179 research outputs found
Impact and key challenges of insider threats on organizations and critical businesses
The insider threat has consistently been identified as a key threat to organizations and governments. Understanding the nature of insider threats and the related threat landscape can help in forming mitigation strategies, including non-technical means. In this paper, we survey and highlight challenges associated with the identification and detection of insider threats in both public and private sector organizations, especially those part of a nation’s critical infrastructure. We explore the utility of the cyber kill chain to understand insider threats, as well as understanding the underpinning human behavior and psychological factors. The existing defense techniques are discussed and critically analyzed, and improvements are suggested, in line with the current state-of-the-art cyber security requirements. Finally, open problems related to the insider threat are identified and future research directions are discussed
An Inventory of Existing Neuroprivacy Controls
Brain-Computer Interfaces (BCIs) facilitate communication between brains and computers. As these devices become increasingly popular outside of the medical context, research interest in brain privacy risks and countermeasures has bloomed. Several neuroprivacy threats have been identified in the literature, including brain malware, personal data being contained in collected brainwaves and the inadequacy of legal regimes with regards to neural data protection. Dozens of controls have been proposed or implemented for protecting neuroprivacy, although it has not been immediately apparent what the landscape of neuroprivacy controls consists of. This paper inventories the implemented and proposed neuroprivacy risk mitigation techniques from open source repositories, BCI providers and the academic literature. These controls are mapped to the Hoepman privacy strategies and their implementation status is described. Several research directions for ensuring the protection of neuroprivacy are identified
Turning Federated Learning Systems Into Covert Channels
Federated learning (FL) goes beyond traditional, centralized machine learning
by distributing model training among a large collection of edge clients. These
clients cooperatively train a global, e.g., cloud-hosted, model without
disclosing their local, private training data. The global model is then shared
among all the participants which use it for local predictions. In this paper,
we put forward a novel attacker model aiming at turning FL systems into covert
channels to implement a stealth communication infrastructure. The main
intuition is that, during federated training, a malicious sender can poison the
global model by submitting purposely crafted examples. Although the effect of
the model poisoning is negligible to other participants, and does not alter the
overall model performance, it can be observed by a malicious receiver and used
to transmit a single bit
Activity Pattern Discovery from Network Captures
Investigating insider threat cases is challenging because activities are conducted with legitimate access that makes distinguishing malicious activities from normal activities difficult. To assist with identifying non-normal activities, we propose using two types of pattern discovery to identify a person\u27s behavioral patterns in network data. The behavioral patterns serve to deemphasize normal behavior so that insider threat investigations can focus attention on potentially more relevant. Results from a controlled experiment demonstrate the highlighting of a suspicious event through the reduction of events belonging to discovered patterns. Abstract © 2016 IEEE
Secure Communication in wise Homes using IoT
The advancement of the Internet of Things has madeextraordinary progress in recent years in academic as well as industrial fields. There are quite a few wise home systems (WHSs) that have been developed by major companies to achieve home automation. However, the nature of wise homesinescapable raises security and privacy concerns. In this paper, we propose an improved energy-efficient, secure, and privacy-preserving com-munication protocol for the WHSs. In our proposed scheme, data transmissions within the WHS are secured by a symmetric encryption scheme with secret keys being generated by anarchicsystems. Meanwhile, we incorporate message authentication codes to our scheme to guarantee data integrity and authenticity. We also provide detailed security analysis and performance evaluation in comparison with our previous work in terms of computational complexity, memory cost, and communication overhead
A Deep-Learning Based Robust Framework Against Adversarial P.E. and Cryptojacking Malware
This graduate thesis introduces novel, deep-learning based frameworks that are resilient to adversarial P.E. and cryptojacking malware. We propose a method that uses a convolutional neural network (CNN) to classify image representations of malware, that provides robustness against numerous adversarial attacks. Our evaluation concludes that the image-based malware classifier is significantly more robust to adversarial attacks than a state-of-the-art ML-based malware classifier, and remarkably drops the evasion rate of adversarial samples to 0% in certain attacks. Further, we develop MINOS, a novel, lightweight cryptojacking detection system that accurately detects the presence of unwarranted mining activity in real-time. MINOS can detect mining activity with a low TNR and FPR, in an average of 25.9 milliseconds while using a maximum of 4% of CPU and 6.5% of RAM. Therefore, it can be concluded that the frameworks presented in this thesis attain high accuracy, are computationally inexpensive, and are resistant to adversarial perturbations
Identifying a Criminal's Network of Trust
Tracing criminal ties and mining evidence from a large network to begin a
crime case analysis has been difficult for criminal investigators due to large
numbers of nodes and their complex relationships. In this paper, trust networks
using blind carbon copy (BCC) emails were formed. We show that our new shortest
paths network search algorithm combining shortest paths and network centrality
measures can isolate and identify criminals' connections within a trust
network. A group of BCC emails out of 1,887,305 Enron email transactions were
isolated for this purpose. The algorithm uses two central nodes, most
influential and middle man, to extract a shortest paths trust network.Comment: 2014 Tenth International Conference on Signal-Image Technology &
Internet-Based Systems (Presented at Third International Workshop on Complex
Networks and their Applications,SITIS 2014, Marrakesh, Morocco, 23-27,
November 2014
- …