{Back-Propagating} system dependency impact for attack investigation
Causality analysis on system auditing data has emerged as an important solution for attack
investigation. Given a POI (Point-Of-Interest) event (eg, an alert fired on a suspicious file …
investigation. Given a POI (Point-Of-Interest) event (eg, an alert fired on a suspicious file …
[PDF][PDF] From WHOIS to WHOWAS: A Large-Scale Measurement Study of Domain Registration Privacy under the GDPR.
When a domain is registered, information about the registrants and other related personnel
is recorded by WHOIS databases owned by registrars or registries (called WHOIS providers …
is recorded by WHOIS databases owned by registrars or registries (called WHOIS providers …
Peeler: Profiling kernel-level events to detect ransomware
Because the recent ransomware families are becoming progressively more advanced, it is
challenging to detect ransomware using static features only. However, their behaviors are …
challenging to detect ransomware using static features only. However, their behaviors are …
Optimized random forest model for botnet detection based on DNS queries
The Domain Name System (DNS) protocol plays a major role in today's Internet as it
translates between website names and corresponding IP addresses. However, due to the …
translates between website names and corresponding IP addresses. However, due to the …
Ensemble-based feature selection and classification model for DNS typo-squatting detection
Domain Name System (DNS) plays in important role in the current IP-based Internet
architecture. This is because it performs the domain name to IP resolution. However, the …
architecture. This is because it performs the domain name to IP resolution. However, the …
Malware on internet of uavs detection combining string matching and fourier transformation
W Niu, X Zhang, X Zhang, X Du… - IEEE Internet of …, 2020 - ieeexplore.ieee.org
Advanced persistent threat (APT), with intense penetration, long duration, and high
customization, has become one of the most grievous threats to cybersecurity. Furthermore …
customization, has become one of the most grievous threats to cybersecurity. Furthermore …
Detecting malware injection with program-dns behavior
Analyzing the DNS traffic of Internet hosts has been a successful technique to counter
cyberattacks and identify connections to malicious domains. However, recent stealthy …
cyberattacks and identify connections to malicious domains. However, recent stealthy …
Anteater: Advanced Persistent Threat Detection With Program Network Traffic Behavior
Y Zhang, W Liu, K Kuok, N Cheong - IEEE Access, 2024 - ieeexplore.ieee.org
Recent stealth attacks cleverly disguise malicious activities, masquerading as ordinary
connections to popular online services through seemingly innocuous applications. These …
connections to popular online services through seemingly innocuous applications. These …
C2-Eye: framework for detecting command and control (C2) connection of supply chain attacks
Supply chain attacks are potent cyber attacks for widespread ramifications by compromising
supply chains. Supply chain attacks are difficult to detect as the malware is installed through …
supply chains. Supply chain attacks are difficult to detect as the malware is installed through …
C2-DNSWatch: Endpoint framework for detecting command and control (C2) connection of advanced persistent threats (APTs)
RZ Haider, B Aslam, H Abbas… - 2024 13th International …, 2024 - ieeexplore.ieee.org
Advance Persistent Threats (APTs) are sophisti-cated cyber weapons for launching cyber
offensive against adversaries. APTs implement state-of-the-art techniques and proceed in …
offensive against adversaries. APTs implement state-of-the-art techniques and proceed in …