Biblio

The need for cyber resilience is increasingly important in our technology-dependent society, where computing systems, devices and data will continue to be the target of cyber attackers. Hence, we propose a conceptual framework called ‘Human-in-the-Loop Explainable-AI-Enabled Vulnerability Detection, Investigation, and Mitigation’ (HXAI-VDIM). Specifically, instead of resolving complex scenario of security vulnerabilities as an output of an AI/ML model, we integrate the security analyst or forensic investigator into the man-machine loop and leverage explainable AI (XAI) to combine both AI and Intelligence Assistant (IA) to amplify human intelligence in both proactive and reactive processes. Our goal is that HXAI-VDIM integrates human and machine in an interactive and iterative loop with security visualization that utilizes human intelligence to guide the XAI-enabled system and generate refined solutions.

While the need for content distribution proliferates - becoming more mammoth and complex on the Internet - the P2P network perseveres as one of the best avenues to service the demand for content distribution. It enjoys a wide range of clients that transport data in bits securely, making it susceptible to moving dubious contents, hence becoming exposed to varying security threats that require credible digital investigation to address. The tools and techniques used in performing digital investigations are still mostly lagging, successfully slowing down law enforcement agencies in general. The acquisition of digital evidence over the Internet is still elusive in the battle against cybercrime. This paper considers a new technique for detecting passive peers that participate in a P2P network. As part of our study, we crawled the µTorrent P2P client over 10 days while logging all participating peers. We then employed digital forensic techniques to analyze the popular users and generate evidence within them with high accuracy. Finally, we evaluated our proposed approach against the standard Analysis, Design, Development, Implementation, and Evaluation, or ADDIE model for digital investigation to arrive at the credible digital evidence presented in this paper.

Cybercrime is growing dramatically in the technological world nowadays. World Wide Web criminals exploit the personal information of internet users and use them to their advantage. Unethical users leverage the dark web to buy and sell illegal products or services and sometimes they manage to gain access to classified government information. A number of illegal activities that can be found in the dark web include selling or buying hacking tools, stolen data, digital fraud, terrorists activities, drugs, weapons, and more. The aim of this project is to collect evidence of any malicious activity in the dark web by using computer security mechanisms as traps called honeypots.

The emergence of novel technologies and high speed networks has enabled a continually generation of huge volumes of data that should be stored and processed. These big data have allowed the emergence of new forms of complex attacks whose resolution represents a big challenge. Different methods and tools are developed to deal with this issue but definite detection is still needed since various features are not considered and tracing back an attack remains a timely activity. In this context, we propose an investigation framework that allows the reconstruction of complex attack scenarios based on huge volume of data. This framework used a temporal conceptual graph to represent the big data and the dependency between them in addition to the tracing back of the whole attack scenario. The selection of the most probable attack scenario is assisted by a developed decision model based on hybrid neural network that enables the real time classification of the possible attack scenarios using RBF networks and the convergence to the most potential attack scenario within the support of an Elman network. The efficiency of the proposed framework has been illustrated for the global attack reconstruction process targeting a smart city where a set of available services are involved.

Cybercrime has been regarded understandably as a consequent compromise that follows the advent and perceived success of the computer and internet technologies. Equally effecting the privacy, trust, finance and welfare of the wealthy and low-income individuals and organizations, this menace has shown no indication of slowing down. Reports across the world have consistently shown exponential increase in the numbers and costs of cyber-incidents, and more worriedly low conviction rates of cybercriminals, over the years. Stakeholders increasingly explore ways to keep up with containing cyber-incidents by devising tools and techniques to increase the overall efficiency of investigations, but the gap keeps getting wider. However, criminal profiling - an investigative technique that has been proven to provide accurate and valuable directions to traditional crime investigations - has not seen a widespread application, including a formal methodology, to cybercrime investigations due to difficulties in its seamless transference. This paper, in a bid to address this problem, seeks to preliminarily identify the exact benefits criminal profiling has brought to successful traditional crime investigations and the benefits it can translate to cybercrime investigations, identify the challenges posed by the cyber-scene to its implementation in cybercrime investigations, and proffer a practicable solution.

Organizations not only need to defend their IT systems against external cyber attackers, but also from malicious insiders, that is, agents who have infiltrated an organization or malicious members stealing information for their own profit. In particular, malicious insiders can leak a document by simply opening it and taking pictures of the document displayed on the computer screen with a digital camera. Using a digital camera allows a perpetrator to easily avoid a log trail that results from using traditional communication channels, such as sending the document via email. This makes it difficult to identify and prove the identity of the perpetrator. Even a policy prohibiting the use of any device containing a camera cannot eliminate this threat since tiny cameras can be hidden almost everywhere. To address this leakage vector, we propose a novel screen watermarking technique that embeds hidden information on computer screens displaying text documents. The watermark is imperceptible during regular use, but can be extracted from pictures of documents shown on the screen, which allows an organization to reconstruct the place and time of the data leak from recovered leaked pictures. Our approach takes advantage of the fact that the human eye is less sensitive to small luminance changes than digital cameras. We devise a symbol shape that is invisible to the human eye, but still robust to the image artifacts introduced when taking pictures. We complement this symbol shape with an error correction coding scheme that can handle very high bit error rates and retrieve watermarks from cropped and compressed pictures. We show in an experimental user study that our screen watermarks are not perceivable by humans and analyze the robustness of our watermarks against image modifications.