Decision Support for Perceived Threat in the Context of Intrustion Detection Systems

The objective of this research is to propose a novel approach for using a behavioral biometric known as keystroke analysis, to facilitate decision making in the context of an intrusion detection system (IDS). Regardless of the situation, individuals have a specific baseline or disposition to decision making based on two psychological factors: (1) indecisiveness, and (2) intolerance of uncertainty. The IDS provides a probability of intrusion and a set of objective situational characteristics. We propose a decision support system that allows the decision maker to state a level of perceived threat and to vary the security thresholds that determines the false acceptance rates of the IDS. Our hypothesis is that perceived threat depends not only on the keystroke technology but also on the social context and disposition toward decision making of the user. This research tests this hypothesis and provides guidance in the design of better security systems

Advancing security information and event management frameworks in managed enterprises using geolocation

Includes bibliographical referencesSecurity Information and Event Management (SIEM) technology supports security threat detection and response through real-time and historical analysis of security events from a range of data sources. Through the retrieval of mass feedback from many components and security systems within a computing environment, SIEMs are able to correlate and analyse events with a view to incident detection. The hypothesis of this study is that existing Security Information and Event Management techniques and solutions can be complemented by location-based information provided by feeder systems. In addition, and associated with the introduction of location information, it is hypothesised that privacy-enforcing procedures on geolocation data in SIEMs and meta- systems alike are necessary and enforceable. The method for the study was to augment a SIEM, established for the collection of events in an enterprise service management environment, with geo-location data. Through introducing the location dimension, it was possible to expand the correlation rules of the SIEM with location attributes and to see how this improved security confidence. An important co-consideration is the effect on privacy, where location information of an individual or system is propagated to a SIEM. With a theoretical consideration of the current privacy directives and regulations (specifically as promulgated in the European Union), privacy supporting techniques are introduced to diminish the accuracy of the location information - while still enabling enhanced security analysis. In the context of a European Union FP7 project relating to next generation SIEMs, the results of this work have been implemented based on systems, data, techniques and resilient features of the MASSIF project. In particular, AlienVault has been used as a platform for augmentation of a SIEM and an event set of several million events, collected over a three month period, have formed the basis for the implementation and experimentation. A "brute-force attack" misuse case scenario was selected to highlight the benefits of geolocation information as an enhancement to SIEM detection (and false-positive prevention). With respect to privacy, a privacy model is introduced for SIEM frameworks. This model utilises existing privacy legislation, that is most stringent in terms of privacy, as a basis. An analysis of the implementation and testing is conducted, focusing equally on data security and privacy, that is, assessing location-based information in enhancing SIEM capability in advanced security detection, and, determining if privacy-enforcing procedures on geolocation in SIEMs and other meta-systems are achievable and enforceable. Opportunities for geolocation enhancing various security techniques are considered, specifically for solving misuse cases identified as existing problems in enterprise environments. In summary, the research shows that additional security confidence and insight can be achieved through the augmentation of SIEM event information with geo-location information. Through the use of spatial cloaking it is also possible to incorporate location information without com- promising individual privacy. Overall the research reveals that there are significant benefits for SIEMs to make use of geo-location in their analysis calculations, and that this can be effectively conducted in ways which are acceptable to privacy considerations when considered against prevailing privacy legislation and guidelines

Security Enhanced Applications for Information Systems

Every day, more users access services and electronically transmit information which is usually disseminated over insecure networks and processed by websites and databases, which lack proper security protection mechanisms and tools. This may have an impact on both the users’ trust as well as the reputation of the system’s stakeholders. Designing and implementing security enhanced systems is of vital importance. Therefore, this book aims to present a number of innovative security enhanced applications. It is titled “Security Enhanced Applications for Information Systems” and includes 11 chapters. This book is a quality guide for teaching purposes as well as for young researchers since it presents leading innovative contributions on security enhanced applications on various Information Systems. It involves cases based on the standalone, network and Cloud environments

A framework for comparing the security of voting schemes

We present a new framework to evaluate the security of voting schemes. We utilize the framework to compare a wide range of voting schemes, including practical schemes in realworld use and academic schemes with interesting theoretical properties. In the end we present our results in a neat comparison table. We strive to be unambiguous: we specify our threat model, assumptions and scope, we give definitions to the terms that we use, we explain every conclusion that we draw, and we make an effort to describe complex ideas in as simple terms as possible. We attempt to consolidate all important security properties from literature into a coherent framework. These properties are intended to curtail vote-buying and coercion, promote verifiability and dispute resolution, and prevent denial-of-service attacks. Our framework may be considered novel in that trust assumptions are an output of the framework, not an input. This means that our framework answers questions such as ”how many authorities have to collude in order to violate ballot secrecy in the Finnish paper voting scheme?

Optimizing Proactive Measures for Security Operations

Digital security threats may impact governments, businesses, and consumers through intellectual property theft, loss of physical assets, economic damages, and loss of confidence. Significant effort has been placed on technology solutions that can mitigate threat exposure. Additionally, hundreds of years of literature have focused on non-digital, human-centric strategies that proactively allow organizations to assess threats and implement mitigation plans. For both human and technology-centric solutions, little to no prior research exists on the efficacy of how humans employ digital security defenses. Security professionals are armed with commonly adopted "best practices" but are generally unaware of the particular artifacts and conditions (e.g., organizational culture, procurement processes, employee training/education) that may or may not make a particular environment well-suited for employing the best practices. In this thesis, I study proactive measures for security operations and related human factors to identify generalizable optimizations that can be applied for measurable increases in security. Through interview and survey methods, I investigate the human and organizational factors that shape the adoption and employment of defensive strategies. Case studies with partnered organizations and comprehensive evaluations of security programs reveal security gaps that many professionals were previously unaware of --- as well as opportunities for changes in security behaviors to mitigate future risk. These studies highlight that, in exemplar environments, the adoption of proactive security assessments and training programs lead to measurable improvements in organizations' security posture

Self-adaptive multi-agent systems for aided decision-making : an application to maritime surveillance

L'activité maritime s'est fortement développée ces dernières années et sert de support à de nombreuses activités illicites. Il est devenu nécessaire que les organismes impliqués dans la surveillance maritime disposent de systèmes efficaces pour les aider à identifier ces activités illicites. Les Systèmes de Surveillance Maritime doivent observer de manière efficace un espace maritime large, à identifier des anomalies de comportement des navires évoluant dans l'espace en question, et à déclencher des alertes documentées si ces anomalies amènent à penser que les navires ont un comportement suspect. Nous proposons un modèle générique de système multi-agents, que nous appelons MAS4AT, capable de remplir deux des différents rôles d'un système de surveillance : la représentation numérique des comportements des entités surveillées et des mécanismes d'apprentissage pour une meilleure efficacité. MAS4AT est intégré au système I2C.The maritime activity has widely grow in the last few years and is the witness of several illegal activities. It has become necessary that the organizations involved in the maritime surveillance possess efficient systems to help them in their identification. The maritime surveillance systems must observe a wide maritime area, identify the anomalies in the behaviours of the monitored ships et trigger alerts when these anomalies leads to a suspicious behavior. We propose a generic agent model, called MAS4AT, able to fulfil two main roles of a surveillance system: the numerical representation of the behaviours of the monitored entities and learning mechanisms for a better efficiency. MAS4AT is integrated in the system I2C

Antarctica: an inchoate threat to New Zealand’s Security: implications for national policy and the Armed Services

National interest has always exerted a significant influence over the geopolitical affairs of Antarctica. During the first half of the twentieth century national interest was fuelled by the inimical politics of whaling, which of itself created tension amongst those states that had a presence on the Antarctic continent. With the ratification of the Antarctic Treaty in 1961 international anxiety over the prospect of Antarctica becoming a superpower playground with nuclear overtones subsided and the world community accepted an obligation to forthwith protect the continent and its unique environment. However, the advent of the Treaty has not curbed the aspirations of state and non-state parties to exploit Antarctica for both its living and non-living resources. Commercial pressure to gain access to Antarctic resources is likely to intensify in the future once exploitable resources elsewhere in the world become increasingly scarce. Reserves of several strategic resources are projected to reach the point of commercial exhaustion within the first three decades of the 21st century. In the Arctic access to resources such as oil and fish continues to sour relations between otherwise friendly countries and was, in part, is responsible for the militarization of the Arctic Ocean region. If the Arctic represents Antarctica's prophetic twin then New Zealand will face an international relations dilemma unlike any it has previously confronted: should it defend its territorial claim over the Ross dependency or withdraw northwards to secure a Sub-Antarctic bastion? This is a rhetorical question for without being part of an amiable union of countries, securing the Ross dependency will be impossible for New Zealand to achieve. Given that such a union cannot be assured, it is in New Zealand's national interest to be militarily prepared to defend its Sub-Antarctic 'backyard'. Military preparedness in New Zealand is determined by national policy, an amalgam of foreign affairs and defence considerations, which in recent years have failed to recognise Antarctica as an inchoate security threat. Consequently, the New Zealand Defence Forces, despite recent capability upgrades, remain inappropriately equipped and ill-prepared to confront any challenge to the territorial integrity of New Zealand's Sub-Antarctic 'backyard' and the resources it may harbour