Alerts reported by intrusion detection systems (IDSes) are often the starting points for attack campaign discovery and response procedures. However, the sheer number of alerts compared to the number of real attacks, along with the complexity of alert ...

SGX enclaves are trusted user-space memory regions that ensure isolation from the host, which is considered malicious. However, enclaves may suffer from vulnerabilities that allow adversaries to compromise their trustworthiness. Consequently, the SGX ...

Machine Learning (ML) techniques have been widely applied for network intrusion detection. However, existing ML-based network intrusion detection systems (NIDSs) suffer from fundamental limitations that hinder them from being deployed in the real ...

System logs are invaluable to forensic audits, but grow so large that in practice fine-grained logs are quickly discarded – if captured at all – preventing the real-world use of the provenance-based investigation techniques that have gained popularity ...

Cryptographic algorithms act as essential ingredients of all secure systems. However, the expected security guarantee from cryptographic algorithms often falls short in practice due to various cryptographic application programming interfaces (API) ...

Macro malware has always been a severe threat to cyber security although the Microsoft Office suite applies the default macro-disabling policy. Among the defense solutions at different stages of the attack chain, document analysis is more targeted ...

Existing literature on adversarial Machine Learning (ML) focuses either on showing attacks that break every ML model, or defenses that withstand most attacks. Unfortunately, little consideration is given to the actual cost of the attack or the defense. ...

The arm race between hardware security engineers and side-channel researchers has become more competitive with more sophisticated attacks and defenses in the last decade. While modern hardware features improve the system performance significantly, they ...

Anomaly detection for discrete event logs can provide critical information for building secure and reliable systems in various application domains, such as large scale data centers, autonomous driving, and intrusion detection. However, the task is very ...

As power grids have evolved, IT has become integral to maintaining reliable power. While providing operators improved situational awareness and the ability to rapidly respond to dynamic situations, IT concurrently increases the cyberattack threat ...

Machine learning (ML) based Malware classification provides excellent performance and has been deployed in various real-world applications. Training for malware classification often relies on crowdsourced threat feeds, which exposes a natural attack ...

Aviation datalink applications such as controller-pilot datalink communications (CPDLC) and automatic dependent surveillance-contract (ADS-C) were designed to supplement existing communication systems to accommodate increasing air traffic. These ...

Deep Packet Inspection (DPI) systems are essential for securing modern networks (e.g., blocking or logging abnormal network connections). However, DPI systems are known to be vulnerable in their implementations, which could be exploited for evasion ...

An effective way to improve resilience to cyber attacks is to measure and understand the adversary’s capabilities. Gaining insights into the threats we are exposed to helps us build better defenses, share findings with practitioners, and identify the ...

This work explores authoritative DNS (AuthDNS) as a new measurement perspective for studying the large-scale epidemiology of the malware ecosystem—when and where infections occur, and what infrastructure spreads and controls malware. Utilizing an ...

Besides coming with unprecedented benefits, the Internet of Things (IoT) suffers deficits in security measures, leading to attacks increasing every year. In particular, network environments such as smart homes lack managed security capabilities to ...

The growing heterogenous ecosystem of networked consumer devices such as smart meters or IoT-connected appliances such as air conditioners is difficult to secure, unlike the utility side of the grid which can be defended effectively through rigorous IT ...

In recent years, a number of model-free process-based anomaly detection schemes for Industrial Control Systems (ICS) were proposed. Model-free anomaly detectors are trained directly from process data and do not require process knowledge. They are ...