Intelligent Security Systems. Leon Reznik
Читать онлайн книгу.
life cases and examples are provided. Then, it moves to presenting malware detection principles, algorithms and techniques, and anti‐malware tools and technologies. Their examples and use cases are included.
Chapter 5 starts with discussing how hacker’s demography and their culture have been changing over the last years. Then, it proceeds with presenting hacking attacks, techniques, and tools as well as anti‐hacking protection mechanisms. In the second part, it moves to the ordinary user’s profiles and authentication. Here, we show how to employ data science and statistical approaches to find out and analyze user’s characteristics and their influence on the security level of their computer practice. The module presents the computer device security evaluation. It discusses how to conduct analysis, observations, results, and recommendations for users to improve their overall security practices and the security of their devices. Also, it examines the hacking web fingerprinting attacks against the privacy protection TOR technology that utilizes machine learning as well as possible protection mechanisms. Examples and use cases are included.
Module 6 introduces novel adversarial machine learning attacks and their taxonomy when machine learning is used against AI‐based classifiers to make them fail. It investigates a possible data corruption and quality decrease influence on the classifier performance. The module proposes data restoration procedures and other measures to protect against adversarial attacks. Generative adversarial networks are introduced, and their use is discussed. Multiple algorithm examples and use cases are included.
I.5 Glossary of Basic Terms
This section lists standard terms used within the book and where to learn more about them.
| Term | Additional term | Definition | Definition source | Book section to learn more | Example |
|---|---|---|---|---|---|
| Offense | |||||
| Attack | Any kind of malicious activity that attempts to collect, disrupt, deny, degrade, or destroy information system resources or the information itself. | NIST SP 800‐12; | 1.4 | ||
| Cyber attack | An attack, via cyberspace, targeting an enterprise’s use of cyberspace for the purpose of disrupting, disabling, destroying, or maliciously controlling a computing environment/infrastructure; or destroying the integrity of the data or stealing controlled information. | NIST SP 800‐30 Rev. 1 | 5.1.5 | ||
| Advanced persistent threat (APT) | An adversary with sophisticated levels of expertise and significant resources, allowing it through the use of multiple different attack vectors (e.g. cyber, physical, and deception) to generate opportunities to achieve its objectives, which are typically to establish and extend footholds within the information technology infrastructure of organizations for purposes of continually exfiltrating information and/or to undermine or impede critical aspects of a mission, program, or organization, or place itself in a position to do so in the future; moreover, the advanced persistent threat pursues its objectives repeatedly over an extended period of time, adapting to a defender’s efforts to resist it, and with determination to maintain the level of interaction needed to execute its objectives. | NIST SP 800‐39 | 1,6 | ||
| Adversarial machine learning (AML) | AML is concerned with the design of ML algorithms that can resist security challenges, the study of the capabilities of attackers, and the understanding of attack consequences. | NISTIR 8269 (DRAFT) | 6 | ||
| Attack signature | A specific sequence of events indicative of an unauthorized access attempt. | NIST SP 800‐12 Rev. 1; | 4.5 | ||
| Brute force | A method of accessing an obstructed device by attempting multiple combinations of numeric/alphanumeric passwords. | NIST 800‐101 | 5.1.5.2 | ||
| Colluded applications | Attack performed by two or more cooperating applications, when an application that individually incorporates only harmless permissions expends them by sending and receiving requests to a collaborating application. | 5.1.8 | |||
| Denial of Service | The prevention of authorized access to resources or the delaying of time‐critical operations. (Time‐critical may be milliseconds or it may be hours, depending upon the service provided.) | NIST 800‐12 | 5.1.5.2 | Ex. 5.4 | |
| Eavesdropping | An attack in which an attacker listens passively to the authentication protocol to capture information that can be used in a subsequent active attack to masquerade as the claimant. | NIST 800‐63‐3 | 5.1.5.2 | ||
| Impersonation | A scenario where the attacker impersonates the verifier in an authentication protocol, usually to capture information that can be used to masquerade as a claimant to the real verifier. | NIST 800‐63‐2 | 5.1.5.2 | ||
| Phishing | Fraudulent attempt to obtain sensitive information or data by impersonating oneself as a trustworthy entity in a digital communication. | 5.1.5.2 | Ex. 5.3 | ||
| Spoofing | Faking the sending address of a transmission to gain illegal entry into a secure system. | CNSSI 4009‐2015 | 5.1.5.2. | Ex. 5.7 | |
| Website fingerprinting | Attack that allows an adversary to learn information about a user's web browsing activity by recognizing patterns in his traffic. | 5.4.2 | Ex. 5.8 | ||
| Zero day | An attack that exploits a previously unknown hardware, firmware, or software vulnerability. | CNSSI 4009‐2015 |
| ||