2,060 research outputs found

    Cyber defensive capacity and capability::A perspective from the financial sector of a small state

    Get PDF
    This thesis explores ways in which the financial sectors of small states are able todefend themselves against ever-growing cyber threats, as well as ways these states can improve their cyber defense capability in order to withstand current andfuture attacks. To date, the context of small states in general is understudied. This study presents the challenges faced by financial sectors in small states with regard to withstanding cyberattacks. This study applies a mixed method approach through the use of various surveys, brainstorming sessions with financial sector focus groups, interviews with critical infrastructure stakeholders, a literature review, a comparative analysis of secondary data and a theoretical narrative review. The findings suggest that, for the Aruban financial sector, compliance is important, as with minimal drivers, precautionary behavior is significant. Countermeasures of formal, informal, and technical controls need to be in place. This study indicates the view that defending a small state such as Aruba is challenging, yet enough economic indicators indicate it not being outside the realm of possibility. On a theoretical level, this thesis proposes a conceptual “whole-of-cyber” model inspired by military science and the VSM (Viable Systems Model). The concept of fighting power components and governance S4 function form cyber defensive capacity’s shield and capability. The “whole-of-cyber” approach may be a good way to compensate for the lack of resources of small states. Collaboration may be an only out, as the fastest-growing need will be for advanced IT skillsets

    A Dynamically Configurable Log-based Distributed Security Event Detection Methodology using Simple Event Correlator

    Get PDF
    Log event correlation is an effective means of detecting system faults and security breaches encountered in information technology environments. Centralized, database-driven log event correlation is common, but suffers from flaws such as high network bandwidth utilization, significant requirements for system resources, and difficulty in detecting certain suspicious behaviors. This research presents a distributed event correlation system which performs security event detection, and compares it with a centralized alternative. The comparison measures the value in distributed event correlation by considering network bandwidth utilization, detection capability and database query efficiency, as well as through the implementation of remote configuration scripts and correlation of multiple log sources. These capabilities produce a configuration which allows a 99% reduction of network syslog traffic in the low-accountability case, and a significant decrease in database execution time through context-addition in the high-accountability case. In addition, the system detects every implemented malicious use case, with a low false positive rate

    Emerging Risks in the Marine Transportation System (MTS), 2001- 2021

    Get PDF
    How has maritime security evolved since 2001, and what challenges exist moving forward? This report provides an overview of the current state of maritime security with an emphasis on port security. It examines new risks that have arisen over the last twenty years, the different types of security challenges these risks pose, and how practitioners can better navigate these challenges. Building on interviews with 37 individuals immersed in maritime security protocols, we identify five major challenges in the modern maritime security environment: (1) new domains for exploitation, (2) big data and information processing, (3) attribution challenges, (4) technological innovations, and (5) globalization. We explore how these challenges increase the risk of small-scale, high-probability incidents against an increasingly vulnerable Marine Transportation System (MTS). We conclude by summarizing several measures that can improve resilience-building and mitigate these risks

    Robust filtering schemes for machine learning systems to defend Adversarial Attack

    Get PDF
    Robust filtering schemes for machine learning systems to defend Adversarial Attac

    An Evasion Attack against ML-based Phishing URL Detectors

    Full text link
    Background: Over the year, Machine Learning Phishing URL classification (MLPU) systems have gained tremendous popularity to detect phishing URLs proactively. Despite this vogue, the security vulnerabilities of MLPUs remain mostly unknown. Aim: To address this concern, we conduct a study to understand the test time security vulnerabilities of the state-of-the-art MLPU systems, aiming at providing guidelines for the future development of these systems. Method: In this paper, we propose an evasion attack framework against MLPU systems. To achieve this, we first develop an algorithm to generate adversarial phishing URLs. We then reproduce 41 MLPU systems and record their baseline performance. Finally, we simulate an evasion attack to evaluate these MLPU systems against our generated adversarial URLs. Results: In comparison to previous works, our attack is: (i) effective as it evades all the models with an average success rate of 66% and 85% for famous (such as Netflix, Google) and less popular phishing targets (e.g., Wish, JBHIFI, Officeworks) respectively; (ii) realistic as it requires only 23ms to produce a new adversarial URL variant that is available for registration with a median cost of only $11.99/year. We also found that popular online services such as Google SafeBrowsing and VirusTotal are unable to detect these URLs. (iii) We find that Adversarial training (successful defence against evasion attack) does not significantly improve the robustness of these systems as it decreases the success rate of our attack by only 6% on average for all the models. (iv) Further, we identify the security vulnerabilities of the considered MLPU systems. Our findings lead to promising directions for future research. Conclusion: Our study not only illustrate vulnerabilities in MLPU systems but also highlights implications for future study towards assessing and improving these systems.Comment: Draft for ACM TOP
    corecore