Security Evaluation of Support Vector Machines in Adversarial Environments

Support Vector Machines (SVMs) are among the most popular classification techniques adopted in security applications like malware detection, intrusion detection, and spam filtering. However, if SVMs are to be incorporated in real-world security systems, they must be able to cope with attack patterns that can either mislead the learning algorithm (poisoning), evade detection (evasion), or gain information about their internal parameters (privacy breaches). The main contributions of this chapter are twofold. First, we introduce a formal general framework for the empirical evaluation of the security of machine-learning systems. Second, according to our framework, we demonstrate the feasibility of evasion, poisoning and privacy attacks against SVMs in real-world security problems. For each attack technique, we evaluate its impact and discuss whether (and how) it can be countered through an adversary-aware design of SVMs. Our experiments are easily reproducible thanks to open-source code that we have made available, together with all the employed datasets, on a public repository.Comment: 47 pages, 9 figures; chapter accepted into book 'Support Vector Machine Applications

Countermeasures for Social Engineering-based Malware Installation Attacks

Social engineering exploits vulnerabilities at different layers (i.e. technical, social layer) in an organizational defense structure. It is therefore important to understand how to defend against these attacks using a holistic defense approach including multiple countermeasures. The literature suggests a plethora of countermeasures, little research has however been done to assess their effectiveness in managing social engineering threats. In this paper we attempt to obtain a deeper understanding of how to defend against a type of social engineering attack that attempts to install malware on computers through e-mail or portable media. We explore commonly proposed countermeasures needed to prevent this type of attack, and if any dependencies between them exist. Through a combined method approach of surveying the literature and conducting semi-structured interviews with domain experts we identified a set of countermeasures that provide empirical input for future studies but could potentially also give organizations guidance on how to manage social engineering-based malware installation attacks

System Analysis of SPAM

Increasing reliance on the electronic mail (e-mail) has attracted spammers to send more and more spam e-mails in order to maximizing their financial gains. These unwanted e-mails are not only clogging the Internet traffic but are also causing storage problems at the receiving servers. Besides these, spam e-mails also serve as a vehicle to a variety of online crimes and abuses. Although several anti-spam procedures are currently employed to distinguish spam e-mails from the legitimate e-mails yet spammers and phishes obfuscate their e-mail content to circumvent anti-spam procedures. Efficiency of anti-spam procedures to combat spam entry into the system greatly depend on their level of operation and a clear insight of various possible modes of spamming. In this paper we investigate directed graph model of Internet e-mail infrastructure and spamming modes used by spammers to inject spam into the system. The paper outlines the routes, system components, devices and protocols exploited by each spamming mode

Improving Organizational Information Security Strategy via Meso-Level Application of Situational Crime Prevention to the Risk Management Process

Existing approaches to formulating IS security strategy rely primarily on the risk management process and the application of baseline security standards (e.g., ISO 27002, previously ISO 17799). The use of existing approaches generally leads to measures that emphasize target hardening and incident detection. While such measures are appropriate and necessary, they do not capitalize on other measures, including those that surface when situational crime prevention (SCP) is applied to specific crimes. In particular, existing approaches do not typically surface measures designed to reduce criminal perceptions of the net benefits of the crime, or justification and provocation to commit the crime. However, the methods prescribed to-date for implementing SCP are cumbersome, requiring micro-level, individual analysis of crimes. In the current article, we propose that concepts derived from SCP can be strategically applied at an intermediate (meso) level of aggregation. We show that such meso-level application of SCP, when combined with the traditional risk management process, can reduce residual information security risk by identifying new strategies for combating computer crime. Using three illustrative cases, we demonstrate that the application of the proposed strategic approach does surface meaningful countermeasures not identified by the traditional risk management process alone

Not all who are bots are evil: A cross-platform analysis of automated agent governance

The growth of online platforms is accompanied by the increasing use of automated agents. Despite being discussed primarily in the context of opinion manipulation, agents play diverse roles within platform ecosystems that raises the need for governance approaches that go beyond policing agents’ unwanted behaviour. To provide a more nuanced assessment of agent governance, we introduce an analytical framework that distinguishes between different aspects and forms of governance. We then apply it to explore how agents are governed across nine platforms. Our observations show that despite acknowledging diverse roles of agents, platforms tend to focus on governing selected forms of their misuse. We also observe differences in governance approaches used by platforms, in particular when it comes to the agent rights/obligations and transparency of policing mechanisms. These observations highlight the necessity of advancing the algorithmic governance research agenda and developing a generalizable normative framework for agent governance

Not all who are bots are evil: A cross-platform analysis of automated agent governance

The growth of online platforms is accompanied by the increasing use of automated agents. Despite being discussed primarily in the context of opinion manipulation, agents play diverse roles within platform ecosystems that raises the need for governance approaches that go beyond policing agents’ unwanted behaviour. To provide a more nuanced assessment of agent governance, we introduce an analytical framework that distinguishes between different aspects and forms of governance. We then apply it to explore how agents are governed across nine platforms. Our observations show that despite acknowledging diverse roles of agents, platforms tend to focus on governing selected forms of their misuse. We also observe differences in governance approaches used by platforms, in particular when it comes to the agent rights/obligations and transparency of policing mechanisms. These observations highlight the necessity of advancing the algorithmic governance research agenda and developing a generalizable normative framework for agent governance

The Insider Threat

The Insider threat is defined similarly by experts in the information technology world for businesses, but addressing the threat has not been of great focus for most organizations. Technology and the Internet have grown exponentially over the past decade leading to changes in how business is conducted. Some basic business practices remain the same; protect the organization and its customers from breach of privacy. How data is gathered, stored, and retrieved has changed. Protecting the perimeter is still important, but these changes in technology now open the doors to a new threat; one that is known but not commonly protected against; the insider. Whether intentionally, or accidentally, the insider threat needs to be incorporated into the currently used security architectures and best practices. How should an organization include the insider threat to the current architecture is the question. Changes need to be made by organizations to the current security architecture. Currently, using technology is not enough, but is still necessary. In order to make it better, considering the employee as a whole and the daily activities necessary to complete a job, as well as working with other business units as a whole needs to be included in the architecture. Behavioral traits can be considered but there are issues in privacy that also need to be considered. Monitoring can be done, but that should not be the only thing considered. Employees lack knowledge as to why actions can have a negative effect on an organization and the way to address this is education. Educating end users is necessary and should be performed regularly to keep not just the technologically inclined up to date. Without education, the current technology used will continue to keep out the intruders, but will not be effective enough to protect against intentional and accidental misuse of the organization and its networks

Research Report ‘E-mail Records Management in 21st Century New Zealand Government’

Our research has focused on the following research questions: 1. How do individual employees across the New Zealand government identify and manage e-mail records of significant value and importance to their government agency? 2. To what extent are personal electronic record management practices of individual employees in line with legal requirements set out by the New Zealand Public Records Act (2005)? 3. What specifications for effective electronic record management across the New Zealand government can be identified? What recommendations to New Zealand government agencies can be made in this respect