Biblio

The rise in the number of devices joining the Internet of Things (IoT) has created a huge potential for distributed denial of service (DDoS) attacks, especially due to the lack of security in these computationally limited devices. Malicious actors have realized that and managed to turn large sets of IoT devices into botnets under their control. Given this scenario, this work studies botnet architectures identified so far and assesses how they are considered in the few recent defense proposals that consider botnet architectures.

Point of Sale (POS) systems has become the technology of choice for most businesses and offering number of advantages over traditional cash registers. They manage staffs, customers, transaction, inventory, sale and labor reporting, price adjustment, as well as keeping track of cash flow, expense management, reducing human errors and more. Whether traditional on-premise POS, or Cloud-Bases POS, they help businesses to run more efficiently. However, despite all these advantages, POS systems are becoming targets of a number of cyber-attacks. Security of a POS system is a key requirement of the Payment Card Industry Data Security Standard (PCI DSS). This paper undertakes research into the PCI DSS and its accompanying standards, in an attempt to break or bypass security measures using varying degrees of vulnerability and penetration attacks in a methodological format. The resounding goal of this experimentation is to achieve a basis from which attacks can be made against a realistic networking environment from whence an intruder can bypass security measures thus exposing a vulnerability in the PCI DSS and potentially exposing confidential customer payment information.

Social networks are highly preferred to express opinions, share information, and communicate with others on arbitrary topics. However, the downside is that many cybercriminals are leveraging social networks for cyber-crime. Internet Relay Chat (IRC) is the important social networks which can grant the anonymity to users by allowing them to connect channels without sign-up process. Therefore, IRC has been the playground of hackers and anonymous users for various operations such as hacking, cracking, and carding. Hence, it is urgent to study effective methods which can identify the authors behind the IRC messages. In this paper, we design an autonomic IRC monitoring system, performing recursive deep learning for classifying threat levels of messages and develop a novel author verification approach with one-class classification with deep autoencoder neural networks. The experimental results show that our approach can successfully perform effective author verification for IRC users.

Nowadays, the growing need to connect modern vehicles through computer networks leads to increased risks of cyberattacks. The internal network, which governs the several electronic components of a vehicle, is becoming increasingly overexposed to external attacks. The Controller Area Network (CAN) protocol, used to interconnect those devices is the key point of the internal network of modern vehicles. Therefore, securing such protocol is crucial to ensure a safe driving experience. However, the CAN is a standard that has undergone little changes since it was introduced in 1983. More precisely, in an attempt to reduce latency, the transfer of information remains unencrypted, which today represents a weak point in the protocol. Hence, the need to protect communications, without introducing low-level alterations, while preserving the performance characteristics of the protocol. In this work, we investigate the possibility of using symmetric encryption algorithms for securing messages exchanged by CAN protocol. In particular, we evaluate the using of lightweight ciphers to secure CAN-level communication. Such ciphers represent a reliable solution on hardware-constrained devices, such as microcontrollers.

Modern cybercrimes have exponentially grown over the last one decade. Ransomware is one of the types of malware which is the result of sophisticated attempt to compromise the modern computer systems. The governments and large corporations are investing heavily to combat this cyber threat against their critical infrastructure. It has been observed that over the last few years that Industrial Control Systems (ICS) have become the main target of Ransomware due to the sensitive operations involved in the day to day processes of these industries. As the technology is evolving, more and more traditional industrial systems are replaced with advanced industry methods involving advanced technologies such as Internet of Things (IoT). These technology shift help improve business productivity and keep the company's global competitive in an overflowing competitive market. However, the systems involved need secure measures to protect integrity and availability which will help avoid any malfunctioning to their operations due to the cyber-attacks. There have been several cyber-attack incidents on healthcare, pharmaceutical, water cleaning and energy sector. These ICS' s are operated by remote control facilities and variety of other devices such as programmable logic controllers (PLC) and sensors to make a network. Cyber criminals are exploring vulnerabilities in the design of these ICS's to take the command and control of these systems and disrupt daily operations until ransomware is paid. This paper will provide critical analysis of the impact of Ransomware threat on SCADA systems.

Cyber adversaries employ a variety of malware and exploits to attack computer systems, usually via sequential or “chained” attacks, that take advantage of vulnerability dependencies. In this paper, we introduce a formalism to model such attacks. We show that the determination of the set of capabilities gained by an attacker, which also translates to extent to which the system is compromised, corresponds with the convergence of a simple fixed-point operator. We then address the problem of determining the optimal/most-dangerous strategy for a cyber-adversary with respect to this model and find it to be an NP-Complete problem. To address this complexity we utilize an A*-based approach with an admissible heuristic, that incorporates the result of the fixed-point operator and uses memoization for greater efficiency. We provide an implementation and show through a suite of experiments, using both simulated and actual vulnerability data, that this method performs well in practice for identifying adversarial courses of action in this domain. On average, we found that our techniques decrease runtime by 82%.

Mutual assured destruction is a Cold War era principle of deterrence through causing your enemy to fear that you can destroy them to at least the same extent that they can destroy you. It is based on the threat of retaliation and requires systems that can either be triggered after an enemy attack is launched and before the destructive capability is destroyed or systems that can survive an initial attack and be launched in response. During the Cold War, the weapons of mutual assured destructions were nuclear. However, with the incredible reliance on computers for everything from power generation control to banking to agriculture logistics, a cyber attack mutual assured destruction scenario is plausible. This paper presents this concept and considers the deterrent need, to prevent such a crippling attack from ever being launched, from a system of systems perspective.

Allocating several Virtual Machines (VMs) onto a single server helps to increase cloud computing resource utilization and to reduce its operating expense. However, multiplexing VMs with different security levels on a single server gives rise to major VM-to-VM cybersecurity interdependency risks. In this paper, we address the problem of the static VM allocation with cybersecurity loss awareness by modeling it as a two-player zero-sum game between an attacker and a provider. We first obtain optimal solutions by employing the mathematical programming approach. We then seek to find the optimal solutions by quickly identifying the equilibrium allocation strategies in our formulated zero-sum game. We mean by "equilibrium" that none of the provider nor the attacker has any incentive to deviate from one's chosen strategy. Specifically, we study the characteristics of the game model, based on which, to develop effective and efficient allocation algorithms. Simulation results show that our proposed cybersecurity-aware consolidation algorithms can significantly outperform the commonly used multi-dimensional bin packing approaches for large-scale cloud data centers.

Despite bringing many benefits of global network configuration and control, Software Defined Networking (SDN) also presents potential challenges for both digital forensics and cybersecurity. In fact, there are various attacks targeting a range of vulnerabilities on vital elements of this paradigm such as controller, Northbound and Southbound interfaces. In addition to solutions of security enhancement, it is important to build mechanisms for digital forensics in SDN which provide the ability to investigate and evaluate the security of the whole network system. It should provide features of identifying, collecting and analyzing log files and detailed information about network devices and their traffic. However, upon penetrating a machine or device, hackers can edit, even delete log files to remove the evidences about their presence and actions in the system. In this case, securing log files with fine-grained access control in proper storage without any modification plays a crucial role in digital forensics and cybersecurity. This work proposes a blockchain-based approach to improve the security of log management in SDN for network forensics, called SDNLog-Foren. This model is also evaluated with different experiments to prove that it can help organizations keep sensitive log data of their network system in a secure way regardless of being compromised at some different components of SDN.

Honeypots have become an important tool for capturing attacks. Hybrid honeypots, including the front end and the back end, are widely used in research because of the scalability of the front end and the high interactivity of the back end. However, traditional hybrid honeypots have some problems that the flow control is difficult and topology simulation is not realistic. This paper proposes a new architecture based on SDN applied to the hybrid honeypot system for network topology simulation and attack traffic migration. Our system uses the good expansibility and controllability of the SDN controller to simulate a large and realistic network to attract attackers and redirect high-level attacks to a high-interaction honeypot for attack capture and further analysis. It improves the deficiencies in the network spoofing technology and flow control technology in the traditional honeynet. Finally, we set up the experimental environment on the mininet and verified the mechanism. The test results show that the system is more intelligent and the traffic migration is more stealthy.

A main goal of the paper is to discuss the world telecommunications strategy in transition to the IP world. The paper discuss the shifting from circuit switching to packet switching in telecommunications and show the main obstacle is excessive software. As a case, we are passing through the three generations of American military communications: (1) implementation of signaling protocol SS7 and Advanced Intelligent Network, (2) transformation from SS7 to IP protocol and, finally, (3) the extremely ambitious cybersecurity issues. We use the newer unclassified open Defense Information Systems Agency documents, particularly: Department of Defense Information Enterprise Architecture; Unified Capabilities the Army. We discuss the newer US Government Accountability Office (2018) report on military equipment cyber vulnerabilities.

Anomaly-based Detection Systems (ADSs) attempt to learn the features of behaviors and events of a system and/or users over a period to build a profile of normal behaviors. There has been a growing interest in ADSs and typically conceived as more powerful systems One of the important factors for ADSs is an ability to distinguish between normal and abnormal behaviors in a given period. However, it is getting complicated due to the dynamic network environment that changes every minute. It is dangerous to distinguish between normal and abnormal behaviors with a fixed threshold in a dynamic environment because it cannot guarantee the threshold is always an indication of normal behaviors. In this paper, we propose an adaptive threshold for a dynamic environment with a trust management scheme for efficiently managing the profiles of normal and abnormal behaviors. Based on the assumption of the statistical analysis-based ADS that normal data instances occur in high probability regions while malicious data instances occur in low probability regions of a stochastic model, we set two adaptive thresholds for normal and abnormal behaviors. The behaviors between the two thresholds are classified as suspicious behaviors, and they are efficiently evaluated with a trust management scheme.

The popularity of Web-based computing has given increase to browser-based cyberattacks. These cyberattacks use websites that exploit various web browser vulnerabilities. To help regular users avoid exploit websites and engage in safe online activities, we propose a methodology of building a machine learning-powered predictive analytical model that will measure the risk of attacks and privacy breaches associated with visiting different websites and performing online activities using web browsers. The model will learn risk levels from historical data and metadata scraped from web browsers.

As the dynamics of cyber warfare continue to change, it is very important to be aware of the issues currently confronting cyberspace. One threat which continues to grow in the danger it poses to cyber security are botnets. Botnets can launch massive Distributed Denial of Service (DDoS) attacks against internet connected hosts anonymously, undertake intricate spam campaigns, launch mass financial fraud campaigns, and even manipulate public opinion via social media bots. The network topology and technology undergirding each botnet varies greatly, as do the motivations commonly behind such networks. Furthermore, as botnets have continued to evolve, many newer ones demonstrate increased levels of anonymity and sophistication, making it more difficult to effectively counter them. Increases in the production of vulnerable Internet of Things (IoT) devices has made it easier for malicious actors to quickly assemble sizable botnets. Because of this, the steps necessary to stop botnets also vary, and in some cases, it may be extremely difficult to effectively defeat a fully functional and sophisticated botnet. While in some cases, the infrastructure supporting the botnet can be targeted and remotely disabled, other cases require the physical assistance of law enforcement to shut down the botnet. In the latter case, it is often a significant challenge to cheaply end a botnet. On the other hand, there are many steps and mitigations that can be taken by end-users to prevent their own devices from becoming part of a botnet. Many of these solutions involve implementing basic cybersecurity practices like installing firewalls and changing default passwords. More sophisticated botnets may require similarly sophisticated intrusion detection systems, to detect and remove malicious infections. Much research has gone into such systems and in recent years many researchers have begun to implement machine learning techniques to defeat botnets. This paper is intended present a review on botnet evolution, trends and mitigations, and offer related examples and research to provide the reader with quick access to a broad understanding of the issues at hand.

There are increasing threats for cyberspace. This paper tries to identify how extreme cybersecurity incidents occur based on the scenario of a targeted attack through emails. Knowledge on how extreme cybersecurity incidents occur helps in identifying the key points on how they can be prevented from occurring. The model based on system thinking approach to the understanding how communication influences entities and how tiny initiating events scale up into extreme events provides a condensed figure of the cyberspace and surrounding threats. By taking cyberspace layers and characteristics of cyberspace identified by this model into consideration, it predicts most suitable risk mitigations.

Bitcoin is a cryptocurrency which acts as an application protocol that works on top of the IP protocol. This paper focuses on distinct Bitcoin security features, including security services, mechanisms, and algorithms. Further, we propose a well-defined security functional architecture to minimize security risks. The security features and requirements of Bitcoin have been structured in layers.

Rapid evolution of cyber threats and recent trends in the increasing number of cyber-attacks call for adopting robust and agile cybersecurity techniques. Cybersecurity information sharing is expected to play an effective role in detecting and defending against new attacks. However, reservations and or-ganizational policies centering the privacy of shared data have become major setbacks in large-scale collaboration in cyber defense. The situation is worsened by the fact that the benefits of cyber-information exchange are not realized unless many actors participate. In this paper, we argue that privacy preservation of shared threat data will motivate entities to share threat data. Accordingly, we propose a framework called CYBersecurity information EXchange with Privacy (CYBEX-P) to achieve this. CYBEX-P is a structured information sharing platform with integrating privacy-preserving mechanisms. We propose a complete system architecture for CYBEX-P that guarantees maximum security and privacy of data. CYBEX-P outlines the details of a cybersecurity information sharing platform. The adoption of blind processing, privacy preservation, and trusted computing paradigms make CYBEX-P a versatile and secure information exchange platform.

The giant network of Internet of Things establishes connections between smart devices and people, with protocols to collect and share data. While the data is expanding at a fast pace in this era of Big Data, there are growing concerns about security and privacy policies. In the current Internet of Things ecosystems, at the intersection of the Internet of Things, Big Data, and Cybersecurity lies the subject that attracts the most attention. In aiding users in getting an adequate understanding, this paper introduces HackerNets, an interactive visualization for emerging topics in the crossing of IoT, Big Data, and Cybersecurity over time. To demonstrate the effectiveness and usefulness of HackerNets, we apply and evaluate the technique on the dataset from the social media platform.

With cybersecurity situation more and more complex, data-driven security has become indispensable. Numerous cybersecurity data exists in textual sources and data analysis is difficult for both security analyst and the machine. To convert the textual information into structured data for further automatic analysis, we extract cybersecurity-related entities and propose a self-attention-based neural network model for the named entity recognition in cybersecurity. Considering the single word feature not enough for identifying the entity, we introduce CNN to extract character feature which is then concatenated into the word feature. Then we add the self-attention mechanism based on the existing BiLSTM-CRF model. Finally, we evaluate the proposed model on the labelled dataset and obtain a better performance than the previous entity extraction model.

To address cybersecurity, this author proposed recently the approach of formulating it in symmetric dual-space and dual-system. This paper further explains this concept, beginning with symmetric Maxwell Equation (ME) and Fourier Transform (FT). The approach appears to be a powerful solution, with wide applications ranging from Electronic Warfare (EW) to 5G Mobile, etc.

For complex technical objects the research of cybersecurity problems should take into account both physical and information properties of the object. The paper considers a hybrid model that unifies information and physical models and may be used as a tool for countering cyber threats and for cybersecurity risk assessment at the design and operational stage of an object's lifecycle.

Our goal is to refocus the question about cybersecurity research from 'is this process scientific' to 'why is this scientific process producing unsatisfactory results'. We focus on five common complaints that claim cybersecurity is not or cannot be scientific. Many of these complaints presume views associated with the philosophical school known as Logical Empiricism that more recent scholarship has largely modified or rejected. Modern philosophy of science, supported by mathematical modeling methods, provides constructive resources to mitigate all purported challenges to a science of security. Therefore, we argue the community currently practices a science of cybersecurity. A philosophy of science perspective suggests the following form of practice: structured observation to seek intelligible explanations of phenomena, evaluating explanations in many ways, with specialized fields (including engineering and forensics) constraining explanations within their own expertise, inter-translating where necessary. A natural question to pursue in future work is how collecting, evaluating, and analyzing evidence for such explanations is different in security than other sciences.

In this paper we present techniques based on machine learning techniques on monitoring data for analysis of cybersecurity threats in cloud environments that incorporate enterprise applications from the fields of telecommunications and IoT. Cybersecurity is a term describing techniques for protecting computers, telecommunications equipment, applications, environments and data. In modern networks enormous volume of generated traffic can be observed. We propose several techniques such as Support Vector Machines, Neural networks and Deep Neural Networks in combination for analysis of monitoring data. An approach for combining classifier results based on performance weights is proposed. The proposed approach delivers promising results comparable to existing algorithms and is suitable for enterprise grade security applications.

With the rise of the internet many new data sources have emerged that can be used to help us gain insights into the cyber threat landscape and can allow us to better prepare for cyber attacks before they happen. With this in mind, we present an end to end real time cyber situational awareness system which aims to efficiently retrieve security relevant information from the social networking site Twitter.com. This system classifies and aggregates the data retrieved and provides real time cyber situational awareness information based on sentiment analysis and data analytics techniques. This research will assist security analysts to evaluate the level of cyber risk in their organization and proactively take actions to plan and prepare for potential attacks before they happen as well as contribute to the field through a cybersecurity tweet dataset.

Capturing the patterns in adversarial movement can present crucial insight into team dynamics and organization of cybercrimes. This information can be used for additional assessment and comparison of decision making approaches during cyberattacks. In this study, we propose a data-driven analysis based on time series analysis and social networks to identify patterns and alterations in time allocated to intrusion stages and adversarial movements. The results of this analysis on two case studies of collegiate cybersecurity exercises is provided as well as an analytical comparison of their behavioral trends and characteristics. This paper presents preliminary insight into complexities of individual and group level adversarial movement and decision-making as cyberattacks unfold.