Impact and key challenges of insider threats on organizations and critical businesses

The insider threat has consistently been identified as a key threat to organizations and governments. Understanding the nature of insider threats and the related threat landscape can help in forming mitigation strategies, including non-technical means. In this paper, we survey and highlight challenges associated with the identification and detection of insider threats in both public and private sector organizations, especially those part of a nation’s critical infrastructure. We explore the utility of the cyber kill chain to understand insider threats, as well as understanding the underpinning human behavior and psychological factors. The existing defense techniques are discussed and critically analyzed, and improvements are suggested, in line with the current state-of-the-art cyber security requirements. Finally, open problems related to the insider threat are identified and future research directions are discussed

An Inventory of Existing Neuroprivacy Controls

Brain-Computer Interfaces (BCIs) facilitate communication between brains and computers. As these devices become increasingly popular outside of the medical context, research interest in brain privacy risks and countermeasures has bloomed. Several neuroprivacy threats have been identified in the literature, including brain malware, personal data being contained in collected brainwaves and the inadequacy of legal regimes with regards to neural data protection. Dozens of controls have been proposed or implemented for protecting neuroprivacy, although it has not been immediately apparent what the landscape of neuroprivacy controls consists of. This paper inventories the implemented and proposed neuroprivacy risk mitigation techniques from open source repositories, BCI providers and the academic literature. These controls are mapped to the Hoepman privacy strategies and their implementation status is described. Several research directions for ensuring the protection of neuroprivacy are identified

Turning Federated Learning Systems Into Covert Channels

Federated learning (FL) goes beyond traditional, centralized machine learning by distributing model training among a large collection of edge clients. These clients cooperatively train a global, e.g., cloud-hosted, model without disclosing their local, private training data. The global model is then shared among all the participants which use it for local predictions. In this paper, we put forward a novel attacker model aiming at turning FL systems into covert channels to implement a stealth communication infrastructure. The main intuition is that, during federated training, a malicious sender can poison the global model by submitting purposely crafted examples. Although the effect of the model poisoning is negligible to other participants, and does not alter the overall model performance, it can be observed by a malicious receiver and used to transmit a single bit

Activity Pattern Discovery from Network Captures

Investigating insider threat cases is challenging because activities are conducted with legitimate access that makes distinguishing malicious activities from normal activities difficult. To assist with identifying non-normal activities, we propose using two types of pattern discovery to identify a person\u27s behavioral patterns in network data. The behavioral patterns serve to deemphasize normal behavior so that insider threat investigations can focus attention on potentially more relevant. Results from a controlled experiment demonstrate the highlighting of a suspicious event through the reduction of events belonging to discovered patterns. Abstract © 2016 IEEE

Secure Communication in wise Homes using IoT

The advancement of the Internet of Things has madeextraordinary progress in recent years in academic as well as industrial fields. There are quite a few wise home systems (WHSs) that have been developed by major companies to achieve home automation. However, the nature of wise homesinescapable raises security and privacy concerns. In this paper, we propose an improved energy-efficient, secure, and privacy-preserving com-munication protocol for the WHSs. In our proposed scheme, data transmissions within the WHS are secured by a symmetric encryption scheme with secret keys being generated by anarchicsystems. Meanwhile, we incorporate message authentication codes to our scheme to guarantee data integrity and authenticity. We also provide detailed security analysis and performance evaluation in comparison with our previous work in terms of computational complexity, memory cost, and communication overhead

A Deep-Learning Based Robust Framework Against Adversarial P.E. and Cryptojacking Malware

This graduate thesis introduces novel, deep-learning based frameworks that are resilient to adversarial P.E. and cryptojacking malware. We propose a method that uses a convolutional neural network (CNN) to classify image representations of malware, that provides robustness against numerous adversarial attacks. Our evaluation concludes that the image-based malware classifier is significantly more robust to adversarial attacks than a state-of-the-art ML-based malware classifier, and remarkably drops the evasion rate of adversarial samples to 0% in certain attacks. Further, we develop MINOS, a novel, lightweight cryptojacking detection system that accurately detects the presence of unwarranted mining activity in real-time. MINOS can detect mining activity with a low TNR and FPR, in an average of 25.9 milliseconds while using a maximum of 4% of CPU and 6.5% of RAM. Therefore, it can be concluded that the frameworks presented in this thesis attain high accuracy, are computationally inexpensive, and are resistant to adversarial perturbations

Identifying a Criminal's Network of Trust

Tracing criminal ties and mining evidence from a large network to begin a crime case analysis has been difficult for criminal investigators due to large numbers of nodes and their complex relationships. In this paper, trust networks using blind carbon copy (BCC) emails were formed. We show that our new shortest paths network search algorithm combining shortest paths and network centrality measures can isolate and identify criminals' connections within a trust network. A group of BCC emails out of 1,887,305 Enron email transactions were isolated for this purpose. The algorithm uses two central nodes, most influential and middle man, to extract a shortest paths trust network.Comment: 2014 Tenth International Conference on Signal-Image Technology & Internet-Based Systems (Presented at Third International Workshop on Complex Networks and their Applications,SITIS 2014, Marrakesh, Morocco, 23-27, November 2014