Associated Random Neural Networks for Collective Classification of Nodes in Botnet Attacks

Botnet attacks are a major threat to networked systems because of their ability to turn the network nodes that they compromise into additional attackers, leading to the spread of high volume attacks over long periods. The detection of such Botnets is complicated by the fact that multiple network IP addresses will be simultaneously compromised, so that Collective Classification of compromised nodes, in addition to the already available traditional methods that focus on individual nodes, can be useful. Thus this work introduces a collective Botnet attack classification technique that operates on traffic from an n-node IP network with a novel Associated Random Neural Network (ARNN) that identifies the nodes which are compromised. The ARNN is a recurrent architecture that incorporates two mutually associated, interconnected and architecturally identical n-neuron random neural networks, that act simultneously as mutual critics to reach the decision regarding which of n nodes have been compromised. A novel gradient learning descent algorithm is presented for the ARNN, and is shown to operate effectively both with conventional off-line training from prior data, and with on-line incremental training without prior off-line learning. Real data from a 107 node packet network is used with over 700,000 packets to evaluate the ARNN, showing that it provides accurate predictions. Comparisons with other well-known state of the art methods using the same learning and testing datasets, show that the ARNN offers significantly better performance

Community-Oriented Policing and Technological Innovations

Community-Oriented Policing; Police Studies; Policing and Technology; Predictive Policing; Policing Innovations; Crime Prevention and Intervention; Crime Detection; Fear of Crime; Urban Securit

Key Requirements for the Detection and Sharing of Behavioral Indicators of Compromise

[EN] Cyber threat intelligence feeds the focus on atomic and computed indicators of compromise. These indicators are the main source of tactical cyber intelligence most organizations benefit from. They are expressed in machine-readable formats, and they are easily loaded into security devices in order to protect infrastructures. However, their usefulness is very limited, specially in terms of time of life. These indicators can be useful when dealing with non-advanced actors, but they are easily avoided by advanced ones. To detect advanced actor¿s activities, an analyst must deal with behavioral indicators of compromise, which represent tactics, techniques and procedures that are not as common as the atomic and computed ones. In this paper, we analyze why these indicators are not widely used, and we identify key requirements for successful behavioral IOC detection, specification and sharing. We follow the intelligence cycle as the arranged sequence of steps for a defensive team to work, thereby providing a common reference for these teams to identify gaps in their capabilities.Villalón-Huerta, A.; Ripoll-Ripoll, I.; Marco-Gisbert, H. (2022). Key Requirements for the Detection and Sharing of Behavioral Indicators of Compromise. Electronics. 11(3):1-20. https://doi.org/10.3390/electronics1103041612011

A shared cyber threat intelligence solution for SMEs

Small- and medium-sized enterprises (SMEs) frequently experience cyberattacks, but often do not have the means to counter these attacks. Therefore, cybersecurity researchers and practitioners need to aid SMEs in their defence against cyber threats. Research has shown that SMEs require solutions that are automated and adapted to their context. In recent years, we have seen a surge in initiatives to share cyber threat intelligence (CTI) to improve collective cybersecurity resilience. Shared CTI has the potential to answer the SME call for automated and adaptable solutions. Sadly, as we demonstrate in this paper, current shared intelligence approaches scarcely address SME needs. We must investigate how shared CTI can be used to improve SME cybersecurity resilience. In this paper, we tackle this challenge using a systematic review to discover current state-of-the-art approaches to using shared CTI. We find that threat intelligence sharing platforms such as MISP have the potential to address SME needs, provided that the shared intelligence is turned into actionable insights. Based on this observation, we developed a prototype application that processes MISP data automatically, prioritises cybersecurity threats for SMEs, and provides SMEs with actionable recommendations tailored to their context. Subsequent evaluations in operational environments will help to improve our application, such that SMEs are enabled to thwart cyberattacks in future.Public Health and primary carePrevention, Population and Disease management (PrePoD

Analysis and Implementation of Threat Agents Profiles in Semi-Automated Manner for a Network Traffic in Real-Time Information Environment

© 2021 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/)Threat assessment is the continuous process of monitoring the threats identified in the network of the real-time informational environment of an organisation and the business of the companies. The sagacity and security assurance for the system of an organisation and company’s business seem to need that information security exercise to unambiguously and effectively handle the threat agent’s attacks. How is this unambiguous and effective way in the present-day state of information security practice working? Given the prevalence of threats in the modern information environment, it is essential to guarantee the security of national information infrastructure. However, the existing models and methodology are not addressing the attributes of threats like motivation, opportunity, and capability (C, M, O), and the critical threat intelligence (CTI) feed to the threat agents during the penetration process is ineffective, due to which security assurance arises for an organisation and the business of companies. This paper proposes a semi-automatic information security model, which can deal with situational awareness data, strategies prevailing information security activities, and protocols monitoring specific types of the network next to the real-time information environment. This paper looks over analyses and implements the threat assessment of network traffic in one particular real-time informational environment. To achieve this, we determined various unique attributes of threat agents from the Packet Capture Application Programming Interface (PCAP files/DataStream) collected from the network between the years 2012 and 2019.Peer reviewe

A comparative analysis of cyber-threat intelligence sources, formats and languages

The sharing of cyber-threat intelligence is an essential part of multi-layered tools used to protect systems and organisations from various threats. Structured standards, such as STIX, TAXII and CybOX, were introduced to provide a common means of sharing cyber-threat intelligence and have been subsequently much-heralded as the de facto industry standards. In this paper, we investigate the landscape of the available formats and languages, along with the publicly available sources of threat feeds, how these are implemented and their suitability for providing rich cyber-threat intelligence. We also analyse at a sample of cyber-threat intelligence feeds, the type of data they provide and the issues found in aggregating and sharing the data. Moreover, the type of data supported by various formats and languages is correlated with the data needs for several use cases related to typical security operations. The main conclusions drawn by our analysis suggest that many of the standards have a poor level of adoption and implementation, with providers opting for custom or traditional simple formats

al-Shabaab and Boko Haram: Recruitment Strategies

This paper is an examination of the membership recruitment strategies of two violent extremist organizations (VEOs), namely al-Shabaab and Boko Haram. The majority of the literature on VEOs concentrates on the conceptualization of terrorism, motivations for terrorism and counter-terrorism strategies, as well as a focus on the frequency of VEO attacks, number of fatalities and funding sources. The literature tends to portray poverty as the main driver of recruitment. The focus on recruitment strategies has been relatively recent. There is therefore still a lack of in-depth analyses on the processes of recruitment of specific extremist groups, and this impacts on the development of effective counter-insurgency policies and practices. We conclude that there is a need for more nuanced studies of recruitment practices, including radicalization strategies, of specific VEOs in Africa. This understanding of recruitment practices, particularly by VEOs such as Boko Haram and al-Shabaab, will enable more context specific counter-insurgency programmes that target the ability of these organizations to recruit and expand. There can be no one-size-fits-all approach to dealing with the challenge of violent extremism in Africa

A Novel Method of Spatiotemporal Dynamic Geo-Visualization of Criminal Data, Applied to Command and Control Centers for Public Safety

[EN] This article shows a novel geo-visualization method of dynamic spatiotemporal data that allows mobility and concentration of criminal activity to be study. The method was developed using, only and significantly, real data of Santiago de Cali (Colombia), collected by the Colombian National Police (PONAL). This method constitutes a tool that allows criminal influx to be analyzed by concentration, zone, time slot and date. In addition to the field experience of police commanders, it allows patterns of criminal activity to be detected, thereby enabling a better distribution and management of police resources allocated to crime deterrence, prevention and control. Additionally, it may be applied to the concepts of safe city and smart city of the PONAL within the architecture of Command and Control System (C2S) of Command and Control Centers for Public Safety. Furthermore, it contributes to a better situational awareness and improves the future projection, agility, efficiency and decision-making processes of police officers, which are all essential for fulfillment of police missions against crime. Finally, this was developed using an open source software, it can be adapted to any other city, be used with real-time data and be implemented, if necessary, with the geographic software of any other C2S.This work was co-funded by the European Commission as part of H2020 call SEC-12-FCT-2016-thrtopic3 under the project VICTORIA (No. 740754). This publication reflects the views only of the authors, and the Commission cannot be held responsible for any use which may be made of the information contained therein. The authors would like to thank Colombian National Police and its Office of Telematics for their support on development of this project.Salcedo-González, ML.; Suarez-Paez, JE.; Esteve Domingo, M.; Gomez, J.; Palau Salvador, CE. (2020). A Novel Method of Spatiotemporal Dynamic Geo-Visualization of Criminal Data, Applied to Command and Control Centers for Public Safety. ISPRS International Journal of Geo-Information. 9(3):1-17. https://doi.org/10.3390/ijgi9030160S11793Lacinák, M., & Ristvej, J. (2017). Smart City, Safety and Security. Procedia Engineering, 192, 522-527. doi:10.1016/j.proeng.2017.06.090Neumann, M., & Elsenbroich, C. (2016). Introduction: the societal dimensions of organized crime. Trends in Organized Crime, 20(1-2), 1-15. doi:10.1007/s12117-016-9294-zPhillips, P., & Lee, I. (2012). Mining co-distribution patterns for large crime datasets. Expert Systems with Applications, 39(14), 11556-11563. doi:10.1016/j.eswa.2012.03.071Linning, S. J. (2015). Crime seasonality and the micro-spatial patterns of property crime in Vancouver, BC and Ottawa, ON. Journal of Criminal Justice, 43(6), 544-555. doi:10.1016/j.jcrimjus.2015.05.007Spicer, V., & Song, J. (2017). The impact of transit growth on the perception of crime. Journal of Environmental Psychology, 54, 151-159. doi:10.1016/j.jenvp.2017.09.002Beland, L.-P., & Brent, D. A. (2018). Traffic and crime. Journal of Public Economics, 160, 96-116. doi:10.1016/j.jpubeco.2018.03.002Newspaper of National Circulation in Colombia, E.T. Robos en Trancones en El Tintal—Bogotá—.ELTIEMPO.COM https://www.eltiempo.com/bogota/robos-en-trancones-en-el-tintal-168226Nueva Modalidad de Atraco a Conductores en Los Trancones de Bogotá|ELESPECTADOR.COM http://www.elespectador.com/noticias/bogota/nueva-modalidad-de-atraco-conductores-en-los-trancones-de-bogota-articulo-697716Carrillo, P. E., Lopez-Luzuriaga, A., & Malik, A. S. (2018). Pollution or crime: The effect of driving restrictions on criminal activity. Journal of Public Economics, 164, 50-69. doi:10.1016/j.jpubeco.2018.05.007Twinam, T. (2017). Danger zone: Land use and the geography of neighborhood crime. Journal of Urban Economics, 100, 104-119. doi:10.1016/j.jue.2017.05.006Sadler, R. C., Pizarro, J., Turchan, B., Gasteyer, S. P., & McGarrell, E. F. (2017). Exploring the spatial-temporal relationships between a community greening program and neighborhood rates of crime. Applied Geography, 83, 13-26. doi:10.1016/j.apgeog.2017.03.017Roth, R. E., Ross, K. S., Finch, B. G., Luo, W., & MacEachren, A. M. (2013). Spatiotemporal crime analysis in U.S. law enforcement agencies: Current practices and unmet needs. Government Information Quarterly, 30(3), 226-240. doi:10.1016/j.giq.2013.02.001Sustainable Development Goals|UNDP https://www.undp.org/content/undp/en/home/sustainable-development-goals.htmlGiménez-Santana, A., Caplan, J. M., & Drawve, G. (2018). Risk Terrain Modeling and Socio-Economic Stratification: Identifying Risky Places for Violent Crime Victimization in Bogotá, Colombia. European Journal on Criminal Policy and Research, 24(4), 417-431. doi:10.1007/s10610-018-9374-5Kim, S., Jeong, S., Woo, I., Jang, Y., Maciejewski, R., & Ebert, D. S. (2018). Data Flow Analysis and Visualization for Spatiotemporal Statistical Data without Trajectory Information. IEEE Transactions on Visualization and Computer Graphics, 24(3), 1287-1300. doi:10.1109/tvcg.2017.2666146Kounadi, O., & Leitner, M. (2014). Spatial Information Divergence: Using Global and Local Indices to Compare Geographical Masks Applied to Crime Data. Transactions in GIS, 19(5), 737-757. doi:10.1111/tgis.12125Khalid, S., Shoaib, F., Qian, T., Rui, Y., Bari, A. I., Sajjad, M., … Wang, J. (2017). Network Constrained Spatio-Temporal Hotspot Mapping of Crimes in Faisalabad. Applied Spatial Analysis and Policy, 11(3), 599-622. doi:10.1007/s12061-017-9230-xLopez-Cuevas, A., Medina-Perez, M. A., Monroy, R., Ramirez-Marquez, J. E., & Trejo, L. A. (2018). FiToViz: A Visualisation Approach for Real-Time Risk Situation Awareness. IEEE Transactions on Affective Computing, 9(3), 372-382. doi:10.1109/taffc.2017.2741478Xue, Y., & Brown, D. E. (2006). Spatial analysis with preference specification of latent decision makers for criminal event prediction. Decision Support Systems, 41(3), 560-573. doi:10.1016/j.dss.2004.06.007Nakaya, T., & Yano, K. (2010). Visualising Crime Clusters in a Space-time Cube: An Exploratory Data-analysis Approach Using Space-time Kernel Density Estimation and Scan Statistics. Transactions in GIS, 14(3), 223-239. doi:10.1111/j.1467-9671.2010.01194.xAnuar, N. B., & Yap, B. W. (2018). Data Visualization of Violent Crime Hotspots in Malaysia. Soft Computing in Data Science, 350-363. doi:10.1007/978-981-13-3441-2_27Malik, A., Maciejewski, R., Towers, S., McCullough, S., & Ebert, D. S. (2014). Proactive Spatiotemporal Resource Allocation and Predictive Visual Analytics for Community Policing and Law Enforcement. IEEE Transactions on Visualization and Computer Graphics, 20(12), 1863-1872. doi:10.1109/tvcg.2014.2346926Arietta, S. M., Efros, A. A., Ramamoorthi, R., & Agrawala, M. (2014). City Forensics: Using Visual Elements to Predict Non-Visual City Attributes. IEEE Transactions on Visualization and Computer Graphics, 20(12), 2624-2633. doi:10.1109/tvcg.2014.2346446Hu, Y., Wang, F., Guin, C., & Zhu, H. (2018). A spatio-temporal kernel density estimation framework for predictive crime hotspot mapping and evaluation. Applied Geography, 99, 89-97. doi:10.1016/j.apgeog.2018.08.001Yang, D., Heaney, T., Tonon, A., Wang, L., & Cudré-Mauroux, P. (2017). CrimeTelescope: crime hotspot prediction based on urban and social media data fusion. World Wide Web, 21(5), 1323-1347. doi:10.1007/s11280-017-0515-4ToppiReddy, H. K. R., Saini, B., & Mahajan, G. (2018). Crime Prediction & Monitoring Framework Based on Spatial Analysis. Procedia Computer Science, 132, 696-705. doi:10.1016/j.procs.2018.05.075Devia, N., & Weber, R. (2013). Generating crime data using agent-based simulation. Computers, Environment and Urban Systems, 42, 26-41. doi:10.1016/j.compenvurbsys.2013.09.001Kuo, P.-F., Lord, D., & Walden, T. D. (2013). Using geographical information systems to organize police patrol routes effectively by grouping hotspots of crash and crime data. Journal of Transport Geography, 30, 138-148. doi:10.1016/j.jtrangeo.2013.04.006Camacho-Collados, M., & Liberatore, F. (2015). A Decision Support System for predictive police patrolling. Decision Support Systems, 75, 25-37. doi:10.1016/j.dss.2015.04.012Kagawa, T., Saiki, S., & Nakamura, M. (2019). Analyzing street crimes in Kobe city using PRISM. International Journal of Web Information Systems, 15(2), 183-200. doi:10.1108/ijwis-04-2018-0032Jentner, W., Sacha, D., Stoffel, F., Ellis, G., Zhang, L., & Keim, D. A. (2018). Making machine intelligence less scary for criminal analysts: reflections on designing a visual comparative case analysis tool. The Visual Computer, 34(9), 1225-1241. doi:10.1007/s00371-018-1483-0Suarez-Paez, J., Salcedo-Gonzalez, M., Esteve, M., Gómez, J. A., Palau, C., & Pérez-Llopis, I. (2018). Reduced computational cost prototype for street theft detection based on depth decrement in Convolutional Neural Network. Application to Command and Control Information Systems (C2IS) in the National Police of Colombia. International Journal of Computational Intelligence Systems, 12(1), 123. doi:10.2991/ijcis.2018.25905186Suarez-Paez, J., Salcedo-Gonzalez, M., Climente, A., Esteve, M., Gómez, J. A., Palau, C. E., & Pérez-Llopis, I. (2019). A Novel Low Processing Time System for Criminal Activities Detection Applied to Command and Control Citizen Security Centers. Information, 10(12), 365. doi:10.3390/info10120365Esteve, M., Perez-Llopis, I., & Palau, C. E. (2013). Friendly Force Tracking COTS solution. IEEE Aerospace and Electronic Systems Magazine, 28(1), 14-21. doi:10.1109/maes.2013.6470440Esteve, M., Perez-Llopis, I., Hernandez-Blanco, L. E., Palau, C. E., & Carvajal, F. (2007). SIMACOP: Small Units Management C4ISR System. Multimedia and Expo, 2007 IEEE International Conference on. doi:10.1109/icme.2007.4284862OpenStreetMap http://www.openstreetmap.or

Exploring the Shift from Physical to Cybercrime at the Onset of the COVID-19 Pandemic

The novel coronavirus has made an impact on virtually every aspect of our lives. The current study utilizes secondary data to identify patterns and trends related to shifting crime from the physical to the cyber domain. With millions, if not billions, people staying at home, attackers now look for new ways to commit crimes. Our findings indicate that while a lot of crimes such as robbery, assault, rape, and murder have declined at the beginning of the pandemic, we are also witnessing a rise in cybercrime, vehicle theft, and domestic violence. The current study looks specifically at phishing and what new trends are observed due to COVID-19. The current work is grounded in routine activity theory and demonstrates its relevance to both the physical and cyberspace. The implications of our work can be used by scholars who want to continue researching this new phenomenon. Practitioners can utilize our findings to look for ways to improve the corporate security posture by protecting the employees and customers working from home. Developing new phishing training and awareness programs should be focused around possible scenarios involving COVID-19. Our study suggests victims are more likely to fall prey to those during times of fear and uncertainty like the current pandemic

CNA Tactics and Techniques: A Structure Proposal

[EN] Destructive and control operations are today a major threat for cyber physical systems. These operations, known as Computer Network Attack (CNA), and usually linked to state-sponsored actors, are much less analyzed than Computer Network Exploitation activities (CNE), those related to intelligence gathering. While in CNE operations the main tactics and techniques are defined and well structured, in CNA there is a lack of such consensuated approaches. This situation hinders the modeling of threat actors, which prevents an accurate definition of control to identify and to neutralize malicious activities. In this paper, we propose the first global approach for CNA operations that can be used to map real-world activities. The proposal significantly reduces the amount of effort need to identify, analyze, and neutralize advanced threat actors targeting cyber physical systems. It follows a logical structure that can be easy to expand and adapt.Villalón-Huerta, A.; Ripoll-Ripoll, I.; Marco-Gisbert, H. (2021). CNA Tactics and Techniques: A Structure Proposal. Journal of Sensor and Actuator Networks. 10(1):1-23. https://doi.org/10.3390/jsan10010014S12310