Moving Targets: Addressing Concept Drift in Supervised Models for Hacker Communication Detection

Abstract—In this paper, we are investigating the presence of concept drift in machine learning models for detection of hacker communications posted in social media and hacker forums. The supervised models in this experiment are analysed in terms of performance over time by different sources of data (Surface web and Deep web). Additionally, to simulate real-world situations, these models are evaluated using time-stamped messages from our datasets, posted over time on social media platforms. We have found that models applied to hacker forums (deep web) presents an accuracy deterioration in less than a 1-year period, whereas models applied to Twitter (surface web) have not shown a decrease in accuracy for the same period of time. The problem is alleviated by retraining the model with new instances (and applying weights) in order to reduce the effects of concept drift. While our results indicated that performance degradation due to concept drift is avoided by 50% relabelling, which is challenging in real-world scenarios, our work paves the way to more targeted concept drift solutions to reduce the re-training tasks. Index Terms—Cyber Security, Machine Learning, Concept Drift, Hacker Communication, Software Vulnerabilitie

Unsupervised Threat Hunting using Continuous Bag of Terms and Time (CBoTT)

Threat hunting is sifting through system logs to detect malicious activities that might have bypassed existing security measures. It can be performed in several ways, one of which is based on detecting anomalies. We propose an unsupervised framework, called continuous bag-of-terms-and-time (CBoTT), and publish its application programming interface (API) to help researchers and cybersecurity analysts perform anomaly-based threat hunting among SIEM logs geared toward process auditing on endpoint devices. Analyses show that our framework consistently outperforms benchmark approaches. When logs are sorted by likelihood of being an anomaly (from most likely to least), our approach identifies anomalies at higher percentiles (between 1.82-6.46) while benchmark approaches identify the same anomalies at lower percentiles (between 3.25-80.92). This framework can be used by other researchers to conduct benchmark analyses and cybersecurity analysts to find anomalies in SIEM logs

DIGITALIZATION AND INNOVATION IN NIGERIAN FIRMS

This study examined the determinants of digitalization and its impact on innovation in Nigeria. The study applied the logit regression and propensity score matching (PSM) on data sourced from the World Bank 2014/2015 enterprise survey. The result from the logit regression shows that size of the firm, educational qualification of the top manager of the firm, business age, employment growth and sector of operation are the major significant determinants of the extent to which firms digitalized in Nigeria. On the other hand, the result from the propensity score matching shows that digitization is positive and significant in explaining the level of firms' innovation in Nigeria. This means that an increased level of ICT will synonymously increase the level of firms' ability to innovate. Based on the results, the study concludes by recommending that managers of various firms should employ a tactical approach to improve on the rate of digitization and innovation to achieve the desired level of productivit

Detection of Software Vulnerability Communication in Expert Social Media Channels: A Data-driven Approach

Conceptually, a vulnerability is: A flaw or weakness in a system’s design, implementation,or operation and management that could be exploited to violate the system’s security policy .Some of these flaws can go undetected and exploited for long periods of time after soft-ware release. Although some software providers are making efforts to avoid this situ-ation, inevitability, users are still exposed to vulnerabilities that allow criminal hackersto take advantage. These vulnerabilities are constantly discussed in specialised forumson social media. Therefore, from a cyber security standpoint, the information found inthese places can be used for countermeasures actions against malicious exploitation ofsoftware. However, manual inspection of the vast quantity of shared content in socialmedia is impractical. For this reason, in this thesis, we analyse the real applicability ofsupervised classification models to automatically detect software vulnerability com-munication in expert social media channels. We cover the following three principal aspects: Firstly, we investigate the applicability of classification models in a range of 5 differ-ent datasets collected from 3 Internet Domains: Dark Web, Deep Web and SurfaceWeb. Since supervised models require labelled data, we have provided a systematiclabelling process using multiple annotators to guarantee accurate labels to carry outexperiments. Using these datasets, we have investigated the classification models withdifferent combinations of learning-based algorithms and traditional features represen-tation. Also, by oversampling the positive instances, we have achieved an increaseof 5% in Positive Recall (on average) in these models. On top of that, we have appiiplied Feature Reduction, Feature Extraction and Feature Selection techniques, whichprovided a reduction on the dimensionality of these models without damaging the accuracy, thus, providing computationally efficient models. Furthermore, in addition to traditional features representation, we have investigated the performance of robust language models, such as Word Embedding (WEMB) andSentence Embedding (SEMB) on the accuracy of classification models. RegardingWEMB, our experiment has shown that this model trained with a small security-vocabulary dataset provides comparable results with WEMB trained in a very large general-vocabulary dataset. Regarding SEMB model, our experiment has shown thatits use overcomes WEMB model in detecting vulnerability communication, recording 8% of Avg. Class Accuracy and 74% of Positive Recall. In addition, we investigate twoDeep Learning algorithms as classifiers, text CNN (Convolutional Neural Network)and RNN (Recurrent Neural Network)-based algorithms, which have improved ourmodel, resulting in the best overall performance for our task

Towards better management of organizational cybersecurity

Cybersecurity poses a serious risk to organizations. To manage and improve organizational cybersecurity, one needs to have a technical comprehension of security threats along with an economic understanding of strategies employed by cyber attackers and defenders. In this dissertation, we take both empirical and theoretical approaches to deepen our understanding on the strategies of cybersecurity in three related chapters. First, we conduct an empirical analysis on publicly observed security incidents and developed an organizational security rating system. The rating is composed of botnet, spam, and phishing data from four data sources. By conducting a large-scale field experiment using the rating system, we find a causal relationship between security awareness and protection level. Second, we develop a game-theoretical model that characterizes a real-time dynamic interaction between an unidentified attacker and a defender in Internet Service Provider (ISP) level. Specifically, we propose a Bayesian Nash game in a network security setting. In this game, a deceptive attacker tries to maximize its profit, and the defender tries to detect the attacker’s identity. Our equilibrium suggests that the strategic defense of ISP is necessary for the viability of an Internet-based society. Third, we develop a data-driven prediction model for security event detection. We construct a large composite dataset of externally observable organizational security posture and historical cyber incidents. In addition, we use LDA topic modeling on disclosed annual risk reports from organizations (Form 10-K Item 1A) to extract topic features. By leveraging these data, our model effectively predicts future security incidents.Computer Science

Sistema de gerenciamento autonômico de consumo de água para casas inteligentes utilizando IoT

TCC(graduação) - Universidade Federal de Santa Catarina. Centro Tecnológico. Ciências da Computação.Ambientes residenciais podem ser automatizados com o uso da Internet das Coisas, o que permite que várias tarefas sejam colocadas nas mãos de computadores. Uma dessas tarefas é a verificação de consumo de água de uma residência. Gastos exagerados ou vazamentos podem ocorrer em uma casa, e esses problemas podem passar despercebidos por muito tempo. Atualmente, a forma mais comum de evitar ou remediar tais problemas é ficar atento aos números do medidor de água, e saber interpretá-los. Este TCC propõe um sistema que automatiza a verificação e interpretação do consumo de água de uma casa, assim ajudando a reduzir gastos desnecessários e a identificar problemas (como vazamentos) de forma mais rápida e eficaz. O sistema inclui um sensor que faz as medições de água e as envia para um servidor programado em um Arduíno, o qual contabiliza o consumo total para vários períodos e também faz todos os cálculos necessários para identificar possíveis problemas.Residential environments can be automated using the Internet of Things, which allows multiple tasks to be handed over to computers. One of these tasks is to check the water consumption of a house. Excessive water usage or water leaks can occur in a house, and these problems can go undetected for a long time. Currently, the most common way to avoid or remedy such problems is to pay attention to the water meter's numbers and to know how to interpret them. This TCC proposes a system that automates the verification and interpretation of water consumption in a home, thus helping to reduce unnecessary expenses and to identify problems (such as leaks) more quickly and effectively. The system includes a sensor that makes water measurements and sends them to a server programmed in an Arduino, which counts the total consumption for several periods and also makes all the necessary calculations to identify possible problems

Cybersecurity Policy Development at the State Level: A Case Study of Middle Tennessee

Cybersecurity is a growing threat not only to nations, critical infrastructure, and major entities, but also to smaller organizations and individuals. The growing number of successful attacks on all manner of U.S. targets highlights the need for effective and comprehensive policy from the local to federal level, though most research focuses on federal policy issues, not state issues. The purpose of this study was to examine the effectiveness of the decision-making process within the current cybersecurity policy environment in a southern state of the United States. Sabatier\u27s advocacy coalition framework served as the theoretical framework for the study. Data were collected through 5 semistructured interviews with individuals who were either elected or appointed officials, emergency managers, or subject matter experts. These data were transcribed, then coded and analyzed with McCracken\u27s analytic categorization procedure. Participants recognized that the federal government provides some resources but acknowledged that action at the state level is largely funded through the state resulting in a network of dissimilar policies and protocols in states across the country. Findings also revealed that state leadership in some locations better grasps what resources are needed and is more likely to earmark in order to plan for unanticipated cybersecurity needs of the public. Analysis of study data also highlighted areas for future study and identified needed resources or areas of opportunity for creating a more comprehensive and effective cybersecurity policy environment. Implications for positive social change include recommendations for state and federal decision makers to engage in community partnerships in order to more effectively protect the public from cybersecurity threats

DEVELOPMENT OF A QUALITY MANAGEMENT ASSESSMENT TOOL TO EVALUATE SOFTWARE USING SOFTWARE QUALITY MANAGEMENT BEST PRACTICES

Organizations are constantly in search of competitive advantages in today’s complex global marketplace through improvement of quality, better affordability, and quicker delivery of products and services. This is significantly true for software as a product and service. With other things being equal, the quality of software will impact consumers, organizations, and nations. The quality and efficiency of the process utilized to create and deploy software can result in cost and schedule overruns, cancelled projects, loss of revenue, loss of market share, and loss of consumer confidence. Hence, it behooves us to constantly explore quality management strategies to deliver high quality software quickly at an affordable price. This research identifies software quality management best practices derived from scholarly literature using bibliometric techniques in conjunction with literature review, synthesizes these best practices into an assessment tool for industrial practitioners, refines the assessment tool based on academic expert review, further refines the assessment tool based on a pilot test with industry experts, and undertakes industry expert validation. Key elements of this software quality assessment tool include issues dealing with people, organizational environment, process, and technology best practices. Additionally, weights were assigned to issues of people, organizational environment, process, and technology best practices based on their relative importance, to calculate an overall weighted score for organizations to evaluate where they stand with respect to their peers in pursuing the business of producing quality software. This research study indicates that people best practices carry 40% of overall weight, organizational best v practices carry 30% of overall weight, process best practices carry 15% of overall weight, and technology best practices carry 15% of overall weight. The assessment tool that is developed will be valuable to organizations that seek to take advantage of rapid innovations in pursuing higher software quality. These organizations can use the assessment tool for implementing best practices based on the latest cutting edge management strategies that can lead to improved software quality and other competitive advantages in the global marketplace. This research contributed to the current academic literature in software quality by presenting a quality assessment tool based on software quality management best practices, contributed to the body of knowledge on software quality management, and expanded the knowledgebase on quality management practices. This research also contributed to current professional practice by incorporating software quality management best practices into a quality management assessment tool to evaluate software