Defensive Cyber Maneuvers to Disrupt Cyber Attackers

erimeter based defenses are limited in deterring and defeating cyberattacks. Multi-layered approaches are needed to provide robust cybersecurity and defend against Advanced Persistent Threats. Proactive defensive cyber actions can provide positional or temporal advantages over an adversary in the cognitive, technical, and physical domains. These actions comprise cyber maneuvers, which are implemented reconfigurations to a network that aim to make attackers more visible and detectable, impede attacker progress, and reduce attackers’ chances of mission success. Technical actions and response are the primary focus of most current cyber defense frameworks with little attention on adversary behavioral and cognitive effects. We describe the enhanced cyber maneuver framework which addresses cognitive and behavioral responses to cyber effects. We present experimental results that demonstrate the framework and a testing approach to collect supporting findings on the effects of cyber maneuvers

Federated and Transfer Learning: A Survey on Adversaries and Defense Mechanisms

The advent of federated learning has facilitated large-scale data exchange amongst machine learning models while maintaining privacy. Despite its brief history, federated learning is rapidly evolving to make wider use more practical. One of the most significant advancements in this domain is the incorporation of transfer learning into federated learning, which overcomes fundamental constraints of primary federated learning, particularly in terms of security. This chapter performs a comprehensive survey on the intersection of federated and transfer learning from a security point of view. The main goal of this study is to uncover potential vulnerabilities and defense mechanisms that might compromise the privacy and performance of systems that use federated and transfer learning.Comment: Accepted for publication in edited book titled "Federated and Transfer Learning", Springer, Cha

Three Decades of Deception Techniques in Active Cyber Defense -- Retrospect and Outlook

Deception techniques have been widely seen as a game changer in cyber defense. In this paper, we review representative techniques in honeypots, honeytokens, and moving target defense, spanning from the late 1980s to the year 2021. Techniques from these three domains complement with each other and may be leveraged to build a holistic deception based defense. However, to the best of our knowledge, there has not been a work that provides a systematic retrospect of these three domains all together and investigates their integrated usage for orchestrated deceptions. Our paper aims to fill this gap. By utilizing a tailored cyber kill chain model which can reflect the current threat landscape and a four-layer deception stack, a two-dimensional taxonomy is developed, based on which the deception techniques are classified. The taxonomy literally answers which phases of a cyber attack campaign the techniques can disrupt and which layers of the deception stack they belong to. Cyber defenders may use the taxonomy as a reference to design an organized and comprehensive deception plan, or to prioritize deception efforts for a budget conscious solution. We also discuss two important points for achieving active and resilient cyber defense, namely deception in depth and deception lifecycle, where several notable proposals are illustrated. Finally, some outlooks on future research directions are presented, including dynamic integration of different deception techniques, quantified deception effects and deception operation cost, hardware-supported deception techniques, as well as techniques developed based on better understanding of the human element.Comment: 19 page

Implementation of network moving target defense in embedded systems

Moving target defense provides opportunities for adaptive defense in embedded systems. A great deal of work has been done on incorporating moving target defense techniques into enterprise systems to increase the cost to attackers and level the playing field. A smaller body of work focuses on implementing these techniques in embedded systems, which can greatly benefit from adaptive self-defense techniques. This work implements a network shuffling proof of concept in the Zephyr real time operating system to tackle the challenge of incorporating shuffling techniques into embedded systems. A host-centric, high security implementation is provided which maximizes attacker uncertainty and minimizes the impact of host compromise. Identifiers are utilized at the datalink, network, and transport layers and rotated per connection using keys shared between host pairs.Existing shuffling schemes are explored, including those targeted to IoT contexts. Existing limitations in protecting embedded systems are considered along with the presented by moving target defense. The design details and implementation of incorporating a moving target defense module to in the Zephyr networking stack is provided. The protection provided by the scheme is evaluated and it is compared to existing address shuffling schemes. Future work in better handling data forwarding and collisions in the proof of concept scheme are considered. Options for adapting and building on the scheme to meet the needs of system designers are explored. This work provides system designers with insights into implementing address shuffling in embedded systems

Análise bibliométrica das publicações sobre riscos cibernéticos no setor de serviços

Objective: To explore the progress of scientific production on cyber risks that permeate the service sector, identifying relevant researchers and institutions on this theme, measuring the impact, and identifying trends, contributions, and knowledge gaps. In addition, the study seeks to use bibliometric findings to bring academic and managerial contributions to the subject. Methodology: Bibliometric study, using the method of organization and systematization of information (Chueke & Amatucci, 2015; Guedes & Borschiver, 2015), whose structure followed the premises of the laws of Bradford, Lotka, and Zipf, using the scientific databases of the WoS - Web of Science. The bibliometric study enabled the performance of exploratory and descriptive research without the temporal cut, resulting in the identification of 115 publications (December 1995 to February 2023), which allowed measuring and presenting the characteristics and profile of the publications analyzed. Originality: The study revealed a potential for exploring the theme of Cyber Risks in the Services sector, considering the scarcity of scientific production. It also enabled the identification of emerging trends and clusters in service sector activities and the creation of a conceptual model based on the findings of the analyzed publications. Main results: The analyses revealed which sectors of the service economy are most frequently approached in publications related to the theme of cyber risks. These analyses were organized into ten areas, with the following order of relevance (frequency) of publication: Computer Science, Information Systems, Engineering, Business, Finance and Management, Telecommunications, Computer Science Theory Methods, and Computer Science Artificial Intelligence. The bibliometric findings enabled the creation of the conceptual model of Cyber Risks in Services, which proposes a cyclical and continuous improvement approach to deal with vulnerabilities, cyber threats, and consequences. This includes identifying and assessing existing vulnerabilities, implementing mitigation measures, and constantly monitoring threats and their consequences. Theoretical contributions:  The conceptual model of Cyber Risks in Services can be a reference for researchers in various fields of action, considering the breadth of the services sector and the interdisciplinary nature of digital risk mitigation. Managerial contributions: Understanding of cyber risks supports the ability of the organization to respond to them, strengthening its security posture and protecting its critical assets and information from cyber threats.Objetivo: Explorar el avance de la producción científica sobre los ciberriesgos que permean el sector servicios, identificando investigadores e instituciones relevantes en la materia, así como medir el impacto e identificar tendencias, aportaciones y lagunas de conocimiento. Además, el estudio pretende utilizar los resultados bibliométricos para aportar contribuciones académicas y de gestión sobre el tema. Metodología: Estudio bibliométrico, utilizando el método de organización y sistematización de la información (Chueke & Amatucci, 2015; Guedes & Borschiver, 2015), cuya estructura siguió las premisas de las leyes de Bradford, Lotka y Zipf, utilizando las bases de datos científicas de WoS - Web of Science. El estudio bibliométrico permitió la realización de una investigación exploratoria y descriptiva sin corte temporal, resultando en la identificación de 115 publicaciones (diciembre de 1995 a febrero de 2023), lo que permitió medir y presentar las características y el perfil de las publicaciones analizadas. Originalidad: El estudio reveló un potencial para explorar el tema del Ciberriesgo en el sector Servicios, dada la escasez de producción científica. Además, permitió identificar tendencias y clusters emergentes en las actividades del sector servicios y crear un modelo conceptual a partir de las conclusiones de las publicaciones analizadas. Principales resultados: Los análisis revelaron qué sectores de la economía de servicios se abordan con mayor frecuencia en las publicaciones relacionadas con el tema de los ciberriesgos. Estos análisis se organizaron en diez áreas, con el siguiente orden de relevancia (frecuencia) de publicación: Informática, Sistemas de Información, Ingeniería, Negocios, Finanzas y Gestión, Telecomunicaciones, Métodos Teóricos de la Informática e Inteligencia Artificial de la Informática. Los resultados bibliométricos permitieron crear el modelo conceptual de Ciberriesgos en los Servicios, que propone un enfoque cíclico y de mejora continua para hacer frente a las vulnerabilidades, las ciberamenazas y sus consecuencias. Esto incluye la identificación y evaluación de las vulnerabilidades existentes, la implementación de medidas de seguridad para mitigarlas y el monitoreo constante de las amenazas y sus consecuencias. Aportes teoricos: El modelo conceptual de Riesgos Cibernéticos en los Servicios puede ser una referencia para los investigadores en diversos campos de actividad, teniendo en cuenta la amplitud del sector servicios y la naturaleza interdisciplinaria de la mitigación del riesgo digital. Aportes gerenciales: Comprensión de los riesgos cibernéticos ayuda a la organización a responder a ellos, reforzando su postura de seguridad y protegiendo sus activos e información críticos frente a las ciberamenazas.Objetivo: Explorar o avanço da produção científica sobre os riscos cibernéticos que permeiam o setor de serviços, identificando pesquisadores e instituições relevantes no tema, medindo o impacto e identificando tendências, contribuições e lacunas de conhecimento. Além disso, o estudo busca utilizar achados bibliométricos para trazer contribuições acadêmicas e gerenciais para o tema. Metodologia: Estudo bibliométrico, utilizando o método de organização e sistematização da informação (Chueke & Amatucci, 2015; Guedes & Borschiver, 2015), cuja estrutura seguiu as premissas das leis de Bradford, Lotka e Zipf, utilizando as bases de dados científicas da WoS - Web of Science. O estudo bibliométrico possibilitou a realização de pesquisa exploratória e descritiva sem recorte temporal, resultando na identificação de 115 publicações (dezembro de 1995 a fevereiro de 2023), o que permitiu mensurar e apresentar as características e o perfil das publicações analisadas. Originalidade: O estudo revelou potencial para explorar o tema Riscos Cibernéticos no setor de Serviços, considerando a escassez de produção científica. Também permitiu a identificação de tendências emergentes e clusters nas atividades do setor de serviços e a criação de um modelo conceitual com base nas conclusões das publicações analisadas. Principais resultados: As análises revelaram quais setores da economia de serviços são mais abordados em publicações relacionadas ao tema dos riscos cibernéticos. Essas análises foram organizadas em dez áreas, com a seguinte ordem de relevância (frequência) de publicação: Ciência da Computação, Sistemas de Informação, Engenharia, Negócios, Finanças e Gestão, Telecomunicações, Métodos da Teoria da Ciência da Computação e Inteligência Artificial da Ciência da Computação. Os achados bibliométricos permitiram a criação do modelo conceitual de Riscos Cibernéticos em Serviços, que propõe uma abordagem de melhoria cíclica e contínua para lidar com vulnerabilidades, ameaças cibernéticas e consequências. Isso inclui identificar e avaliar as vulnerabilidades existentes, implementar medidas de mitigação e monitorar constantemente as ameaças e suas consequências. Contribuições teóricas: O modelo conceitual de Riscos Cibernéticos em Serviços pode ser uma referência para pesquisadores em diversas áreas de atuação, considerando a amplitude do setor de serviços e a natureza interdisciplinar da mitigação de riscos digitais. Contribuições gerenciais: A compreensão dos riscos cibernéticos apóia a capacidade da organização de responder a eles, fortalecendo sua postura de segurança e protegendo seus ativos e informações críticas de ameaças cibernéticas

The Military Strategic Effects of the Russian National Segment of the Internet

The aim of this thesis is to develop a theoretical and conceptual basis for studying structural cyber asymmetry and to examine the strategic effects of the Russian national segment of the internet. This topic is important because cyberspace is one of the domains through or into which force can be directed to achieve political ends. Methodologically this thesis is a theory-driven qualitative case study based on content analysis and abduction. This thesis demonstrates that cyber power can be studied as a means to shape cyberspace. This approach offers a new perspective on studying the effects of national cyber strategies and the asymmetric power relationships between states. Freedom of action, common situation picture, command and control, and resilience are useful concepts for studying the relationship between closed and open national networks. These four concepts can be combined with the model of a national information security and defence system of systems to examine and compare the management and control of national networks in a novel way which takes into account the way the governance of the internet is currently changing. This thesis argues that the structural cyber asymmetry caused by the creation of a national segment of the internet sets significant premises and frames of reference on the states’ use of force in cyberspace. Structural cyber asymmetry also shapes the effects of the use force. The construction of a national segment of the internet can be compared to strategic level preparation of a cyber battlefield. The Russian national segment of the internet can, if successfully completed, change the global balance of power in cyberspace. However, the national segment, as currently envisioned, has serious vulnerabilities. Moreover, its construction will increase the interdependencies between domains, great power competition, risks of escalation, and the risk of preventive or even pre-emptive cyber strikes. The national segment of the internet increases the fragmentation of cyberspace and strengthens the norm of cyber sovereignty

Security Technologies and Methods for Advanced Cyber Threat Intelligence, Detection and Mitigation

The rapid growth of the Internet interconnectivity and complexity of communication systems has led us to a significant growth of cyberattacks globally often with severe and disastrous consequences. The swift development of more innovative and effective (cyber)security solutions and approaches are vital which can detect, mitigate and prevent from these serious consequences. Cybersecurity is gaining momentum and is scaling up in very many areas. This book builds on the experience of the Cyber-Trust EU project’s methods, use cases, technology development, testing and validation and extends into a broader science, lead IT industry market and applied research with practical cases. It offers new perspectives on advanced (cyber) security innovation (eco) systems covering key different perspectives. The book provides insights on new security technologies and methods for advanced cyber threat intelligence, detection and mitigation. We cover topics such as cyber-security and AI, cyber-threat intelligence, digital forensics, moving target defense, intrusion detection systems, post-quantum security, privacy and data protection, security visualization, smart contracts security, software security, blockchain, security architectures, system and data integrity, trust management systems, distributed systems security, dynamic risk management, privacy and ethics