An Overview on Cyber Attacks and its Types for Enhancing Data Security in Business World

For sensitive data of organizations there arises a need of ensuring privacy and protection measures in systems especially at various high-tech firms. Cyber attacks are a wide form of threat confronted on web by several users on daily basis. These attacks are fundamentally used to challenge system security of others yet there are likewise some moral programmers who get into other people frameworks' to aware them about their vulnerabilities and get paid in return for securing their systems. In any case, these assaults have caused a great deal of concern for businessmen. The research covers the major types of cyber attacks that can affect the business world in an immense manner along with an overview that how these threats work and how they can be possibly prevented from. The hacking procedures are showing signs of improvement step by step and so should our frameworks to remain safe from all sorts of latest attacks on our data in various forms

A Machine Learning-Driven Evolutionary Approach for Testing Web Application Firewalls

Web application firewalls (WAF) are an essential protection mechanism for online software systems. Because of the relentless flow of new kinds of attacks as well as their increased sophistication, WAFs have to be updated and tested regularly to prevent attackers from easily circumventing them. In this paper, we focus on testing WAFs for SQL injection attacks, but the general principles and strategy we propose can be adapted to other contexts. We present ML-Driven, an approach based on machine learning and an evolutionary algorithm to automatically detect holes in WAFs that let SQL injection attacks bypass them. Initially, ML-Driven automatically generates a diverse set of attacks and submit them to the system being protected by the target WAF. Then, ML-Driven selects attacks that exhibit patterns (substrings) associated with bypassing the WAF and evolve them to generate new successful bypassing attacks. Machine learning is used to incrementally learn attack patterns from previously generated attacks according to their testing results, i.e., if they are blocked or bypass the WAF. We implemented ML-Driven in a tool and evaluated it on ModSecurity, a widely used open-source WAF, and a proprietary WAF protecting a financial institution. Our empirical results indicate that ML-Driven is effective and efficient at generating SQL injection attacks bypassing WAFs and identifying attack patterns

Using Offline Activities to Enhance Online Cybersecurity Education

Since the beginning of the 21st century, the United States has experienced the impact of a technological revolution. One effect of this technological revolution is the creation of entirely new careers related to the field of technology, including cybersecurity. Continued growth in the cybersecurity industry means a greater number of jobs will be created, adding to the existing number of jobs that are challenging an under-educated and under-trained workforce. The goal of this thesis is to increase the effectiveness of cybersecurity education. This thesis studies whether an online course in cybersecurity can be enhanced by offline, in-person activities that mirror traditional classroom methods. To validate the research, two groups of high school students participated in an online course with only one group participating in offline activities. The results showed that the group that participated in both the online and offline portions of the course had a higher percentage of student retention, a more positive mindset towards cybersecurity, and an improved performance in the course

Anomaly detection of web-based attacks

Tese de mestrado em Segurança Informática, apresentada à Universidade de Lisboa, através da Faculdade de Ciências, 2010Para prevenir ataques com sucesso, é crucial que exista um sistema de detecção que seja preciso e completo. Os sistemas de detecção de intrusão (IDS) baseados em assinaturas são uma das abordagens mais conhecidas para o efeito, mas não são adequados para detectar ataques web ou ataques previamente desconhecidos. O objectivo deste projecto passa pelo estudo e desenho de um sistema de detecção de intrusão baseado em anomalias capaz de detectar esses tipos de ataques. Os IDS baseados em anomalias constroem um modelo de comportamento normal através de dados de treino, e em seguida utilizam-no para detectar novos ataques. Na maioria dos casos, este modelo é representativo de mais exemplos de comportamento normal do que os presentes nos dados de treino, característica esta a que chamamos generalização e que é fundamental para aumentar a precisão na detecção de anomalias. A precisão da detecção e, portanto, a utilidade destes sistemas, é consideravelmente influenciada pela fase de construção do modelo (muitas vezes chamada fase de treino), que depende da existência de um conjunto de dados sem ataques que se assemelhe ao comportamento normal da aplicação protegida. A construção de modelos correctos é particularmente importante, caso contrário, durante a fase de detecção, provavelmente serão geradas grandes quantidades de falsos positivos e falsos negativos pelo IDS. Esta dissertação detalha a nossa pesquisa acerca da utilização de métodos baseados em anomalias para detectar ataques contra servidores e aplicações web. As nossas contribuições incidem sobre três vertentes distintas: i) procedimentos avançados de treino que permitem aos sistemas de detecção baseados em anomalias um bom funcionamento, mesmo em presença de aplicações complexas e dinâmicas, ii) um sistema de detecção de intrusão que compreende diversas técnicas de detecção de anomalias capazes de reconhecer e identificar ataques contra servidores e aplicações web e iii) uma avaliação do sistema e das técnicas mais adequadas para a detecção de ataques, utilizando um elevado conjunto de dados reais de tráfego pertencentes a uma aplicação web de grandes dimensões alojada em servidores de produção num ISP Português.To successfully prevent attacks it is vital to have a complete and accurate detection system. Signature-based intrusion detection systems (IDS) are one of the most popular approaches, but they are not adequate for detection of web-based or novel attacks. The purpose of this project is to study and design an anomaly-based intrusion detection system capable of detecting those kinds of attacks. Anomaly-based IDS can create a model of normal behavior from a set of training data, and then use it to detect novel attacks. In most cases, this model represents more instances than those in the training data set, a characteristic that we designate as generalization and which is necessary for accurate anomaly detection. The accuracy of such systems, which determines their effectiveness, is considerably influenced by the model building phase (often called training), which depends on having data that is free from attacks resembling the normal operation of the protected application. Having good models is particularly important, or else significant amounts of false positives and false negatives will likely be generated by the IDS during the detection phase. This dissertation details our research on the use of anomaly-based methods to detect attacks against web servers and applications. Our contributions focus on three different strands: i) advanced training procedures that enable anomaly-based learning systems to perform well even in presence of complex and dynamic web applications; ii) a system comprising several anomaly detection techniques capable of recognizing and identifying attacks against web servers and applications and iii) an evaluation of the system and of the most suitable techniques for anomaly detection of web attacks, using a large data set of real-word traffic belonging to a web application of great dimensions hosted in production servers of a Portuguese ISP

Secure data communication over mobile devices in health networks.

The continuous developments in the field of mobile computing have made it possible to use mobile devices for healthcare applications. These devices can be used by healthcare providers to collect and share patients' medical data. However, with increasing adoption of mobile devices that carry confidential data, organizations need to secure the data from unauthorized users and mobile device theft. When unencrypted data is transmitted from one device to another it faces various security threats from malicious code, unsecure networks, unauthorized access, and data theft. The objective of this research is to develop a secure data sharing solution customized for healthcare environments, which would allow authorized users to securely access and share patients' data over mobile devices. We identify the vulnerable locations in mobile communication network that can possibly be exploited by unauthorized users or malicious code to access the confidential data, and develop an efficient security protocol that provides end to end data protection without compromising device's performance. To demonstrate the feasibility of our proposed data sharing architecture, a prototype customized for Point-of-Care-Testing (POCT) scenarios was built in collaboration with Northern Health, Prince George. Simulations were performed to analyze and validate our solution against the pre-defined requirement criteria. --P. ii.The original print copy of this thesis may be available here: http://wizard.unbc.ca/record=b178382

Ethical and Unethical Hacking

The goal of this chapter is to provide a conceptual analysis of ethical, comprising history, common usage and the attempt to provide a systematic classification that is both compatible with common usage and normatively adequate. Subsequently, the article identifies a tension between common usage and a normativelyadequate nomenclature. ‘Ethical hackers’ are often identified with hackers that abide to a code of ethics privileging business-friendly values. However, there is no guarantee that respecting such values is always compatible with the all-things-considered morally best act. It is recognised, however, that in terms of assessment, it may be quite difficult to determine who is an ethical hacker in the ‘all things considered’ sense, while society may agree more easily on the determination of who is one in the ‘business-friendly’ limited sense. The article concludes by suggesting a pragmatic best-practice approach for characterising ethical hacking, which reaches beyond business-friendly values and helps in the taking of decisions that are respectful of the hackers’ individual ethics in morally debatable, grey zones

Best Practices and Recommendations for Cybersecurity Service Providers

This chapter outlines some concrete best practices and recommendations for cybersecurity service providers, with a focus on data sharing, data protection and penetration testing. Based on a brief outline of dilemmas that cybersecurity service providers may experience in their daily operations, it discusses data handling policies and practices of cybersecurity vendors along the following five topics: customer data handling; information about breaches; threat intelligence; vulnerability-related information; and data involved when collaborating with peers, CERTs, cybersecurity research groups, etc. There is, furthermore, a discussion of specific issues of penetration testing such as customer recruitment and execution as well as the supervision and governance of penetration testing. The chapter closes with some general recommendations regarding improving the ethical decision-making procedures of private cybersecurity service providers

EFFICIENT RUNTIME SECURITY SYSTEM FOR DECENTRALISED DISTRIBUTED SYSTEMS

Distributed systems can be defined as systems that are scattered over geographical distances and provide different activities through communication, processing, data transfer and so on. Thus, increasing the cooperation, efficiency, and reliability to deal with users and data resources jointly. For this reason, distributed systems have been shown to be a promising infrastructure for most applications in the digital world. Despite their advantages, keeping these systems secure, is a complex task because of the unconventional nature of distributed systems which can produce many security problems like phishing, denial of services or eavesdropping. Therefore, adopting security and privacy policies in distributed systems will increase the trustworthiness between the users and these systems. However, adding or updating security is considered one of the most challenging concerns and this relies on various security vulnerabilities which existing in distributed systems. The most significant one is inserting or modifying a new security concern or even removing it according to the security status which may appear at runtime. Moreover, these problems will be exacerbated when the system adopts the multi-hop concept as a way to deal with transmitting and processing information. This can pose many significant security challenges especially if dealing with decentralized distributed systems and the security must be furnished as end-to-end. Unfortunately, existing solutions are insufficient to deal with these problems like CORBA which is considered a one-to-one relationship only, or DSAW which deals with end-to-end security but without taking into account the possibility of changing information sensitivity during runtime. This thesis provides a proposed mechanism for enforcing security policies and dealing with distributed systems’ security weakness in term of the software perspective. The proposed solution utilised Aspect-Oriented Programming (AOP), to address security concerns during compilation and running time. The proposed solution is based on a decentralized distributed system that adopts the multi-hop concept to deal with different requested tasks. The proposed system focused on how to achieve high accuracy, data integrity and high efficiency of the distributed system in real time. This is done through modularising the most efficient security solutions, Access Control and Cryptography, by using Aspect-Oriented Programming language. The experiments’ results show the proposed solution overcomes the shortage of the existing solutions by fully integrating with the decentralized distributed system to achieve dynamic, high cooperation, high performance and end-to-end holistic security

The Ethics of Cybersecurity

This open access book provides the first comprehensive collection of papers that provide an integrative view on cybersecurity. It discusses theories, problems and solutions on the relevant ethical issues involved. This work is sorely needed in a world where cybersecurity has become indispensable to protect trust and confidence in the digital infrastructure whilst respecting fundamental values like equality, fairness, freedom, or privacy. The book has a strong practical focus as it includes case studies outlining ethical issues in cybersecurity and presenting guidelines and other measures to tackle those issues. It is thus not only relevant for academics but also for practitioners in cybersecurity such as providers of security software, governmental CERTs or Chief Security Officers in companies