* update 2024-04-12 06:16:40

arXiv_db/Malware/2024.md

@@ -906,3 +906,27 @@
 
 </details>
 
+<details>
+
+<summary>2024-04-10 03:53:46 - Port Forwarding Services Are Forwarding Security Risks</summary>
+
+- *Haoyuan Wang, Yue Xue, Xuan Feng, Chao Zhou, Xianghang Mi*
+
+- `2403.16060v2` - [abs](http://arxiv.org/abs/2403.16060v2) - [pdf](http://arxiv.org/pdf/2403.16060v2)
+
+> We conduct the first comprehensive security study on representative port forwarding services (PFS), which emerge in recent years and make the web services deployed in internal networks available on the Internet along with better usability but less complexity compared to traditional techniques (e.g., NAT traversal techniques). Our study is made possible through a set of novel methodologies, which are designed to uncover the technical mechanisms of PFS, experiment attack scenarios for PFS protocols, automatically discover and snapshot port-forwarded websites (PFWs) at scale, and classify PFWs into well-observed categories. Leveraging these methodologies, we have observed the widespread adoption of PFS with millions of PFWs distributed across tens of thousands of ISPs worldwide. Furthermore, 32.31% PFWs have been classified into website categories that serve access to critical data or infrastructure, such as, web consoles for industrial control systems, IoT controllers, code repositories, and office automation systems. And 18.57% PFWs didn't enforce any access control for external visitors. Also identified are two types of attacks inherent in the protocols of Oray (one well-adopted PFS provider), and the notable abuse of PFSes by malicious actors in activities such as malware distribution, botnet operation and phishing.
+
+</details>
+
+<details>
+
+<summary>2024-04-10 15:01:40 - AI-Enabled System for Efficient and Effective Cyber Incident Detection and Response in Cloud Environments</summary>
+
+- *Mohammed Ashfaaq M. Farzaan, Mohamed Chahine Ghanem, Ayman El-Hajjar, Deepthi N. Ratnayake*
+
+- `2404.05602v2` - [abs](http://arxiv.org/abs/2404.05602v2) - [pdf](http://arxiv.org/pdf/2404.05602v2)
+
+> The escalating sophistication and volume of cyber threats in cloud environments necessitate a paradigm shift in strategies. Recognising the need for an automated and precise response to cyber threats, this research explores the application of AI and ML and proposes an AI-powered cyber incident response system for cloud environments. This system, encompassing Network Traffic Classification, Web Intrusion Detection, and post-incident Malware Analysis (built as a Flask application), achieves seamless integration across platforms like Google Cloud and Microsoft Azure. The findings from this research highlight the effectiveness of the Random Forest model, achieving an accuracy of 90% for the Network Traffic Classifier and 96% for the Malware Analysis Dual Model application. Our research highlights the strengths of AI-powered cyber security. The Random Forest model excels at classifying cyber threats, offering an efficient and robust solution. Deep learning models significantly improve accuracy, and their resource demands can be managed using cloud-based TPUs and GPUs. Cloud environments themselves provide a perfect platform for hosting these AI/ML systems, while container technology ensures both efficiency and scalability. These findings demonstrate the contribution of the AI-led system in guaranteeing a robust and scalable cyber incident response solution in the cloud.
+
+</details>
+