25,180 research outputs found
Herding Vulnerable Cats: A Statistical Approach to Disentangle Joint Responsibility for Web Security in Shared Hosting
Hosting providers play a key role in fighting web compromise, but their
ability to prevent abuse is constrained by the security practices of their own
customers. {\em Shared} hosting, offers a unique perspective since customers
operate under restricted privileges and providers retain more control over
configurations. We present the first empirical analysis of the distribution of
web security features and software patching practices in shared hosting
providers, the influence of providers on these security practices, and their
impact on web compromise rates. We construct provider-level features on the
global market for shared hosting -- containing 1,259 providers -- by gathering
indicators from 442,684 domains. Exploratory factor analysis of 15 indicators
identifies four main latent factors that capture security efforts: content
security, webmaster security, web infrastructure security and web application
security. We confirm, via a fixed-effect regression model, that providers exert
significant influence over the latter two factors, which are both related to
the software stack in their hosting environment. Finally, by means of GLM
regression analysis of these factors on phishing and malware abuse, we show
that the four security and software patching factors explain between 10\% and
19\% of the variance in abuse at providers, after controlling for size. For
web-application security for instance, we found that when a provider moves from
the bottom 10\% to the best-performing 10\%, it would experience 4 times fewer
phishing incidents. We show that providers have influence over patch
levels--even higher in the stack, where CMSes can run as client-side
software--and that this influence is tied to a substantial reduction in abuse
levels
ATTACK2VEC: Leveraging Temporal Word Embeddings to Understand the Evolution of Cyberattacks
Despite the fact that cyberattacks are constantly growing in complexity, the
research community still lacks effective tools to easily monitor and understand
them. In particular, there is a need for techniques that are able to not only
track how prominently certain malicious actions, such as the exploitation of
specific vulnerabilities, are exploited in the wild, but also (and more
importantly) how these malicious actions factor in as attack steps in more
complex cyberattacks. In this paper we present ATTACK2VEC, a system that uses
temporal word embeddings to model how attack steps are exploited in the wild,
and track how they evolve. We test ATTACK2VEC on a dataset of billions of
security events collected from the customers of a commercial Intrusion
Prevention System over a period of two years, and show that our approach is
effective in monitoring the emergence of new attack strategies in the wild and
in flagging which attack steps are often used together by attackers (e.g.,
vulnerabilities that are frequently exploited together). ATTACK2VEC provides a
useful tool for researchers and practitioners to better understand cyberattacks
and their evolution, and use this knowledge to improve situational awareness
and develop proactive defenses
Attack2vec: Leveraging temporal word embeddings to understand the evolution of cyberattacks
Despite the fact that cyberattacks are constantly growing in complexity, the research community still lacks effective tools to easily monitor and understand them. In particular, there is a need for techniques that are able to not only track how prominently certain malicious actions, such as the exploitation of specific vulnerabilities, are exploited in the wild, but also (and more importantly) how these malicious actions factor in as attack steps in more complex cyberattacks. In this paper we present ATTACK2VEC, a system that uses temporal word embeddings to model how attack steps are exploited in the wild, and track how they evolve. We test ATTACK2VEC on a dataset
of billions of security events collected from the customers of a commercial Intrusion Prevention System over a period of two years, and show that our approach is effective in monitoring the emergence of new attack strategies in the wild and in flagging which attack steps are often used together by attackers (e.g., vulnerabilities that are frequently exploited together). ATTACK2VEC provides a useful tool for researchers and practitioners to better
understand cyberattacks and their evolution, and use this knowledge to improve situational awareness and develop proactive defenses.Accepted manuscrip
How can Francis Bacon help forensic science? The four idols of human biases
Much debate has focused on whether forensic science is indeed a science. This paper is not aimed at answering, or even trying to contribute to, this question. Rather, in this paper I try to find ways to improve forensic science by identifying potential vulnerabilities. To this end I use Francis Bacon's doctrine of idols which distinguishes between different types of human biases that may prevent scientific and objective inquiry. Bacon’s doctrine contains four sources for such biases: Idols Tribus (of the 'tribe'), Idols Specus (of the 'den'/'cave'), Idols Fori (of the 'market'), and Idols Theatre (of the 'theatre'). While his 400 year old doctrine does not, of course, perfectly match up with our current world view, it still provides a productive framework for examining and cataloguing some of the potential weaknesses and limitations in our current approach to forensic science
DeepMasterPrints: Generating MasterPrints for Dictionary Attacks via Latent Variable Evolution
Recent research has demonstrated the vulnerability of fingerprint recognition
systems to dictionary attacks based on MasterPrints. MasterPrints are real or
synthetic fingerprints that can fortuitously match with a large number of
fingerprints thereby undermining the security afforded by fingerprint systems.
Previous work by Roy et al. generated synthetic MasterPrints at the
feature-level. In this work we generate complete image-level MasterPrints known
as DeepMasterPrints, whose attack accuracy is found to be much superior than
that of previous methods. The proposed method, referred to as Latent Variable
Evolution, is based on training a Generative Adversarial Network on a set of
real fingerprint images. Stochastic search in the form of the Covariance Matrix
Adaptation Evolution Strategy is then used to search for latent input variables
to the generator network that can maximize the number of impostor matches as
assessed by a fingerprint recognizer. Experiments convey the efficacy of the
proposed method in generating DeepMasterPrints. The underlying method is likely
to have broad applications in fingerprint security as well as fingerprint
synthesis.Comment: 8 pages; added new verification systems and diagrams. Accepted to
conference Biometrics: Theory, Applications, and Systems 201
The vulnerability of public spaces: challenges for UK hospitals under the 'new' terrorist threat
This article considers the challenges for hospitals in the United Kingdom that arise from the threats of mass-casualty terrorism. Whilst much has been written about the role of health care as a rescuer in terrorist attacks and other mass-casualty crises, little has been written about health care as a victim within a mass-emergency setting. Yet, health care is a key component of any nation's contingency planning and an erosion of its capabilities would have a significant impact on the generation of a wider crisis following a mass-casualty event. This article seeks to highlight the nature of the challenges facing elements of UK health care, with a focus on hospitals both as essential contingency responders under the United Kingdom's civil contingencies legislation and as potential victims of terrorism. It seeks to explore the potential gaps that exist between the task demands facing hospitals and the vulnerabilities that exist within them
- …