Towards secure message systems

Message systems, which transfer information from sender to recipient via communication networks, are indispensable to our modern society. The enormous user base of message systems and their critical role in information delivery make it the top priority to secure message systems. This dissertation focuses on securing the two most representative and dominant messages systems---e-mail and instant messaging (IM)---from two complementary aspects: defending against unwanted messages and ensuring reliable delivery of wanted messages.;To curtail unwanted messages and protect e-mail and instant messaging users, this dissertation proposes two mechanisms DBSpam and HoneyIM, which can effectively thwart e-mail spam laundering and foil malicious instant message spreading, respectively. DBSpam exploits the distinct characteristics of connection correlation and packet symmetry embedded in the behavior of spam laundering and utilizes a simple statistical method, Sequential Probability Ratio Test, to detect and break spam laundering activities inside a customer network in a timely manner. The experimental results demonstrate that DBSpam is effective in quickly and accurately capturing and suppressing e-mail spam laundering activities and is capable of coping with high speed network traffic. HoneyIM leverages the inherent characteristic of spreading of IM malware and applies the honey-pot technology to the detection of malicious instant messages. More specifically, HoneyIM uses decoy accounts in normal users\u27 contact lists as honey-pots to capture malicious messages sent by IM malware and suppresses the spread of malicious instant messages by performing network-wide blocking. The efficacy of HoneyIM has been validated through both simulations and real experiments.;To improve e-mail reliability, that is, prevent losses of wanted e-mail, this dissertation proposes a collaboration-based autonomous e-mail reputation system called CARE. CARE introduces inter-domain collaboration without central authority or third party and enables each e-mail service provider to independently build its reputation database, including frequently contacted and unacquainted sending domains, based on the local e-mail history and the information exchanged with other collaborating domains. The effectiveness of CARE on improving e-mail reliability has been validated through a number of experiments, including a comparison of two large e-mail log traces from two universities, a real experiment of DNS snooping on more than 36,000 domains, and extensive simulation experiments in a large-scale environment

Adversarial behaviours knowledge area

The technological advancements witnessed by our society in recent decades have brought improvements in our quality of life, but they have also created a number of opportunities for attackers to cause harm. Before the Internet revolution, most crime and malicious activity generally required a victim and a perpetrator to come into physical contact, and this limited the reach that malicious parties had. Technology has removed the need for physical contact to perform many types of crime, and now attackers can reach victims anywhere in the world, as long as they are connected to the Internet. This has revolutionised the characteristics of crime and warfare, allowing operations that would not have been possible before. In this document, we provide an overview of the malicious operations that are happening on the Internet today. We first provide a taxonomy of malicious activities based on the attacker’s motivations and capabilities, and then move on to the technological and human elements that adversaries require to run a successful operation. We then discuss a number of frameworks that have been proposed to model malicious operations. Since adversarial behaviours are not a purely technical topic, we draw from research in a number of fields (computer science, criminology, war studies). While doing this, we discuss how these frameworks can be used by researchers and practitioners to develop effective mitigations against malicious online operations.Published versio

Cybercrime Pervasiveness, Consequences, and Sustainable Counter Strategies

As our connectivity and dependency on technology increases, so does our vulnerability. Technology has provided not only new tools, but also new opportunities for criminals in the digital world. The abuse of new technologies has been threatening economic and Jinancial security and actually devastating the lives of affected indivicluals. In Nigeria, cybercrime has recorded mostly foregin-based individuals and organizations as victims thereby getting Nigeria ranked among the nations with notorious pemasiveness of high-tech crimes. Indeed, adequately formulating a strategy to contain the menace of cybercrime presents aformidable challenge to law enforcement. This paper x-rays noted instances of cybercrime pervasiveness, its devastating consequences, and up-to-date countermeasures in Nigeria It develops an enforceable/sustainable framework to determine how critical infrastructures are put at risk snd how law enforcement should react in responding to the threats

From Anonymity to Identification

This article examines whether anonymity online has a future. In the early days of the Internet, strong cryptography, anonymous remailers, and a relative lack of surveillance created an environment conducive to anonymous communication. Today, the outlook for online anonymity is poor. Several forces combine against it: ideologies that hold that anonymity is dangerous, or that identifying evil-doers is more important than ensuring a safe mechanism for unpopular speech; the profitability of identification in commerce; government surveillance; the influence of intellectual property interests and in requiring hardware and other tools that enforce identification; and the law at both national and supranational levels. As a result of these forces, online anonymity is now much more difficult than previously, and looks to become less and less possible. Nevertheless, the ability to speak truly freely remains an important \u27safety valve\u27 technology for the oppressed, for dissidents, and for whistle-blowers. The article argues that as data collection online merges with data collection offline, the ability to speak anonymously online will only become more valuable. Technical changes will be required if online anonymity is to remain possible. Whether these changes are possible depends on whether the public comes to appreciate value the option of anonymous speech while it is still possible to engineer mechanisms to permit it

An Effective SPOT System by Monitoring Outgoing Messages

ABSTRACT-Develop an effective spam zombie detection system named SPOT. In the network SPOT can be used to monitoring outgoing messages. Using internet some attacker try to spread the spams or malware in order to collect the information about the network. The detection of the compromised machines in the network that are involved in the spamming activities is known as spam zombie detection system. The detection system can be used to identify the misbehavior of the person using Spam zombie detection system. We will create a framework to identify the message from the various persons. This system will record the information of the IP address using SPOT Detection Algorithm. We also compare the performance of SPOT with two other spam zombie detection algorithms based on the count and percentage of spam messages originated or forwarded by internal machines. Using these above techniques we will avoid and block the person who sends the spam's message

Machine Generated Text: A Comprehensive Survey of Threat Models and Detection Methods

Machine generated text is increasingly difficult to distinguish from human authored text. Powerful open-source models are freely available, and user-friendly tools that democratize access to generative models are proliferating. ChatGPT, which was released shortly after the first preprint of this survey, epitomizes these trends. The great potential of state-of-the-art natural language generation (NLG) systems is tempered by the multitude of avenues for abuse. Detection of machine generated text is a key countermeasure for reducing abuse of NLG models, with significant technical challenges and numerous open problems. We provide a survey that includes both 1) an extensive analysis of threat models posed by contemporary NLG systems, and 2) the most complete review of machine generated text detection methods to date. This survey places machine generated text within its cybersecurity and social context, and provides strong guidance for future work addressing the most critical threat models, and ensuring detection systems themselves demonstrate trustworthiness through fairness, robustness, and accountability.Comment: Manuscript submitted to ACM Special Session on Trustworthy AI. 2022/11/19 - Updated reference

From Anonymity to Identification

This article examines whether anonymity online has a future. In the early days of the Internet, strong cryptography, anonymous remailers, and a relative lack of surveillance created an environment conducive to anonymous communication. Today, the outlook for online anonymity is poor. Several forces combine against it: ideologies that hold that anonymity is dangerous, or that identifying evil-doers is more important than ensuring a safe mechanism for unpopular speech; the profitability of identification in commerce; government surveillance; the influence of intellectual property interests and in requiring hardware and other tools that enforce identification; and the law at both national and supranational levels. As a result of these forces, online anonymity is now much more difficult than previously, and looks to become less and less possible. Nevertheless, the ability to speak truly freely remains an important \u27safety valve\u27 technology for the oppressed, for dissidents, and for whistle-blowers. The article argues that as data collection online merges with data collection offline, the ability to speak anonymously online will only become more valuable. Technical changes will be required if online anonymity is to remain possible. Whether these changes are possible depends on whether the public comes to appreciate value the option of anonymous speech while it is still possible to engineer mechanisms to permit it

The United States approach to the investigation and prosecution of cybercrime and cryptocurrency crime

This paper is primarily a compendium of various documents published by the United States (U.S.) Government and will provide an overview of the U.S. approach to the investigation and prosecution of cybercrime, i.e. those crimes that use or target computer networks, which we interchangeably refer to as computer crime. It should also be noted that this paper will address the approach to investigating and prosecuting cybercrime at the federal level and not the state or local level. The paper will first provide an overview of the several specialized investigation and prosecution units established within the U.S. that have been created or formed to address this issue. Next, it will provide an explanation to some of the specialized task forces and cybercrime programs established by the U.S. Government which aim to deliver training and technical assistance to foreign law enforcement, prosecutorial, and judicial partners to combat cybercrime activity. The primary U.S. cybercrime legislation will be summarized, including the laws governing the search and seizure of computers and obtaining electronic evidence in U.S. criminal investigations, the Stored Communications Act/Electronic Communications Privacy Act (SCA/ECPA), the U.S. Federal Rules of Evidence (FRE) 902 (13-14) and the Computer Fraud and Abuse Act (CFAA). Finally, the paper will cover the U.S. approach to cryptocurrency related crime and the U.S. Government’s approach to seizure and forfeiture of digital assets and sentencing