Comprehensive Security Framework for Global Threats Analysis

Cyber criminality activities are changing and becoming more and more professional. With the growth of financial flows through the Internet and the Information System (IS), new kinds of thread arise involving complex scenarios spread within multiple IS components. The IS information modeling and Behavioral Analysis are becoming new solutions to normalize the IS information and counter these new threads. This paper presents a framework which details the principal and necessary steps for monitoring an IS. We present the architecture of the framework, i.e. an ontology of activities carried out within an IS to model security information and User Behavioral analysis. The results of the performed experiments on real data show that the modeling is effective to reduce the amount of events by 91%. The User Behavioral Analysis on uniform modeled data is also effective, detecting more than 80% of legitimate actions of attack scenarios

Adding Contextual Information to Intrusion Detection Systems Using Fuzzy Cognitive Maps

The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.In the last few years there has been considerable increase in the efficiency of Intrusion Detection Systems (IDSs). However, networks are still the victim of attacks. As the complexity of these attacks keeps increasing, new and more robust detection mechanisms need to be developed. The next generation of IDSs should be designed incorporating reasoning engines supported by contextual information about the network, cognitive information and situational awareness to improve their detection results. In this paper, we propose the use of a Fuzzy Cognitive Map (FCM) in conjunction with an IDS to incorporate contextual information into the detection process. We have evaluated the use of FCMs to adjust the Basic Probability Assignment (BPA) values defined prior to the data fusion process, which is crucial for the IDS that we have developed. The experimental results that we present verify that FCMs can improve the efficiency of our IDS by reducing the number of false alarms, while not affecting the number of correct detections

Adding X-security to Carrel: security for agent-based healthcare applications

The high growth of Multi-Agent Systems (MAS) in Open Networks with initiatives such as Agentcities1 requires development in many different areas such as scalable and secure agent platforms, location services, directory services, and systems management. In our case we have focused our effort on security for agent systems. The driving force of this paper is provide a practical vision of how security mechanisms could be introduced for multi-agent applications. Our case study for this experiment is Carrel [9]: an Agent-based application in the Organ and Tissue transplant domain. The selection of this application is due to its characteristics as a real scenario and use of high-risk data for example, a study of the 21 most visited health-related web sites on the Internet discovered that personal information provided at many of the sites was being inadvertently leaked for unauthorized persons. These factors indicate to us that Carrel would be a suitable environment in order to test existing security safeguards. Furthermore, we believe that the experience gathered will be useful for other MAS. In order to achieve our purpose we describe the design, architecture and implementation of security elements on MAS for the Carrel System.Postprint (published version

Mining Threat Intelligence about Open-Source Projects and Libraries from Code Repository Issues and Bug Reports

Open-Source Projects and Libraries are being used in software development while also bearing multiple security vulnerabilities. This use of third party ecosystem creates a new kind of attack surface for a product in development. An intelligent attacker can attack a product by exploiting one of the vulnerabilities present in linked projects and libraries. In this paper, we mine threat intelligence about open source projects and libraries from bugs and issues reported on public code repositories. We also track library and project dependencies for installed software on a client machine. We represent and store this threat intelligence, along with the software dependencies in a security knowledge graph. Security analysts and developers can then query and receive alerts from the knowledge graph if any threat intelligence is found about linked libraries and projects, utilized in their products

Ensuring Cyber-Security in Smart Railway Surveillance with SHIELD

Modern railways feature increasingly complex embedded computing systems for surveillance, that are moving towards fully wireless smart-sensors. Those systems are aimed at monitoring system status from a physical-security viewpoint, in order to detect intrusions and other environmental anomalies. However, the same systems used for physical-security surveillance are vulnerable to cyber-security threats, since they feature distributed hardware and software architectures often interconnected by ‘open networks’, like wireless channels and the Internet. In this paper, we show how the integrated approach to Security, Privacy and Dependability (SPD) in embedded systems provided by the SHIELD framework (developed within the EU funded pSHIELD and nSHIELD research projects) can be applied to railway surveillance systems in order to measure and improve their SPD level. SHIELD implements a layered architecture (node, network, middleware and overlay) and orchestrates SPD mechanisms based on ontology models, appropriate metrics and composability. The results of prototypical application to a real-world demonstrator show the effectiveness of SHIELD and justify its practical applicability in industrial settings

Semantics for incident identification and resolution reports

In order to achieve a safe and systematic treatment of security protocols, organizations release a number of technical briefings describing how to detect and manage security incidents. A critical issue is that this document set may suffer from semantic deficiencies, mainly due to ambiguity or different granularity levels of description and analysis. An approach to face this problem is the use of semantic methodologies in order to provide better Knowledge Externalization from incident protocols management. In this article, we propose a method based on semantic techniques for both, analyzing and specifying (meta)security requirements on protocols used for solving security incidents. This would allow specialist getting better documentation on their intangible knowledge about them.Ministerio de Economía y Competitividad TIN2013-41086-

Using Domain Knowledge to Facilitate Cyber Security Analysis

Network attack classification is an essential component in intrusion detection in that it can improve the performance of intrusion detection system. Several machine-learning methods have been applied in correlating attacks. There is one inherent limitation with these approaches that they strongly rely on datasets, and consequently their models for attack classification can hardly generalize beyond the training data. To address the above limitation, we propose to utilize domain knowledge in form of taxonomy and ontology to improve attack correlation in cyber security. In addition, we expect that the attack correlation results of machine-learning techniques can be used to refine the original attack taxonomy. The proposed methods are evaluated with several experiments. The findings of the experiments suggest that domain knowledge and machine-learning technique should be used together on attack classification tasks