32,833 research outputs found
TRIDEnT: Building Decentralized Incentives for Collaborative Security
Sophisticated mass attacks, especially when exploiting zero-day
vulnerabilities, have the potential to cause destructive damage to
organizations and critical infrastructure. To timely detect and contain such
attacks, collaboration among the defenders is critical. By correlating
real-time detection information (alerts) from multiple sources (collaborative
intrusion detection), defenders can detect attacks and take the appropriate
defensive measures in time. However, although the technical tools to facilitate
collaboration exist, real-world adoption of such collaborative security
mechanisms is still underwhelming. This is largely due to a lack of trust and
participation incentives for companies and organizations. This paper proposes
TRIDEnT, a novel collaborative platform that aims to enable and incentivize
parties to exchange network alert data, thus increasing their overall detection
capabilities. TRIDEnT allows parties that may be in a competitive relationship,
to selectively advertise, sell and acquire security alerts in the form of
(near) real-time peer-to-peer streams. To validate the basic principles behind
TRIDEnT, we present an intuitive game-theoretic model of alert sharing, that is
of independent interest, and show that collaboration is bound to take place
infinitely often. Furthermore, to demonstrate the feasibility of our approach,
we instantiate our design in a decentralized manner using Ethereum smart
contracts and provide a fully functional prototype.Comment: 28 page
D2Gen: A Decentralized Device Genome Based Integrity Verification Mechanism for Collaborative Intrusion Detection Systems
Collaborative Intrusion Detection Systems are considered an effective defense mechanism for large, intricate, and multilayered Industrial Internet of Things against many cyberattacks. However, while a Collaborative Intrusion Detection System successfully detects and prevents various attacks, it is possible that an inside attacker performs a malicious act and compromises an Intrusion Detection System node. A compromised node can inflict considerable damage on the whole collaborative network. For instance, when a malicious node gives a false alert of an attack, the other nodes will unnecessarily increase their security and close all of their services, thus, degrading the system’s performance. On the contrary, if the spurious node approves malicious traffic into the system, the other nodes would also be compromised. Therefore, to detect a compromised node in the network, this article introduces a device integrity check mechanism based on “Digital Genome.” In medical science, a genome refers to a set that contains all of the information needed to build and maintain an organism. Based on the same concept, the digital genome is computed over a device’s vital hardware, software, and other components. Hence, if an attacker makes any change in a node’s hardware and software components, the digital genome will change, and the compromised node will be easily detected. It is envisaged that the proposed integrity attestation protocol can be used in diverse Internet of Things and other information technology applications to ensure the legitimate operation of end devices. This study also proffers a comprehensive security and performance analysis of the proposed framework
Implementation and Development of Vehicle Tracking and Immobilization Technologies
Since the mid-1980s, limited use has been made of vehicle tracking using satellite communications to mitigate the security and safety risks created by the highway transportation of certain types of hazardous materials. However, vehicle-tracking technology applied to safety and security is increasingly being researched and piloted, and it has been the subject of several government reports and legislative mandates.
At the same time, the motor carrier industry has been investing in and implementing vehicle tracking, for a number of reasons, particularly the increase in efficiency achieved through better management of both personnel (drivers) and assets (trucks or, as they are known, tractors; cargo loads; and trailers).
While vehicle tracking and immobilization technologies can play a significant role in preventing truck-borne hazardous materials from being used as weapons against key targets, they are not a & ”silver bullet.” However, the experience of DTTS and the FMCSA and TSA pilot projects indicates that when these technologies are combined with other security measures, and when the information they provide is used in conjunction with information supplied outside of the tracking system, they can provide defensive value to any effort to protect assets from attacks using hazmat as a weapon.
This report is a sister publication to MTI Report 09-03, Potential Terrorist Uses of Highway-Borne Hazardous Materials. That publication was created in response to the Department of Homeland Security´s request that the Mineta Transportation Institute´s National Transportation Security Center of Excellence provide research and insights regarding the security risks created by the highway transportation of hazardous materials
Comprehensive Security Framework for Global Threats Analysis
Cyber criminality activities are changing and becoming more and more professional. With the growth of financial flows through the Internet and the Information System (IS), new kinds of thread arise involving complex scenarios spread within multiple IS components. The IS information modeling and Behavioral Analysis are becoming new solutions to normalize the IS information and counter these new threads. This paper presents a framework which details the principal and necessary steps for monitoring an IS. We present the architecture of the framework, i.e. an ontology of activities carried out within an IS to model security information and User Behavioral analysis. The results of the performed experiments on real data show that the modeling is effective to reduce the amount of events by 91%. The User Behavioral Analysis on uniform modeled data is also effective, detecting more than 80% of legitimate actions of attack scenarios
- …