Biblio

In recent years, the development of deep learning has brought new ideas to internal threat detection. In this paper, three common deep learning algorithms for threat detection are optimized and innovated, and feature embedding, drift detection and sample weighting are introduced into FCNN. Adaptive multi-iteration method is introduced into Support Vector Data Description (SVDD). A dynamic threshold adjustment mechanism is introduced in VAE. In threat detection, three methods are used to detect the abnormal behavior of users, and the intersection of output results is taken as the final threat judgment basis. Experiments on cert r6.2 data set show that this method can significantly reduce the false positive rate.

Previous research on internal threats was mostly focused on modeling threat behaviors. These studies have paid little attention to risk measurement. This paper analyzed the internal threat scenarios, introduced the operation related protection model into the firewall-password model, constructed a series of sub models. By analyzing the illegal data out process, the analysis model of target network can be rapidly generated based on four protection sub-models. Then the risk value of an assessment point can be computed dynamically according to the Petri net computing characteristics and the effectiveness of overall network protection can be measured. This method improves the granularity of the model and simplifies the complexity of modeling complex networks and can realize dynamic and real-time risk measurement.

The Internet of Things (IoT) can be described as the ever-growing global network of objects with built-in sensing and communication interfaces such as sensors, Global Positioning devices (GPS) and Local Area Network (LAN) interfaces. Security is by far one of the biggest challenges in IoT networks. This includes secure routing which involves the secure creation of traffic routes and secure transmission of routed packets from a source to a destination. The Routing Protocol for Low-power and Lossy network (RPL) is one of the popular IoT's routing protocol that supports IPv6 communication. However, it suffers from having a basic system for supporting secure routing procedure which makes the RPL vulnerable to many attacks. This includes rank attack manipulation. Objective Function (OF) is one of the extreme importance features of RPL which influences an IoT network in terms of routing strategies as well as network topology. However, current literature lacks study of vulnerability analysis of OFs. Therefore, this paper aims to investigate the vulnerability assessment of OF of RPL protocol. For this, we focus on the rank attack manipulation and two popular OFs: Objective Function Zero (OF0) and the Minimum Rank with Hysteresis Objective Function (MRHOF).