Journal
2021 WORKSHOP ON COMMUNICATION NETWORKS AND POWER SYSTEMS (WCNPS)
Volume -, Issue -, Pages -Publisher
IEEE
DOI: 10.1109/WCNPS53648.2021.9626241
Keywords
Security; Artificial Immune Systems; Multi-Agent Systems; Flow-based Analysis; Rootkits; Malware detection
Categories
Funding
- CyberSecLab
Ask authors/readers for more resources
With the expansion of the Internet, cyber threats have increased significantly, with Advanced Persistent Threats (APTs) and rootkits being among the main threats. Researchers have proposed the MADEX architecture and NERD, achieving good results in detecting rootkits obfuscating network traffic.
The expansion of the Internet has also seen a great increase in cyber threats. Among the main threats seen in this new scenario are Advanced Persistent Threats(APT's) characterized by slow progress, high stealthiness and high impact. One of the tools used by cyber actors to allow the extended presence necessary to APT's campaigns are rootkits, malware designed to subvert the Operating System allowing for processes, files and network traffic to be hidden from system administrators, and to allow easy access after the initial infection, which are extremely hard to detect. Marques et al. [1] have proposed the MADEX architecture, an Artificial Immune System (AIS) for flow analysis, that detects rootkits obfuscating network traffic. This work enhances the MADEX architecture so that it could handle more load without impact to its detection capabilities. This resulted in NERD, which can handle loads above those of the original MADEX with an improved accuracy of 99.996% and false positive rates below 0.08%.
Authors
I am an author on this paper
Click your name to claim this paper and add it to your profile.
Reviews
Recommended
No Data Available