are characterized by highly dynamic Streaming Data (SD) whose volume, speed and number of dimensions increased significantly over the past couple of years, energized by trends such as Software-Defined Networking or Artificial Intelligence. As an essential core component of network security, Intrusion Detection Systems (IDS) help to uncover malicious activity. In particular, consecutively applied alert correlation methods can aid in mining attack patterns based on the alerts generated by IDS. However, most of the existing methods lack the functionality to deal with SD data affected by the phenomenon called concept drift and are mainly designed to operate on the output from signature-based IDS. Although unsupervised Outlier Detection (OD) methods have the ability to detect yet unknown attacks, most of the alert correlation methods cannot handle the outcome of such anomaly-based IDS. In this paper, we introduce a novel framework called Streaming Outlier Analysis and Attack Pattern Recognition, denoted as SOAAPR, which is able to process the output of various online unsupervised OD methods in a streaming fashion to extract information about novel attack patterns. Three different privacy-preserving, fingerprint-like signatures are computed from the clustered set of correlated alerts by SOAAPR, which characterizes and represents the potential attack scenarios with respect to their communication relations, their manifestation in the data's features and their temporal behavior. Beyond the recognition of known attacks, comparing derived signatures, they can be leveraged to find similarities between yet unknown and novel attack patterns. The evaluation, which is split into two parts, takes advantage of attack scenarios from the widely-used and popular CICIDS2017 and CSE‐CIC‐IDS2018 datasets. Firstly, the streaming alert correlation capability is evaluated on CICIDS2017 and compared to a state-of-the-art offline algorithm, called Graph-based Alert Correlation (GAC), which has the potential to deal with the outcome of anomaly-based IDS. Secondly, the three types of signatures are computed from attack scenarios in the datasets and compared to each other. The discussion of results, on the one hand, shows that SOAAPR can compete with GAC in terms of alert correlation capability leveraging four different metrics and outperforms it significantly in terms of processing time by an average factor of 70 in 11 attack scenarios. On the other hand, in most cases, all three types of signatures seem to reliably characterize attack scenarios such that similar ones are grouped together, with up to 99.05\% similarity between the FTP and SSH Patator attack.intrusion detection; alert analysis; alert correlation; outlier detection; attack scenario; streaming data; network security

ICSTrace: A Malicious IP Traceback Model for Attacking Data of the Industrial Control System

Considering that the attacks against the industrial control system are mostly organized and premeditated actions, IP traceback is significant for the security of the industrial control system. Based on the infrastructure of the internet, we have developed a novel malicious IP traceback model, ICSTrace, without deploying any new services. The model extracts the function codes and their parameters from the attack data according to the format of the industrial control protocol and employs a short sequence probability method to transform the function codes and their parameters into a vector, which characterizes the attack pattern of malicious IP addresses. Furthermore, a partial seeded K-means algorithm is proposed for the pattern’s clustering, which helps in tracing the attacks back to an organization. ICSTrace is evaluated based on the attack data captured by the large-scale deployed honeypots for the industrial control system, and the results demonstrate that ICSTrace is effective on malicious IP traceback in the industrial control system.

Tracing CVE Vulnerability Information to CAPEC Attack Patterns Using Natural Language Processing Techniques

For effective vulnerability management, vulnerability and attack information must be collected quickly and efficiently. A security knowledge repository can collect such information. The Common Vulnerabilities and Exposures (CVE) provides known vulnerabilities of products, while the Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of common attributes and approaches employed by adversaries to exploit known weaknesses. Due to the fact that the information in these two repositories are not linked, identifying related CAPEC attack information from CVE vulnerability information is challenging. Currently, the related CAPEC-ID can be traced from the CVE-ID using Common Weakness Enumeration (CWE) in some but not all cases. Here, we propose a method to automatically trace the related CAPEC-IDs from CVE-ID using three similarity measures: TF–IDF, Universal Sentence Encoder (USE), and Sentence-BERT (SBERT). We prepared and used 58 CVE-IDs as test input data. Then, we tested whether we could trace CAPEC-IDs related to each of the 58 CVE-IDs. Additionally, we experimentally confirm that TF–IDF is the best similarity measure, as it traced 48 of the 58 CVE-IDs to the related CAPEC-ID.

Experimental Cyber Attack Detection Framework

Digital security plays an ever-increasing, crucial role in today’s information-based society. The variety of threats and attack patterns has dramatically increased with the advent of digital transformation in our lives. Researchers in both public and private sectors have tried to identify new means to counteract these threats, seeking out-of-the-box ideas and novel approaches. Amongst these, data analytics and artificial intelligence/machine learning tools seem to gain new ground in digital defence. However, such instruments are used mainly offline with the purpose of auditing existing IDS/IDPS solutions. We submit a novel concept for integrating machine learning and analytical tools into a live intrusion detection and prevention solution. This approach is named the Experimental Cyber Attack Detection Framework (ECAD). The purpose of this framework is to facilitate research of on-the-fly security applications. By integrating offline results in real-time traffic analysis, we could determine the type of network access as a legitimate or attack pattern, and discard/drop the latter. The results are promising and show the benefits of such a tool in the early prevention stages of both known and unknown cyber-attack patterns.

Does genetic variation on the shy–bold continuum influence carnivore attacks on people? Evidence from the brown bear

Little is known about the heritable behavioural traits of attacks by large carnivores on people. During the last 30 years attacks by brown bears Ursus arctos on people in the Cantabrian Mountains of Spain have been disproportionately concentrated in the eastern subpopulation. Excluding factors such as the existence of a single unusually bold bear, a higher human population density, particular human activities promoting encounters, or clear habitat differences in the area of this subpopulation, we propose that a plausible explanation for the unbalanced geographical attack pattern is that this subpopulation, separated a century earlier from the western subpopulation, may harbour a higher proportion of bolder bears. In the absence of genetic analyses this explanation remains speculative, but supports the hypothesis that genetic variation on the shy–bold continuum may influence attacks of large carnivores on people.

A Spatiotemporal-Oriented Deep Ensemble Learning Model to Defend Link Flooding Attacks in IoT Network

(1) Background: Link flooding attacks (LFA) are a spatiotemporal attack pattern of distributed denial-of-service (DDoS) that arranges bots to send low-speed traffic to backbone links and paralyze servers in the target area. (2) Problem: The traditional methods to defend against LFA are heuristic and cannot reflect the changing characteristics of LFA over time; the AI-based methods only detect the presence of LFA without considering the spatiotemporal series attack pattern and defense suggestion. (3) Methods: This study designs a deep ensemble learning model (Stacking-based integrated Convolutional neural network–Long short term memory model, SCL) to defend against LFA: (a) combining continuous network status as an input to represent “continuous/combination attacking action” and to help CNN operation to extract features of spatiotemporal attack pattern; (b) applying LSTM to periodically review the current evolved LFA patterns and drop the obsolete ones to ensure decision accuracy and confidence; (c) stacking System Detector and LFA Mitigator module instead of only one module to couple with LFA detection and mediation at the same time. (4) Results: The simulation results show that the accuracy rate of SCL successfully blocking LFA is 92.95%, which is 60.81% higher than the traditional method. (5) Outcomes: This study demonstrates the potential and suggested development trait of deep ensemble learning on network security.