English
Related papers

Related papers: Multi-Stage Attack Detection via Kill Chain State …

200 papers

We implemented and evaluated an automated cyber defense agent. The agent takes security alerts as input and uses reinforcement learning to learn a policy for executing predefined defensive measures. The defender policies were trained in an…

Cryptography and Security · Computer Science 2023-04-24 Jakob Nyberg , Pontus Johnson

Context: Cybersecurity vendors often publish cyber threat intelligence (CTI) reports, referring to the written artifacts on technical and forensic analysis of the techniques used by the malware in APT attacks. Objective: The goal of this…

Cryptography and Security · Computer Science 2024-01-04 Md Rayhanur Rahman , Setu Kumar Basak , Rezvan Mahdavi Hezaveh , Laurie Williams

Joint safety and security analysis of cyber-physical systems is a necessary step to correctly capture inter-dependencies between these properties. Attack-Fault Trees represent a combination of dynamic Fault Trees and Attack Trees and can be…

Cryptography and Security · Computer Science 2023-09-19 Raffaela Groner , Thomas Witte , Alexander Raschke , Sophie Hirn , Irdin Pekaric , Markus Frick , Matthias Tichy , Michael Felderer

Provenance graphs are useful and powerful tools for representing system-level activities in cybersecurity; however, existing approaches often struggle with complex queries and flexible reasoning. This paper presents a novel approach using…

Cryptography and Security · Computer Science 2025-01-27 Fang Li , Fei Zuo , Gopal Gupta

Over the last years, threat intelligence sharing has steadily grown, leading cybersecurity professionals to access increasingly larger amounts of heterogeneous data. Among those, cyber attacks' Tactics, Techniques and Procedures (TTPs) have…

Cryptography and Security · Computer Science 2020-04-30 Valentine Legoy , Marco Caselli , Christin Seifert , Andreas Peter

Malware analysis and detection techniques have been evolving during the last decade as a reflection to development of different malware techniques to evade network-based and host-based security protections. The fast growth in variety and…

Cryptography and Security · Computer Science 2018-08-06 Andrii Shalaginov , Sergii Banin , Ali Dehghantanha , Katrin Franke

Attack graphs (AG) are used to assess pathways availed by cyber adversaries to penetrate a network. State-of-the-art approaches for AG generation focus mostly on deriving dependencies between system vulnerabilities based on network scans…

Cryptography and Security · Computer Science 2021-10-15 Azqa Nadeem , Sicco Verwer , Shanchieh Jay Yang

Despite their ability to aid developers in detecting potential defects early in the software development life cycle, static analysis tools often suffer from precision issues (i.e., high false positive rates of reported alarms). To improve…

Software Engineering · Computer Science 2024-01-22 Yuwei Zhang , Ying Xing , Ge Li , Zhi Jin

Risk assessment of cyber-physical systems, such as power plants, connected devices and IT-infrastructures has always been challenging: safety (i.e. absence of unintentional failures) and security (i.e. no disruptions due to attackers) are…

Cryptography and Security · Computer Science 2019-05-10 Étienne André , Didier Lime , Mathias Ramparison , Mariëlle Stoelinga

Given the complexity of multi-tenant cloud environments and the growing need for real-time threat mitigation, Security Operations Centers (SOCs) must adopt AI-driven adaptive defense mechanisms to counter Advanced Persistent Threats (APTs).…

Cryptography and Security · Computer Science 2025-04-22 Zahra Aref , Sheng Wei , Narayan B. Mandayam

Robust control and maintenance of the grid relies on accurate data. Both PMUs and state estimators are prone to false data injection attacks. Thus, it is crucial to have a mechanism for fast and accurate detection of an agent maliciously…

Machine Learning · Computer Science 2014-03-10 Hanie Sedghi , Edmond Jonckheere

We consider the probabilistic planning problem for a defender (P1) who can jointly query the sensors and take control actions to reach a set of goal states while being aware of possible sensor attacks by an adversary (P2) who has perfect…

Optimization and Control · Mathematics 2022-12-01 Sumukha Udupa , Abhishek N. Kulkarni , Shuo Han , Nandi O. Leslie , Charles A. Kamhoua , Jie Fu

In recent years, state-of-the-art traffic-control devices have evolved from standalone hardware to networked smart devices. Smart traffic control enables operators to decrease traffic congestion and environmental impact by acquiring…

Cryptography and Security · Computer Science 2019-08-06 Aron Laszka , Waseem Abbas , Yevgeniy Vorobeychik , Xenofon Koutsoukos

The construction of attack technique knowledge graphs aims to transform various types of attack knowledge into structured representations for more effective attack procedure modeling. Existing methods typically rely on textual data, such as…

Cryptography and Security · Computer Science 2024-11-14 Jian Wang , Tiantian Zhu , Chunlin Xiong , Yan Chen

Statistical approaches to cyber-security involve building realistic probability models of computer network data. In a data pre-processing phase, separating automated events from those caused by human activity should improve statistical…

Applications · Statistics 2017-07-04 Matthew Price-Williams , Nick Heard , Melissa Turcotte

The landscape of cyber threats grows more complex by the day. Advanced Persistent Threats carry out attack campaigns - e.g. operations Dream Job, Wocao, and WannaCry - against which cybersecurity practitioners must defend. To prioritise…

Cryptography and Security · Computer Science 2026-01-23 Stefano M. Nicoletti , Milan Lopuhaä-Zwakenberg , Mariëlle Stoelinga , Fabio Massacci , Carlos E. Budde

This work evaluates the performance of Cyber Threat Intelligence (CTI) extraction methods in identifying attack techniques from threat reports available on the web using the MITRE ATT&CK framework. We analyse four configurations utilising…

Cryptography and Security · Computer Science 2025-05-07 Hoang Cuong Nguyen , Shahroz Tariq , Mohan Baruwal Chhetri , Bao Quoc Vo

The current state of Advanced Persistent Threats (APT) attribution primarily relies on time-consuming manual processes. These include mapping incident artifacts onto threat attribution frameworks and employing expert reasoning to uncover…

Cryptography and Security · Computer Science 2024-09-26 Nanda Rani , Bikash Saha , Vikas Maurya , Sandeep Kumar Shukla

DoS and DDoS attacks are widely used and pose a constant threat. Here we explore Probability Packet Marking (PPM), one of the important methods for reconstructing the attack-graph and detect the attackers. We present two algorithms.…

Cryptography and Security · Computer Science 2023-04-12 Dina Barak-Pelleg , Daniel Berend , Thomas J. Robinson , Itamar Zimmerman

The Model Context Protocol (MCP) has become a widely adopted interface for LLM agents to invoke external tools, yet learned monitoring of MCP tool-call traffic remains underexplored. In this article, the proposed detector is presented as an…

Cryptography and Security · Computer Science 2026-05-25 Sultan Zavrak