Capital markets and e-fraud: policy note and concept paper for future study

The technological dependency of securities exchanges on internet-based (IP) platforms has dramatically increased the industry's exposure to reputation, market, and operational risks. In addition, the convergence of several innovations in the market are adding stress to these systems. These innovations affect everything from software to system design and architecture. These include the use of XML (extensible markup language) as the industry IP language, STP or straight through processing of data, pervasive or diffuse computing and grid computing, as well as the increased use of Internet and wireless. The fraud is not new, rather, the magnitude and speed by which fraud can be committed has grown exponentially due to the convergence of once private networks on-line. It is imperative that senior management of securities markets and brokerage houses be properly informed of the negative externalities associated with e-brokerage and the possible critical points of failure that exist in today's digitized financial sector as they grow into tomorrow's exchanges. The overwhelming issue regarding e-finance is to determine the true level of understanding that senior management has about on-line platforms, including the inherent risks and the depth of the need to use it wisely. Kellermann and McNevin attempt to highlight the various risks that have been magnified by the increasing digitalization of processes within the brokerage arena and explain the need for concerted research and analysis of these as well as the profound consequences that may entail without proper planning. An effective legal, regulatory, and enforcement framework is essential for creating the right incentive structure for market participants. The legal and regulatory framework should focus on the improvement of internal monitoring of risks and vulnerabilities, greater information sharing about these risks and vulnerabilities, education and training on the care and use of these technologies, and better reporting of risks and responses. Public/private partnerships and collaborations also are needed to create an electronic commerce (e-commerce) environment that is safe and sound.Environmental Economics&Policies,Insurance&Risk Mitigation,Financial Intermediation,ICT Policy and Strategies,Banks&Banking Reform

A survey of denial-of-service and distributed denial of service attacks and defenses in cloud computing

Cloud Computing is a computingmodel that allows ubiquitous, convenient and on-demand access to a shared pool of highly configurable resources (e.g., networks, servers, storage, applications and services). Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) attacks are serious threats to the Cloud services’ availability due to numerous new vulnerabilities introduced by the nature of the Cloud, such as multi-tenancy and resource sharing. In this paper, new types of DoS and DDoS attacks in Cloud Computing are explored, especially the XML-DoS and HTTP-DoS attacks, and some possible detection and mitigation techniques are examined. This survey also provides an overview of the existing defense solutions and investigates the experiments and metrics that are usually designed and used to evaluate their performance, which is helpful for the future research in the domain

A reputation framework for behavioural history: developing and sharing reputations from behavioural history of network clients

The open architecture of the Internet has enabled its massive growth and success by facilitating easy connectivity between hosts. At the same time, the Internet has also opened itself up to abuse, e.g. arising out of unsolicited communication, both intentional and unintentional. It remains an open question as to how best servers should protect themselves from malicious clients whilst offering good service to innocent clients. There has been research on behavioural profiling and reputation of clients, mostly at the network level and also for email as an application, to detect malicious clients. However, this area continues to pose open research challenges. This thesis is motivated by the need for a generalised framework capable of aiding efficient detection of malicious clients while being able to reward clients with behaviour profiles conforming to the acceptable use and other relevant policies. The main contribution of this thesis is a novel, generalised, context-aware, policy independent, privacy preserving framework for developing and sharing client reputation based on behavioural history. The framework, augmenting existing protocols, allows fitting in of policies at various stages, thus keeping itself open and flexible to implementation. Locally recorded behavioural history of clients with known identities are translated to client reputations, which are then shared globally. The reputations enable privacy for clients by not exposing the details of their behaviour during interactions with the servers. The local and globally shared reputations facilitate servers in selecting service levels, including restricting access to malicious clients. We present results and analyses of simulations, with synthetic data and some proposed example policies, of client-server interactions and of attacks on our model. Suggestions presented for possible future extensions are drawn from our experiences with simulation

A Survey on Botnet Attacks

Devices connected to the Internet are the target of numerous attacks to steal or exploit their resources. As these attacks become widespread (and sophisticated), the first step in protecting your organization is knowing exactly what you are facing. We currently have botnets that are the main source of network attacks such as spam, denial of service (DDoS), click fraud, data theft, Pass the Hash, and RDC attack. With the evolution of technology, we have several solutions to protect against attacks that undermine businesses, governments, individuals, but security attack methods are increasing daily. This study seeks further investigate botnet attacks and also provide a comparison of these attacks, lastly, the survey will create awareness for forthcoming botnet research endeavors