The CAaNES team has published over 100 peer reviewed security publications.
Featured Publications
Coordinated Distributed Attacks
In the network-centric approach to information operations, users share information robustly by means of a secure infrastructure that enables self-synchronization and, ultimately, more effective information operations which makes information availability a key component. Since information operations will only become more important in future network operations, a well-developed attack tool that is able to strike the adversary’s information networks is a valuable asset and should not be ignored. The goal of the proposed coordinated distributed multiple attack (CDMA) is to strike a selected adversarial network and render its services useless. In this attack, a number of compromised systems are used as facilitators in a coordinated manner to launch an attack on a victim’s host or network. (...more)
Detecting Coordinated Distributed Attacks
This paper describes results concerning the robustness and generalization capabilities of kernel methods in detecting coordinated distributed multiple attacks(CDMA) using network audit trails. We also evaluate the performance of denial of service detection models built using the key features in detecting a new attack scheme; CDMA. The data is generated by carrying out the attack(CDMA) in a closed environment at New Mexico Tech Information Assurance Laboratory. We use traditional support vector machines (SVM), biased support vector machine (BSVM) and leave-one-out model selection for support vector machines (looms) for model selection. We also evaluate the impact of kernel type and parameter values on the accuracy of a support vector machine (SVM) performing CDMA classification. We show that classification accuracy varies with the kernel type and the parameter values; thus, with appropriately chosen parameter values, CDMA can be detected by SVMs and BSVMs with higher accuracy and lower rates of false alarms. (...more)
Detection of Phishing Attacks
Phishing is a form of identity theft that occurs when a malicious Web site impersonates a legitimate one in order to acquire sensitive information such as passwords, account details, or credit card numbers. Though there are several antiphishing software and techniques for detecting potential phishing attempts in emails and detecting phishing contents on websites, phishers come up with new and hybrid techniques to circumvent the available software and techniques. (...more)
Detection of Virtual Environments and Low Interaction Honeypots
This paper focuses on the detection of virtual environments and low interaction honeypots by using a feature set that is built using traditional system and network level finger printing mechanisms. Earlier work in the area has been mostly based on the system level detection. The results aim at bringing out the limitations in the current honeypot technology. This paper also describes the results concerning the robustness and generalization capabilities of kernel methods in detecting honeypots using system and network finger printing data. We use traditional support vector machines (SVM), biased support vector machine (BSVM) and leave-one-out model selection for support vector machines (looms) for model selection. We also evaluate the impact of kernel type and parameter values on the accuracy of a support vector machine (SVM) performing honeypot classification. Through a variety of comparative experiments, it is found that SVM performs the best for data sent on the same network; BSVM performs the best for data sent from a remote network. (...more)
Fragmented Malware Through RFID
Malware, in essence, is an infiltration to one's computer system. Malware is created to wreak havoc once it gets in through weakness in a computer's barricade. Antivirus companies and operating system companies are working to patch weakness in systems and to detect infiltrators. However, with the advance of fragmentation, detection might even prove to be more difficult. Malware detection relies on signatures to identify malware of certain shapes. With fragmentation, functionality and size can change depending on how many fragments are used and how the fragments are created. In this paper we present a robust malware detection technique, with emphasis on detecting fragmentation malware attacks in RFID systems that can be extended to detect complex obfuscated and mutated malware. After a particular fragmented malware has been first identified, it can be analyzed to extract the signature, which provides a basis for detecting variants and mutants of similar types of malware in the future. Encouraging experimental results on a limited set of recent malware are presented. (...more)
Intrusion Detection Using Ensemble of Intelligent Paradigms
Soft computing techniques are increasingly being used for problem solving. This paper addresses using an ensemble approach of different soft computing and hard computing techniques for intrusion detection. Due to increasing incidents of cyber attacks, building effective intrusion detection systems are essential for protecting information systems security, and yet it remains an elusive goal and a great challenge. We studied the performance of Artificial Neural Networks (ANNs), Support Vector Machines (SVMs) and Multivariate Adaptive Regression Splines (MARS). We show that an ensemble of ANNs, SVMs and MARS is superior to individual approaches for intrusion detection in terms of classification accuracy. (...more)