IoTBDS 2023 Abstracts

Area 1 - Big Data Research

Full Papers

Paper Nr:	6
Title:	Quantum Clustering on Streaming Data: A Novel Method for Analyzing Big Data
Authors:	Rebecca Hofer and Kevin Mallinger
Abstract:	Quantum Clustering is an efficient unsupervised machine learning method that exploits models of quantum mechanics to discover clusters in data points. We applied an adaption of the algorithm on the CIDDS-001 and IoTID20 network intrusion datasets to distinguish malicious from benign network activity. For this purpose, we integrated Quantum Clustering into the framework of DenStream, adjusting it to the streaming data conditions required for analyzing network data. We found that this significantly improved running time and memory requirements compared to the original version of Quantum Clustering, which is known to have high computational complexity. We also found that the accuracy with which the proposed version detected patterns in network activity was comparable to established methods, confirming the algorithm’s applicability for intrusion detection.
Download

Short Papers

Paper Nr:	3
Title:	Bank Checks Fraud Detection Based on the Analysis of Event Trends in Data-Flow Systems
Authors:	Uriy Grigorev, Yury Shashkin, Andrey Ploutenko, Aleksey Burdakov and Olga Pluzhnikova
Abstract:	The paper shows trend analysis of events in data-flow systems on the example of fraud detection with not-covered checks. The analysis is based on Complex Event Processing (CEP) technology. This article proposes Algorithm 2 based on BTree and Hash type indexes for extracting a complete chain of events of any length formed by insufficient funds check deposits. The paper presents a comparison between the proposed Algorithm 2 and the existing Algorithm 1, based on the construction of event trends in the form of graphs. The average processing time of one event using the new Algorithm 2 is 56 times less with the number of events equal to 100,000. At the same time, the new Algorithm 2 processes about 900,000 events, while the existing Algorithm 1 supports only 100,000 events.
Download

Paper Nr:	22
Title:	A Scalable Decentralized and Lightweight Access Control Framework Using IOTA Tangle for the Internet of Things
Authors:	Tariq Alsboui, Muhammad Hussain, Hussain Al-Aqrabi, Richard Hill and Mohammad Hijjawi
Abstract:	With the vast development of Internet-of-Things (IoT) ecosystem, various types of information, such as healthcare records and physical resources, are integrated for different types of applications. Due to the sheer number of connected IoT devices, which generate a large amount of data, Distributed Ledger Technology, such as Blockchain and IOTA have been recently applied in developing access control models, yet they involve significant energy due to mining, low throughput, non-scalable, and computational overhead that is not acceptable for IoT resource-constrained devices. In this paper, we propose a Scalable Decentralized and Lightweight Access Control framework (SDAC) by using the IOTA platform. IOTA is an emerging distributed ledger technology that has significant features for IoT, such as zero fees transactions, scalability, security and energy efficiency. The proposed SDAC aims to improve security, authorize, and authenticate users when accessing data by using the IOTA Masked Authenticated Messaging (MAM) protocol. MAM ensures access control by encrypting and granting permission to only authorized users. The experimental results indicate that IOTA MAM is a feasible solution that can be used for managing authorization in the IoT domain.
Download

Area 2 - Emerging Services and Analytics

Short Papers

Paper Nr:	33
Title:	Generative Deep Learning for Solutions to Data Deconflation Problems in Information and Operational Technology Networks
Authors:	Roger A. Hallman, John S. Miguel, Arron Lu, Alejandro Monje, Mohammad R. Alam and George Cybenko
Abstract:	Source separation problems are a long-standing and well-studied challenge in signal processing and information sciences. The “Cocktail Party Phenomenon” and other classical source separation problems are vector representable and additive, and thus solvable by well-established linear algebra techniques. However, the proliferation and adoption of Internet-connected devices (e.g., IoT, distributed sensor networks, etc.) have led to a “Cambrian explosion” of data that is available for processing. Much of this data is not readily available for processing because it includes data objects that are categorical or non-additive superpositions (i.e., data not confined to signals). The Data Deconflation Problem refers to the challenge of identifying and separating the individual constituent elements of these complex data objects. Real-world data deconflation scenarios include pattern-of-life tracking (e.g., identifying recreational activities in conjunction with a business trip), multi-target tracking (e.g., occlusions and track assignment challenges), and network situational awareness (e.g., monitoring NATed network traffic, detecting and identifying shadow IT, network steganalysis). This paper details our approach, utilizing Generative Adversarial Networks (GANs) and attention-based Transformers, to solving the data deconflation problem, as well as our experimental application to network situational awareness tasks. We cover traditional source separation solutions and expound upon why these solutions are inadequate for network monitoring tasks. Background information on GANs and transformers is presented before a description of our architecture and initial experimentation which serves as a proof-of-concept. We then describe experimentation applying our methodology to network monitoring tasks, in particular separating activities and shadow IT devices within double-NATed network traffic. We discuss our results and our methodology’s applicability to other network monitoring tasks, such as network steganalysis and covert channel detection.
Download

Area 3 - Internet of Things (IoT) Applications

Full Papers

Paper Nr:	8
Title:	Lightweight and Self Adaptive Model for Domain Invariant Bearing Fault Diagnosis
Authors:	Chandrakanth R. Kancharla, Jens Vankeirsbilck, Dries Vanoost, Jeroen Boydens and Hans Hallez
Abstract:	While the current machine fault diagnosis is affected by the rarity of cross conditional fault data in practice, efficient implementation of these diagnosis models on resource constrained devices is another active challenge. Given such constraints, an ideal fault diagnosis model should not be either generalizable across the shifting domains or lightweight, but rather a combination of both, generalizable while being minimalistic. Preferably being uninformed about the domain shift. Addressing these computational and data centric challenges, we propose a novel methodology, Convolutional Auto-encoder and Nearest Neighbors based self adaptation (SCAE-NN), that adapts its fault diagnosis model to the changing conditions of a machine. We implemented SCAE-NN for various cross-domain fault diagnosis tasks and compared its performance against the state-of-the-art domain invariant models. Compared to the SOTA, SCAE-NN is at least 6− 7% better at predicting fault classes across conditions, while being more than 10 times smaller in size and latency. Moreover, SCAE-NN does not need any labelled target domain data for the adaptation, making it suitable for practical data scarce scenarios.
Download

Short Papers

Paper Nr:	37
Title:	Process Automation and Monitoring Systems Based on IIoT Using Private LoRaWAN Networks: A Case Study of ArcelorMittal Vega Facilities
Authors:	Danilo Farias de Carvalho and Charles C. Miers
Abstract:	The Internet of Things (IoT) is increasingly pervasive and ubiquitous in various areas. The industry is incorporating intelligence into its processes through the Industrial IoT (IIoT). However, availability and performance issues may limit IoT usage on the shop floor. Several IoT and IIoT initiatives can be applied on the factory floor to improve processes, also allowing the inclusion of less reliable equipment. Thus, there are several implementation approaches, wireless being the most used one due to its deployment flexibility and centered management. We analyze a real shop floor environment, identifying opportunities for using IIoT systems and equipment such as Long Range Wide Area Network (LoRaWAN) technologies. Our results show the possibility of improving process automation and monitoring using simple IIoT devices in Small and Medium Enterprises (SMEs) still far from Industry 4.0 level.
Download

Paper Nr:	5
Title:	University of Things: Opportunities and Challenges for a Smart Campus Environment based on IoT Sensors and Business Processes
Authors:	Mevludin Blazevic and Dennis M. Riehle
Abstract:	The university of things is an academic institution full of sensors, data, and automated processes. The collection of information and states about objects and things enables diverse research and studies in the field of information systems. This paper presents a research project, where we have set up a Smart Campus infrastructure based on Internet of Things (IoT) sensors and Long Range Wide Area Network (LoRaWAN) communication technology. From our real-world deployment, as well as from academic literature, we have identified 6 opportunities and 11 challenges for the integration and use of sensor data for business processes at universities, which are shown in this paper.
Download

Paper Nr:	23
Title:	Green Intelligent Homes: A Perspective on the Future of Smart Homes and Their Implications
Authors:	Joseph Bugeja and Andreas Jacobsson
Abstract:	The smart home technology market is witnessing rapid growth due to the advent of more advanced, intuitive, and affordable solutions. As the adoption of these technologies becomes more prevalent, there is a need for research to explore potential avenues for pervasive smart living. This study aims to review the available literature and industry studies, along with our own experiences in the field, to identify and discuss potential future research in the smart home. We observe that the future of the smart home will likely be focused on improving the user experience, with a greater emphasis on personalization, automation, and Artificial intelligence (AI)-driven technologies, leading to what we call the "Green Intelligent Home". Through this analysis, this study aims to offer insights into how the development of smart homes could shape society in the future and the potential implications of such a development. This study concludes by suggesting a framework for knowledge development in the smart home domain.
Download

Area 4 - Internet of Things (IoT) Fundamentals

Full Papers

Paper Nr:	10
Title:	An Energy Management Unit for Predictive Solar Energy Harvesting IoT
Authors:	Justus R. Anuj, Adnan Sabovic, Burcu Celikkol, Michiel Aernouts, Philippe Reiter, Siegfried Mercelis, Peter Hellinckx and Jeroen Famaey
Abstract:	As the need for stand-alone energy harvesting devices increases, the alleviation of the ecological and economic impact of their production and maintenance is possible by increasing battery life while reducing needed battery capacity. However, the increasing energy requirements of far-edge Artificial Intelligence and long-range wireless transmissions in the Internet of Things threaten to demand ever-larger battery capacities for such remote devices. Dynamic adaptation of device operation based on harvestable energy – i.e., energy awareness – is a proposed solution and can be implemented using an energy management unit. Standardizing this unit as a separate, active electronic component with standardized drivers can simplify overall system development and benefit existing devices. Hence, we propose a novel interface that allows decoupling this unit from the rest of the system, independent of the power management unit in use. As a first step, we developed a prototype that uses the proposed interface to make existing, solar energy-based, third-party devices energy-aware with provisions to be cross-compatible with differing power management units. The prototype was evaluated using an air quality sensing device and improved the overall device’s transmission rate.
Download

Paper Nr:	30
Title:	Function-as-a-Service for the Cloud-to-Thing Continuum: A Systematic Mapping Study
Authors:	Bárbara S. Oliveira, Nicolas Ferry, Hui Song, Rustem Dautov, Ankica Barišić and Atslands Rego da Rocha
Abstract:	Until recently, Internet of Things applications were mainly seen as a means to gather sensor data for further processing in the Cloud. Nowadays, with the advent of Edge and Fog Computing, digital services are dragged closer to the physical world, with data processing and storage tasks distributed across the whole Cloud-to-Thing continuum. Function-as-a-Service (FaaS) is gaining momentum as one of the promising programming models for such digital services. This work investigates the current research landscape of applying FaaS over the Cloud-to-Thing continuum. In particular, we investigate the support offered by existing FaaS platforms for the deployment, placement, orchestration, and execution of functions across the whole continuum using the Systematic Mapping Study methodology. We selected 33 primary studies and analyzed their data, bringing a broad view on the current research landscape in the area.
Download

Short Papers

Paper Nr:	26
Title:	Creating a Personalized Recommendation Framework in Smart Shopping by Using IoT Devices
Authors:	Noura Abdaoui, Ismahene H. Khalifa and Sami Faiz
Abstract:	Personalization and recommendation are two important prerequisites that must be incorporated in the Iot environment where smart devices data are generated anywhere and anytime. Both prerequisites are essential to produce a higher satisfaction level of ubiquitous recommender system which matches the preferences of the user. Is the time to improve the quality of traditional ubiquitous recommender system which failed to exploit dynamic and heterogeneous big data in delivering personalized recommendation. In this paper, we create a framework of personalized recommendations in Smart shopping where Iot devices are connected. We proposed a Fog computing architecture to solve the ubiquitous recommendations issues related to Iot challenges. The given model is a multi-layer fog structure which aims to use the multi sources big data in order to propose personalized offers according to the users’ profiles and analyze their feedbacks to improve their experiences.
Download

Paper Nr:	29
Title:	RePAD2: Real-Time Lightweight Adaptive Anomaly Detection for Open-Ended Time Series
Authors:	Ming-Chang Lee and Jia-Chun Lin
Abstract:	An open-ended time series refers to a series of data points indexed in time order without an end. Such a time series can be found everywhere due to the prevalence of Internet of Things. Providing lightweight and real-time anomaly detection for open-ended time series is highly desirable to industry and organizations since it allows immediate response and avoids potential financial loss. In the last few years, several real-time time series anomaly detection approaches have been introduced. However, they might exhaust system resources when they are applied to open-ended time series for a long time. To address this issue, in this paper we propose RePAD2, a lightweight real-time anomaly detection approach for open-ended time series by improving its predecessor RePAD, which is one of the state-of-the-art anomaly detection approaches. We conducted a series of experiments to compare RePAD2 with RePAD and another similar detection approach based on real-world time series datasets, and demonstrated that RePAD2 can address the mentioned resource exhaustion issue while offering comparable detection accuracy and slightly less time consumption.
Download

Paper Nr:	31
Title:	The Anatomy of an Infrastructure for Digital Underground Mining
Authors:	Sreekant Sreedharan, Muthu Ramachandran, Soma Ghosh and Suraj Prakash
Abstract:	Over 41.6 billion IoT devices are expected to come online by 2025, collectively capable of generating 80 zettabytes (ZB) of data. Despite the relentless progress in adoption of smart devices occurring around all us - in our smart homes, our wearable devices, our smart cities and workplaces -, progress in the adoption of smart technology in the mining sector has languished. Yet the mining sector powers our energy systems and makes components for smart devices possible, while employing over 4.5 million people world-wide in some of the most extreme & hostile environments. This paper presents the design of a prototype industrial IoT platform for large-scale industrial automation of conventional mines.
Download

Area 5 - IoT Technologies

Full Papers

Paper Nr:	15
Title:	Simulation Based Performance Evaluation of FIWARE IoT Platform for Smart Agriculture
Authors:	Kari Kolehmainen, Marco Pirazzi, Juha-Pekka Soininen and Juha Backman
Abstract:	In the domain of smart agriculture there is a growing demand for the development and implementation of robotics and Internt of Things (IoT) solutions. Using robots and autonomous vehicles such as Unmanned Aerial Vehicles (UAVs) for increasingly complex tasks requires coordinating robotic operations taking into account other robots doing complementary tasks. Using IoT platforms for adding intelligence to cooperation and coordination is a lucrative possibility. Performance constraints limit the tasks in which co-operation can be used. Information latency is a key factor for moving autonomous robots in many cases. Using the FIWARE IoT platform for information integration offers the flexibility of combining cloud-based AI analysis with robot operations, however it comes with the cost of increased latency. The messaging frequency that is dependent on the number of parallel robots, as well as their configuration, affects the overall latency of the IoT system. We present the composition of latency in the FIWARE IoT system and its limit in a practical deployment scenario.
Download

Short Papers

Paper Nr:	12
Title:	Analysis of Sensor Attacks Against Autonomous Vehicles
Authors:	Søren B. Jakobsen, Kenneth S. Knudsen and Birger Andersen
Abstract:	Fully Autonomous Vehicles (AVs) are estimated to reach consumers widely in the near future. The manufacturers need to be completely sure that AVs can outperform human drivers, which first of all requires a solid model of the world surrounding the car. Emerging trends for perception models in the automobile industry are towards combining the data from LiDAR and camera in Multi-Sensor Fusion (MSF). Making the perception model reliable in the event of unforeseen real world circumstances is tricky enough, but the real challenge comes from the security issue that arises when ill-intentioned people try to attack sensors. We analyse possible attacks and countermeasures for LiDAR and camera. We discuss it in context of MSF, and provide a simple framework for further analysis, which we conclude will be required to conceptualise a truly safe AV.
Download

Paper Nr:	13
Title:	On-Premise Internet of Things (IoT) Data Storage: Comparison of Database Management Systems
Authors:	Anna Wolters, Mevludin Blazevic and Dennis M. Riehle
Abstract:	The Internet of Things (IoT) connects millions of devices, leading to the production of vast amounts of data. For such data to be of value, efficient and effective data storage is of utmost importance. In this paper, we present a comparison of on-premise database management systems in the context of the IoT. We perform a market analysis on relational, Not Only SQL (NoSQL), and time-series database systems as well as a requirement analysis in order to comprehensively compare database systems based on functional and non-functional criteria. After an initial selection, we compare MySQL, PostgreSQL, Cassandra, MongoDB, InfluxDB, and QuestDB. As a result, we provide a best practice guide to support the decision-making on which database to select for an IoT use case.
Download

Paper Nr:	32
Title:	Reducing IoT Big Data for Efficient Storage and Processing
Authors:	Eleftheria Katsarou and Stathes Hadjiefthymiades
Abstract:	We focus on the very important problem of managing IoT data. We consider the data gathering process that yields big data intended for CDN/cloud storage. We aim to reduce big data into small data to efficiently exploit available storage without compromising their usability and interpretation. This reduction process is to be performed at the edge of the infrastructure (IoT edge devices, CDN edge servers) in a computationally acceptable way. Therefore, we employ reservoir sampling, a method that stochastically samples data and derives synopses that are finally pushed and maintained in the available storage capability. We implemented the discussed architecture using reverse proxy technologies and in particular the Varnish open source server. We provide details of our implementation and discuss critical parameters like the frequency of synopsis generation and CDN/cloud storage.
Download

Area 6 - Security, Privacy and Trust

Full Papers

Paper Nr:	11
Title:	Analysis of Security Events in Industrial Networks Using Self-Organizing Maps by the Example of Log4j
Authors:	Ricardo Hormann, Daniel Bokelmann and Frank Ortmeier
Abstract:	Concepts such as Industry 4.0 are challenging the IT security of Industrial Control Networks (ICN) due to growing connectivity with insecure networks, such as corporate networks. Vulnerable devices within the ICN need to be protected by monitoring tools such as Intrusion Detection Systems (IDS). These tools not only provide information on suspicious traffic data observed, but also assess the semantics of an attack. Given the large number of security events generated by these systems, security analysts may overlook important annotations. This work attempts to leverage semantic annotations in combination with traffic and temporal information, using unsupervised machine learning methods (Self-Organizing Maps), to facilitate processing in the Security Operation Center. Instead of handling individual security events, our approach provides groups of heterogeneous security events leading to prototypical scenarios and classified and reusable use cases that only need to be analyzed once. We evaluate our approach using a non-synthetic dataset generated on a shop floor in the automotive sector, focusing on security events related to the Log4j vulnerability.
Download

Paper Nr:	14
Title:	Castles Built on Sand: Observations from Classifying Academic Cybersecurity Datasets with Minimalist Methods
Authors:	Laurens D’hooge, Miel Verkerken, Tim Wauters, Filip De Turck and Bruno Volckaert
Abstract:	Machine learning (ML) has been a staple of academic research into pattern recognition in many fields, including cybersecurity. The momentum of ML continues to speed up alongside the advances in hardware capabilities and the methods they unlock, primarily (deep) neural networks. However, this article aims to demonstrate that the non-judicious use of ML in two prominent domains of data-based cybersecurity consistently misleads researchers into believing that their proposed methods constitute actual improvements. Armed with 17 state-of-the-art datasets in traffic and malware classification and the simplest possible machine learning model this article will show that the lack of variability in most of these datasets immediately leads to excellent models, even if that model is only one comparison per feature.
Download

Short Papers

Paper Nr:	7
Title:	Software Updates Monitoring & Anomaly Detection
Authors:	Imanol Etxezarreta Martinez, David García Villaescusa, Imanol Mugarza, Irune Yarza and Irune Agirre
Abstract:	Security is becoming a must in the current all-connected paradigm. Software updates are essential to fix any new identified security flaw or vulnerability that may appear as they normally are the fastest and cheapest solution. Nevertheless, a software update targeted to fix a determined issue could end up in a different problem. In order to detect these new issues, systems should be able to gather monitoring data so that possible effects and consequences are observed and characterized. This is specially relevant when upgrades are performed remotely, like in road vehicles, and no prior outcome information is available to the manufacturer. In this paper, a software updates monitoring, an anomaly detection procedure and a proof-of-concept are presented. The monitoring and anomaly detection approach enable the detection of performance anomalies that could result for instance, from malicious code installation during an update. This offline monitoring information can also be used for further system design improvements and to facilitate the review and assessing processes of security issues.
Download

Paper Nr:	9
Title:	The Implementation of an HSM-Based Smart Meter for Supporting DLMS/COSEM Security Suite 1
Authors:	Tzu-Hsuan Huang, Chun-Tsai Chien, Chien-Lung Wang and I-En Liao
Abstract:	To mitigate the impacts of climate change, many governments are making efforts to increase electricity generation from renewable sources. However, the massive amount of distributed energy resources (DER) involved introduces many challenges to electricity grid management. In the last decade, we have witnessed power grids gradually evolving to become smart grids with advanced metering infrastructure (AMI). The two-way nature of communication between smart meters and energy suppliers inevitably increases cyberattack surfaces for smart grids. As a result, cybersecurity problems associated with smart meters and smart grids are of great concern. the security mechanisms specified in Security Suite 1 of DLMS/COSEM. To the best of our knowledge, our smart meter prototype is the first published implementation using HSM. This also represents an important step in developing more secure IoT devices in general and smart meters in particular. Our implementation is based on the open-source project GuruX, available on GitHub. We revised the smart meter program GuruxDLMS.c to run on the Nuvoton M2354 hardware security module with the ability to invoke ECDSA, ECDH, and SHA-256 functions implemented on the HSM. The smart meter developed in this research is also tested for the implementations of ECDSA with P-256, ECDH with P-256, and SHA-256 using Conformance Test Tool version 3.1 (CTT v3.1).
Download

Paper Nr:	16
Title:	CopAS: A Big Data Forensic Analytics System
Authors:	Martin Macak, Tomas Rebok, Matus Stovcik, Mouzhi Ge, Bruno Rossi and Barbora Buhnova
Abstract:	With the advancing digitization of our society, network security has become one of the critical concerns for most organizations. In this paper, we present CopAS, a system targeted at Big Data forensics analysis, allowing network operators to comfortably analyze and correlate large amounts of network data to get insights about potentially malicious and suspicious events. We demonstrate the practical usage of CopAS for insider attack detection on a publicly available PCAP dataset and show how the system can be used to detect insiders hiding their malicious activity in the large amounts of data streams generated during the operations of an organization within the network.
Download

Paper Nr:	20
Title:	AccA: A Decentralized and Accumulator-Based Authentication and Authorization Architecture for Autonomous IoT in Connected Infrastructures
Authors:	Hannes Salin
Abstract:	In the realm of Intelligent Transport Systems and connected infrastructures, the use of IoT devices offers improved safety and efficient traffic management. However, the emergence of trends such as Social IoT, particularly in ad-hoc networking, poses a significant challenge for cybersecurity and trust between nodes. To address this, we propose an efficient trust model architecture designed specifically for dynamic, ad-hoc environments where IoT interactions are frequent. Our model focuses on decentralized authorization, where trust is established on the object level, rather than relying on centralization. Our proposed architecture is backed by security proofs and a proof-of-concept implementation using nested cryptographic accumulators, which shows the effectiveness and feasibility of the proposed trust mechanism.
Download

Paper Nr:	34
Title:	Detection of DDoS Attacks on Urban IoT Devices Using Neural Networks
Authors:	Simon Onyebuchi Obetta and Arghir-Nicolae Moldovan
Abstract:	As the Internet of Things (IoT) has grown in recent years, attackers are increasingly targeting IoT devices to perform malicious attacks such as DDoS. Often, this is due to inadequate security implementation and management of IoT devices. Sometimes, the infected IoT devices can be used as bots by attackers to launch a DDoS attack on a target. Although various security methods have been introduced for IoT devices, effective DDoS detection methods are still required. This paper compares the performance of four machine learning algorithms for DDoS detection on a recent Urban IoT dataset: Feedforward Neural Network (FNN), Deep Neural Network (DNN), Autoencoder (AEN) and Random Forest (RF). The results show that DNN achieved the highest accuracy of 95.9% on train data and 88.6% on test data.
Download

Paper Nr:	19
Title:	Attack Simulation on Data Distribution Service-based Infrastructure System
Authors:	Basem Al-Madani, Hawazen Alzahrani and Farouq Aliyu
Abstract:	Data Distributed Service (DDS) is a widely used publish-subscribe-based middleware protocol for real-time machine-to-machine communication. Many critical infrastructure systems employ DDS for Real-Time applications. These DDS-based systems must operate effectively. This study examined the possibility of manipulating or improperly configuring DDS to facilitate malicious activities. A client-side attack on a DDS-based system and its consequences were the main topics of the research since DDS systems are isolated from other networks and external users. We investigated two security flaws in DDS in an isolated environment to show how they could be employed to compromise a DDS feature. The manipulation of QoS policy configurations in the DDS system demonstrated that it has become more secure than the early versions.
Download

Paper Nr:	25
Title:	Deep Dive into Hunting for LotLs Using Machine Learning and Feature Engineering
Authors:	Tiberiu Boros and Andrei Cotaie
Abstract:	Living off the Land (LotL) is a well-known method in which attackers use pre-existing tools distributed with the operating system to perform their attack/lateral movement. LotL enables them to blend in along side sysadmin operations, thus making it particularly difficult to spot this type of activity. Our work is centered on detecting LotL via Machine Learning and Feature Engineering while keeping the number of False Positives to a minimum. The work described here is implemented in an open-source tool that is provided under the Apache 2.0 License, along side pre-trained models.
Download