Network Security Intelligence Centres for Information Security Incident Management

Programme: 6598 - Ph.D. on the Basis of Prior Published Works in Cyber SecurityIntensive IT development has led to qualitative changes in our living, which are driving current information security (IS) trends and require sophisticated structures and adequate approached to manage IS for different businesses. The wide range of threats is constantly growing in modern intranets; they have become not only numerous and diverse but more disruptive. In such circumstances, organizations realize that IS incidents’ timely detection and prevention in the future (what is more important) are not only possible but imperative. Any delay and only reactive actions to IS incidents put their assets under risk. A properly designed IS incident management system (ISIMS), operating as an integral part of the whole organization’s governance system, reduces IS incidents’ number and limits damage caused by them. To maximally automate IS incident management (ISIM) within one organization and to deepen its knowledge of IS level, this research proposes to unite together all advantages of a Security Intelligence Centre (SIC) and a Network Operations Centre (NOC) with their unique and joint toolkits and techniques in a unified Network SIC (NSIC). For this purpose the glossary of the research area was introduced, the taxonomy of IS threats, vulnerabilities, network attacks, and incidents was determined. Further, IS monitoring as one of the ISIM processes was described, the Security Information and Event Management (SIEM) systems’ role in it and their evolution were shown. The transition from Security Operations Centres (SOCs) to SICs was followed up. At least, modern network environment’s requirements for new protection solutions were formulated and it was proven that the NSIC proposed as a combination of a SIC and a NOC fully meets them. The NSIC’s zone security infrastructure with corresponding IS controls is proposed. Its implementation description at the Moscow Engineering Physics Institute concludes the research at this stage. In addition, some proposals for the training of highly qualified personnel for NSICs were formulated. The creation of an innovative NSIC concept, its interpretation, construction and initial implementation through original research presented are its main results. They contribute substantially to the modern networks’ security, as they extend the forefront of the SOCs and SICc used nowadays and generate significant new knowledge and understanding of network security requirements and solutions

The structure and content of the convention on combating cybercrime

Consolidation of international efforts plays a crucial role in combating cybercrime the same way as in counteracting to terrorism, drug trafficking and other offenses of cross-border nature. The results of a critical analysis of the structure and content of the major provisions of the Budapest European Convention of 23 November 2001 (ETS No. 185) are presented.  The paper provides a comparative analysis of the Convention and the Russian legislation from the point of view of organizational and legal regulation of fight against computer crime. The accent is made on terminological aspects of criminal and criminal procedure law in the field of computer information. Particular attention is drawn to the critical consideration of issues of international cooperation in the light of new challenges and threats of an increasingly confrontational inter-state relations. The conclusion substantiates the need for the adoption of the relevant United Nations Convention with proposals on the content of its main statements

Applications of ontology in the Internet of Things: a systematic analysis

Ontology has been increasingly implemented to facilitate the Internet of Things (IoT) activities, such as tracking and information discovery, storage, information exchange, and object addressing. However, a complete understanding of using ontology in the IoT mechanism remains lacking. The main goal of this research is to recognize the use of ontology in the IoT process and investigate the services of ontology in IoT activities. A systematic literature review (SLR) is conducted using predefined protocols to analyze the literature about the usage of ontologies in IoT. The following conclusions are obtained from the SLR. (1) Primary studies (i.e., selected 115 articles) have addressed the need to use ontologies in IoT for industries and the academe, especially to minimize interoperability and integration of IoT devices. (2) About 31.30% of extant literature discussed ontology development concerning the IoT interoperability issue, while IoT privacy and integration issues are partially discussed in the literature. (3) IoT styles of modeling ontologies are diverse, whereas 35.65% of total studies adopted the OWL style. (4) The 32 articles (i.e., 27.83% of the total studies) reused IoT ontologies to handle diverse IoT methodologies. (5) A total of 45 IoT ontologies are well acknowledged, but the IoT community has widely utilized none. An in-depth analysis of different IoT ontologies suggests that the existing ontologies are beneficial in designing new IoT ontology or achieving three main requirements of the IoT field: interoperability, integration, and privacy. This SLR is finalized by identifying numerous validity threats and future directions

Supersensors: Raspberry Pi Devices for Smart Campus Infrastructure

We describe an approach for developing a campus-wide sensor network using commodity single board computers. We sketch various use cases for environmental sensor data, for different university stakeholders. Our key premise is that supersensors -- sensors with significant compute capability -- enable more flexible data collection, processing and reaction. In this paper, we describe the initial prototype deployment of our supersensor system in a single department at the University of Glasgow

Security governance as a service on the cloud

Small companies need help to detect and to respond to increasing security related threats. This paper presents a cloud service that automates processes that make checks for such threats, implement mitigating procedures, and generally instructs client companies on the steps to take. For instance, a process that automates the search for leaked credentials on the Dark Web will, in the event of a leak, trigger processes that instruct the client on how to change passwords and perhaps a micro-learning process on credential management. The security governance service runs on the cloud as it needs to be managed by a security expert and because it should run on an infrastructure separated from clients. It also runs as a cloud service for economy of scale: the processes it runs can service many clients simultaneously, since many threats are common to all. We also examine how the service may be used to prove to independent auditors (e.g., cyber-insurance agents) that a company is taking the necessary steps to implement its security obligations

Multilayer virtualized systems analysis with kernel tracing

This paper studies interactions between virtual machines and their host through the sharing of resources like physical CPUs. We present an analysis based on kernel tracing that erases the bounds between virtual machines and their host to reduce the multilayer system into a single layer. For this analysis we developed a view that displays a time line for each host's CPU, showing across time which process is running, even if it is from a virtual machine. By using a system of filters, we added the possibility to highlight in this view either traced machines, virtual CPUs or specific processes. This last feature grants the possibility to precisely see on the host where and when a virtual machine's thread is running

End-to-end security in embedded system for modern mobile communication technologies

Modern mobile electronic devices such as smartphones or cell phones can now be used for distant devices such as technical systems to monitor and control. While surveillance systems do not require high standards navigating about the time of transfer of the displayed data. More real-time data are needed for a remote mobile robot transfer. Therefore, it has investigated and measured not only the possibilities of employing mobile devices. But also, the supported data transmission channels, such as UMTS, GSM, Wireless LAN, and Bluetooth. The remotecontrol system is used in many applications such as smart homes, cities, smart hospitals, etc., but it must be today updated to ensure fast-changing technology. Extensive coverage, remote control, and reliable operation in realtime in the deployment of wireless security knowledge. The home automation control system delivers significant features together with a user-friendly interface. A secure remote-based end-to-end security system NTMobile, a technique that enables NAT to provide transverse and encrypted communication from end to end. This confirmed that evaluating the performance of the system in the ECHONET lite compatible smartphone ecosystem. This gives flexibility in configuring time-sensitive industrial networks and enables them to be secured. A safe and reliable remote-control system is also conceivable under the privacy of the user

Load Balancing and Virtual Machine Allocation in Cloud-based Data Centers

As cloud services see an exponential increase in consumers, the demand for faster processing of data and a reliable delivery of services becomes a pressing concern. This puts a lot of pressure on the cloud-based data centers, where the consumers’ data is stored, processed and serviced. The rising demand for high quality services and the constrained environment, make load balancing within the cloud data centers a vital concern. This project aims to achieve load balancing within the data centers by means of implementing a Virtual Machine allocation policy, based on consensus algorithm technique. The cloud-based data center system, consisting of Virtual Machines has been simulated on CloudSim – a Java based cloud simulator

How Secure Having IoT Devices in Our Homes?

Nowadays, technology has evolved to be in our daily lives to assist in making our lives easier. We now have technology helping us in our lives at home. Devices used to create our “smart home” have done a great deal in making our lives at home less burdensome, but sadly, these devices have secured our personal lives to be more accessible to outsiders. In this paper, the security of home smart devices and their communication will be researched by using other academic articles to support facts found. The operation of the devices will be discussed along with security risks and future trends on security attacks. The results found will be crucial to knowing exactly how well our own home is protected. After understanding where the risks lie and a demonstration of how hackers can take control of our smart home, solutions will be given to shield ourselves from security attacks. We protect our homes from physical threats by locking doors, but it is time we guard ourselves from cyber threats as well

Optimising Fault Tolerance in Real-time Cloud Computing IaaS Environment

YesFault tolerance is the ability of a system to respond swiftly to an unexpected failure. Failures in a cloud computing environment are normal rather than exceptional, but fault detection and system recovery in a real time cloud system is a crucial issue. To deal with this problem and to minimize the risk of failure, an optimal fault tolerance mechanism was introduced where fault tolerance was achieved using the combination of the Cloud Master, Compute nodes, Cloud load balancer, Selection mechanism and Cloud Fault handler. In this paper, we proposed an optimized fault tolerance approach where a model is designed to tolerate faults based on the reliability of each compute node (virtual machine) and can be replaced if the performance is not optimal. Preliminary test of our algorithm indicates that the rate of increase in pass rate exceeds the decrease in failure rate and it also considers forward and backward recovery using diverse software tools. Our results obtained are demonstrated through experimental validation thereby laying a foundation for a fully fault tolerant IaaS Cloud environment, which suggests a good performance of our model compared to current existing approaches.Petroleum Technology Development Fund (PTDF