Defacement Detection with Passive Adversaries

A novel approach to defacement detection is proposed in this paper, addressing explicitly the possible presence of a passive adversary. Defacement detection is an important security measure for Web Sites and Applications, aimed at avoiding unwanted modifications that would result in significant reputational damage. As in many other anomaly detection contexts, the algorithm used to identify possible defacements is obtained via an Adversarial Machine Learning process. We consider an exploratory setting, where the adversary can observe the detector’s alarm-generating behaviour, with the purpose of devising and injecting defacements that will pass undetected. It is then necessary to make to learning process unpredictable, so that the adversary will be unable to replicate it and predict the classifier’s behaviour. We achieve this goal by introducing a secret key—a key that our adversary does not know. The key will influence the learning process in a number of different ways, that are precisely defined in this paper. This includes the subset of examples and features that are actually used, the time of learning and testing, as well as the learning algorithm’s hyper-parameters. This learning methodology is successfully applied in this context, by using the system with both real and artificially modified Web sites. A year-long experimentation is also described, referred to the monitoring of the new Web Site of a major manufacturing company

Cybercrime vs Hacktivism: Do we need a differentiated regulatory approach?

Background and aims: Cybercrime is an issue that increases year on year, however rarely are the motivations behind these attacks investigated. More and more people are turning to the internet to protest with some scholars debating whether hacktivism is a social movement. This Dissertation uses networked social movement theory in order to establish if hacktivism is a social movement or whether it is simply a politically motivated form of cybercrime. While demonstrating hacktivism’s place in the social movement landscape this Dissertation will also analyse how hacktivism is currently regulated and whether the legislative and regulatory tools are appropriate. Methods: This Dissertation uses a multi-method approach to establish whether hacktivism could be considered to be a social movement. The first method used is a rhetorical analysis of the Twitter accounts from active hacktivist accounts. Tweets posted by these accounts are coded using Stewart’s functional approach to rhetoric used by social movements (1980) using MAXQDA’s content analysis software. The second method used is a descriptive statistical analysis of a number of publicly available datasets (Zone H; the Cambridge Computer Crime Database; DCMS’s Cyber Security Breaches Surveys from 2017-2021; an AnonOps Internet Relay Chat Channel; a sentiment analysis; the hack aggregator ‘Hackmageddon’) to establish hacktivism’s similarities and differences to both cybercrime and social movements. Results and Conclusions:: This Dissertation found that hacktivism is substantially different to cybercrime despite it being regulated as such based on the methods, targets and ideologies. Additionally, the Dissertation found that hacktivism could be considered to be a social movement based on similarities in their communications and motivations as well as the online parallels hacktivism has to social movement methods. The dissertation also found that due to the similarities hacktivism shares with traditional offline protests and hacktivism, the UK should look at the offline parallels when regulating hacktivism to ensure that the human rights of those taking part in hacktivist methods are not being quashed and are being upheld