China
Africa
Explore chapters and articles related to this topic
Machine Learning Applications
Published in Peter Wlodarczak, Machine Learning and its Applications, 2019
One problem with anomaly detection is that an anomaly might be unseen and there is no historic data available that reflects the anomaly. For instance, there are constantly new security threads detected that have been unknown and, hence, a machine learning algorithm cannot be trained on existing data. A zero-day vulnerability is such an unknown or unaddressed security vulnerability that can be exploited by hackers. Since there is no data yet from unknown vulnerabilities or security breaches, instead of training a machine learning scheme to detect anomalies in network traffic, the learner can be trained to recognize what normal network traffic looks like. If it detects some deviant traffic, it issues an alarm and a security specialist can analyze the suspicious traffic. What deviant traffic is depends on what is transmitted over the network. For instance, if the network is used for financial transactions, an anomaly might be unusually high amounts of money transferred or transfers to an unusual country. When we have a collection of data points from network traffic they typically have a certain distribution, such as a Gaussian distribution. To detect anomalies, we first calculate the probability distribution p(x) from the data points. For every new data point x, the probability that it belongs to the probability distribution is calculated and compared against a threshold. If p(x) is smaller than the threshold, x is considered an anomaly. Normal data points tend to have a large p(x), whereas anomalous data points tend to have a small one.
IoT Security Frameworks and Countermeasures
Published in Stavros Shiaeles, Nicholas Kolokotronis, Internet of Things, Threats, Landscape, and Countermeasures, 2021
G. Bendiab, B. Saridou, L. Barlow, N. Savage, S. Shiaeles
The term “Zero-day” may refer to a recently discovered vulnerability or an exploit for a vulnerability that hackers can use to attack systems, with “zero” representing the number of days since the software vendor discovered the new vulnerability or its exploit, and started releasing a patch to fix it. The term “zero-day exploit” describes the malicious code that was written by criminal hackers and spies to exploit a “zero-day vulnerability.” Exploits can go unobserved for many years and are often sold on the black market for large sums of money. These threats are extremely dangerous because only the attacker is aware of their existence, so no security patches available to fix these vulnerabilities and block its corresponding zero-day exploits.
Cyber Offence Landscape
Published in Stanislav Abaimov, Maurizio Martellini, Cyber Arms, 2020
Stanislav Abaimov, Maurizio Martellini
Zero-day vulnerabilities and exploits are virtual products that can be easily sold without intermediaries over the internet. The available technologies and methods provide anonymity to those activities at very low costs, as well as technical support services and tutorials. Among the facilitating tools there are offshore VPN servers, custom malware generation and encryption for additional privacy and antimalware evasion, credentials to corporate networks, fake IDs and credit cards, custom-made and preconfigured hacking devices (USB drives, rogue routers, battery powered microcomputers).
Cyber Diversity Index for Sustainable Self-Control of Machines
Published in Cybernetics and Systems, 2022
Unknown attacks, also known as zero-day attacks, target unknown or publicly undisclosed software vulnerabilities. zero-day refers to how many days the software vendor has known about its vulnerability (Ablon and Bogart 2017). However, having unpatched software and security controls that have not been updated for some time, inadvertently make us defend against unknown-to-us attacks, which have the same impact as a zero-day attack to the defender. Additionally, when new patches are provided by software vendors, attackers can potentially reverse engineer the patch, identify exploitable vulnerabilities and develop an 1-day exploit (Paganini 2019). For the purpose of term consistency throughout this paper, the term zero-day, due to its impact, will be used to cover cyber attacks that successfully exploit vulnerabilities. The only plausible defensive solution against these cyber attacks would be to use an anomaly-based security control.
Understanding vulnerabilities in cyber physical production systems
Published in International Journal of Computer Integrated Manufacturing, 2021
Azfar Khalid, Zeashan Hameed Khan, Muhammad Idrees, Pierre Kirisci, Zied Ghrairi, Klaus-Dieter Thoben, Jürgen Pannek
The cyber-physical security challenges need to be addressed for successful collaborative tasking in the HRC segment. This requires access control to all interconnected devices in the CPPS. However, wireless networks are vulnerable to security threats, and secure communication protocols need to be utilized in order to ensure fault proof HRC. Moreover, in case an eavesdropper gains access to any component, the cyber security checks should act fast enough to mitigate the possible damage, as listed in Figure 8. It is challenging to counter zero day vulnerbilities (ZDV), which are unknown to the CPPS and can result in fatal consequences if not detected timely. On the other hand, most of the other types of cyber attacks have detectable signatures and their patterns are known to the security experts. For zero day vulnerabilities, complex artificial intelligence and machine learning algorithms are needed to detect and encounter these attacks (Wegner, Graham, and Ribble 2017; Khalid et al. 2018).