RESUMEN
Recently, with the normalization of non-face-to-face online environments in response to the COVID-19 pandemic, the possibility of cyberattacks through endpoints has increased. Numerous endpoint devices are managed meticulously to prevent cyberattacks and ensure timely responses to potential security threats. In particular, because telecommuting, telemedicine, and tele-education are implemented in uncontrolled environments, attackers typically target vulnerable endpoints to acquire administrator rights or steal authentication information, and reports of endpoint attacks have been increasing considerably. Advanced persistent threats (APTs) using various novel variant malicious codes are a form of a sophisticated attack. However, conventional commercial antivirus and anti-malware systems that use signature-based attack detection methods cannot satisfactorily respond to such attacks. In this paper, we propose a method that expands the detection coverage in APT attack environments. In this model, an open-source threat detector and log collector are used synergistically to improve threat detection performance. Extending the scope of attack log collection through interworking between highly accessible open-source tools can efficiently increase the detection coverage of tactics and techniques used to deal with APT attacks, as defined by MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK). We implemented an attack environment using an APT attack scenario emulator called Carbanak and analyzed the detection coverage of Google Rapid Response (GRR), an open-source threat detection tool, and Graylog, an open-source log collector. The proposed method expanded the detection coverage against MITRE ATT&CK by approximately 11% compared with that conventional methods. © 2023 Tech Science Press. All rights reserved.
RESUMEN
After the COVID-19 pandemic, cyberattacks are increasing as non-face-to-face environments such as telecommuting and telemedicine proliferate. Cyberattackers exploit vulnerabilities in remote systems and endpoint devices in major enterprises and infrastructures. To counter these attacks, fast detection and response are essential because advanced persistent threat (APT) attacks intelligently infiltrate endpoint devices for long periods and spread to large-scale environments. However, because conventional security systems are signature-based, fast detection of APT attacks is challenging, and it is difficult to respond flexibly to the environment. In this study, we propose an APT fast detection and response technique using open-source tools that improves the efficiency of existing endpoint information protection systems and swiftly detects the APT attack process. Performance test results based on realistic scenarios using the open-source APT attack library and MITER ATT&CK indicated that fast detection was possible with higher accuracy for the early stages of APT attacks in scenarios where endpoint attack detectors are interworking environments. © 2022 The Authors
RESUMEN
With COVID-19 still present, bringing students safely back to campus is a critical task. COVID-19 testing has become synonymous with controlling an outbreak;however, concerns about how to safely test numerous students in a short amount of time have arisen. Simulation modeling and analysis provide valuable solutions by giving clear insights into complex systems. A discrete event simulation (DES) model is used to study a COVID-19 testing facility at a university. The aim of the simulation study is to optimally allocate limited resources, identify bottlenecks, and propose an alternative scheduling strategy to improve system performances. COVID-19 testing completion time, waiting time in queue, and throughput are assessed for efficiency and safety. The optimal ratio of resources allows for efficient allocation of resources, without reducing system capability. With standard scheduling of arrivals, long queues in the first 10 minutes increase the risk of COVID-19. Overlapping scheduling is a method of scheduling with overlapping time blocks that distributes arrivals more evenly. The proposed alternative of overlapping scheduling addresses the issue of long queues, potential close contacts, and low system operational efficiency. The proposed alternative reduces the maximum arrival queue by 64.51% and the maximum COVID-19 testing time by 16.67%. The proposed alternative can handle a 33.33% increase in demand, resulting in equal average COVID-19 testing times as the baseline model. © 2021 IISE Annual Conference and Expo 2021. All rights reserved.
RESUMEN
The COVID-19 pandemic is reshaping and complicating the world. Nowhere has it been more controversial and complex than in reopening plans for schools. Observing student behavior indicates that the dining hall services are a major area of concern in reopening plans. Careful consideration and focus need to be taken into account for dealing with high demands in short timeframes experienced at dining halls. The removal of masks while eating increases the probability of spreading germs between individuals, forming a potential hotspot for spreading if a breakout were to occur. The dining halls are a complex system, in which modeling student behavior becomes critical conditions for determining results. Using Simio, a simulation and modeling software, three dining hall models were created and analyzed to determine the optimal number of people that should be allowed into the system where COVID-19 protocols could be followed but did not cause workstations to be idle. Parameters for the simulations were created from student conducted time studies. Simulation provided the ability to effectively compare alternative models with different conditions. Cycle time as well as queuing time and length were calculated for each model, which indicated the effectiveness of the system on meeting demand. The instructional models were compared to the baseline model to validate the dining hall COVID-19 reopening policies. The analysis proved guidelines for the dining halls would help limit the number of close contacts and get students through the system quickly;overall helping campus dining services serve students safely and quickly. © 2021 IISE Annual Conference and Expo 2021. All rights reserved.