This paper introduces the middleman attack methods which are against the remote desktop protocol(RDP),discusses advantages and disadvantages of several current mainstream prevention strategies,and puts forward a new p...This paper introduces the middleman attack methods which are against the remote desktop protocol(RDP),discusses advantages and disadvantages of several current mainstream prevention strategies,and puts forward a new prevention strategy.The strategy,taking advantage of the original key agreement process of the RDP,designs a piecewise authentication scheme of the key agreement.Using the strategy can achieve the purpose of prevention and detection of middleman attacks.Finally,the security of the strategy is analyzed.展开更多
The detection of cyber threats has recently been a crucial research domain as the internet and data drive people’s livelihood.Several cyber-attacks lead to the compromise of data security.The proposed system offers c...The detection of cyber threats has recently been a crucial research domain as the internet and data drive people’s livelihood.Several cyber-attacks lead to the compromise of data security.The proposed system offers complete data protection from Advanced Persistent Threat(APT)attacks with attack detection and defence mechanisms.The modified lateral movement detection algorithm detects the APT attacks,while the defence is achieved by the Dynamic Deception system that makes use of the belief update algorithm.Before termination,every cyber-attack undergoes multiple stages,with the most prominent stage being Lateral Movement(LM).The LM uses a Remote Desktop protocol(RDP)technique to authenticate the unauthorised host leaving footprints on the network and host logs.An anomaly-based approach leveraging the RDP event logs on Windows is used for detecting the evidence of LM.After extracting various feature sets from the logs,the RDP sessions are classified using machine-learning techniques with high recall and precision.It is found that the AdaBoost classifier offers better accuracy,precision,F1 score and recall recording 99.9%,99.9%,0.99 and 0.98%.Further,a dynamic deception process is used as a defence mechanism to mitigateAPTattacks.A hybrid encryption communication,dynamic(Internet Protocol)IP address generation,timing selection and policy allocation are established based on mathematical models.A belief update algorithm controls the defender’s action.The performance of the proposed system is compared with the state-of-the-art models.展开更多
After the global pandemic,DaaS(desktop as a service)has become the first choice of many companies’remote working solution.As the desktops are usually deployed in the public cloud when using DaaS,customers are more co...After the global pandemic,DaaS(desktop as a service)has become the first choice of many companies’remote working solution.As the desktops are usually deployed in the public cloud when using DaaS,customers are more cost-sensitive which boosts the requirement of proactive power management.Prior researches in this area focus on virtual desktop infrastructure(VDI)session logon behavior modeling,but for the remote desktop service host(RDSH)-shared desktop pools,logoff optimization is also important.Existing systems place sessions by round-robin or in a pre-defined order without considering their logoff time.However,these approaches usually suffer from the situation that few left sessions prevent RDSH servers from being powered-off which introduces cost waste.In this paper,we propose session placement via adaptive user logoff prediction(SODA),an innovative compound model towards proactive RDSH session placement.Specifically,an ensemble machine learning model that can predict session logoff time is combined with a statistical session placement bucket model to place RDSH sessions with similar logoff time in a more centralized manner on RDSH hosts.Consequently,the infrastructure cost-saving can be improved by reducing the resource waste introduced by those RDSH hosts with very few hanging sessions left for a long time.Experiments on real RDSH pool data demonstrate the effectiveness of the proposed proactive session placement approach against existing static placement techniques.展开更多
基金the National Natural Science Foundation of China(No.61272500)the Beijing Natural Science Foundation(No.4142008)the Pre-launch of Beijing City Government Key Tasks and District Government Emergency Projects(No.Z131100005613030)
文摘This paper introduces the middleman attack methods which are against the remote desktop protocol(RDP),discusses advantages and disadvantages of several current mainstream prevention strategies,and puts forward a new prevention strategy.The strategy,taking advantage of the original key agreement process of the RDP,designs a piecewise authentication scheme of the key agreement.Using the strategy can achieve the purpose of prevention and detection of middleman attacks.Finally,the security of the strategy is analyzed.
文摘The detection of cyber threats has recently been a crucial research domain as the internet and data drive people’s livelihood.Several cyber-attacks lead to the compromise of data security.The proposed system offers complete data protection from Advanced Persistent Threat(APT)attacks with attack detection and defence mechanisms.The modified lateral movement detection algorithm detects the APT attacks,while the defence is achieved by the Dynamic Deception system that makes use of the belief update algorithm.Before termination,every cyber-attack undergoes multiple stages,with the most prominent stage being Lateral Movement(LM).The LM uses a Remote Desktop protocol(RDP)technique to authenticate the unauthorised host leaving footprints on the network and host logs.An anomaly-based approach leveraging the RDP event logs on Windows is used for detecting the evidence of LM.After extracting various feature sets from the logs,the RDP sessions are classified using machine-learning techniques with high recall and precision.It is found that the AdaBoost classifier offers better accuracy,precision,F1 score and recall recording 99.9%,99.9%,0.99 and 0.98%.Further,a dynamic deception process is used as a defence mechanism to mitigateAPTattacks.A hybrid encryption communication,dynamic(Internet Protocol)IP address generation,timing selection and policy allocation are established based on mathematical models.A belief update algorithm controls the defender’s action.The performance of the proposed system is compared with the state-of-the-art models.
文摘After the global pandemic,DaaS(desktop as a service)has become the first choice of many companies’remote working solution.As the desktops are usually deployed in the public cloud when using DaaS,customers are more cost-sensitive which boosts the requirement of proactive power management.Prior researches in this area focus on virtual desktop infrastructure(VDI)session logon behavior modeling,but for the remote desktop service host(RDSH)-shared desktop pools,logoff optimization is also important.Existing systems place sessions by round-robin or in a pre-defined order without considering their logoff time.However,these approaches usually suffer from the situation that few left sessions prevent RDSH servers from being powered-off which introduces cost waste.In this paper,we propose session placement via adaptive user logoff prediction(SODA),an innovative compound model towards proactive RDSH session placement.Specifically,an ensemble machine learning model that can predict session logoff time is combined with a statistical session placement bucket model to place RDSH sessions with similar logoff time in a more centralized manner on RDSH hosts.Consequently,the infrastructure cost-saving can be improved by reducing the resource waste introduced by those RDSH hosts with very few hanging sessions left for a long time.Experiments on real RDSH pool data demonstrate the effectiveness of the proposed proactive session placement approach against existing static placement techniques.
