New Solutions For Zero-Day Attacks

Uploaded on 2021-02-26 in TECHNOLOGY--Resilience, TECHNOLOGY--Hackers, FREE TO VIEW

A zero day threat is a vulnerability that developers and security researchers have known about for less than a day. In many cases, these threats are first identified by penetration testers and white hats, which gives them time to issue emergency patches.

They are usually enabled by unknown vulnerabilities and defending against zero-day attacks is one of the most fundamentally challenging security problems yet to be solved. 

Zero-day attacks continue to challenge even the strongest network security defenses. A zero-day attack path is formed when a multi- step attack contains one or more zero-day exploits. Detecting zero-day attack paths in time could enable early disclosure of zero-day threats. 

These attacks can take over a computer systems security and it can take weeks to get the systems working again. 
For instance, the WannaCry ransomware attack, which occurred in May 2017, targeted more than 200,000 Windows computers across 150 countries and caused an estimated $4 billion to $8 billion worth of damage. This adaptive machine learning-driven method was developed to address current limitations in a method to detect and respond to cyber-attacks, called moving target defense, or MTD.

Now, researchers at Penn State University have used reinforcement learning, to create an adaptive cyber defense against zero-day attacks.The team’s approach relies on reinforcement learning, which, along with supervised and unsupervised learning, is one of the three main machine learning paradigms. 

According to the researchers, reinforcement learning is a way that a decision-maker can learn to make the right choices by selecting actions that can maximise rewards by balancing exploitation, leveraging past experiences, and exploration, trying new actions. “The decision-maker learns optimal policies or actions through continuous interactions with an underlying environment, which is partially unknown,” said Peng Liu, MD Professor of Cybersecurity in the College of Information Sciences and Technology. “So, reinforcement learning is particularly well-suited to defend against zero-day attacks when critical information, the targets of the attacks and the locations of the vulnerabilities, is not available.”

Zero-day cyber attacks are among the most dangerous threats to computer systems and can cause serious and lasting damage. Due to the information asymmetry between attackers and defenders, detecting zero-day attacks remains a major challenge. Their use in cyber attacks is still at an early phase and hackers can be expected to adapt and become smarter and more effective  

TechXplore:       Research Gate:       Faronics:     NIST:        NIST:     I-HLS:    Image: Unsplash

You Might Also Read: 

Artificial Intelligence Is The Future Of Security:

 

« Social Media’s Troublesome Influence On Politics
Microsoft Releases Free Tool For Hunting SolarWinds Malware »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Usenix

Usenix

Usenix brings together the community of engineers, system administrators, scientists, and technicians working on the cutting edge of computing.

Sangfor Technologies

Sangfor Technologies

Sangfor is a global leader of IT infrastructure, security solutions, and cloud computing.

VADO Security Technologies

VADO Security Technologies

VADO Security enables the safe transfer of data between low & high security networks.

eLearnSecurity

eLearnSecurity

eLearnSecurity is an innovator in the IT Security training market providing quality online courses paired with highly practical virtual labs.

Pentera Security

Pentera Security

Pentera (formerly Pcysys) is focused on the inside threat. Our automated penetration-testing platform mimics the hacker's attack - automating the discovery of vulnerabilities.

NeuroChain

NeuroChain

NeuroChain is an intelligent ecosystem that is more secure, more reliable and much faster than blockchain.

Cyber Risk Aware

Cyber Risk Aware

Cyber Risk Aware provide a security awareness and phishing simulation platform that focuses on real threats and educates and empowers employees to be the first line of defence.

WhiteJar

WhiteJar

WhiteJar offers an innovative approach to modern cybersecurity needs, empowering Ethical Hackers within its unique crowd platform.

Beyon Cyber

Beyon Cyber

Beyon Cyber offer a complete portfolio of advanced solutions & services for cyber security in Bahrain.

PROVINTELL Cyber Security

PROVINTELL Cyber Security

PROVINTELL is a Managed Security Service Provider (MSSP) specialising in Next-Gen Cyber Defense and Response to detect and respond to threats.

Brightside AI

Brightside AI

Brightside AI is a Swiss cybersecurity SaaS that helps teams combat AI-enabled phishing threats. Protect your team today.

Vana Solutions

Vana Solutions

Vana Solutions is an Information Technology Services company. We help commercial & federal organizations select, adapt, and integrate the right technology solution so you can move faster.

Centum Digital

Centum Digital

Centum Digital provide services, products and solutions specialized in communications engineering, control and signal intelligence.

Cyber Guards

Cyber Guards

Cyber Guards provide comprehensive, turn-key cyber security programs for small and mid-size business for about the cost of one full-time cybersecurity hire.

PlanNet 21 Communications

PlanNet 21 Communications

PlanNet 21 Communications is Ireland most specialised technology solution provider.

Krash Consulting

Krash Consulting

Krash Consulting is a premier provider of Cyber Security solutions, offering a range of services to safeguard businesses against cyber-attacks, minimize fraud, and protect brand reputation globally.