Cyber-attacks against companies and governments are increasing in complexity, persistence and numbers. Attackers take more time and effort to remain undetected than previously known multistep attacks. Common intrusion detection methods lack in their ability to detect such complex attacks. A new approach to detection is therefore needed which takes the stepwise characteristics of these new threa...

Constructing an efficient and accurate model from security events to determine an attack scenario for an enterprise network is challenging. In this paper, we discuss how to use the information obtained from security events to construct an attack scenario and build an evidence graph. To achieve the accuracy and completeness of the evidence graph, we use Prolog inductive and abductive reasoning t...

Clock control sequence reconstruction is a key phase in the cryptanalysis of irregularly clocked Linear Feedback Shift Registers (LFSRs), which are widely used in spreadspectrum systems. The previously published reconstruction methods have been designed to work in the known plaintext attack scenario, i.e. without noise. However, the influence of noise on the effectiveness of the clock control s...

MIFARE Classic is the most widely used contactless smart card in the world. It implements a proprietary symmetric-key mutual authentication protocol with a dedicated reader and a proprietary stream cipher algorithm known as CRYPTO1, both of which have been reverse engineered. The existing attacks in various scenarios proposed in the literature demonstrate that MIFARE Classic does not offer the ...

Modern-day attackers tend to use sophisticated multi-stage/multi-host attack techniques and anti-forensics tools to cover their attack traces. Due to the current limitations of intrusion detection systems (IDS) and forensic analysis tools, the evidence can be a false positive or missing. Besides, the number of security events is so large that finding an attack pattern is like finding a needle i...

Near Field Communication’s card emulation mode is a way to combine smartcards with a mobile phone. Relay attack scenarios are well-known for contactless smartcards. In the past, relay attacks have only been considered for the case, where an attacker has physical proximity to an NFC-enabled mobile phone. However, a mobile phone introduces a significantly di↵erent threat vector. A mobile phone’s ...

We present a novel alert correlation approach based on the factor analysis statistical technique for malware characterization. Our approach involves mechanically computing a set of abstract quantities, called factors, for expressing the intrusion detection system (IDS) alerts pertaining to malware instances. These factors correspond to patterns of alerts, and can be used to succinctly character...

BACKGROUND The new reality of biologic terrorism and warfare has ignited a debate about whether to reintroduce smallpox vaccination. METHODS We developed scenarios of smallpox attacks and built a stochastic model of outcomes under various control policies. We conducted a systematic literature review and estimated model parameters on the basis of European and North American outbreaks since Wor...

In this note we present the first attack with feasible complexity on the 13-round AES-256. The attack runs in the related-subkey scenario with four related keys, in 2 time, data, and memory.