Network security situation awareness is an important foundation for network security management,which presents the target system security status by analyzing existing or potential cyber threats in the target system.In...Network security situation awareness is an important foundation for network security management,which presents the target system security status by analyzing existing or potential cyber threats in the target system.In network offense and defense,the network security state of the target system will be affected by both offensive and defensive strategies.According to this feature,this paper proposes a network security situation awareness method using stochastic game in cloud computing environment,uses the utility of both sides of the game to quantify the network security situation value.This method analyzes the nodes based on the network security state of the target virtual machine and uses the virtual machine introspection mechanism to obtain the impact of network attacks on the target virtual machine,then dynamically evaluates the network security situation of the cloud environment based on the game process of both attack and defense.In attack prediction,cyber threat intelligence is used as an important basis for potential threat analysis.Cyber threat intelligence that is applicable to the current security state is screened through the system hierarchy fuzzy optimization method,and the potential threat of the target system is analyzed using the cyber threat intelligence obtained through screening.If there is no applicable cyber threat intelligence,using the Nash equilibrium to make predictions for the attack behavior.The experimental results show that the network security situation awareness method proposed in this paper can accurately reflect the changes in the network security situation and make predictions on the attack behavior.展开更多
The study of malware behaviors,over the last years,has received tremendous attention from researchers for the purpose of reducing malware risks.Most of the investigating experiments are performed using either static a...The study of malware behaviors,over the last years,has received tremendous attention from researchers for the purpose of reducing malware risks.Most of the investigating experiments are performed using either static analysis or behavior analysis.However,recent studies have shown that both analyses are vulnerable to modern malware files that use several techniques to avoid analysis and detection.Therefore,extracted features could be meaningless and a distraction for malware analysts.However,the volatile memory can expose useful information about malware behaviors and characteristics.In addition,memory analysis is capable of detecting unconventional malware,such as in-memory and fileless malware.However,memory features have not been fully utilized yet.Therefore,this work aims to present a new malware detection and classification approach that extracts memory-based features from memory images using memory forensic techniques.The extracted features can expose the malware’s real behaviors,such as interacting with the operating system,DLL and process injection,communicating with command and control site,and requesting higher privileges to perform specific tasks.We also applied feature engineering and converted the features to binary vectors before training and testing the classifiers.The experiments show that the proposed approach has a high classification accuracy rate of 98.5%and a false positive rate as low as 1.24%using the SVM classifier.The efficiency of the approach has been evaluated by comparing it with other related works.Also,a new memory-based dataset consisting of 2502 malware files and 966 benign samples forming 8898 features and belonging to six memory types has been created and published online for research purposes.展开更多
基金This research was supported in part by the National Natural Science Foundation of China under grant numbers 61672206,61572170.
文摘Network security situation awareness is an important foundation for network security management,which presents the target system security status by analyzing existing or potential cyber threats in the target system.In network offense and defense,the network security state of the target system will be affected by both offensive and defensive strategies.According to this feature,this paper proposes a network security situation awareness method using stochastic game in cloud computing environment,uses the utility of both sides of the game to quantify the network security situation value.This method analyzes the nodes based on the network security state of the target virtual machine and uses the virtual machine introspection mechanism to obtain the impact of network attacks on the target virtual machine,then dynamically evaluates the network security situation of the cloud environment based on the game process of both attack and defense.In attack prediction,cyber threat intelligence is used as an important basis for potential threat analysis.Cyber threat intelligence that is applicable to the current security state is screened through the system hierarchy fuzzy optimization method,and the potential threat of the target system is analyzed using the cyber threat intelligence obtained through screening.If there is no applicable cyber threat intelligence,using the Nash equilibrium to make predictions for the attack behavior.The experimental results show that the network security situation awareness method proposed in this paper can accurately reflect the changes in the network security situation and make predictions on the attack behavior.
基金supported in part by Universiti Kebangsaan Malaysia(UKM)under Grant GUP-2019-062 and Grant GP-2019-K005539in part by the Ministry of Education Malaysia under Grant FRGS/1/2018/ICT04/UKM/02/3.
文摘The study of malware behaviors,over the last years,has received tremendous attention from researchers for the purpose of reducing malware risks.Most of the investigating experiments are performed using either static analysis or behavior analysis.However,recent studies have shown that both analyses are vulnerable to modern malware files that use several techniques to avoid analysis and detection.Therefore,extracted features could be meaningless and a distraction for malware analysts.However,the volatile memory can expose useful information about malware behaviors and characteristics.In addition,memory analysis is capable of detecting unconventional malware,such as in-memory and fileless malware.However,memory features have not been fully utilized yet.Therefore,this work aims to present a new malware detection and classification approach that extracts memory-based features from memory images using memory forensic techniques.The extracted features can expose the malware’s real behaviors,such as interacting with the operating system,DLL and process injection,communicating with command and control site,and requesting higher privileges to perform specific tasks.We also applied feature engineering and converted the features to binary vectors before training and testing the classifiers.The experiments show that the proposed approach has a high classification accuracy rate of 98.5%and a false positive rate as low as 1.24%using the SVM classifier.The efficiency of the approach has been evaluated by comparing it with other related works.Also,a new memory-based dataset consisting of 2502 malware files and 966 benign samples forming 8898 features and belonging to six memory types has been created and published online for research purposes.
