Detection of illicit cryptomining using network metadata

Illicit cryptocurrency mining has become one of the prevalent methods for monetization of computer security incidents. In this attack, victims’ computing resources are abused to mine cryptocurrency for the benefit of attackers. The most popular illicitly mined digital coin is Monero as it provides strong anonymity and is efficiently mined on CPUs.Illicit mining crucially relies on communication between compromised systems and remote mining pools using the de facto standard protocol Stratum. While prior research primarily focused on endpoint-based detection of in-browser mining, in this paper, we address network-based detection of cryptomining malware in general. We propose XMR-Ray, a machine learning detector using novel features based on reconstructing the Stratum protocol from raw NetFlow records. Our detector is trained offline using only mining traffic and does not require privacy-sensitive normal network traffic, which facilitates its adoption and integration.In our experiments, XMR-Ray attained 98.94% detection rate at 0.05% false alarm rate, outperforming the closest competitor. Our evaluation furthermore demonstrates that it reliably detects previously unseen mining pools, is robust against common obfuscation techniques such as encryption and proxies, and is applicable to mining in the browser or by compiled binaries. Finally, by deploying our detector in a large university network, we show its effectiveness in protecting real-world systems.

Detection of illicit cryptomining using network metadata

Illicit cryptocurrency mining has become one of the prevalent methods for monetization of computer security incidents. In this attack, victims' computing resources are abused to mine cryptocurrency for the benefit of attackers. The most popular illicitly mined digital coin is Monero as it provides strong anonymity and is efficiently mined on CPUs. Illicit mining crucially relies on communication between compromised systems and remote mining pools using the de facto standard protocol Stratum. While prior research primarily focused on endpoint-based detection of in-browser mining, in this paper we address network-based detection of cryptomining malware in general. We propose XMR-Ray, a machine learning detector using novel features based on reconstructing the Stratum protocol from raw NetFlow records. Our detector is trained offline using only mining traffic and does not require privacy-sensitive normal network traffic, which facilitates its adoption and integration. In our experiments, XMR-Ray attained 98.94% detection rate at 0.05% false alarm rate, outperforming the closest competitor. Our evaluation furthermore demonstrates that it reliably detects previously unseen mining pools, is robust against common obfuscation techniques such as encryption and proxies, and is applicable to mining in the browser or by compiled binaries. Finally, by deploying our detector in a large university network, we show its effectiveness in protecting real-world systems.

Ransomware Attacks: - Impact, Symptoms, Working, Preventive Measures and Response

Ransomware is the malware that breaches the protection of the system by using malicious codes. Modern ransomware families, encrypt certain file types on compromised systems. The attacks not only focused on a particular individual, but many organizations and institutions are also involved. New threats to the education sectors and similar organizations are centered here. Possible identification, prevention methods & responses to the rising ransomware attacks explained to combat them efficiently. The main ground of this research is to identify & understand the working of encrypting ransomware and understand the potential ways to counter them before attacking our systems & networks. Following the methodologies presented in this paper with careful analysis can effectively prevent and avert ransomware attacks.

Obfuscation of Malicious Behaviors for Thwarting Masquerade Detection Systems Based on Locality Features

In recent years, dynamic user verification has become one of the basic pillars for insider threat detection. From these threats, the research presented in this paper focuses on masquerader attacks, a category of insiders characterized by being intentionally conducted by persons outside the organization that somehow were able to impersonate legitimate users. Consequently, it is assumed that masqueraders are unaware of the protected environment within the targeted organization, so it is expected that they move in a more erratic manner than legitimate users along the compromised systems. This feature makes them susceptible to being discovered by dynamic user verification methods based on user profiling and anomaly-based intrusion detection. However, these approaches are susceptible to evasion through the imitation of the normal legitimate usage of the protected system (mimicry), which is being widely exploited by intruders. In order to contribute to their understanding, as well as anticipating their evolution, the conducted research focuses on the study of mimicry from the standpoint of an uncharted terrain: the masquerade detection based on analyzing locality traits. With this purpose, the problem is widely stated, and a pair of novel obfuscation methods are introduced: locality-based mimicry by action pruning and locality-based mimicry by noise generation. Their modus operandi, effectiveness, and impact are evaluated by a collection of well-known classifiers typically implemented for masquerade detection. The simplicity and effectiveness demonstrated suggest that they entail attack vectors that should be taken into consideration for the proper hardening of real organizations.

A Comprehensive Survey on DDoS Attacks and Recent Defense Mechanisms

DDoS attack always takes advantage of structure of Internet and imbalance of resources between defender and attacker. DDoS attacks are driven by factors like interdependency of Internet's security, limited resources, fewer incentives for home users and local ISPs, flexibility of handlers to control multiple compromised systems at the same time, untraceable nature of malicious packets and unfair distribution of resources all over the Internet. This survey chapter gives a comprehensive view on DDoS attacks and its defense mechanisms. Defense mechanisms are categorized according to the deployment position and nature of defense. Comprehensive study of DDoS attacks will definitely help researchers to understand the important issues related to cyber security.

Storytelling to Capture the Health Care Perspective of People Who Are Homeless

Utilizing a hermeneutic philosophical approach, the researchers explored the perceptions and experiences of people who are homeless in Mobile, Alabama, receiving health care and interacting with health care providers. Using the voice of the participants, discussions among the researchers, and supporting literature reinforcing key concepts, a framework was created illustrating the lived experience. The following themes were identified: social determinants of health, compromised systems, professionalism, dehumanization, engagement, and downward trajectory. The experiences described and themes identified indicate a breakdown in therapeutic relationships between homeless individuals and health care providers, contributing to the continuing destabilization common in this population.

Design of Accented Character-based CAPTCHA with Usability Test for Online Transactions

Websites serve as the primary interface on the Internet for transactions such as subscription, downloads, database access and storage. Websites are however, sources of security breaches to information systems that are attached to them. Several techniques have been developed to provide security on websites such as secured socket layer (ssl) and CAPTCHA systems. CAPTCHA is an authentication system for verifying human identity during online transactions. Text, mathematical operations, images and audio have been used to develop CAPTCHA systems. The basis of each system has been limited thus leading to successful attacks and compromised systems. In this work, the aim is to integrate accented characters into the CAPTCHA code generation mechanism and test the usability of the developed system on a website. The results indicate successful generation and user acceptability.