Biblio

The clear, social, and dark web have lately been identified as rich sources of valuable cyber-security information that -given the appropriate tools and methods-may be identified, crawled and subsequently leveraged to actionable cyber-threat intelligence. In this work, we focus on the information gathering task, and present a novel crawling architecture for transparently harvesting data from security websites in the clear web, security forums in the social web, and hacker forums/marketplaces in the dark web. The proposed architecture adopts a two-phase approach to data harvesting. Initially a machine learning-based crawler is used to direct the harvesting towards websites of interest, while in the second phase state-of-the-art statistical language modelling techniques are used to represent the harvested information in a latent low-dimensional feature space and rank it based on its potential relevance to the task at hand. The proposed architecture is realised using exclusively open-source tools, and a preliminary evaluation with crowdsourced results demonstrates its effectiveness.

Smart power grid is a perfect model of Cyber Physical System (CPS) which is an important component for a comfortable life. The major concern of the electrical network is safety and reliable operation. A cyber attacker in the operation of power system would create a major damage to the entire power system structure and affect the continuity of the power supply by adversely changing its parameters. A risk assessment method is presented for evaluating the cyber security assessment of power systems taking into consideration the need for protection systems. The paper considers the impact of bus and transmission line protection systems located in substations on the cyber physical performance of power systems. The proposed method is to simulate the response of power systems to sudden attacks on various power system preset value and parameters. This paper focuses on the cyber attacks which occur in a co-ordinated way so that many power system components will be in risk. The risk can be modelled as the combined probability of power system impact due to attacks and of successful interruption into the system. Stochastic Petri Nets is employed for assessing the risks. The effectiveness of the proposed cyber security risk assessment method is simulated for a IEEE39 bus system.

The article considers some aspects of modeling information security circuits for information and communication systems used in Smart City. As a basic research paradigm, the postulates of game theory and mathematical dependencies based on Markov processes were used. Thus, it is possible to sufficiently substantively describe the procedure for selecting rational variants of cyber security systems used to protect information technologies in Smart City. At the same time, using the model proposed by us, we can calculate the probability of cyber threats for the Smart City systems, as well as the cybernetic risks of diverse threats. Further, on the basis of the described indicators, rational contour options are chosen to protect the information systems used in Smart City.

Designing secure systems is a complex task, particularly for designers who are no security experts. Cyber security plays a key role in embedded systems, especially for the domain of the Internet of Things (IoT). IoT systems of this kind are becoming increasingly important in daily life as they simplify various tasks. They are usually small, either embedded into bigger systems or battery driven, and perform monitoring or one shot tasks. Thus, they are subject to manifold constraints in terms of performance, power consumption, chip area, etc. As they are continuously connected to the internet and utilize our private data to perform their tasks, they are interesting for potential attackers. Cyber security thus plays an important role for the design of an IoT system. As the usage of security measures usually increases both computation time, as well as power consumption, a conflict between these constraints must be solved. For the designers of such systems, balancing these constraints constitutes a highly complex task. In this paper we propose a novel approach for considering possible security attacks on embedded systems, simplifying the consideration of security requirements immediately at the start of the design process. We introduce a security aware design space exploration framework which based on an architectural, behavioral and security attack description, finds the optimal design for IoT systems. We also demonstrate the feasibility and the benefits of our framework based on a door access system use case.

Whenever we talk about big data, the concern is always about the security of the data. In recent days the most heard about technology is the Natural Language Processing. This new and trending technology helps in solving the ever ending security problems which are not completely solved using big data. Starting with the big data security issues, this paper deals with addressing the topics related to cyber security and information security using the Natural Language Processing technology. Including the well-known cyber-attacks such as phishing identification and spam detection, this paper also addresses issues on information assurance and security such as detection of Advanced Persistent Threat (APT) in DNS and vulnerability analysis. The goal of this paper is to provide the overview of how natural language processing can be used to address cyber security issues.

Network intrusion detection is an important component of network security. Currently, the popular detection technology used the traditional machine learning algorithms to train the intrusion samples, so as to obtain the intrusion detection model. However, these algorithms have the disadvantage of low detection rate. Deep learning is more advanced technology that automatically extracts features from samples. In view of the fact that the accuracy of intrusion detection is not high in traditional machine learning technology, this paper proposes a network intrusion detection model based on convolutional neural network algorithm. The model can automatically extract the effective features of intrusion samples, so that the intrusion samples can be accurately classified. Experimental results on KDD99 datasets show that the proposed model can greatly improve the accuracy of intrusion detection.

This paper work is focused on Performance comparison of intrusion detection system between DBN Algorithm and SPELM Algorithm. Researchers have used this new algorithm SPELM to perform experiments in the area of face recognition, pedestrian detection, and for network intrusion detection in the area of cyber security. The scholar used the proposed State Preserving Extreme Learning Machine(SPELM) algorithm as machine learning classifier and compared it's performance with Deep Belief Network (DBN) algorithm using NSL KDD dataset. The NSL- KDD dataset has four lakhs of data record; out of which 40% of data were used for training purposes and 60% data used in testing purpose while calculating the performance of both the algorithms. The experiment as performed by the scholar compared the Accuracy, Precision, recall and Computational Time of existing DBN algorithm with proposed SPELM Algorithm. The findings have show better performance of SPELM; when compared its accuracy of 93.20% as against 52.8% of DBN algorithm;69.492 Precision of SPELM as against 66.836 DBN and 90.8 seconds of Computational time taken by SPELM as against 102 seconds DBN Algorithm.

Intrusion detection system (IDS) has become an essential layer in all the latest ICT system due to an urge towards cyber safety in the day-to-day world. Reasons including uncertainty in finding the types of attacks and increased the complexity of advanced cyber attacks, IDS calls for the need of integration of Deep Neural Networks (DNNs). In this paper, DNNs have been utilized to predict the attacks on Network Intrusion Detection System (N-IDS). A DNN with 0.1 rate of learning is applied and is run for 1000 number of epochs and KDDCup-`99' dataset has been used for training and benchmarking the network. For comparison purposes, the training is done on the same dataset with several other classical machine learning algorithms and DNN of layers ranging from 1 to 5. The results were compared and concluded that a DNN of 3 layers has superior performance over all the other classical machine learning algorithms.

Network situation value is an important index to measure network security. Establishing an effective network situation prediction model can prevent the occurrence of network security incidents, and plays an important role in network security protection. Through the understanding and analysis of the network security situation, we can see that there are many factors affecting the network security situation, and the relationship between these factors is complex., it is difficult to establish more accurate mathematical expressions to describe the network situation. Therefore, this paper uses the grey neural network as the prediction model, but because the convergence speed of the grey neural network is very fast, the network is easy to fall into local optimum, and the parameters can not be further modified, so the Multi-Swarm Chaotic Particle Optimization (MSCPO)is used to optimize the key parameters of the grey neural network. By establishing the nonlinear mapping relationship between the influencing factors and the network security situation, the network situation can be predicted and protected.

The article focuses on Personal Data Cyber Security Systems. These systems are the critical components for Health Information Management Systems of Public Health enterprises. The purpose of this article is to inform and provide the reader with Personal Data Cyber Security Legislation and Regulation in Public Health Sector and enlighten him with the Information Systems that were designed and implemented for Personal Data Cyber Security in Public Health.

We developed a virtualization-based infringement incident response tool for cyber security training system using Cloud. This tool was developed by applying the concept of attack and defense which is the basic of military war game modeling and simulation. The main purpose of this software is to cultivate cyber security experts capable of coping with various situations to minimize the damage in the shortest time when an infringement incident occurred. This tool acquired the invaluable certificate from Korean government agency. This tool shall provide CBT type remote education such as scenario based infringement incident response training, hacking defense practice, and vulnerability measure practice. The tool works in Linux, Window operating system environments, and uses Korean e-government framework and secure coding to construct a situation similar to the actual information system. In the near future, Internet and devices connected to the Internet will be greatly enlarged, and cyber security threats will be diverse and widespread. It is expected that various kinds of hacking will be attempted in an advanced types using artificial intelligence technology. Therefore, we are working on applying the artificial intelligence technology to the current infringement incident response tool to cope with these evolving threats.

Industrial control systems (ICS) are becoming more integral to modern life as they are being integrated into critical infrastructure. These systems typically lack application layer encryption and the placement of common network intrusion services have large blind spots. We propose the novel architecture, Cloud Based Intrusion Detection and Prevention System (CB-IDPS), to detect and prevent threats in ICS networks by using software defined networking (SDN) to route traffic to the cloud for inspection using network function virtualization (NFV) and service function chaining. CB-IDPS uses Amazon Web Services to create a virtual private cloud for packet inspection. The CB-IDPS framework is designed with considerations to the ICS delay constraints, dynamic traffic routing, scalability, resilience, and visibility. CB-IDPS is presented in the context of a micro grid energy management system as the test case to prove that the latency of CB-IDPS is within acceptable delay thresholds. The implementation of CB-IDPS uses the OpenDaylight software for the SDN controller and commonly used network security tools such as Zeek and Snort. To our knowledge, this is the first attempt at using NFV in an ICS context for network security.

As a cyber attack which leverages social engineering and other sophisticated techniques to steal sensitive information from users, phishing attack has been a critical threat to cyber security for a long time. Although researchers have proposed lots of countermeasures, phishing criminals figure out circumventions eventually since such countermeasures require substantial manual feature engineering and can not detect newly emerging phishing attacks well enough, which makes developing an efficient and effective phishing detection method an urgent need. In this work, we propose a novel phishing website detection approach by detecting the Uniform Resource Locator (URL) of a website, which is proved to be an effective and efficient detection approach. To be specific, our novel capsule-based neural network mainly includes several parallel branches wherein one convolutional layer extracts shallow features from URLs and the subsequent two capsule layers generate accurate feature representations of URLs from the shallow features and discriminate the legitimacy of URLs. The final output of our approach is obtained by averaging the outputs of all branches. Extensive experiments on a validated dataset collected from the Internet demonstrate that our approach can achieve competitive performance against other state-of-the-art detection methods while maintaining a tolerable time overhead.

Nowadays, phishing is one of the most usual web threats with regards to the significant growth of the World Wide Web in volume over time. Phishing attackers always use new (zero-day) and sophisticated techniques to deceive online customers. Hence, it is necessary that the anti-phishing system be real-time and fast and also leverages from an intelligent phishing detection solution. Here, we develop a reliable detection system which can adaptively match the changing environment and phishing websites. Our method is an online and feature-rich machine learning technique to discriminate the phishing and legitimate websites. Since the proposed approach extracts different types of discriminative features from URLs and webpages source code, it is an entirely client-side solution and does not require any service from the third-party. The experimental results highlight the robustness and competitiveness of our anti-phishing system to distinguish the phishing and legitimate websites.

Cyber security is a vital performance metric for networks. Wiretap attacks belong to passive attacks. It commonly exists in wired or wireless networks, where an eavesdropper steals useful information by wiretapping messages being shipped on network links. It seriously damages the confidentiality of communications. This paper proposed a secure network coding system architecture against wiretap attacks. It combines and collaborates network coding with cryptography technology. Some illustrating examples are given to show how to build such a system and prove its defense is much stronger than a system with a single defender, either network coding or cryptography. Moreover, the system is characterized by flexibility, simplicity, and easy to set up. Finally, it could be used for both deterministic and random network coding system.

Threat intelligence sharing is posited as an important aid to help counter cybersecurity attacks and a number of threat intelligence sharing communities exist. There is a general consensus that many challenges remain to be overcome to achieve fully effective sharing, including concerns about privacy, negative publicity, policy/legal issues and expense of sharing, amongst others. One recent trend undertaken to address this is the use of decentralized blockchain based sharing architectures. However while these platforms can help increase sharing effectiveness they do not fully address all of the above challenges. In particular, issues around trust are not satisfactorily solved by current approaches. In this paper, we describe a novel trust enhancement framework -TITAN- for decentralized sharing based on the use of P2P reputation systems to address open trust issues. Our design uses blockchain and Trusted Execution Environment technologies to ensure security, integrity and privacy in the operation of the threat intelligence sharing reputation system.

Load balancing and IP anycast are traffic routing algorithms used to speed up delivery of the Domain Name System. In case of a DDoS attack or an overload condition, the value of these protocols is critical, as they can provide intrinsic DDoS mitigation with the failover alternatives. In this paper, we present a methodology for predicting the next DNS response in the light of a potential redirection to less busy servers, in order to mitigate the size of the attack. Our experiments were conducted using data from the Nov. 2015 attack of the Root DNS servers and Logistic Regression, k-Nearest Neighbors, Support Vector Machines and Random Forest as our primary classifiers. The models were able to successfully predict up to 83% of responses for Root Letters that operated on a small number of sites and consequently suffered the most during the attacks. On the other hand, regarding DNS requests coming from more distributed Root servers, the models demonstrated lower accuracy. Our analysis showed a correlation between the True Positive Rate metric and the number of sites, as well as a clear need for intelligent management of traffic in load balancing practices.

With the rapid deployment of Cyber-Physical Systems (CPS), security has become a more critical problem than ever before, as such devices are interconnected and have access to a broad range of critical data. A well-known attack is ReturnOriented Programming (ROP) which can diverge the control flow of a program by exploiting the buffer overflow vulnerability. To protect a program from ROP attacks, a useful method is to instrument code into the protected program to do runtime control flow checking (known as Control Flow Integrity, CFI). However, instrumented code brings extra execution time, which has to be properly handled, as most CPS systems need to behave in a real-time manner. In this paper, we present a technique to efficiently compute an execution plan, which maximizes the number of executions of instrumented code to achieve maximal defense effect, and at the same time guarantees real-time schedulability of the protected task system with a new response time analysis. Simulation-based experimental results show that the proposed method can yield good quality execution plans, but performs orders of magnitude faster than exhaustive search. We also built a prototype in which a small auto-drive car is defended against ROP attacks by the proposed method implemented in FreeRTOS. The prototype demonstrates the effectiveness of our method in real-life scenarios.

Big Data Cyber Security Analytics (BDCA) leverages big data technologies for collecting, storing, and analyzing a large volume of security events data to detect cyber-attacks. Accuracy and response time, being the most important quality concerns for BDCA, are impacted by changes in security events data. Whilst it is promising to adapt a BDCA system's architecture to the changes in security events data for optimizing accuracy and response time, it is important to consider large search space of architectural configurations. Searching a large space of configurations for potential adaptation incurs an overwhelming adaptation time, which may cancel the benefits of adaptation. We present an adaptation approach, QuickAdapt, to enable quick adaptation of a BDCA system. QuickAdapt uses descriptive statistics (e.g., mean and variance) of security events data and fuzzy rules to (re) compose a system with a set of components to ensure optimal accuracy and response time. We have evaluated QuickAdapt for a distributed BDCA system using four datasets. Our evaluation shows that on average QuickAdapt reduces adaptation time by 105× with a competitive adaptation accuracy of 70% as compared to an existing solution.

Cyber security return on investment (RoI) or return on security investment (RoSI) is extremely challenging to measure. This is partly because it is difficult to measure the actual cost of a cyber security incident or cyber security proceeds. This is further complicated by the fact that there are no consensus metrics that every organisation agrees to, and even among cyber subject matter experts, there are no set of agreed parameters or metric upon which cyber security benefits or rewards can be assessed against. One approach to demonstrating return on security investment is by producing cyber security reports of certain key performance indicators (KPI) and metrics, such as number of cyber incidents detected, number of cyber-attacks or terrorist attacks that were foiled, or ongoing monitoring capabilities. These are some of the demonstratable and empirical metrics that could be used to measure RoSI. In this abstract paper, we investigate some of the cyber KPIs and metrics to be considered for cyber dashboard and reporting for RoSI.

Measures and methods used in financial sector to quantify risk, have been recently applied to cyber world. The aim is to help organizations to improve risk management strategies and to wisely plan investments in cyber security. On the other hand, they are useful instruments for insurance companies in pricing cyber insurance contracts and setting the minimum capital requirements defined by the regulators. In this paper we propose an estimation of Value at Risk (VaR), referred to as Cyber Value at Risk in cyber security domain, and Tail Value at risk (TVaR). The data breach information we use is obtained from the “Chronology of data breaches” compiled by the Privacy Rights Clearinghouse.

Security auditing is an effective means of safety supervision and risk self-identification. It is also a hot issue in the research of major enterprises and institutions. The existing standard norms cannot effectively guide the internal audit of the enterprise intranet, “how to review” and “review” What is not easy to grasp. This paper analyzes the status quo, problems and development trends of security audit, and proposes a behavior-based security audit mode, which can effectively discover the non-compliance behavior of intranet users, and can provide reference for peers through practice.

This paper describes work in progress to analyze the cyber-physical resiliency of a microgrid when operated in islanded mode, as would be the case during an extreme event. The analysis must include each of the four components of a microgrid: sources or generation, energy storage, load, and power electronics interfaces. Two networks with disparate time constants must be accurately modeled. The electrical (and mechanical if there are generators or wind turbines) network is simulated with the power flow equations, a challenging control problem that requires accurate state estimation for its solution. In addition, there is the sensor-communication network consisting of legacy devices such as MV90 meters and SCADA hardware as well as IoT devices such as PMUs and grid management equipment.

Capturing the patterns in adversarial movement can present crucial insight into team dynamics and organization of cybercrimes. This information can be used for additional assessment and comparison of decision making approaches during cyberattacks. In this study, we propose a data-driven analysis based on time series analysis and social networks to identify patterns and alterations in time allocated to intrusion stages and adversarial movements. The results of this analysis on two case studies of collegiate cybersecurity exercises is provided as well as an analytical comparison of their behavioral trends and characteristics. This paper presents preliminary insight into complexities of individual and group level adversarial movement and decision-making as cyberattacks unfold.

This research explored how cyber security risks are managed across UK Critical National Infrastructure (CNI) sectors following implementation of the 2018 Networks and Information Security (NIS) legislation. Being in its infancy, there has been limited study into the effectiveness of this national framework for cyber risk management. The analysis of data gathered through interviews with key stakeholders against the NIS objectives indicated a collaborative implementation approach to improve cyber-risk management capabilities in CNI sectors. However, more work is required to bridge the gaps in the NIS framework to ensure holistic security across cyber spaces as well as non-cyber elements: cyber-physical security, cross-sector CNI service security measures, outcome-based regulatory assessments and risks due to connected smart technology implementations alongside legacy systems. This paper proposes ten key recommendations to counter the danger of not meeting the NIS key strategic objectives. In particular, it recommends that the approach to NIS implementation needs further alignment with its objectives, such as bringing a step-change in the cyber-security risk management capabilities of the CNI sectors.