Cybersecurity: Past, Present and Future

The digital transformation has created a new digital space known as cyberspace. This new cyberspace has improved the workings of businesses, organizations, governments, society as a whole, and day to day life of an individual. With these improvements come new challenges, and one of the main challenges is security. The security of the new cyberspace is called cybersecurity. Cyberspace has created new technologies and environments such as cloud computing, smart devices, IoTs, and several others. To keep pace with these advancements in cyber technologies there is a need to expand research and develop new cybersecurity methods and tools to secure these domains and environments. This book is an effort to introduce the reader to the field of cybersecurity, highlight current issues and challenges, and provide future directions to mitigate or resolve them. The main specializations of cybersecurity covered in this book are software security, hardware security, the evolution of malware, biometrics, cyber intelligence, and cyber forensics. We must learn from the past, evolve our present and improve the future. Based on this objective, the book covers the past, present, and future of these main specializations of cybersecurity. The book also examines the upcoming areas of research in cyber intelligence, such as hybrid augmented and explainable artificial intelligence (AI). Human and AI collaboration can significantly increase the performance of a cybersecurity system. Interpreting and explaining machine learning models, i.e., explainable AI is an emerging field of study and has a lot of potentials to improve the role of AI in cybersecurity.Comment: Author's copy of the book published under ISBN: 978-620-4-74421-

Literature based Cyber Security Topics: Handbook

Cyber security is the practice of protecting systems, networks, and programs from digital attacks. These cyber attacks are usually aimed at accessing, changing, or destroying sensitive information; extorting money from users; or interrupting normal business processes. Cloud computing has emerged from the legacy data centres. Consequently, threats applicable in legacy system are equally applicable to cloud computing along with emerging new threats that plague only the cloud systems. Traditionally the data centres were hosted on-premises. Hence, control over the data was comparatively easier than handling a cloud system which is borderless and ubiquitous. Threats due to multi-tenancy, access from anywhere, control of cloud, etc. are some examples of why cloud security becomes important. Considering the significance of cloud security, this work is an attempt to understand the existing cloud service and deployment models, and the major threat factors to cloud security that may be critical in cloud environment. It also highlights various methods employed by the attackers to cause the damage. Cyber-attacks are highlighted as well. This work will be profoundly helpful to the industry and researchers in understanding the various cloud specific cyber-attack and enable them to evolve the strategy to counter them more effectively

ANALISIS ADDRESS RESOLUTION PROTOCOL POISONING ATTACK PADA ROUTER WLAN MENGGUNAKAN METODE LIVE FORENSICS

Nowdays, the development of technology makes technology a necessity for almost everyone.Various kinds of jobs can also be connected through a technology called the internet network.because it’s easy to use, some businesses and agencies are already using wireless local areanetwork technology, but most of them pay less attention to data communication security onwireless networks. One type of attack on on Wireless Local Area Network with open access is theaddress resolution protocol poisoning. By using it, attackers can find the data frames and modifyor even stop the internet traffic, because the data studied is in the form of volatile data that canbe found only in RAM storage or on network traffic, so the attack in this case can be analyzed byusing the live forensics method. Volatile data is temporary and will only exist when the system isstill on, so that digital evidence information and the behavior of the attacker who carried out theattack can be identified by using live forensics method. There is detection in this study using theIntrusion detection system Snort application which will send alerts when the system attackedPerkembangan teknologi pada zaman sekarang membuat hampir setiap orang menjadikanteknologi sebagai kebutuhan. Berbagai macam pekerjaan pun sudah dapat terkoneksi melaluiteknologi yang dinamakan jaringan internet. Beberapa badan usaha bahkan instansi sudah lebihmemilih menggunakan teknologi Wireless Local Area Network dikarenakan pemakaiannya yangsangat mudah, akan tetapi masih sangat sedikit yang memperhatikan keamanan komunikasi datapada jaringan wireless. Address Resolution Protocol Poisoning merupakan salah satu jenisserangan pada jaringan Wireless Local Area Network dengan akses terbuka. Dari cara tersebutpenyerang mampu mengendus data frame dan melakukan modifikasi traffic atau bahkanmenghentikan traffic internet. Pada kasus ini serangan dapat dianalisis menggunakan metodelive forensics karena data yang diteliti berupa volatile data yang hanya dapat ditemukan padapenyimpanan Random Access Memory atau pada traffic jaringan. Volatile data bersifatsementara dan hanya akan ada pada saat system masih menyala, sehingga informasi bukti digitalserta perilaku dari attacker yang melakukan serangan dapat diketahui menggunakan metode liveforensics. Terdapat pendeteksian pada penelitian ini dengan menggunakan aplikasi Intrusiondetection system Snort yang akan mengirimkan alert ketika sistem diserang

ANALISIS ADDRESS RESOLUTION PROTOCOL POISONING ATTACK PADA ROUTER WLAN MENGGUNAKAN METODE LIVE FORENSICS

Perkembangan teknologi pada zaman sekarang membuat hampir setiap orang menjadikan teknologi sebagai kebutuhan. Berbagai macam pekerjaan pun sudah dapat terkoneksi melalui teknologi yang dinamakan jaringan internet. Beberapa badan usaha bahkan instansi sudah lebih memilih menggunakan teknologi Wireless Local Area Network dikarenakan pemakaiannya yang sangat mudah, akan tetapi masih sangat sedikit yang memperhatikan keamanan komunikasi data pada jaringan wireless. Address Resolution Protocol Poisoning merupakan salah satu jenis serangan pada jaringan Wireless Local Area Network dengan akses terbuka. Dari cara tersebut penyerang mampu mengendus data frame dan melakukan modifikasi traffic atau bahkan menghentikan traffic internet. Pada kasus ini serangan dapat dianalisis menggunakan metode live forensics karena data yang diteliti berupa volatile data yang hanya dapat ditemukan pada penyimpanan Random Access Memory atau pada traffic jaringan. Volatile data bersifat sementara dan hanya akan ada pada saat system masih menyala, sehingga informasi bukti digital serta perilaku dari attacker yang melakukan serangan dapat diketahui menggunakan metode live forensics. Terdapat pendeteksian pada penelitian ini dengan menggunakan aplikasi Intrusion detection system Snort yang akan mengirimkan alert ketika sistem diserang

Anonymity, hacking and cloud computing forensic challenges

Cloud Computing is rising and becomes more complex with the daily addition of new technologies. Huge amounts of data transits through the Cloud networks. In the case of a cyber-attack, it can be difficult to analyze every single aspect of the Cloud. Legal challenges also exist due to the local positioning of Cloud servers. This research paper aims to alleviate the challenges in Cloud computing forensics and to sensitize businesses and governments to several solutions. The results of this research are relevant to cyber forensic analysts but also to network administrators and can be used during the preliminary stages of a Cloud computing environment creation. A complete test has been created using ethical hacking tools and cyber forensics to understand the steps of an investigation in a single service that could be implemented in a Cloud. The paper goes on to present frameworks that have been developed in order to maintain integrity and repetition. In the end, it is legal aspects and shortcomings in the technical structure implementation that represent the Cloud computing forensics’ main challenges

Forensic Evidence Identification and Modeling for Attacks against a Simulated Online Business Information System

Forensic readiness of business information systems can support future forensics investigation or auditing on external/internal attacks, internal sabotage and espionage, and business fraud. To establish forensics readiness, it is essential for an organization to identify which fingerprints are relevant and where they can be located, to determine whether they are logged in a forensically sound way and whether all the needed fingerprints are available to reconstruct the events successfully. Also, a fingerprint identification and locating mechanism should be provided to guide potential forensics investigation in the future. Furthermore, mechanisms should be established to automate the security incident tracking and reconstruction processes. In this research, external and internal attacks are first modeled as augmented attack trees based on the vulnerabilities of business information systems. Then, modeled attacks are conducted against a honeynet that simulates an online business information system, and a forensic investigation follows each attack. Finally, an evidence tree, which is expected to provide the necessary contextual information to automate the attack tracking and reconstruction process in the future, is built for each attack based on fingerprints identified and located within the system

An examination of the Asus WL-HDD 2.5 as a nepenthes malware collector

The Linksys WRT54g has been used as a host for network forensics tools for instance Snort for a long period of time. Whilst large corporations are already utilising network forensic tools, this paper demonstrates that it is quite feasible for a non-security specialist to track and capture malicious network traffic. This paper introduces the Asus Wireless Hard disk as a replacement for the popular Linksys WRT54g. Firstly, the Linksys router will be introduced detailing some of the research that was undertaken on the device over the years amongst the security community. It then briefly discusses malicious software and the impact this may have for a home user. The paper then outlines the trivial steps in setting up Nepenthes 0.1.7 (a malware collector) for the Asus WL-HDD 2.5 according to the Nepenthes and tests the feasibility of running the malware collector on the selected device. The paper then concludes on discussing the limitations of the device when attempting to execute Nepenthes

The Proceedings of 14th Australian Digital Forensics Conference, 5-6 December 2016, Edith Cowan University, Perth, Australia

Conference Foreword This is the fifth year that the Australian Digital Forensics Conference has been held under the banner of the Security Research Institute, which is in part due to the success of the security conference program at ECU. As with previous years, the conference continues to see a quality papers with a number from local and international authors. 11 papers were submitted and following a double blind peer review process, 8 were accepted for final presentation and publication. Conferences such as these are simply not possible without willing volunteers who follow through with the commitment they have initially made, and I would like to take this opportunity to thank the conference committee for their tireless efforts in this regard. These efforts have included but not been limited to the reviewing and editing of the conference papers, and helping with the planning, organisation and execution of the conference. Particular thanks go to those international reviewers who took the time to review papers for the conference, irrespective of the fact that they are unable to attend this year. To our sponsors and supporters a vote of thanks for both the financial and moral support provided to the conference. Finally, to the student volunteers and staff of the ECU Security Research Institute, your efforts as always are appreciated and invaluable. Yours sincerely, Conference Chair Professor Craig Valli Director, Security Research Institut