Network Security Intelligence Centres for Information Security Incident Management

Programme: 6598 - Ph.D. on the Basis of Prior Published Works in Cyber SecurityIntensive IT development has led to qualitative changes in our living, which are driving current information security (IS) trends and require sophisticated structures and adequate approached to manage IS for different businesses. The wide range of threats is constantly growing in modern intranets; they have become not only numerous and diverse but more disruptive. In such circumstances, organizations realize that IS incidents’ timely detection and prevention in the future (what is more important) are not only possible but imperative. Any delay and only reactive actions to IS incidents put their assets under risk. A properly designed IS incident management system (ISIMS), operating as an integral part of the whole organization’s governance system, reduces IS incidents’ number and limits damage caused by them. To maximally automate IS incident management (ISIM) within one organization and to deepen its knowledge of IS level, this research proposes to unite together all advantages of a Security Intelligence Centre (SIC) and a Network Operations Centre (NOC) with their unique and joint toolkits and techniques in a unified Network SIC (NSIC). For this purpose the glossary of the research area was introduced, the taxonomy of IS threats, vulnerabilities, network attacks, and incidents was determined. Further, IS monitoring as one of the ISIM processes was described, the Security Information and Event Management (SIEM) systems’ role in it and their evolution were shown. The transition from Security Operations Centres (SOCs) to SICs was followed up. At least, modern network environment’s requirements for new protection solutions were formulated and it was proven that the NSIC proposed as a combination of a SIC and a NOC fully meets them. The NSIC’s zone security infrastructure with corresponding IS controls is proposed. Its implementation description at the Moscow Engineering Physics Institute concludes the research at this stage. In addition, some proposals for the training of highly qualified personnel for NSICs were formulated. The creation of an innovative NSIC concept, its interpretation, construction and initial implementation through original research presented are its main results. They contribute substantially to the modern networks’ security, as they extend the forefront of the SOCs and SICc used nowadays and generate significant new knowledge and understanding of network security requirements and solutions

The Construction and Validation of an M-Learning Framework for Online and Blended Learning Environments

With the wide adoption of mobile technologies, new opportunities exist with regard to how these technologies can be used to support teaching and learning. However, there is limited empirical evidence on the use of mobile learning (m-learning) frameworks that support adult students in online and blended learning environments and consider ways to support administrators, faculty, and students in the adoption of mobile technologies for teaching and learning. The goal was to develop and validate an m-learning framework capturing the administrative, communication, and instructional elements that must be considered when integrating m-learning technologies to support adult community college students. Using design and development research methods, an m-learning framework was constructed and validated. Based on the literature review and the results of the data analysis, the framework was developed and included three sections: major categories; needs within categories; and attributes of the needs. Each section is composed of at least one of those major categories: section 1 composed of Access and Security; section 2 composed of Applications and Instructional Materials; and section 3 composed of Control and Monitoring Systems. Combined, all three sections account for five major categories. The final m-learning framework was design to include specific guidelines to help administrators and faculty make decisions about the adoption of m-learning technologies to support teaching and learning in online and blended learning environments

Addressing High False Positive Rates of DDoS Attack Detection Methods

Distributed denial of service (DDoS) attack detection methods based on the clustering method are ineffective in detecting attacks correctly. Service interruptions caused by DDoS attacks impose concerns for IT leaders and their organizations, leading to financial damages. Grounded in the cross industry standard process for data mining framework, the purpose of this ex post facto study was to examine whether adding the filter and wrapper methods prior to the clustering method is effective in terms of lowering false positive rates of DDoS attack detection methods. The population of this study was 225,745 network traffic data records of the CICIDS2017 network traffic dataset. The 10-fold cross validation method was applied to identify effective DDoS attack detection methods. The results of the 10-fold cross validation method showed that in some instances, addition of the filter and wrapper methods prior to the clustering method was effective in terms of lowering false positive rates of DDoS attack detection methods; in some instances, it was not. A recommendation to IT leaders is to deploy the effective DDoS attack detection method that produced the lowest false positive rate of 0.013 in detecting attacks outside of demilitarized zones to identify attacks directly from the Internet. Implications for positive social change is potentially in enabling organizations to protect their systems and provide uninterrupted services to their communities with reduced financial damages

Developing Hands-On Laboratory Works for the “Information Security Incident Management” Discipline

Part 1: Information Security Learning TechniquesInternational audienceThe paper presents our recent experience in developing the hands-on laboratory works for the “Business Continuity and Information Security Maintenance” Master’s Degree programme in the framework of the NRNU MEPhI’s “Network Security Intelligence” Educational and Research Center (NSIC). These labs are designed for the “Information Security Incident Management” discipline to provide training on information security (IS) incident practical and actionable response, in particular its investigation on the basis of computer forensic approaches and specialized tools being used for these purposes. The main areas of further improvement of these labs conclude the paper