The loopholes are also divided into threes and nines. Theoretically, there are some loopholes that are not enough for an attacker to threaten your system. However, there are loopholes, such as Zero-day Exploit, that are extremely destructive. Some people rely on such loopholes to develop malicious software, invade people's computer systems, and steal important information. This is one of the biggest threats to cyber security today.
Discovering vulnerabilities and preventing the production of malicious software is an important task for network security experts. Today, a research team at Arizona State University has developed a set of machine learning algorithms to help monitor and identify these vulnerabilities in the black market.
The birth of a malicious softwareIn February 2015, Microsoft discovered a serious flaw in the Windows operating system that could allow hackers to remotely manipulate the target computer. The vulnerability has a huge range of impacts, including Vista, Win7, Win8 and other server systems.
Microsoft immediately released a patch, but the details of the vulnerability soon spread throughout the hacking community.
In April, an exploit based on this vulnerability was sold on black and sold for $15,000. In July, the first malware based on this product appeared as a Trojan horse program named Dyre Banking that could attack users around the world and steal credit card numbers from infected devices.
From the above incident, we can see the basic process of the emergence of malicious software. First, a hacker uses a loophole to develop a program product that can be used for attack and sells it on the black market. The buyer uses it to develop malicious software and then infects user equipment .
In this case, Microsoft itself discovered the vulnerability and released patches in advance. However, if malicious hackers discovered the vulnerability before the software company, then this loophole is a “zero-day vulnerabilityâ€. The word "zero day" is used to satire that software vendors and security companies simply do not know their loopholes: software vendors know this loophole for a few days? No day! The main goal of network security experts is to find them before the "zero-day vulnerability" program becomes malicious.
Deep and dark nets under machine learningFor Arizona State University's Eric Nunes and colleagues, this Dyre Banking Trojan incident gave them an important inspiration and could use a completely new approach to deal with such cybersecurity issues.
They use machine learning to research hacker forums and trading markets in Deep Web and Dark Web, and track the latest loopholes .
Let’s talk about the concepts of deep and dark networks first. The general network is divided into three levels. The first is the surface network , which is the network that ordinary people usually use and use. Any search engine can crawl and easily access it. Then there is the deep network : all networks except the surface network are called deep networks, search engines can not crawl it, it is not completely hidden, but ordinary search engines can not find its whereabouts. The third layer is the dark network : dark network is part of the deep network, but it is artificially hidden. If you are not a big player, you can hardly break into this network.
Nunes and his colleagues developed a crawler program that gathered information from deep and dark web HTML pages to monitor the activities of hackers here. Obviously, the key to this work is to find the best starting page for the crawler program, and this task must be completed by someone familiar with Deep Web.
The depth of the contents of the deep network, Nunes's system only extracts information related to hacking activities, and abandon the irrelevant drug-like, weapons trading and other content. Therefore, in the process of building a database, it is necessary to label information, and to indicate to the algorithm which are related to hacking activities and which are irrelevant. In the current training database, 25% of the labels are done manually, and one person has to label 5 black market products per minute or two topics in a forum. Later, they used tagged data to train algorithms and used unlabeled data to test learning outcomes.
Research resultsThe results of machine learning are very interesting. Nunes and his colleagues stated that this machine learning model has a recognition rate of 92% for the black market products and 80% for the malicious attack topics discussed in the forum . This is a very high accuracy.
And this system has revealed some malicious hacking behavior. "In four weeks, we discovered 16 zero-day loopholes in the black market transaction data," the team revealed. This includes a serious vulnerability for Android, the transaction price is 20,000 US dollars, there is a security vulnerability of IE 11 browser, the price is 10,000 US dollars.
The team also produced social pedigrees in deep web forums and trading markets . The team stated that 751 deep-net users appeared in more than one transaction market, among which one seller was active in 7 markets and 1 forum, and provided more than 80 products related to malicious attacks.
This business is really profitable. "The black market customer rated the seller between 4.7 and 5.0. He has conducted more than 7,000 successful transactions, which means that his product is very reliable and very popular among buyers." Nunes and colleagues said.
At present, this system collects 305 high-quality cyber threat warnings on an average week , which has attracted the attention of many businesses. In fact, the team revealed that they are now ready to hand over the system to a business partner. If this team continues to search for zero-day vulnerabilities, and before these vulnerabilities develop into malicious programs, they can help software developers repair vulnerabilities in time, which is of great help to network security experts.
Of course, this will also become part of the “cat and mouse game†in cybersecurity. Now hackers already know that they are being systematically monitored and do not know how they will change their behavior. If this change happens, the cat and mouse game will enter a new round.
Via MIT Technology Review
Industrial Energy Storage System
The main function of the Industrial Energy Storage System is to store energy in the industrial field to meet the energy demand in the industrial production process. It is an energy storage solution for improving energy efficiency and power supply stability in industrial production systems.
Main effect:
Energy peak shaving: Industrial energy storage systems can store energy and release energy at the peak of energy demand to meet the high energy consumption demand in the industrial production process. This helps to achieve a balanced deployment of energy and avoid energy waste or power outages caused by imbalances in energy supply and demand.
Reserve power supply: When the power supply of the power grid is unstable or there is a power outage, the industrial energy storage system can be used as a backup power supply to continue to supply the power required by industrial equipment and ensure the continuous operation of industrial production.
Energy saving and emission reduction: Through rational use of energy storage, industrial energy storage systems can optimize energy consumption and reduce energy waste, thereby achieving the goal of energy saving and emission reduction, and reducing the impact of industrial production on the environment.
Differences from other energy storage systems:
Scale and capacity: Industrial energy storage systems usually have large scale and energy storage capacity to meet the high energy demand in industrial production. Home energy storage systems, on the other hand, are usually smaller and are mainly used in home photovoltaic power generation systems.
Application scenarios: Industrial energy storage systems are mainly used in the industrial field to meet the energy demand in the industrial production process. The Home Energy Storage System is used in the home photovoltaic power generation system to improve the energy self-sufficiency of the home.
Control and management: Due to the large scale of industrial energy storage systems, their control and management require more complex and precise technical means to achieve efficient energy utilization and stable supply. Home energy storage systems are usually relatively simple and easier to automate and manage.
Generally speaking, the main function of industrial energy storage systems is to meet the energy demand in the process of industrial production, realize the balanced deployment of energy, and the stability of the power supply. Compared with home energy storage systems, it is different in terms of scale, capacity, application scenarios, and technical complexity. The application of industrial energy storage systems helps to improve the energy utilization efficiency of industrial production, optimize energy management, and promote sustainable development and green production.
large scale battery energy storage systems, utility scale battery energy storage systems, electrical energy storage systems, commercial and industrial energy storage, energy storage system company
Ningbo Autrends International Trade Co., Ltd. , https://www.aitsolarpanels.com