Biblio

The process for determining how to respond to a cyberattack involves evaluating many factors, including some with competing risks. Consequentially, decision makers in the private sector and policymakers in the U.S. government (USG) need a framework in order to make effective response decisions. The authors' research identified two competing risks: 1) the risk of not responding forcefully enough to deter a suspected attacker, and 2) responding in a manner that escalates a situation with an attacker. The authors also identified three primary factors that influence these risks: attribution confidence/time, the scale of the attack, and the relationship with the suspected attacker. This paper provides a framework to help decision makers understand how these factors interact to influence the risks associated with potential response options to cyberattacks. The views expressed do not reflect the official policy or position of the National Intelligence University, the Department of Defense, the U.S. Intelligence Community, or the U.S. Government.

Least Significant Bit (LSB) as one of steganography methods that already exist today is really mainstream because easy to use, but has weakness that is too easy to decode the hidden message. It is because in LSB the message embedded evenly to all pixels of an image. This paper introduce a method of steganography that combine LSB with clustering method that is Fuzzy C-Means (FCM). It is abbreviated with LSB\_FCM, then compare the stegano result with LSB method. Each image will divided into two cluster, then the biggest cluster capacity will be choosen, finally save the cluster coordinate key as place for embedded message. The key as a reference when decode the message. Each image has their own cluster capacity key. LSB\_FCM has disadvantage that is limited place to embedded message, but it also has advantages compare with LSB that is LSB\_FCM have more difficulty level when decrypted the message than LSB method, because in LSB\_FCM the messages embedded randomly in the best cluster pixel of an image, so to decrypted people must have the cluster coordinate key of the image. Evaluation result show that the MSE and PSNR value of LSB\_FCM some similiar with the pure LSB, it means that LSB\_FCM can give imperceptible image as good as the pure LSB, but have better security from the embedding place.

The objective of the Honeypot security system is a mechanism to identify the unauthorized users and intruders in the network. The enterprise level security can be possible via high scalability. The whole theme behind this research is an Intrusion Detection System and Intrusion Prevention system factors accomplished through honeypot and honey trap methodology. Dynamic Configuration of honey pot is the milestone for this mechanism. Eight different methodologies were deployed to catch the Intruders who utilizing the unsecured network through the unused IP address. The method adapted here to identify and trap through honeypot mechanism activity. The result obtained is, intruders find difficulty in gaining information from the network, which helps a lot of the industries. Honeypot can utilize the real OS and partially through high interaction and low interaction respectively. The research work concludes the network activity and traffic can also be tracked through honeypot. This provides added security to the secured network. Detection, prevention and response are the categories available, and moreover, it detects and confuses the hackers.

Cloud is the requirement of today's competitive world that demand flexible, agile and adaptable technology to be at par with rapidly changing IT industry. Cloud offers scalable, on-demand, pay-as-you-go services to enterprise and has hence become a part of growing trend of organizations IT service model. With emerging trend of cloud the security concerns have further increased and one of the biggest concerns related to cloud is DDoS attack. DDoS attack tends to exhaust all the available resources and leads to unavailability of services in cloud to legitimate users. In this paper the concept of fog computing is used, it is nothing but an extension to cloud computing that performs analysis at the edge of the network, i.e. bring intelligence at the edge of the network for quick real time decision making and reducing the amount of data that is forwarded to cloud. We have proposed a framework in which DDoS attack traffic is generated using different tools which is made to pass through fog defender to cloud. Furthermore, rules are applied on fog defender to detect and filter DDoS attack traffic targeted to cloud.

A mobile ad hoc network is a type of ad hoc network in which node changes it locations and configures them. It uses wireless medium to communicate with other networks. It also does not possess centralized authority and each node has the ability to perform some tasks. Nodes in this type of network has a routing table depending on which it finds the optimal way to send packets in forward direction but link failure should be updated in node table to encompass that. In civilian environment like meeting rooms, cab networking etc, in military search and rescue operations it has huge application.

A Mobile Ad-hoc Network (MANET) is infrastructure-less network where nodes can move arbitrary in any place without the help of any fixed infrastructure. Due to the vague limit, no centralized administrator, dynamic topology and wireless connections it is powerless against various types of assaults. MANET has more threat contrast to any other conventional networks. AODV (Ad-hoc On-demand Distance Vector) is most utilized well-known routing protocol in MANET. AODV protocol is scared by "Black Hole" attack. A black hole attack is a serious assault that can be effortlessly employed towards AODV protocol. A black hole node that incorrectly replies for each path requests while not having active path to targeted destination and drops all the packets that received from other node. If these malicious nodes cooperate with every other as a set then the harm will be very extreme. In this paper, present review on various existing techniques for detection and mitigation of black hole attacks.

Bitcoin, one major virtual currency, attracts users' attention by its novel mode in recent years. With blockchain as its basic technique, Bitcoin possesses strong security features which anonymizes user's identity to protect their private information. However, some criminals utilize Bitcoin to do several illegal activities bringing in great security threat to the society. Therefore, it is necessary to get knowledge of the current trend of Bitcoin and make effort to de-anonymize. In this paper, we put forward and realize a system to analyze Bitcoin from two aspects: blockchain data and network traffic data. We resolve the blockchain data to analyze Bitcoin from the point of Bitcoin address while simulate Bitcoin P2P protocol to evaluate Bitcoin from the point of IP address. At last, with our system, we finish analyzing its current trends and tracing its transactions by putting some statistics on Bitcoin transactions and addresses, tracing the transaction flow and de-anonymizing some Bitcoin addresses to IPs.

While the growth of cloud-based technologies has benefited the society tremendously, it has also increased the surface area for cyber attacks. Given that cloud services are prevalent today, it is critical to devise systems that detect intrusions. One form of security breach in the cloud is when cyber-criminals compromise Virtual Machines (VMs) of unwitting users and, then, utilize user resources to run time-consuming, malicious, or illegal applications for their own benefit. This work proposes a method to detect unusual resource usage trends and alert the user and the administrator in real time. We experiment with three categories of methods: simple statistical techniques, unsupervised classification, and regression. So far, our approach successfully detects anomalous resource usage when experimenting with typical trends synthesized from published real-world web server logs and cluster traces. We observe the best results with unsupervised classification, which gives an average F1-score of 0.83 for web server logs and 0.95 for the cluster traces.

Utility networks are part of every nation's critical infrastructure, and their protection is now seen as a high priority objective. In this paper, we propose a threat awareness architecture for critical infrastructures, which we believe will raise security awareness and increase resilience in utility networks. We first describe an investigation of trends and threats that may impose security risks in utility networks. This was performed on the basis of a viewpoint approach that is capable of identifying technical and non-technical issues (e.g., behaviour of humans). The result of our analysis indicated that utility networks are affected strongly by technological trends, but that humans comprise an important threat to them. This provided evidence and confirmed that the protection of utility networks is a multi-variable problem, and thus, requires the examination of information stemming from various viewpoints of a network. In order to accomplish our objective, we propose a systematic threat awareness architecture in the context of a resilience strategy, which ultimately aims at providing and maintaining an acceptable level of security and safety in critical infrastructures. As a proof of concept, we demonstrate partially via a case study the application of the proposed threat awareness architecture, where we examine the potential impact of attacks in the context of social engineering in a European utility company.

In a world where highly skilled actors involved in cyber-attacks are constantly increasing and where the associated underground market continues to expand, organizations should adapt their defence strategy and improve consequently their security incident management. In this paper, we give an overview of Advanced Persistent Threats (APT) attacks life cycle as defined by security experts. We introduce our own compiled life cycle model guided by attackers objectives instead of their actions. Challenges and opportunities related to the specific camouflage actions performed at the end of each APT phase of the model are highlighted. We also give an overview of new APT protection technologies and discuss their effectiveness at each one of life cycle phases.

Cybercrimes today are focused over returns, especially in the form of monetary returns. In this paper - through a literature study and conducting interviews for the people victimized by ransomware and a survey with random set of victimized and non-victimized by ransomware - conclusions about the dependence of ransomware on demographics like age and education areshown. Increasing threats due to ease of transfer of ransomware through internet arealso discussed. Finally, low level awarenessamong company professionals is confirmed and reluctance to payment on being a victim is found as a common trait.

In last twenty years, use of internet applications, web hacking activities have exaggerated speedily. Organizations facing very significant challenges in securing their web applications from rising cyber threats, as compromise with the protection issues don't seem to be reasonable. Vulnerability Assessment and Penetration Testing (VAPT) techniques help them to go looking out security loopholes. These security loopholes could also be utilized by attackers to launch attacks on technical assets. Thus it is necessary ascertain these vulnerabilities and install security patches. VAPT helps organization to determine whether their security arrangements are working properly. This paper aims to elucidate overview and various techniques used in vulnerability assessment and penetration testing (VAPT). Also focuses on making cyber security awareness and its importance at various level of an organization for adoption of required up to date security measures by the organization to stay protected from various cyber-attacks.

Keeping up with rapid advances in research in various fields of Engineering and Technology is a challenging task. Decision makers including academics, program managers, venture capital investors, industry leaders and funding agencies not only need to be abreast of latest developments but also be able to assess the effect of growth in certain areas on their core business. Though analyst agencies like Gartner, McKinsey etc. Provide such reports for some areas, thought leaders of all organisations still need to amass data from heterogeneous collections like research publications, analyst reports, patent applications, competitor information etc. To help them finalize their own strategies. Text mining and data analytics researchers have been looking at integrating statistics, text analytics and information visualization to aid the process of retrieval and analytics. In this paper, we present our work on automated topical analysis and insight generation from large heterogeneous text collections of publications and patents. While most of the earlier work in this area provides search-based platforms, ours is an integrated platform for search and analysis. We have presented several methods and techniques that help in analysis and better comprehension of search results. We have also presented methods for generating insights about emerging and popular trends in research along with contextual differences between academic research and patenting profiles. We also present novel techniques to present topic evolution that helps users understand how a particular area has evolved over time.