Paper Session 2

file

Visible to the public Automated Influence and the Challenge of Cognitive Security

Submitted by Anonymous on Fri, 03/13/2020 - 1:22pm. Contributors:
Advances in AI are powering increasingly precise and widespread computational propaganda, posing serious threats to national se-curity. The military and intelligence communities are starting to discuss ways to engage in this space, but the path forward is still unclear. These developments raise pressing ethical questions, about which existing ethics frameworks are silent.
file

Visible to the public Can We Use Software Bug Reports to Identify Vulnerability Discovery Strategies?

Submitted by akond on Fri, 03/13/2020 - 1:16pm. Contributors:
Daily horror stories related to software vulnerabilities necessitates the understanding of how vulnerabilities are discovered. Identifi-cation of data sources that can be leveraged to understand how vulnerabilities are discovered could aid cybersecurity researchers to characterize exploitation of vulnerabilities. The goal of the paper is to help cybersecurity researchers in characterizing vulnerabilities by conducting an empirical study of software bug reports.
file

Visible to the public Cyber Threat Modeling and Validation: Port Scanning and Detection

Submitted by akarns on Fri, 03/13/2020 - 1:02pm. Contributors:
Port scanning is a commonly applied technique in the discovery phase of cyber attacks. As such, defending against them has long been the subject of many research and modeling efforts. Though modeling efforts can search large parameter spaces to find effective defensive parameter settings, confidence in modeling results can be hampered by limited or omitted validation efforts. In this paper, we introduce a novel, mathematical model that describes port scanning progress by an attacker and intrusion detec-tion by a defender.
file

Visible to the public Exploring Hackers Assets: Topics of Interest as Indicators of Compromise

Submitted by alsmadi on Fri, 03/13/2020 - 12:40pm. Contributors:
The need to develop actionable intelligence that is proactive is very critical to current security controls and systems. Hackers and hacking techniques continue to grow and become more sophisticated. As such Security teams start to adopt proactive and offensive approaches within hackers’ territories. In this scope, we proposed a systematic approach to automatically extract "topics of interest, ToI" from hackers’ websites.