Synthetic Embedding of Hidden Information in Industrial Control System Network Protocols for Evaluation of Steganographic Malware
- URL: http://arxiv.org/abs/2406.19338v1
- Date: Thu, 27 Jun 2024 17:14:00 GMT
- Title: Synthetic Embedding of Hidden Information in Industrial Control System Network Protocols for Evaluation of Steganographic Malware
- Authors: Tom Neubert, Bjarne Peuker, Laura Buxhoidt, Eric Schueler, Claus Vielhauer,
- Abstract summary: This work introduces an embedding concept to gene ate synthetic steganographic network data to automatically produce significant amounts of data for training and evaluation of defense mechanisms.
The concept enables the possibility to manipulate a network packet wherever required and outperforms the state-of-the-art in terms of embedding pace significantly.
- Score: 0.0
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: For the last several years, the embedding of hidden information by steganographic techniques in network communications is increasingly used by attackers in order to obscure data infiltration, exfiltration or command and control in IT (information technology) and OT (operational technology) systems. Especially industrial control systems (ICS) and critical infrastructures have increased protection requirements. Currently, network defense mechanisms are unfortunately quite ineffective against novel attacks based on network steganography. Thus, on the one hand huge amounts of network data with steganographic embedding is required to train, evaluate and improve defense mechanisms. On the other hand, the real-time embedding of hidden information in productive ICS networks is crucial due to safety violations. Additionally it is time consuming because it needs special laboratory setup. To address this challenge, this work introduces an embedding concept to gene ate synthetic steganographic network data to automatically produce significant amounts of data for training and evaluation of defense mechanisms. The concept enables the possibility to manipulate a network packet wherever required and outperforms the state-of-the-art in terms of embedding pace significantly.
Related papers
- A Hybrid Training-time and Run-time Defense Against Adversarial Attacks in Modulation Classification [35.061430235135155]
Defense mechanism based on both training-time and run-time defense techniques for protecting machine learning-based radio signal (modulation) classification against adversarial attacks.
Considering a white-box scenario and real datasets, we demonstrate that our proposed techniques outperform existing state-of-the-art technologies.
arXiv Detail & Related papers (2024-07-09T12:28:38Z) - KiNETGAN: Enabling Distributed Network Intrusion Detection through Knowledge-Infused Synthetic Data Generation [0.0]
We propose a knowledge-infused Generative Adversarial Network for generating synthetic network activity data (KiNETGAN)
Our approach enhances the resilience of distributed intrusion detection while addressing privacy concerns.
arXiv Detail & Related papers (2024-05-26T08:02:02Z) - Effective Intrusion Detection in Heterogeneous Internet-of-Things Networks via Ensemble Knowledge Distillation-based Federated Learning [52.6706505729803]
We introduce Federated Learning (FL) to collaboratively train a decentralized shared model of Intrusion Detection Systems (IDS)
FLEKD enables a more flexible aggregation method than conventional model fusion techniques.
Experiment results show that the proposed approach outperforms local training and traditional FL in terms of both speed and performance.
arXiv Detail & Related papers (2024-01-22T14:16:37Z) - Stepping out of Flatland: Discovering Behavior Patterns as Topological Structures in Cyber Hypergraphs [0.7835894511242797]
We present a novel framework based in the theory of hypergraphs and topology to understand data from cyber networks.
We will demonstrate concrete examples in a large-scale cyber network dataset.
arXiv Detail & Related papers (2023-11-08T00:00:33Z) - XFedHunter: An Explainable Federated Learning Framework for Advanced
Persistent Threat Detection in SDN [0.0]
This work proposes XFedHunter, an explainable federated learning framework for APT detection in Software-Defined Networking (SDN)
In XFedHunter, Graph Neural Network (GNN) and Deep Learning model are utilized to reveal the malicious events effectively.
The experimental results on NF-ToN-IoT and DARPA TCE3 datasets indicate that our framework can enhance the trust and accountability of ML-based systems.
arXiv Detail & Related papers (2023-09-15T15:44:09Z) - FedDiSC: A Computation-efficient Federated Learning Framework for Power
Systems Disturbance and Cyber Attack Discrimination [1.0621485365427565]
This paper proposes a novel Federated Learning-based privacy-preserving and communication-efficient attack detection framework, known as FedDiSC.
We put forward a representation learning-based Deep Auto-Encoder network to accurately detect power system and cybersecurity anomalies.
To adapt our proposed framework to the timeliness of real-world cyberattack detection in SGs, we leverage the use of a gradient privacy-preserving quantization scheme known as DP-SIGNSGD.
arXiv Detail & Related papers (2023-04-07T13:43:57Z) - Artificial Neural Network for Cybersecurity: A Comprehensive Review [0.0]
This paper provides a systematic review of the application of deep learning (DL) approaches for cybersecurity.
A discussion is provided on the currently prevailing cyber-attacks in IoT and other networks, and the effectiveness of DL methods to manage these attacks.
Finally, this article discusses the importance of cybersecurity for reliable and practicable IoT-driven healthcare systems.
arXiv Detail & Related papers (2021-06-20T09:32:48Z) - Machine Learning for Massive Industrial Internet of Things [69.52379407906017]
Industrial Internet of Things (IIoT) revolutionizes the future manufacturing facilities by integrating the Internet of Things technologies into industrial settings.
With the deployment of massive IIoT devices, it is difficult for the wireless network to support the ubiquitous connections with diverse quality-of-service (QoS) requirements.
We first summarize the requirements of the typical massive non-critical and critical IIoT use cases. We then identify unique characteristics in the massive IIoT scenario, and the corresponding machine learning solutions with its limitations and potential research directions.
arXiv Detail & Related papers (2021-03-10T20:10:53Z) - Dataset Security for Machine Learning: Data Poisoning, Backdoor Attacks,
and Defenses [150.64470864162556]
This work systematically categorizes and discusses a wide range of dataset vulnerabilities and exploits.
In addition to describing various poisoning and backdoor threat models and the relationships among them, we develop their unified taxonomy.
arXiv Detail & Related papers (2020-12-18T22:38:47Z) - Automating Botnet Detection with Graph Neural Networks [106.24877728212546]
Botnets are now a major source for many network attacks, such as DDoS attacks and spam.
In this paper, we consider the neural network design challenges of using modern deep learning techniques to learn policies for botnet detection automatically.
arXiv Detail & Related papers (2020-03-13T15:34:33Z) - Survey of Network Intrusion Detection Methods from the Perspective of
the Knowledge Discovery in Databases Process [63.75363908696257]
We review the methods that have been applied to network data with the purpose of developing an intrusion detector.
We discuss the techniques used for the capture, preparation and transformation of the data, as well as, the data mining and evaluation methods.
As a result of this literature review, we investigate some open issues which will need to be considered for further research in the area of network security.
arXiv Detail & Related papers (2020-01-27T11:21:05Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.