Spyware detection technique based on reinforcement learning

Analysis of the antivirus technologies, showed that they are not able to detect new spyware with high efficiency, which significantly reduces the reliability and efficiency of its identification. Techniques based on heuristic analysis have a high rate of false positives. The paper presents a new technique for the spyware detection method in computer systems that provides a principle of proactivity and is based on mechanisms machine learning with the reinforce-mentlearning. The suggested method of spyware detection is based on software behavior analysis in computer systems. The suggested method involves the computer systems monitoring concerning the software, operates with the behavior

A Taxonomy for Large-Scale Cyber Security Attacks

In an effort to examine the spread of large-scale cyber attacks, researchers have created various taxonomies. These taxonomies are purposefully built to facilitate the understanding and the comparison of these attacks, and hence counter their spread. Yet, existing taxonomies focus mainly on the technical aspects of the attacks, with little or no information about how to defend against them. As such, the aim of this work is to extend existing taxonomies by incorporating new features pertaining the defense strategy, scale, and others. We will compare the proposed taxonomy with existing state of the art taxonomies. We also present the analysis of 174 large cyber security attacks based on our taxonomy. Finally, we present a web tool that we developed to allow researchers to explore exiting data sets of attacks and contribute new ones. We are convinced that our work will allow researchers gain deeper insights into emerging attacks by facilitating their categorization, sharing and analysis, which results in boosting the defense efforts against cyber attack

Simulation for Cybersecurity: State of the Art and Future Directions

In this article, we provide an introduction to simulation for cybersecurity and focus on three themes: (1) an overview of the cybersecurity domain; (2) a summary of notable simulation research efforts for cybersecurity; and (3) a proposed way forward on how simulations could broaden cybersecurity efforts. The overview of cybersecurity provides readers with a foundational perspective of cybersecurity in the light of targets, threats, and preventive measures. The simulation research section details the current role that simulation plays in cybersecurity, which mainly falls on representative environment building; test, evaluate, and explore; training and exercises; risk analysis and assessment; and humans in cybersecurity research. The proposed way forward section posits that the advancement of collecting and accessing sociotechnological data to inform models, the creation of new theoretical constructs, and the integration and improvement of behavioral models are needed to advance cybersecurity efforts

Computational intelligence-enabled cybersecurity for the Internet of Things

The computational intelligence (CI) based technologies play key roles in campaigning cybersecurity challenges in complex systems such as the Internet of Things (IoT), cyber-physical-systems (CPS), etc. The current IoT is facing increasingly security issues, such as vulnerabilities of IoT systems, malware detection, data security concerns, personal and public physical safety risk, privacy issues, data storage management following the exponential growth of IoT devices. This work aims at investigating the applicability of computational intelligence techniques in cybersecurity for IoT, including CI-enabled cybersecurity and privacy solutions, cyber defense technologies, intrusion detection techniques, and data security in IoT. This paper also attempts to provide new research directions and trends for the increasingly IoT security issues using computational intelligence technologies

Intelligent Detection and Recovery from Cyberattacks for Small and Medium-Sized Enterprises

Cyberattacks threaten continuously computer security in companies. These attacks evolve everyday, being more and more sophisticated and robust. In addition, they take advantage of security breaches in organizations and companies, both public and private. Small and Medium-sized Enterprises (SME), due to their structure and economic characteristics, are particularly damaged when a cyberattack takes place. Although organizations and companies put lots of efforts in implementing security solutions, they are not always effective. This is specially relevant for SMEs, which do not have enough economic resources to introduce such solutions. Thus, there is a need of providing SMEs with affordable, intelligent security systems with the ability of detecting and recovering from the most detrimental attacks. In this paper, we propose an intelligent cybersecurity platform, which has been designed with the objective of helping SMEs to make their systems and network more secure. The aim of this platform is to provide a solution optimizing detection and recovery from attacks. To do this, we propose the application of proactive security techniques in combination with both Machine Learning (ML) and blockchain. Our proposal is enclosed in the IASEC project, which allows providing security in each of the phases of an attack. Like this, we help SMEs in prevention, avoiding systems and network from being attacked; detection, identifying when there is something potentially harmful for the systems; containment, trying to stop the effects of an attack; and response, helping to recover the systems to a normal state

Kajian Penerapan System Informasi Perbankan menggunakan Enterprise Architecture TOGAF

Dewasa ini perkembangan teknologi informasi sangat cepat, apalagi saat ini juga berada dalam era revolusi industri 4.0. Hampir semua industri termasuk industri perbankan mulai menerapkan terobosan untuk menghadapai era revolusi industri 4.0. Salah satu strategi kesiapanny dengan melakukan perubahan perencanaan teknologi informasi berbasis Enterprise Architecture. Metode yang dibahas menggunakan TOGAF (The Open Group Architecture Framework). Dimana tujuannya adalah mengembangkan arsitektur bisnis, arsitektur aplikasi, arsitektur informasi dan teknologi agar mampu beradaptasi dengan revolusi industry. Untuk melakukan implementasi dari arsitektur maka perlunya melakukan gap analisis dan strategi implementasi dari arsitektur yang sudah dilakukan. Pengembangan system aplikasi tidak perlu dilakukan secara total, tetapi ada beberapa system aplikasi yang perlu mengalami perubahan. Diharapkan dengan melakukan penerapan Enterprise Architecture mulai dari perancangan arsitektur, analisis gap sampai strategi implementasi, industri perbankan mampu menghadapi revolusi industri era 4.0

Advanced Persistent Threats in Cybersecurity – Cyber Warfare

This book aims to provide a comprehensive analysis of Advanced Persistent Threats (APTs), including their characteristics, origins, methods, consequences, and defense strategies, with a focus on detecting these threats. It explores the concept of advanced persistent threats in the context of cyber security and cyber warfare. APTs represent one of the most insidious and challenging forms of cyber threats, characterized by their sophistication, persistence, and targeted nature. The paper examines the origins, characteristics and methods used by APT actors. It also explores the complexities associated with APT detection, analyzing the evolving tactics used by threat actors and the corresponding advances in detection methodologies. It highlights the importance of a multi-faceted approach that integrates technological innovations with proactive defense strategies to effectively identify and mitigate APT

Ransomware Deployment Methods and Analysis: Views from a Predictive Model and Human Responses

Ransomware incidents have increased dramatically in the past few years. The number of ransomware variants is also increasing, which means signature and heuristic-based detection techniques are becoming harder to achieve, due to the ever changing pattern of ransomware attack vectors. Therefore, in order to combat ransomware, we need a better understanding on how ransomware is being deployed, its characteristics, as well as how potential victims may react to ransomware incidents. This paper aims to address this challenge by carrying out an investigation on 18 families of ransomware, leading to a model for categorising ransomware behavioural characteristics, which can then be used to improve detection and handling of ransomware incidents. The categorisation was done in respect to the stages of ransomware deployment methods with a predictive model we developed called Randep. The stages are fingerprint, propagate, communicate, map, encrypt, lock, delete and threaten. Analysing the samples gathered for the predictive model provided an insight into the stages and timeline of ransomware execution. Furthermore, we carried out a study on how potential victims (individuals, as well as IT support staff at universities and SMEs) detect that ransomware was being deployed on their machine, what steps they took to investigate the incident, and how they responded to the attack. Both quantitative and qualitative data were collected through questionnaires and in-depth interviews. The results shed an interesting light into the most common attack methods, the most targeted operating systems and the infection symptoms, as well as recommended defence mechanisms. This information can be used in the future to create behavioural patterns for improved ransomware detection and response