17 research outputs found
Post-Quantum Migration of the Tor Application
Get PDFThe efficiency of Shor's and Grover's algorithms and the advancement of quantum computers implies that the cryptography used until now to protect one's privacy is potentially vulnerable to retrospective decryption, also known as the harvest now, decrypt later attack in the near future. This dissertation proposes an overview of the cryptographic schemes used by Tor, highlighting the non-quantum-resistant ones and introducing theoretical performance assessment methods of a local Tor network. The measurement is divided into three phases. We start with benchmarking a local Tor network simulation on constrained devices to isolate the time taken by classical cryptography processes. Secondly, the analysis incorporates existing benchmarks of quantum-secure algorithms and compares these performances on the devices. Lastly, the estimation of overhead is calculated by replacing the measured times of traditional cryptography with the times recorded for Post-Quantum Cryptography (PQC) execution within the specified Tor environment. By focusing on the replaceable cryptographic components, using theoretical estimations, and leveraging existing benchmarks, valuable insights into the potential impact of PQC can be obtained without needing to implement it fully
A Binary-based MapReduce Analysis for Cloud Logs
Get PDFEfficiently managing and analyzing cloud logs is a difficult and expensive task due the growth in size and variety of formats. In this paper, we propose a binary-based approach for frequency mining correlated attacks in log data. This approach is conceived to work using the MapReduce programming model. Initial experimental results are presented and they serve as the subject of a data mining algorithm to help us predict the likelihood of correlated attacks taking place
A Binary-based MapReduce Analysis for Cloud Logs
Get PDFEfficiently managing and analyzing cloud logs is a difficult and expensive task due the growth in size and variety of formats. In this paper, we propose a binary-based approach for frequency mining correlated attacks in log data. This approach is conceived to work using the MapReduce programming model. Initial experimental results are presented and they serve as the subject of a data mining algorithm to help us predict the likelihood of correlated attacks taking place
A novel approach in detecting intrusions using NSLKDD database and MapReduce programming
Get PDFDue to the increasing usage of the cloud computing architecture, computer systems are facing many security challenges that render sensitive data visible and available to be counterfeited by malicious users and especially intruders. Log files are generated at every level of the computing infrastructure and represent a valuable source of information in detecting attacks. The main goal of this work is the identifiction and prediction of attacks and malicious behaviors by analyzing, classifying and labeling recorded activities in log files. This paper uses MapReduce programming to prior each user behavior, it also employs K-Means algorithm to cluster unknown events and K-NN supervised learning on NSLKDD database to define unlabelled classes
Enabling Quantum Cybersecurity Analytics in Botnet Detection: Stable Architecture and Speed-up through Tree Algorithms
Full text linkFor the first time, we enable the execution of hybrid machine learning
methods on real quantum computers, with 100 data samples, and also with
real-device-based simulations, with 5,000 data samples and thereby
outperforming the current state of research of Suryotrisongko and Musashi from
the year 2022 who were dealing with 1,000 data samples and not with simulations
on quantum real devices but on quantum simulators (i.e. pure software-based
emulators) only. Additionally, we beat their reported accuracy of 76.8% by an
average accuracy of 89.0%, all of this in a total computation time of 382
seconds only. They did not report the execution time. We gain this significant
progress by a two-fold strategy: First, we provide a stabilized quantum
architecture that enables us to execute HQML algorithms on real quantum
devices. Second, we design a new form of hybrid quantum binary classification
algorithms that are based on Hoeffding decision tree algorithms. These
algorithms lead to the mentioned speed-up through their batch-wise execution in
order to drastically reduce the number of shots needed for the real quantum
device compared to standard loop-based optimizers. Their incremental nature
serves the purpose of big data online streaming for DGA botnet detection. These
two steps allow us to apply hybrid quantum machine learning to the field of
cybersecurity analytics on the example of DGA botnet detection and how
quantum-enhanced SIEM and, thereby, quantum cybersecurity analytics is made
possible. We conduct experiments using the library Qiskit with quantum
simulator Aer as well as on three different real quantum devices from MS Azure
Quantum, naming IonQ, Rigetti and Quantinuum. It is the first time that these
tools have been combined.Comment: 33 pages, 6 figures, 6 table
Hybrid Email Spam Detection Model Using Artificial Intelligence
Get PDFThe growing volume of spam Emails has generated the need for a more precise anti-spam filter to detect unsolicited Emails. One of the most common representations used in spam filters is the Bag-of-Words (BOW). Although BOW is very effective in the classification of the emails, it has a number of weaknesses. In this paper, we present a hybrid approach to spam filtering based on the Neural Network model Paragraph Vector-Distributed Memory (PV-DM). We use PV-DM to build up a compact representation of the context of an email and also of its pertinent features. This methodology represents a more comprehensive filter for classifying Emails. Furthermore, we have conducted an empirical experiment using Enron spam and Ling spam datasets, the results of which indicate that our proposed filter outperforms the PV-DM and the BOW email classification methods
Attacking Windows Hello for Business: Is It What We Were Promised?
Get PDFTraditional password authentication methods have raised many issues in the past, including insecure practices, so it comes as no surprise that the evolution of authentication should arrive in the form of password-less solutions. This research aims to explore the problems that password authentication and password policies present and aims to deploy Windows Hello for Business (WHFB) on-premises. This includes creating three virtual machines (VMs) and evaluating WHFB as a password-less solution and showing how an attacker with privileged access may retrieve the end user’s domain password from the computer’s memory using Mimikatz and describing the possible results. The conducted research tests are in the form of two attack methods. This was feasible by the creation of three VMs operating in the following way. The first VM will act as a domain controller (DC) and certificate authority server (CA server). The second VM will act as an Active Directory Federation Service (ADFS). The third VM will act as the end-user device. The test findings research summarized that password-less authentication is far more secure than the traditional authentication method; this is evidenced throughout the author’s tests. Within the first test, it was possible to retrieve the password from an enrolled device for WHFB while it was still in the second phase of the deployment. The second test was a brute-force attack on the PIN of WHFB; since WHFB has measures to prevent such attacks, the attack was unsuccessful. However, even though the retrieval of the password was successful, there are several obstacles to achieving this outcome. It was concluded that many organizations still use password authentication as their primary authentication method for accessing devices and applications. Larger organizations such as Microsoft and Google support the adoption of password-less authentication for end-users, and the current usage of password-less authentication shared by both organizations is encouraged. This usually leads organizations to adopt this new solution for their IT infrastructure. This is because it has been used and tested by millions of people and has proven to be safe. This supports the findings of increased usage and the need for password-less authentication by today’s users
