Visible to the public Biblio

Filters: Keyword is Signature-based detection  [Clear All Filters]
2022-04-19
Arfeen, Asad, Ahmed, Saad, Khan, Muhammad Asim, Jafri, Syed Faraz Ali.  2021.  Endpoint Detection Amp; Response: A Malware Identification Solution. 2021 International Conference on Cyber Warfare and Security (ICCWS). :1–8.
Malicious hackers breach security perimeters, cause infrastructure disruptions as well as steal proprietary information, financial data, and violate consumers' privacy. Protection of the whole organization by using the firm's security officers can be besieged with faulty warnings. Engineers must shift from console to console to put together investigative clues as a result of today's fragmented security technologies that cause frustratingly sluggish investigations. Endpoint Detection and Response (EDR) solutions adds an extra layer of protection to prevent an endpoint action into a breach. EDR is the region's foremost detection and response tool that combines endpoint and network data to recognize and respond to sophisticated threats. Offering unrivaled security and operational effectiveness, it integrates prevention, investigation, detection, and responding in a single platform. EDR provides enterprise coverage and uninterrupted defense with its continuous monitoring and response to threats. We have presented a comprehensive review of existing EDRs through various security layers that includes detection, response and management capabilities which enables security teams to have unified end-to-end corporate accessibility, powerful analytics along with additional features such as web threat scan, external device scan and automatic reaction across the whole technological tower.
2018-05-09
Mahajan, V., Peddoju, S. K..  2017.  Integration of Network Intrusion Detection Systems and Honeypot Networks for Cloud Security. 2017 International Conference on Computing, Communication and Automation (ICCCA). :829–834.

With an aim of provisioning fast, reliable and low cost services to the users, the cloud-computing technology has progressed leaps and bounds. But, adjacent to its development is ever increasing ability of malicious users to compromise its security from outside as well as inside. The Network Intrusion Detection System (NIDS) techniques has gone a long way in detection of known and unknown attacks. The methods of detection of intrusion and deployment of NIDS in cloud environment are dependent on the type of services being rendered by the cloud. It is also important that the cloud administrator is able to determine the malicious intensions of the attackers and various methods of attack. In this paper, we carry out the integration of NIDS module and Honeypot Networks in Cloud environment with objective to mitigate the known and unknown attacks. We also propose method to generate and update signatures from information derived from the proposed integrated model. Using sandboxing environment, we perform dynamic malware analysis of binaries to derive conclusive evidence of malicious attacks.