Leon Reznik

Intelligent Security Systems


Скачать книгу

life cases and examples are provided. Then, it moves to presenting malware detection principles, algorithms and techniques, and anti‐malware tools and technologies. Their examples and use cases are included.

      Module 6 introduces novel adversarial machine learning attacks and their taxonomy when machine learning is used against AI‐based classifiers to make them fail. It investigates a possible data corruption and quality decrease influence on the classifier performance. The module proposes data restoration procedures and other measures to protect against adversarial attacks. Generative adversarial networks are introduced, and their use is discussed. Multiple algorithm examples and use cases are included.

      This section lists standard terms used within the book and where to learn more about them.

Term Additional term Definition Definition source Book section to learn more Example
Offense
Attack Any kind of malicious activity that attempts to collect, disrupt, deny, degrade, or destroy information system resources or the information itself. NIST SP 800‐12; 1.4
Cyber attack An attack, via cyberspace, targeting an enterprise’s use of cyberspace for the purpose of disrupting, disabling, destroying, or maliciously controlling a computing environment/infrastructure; or destroying the integrity of the data or stealing controlled information. NIST SP 800‐30 Rev. 1 5.1.5
Advanced persistent threat (APT) An adversary with sophisticated levels of expertise and significant resources, allowing it through the use of multiple different attack vectors (e.g. cyber, physical, and deception) to generate opportunities to achieve its objectives, which are typically to establish and extend footholds within the information technology infrastructure of organizations for purposes of continually exfiltrating information and/or to undermine or impede critical aspects of a mission, program, or organization, or place itself in a position to do so in the future; moreover, the advanced persistent threat pursues its objectives repeatedly over an extended period of time, adapting to a defender’s efforts to resist it, and with determination to maintain the level of interaction needed to execute its objectives. NIST SP 800‐39 1,6
Adversarial machine learning (AML) AML is concerned with the design of ML algorithms that can resist security challenges, the study of the capabilities of attackers, and the understanding of attack consequences. NISTIR 8269 (DRAFT) 6
Attack signature A specific sequence of events indicative of an unauthorized access attempt. NIST SP 800‐12 Rev. 1; 4.5
Brute force A method of accessing an obstructed device by attempting multiple combinations of numeric/alphanumeric passwords. NIST 800‐101 5.1.5.2
Colluded applications Attack performed by two or more cooperating applications, when an application that individually incorporates only harmless permissions expends them by sending and receiving requests to a collaborating application. 5.1.8
Denial of Service The prevention of authorized access to resources or the delaying of time‐critical operations. (Time‐critical may be milliseconds or it may be hours, depending upon the service provided.) NIST 800‐12 5.1.5.2 Ex. 5.4
Eavesdropping An attack in which an attacker listens passively to the authentication protocol to capture information that can be used in a subsequent active attack to masquerade as the claimant. NIST 800‐63‐3 5.1.5.2
Impersonation A scenario where the attacker impersonates the verifier in an authentication protocol, usually to capture information that can be used to masquerade as a claimant to the real verifier. NIST 800‐63‐2 5.1.5.2
Phishing Fraudulent attempt to obtain sensitive information or data by impersonating oneself as a trustworthy entity in a digital communication. 5.1.5.2 Ex. 5.3
Spoofing Faking the sending address of a transmission to gain illegal entry into a secure system. CNSSI 4009‐2015 5.1.5.2. Ex. 5.7
Website fingerprinting Attack that allows an adversary to learn information about a user's web browsing activity by recognizing patterns in his traffic. 5.4.2 Ex. 5.8
Zero day An attack that exploits a previously unknown hardware, firmware, or software vulnerability. CNSSI 4009‐2015