Biblio

The lack of standardization of the terms insider and insider threat has been a noted problem for researchers in the insider threat field. This paper describes the investigation of 42 different definitions of the terms insider and insider threat, with the goal of better understanding the current conceptual model of insider threat and facilitating communication in the research community.

Specifics of an alias-free digitizer application for compressed digitizing and recording of wideband signals are considered. Signal sampling in this case is performed on the basis of picosecond resolution event timing, the digitizer actually is a subsystem of Event Timer A033-ET and specific events that are detected and then timed are the signal and reference sine-wave crossings. The used approach to development of this subsystem is described and some results of experimental studies are given.

Computer networks are overwhelmed by self propagating malware (worms, viruses, trojans). Although the number of security vulnerabilities grows every day, not the same thing can be said about the number of defense methods. But the most delicate problem in the information security domain remains detecting unknown attacks known as zero-day attacks. This paper presents methods for isolating the malicious traffic by using a honeypot system and analyzing it in order to automatically generate attack signatures for the Snort intrusion detection/prevention system. The honeypot is deployed as a virtual machine and its job is to log as much information as it can about the attacks. Then, using a protected machine, the logs are collected remotely, through a safe connection, for analysis. The challenge is to mitigate the risk we are exposed to and at the same time search for unknown attacks.

Rogue software, such as Fake A/V and ransomware, trick users into paying without giving return. We show that using a perceptual hash function and hierarchical clustering, more than 213,671 screenshots of executed malware samples can be grouped into subsets of structurally similar images, reflecting image clusters of one malware family or campaign. Based on the clustering results, we show that ransomware campaigns favor prepay payment methods such as ukash, paysafecard and moneypak, while Fake A/V campaigns use credit cards for payment. Furthermore, especially given the low A/V detection rates of current rogue software – sometimes even as low as 11% – our screenshot analysis approach could serve as a complementary last line of defense.

It can get the user's privacy and home energy use information by analyzing the user's electrical load information in smart grid, and this is an area of concern. A rechargeable battery may be used in the home network to protect user's privacy. In this paper, the battery can neither charge nor discharge, and the power of battery is adjustable, at the same time, we model the real user's electrical load information and the battery power information and the recorded electrical power of smart meters which are processed with discrete way. Then we put forward a heuristic algorithm which can make the rate of information leakage less than existing solutions. We use statistical methods to protect user's privacy, the theoretical analysis and the examples show that our solution makes the scene design more reasonable and is more effective than existing solutions to avoid the leakage of the privacy.

This paper proposes a steganography method using the digital images. Here, we are embedding the data which is to be secured into the digital image. Human Visual System proved that the changes in the image edges are insensitive to human eyes. Therefore we are using edge detection method in steganography to increase data hiding capacity by embedding more data in these edge pixels. So, if we can increase number of edge pixels, we can increase the amount of data that can be hidden in the image. To increase the number of edge pixels, multiple edge detection is employed. Edge detection is carried out using more sophisticated operator like canny operator. To compensate for the resulting decrease in the PSNR because of increase in the amount of data hidden, Minimum Error Replacement [MER] method is used. Therefore, the main goal of image steganography i.e. security with highest embedding capacity and good visual qualities are achieved. To extract the data we need the original image and the embedding ratio. Extraction is done by taking multiple edges detecting the original image and the data is extracted corresponding to the embedding ratio.

With the rapid development of mobile internet, mobile devices are requiring more complex authorization policy to ensure an secure access control on mobile data. However mobiles have limited resources (computing, storage, etc.) and are not suitable to execute complex operations. Cloud computing is an increasingly popular paradigm for accessing powerful computing resources. Intuitively we can solve that problem by moving the complex access control process to the cloud and implement a fine-grained access control relying on the powerful cloud. However the cloud computation may not be trusted, a crucial problem is how to verify the correctness of such computations. In this paper, we proposed a public verifiable cloud access control scheme based on Parno's public verifiable computation protocol. For the first time, we proposed the conception and concrete construction of verifiable cloud access control. Specifically, we firstly design a user private key revocable Key Policy Attribute Based Encryption (KP-ABE) scheme with non-monotonic access structure, which can be combined with the XACML policy perfectly. Secondly we convert the XACML policy into the access structure of KP-ABE. Finally we construct a security provable public verifiable cloud access control scheme based on the KP-ABE scheme we designed.

Many important security informatics problems require consideration of dynamical phenomena for their solution; examples include predicting the behavior of individuals in social networks and distinguishing malicious and innocent computer network activities based on activity traces. While information theory offers powerful tools for analyzing dynamical processes, to date the application of information-theoretic methods in security domains has focused on static analyses (e.g., cryptography, natural language processing). This paper leverages information-theoretic concepts and measures to quantify the similarity of pairs of stochastic dynamical systems, and shows that this capability can be used to solve important problems which arise in security applications. We begin by presenting a concise review of the information theory required for our development, and then address two challenging tasks: 1.) characterizing the way influence propagates through social networks, and 2.) distinguishing malware from legitimate software based on the instruction sequences of the disassembled programs. In each application, case studies involving real-world datasets demonstrate that the proposed techniques outperform standard methods.

Privacy has become a critical topic in the engineering of electric systems. This work proposes an approach for smart-grid-specific privacy requirements engineering by extending previous general privacy requirements engineering frameworks. The proposed extension goes one step further by focusing on privacy in the smart grid. An alignment of smart grid privacy requirements, dependability issues and privacy requirements engineering methods is presented. Starting from this alignment a Threat Tree Analysis is performed to obtain a first set of generic, high level privacy requirements. This set is formulated mostly on the data instead of the information level and provides the basis for further project-specific refinement.

In previous multi-authority key-policy attribute-based Encryption (KP-ABE) schemes, either a super power central authority (CA) exists, or multiple attribute authorities (AAs) must collaborate in initializing the system. In addition, those schemes are proved security in the selective model. In this paper, we propose a new fully secure decentralized KP-ABE scheme, where no CA exists and there is no cooperation between any AAs. To become an AA, a participant needs to create and publish its public parameters. All the user's private keys will be linked with his unique global identifier (GID). The proposed scheme supports any monotonic access structure which can be expressed by a linear secret sharing scheme (LSSS). We prove the full security of our scheme in the standard model. Our scheme is also secure against at most F-1 AAs corruption, where F is the number of AAs in the system. The efficiency of our scheme is almost as well as that of the underlying fully secure single-authority KP-ABE system.

Cyber-has often been considered as a coordination and control, as opposed to collaborative influence, media. This conceptual-design paper, uniquely, builds upon a number of entangled, cross disciplinary research strands – integrating engineering and conflict studies – and a detailed literature review to propose a new paradigm of assurance and deterrence models. We consider an ontology for Cyber-sûréte, which combines both the social trusts necessary for [knowledge &, information] assurance such as collaboration by social influence (CSI) and the technological controls and rules for secure information management referred as coordination by rule and control (CRC). We posit Cyber-sûréte as enabling both a 'safe-to-fail' ecology (in which learning, testing and adaptation can take place) within a fail-safe supervisory control and data acquisition (SCADA type) system, e.g. in a nuclear power plant. Building upon traditional state-based threat analysis, we consider Warning Time and the Threat equation with relation to policies for managing Cyber-Deterrence. We examine how the goods of Cyber-might be galvanised so as to encourage virtuous behaviour and deter and / or dissuade ne'er-do-wells through multiple transparencies. We consider how the Deterrence-escalator may be managed by identifying both weak influence and strong control signals so as to create a more benign and responsive cyber-ecology, in which strengths can be exploited and weaknesses identified. Finally, we consider declaratory / mutual transparencies as opposed to legalistic / controlled transparency.

This paper describes a Cyber Threat, Vulnerability and Defense Modeling and Simulation tool kit used for evaluation of systems and networks to improve cyber resiliency. This capability is used to help increase the resiliency of networks at various stages of their lifecycle, from initial design and architecture through the operation of deployed systems and networks. Resiliency of computer systems and networks to cyber threats is facilitated by the modeling of agile and resilient defenses versus threats and running multiple simulations evaluated against resiliency metrics. This helps network designers, cyber analysts and Security Operations Center personnel to perform trades using what-if scenarios to select resiliency capabilities and optimally design and configure cyber resiliency capabilities for their systems and networks.

Cyber-physical systems are particularly difficult to model and simulate because their components mix many different system modalities. In this paper we address the main technical challenges on system simulation taking into account by new characters of CPS, and provide a comprehensive view of the simulation modeling methods for integration of continuous-discrete model. Regards to UML and Simulink, two most widely accepted modeling methods in industrial designs, we study on three methods to perform the cooperation of these two kinds of heterogeneous models for co-simulation. The solution of an implementation of co-simulation method for CPS was designed under three levels architecture.

This study looks at the question of how to reduce/eliminate employee Internet Abuse. Companies have used acceptable use policies (AUP) and technology in an attempt to mitigate employees' personal use of company resources. Research shows that AUPs do not do a good job at this but that technology does. Research also shows that while technology can be used to greatly restrict personal use of the internet in the workplace, employee satisfaction with the workplace suffers when this is done. In this research experiment we used technology not to restrict employee use of company resources for personal use, but to make the employees more aware of the current Acceptable Use Policy, and measured the decrease in employee internet abuse. The results show that this method can result in a drop from 27 to 21 percent personal use of the company networks.

Despite the benefits offered by smart grids, energy producers, distributors and consumers are increasingly concerned about possible security and privacy threats. These threats typically manifest themselves at runtime as new usage scenarios arise and vulnerabilities are discovered. Adaptive security and privacy promise to address these threats by increasing awareness and automating prevention, detection and recovery from security and privacy requirements' failures at runtime by re-configuring system controls and perhaps even changing requirements. This paper discusses the need for adaptive security and privacy in smart grids by presenting some motivating scenarios. We then outline some research issues that arise in engineering adaptive security. We particularly scrutinize published reports by NIST on smart grid security and privacy as the basis for our discussions.

A successful Smart Grid system requires purpose-built security architecture which is explicitly designed to protect customer data confidentiality. In addition to the investment on electric power infrastructure for protecting the privacy of Smart Grid-related data, entities need to actively participate in the NIST interoperability framework process; establish policies and oversight structure for the enforcement of cyber security controls of the data through adoption of security best practices, personnel training, cyber vulnerability assessments, and consumer privacy audits.

In this paper, we implemented a mobile augmented reality system based on cloud computing. This system uses a mobile device with a camera to capture images of book spines and sends processed features to the cloud. In the cloud, the features are compared with the database and the information of the best matched book would be sent back to the mobile device. The information will then be rendered on the display via augmented reality. In order to reduce the transmission cost, the mobile device is used to perform most of the image processing tasks, such as the preprocessing, resizing, corner detection, and augmented reality rendering. On the other hand, the cloud is used to realize routine but large quantity feature comparisons. Using the cloud as the database also makes the future extension much more easily. For our prototype system, we use an Android smart phone as our mobile device, and Chunghwa Telecoms hicloud as the cloud.

Security issues are crucial in a number of machine learning applications, especially in scenarios dealing with human activity rather than natural phenomena (e.g., information ranking, spam detection, malware detection, etc.). In such cases, learning algorithms may have to cope with manipulated data aimed at hampering decision making. Although some previous work addressed the issue of handling malicious data in the context of supervised learning, very little is known about the behavior of anomaly detection methods in such scenarios. In this contribution, we analyze the performance of a particular method–online centroid anomaly detection–in the presence of adversarial noise. Our analysis addresses the following security-related issues: formalization of learning and attack processes, derivation of an optimal attack, and analysis of attack efficiency and limitations. We derive bounds on the effectiveness of a poisoning attack against centroid anomaly detection under different conditions: attacker's full or limited control over the traffic and bounded false positive rate. Our bounds show that whereas a poisoning attack can be effectively staged in the unconstrained case, it can be made arbitrarily difficult (a strict upper bound on the attacker's gain) if external constraints are properly used. Our experimental evaluation, carried out on real traces of HTTP and exploit traffic, confirms the tightness of our theoretical bounds and the practicality of our protection mechanisms.

Cyber-physical systems (CPS) is an integration of computation with physical systems and physical processes. It is widely used in energy, health and other industrial areas. Modeling and simulation is of the greatest challenges in CPS research. Modelica has a great potentiality in the modeling and simulation of CPS. We analyze the characteristics and requirements of CPS modeling, and also the features of Modelica in the paper. In respect of information model, physical model and model interface, this paper introduces a unified modeling method for CPS, based on Modelica. The method provides a reliable foundation for the design, analysis and verification of CPS.

Smart mobile devices such as smartphones and tablets have become an integral part of our society. However, it also becomes a prime target for attackers with malicious intents. There have been a number of efforts on developing innovative courseware to promote cybersecurity education and to improve student learning; however, hands-on labs are not well developed for smart mobile devices and for mobile security topics. In this paper, we propose to design and develop a mobile security labware with smart mobile devices to promote the cybersecurity education. The integration of mobile computing technologies and smart devices into cybersecurity education will connect the education to leading-edge information technologies, motivate and engage students in security learning, fill in the gap with IT industry need, and help faculties build expertise on mobile computing. In addition, the hands-on experience with mobile app development will promote student learning and supply them with a better understanding of security knowledge not only in classical security domains but also in the emerging mobile security areas.

Cloud security is one of the major issues that worry individuals and organizations about cloud computing. Therefore, defending cloud systems against attacks such asinsiders' attacks has become a key demand. This paper investigates insider threat in cloud relational database systems(cloud RDMS). It discusses some vulnerabilities in cloud computing structures that may enable insiders to launch attacks, and shows how load balancing across multiple availability zones may facilitate insider threat. To prevent such a threat, the paper suggests three models, which are Peer-to-Peer model, Centralized model and Mobile-Knowledgebase model, and addresses the conditions under which they work well.

What does it mean to trust, or not trust, an augmented reality system? Froma computer security point of view, trust in augmented reality represents a real threat to real people. The fact that augmented reality allows the programmer to tinker with the user's senses creates many opportunities for malfeasance. It might be natural to think that if we warn users to be careful it will lower their trust in the system, greatly reducing risk.

Protecting critical infrastructure from cyberattacks by other nations is a matter of considerable concern. Can deterrence play a role in such protection? Can lessons from nuclear deterrence-the most elaborated and successful version of deterrence-be adapted to the cyber case? Currently, little overlap exists between the two, although that might change in the aftermath of an extensive, destructive cyberattack. The most effective way to protect the cyber-dependent infrastructure is a comprehensive defense (deterrence by denial), which was impractical in the nuclear regime. However, this approach presents challenges. Existing legal norms, particularly those related to controlling collateral damage, might provide some deterrence. Another option might be a new international agreement, but that would involve several difficult issues.

Performance of routing is severely degraded when misbehaving nodes drop packets instead of properly forwarding them. In this paper, we propose a Game-Theoretic Adaptive Multipath Routing (GTAMR) protocol to detect and punish selfish or malicious nodes which try to drop information packets in routing phase and defend against collaborative attacks in which nodes try to disrupt communication or save their power. Our proposed algorithm outranks previous schemes because it is resilient against attacks in which more than one node coordinate their misbehavior and can be used in networks which wireless nodes use directional antennas. We then propose a game theoretic strategy, ERTFT, for nodes to promote cooperation. In comparison with other proposed TFT-like strategies, ours is resilient to systematic errors in detection of selfish nodes and does not lead to unending death spirals.

The question of whether strategic deterrence in cyberspace is achievable given the challenges of detection, attribution and credible retaliation is a topic of contention among military and civilian defense strategists. This paper examines the traditional strategic deterrence theory and its application to deterrence in cyberspace (the newly defined 5th battlespace domain, following land, air, sea and space domains), which is being used increasingly by nation-states and their proxies to achieve information dominance and to gain tactical and strategic economic and military advantage. It presents a taxonomy of cyberattacks that identifies which types of threats in the confidentiality, integrity, availability cybersecurity model triad present the greatest risk to nation-state economic and military security, including their political and social facets. The argument is presented that attacks on confidentiality cannot be subject to deterrence in the current international legal framework and that the focus of strategy needs to be applied to integrity and availability attacks. A potential cyberdeterrence strategy is put forth that can enhance national security against devastating cyberattacks through a credible declaratory retaliation capability that establishes red lines which may trigger a counter-strike against all identifiable responsible parties. The author believes such strategy can credibly influence nation-state threat actors who themselves exhibit serious vulnerabilities to cyber attacks from launching a devastating cyber first strike.