English
Related papers

Related papers: Detecting malicious logins as graph anomalies

200 papers

Malware represents a significant security concern in today's digital landscape, as it can destroy or disable operating systems, steal sensitive user information, and occupy valuable disk space. However, current malware detection methods,…

Cryptography and Security · Computer Science 2023-12-21 Chenzhong Yin , Hantang Zhang , Mingxi Cheng , Xiongye Xiao , Xinghe Chen , Xin Ren , Paul Bogdan

Analysis of an organization's computer network activity is a key component of early detection and mitigation of insider threat, a growing concern for many organizations. Raw system logs are a prototypical example of streaming data that can…

Neural and Evolutionary Computing · Computer Science 2017-12-19 Aaron Tuor , Samuel Kaplan , Brian Hutchinson , Nicole Nichols , Sean Robinson

Cyber threat hunting is a proactive search process for hidden threats in the organization's information system. It is a crucial component of active defense against advanced persistent threats (APTs). However, most of the current threat…

Cryptography and Security · Computer Science 2022-08-19 Jiawei Li , Ru Zhang , Jianyi Liu , Gongshen Liu

Early detection of network intrusions and cyber threats is one of the main pillars of cybersecurity. One of the most effective approaches for this purpose is to analyze network traffic with the help of artificial intelligence algorithms,…

Cryptography and Security · Computer Science 2024-02-13 Giacomo Zonneveld , Lorenzo Principi , Marco Baldi

Advanced attack campaigns span across multiple stages and stay stealthy for long time periods. There is a growing trend of attackers using off-the-shelf tools and pre-installed system applications (such as \emph{powershell} and \emph{wmic})…

Cryptography and Security · Computer Science 2019-05-21 Aditya Kuppa , Slawomir Grzonkowski , Muhammad Rizwan Asghar , Nhien-An Le-Khac

In order to understand the overall picture of cyber attacks and to identify the source of cyber attacks, a method to identify malicious activities by automatically creating a graph that ties together the dependencies of a series of related…

Cryptography and Security · Computer Science 2025-03-26 Taishin Saito

The rapid expansion of cloud infrastructures and distributed identity systems has significantly increased the complexity and attack surface of modern enterprises. Traditional rule based or signature driven detection systems are often…

Cryptography and Security · Computer Science 2025-12-12 Venkata Tanuja Madireddy

The rapid detection of attackers within firewalls of enterprise computer net- works is of paramount importance. Anomaly detectors address this problem by quantifying deviations from baseline statistical models of normal network behav- ior…

Cryptography and Security · Computer Science 2016-09-02 Justin Grana , David Wolpert , Joshua Neil , Dongping Xie , Tanmoy Bhattacharya , Russel Bent

This paper introduces a novel graph-analytic approach for detecting anomalies in network flow data called GraphPrints. Building on foundational network-mining techniques, our method represents time slices of traffic as a graph, then counts…

Cryptography and Security · Computer Science 2016-02-04 Christopher R. Harshaw , Robert A. Bridges , Michael D. Iannacone , Joel W. Reed , John R. Goodall

Intrusion detection system (IDS) is an important part of enterprise security system architecture. In particular, anomaly-based IDS has been widely applied to detect abnormal process behaviors that deviate from the majority. However, such…

Cryptography and Security · Computer Science 2016-08-10 Boxiang Dong , Zhengzhang Chen , Hui Wang , Lu-An Tang , Kai Zhang , Ying Lin , Haifeng Chen , Guofei Jiang

In general, anomaly detection is the problem of distinguishing between normal data samples with well defined patterns or signatures and those that do not conform to the expected profiles. Financial transactions, customer reviews, social…

Machine Learning · Computer Science 2022-06-10 Paul Irofti , Andrei Patrascu , Andra Baltoiu

In the realm of computer security, the importance of efficient and reliable user authentication methods has become increasingly critical. This paper examines the potential of mouse movement dynamics as a consistent metric for continuous…

Artificial Intelligence · Computer Science 2024-03-07 Rushit Dave , Marcho Handoko , Ali Rashid , Cole Schoenbauer

Before executing an attack, adversaries usually explore the victim's network in an attempt to infer the network topology and identify vulnerabilities in the victim's servers and personal computers. Falsifying the information collected by…

Cryptography and Security · Computer Science 2019-03-08 Rami Puzis , Hadar Polad , Bracha Shapira

Cyber operations is drowning in diverse, high-volume, multi-source data. In order to get a full picture of current operations and identify malicious events and actors analysts must see through data generated by a mix of human activity and…

Social and Information Networks · Computer Science 2021-03-25 Sinan G. Aksoy , Emilie Purvine , Stephen J. Young

In many cases, adversarial attacks are based on specialized algorithms specifically dedicated to attacking automatic image classifiers. These algorithms perform well, thanks to an excellent ad hoc distribution of initial attacks. However,…

Artificial Intelligence · Computer Science 2024-09-26 Ismail Labiad , Thomas Bäck , Pierre Fernandez , Laurent Najman , Tom Sander , Furong Ye , Mariia Zameshina , Olivier Teytaud

Cyber-security analysts face an increasingly large number of alerts received on any given day. This is mainly due to the low precision of many existing methods to detect threats, producing a substantial number of false positives. Usually,…

Cryptography and Security · Computer Science 2022-09-28 Iwona Hawryluk , Henrique Hoeltgebaum , Cole Sodja , Tyler Lalicker , Joshua Neil

Login notifications intend to inform users about sign-ins and help them protect their accounts from unauthorized access. Notifications are usually sent if a login deviates from previous ones, potentially indicating malicious activity. They…

Human-Computer Interaction · Computer Science 2024-04-02 Philipp Markert , Leona Lassak , Maximilian Golla , Markus Dürmuth

Analysing malware is important to understand how malicious software works and to develop appropriate detection and prevention methods. Dynamic analysis can overcome evasion techniques commonly used to bypass static analysis and provide…

Cryptography and Security · Computer Science 2023-10-30 Baskoro Adi Pratomo , Toby Jackson , Pete Burnap , Andrew Hood , Eirini Anthi

In this work we propose a graph-based model that, utilizing relations between groups of System-calls, distinguishes malicious from benign software samples and classifies the detected malicious samples to one of a set of known malware…

Cryptography and Security · Computer Science 2018-12-31 Anna Mpanti , Stavros D. Nikolopoulos , Iosif Polenakis

Intrusion detection systems (IDSs) generate valuable knowledge about network security, but an abundance of false alarms and a lack of methods to capture the interdependence among alerts hampers their utility for network defense. Here, we…

Cryptography and Security · Computer Science 2019-01-17 Anthony Palladino , Christopher J. Thissen