7,185 research outputs found
Predicting Network Attacks Using Ontology-Driven Inference
Graph knowledge models and ontologies are very powerful modeling and re
asoning tools. We propose an effective approach to model network attacks and
attack prediction which plays important roles in security management. The goals
of this study are: First we model network attacks, their prerequisites and
consequences using knowledge representation methods in order to provide
description logic reasoning and inference over attack domain concepts. And
secondly, we propose an ontology-based system which predicts potential attacks
using inference and observing information which provided by sensory inputs. We
generate our ontology and evaluate corresponding methods using CAPEC, CWE, and
CVE hierarchical datasets. Results from experiments show significant capability
improvements comparing to traditional hierarchical and relational models.
Proposed method also reduces false alarms and improves intrusion detection
effectiveness.Comment: 9 page
A multi-dimension taxonomy of insider threats in cloud computing
Security is considered a significant deficiency in cloud computing, and insider threats problem exacerbate security concerns in the cloud. In addition to that, cloud computing is very complex by itself, because it encompasses numerous technologies and concepts. Apparently, overcoming these challenges requires substantial efforts from information security researchers to develop powerful mitigation solutions for this emerging problem. This entails developing a taxonomy of insider threats in cloud environments encompassing all potential abnormal activities in the cloud, and can be useful for conducting security assessment. This paper describes the first phase of an ongoing research to develop a framework for mitigating insider threats in cloud computing environments. Primarily, it presents a multidimensional taxonomy of insider threats in cloud computing, and demonstrates its viability. The taxonomy provides a fundamental understanding for this complicated problem by identifying five dimensions, it also supports security engineers in identifying hidden paths, thus determining proper countermeasures, and presents a guidance covers all bounders of insiders threats issue in clouds, hence it facilitates researchersā endeavours in tackling this problem. For instance, according to the hierarchical taxonomy, clearly many significant issues exist in public cloud, while conventional insider mitigation solutions can be used in private clouds. Finally, the taxonomy assists in identifying future research directions in this emerging area
Cybersecurity of Industrial Cyber-Physical Systems: A Review
Industrial cyber-physical systems (ICPSs) manage critical infrastructures by
controlling the processes based on the "physics" data gathered by edge sensor
networks. Recent innovations in ubiquitous computing and communication
technologies have prompted the rapid integration of highly interconnected
systems to ICPSs. Hence, the "security by obscurity" principle provided by
air-gapping is no longer followed. As the interconnectivity in ICPSs increases,
so does the attack surface. Industrial vulnerability assessment reports have
shown that a variety of new vulnerabilities have occurred due to this
transition while the most common ones are related to weak boundary protection.
Although there are existing surveys in this context, very little is mentioned
regarding these reports. This paper bridges this gap by defining and reviewing
ICPSs from a cybersecurity perspective. In particular, multi-dimensional
adaptive attack taxonomy is presented and utilized for evaluating real-life
ICPS cyber incidents. We also identify the general shortcomings and highlight
the points that cause a gap in existing literature while defining future
research directions.Comment: 32 pages, 10 figure
Cyber Threat Intelligence Model: An Evaluation of Taxonomies, Sharing Standards, and Ontologies within Cyber Threat Intelligence
Cyber threat intelligence is the provision of evidence-based knowledge about
existing or emerging threats. Benefits of threat intelligence include increased
situational awareness and efficiency in security operations and improved
prevention, detection, and response capabilities. To process, analyze, and
correlate vast amounts of threat information and derive highly contextual
intelligence that can be shared and consumed in meaningful times requires
utilizing machine-understandable knowledge representation formats that embed
the industry-required expressivity and are unambiguous. To a large extend, this
is achieved by technologies like ontologies, interoperability schemas, and
taxonomies. This research evaluates existing cyber-threat-intelligence-relevant
ontologies, sharing standards, and taxonomies for the purpose of measuring
their high-level conceptual expressivity with regards to the who, what, why,
where, when, and how elements of an adversarial attack in addition to courses
of action and technical indicators. The results confirmed that little emphasis
has been given to developing a comprehensive cyber threat intelligence ontology
with existing efforts not being thoroughly designed, non-interoperable and
ambiguous, and lacking semantic reasoning capability
A cyberciege traffic analysis extension for teaching network security
CyberCIEGE is an interactive game simulating realistic scenarios that teaches the players Information Assurance (IA) concepts. The existing game scenarios only provide a high-level abstraction of the networked environment, e.g., nodes do not have Internet protocol (IP) addresses or belong to proper subnets, and there is no packet-level network simulation. This research explored endowing the game with network level traffic analysis, and implementing a game scenario to take advantage of this new capability. Traffic analysis is presented to players in a format similar to existing tools such that learned skills may be easily transferred to future real-world situations. A network traffic analysis tool simulation within CyberCIEGE was developed and this new tool provides the player with traffic analysis capability. Using existing taxonomies of cyber-attacks, the research identified a subset of network-based attacks most amenable to modeling and representation within CyberCIEGE. From the attacks identified, a complementary CyberCIEGE scenario was developed to provide the player with new educational opportunities for network analysis and threat identification. From the attack scenario, players also learn about the effects of these cyber-attacks and glean a more informed understanding of appropriate mitigation measures.http://archive.org/details/acyberciegetraff109451057
A new Systemic Taxonomy of Cyber Criminal activity
Cybercrime commonly refers to a broad range of different criminal activities that involve computers and information systems, either as primary tools or as primary targets. Cybercrime Science combines the methodology of Crime Science with the technology of Information Security. The few existing taxonomies of Cybercrime provide only general insights into the benefits of information structures; they are neither complete nor elaborated in a systemic manner to provide a proper framework guided by real system-principles. The main problem with such taxonomies is the inability to dynamically upgrade, which is why there is no timely cybersecurity actions. The current and past approaches were based mainly on the technical nature of cyberattacks and such approaches classified the impact of the activities from a criminological perspective. In this article, we present a systemic taxonomy of Cybercrime, based on definitions of the field items and the related data specifications. We develop a new method for estimating the fractal dimension of networks to explore a new taxonomy of Cybercrime activity. This method can serve to dynamically upgrade taxonomy and thus accelerate the prevention of cybercrime
VISTA:an inclusive insider threat taxonomy, with mitigation strategies
Insiders have the potential to do a great deal of damage, given their legitimate access to organisational assets and the trust they enjoy. Organisations can only mitigate insider threats if they understand what the different kinds of insider threats are, and what tailored measures can be used to mitigate the threat posed by each of them. Here, we derive VISTA (inclusiVe InSider Threat tAxonomy) based on an extensive literature review and a survey with C-suite executives to ensure that the VISTA taxonomy is not only scientifically grounded, but also meets the needs of organisations and their executives. To this end, we map each VISTA category of insider threat to tailored mitigations that can be deployed to reduce the threat
- ā¦