127 research outputs found
A framework for securing email entrances and mitigating phishing impersonation attacks
Emails are used every day for communication, and many countries and
organisations mostly use email for official communications. It is highly valued
and recognised for confidential conversations and transactions in day-to-day
business. The Often use of this channel and the quality of information it
carries attracted cyber attackers to it. There are many existing techniques to
mitigate attacks on email, however, the systems are more focused on email
content and behaviour and not securing entrances to email boxes, composition,
and settings. This work intends to protect users' email composition and
settings to prevent attackers from using an account when it gets hacked or
hijacked and stop them from setting forwarding on the victim's email account to
a different account which automatically stops the user from receiving emails. A
secure code is applied to the composition send button to curtail insider
impersonation attack. Also, to secure open applications on public and private
devices
Targeted Attacks: Redefining Spear Phishing and Business Email Compromise
In today's digital world, cybercrime is responsible for significant damage to
organizations, including financial losses, operational disruptions, or
intellectual property theft. Cyberattacks often start with an email, the major
means of corporate communication. Some rare, severely damaging email threats -
known as spear phishing or Business Email Compromise - have emerged. However,
the literature disagrees on their definition, impeding security vendors and
researchers from mitigating targeted attacks. Therefore, we introduce targeted
attacks. We describe targeted-attack-detection techniques as well as
social-engineering methods used by fraudsters. Additionally, we present
text-based attacks - with textual content as malicious payload - and compare
non-targeted and targeted variants
Enhanced IoT Wi-Fi protocol standard’s security using secure remote password
In the Internet of Things (IoT) environment, a network of devices is connected to exchange information to perform a specific task. Wi-Fi technology plays a significant role in IoT based applications. Most of the Wi-Fi-based IoT devices are manufactured without proper security protocols. Consequently, the low-security model makes the IoT devices vulnerable to intermediate attacks. The attacker can quickly target a vulnerable IoT device and breaches that vulnerable device's connected network devices. So, this research suggests a password protection based security solution to enhance Wi-Fi-based IoT network security. This password protection approach utilizes the secure remote password protocol (SRPP) in Wi-Fi network protocols to avoid brute force attack and dictionary attack in Wi-Fi-based IoT applications. The performance of the IoT security solution is implemented and evaluated in the GNS3 simulator. The simulation analysis report shows that the suggested password protection approach supports scalability, integrity and data protection against intermediate attacks
ChatGPT for digital forensic investigation: The good, the bad, and the unknown
The disruptive application of ChatGPT (GPT-3.5, GPT-4) to a variety of domains has become a topic of much discussion in the scientific community and society at large. Large Language Models (LLMs), e.g., BERT, Bard, Generative Pre-trained Transformers (GPTs), LLaMA, etc., have the ability to take instructions, or prompts, from users and generate answers and solutions based on very large volumes of text-based training data. This paper assesses the impact and potential impact of ChatGPT on the field of digital forensics, specifically looking at its latest pre-trained LLM, GPT-4. A series of experiments are conducted to assess its capability across several digital forensic use cases including artefact understanding, evidence searching, code generation, anomaly detection, incident response, and education. Across these topics, its strengths and risks are outlined and a number of general conclusions are drawn. Overall this paper concludes that while there are some potential low-risk applications of ChatGPT within digital forensics, many are either unsuitable at present, since the evidence would need to be uploaded to the service, or they require sufficient knowledge of the topic being asked of the tool to identify incorrect assumptions, inaccuracies, and mistakes. However, to an appropriately knowledgeable user, it could act as a useful supporting tool in some circumstances
A multi-disciplinary framework for cyber attribution
Effective Cyber security is critical to the prosperity of any nation in the modern world. We have become
dependant upon this interconnected network of systems for a number of critical functions within society.
As our reliance upon this technology has increased, as has the prospective gains for malicious actors who
would abuse these systems for their own personal benefit, at the cost of legitimate users. The result has
been an explosion of cyber attacks, or cyber enabled crimes. The threat from hackers, organised criminals
and even nations states is ever increasing. One of the critical enablers to our cyber security is that of cyber
attribution, the ability to tell who is acting against our systems.
A purely technical approach to cyber attribution has been found to be ineffective in the majority of cases,
taking too narrow approach to the attribution problem. A purely technical approach will provide Indicators
Of Compromise (IOC) which is suitable for the immediate recovery and clean up of a cyber event. It
fails however to ask the deeper questions of the origin of the attack. This can be derived from a wider
set of analysis and additional sources of data. Unfortunately due to the wide range of data types and
highly specialist skills required to perform the deep level analysis there is currently no common framework
for analysts to work together towards resolving the attribution problem. This is further exasperated by a
communication barrier between the highly specialised fields and no obviously compatible data types.
The aim of the project is to develop a common framework upon which experts from a number of disciplines
can add to the overall attribution picture. These experts will add their input in the form of a library. Firstly
a process was developed to enable the creation of compatible libraries in different specialist fields. A series
of libraries can be used by an analyst to create an overarching attribution picture. The framework will
highlight any intelligence gaps and additionally an analyst can use the list of libraries to suggest a tool or
method to fill that intelligence gap.
By the end of the project a working framework had been developed with a number of libraries from a
wide range of technical attribution disciplines. These libraries were used to feed in real time intelligence
to both technical and nontechnical analysts who were then able to use this information to perform in depth
attribution analysis. The pictorial format of the framework was found to assist in the breaking down of
the communication barrier between disciplines and was suitable as an intelligence product in its own right,
providing a useful visual aid to briefings. The simplicity of the library based system meant that the process
was easy to learn with only a short introduction to the framework required
Pedagogical approaches for e-assessment with authentication and authorship verification in Higher Education
Checking the identity of students and authorship of their online submissions is a major concern in Higher Education due to the increasing amount of plagiarism and cheating using the Internet. The literature on the effects of e-authentication systems for teaching staff is very limited because it is a novel procedure for them. A considerable gap is to understand teaching staff’ views regarding the use of e-authentication instruments and how they impact trust in e-assessment. This mixed-method study examines the concerns and practices of 108 teaching staff who used the TeSLA - Adaptive Trust-based e-Assessment System in six countries: UK, Spain, Netherlands, Bulgaria, Finland and Turkey. The findings revealed some technological, organisational and pedagogical issues related to accessibility, security, privacy and e-assessment design and feedback. Recommendations are to provide: a FAQ and an audit report with results, to raise awareness about data security and privacy, to develop policies and guidelines about fraud detection and prevention, e-assessment best practices and course team support
Identifying Authorship Style in Malicious Binaries: Techniques, Challenges & Datasets
Attributing a piece of malware to its creator typically requires threat intelligence. Binary attribution increases the level of difficulty as it mostly relies upon the ability to disassemble binaries to identify authorship style. Our survey explores malicious author style and the adversarial techniques used by them to remain anonymous. We examine the adversarial impact on the state-of-the-art methods. We identify key findings and explore the open research challenges. To mitigate the lack of ground truth datasets in this domain, we publish alongside this survey the largest and most diverse meta-information dataset of 15,660 malware labeled to 164 threat actor groups
Accountable infrastructure and its impact on internet security and privacy
The Internet infrastructure relies on the correct functioning of the basic underlying protocols, which were designed for functionality. Security and privacy have been added post hoc, mostly by applying cryptographic means to different layers of communication. In the absence of accountability, as a fundamental property, the Internet infrastructure does not have a built-in ability to associate an action with the responsible entity, neither to detect or prevent misbehavior. In this thesis, we study accountability from a few different perspectives. First, we study the need of having accountability in anonymous communication networks as a mechanism that provides repudiation for the proxy nodes by tracing back selected outbound traffic in a provable manner. Second, we design a framework that provides a foundation to support the enforcement of the right to be forgotten law in a scalable and automated manner. The framework provides a technical mean for the users to prove their eligibility for content removal from the search results. Third, we analyze the Internet infrastructure determining potential security risks and threats imposed by dependencies among the entities on the Internet. Finally, we evaluate the feasibility of using hop count filtering as a mechanism for mitigating Distributed Reflective Denial-of-Service attacks, and conceptually show that it cannot work to prevent these attacks.Die Internet-Infrastrutur stützt sich auf die korrekte Ausführung zugrundeliegender Protokolle, welche mit Fokus auf Funktionalität entwickelt wurden. Sicherheit und Datenschutz wurden nachträglich hinzugefügt, hauptsächlich durch die Anwendung kryptografischer Methoden in verschiedenen Schichten des Protokollstacks. Fehlende Zurechenbarkeit, eine fundamentale Eigenschaft Handlungen mit deren Verantwortlichen in Verbindung zu bringen, verhindert jedoch, Fehlverhalten zu erkennen und zu unterbinden.
Diese Dissertation betrachtet die Zurechenbarkeit im Internet aus verschiedenen Blickwinkeln. Zuerst untersuchen wir die Notwendigkeit für Zurechenbarkeit in anonymisierten Kommunikationsnetzen um es Proxyknoten zu erlauben Fehlverhalten beweisbar auf den eigentlichen Verursacher zurückzuverfolgen. Zweitens entwerfen wir ein Framework, das die skalierbare und automatisierte Umsetzung des Rechts auf Vergessenwerden unterstützt. Unser Framework bietet Benutzern die technische Möglichkeit, ihre Berechtigung für die Entfernung von Suchergebnissen nachzuweisen. Drittens analysieren wir die Internet-Infrastruktur, um mögliche Sicherheitsrisiken und Bedrohungen aufgrund von Abhängigkeiten zwischen den verschiedenen beteiligten Entitäten zu bestimmen. Letztlich evaluieren wir die Umsetzbarkeit von Hop Count Filtering als ein Instrument DRDoS Angriffe abzuschwächen und wir zeigen, dass dieses Instrument diese Art der Angriffe konzeptionell nicht verhindern kann
- …