"Off-Label" use of DNS

DNS is one of the most widely abused protocols that threat actors use to hide traffic. DNS is also actively used, or rather misused, by other service providers, vendors, etc., to provide enhanced services. An in-depth examination of DNS logs revealed several very interesting legitimate use cases of the DNS protocol, apart from the usual name resolution service function. We coined the term ?Off-label? use of DNS to represent those use cases. Legitimate here simply means using DNS for non-malicious purposes other than what it was traditionally designed for, providing domain name resolution; a dictionary service mapping domain names to corresponding IP addresses. One of the main reasons DNS is used, or possibly misused, for these off-label use cases is data transfer speed and reduced overhead. These use cases can often reveal important information about the clients and software they are running and can be leveraged by network security analysts to improve their defense of the network. This research will detail some of those legitimate off-label use cases and how analysts can use them to detect malware trends in the network and much more just by analyzing an enterprise?s DNS logs.

Deep Learning Power of TOR: Security Levels

Most of the profound learning applications that we find locally are typically outfitted towards fields like advertising, deals, finance, and so on We scarcely at any point read articles or discover assets about profound getting the hang of being utilized to secure these items, and the business, from malware and programmer assaults. While the enormous innovation organizations like Google, Facebook, Microsoft, and Sales force have effectively implanted profound learning into their items, the online protection industry is as yet playing make up for lost time. It’s a difficult field however one that needs our complete consideration. we momentarily present Deep Learning (DL) alongside a couple of existing Information Security (therefore alluded to as Information security analysts ) applications it empowers. We then, at that point profound plunge into the intriguing issue of unknown pinnacle traffic discovery and furthermore present a DL-based answer for distinguish TOR traffic.

Connecting O*Net® Database to Cybersecurity Workforce Professional Certifications

The Occupational Information Network O*NET is considered the primary source of occupational information in the U.S. I explore here possible uses of O*NET data to inform cybersecurity workforce readiness certification programs. The O*NET database is used to map out education requirements and how they relate to professional certifications as required by employers and job designers in accordance with the National Initiative for Cybersecurity Careers and Studies (NICCS). The search focuses on the “Information Security Analysts” occupation as listed on O*NET, Careeronestop, U.S. Bureau of Labor Statistics (BLS), and finally tied back to NICCS source work role to identify certifications requirements. I found that no site has listed any certification as required, desirable or mandatory. NICCS offered general guidance to potential topics and areas of certification. Careeronestop site provided the ultimate guidance for this role certification. Professional certifications are still not integrated in the Cybersecurity Workforce Framework official guidance.

Social Engineering Penetration Testing

In this universe of digitalization, the requirement for information protection and information security is very significant. The IT organizations today care for their information over everything. For organizations, information protection is additionally significant for any person. In any case, regardless of how secure the organization is, how cutting-edge is the innovation utilized, or how modern their products are, there's as yet a weakness in each area known as 'Human'.The ability of gathering sensitive information from a person is known as Social Engineering. Social Engineering exceeds a variant security danger as it has demonstrated to be one of the simplest, least expensive, and vigorous and profoundly fruitful ways for criminals to accomplish their finishes. This paper depicts social engineering, progressed techniques utilized,and their effect on associations. This paper can help the security analysts to acquire experiences into social engineering from an alternate point of view, and specifically, upgrade the current and future investigation on social engineering monitor mechanisms.

CLAP: A Cross-Layer Analytic Platform for the Correlation of Cyber and Physical Security Events Affecting Water Critical Infrastructures

Water CIs are exposed to a wide number of IT challenges that go from the cooperation and alignment between physical and cyber security teams to the proliferation of new vulnerabilities and complex cyber-attacks with potential disastrous consequences. Although novel and powerful solutions are proposed in the literature, most of them lack appropriate mechanisms to detect cyber and physical attacks in real time. We propose a Cross-Layer Analytic Platform (denoted as CLAP) developed for the correlation of Cyber and Physical security events affecting water CIs. CLAP aims to improve the detection of complex attack scenarios in real time based on the correlation of cyber and physical security events. The platform assigns appropriate severity values to each correlated alarm that will guide security analysts in the decision-making process of prioritizing mitigation actions. A series of passive and active attack scenarios against the target infrastructure are presented at the end of the paper to show the mechanisms used for the detection and correlation of cyber–physical security events. Results show promising benefits in the improvement of response accuracy, false rates reduction and real-time detection of complex attacks based on cross-correlation rules.

A Compression-Based Method for Detecting Anomalies in Textual Data

Nowadays, information and communications technology systems are fundamental assets of our social and economical model, and thus they should be properly protected against the malicious activity of cybercriminals. Defence mechanisms are generally articulated around tools that trace and store information in several ways, the simplest one being the generation of plain text files coined as security logs. Such log files are usually inspected, in a semi-automatic way, by security analysts to detect events that may affect system integrity, confidentiality and availability. On this basis, we propose a parameter-free method to detect security incidents from structured text regardless its nature. We use the Normalized Compression Distance to obtain a set of features that can be used by a Support Vector Machine to classify events from a heterogeneous cybersecurity environment. In particular, we explore and validate the application of our method in four different cybersecurity domains: HTTP anomaly identification, spam detection, Domain Generation Algorithms tracking and sentiment analysis. The results obtained show the validity and flexibility of our approach in different security scenarios with a low configuration burden.

The Uncertainty of Side-channel Analysis: A Way to Leverage from Heuristics

Performing a comprehensive side-channel analysis evaluation of small embedded devices is a process known for its variability and complexity. In real-world experimental setups, the results are largely influenced by a huge amount of parameters, some of which are not easily adjusted without trial and error and are heavily relying on the experience of professional security analysts. In this article, we advocate the usage of an existing statistical methodology called Six Sigma (6 ) for side-channel analysis optimization. This well-known methodology is commonly used in other industrial fields, such as production and quality engineering, to reduce the variability of industrial processes. We propose a customized Six Sigma methodology, which allows even a less-experienced security analysis to select optimal values for the different variables that are critical for the side-channel analysis procedure. Moreover, we show how our methodology helps in improving different phases in the side-channel analysis process.

Visualization of Anomalies using Graph-Based Anomaly Detection

Network protocol analyzers such asWireshark are valuable for analyzing network traffic but pose a challenge in that it can be difficult to determine which behaviors are out of the ordinary due to the volume of data that must be analyzed. Network anomaly detection systems can provide vital insights to security analysts to supplement protocol analyzers, but this feedback can be difficult to interpret due to the complexity of the algorithms used and the lack of context to determine the reasoning for which an event was labeled as anomalous. We present an approach for visualizing anomalies using a graph-based anomaly detection methodology that aims to provide visual context to network traffic. We demonstrate the approach using network traffic flows as an approach for aiding in the investigation and triage of anomalous network events. The simplicity of a visual representation supports fast analysis of anomalous traffic to identify true positives from false positives and prevent further potential damage.

Concerns of Modern IoT: Exploration over Attainments of Past Observational Challenges in IoT

In the previous past times internet of things (IoT) constructed up the different parts of life to improve usefulness by reducing human work including only a pair of sensors. In the previous there were frequently the absolute greatest obstacles which IoT as of now prompts achievement are not automatic. Just a few percent of organizations were fruitful with their IoT activities be that as it can, given a considerable number of which are simply operational or authoritative. Albeit numerous issues related with IoT arrangements are not mechanical, they are similarly agonizing and hard to survive. Furthermore, if each association needs to beat these difficulties in a void, a 74 percent 3 dissatisfaction rate is probably going to proceed. Be that as it may, by transparently sharing the information and bits of knowledge increased through broad experience encouraged IoT to push ahead all in all intensifying our human potential. The achievement of IoT over the past impediments puts more prominence on its capacity to conquer the future difficulties. IoT is an innovation that should be known as an aid. In any case, since it interfaces all the things to 4 the Internet, the things become defenseless against a type of security dangers. Huge organizations and cyber security analysts are giving their best to make things ideal for the purchasers, yet there is still a ton to be finished.

inTIME: A Machine Learning-Based Framework for Gathering and Leveraging Web Data to Cyber-Threat Intelligence

In today’s world, technology has become deep-rooted and more accessible than ever over a plethora of different devices and platforms, ranging from company servers and commodity PCs to mobile phones and wearables, interconnecting a wide range of stakeholders such as households, organizations and critical infrastructures. The sheer volume and variety of the different operating systems, the device particularities, the various usage domains and the accessibility-ready nature of the platforms creates a vast and complex threat landscape that is difficult to contain. Staying on top of these evolving cyber-threats has become an increasingly difficult task that presently relies heavily on collecting and utilising cyber-threat intelligence before an attack (or at least shortly after, to minimize the damage) and entails the collection, analysis, leveraging and sharing of huge volumes of data. In this work, we put forward inTIME, a machine learning-based integrated framework that provides an holistic view in the cyber-threat intelligence process and allows security analysts to easily identify, collect, analyse, extract, integrate, and share cyber-threat intelligence from a wide variety of online sources including clear/deep/dark web sites, forums and marketplaces, popular social networks, trusted structured sources (e.g., known security databases), or other datastore types (e.g., pastebins). inTIME is a zero-administration, open-source, integrated framework that enables security analysts and security stakeholders to (i) easily deploy a wide variety of data acquisition services (such as focused web crawlers, site scrapers, domain downloaders, social media monitors), (ii) automatically rank the collected content according to its potential to contain useful intelligence, (iii) identify and extract cyber-threat intelligence and security artifacts via automated natural language understanding processes, (iv) leverage the identified intelligence to actionable items by semi-automatic entity disambiguation, linkage and correlation, and (v) manage, share or collaborate on the stored intelligence via open standards and intuitive tools. To the best of our knowledge, this is the first solution in the literature to provide an end-to-end cyber-threat intelligence management platform that is able to support the complete threat lifecycle via an integrated, simple-to-use, yet extensible framework.