МОДЕЛІ І МЕТОДИ ЗАХИСТУ КІБЕРПРОСТОРУ
DOI:
https://doi.org/10.30837/1563-0064.2(85).2019.184741Аннотация
Наводиться аналітичний огляд існуючих моделей,методів і технологій захисту індивідуального сервіс-комп'ютингу. Визначаються переваги і недолікинайбільш затребуваних моделей і методів,опублікованих в спеціальній літературі: матеріалахконференцій і наукових журналах. На основіпроведеного аналізу сформульовано мету і задачідослідження, орієнтовані на усунення проблемнихмісць і недоліків існуючих моделей і методів уконтексті їх реалізації в інфраструктурі захистуіндивідуального сервіс-комп'ютингу.
Библиографические ссылки
Cybersecurity Dilemmas: Technology, Policy, andIncentives: Summary of Discussions at the 2014Raymond and Beverly Sackler U.S.-U.K. ScientificForum, National Academy of Science, 2014.
P De Hert, V Papakonstantinou, The proposed dataprotection Regulation replacing Directive 95/46/EC: Asound system for the protection of individuals, ComputerLaw & Security Review, Elsevier, 2012.
E. Lachaud, The General Data Protection Regulationand the rise of certification as a regulatory instrument,Computer Law & Security Review, Vol. 34, Issue 2. April2018. P. 244-256.
Bokefode J.D, Ubale S. A, Apte Sulabha S, Modani D.G, Analysis of DAC MAC RBAC Access Control basedModels for Security, International Journal of ComputerApplications, Vol. 104–No. 5, October 2014.
Luo L., He H., Zhu J. Defect Analysis and RiskAssessment of Mainstream File Access Control Policies.In: Wang G., Ray I., Alcaraz Calero J., Thampi S. (eds)Security, Privacy, and Anonymity in Computation,Communication, and Storage. SpaCCS. Springer. 2016.Lecture Notes in Computer Science. Vol. 10066.
Elsayed W., Gaber T., Zhang N., Ibrahim Moussa M.(2016) Access Control Models for PervasiveEnvironments: A Survey. In: Gaber T., Hassanien A., El-Bendary N., Dey N. (eds) The 1st InternationalConference on Advanced Intelligent System andInformatics (AISI2015), Springer. November 28-30,2015, Beni Suef, Egypt. Advances in Intelligent Systemsand Computing. Vol. 407.
Li, B., Tian, M., Zhang, Y., Lv, S.: Strategy of domainand cross-domain access control based on trust in cloudcomputing environment // Computer Engineering andNetworking. Springer. 2014. Р. 791–798.
Cha, B., Seo, J., Kim, J.: Design of attribute-basedaccess control in cloud computing environment // Proc. ofthe International Conference on IT Convergence andSecurity 2011. Р. 41–50.
Computer Security Incident Handling Guide, NIST800-61, Sep 2016,http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf
Information security incident management (ISO/IEC27035-1:2016), Sep 2016https://www.iso.org/obp/ui/#iso:std:iso-iec:27035:-1:ed-1:v1:en
Incident Handler's Handbook, SANS Institute, Sep2016,https://www.sans.org/reading-room/whitepapers/incident/incident-handlers-handbook-33901
Felix C. Freiling, Bastian Schwittay, A CommonProcess Model for Incident Response and DigitalForensics, IMF 2007, Stuttgart, September 2007,http://www.imf-conference.org/imf2007/2%20Freiling%20common_model.pdf
Grispos G., Glisson W. B., Storer T., RethinkingSecurity Incident Response: The Integration of AgilePrinciples, Sep 2016,https://arxiv.org/ftp/arxiv/papers/1408/1408.2431.pdf
Shostack A., Threat Modeling: Designing for Security,Wiley, 2014, p. 626
CAPEC: Common Attack Pattern Enumeration andClassification. https://capec.mitre.org/index.html, 2019.
Common vulnerability scoring system (CVSS) v3.0:Specification document,https://www.first.org/cvss/specification-document, 2019.
Adversary Tactics and Techniques and CommonKnowledge, MITRE, https://attack.mitre.org/, 2019.
Richard A. Caralli, James F. Stevens, Lisa R. Young,William R. Wilson, Introducing OCTAVE Allegro:Improving the Information Security Risk AssessmentProcess, Software Engineering Institute, 2007.
MANDIANT: Exposing One of China’s CyberEspionage Units.https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/mandiant-apt1-report.pdf, 2019
Колекція APT звітів, Github,https://github.com/aptnotes/data, 2019.
Phillip A Porras and Richard A Kemmerer.Penetration state transition analysis: A rule-basedintrusion detection approach // Proc. IEEE Eighth AnnualComputer Security Applications Conference, 1992. Р.220–229.
Calvin Ko, Manfred Ruschitzka, and Karl Levitt.Execution monitoring of security-critical programs indistributed systems: A specification-based approach //IEEE S&P. 1997.
Prem Uppuluri and R Sekar. Experiences withspecification-based intrusion detection // RAID. Springer,2001.
Yong Tang; Bin Xiao; Xicheng Lu. Signature TreeGeneration for Polymorphic Worms // IEEE Transactionson Computers. 2011. Vol. 60, Issue 4. Р. 565 – 579.
Venkataraman S., Blum A., Song D. Limits ofLearning-based Signature Generation with Adversaries.NDSS, The Internet Society, 2008.
David E., Netanyahu N. S. DeepSign: Deep Learningfor Automatic Malware Signature Generation andClassification. International Joint Conference on NeuralNetworks (IJCNN). Killarney, Ireland, July 2015. Р. 1–8.
Japertas S., Baksys T., Method of Early Staged CyberAttacks Detection in IT and TelecommunicationNetworks, ELEKTRONIKA IR ELEKTROTECHNIKA,ISSN 1392-1215, VOL. 24, NO. 3, 2018.
Yara, https://virustotal.github.io/yara/, 2019.
Dua S., Du X., Data Mining and Machine Learning inCybersecurity, CRC Press, 2011. P. 23-157.
Zimek A., Schubert E. Outlier Detection, Encyclopediaof Database Systems, Springer New York, pp. 1–5, 2017.
Chandola, V.; Banerjee, A.; Kumar, V. Anomalydetection: A survey. ACM Computing Surveys. 2009. 41(3). Р. 1–58.
Knorr, E. M.; Ng, R. T.; Tucakov, V. Distance-basedoutliers: Algorithms and applications // The VLDBJournal the International Journal on Very Large DataBases. 2011. 8 (3–4). Р. 237–253.
Ramaswamy, S.; Rastogi, R.; Shim, K. (2000).Efficient algorithms for mining outliers from large datasets. Proceedings of the 2000 ACM SIGMODinternational conference on Management of data –SIGMOD'00. 427 р.
Angiulli, F.; Pizzuti, C. (2002). Fast Outlier Detectionin High Dimensional Spaces. Principles of Data Miningand Knowledge Discovery. Lecture Notes in ComputerScience. 2431. p. 15.
Breunig, M. M.; Kriegel, H.-P.; Ng, R. T.; Sander, J.(2000). LOF: Identifying Density-based Local Outliers(PDF). Proceedings of the 2000 ACM SIGMODInternational Conference on Management of Data.SIGMOD. pp. 93–104.
Liu, Fei Tony; Ting, Kai Ming; Zhou, Zhi-Hua(December 2008). Isolation Forest. 2008 Eighth IEEEInternational Conference on Data Mining. Р. 413–422.
Zimek, A.; Schubert, E.; Kriegel, H.-P. (2012). "Asurvey on unsupervised outlier detection in high-dimensional numerical data". Statistical Analysis andData Mining. 5 (5): 363–387.
Kriegel, H. P.; Kröger, P.; Schubert, E.; Zimek, A.(2009). Outlier Detection in Axis-Parallel Subspaces ofHigh Dimensional Data. Advances in KnowledgeDiscovery and Data Mining. Lecture Notes in ComputerScience. 5476. 831p.
Kriegel, H. P.; Kroger, P.; Schubert, E.; Zimek, A.(2012). Outlier Detection in Arbitrarily OrientedSubspaces. 2012 IEEE 12th International Conference onData Mining. 379p.
Fanaee-T, H.; Gama, J. (2016). "Tensor-basedanomaly detection: An interdisciplinary survey".Knowledge-Based Systems. 98: 130–147.
Schölkopf, B.; Platt, J. C.; Shawe-Taylor, J.; Smola,A. J.; Williamson, R. C. (2001). "Estimating the Supportof a High-Dimensional Distribution". NeuralComputation. 13 (7): 1443–71.
Hawkins, Simon; He, Hongxing; Williams, Graham;Baxter, Rohan (2002). "Outlier Detection UsingReplicator Neural Networks". Data Warehousing andKnowledge Discovery. Lecture Notes in ComputerScience. 2454. pp. 170–180.
He, Z.; Xu, X.; Deng, S. (2003). "Discovering cluster-based local outliers". Pattern Recognition Letters. 24(9–10): 1641–1650.
Campello, R. J. G. B.; Moulavi, D.; Zimek, A.;Sander, J. (2015). "Hierarchical Density Estimates forData Clustering, Visualization, and Outlier Detection".ACM Transactions on Knowledge Discovery from Data.10 (1): 5:1–51.
Lazarevic, A.; Kumar, V. (2005). Feature bagging foroutlier detection. Proc. 11th ACM SIGKDD InternationalConference on Knowledge Discovery in Data Mining. pp.157–166.
Nguyen, H. V.; Ang, H. H.; Gopalkrishnan, V. (2010).Mining Outliers with Ensemble of HeterogeneousDetectors on Random Subspaces. Database Systems forAdvanced Applications. Lecture Notes in ComputerScience. 5981. p. 368.
Kriegel, H. P.; Kröger, P.; Schubert, E.; Zimek, A.(2011). Interpreting and Unifying Outlier Scores.Proceedings of the 2011 SIAM International Conferenceon Data Mining. pp. 13–24.
Schubert, E.; Wojdanowski, R.; Zimek, A.; Kriegel, H.P. (2012). On Evaluation of Outlier Rankings and OutlierScores. Proceedings of the 2012 SIAM InternationalConference on Data Mining. pp. 1047–1058.
Zimek, A.; Campello, R. J. G. B.; Sander, J. R. (2014)."Ensembles for unsupervised outlier detection". ACMSIGKDD Explorations Newsletter. 15: 11–22.
Zimek, A.; Campello, R. J. G. B.; Sander, J. R. (2014).Data perturbation for outlier detection ensembles.Proceedings of the 26th International Conference onScientific and Statistical Database Management –SSDBM '14. p. 1.
Campos, Guilherme O.; Zimek, Arthur; Sander, Jörg;Campello, Ricardo J. G. B.; Micenková, Barbora;Schubert, Erich; Assent, Ira; Houle, Michael E. (2016)."On the evaluation of unsupervised outlier detection:measures, datasets, and an empirical study". Data Miningand Knowledge Discovery. 30 (4): 891.
R. Kozik, M. Choraś, Machine Learning Techniquesfor Cyber Attacks Detection, Image Processing andCommunications Challenges 5, 2014. P. 391-398.
S. H. H. Ding, B. C. M. Fung, P. Charland, Asm2Vec:Boosting Static Representation Robustness for BinaryClone Search against Code Obfuscation and CompilerOptimization, Proc. of 40th IEEE Symposium on Securityand Privacy, 2019.
S. M. Milajerdi, R. Gjomemo, B. Eshete , R. Sekar,V.N. Venkatakrishnan, HOLMES: Real-Time APTDetection through Correlation of Suspicious InformationFlows, Proc. of 40th IEEE Symposium on Security andPrivacy, 2019.
Splunk SIEM, https://www.splunk.com/, 2019.
LogRhythm SIEM, https://logrhythm.com/, 2019.
AlienVault® OSSIM™, Open Source SecurityInformation and Event Management (SIEM),https://www.alienvault.com/products/ossim, 2019.
IBM QRadar SIEM, https://www.ibm.com/us-en/marketplace/ibm-qradar-siem, 2019.
Treinen J.J., Thurimella R. (2006) A Framework forthe Application of Association Rule Mining in LargeIntrusion Detection Infrastructures. In: Zamboni D.,Kruegel C. (eds) Recent Advances in Intrusion Detection.RAID 2006. Lecture Notes in Computer Science, vol4219. Springer, Berlin, Heidelberg.
Blei, David, Probabilistic Topic Models.Communications of the ACM. 55 (4), P. 77–84, 2012.
Flora S. Tsai, Kap Luk Chan, Detecting CyberSecurity Threats in Weblogs Using Probabilistic Models,Proc. Intelligence and Security Informatics: Pacific AsiaWorkshop, PAISI 2007, Chengdu, China, April 11-12,2007, P. 46-57.
Greeff E., Ross W. The Rise of the Machines, AI- andML-Based Attacks Demonstrated, RSA Conference,2019.
Burt A. How will the GDPR impact machine learning?Answers to the three most commonly asked questionsabout maintaining GDPR-compliant machine learningprograms, O'Reilly, 2018,https://www.oreilly.com/ideas/how-will-the-gdpr-impact-machine-learning.
Melis L., Song C., Cristofaro E. De, Shmatikov V.,Exploiting Unintended Feature Leakage in CollaborativeLearning // Proc. of 40th IEEE Symposium on Securityand Privacy, 2019.
X. Ling, S. Ji, J. Zou, J. Wang, C. Wu, Bo Li, and T.Wang, DEEPSEC: A Uniform Platform for SecurityAnalysis of Deep Learning Model, Proc. of 40th IEEESymposium on Security and Privacy, 2019.
Kolosnjaji B., Demontis A., Biggio B., Maiorca D.,Giacinto G., Eckert C., Roli F., Adversarial MalwareBinaries: Evading Deep Learning for Malware Detectionin Executables, 2018 26th European Signal ProcessingConference (EUSIPCO), 2018, P. 533-537.
B. Wang, Y. Yao, S. Shan, H. Li, B. Viswanath, H.Zheng, Ben Y. Zhao, Neural Cleanse: Identifying andMitigating Backdoor Attacks in Neural Networks, IEEENeural Cleanse: Identifying and Mitigating BackdoorAttacks in Neural Networks, 2018.
X. Chen, C. Liu, B. Li, K. Lu, and D. Song, Targetedbackdoor attacks on deep learning systems using datapoisoning, arXiv preprint arXiv:1712.05526, 2017.
J. Clements and Y. Lao, Hardware trojan attacks onneural networks, arXiv preprint arXiv:1806.05768, 2018.
W. Li, J. Yu, X. Ning, P. Wang, Q. Wei, Y. Wang, andH. Yang, Hu-fu: Hardware and software collaborativeattack framework against neural networks, in Proc. ofISVLSI, 2018.
T. Gu, B. Dolan-Gavitt, and S. Garg, “Badnets:Identifying vulnerabilities in the machine learning modelsupply chain,” in Proc. of Machine Learning andComputer Security Workshop, 2017.
Y. Liu, S. Ma, Y. Aafer, W.-C. Lee, J. Zhai, W. Wang,and X. Zhang, Trojaning attack on neural networks, inProc. of NDSS, 2018.
Powers, David M W. Evaluation: From Precision,Recall and F-Measure to ROC, Informedness,Markedness & Correlation. Journal of Machine LearningTechnologies. 2 (1), P. 37–63, 2011.
K.N. Junejo, J. Goh, Behaviour-Based AttackDetection and Classification in Cyber Physical SystemsUsing Machine Learning, CPSS '16: Proceedings of the2nd ACM International Workshop on Cyber-PhysicalSystem Security, May 2016.
A.A. Cárdenas, P.K. Manadhata, S.P. Rajan. Big DataAnalytics for Security. IEEE Security & Privacy,Volume: 11, Issue: 6, 2013, pp. 74-76.
P. Giura and W. Wang, Using Large Scale DistributedComputing to Unveil Advanced Persistent Threats.Science J., vol. 1, no. 3, 2012, pp. 93–105.
T.-F. Yen et al., Beehive: LargeScale Log Analysis forDetecting Suspicious Activity in Enterprise Networks.Proc. Ann. Computer Security Applications Conference(ACSAC 13), ACM, Dec. 2013.
Загрузки
Опубликован
Выпуск
Раздел
Лицензия
Copyright (c) 2019 Радиоэлектроника и информатика
Это произведение доступно по лицензии Creative Commons «Attribution-NonCommercial-ShareAlike» («Атрибуция — Некоммерческое использование — На тех же условиях») 4.0 Всемирная.
The author(s) of a manuscript agree that if the manuscript is accepted for publication in “Radioelectronics&Informatics Journal”, the published article will be copyrighted using a Creative Commons “Attribution-Non Commercial-Share Alike” license. This license allows the author(s) to retain the copyright, but also allows others to freely copy, distribute, and display the copyrighted work, and derivative works based upon it, under certain specified conditions.