52
Threat Hunting with YARA Signature to Detect Cyberattacks
CS-D-25
Shahar David; shahardavid169@gmail.com Roi Zur; tsurroi@gmail.com
Advisors: Dr. Guy Tel-Zur1, Prof. Shlomo Greenberg1 1SCE - Shamoon College of Engineering, Be’er-Sheva
Email systems are a major vector for cyber threats, bypassing traditional security measures with phishing scams and advanced persistent malware threats. An intrusion detection system (IDS) with real-time analysis is essential to detect these threats at network boundaries. Integrating YARA rules into IDS frameworks enhances that detection with precise malware signature identification and suspicious pattern definitions. This combination improves the IDS's ability to mitigate sophisticated attacks as email-based threats evolve. Our integration project leveraged the synergy of IDS and YARA rules to address the growing complexity of email-borne cyber threats, ensuring robust protection for critical communications.
Keywords: email-based threats, IDS, real-time analysis, YARA rules
Visual Simulator of a Multi-Source DDoS Attack
CS-D-26
Ora Ashush; oraas@ac.sce.ac.il Tohar Kabala; toharka@ac.sce.ac.il
Advisor: Dr. Dina Barak
SCE - Shamoon College of Engineering, Be’er-Sheva
In a DoS (denial of service) attack, the victim is flooded with fake data packets that disrupt service or cause system failure. A DDoS (distributed denial of service) attack is similar but involves multiple attackers. An attack graph helps to trace and block the attack sources. In our project we developed a method to visually reconstruct an attack graph from a simulated DDoS event, using probabilistic packet marking (PPM) and in particular edge sampling (a version of the "coupon collector's problem" in probability theory). By studying selected algorithms, we improved the attack graph reconstruction, which can aid understanding in multi-attacker scenarios, and improve mitigation strategies.
Keywords: attack graph reconstruction, botnet, cyberattack, DDoS, DoS, malware, marked packets, PPM