4,125 research outputs found
Classifying Web Exploits with Topic Modeling
This short empirical paper investigates how well topic modeling and database
meta-data characteristics can classify web and other proof-of-concept (PoC)
exploits for publicly disclosed software vulnerabilities. By using a dataset
comprised of over 36 thousand PoC exploits, near a 0.9 accuracy rate is
obtained in the empirical experiment. Text mining and topic modeling are a
significant boost factor behind this classification performance. In addition to
these empirical results, the paper contributes to the research tradition of
enhancing software vulnerability information with text mining, providing also a
few scholarly observations about the potential for semi-automatic
classification of exploits in the existing tracking infrastructures.Comment: Proceedings of the 2017 28th International Workshop on Database and
Expert Systems Applications (DEXA).
http://ieeexplore.ieee.org/abstract/document/8049693
A risk index model for security incident prioritisation
With thousands of incidents identified by security appliances every day, the process of distinguishing which incidents are important and which are trivial is complicated. This paper proposes an incident prioritisation model, the Risk Index Model (RIM), which is based on risk assessment and the Analytic Hierarchy Process (AHP). The model uses indicators, such as criticality, maintainability, replaceability, and dependability as decision factors to calculate incidents’ risk index. The RIM was validated using the MIT DARPA LLDOS 1.0 dataset, and the results were compared against the combined priorities of the Common Vulnerability Scoring System (CVSS) v2 and Snort Priority. The experimental results have shown that 100% of incidents could be rated with RIM, compared to only 17.23% with CVSS. In addition, this study also improves the limitation of group priority in the Snort Priority (e.g. high, medium and low priority) by quantitatively ranking, sorting and listing incidents according to their risk index. The proposed study has also investigated the effect of applying weighted indicators at the calculation of the risk index, as well as the effect of calculating them dynamically. The experiments have shown significant changes in the resultant risk index as well as some of the top priority rankings
How will the Internet of Things enable Augmented Personalized Health?
Internet-of-Things (IoT) is profoundly redefining the way we create, consume,
and share information. Health aficionados and citizens are increasingly using
IoT technologies to track their sleep, food intake, activity, vital body
signals, and other physiological observations. This is complemented by IoT
systems that continuously collect health-related data from the environment and
inside the living quarters. Together, these have created an opportunity for a
new generation of healthcare solutions. However, interpreting data to
understand an individual's health is challenging. It is usually necessary to
look at that individual's clinical record and behavioral information, as well
as social and environmental information affecting that individual. Interpreting
how well a patient is doing also requires looking at his adherence to
respective health objectives, application of relevant clinical knowledge and
the desired outcomes.
We resort to the vision of Augmented Personalized Healthcare (APH) to exploit
the extensive variety of relevant data and medical knowledge using Artificial
Intelligence (AI) techniques to extend and enhance human health to presents
various stages of augmented health management strategies: self-monitoring,
self-appraisal, self-management, intervention, and disease progress tracking
and prediction. kHealth technology, a specific incarnation of APH, and its
application to Asthma and other diseases are used to provide illustrations and
discuss alternatives for technology-assisted health management. Several
prominent efforts involving IoT and patient-generated health data (PGHD) with
respect converting multimodal data into actionable information (big data to
smart data) are also identified. Roles of three components in an evidence-based
semantic perception approach- Contextualization, Abstraction, and
Personalization are discussed
OS diversity for intrusion tolerance: Myth or reality?
One of the key benefits of using intrusion-tolerant systems is the possibility of ensuring correct behavior in the presence of attacks and intrusions. These security gains are directly dependent on the components exhibiting failure diversity. To what extent failure diversity is observed in practical deployment depends on how diverse are the components that constitute the system. In this paper we present a study with operating systems (OS) vulnerability data from the NIST National Vulnerability Database. We have analyzed the vulnerabilities of 11 different OSes over a period of roughly 15 years, to check how many of these vulnerabilities occur in more than one OS. We found this number to be low for several combinations of OSes. Hence, our analysis provides a strong indication that building a system with diverse OSes may be a useful technique to improve its intrusion tolerance capabilities
Design of risk assessment methodology for IT/OT systems : Employment of online security catalogues in the risk assessment process
The revolution brought about with the transition from Industry 1.0 to 4.0 has expanded the cyber threats from Information Technology (IT) to Operational Technology (OT) systems. However, unlike IT systems, identifying the relevant threats in OT is more complex as penetration testing applications highly restrict OT availability. The complexity is enhanced by the significant amount of information available in online security catalogues, like Common Weakness Enumeration, Common Vulnerabilities and Exposures and Common Attack Pattern Enumeration and Classification, and the incomplete organisation of their relationships. These issues hinder the identification of relevant threats during risk assessment of OT systems. In this thesis, a methodology is proposed to reduce the aforementioned complexities and improve relationships among online security catalogues to identify the cybersecurity risk of IT/OT systems. The weaknesses, vulnerabilities and attack patterns stored in the online catalogues are extracted and categorised by mapping their potential mitigations to their security requirements, which are introduced on security standards that the system should comply with, like the ISA/IEC 62443. The system's assets are connected to the potential threats through the security requirements, which, combined with the relationships established among the catalogues, offer the basis for graphical representation of the results by employing tree-shaped graphical models. The methodology is tested on the components of an Information and Communication Technology system, whose results verify the simplification of the threat identification process but highlight the need for an in-depth understanding of the system. Hence, the methodology offers a significant basis on which further work can be applied to standardise the risk assessment process of IT/OT systems
Recommended from our members
Analysis of operating system diversity for intrusion tolerance
One of the key benefits of using intrusion-tolerant systems is the possibility of ensuring correct behavior in the presence of attacks and intrusions. These security gains are directly dependent on the components exhibiting failure diversity. To what extent failure diversity is observed in practical deployment depends on how diverse are the components that constitute the system. In this paper, we present a study with operating system's (OS's) vulnerability data from the NIST National Vulnerability Database (NVD). We have analyzed the vulnerabilities of 11 different OSs over a period of 18 years, to check how many of these vulnerabilities occur in more than one OS. We found this number to be low for several combinations of OSs. Hence, although there are a few caveats on the use of NVD data to support definitive conclusions, our analysis shows that by selecting appropriate OSs, one can preclude (or reduce substantially) common vulnerabilities from occurring in the replicas of the intrusion-tolerant system
Architecture-based Qualitative Risk Analysis for Availability of IT Infrastructures
An IT risk assessment must deliver the best possible quality of results in a time-effective way. Organisations are used to customise the general-purpose standard risk assessment methods in a way that can satisfy their requirements. In this paper we present the QualTD Model and method, which is meant to be employed together with standard risk assessment methods for the qualitative assessment of availability risks of IT architectures, or parts of them. The QualTD Model is based on our previous quantitative model, but geared to industrial practice since it does not require quantitative data which is often too costly to acquire. We validate the model and method in a real-world case by performing a risk assessment on the authentication and authorisation system of a large multinational company and by evaluating the results w.r.t. the goals of the stakeholders of the system. We also perform a review of the most popular standard risk assessment methods and an analysis of which one can be actually integrated with our QualTD Model
A Comprehensive Framework for the Security Risk Management of Cyber-Physical Systems
Cyber Physical Systems are facing huge and diverse set of security risks, especially cyber-attacks that can cause disruption to physical services or create a national disaster. Information and communication technology (ICT) has made a remarkable impact on the society. A Cyber Physical System (CPS) relies basically on information and communication technology, which puts the system\u2019s assets under certain risks especially cyber ones, and hence they must be kept under control by means of security countermeasures that generate confidence in the use of these assets. And so there is a critical need to give a great attention on the cybersecurity of these systems, which consequently leads to the safety of the physical world. This goal is achieved by adopting a solution that applies processes, plans and actions to prevent or reduce the effects of threats. Traditional IT risk assessment methods can do the job, however, and because of the characteristics of a CPS, it is more efficient to adopt a solution that is wider than a method, and addresses the type, functionalities and complexity of a CPS. This chapter proposes a framework that breaks the restriction to a traditional risk assessment method and encompasses wider set of procedures to achieve a high level strategy that could be adopted in the risk management process, in particular the cybersecurity of cyber-physical systems
- …