Malware in the Future? Forecasting of Analyst Detection of Cyber Events

There have been extensive efforts in government, academia, and industry to anticipate, forecast, and mitigate cyber attacks. A common approach is time-series forecasting of cyber attacks based on data from network telescopes, honeypots, and automated intrusion detection/prevention systems. This research has uncovered key insights such as systematicity in cyber attacks. Here, we propose an alternate perspective of this problem by performing forecasting of attacks that are analyst-detected and -verified occurrences of malware. We call these instances of malware cyber event data. Specifically, our dataset was analyst-detected incidents from a large operational Computer Security Service Provider (CSSP) for the U.S. Department of Defense, which rarely relies only on automated systems. Our data set consists of weekly counts of cyber events over approximately seven years. Since all cyber events were validated by analysts, our dataset is unlikely to have false positives which are often endemic in other sources of data. Further, the higher-quality data could be used for a number for resource allocation, estimation of security resources, and the development of effective risk-management strategies. We used a Bayesian State Space Model for forecasting and found that events one week ahead could be predicted. To quantify bursts, we used a Markov model. Our findings of systematicity in analyst-detected cyber attacks are consistent with previous work using other sources. The advanced information provided by a forecast may help with threat awareness by providing a probable value and range for future cyber events one week ahead. Other potential applications for cyber event forecasting include proactive allocation of resources and capabilities for cyber defense (e.g., analyst staffing and sensor configuration) in CSSPs. Enhanced threat awareness may improve cybersecurity.Comment: Revised version resubmitted to journa

A Neural Model of How The Brain Represents and Compares Numbers

Many psychophysical experiments have shown that the representation of numbers and numerical quantities in humans and animals is related to number magnitude. A neural network model is proposed to quantitatively simulate error rates in quantification and numerical comparison tasks, and reaction times for number priming and numerical assessment and comparison tasks. Transient responses to inputs arc integrated before they activate an ordered spatial map that selectively responds to the number of events in a sequence. The dynamics of numerical comparison are encoded in activity pattern changes within this spatial map. Such changes cause a "directional comparison wave" whose properties mimic data about numerical comparison. These model mechanisms are variants of neural mechanisms that have elsewhere been used to explain data about motion perception, attention shifts, and target tracking. Thus, the present model suggests how numerical representations may have emerged as specializations of more primitive mechanisms in the cortical Where processing stream.National Science Foundation (IRI-97-20333); Defense Advanced research Projects Agency and the Office of Naval Research (N00014-95-1-0409); National Institute of Health (1-R29-DC02952-01

Experimental Case Studies for Investigating E-Banking Phishing Techniques and Attack Strategies

Phishing is a form of electronic identity theft in which a combination of social engineering and web site spoofing techniques are used to trick a user into revealing confidential information with economic value. The problem of social engineering attack is that there is no single solution to eliminate it completely, since it deals largely with the human factor. This is why implementing empirical experiments is very crucial in order to study and to analyze all malicious and deceiving phishing website attack techniques and strategies. In this paper, three different kinds of phishing experiment case studies have been conducted to shed some light into social engineering attacks, such as phone phishing and phishing website attacks for designing effective countermeasures and analyzing the efficiency of performing security awareness about phishing threats. Results and reactions to our experiments show the importance of conducting phishing training awareness for all users and doubling our efforts in developing phishing prevention techniques. Results also suggest that traditional standard security phishing factor indicators are not always effective for detecting phishing websites, and alternative intelligent phishing detection approaches are needed

New Modes of Governance in Europe: Policy Making without Legislating? IHS Political Science Series: 2002, No. 81

The article analyzes new modes of governance in Europe. Firstly, different types of new governance, the open coordination method and voluntary accords, and their individual elements are identified. The theoretical discussion about them points out the reasons of their emergence, their mode of operation and the links to the ‘classical’ forms of decision-making. Secondly the simple question of the relative importance of new modes of governance in European policy-making is raised. Looking at the policy measures from the beginning of 2000 until July 2001, the analysis found that only a minority of measures can be considered new modes of governance, defined in the above terms. A third question raised concerns political institutional capacity. Finally the question or instrumental capacity or effectiveness is raised