8,596 research outputs found
Adding Digital Forensic Readiness as a Security Component to the IoT Domain
The unique identities of remote sensing, monitoring, self-actuating, selfâadapting and self-configuring âthingsâ in Internet of Things (IoT) has come out as fundamental building blocks for the development of âsmart environmentsâ. This experience has begun to be felt across different IoT-based domains like healthcare, surveillance, energy systems, home appliances, industrial machines, smart grids and smart cities. These developments have, however, brought about a more complex and heterogeneous environment which is slowly becoming a home to cyber attackers. Digital Forensic Readiness (DFR) though can be employed as a mechanism for maximizing the potential use of digital evidence while minimizing the cost of conducting a digital forensic investigation process in IoT environments in case of an incidence. The problem addressed in this paper, therefore, is that at the time of writing this paper, there still exist no IoT architectures that have a DFR capability that is able to attain incident preparedness across IoT environments as a mechanism of preparing for post-event response process. It is on this premise, that the authors are proposing an architecture for incorporating DFR to IoT domain for proper planning and preparing in the case of security incidents. It is paramount to note that the DFR mechanism in IoT discussed in this paper complies with ISO/IEC 27043: 2015, 27030:2012 and 27017: 2015 international standards. It is the authorsâ opinion that the architecture is holistic and very significant in IoT forensics
Geometry-based Detection of Flash Worms
While it takes traditional internet worms hours to infect all the vulnerable hosts on the Internet, a flash worm takes seconds. Because of the rapid rate with which flash worms spread, the existing worm defense mechanisms cannot respond fast enough to detect and stop the flash worm infections. In this project, we propose a geometric-based detection mechanism that can detect the spread of flash worms in a short period of time. We tested the mechanism on various simulated flash worm traffics consisting of more than 10,000 nodes. In addition to testing on flash worm traffics, we also tested the mechanism on non-flash worm traffics to see if our detection mechanism produces false alarms. In order to efficiently analyze bulks of various network traffics, we implemented an application that can be used to convert the network traffic data into graphical notations. Using the application, the analysis can be done graphically as it displays the large amount of network relationships as tree structures
From Intrusion Detection to an Intrusion Response System: Fundamentals, Requirements, and Future Directions
In the past few decades, the rise in attacks on communication devices in networks has resulted in a reduction of network functionality, throughput, and performance. To detect and mitigate these network attacks, researchers, academicians, and practitioners developed Intrusion Detection Systems (IDSs) with automatic response systems. The response system is considered an important component of IDS, since without a timely response IDSs may not function properly in countering various attacks, especially on a real-time basis. To respond appropriately, IDSs should select the optimal response option according to the type of network attack. This research study provides a complete survey of IDSs and Intrusion Response Systems (IRSs) on the basis of our in-depth understanding of the response option for different types of network attacks. Knowledge of the path from IDS to IRS can assist network administrators and network staffs in understanding how to tackle different attacks with state-of-the-art technologies
Malware in the Future? Forecasting of Analyst Detection of Cyber Events
There have been extensive efforts in government, academia, and industry to
anticipate, forecast, and mitigate cyber attacks. A common approach is
time-series forecasting of cyber attacks based on data from network telescopes,
honeypots, and automated intrusion detection/prevention systems. This research
has uncovered key insights such as systematicity in cyber attacks. Here, we
propose an alternate perspective of this problem by performing forecasting of
attacks that are analyst-detected and -verified occurrences of malware. We call
these instances of malware cyber event data. Specifically, our dataset was
analyst-detected incidents from a large operational Computer Security Service
Provider (CSSP) for the U.S. Department of Defense, which rarely relies only on
automated systems. Our data set consists of weekly counts of cyber events over
approximately seven years. Since all cyber events were validated by analysts,
our dataset is unlikely to have false positives which are often endemic in
other sources of data. Further, the higher-quality data could be used for a
number for resource allocation, estimation of security resources, and the
development of effective risk-management strategies. We used a Bayesian State
Space Model for forecasting and found that events one week ahead could be
predicted. To quantify bursts, we used a Markov model. Our findings of
systematicity in analyst-detected cyber attacks are consistent with previous
work using other sources. The advanced information provided by a forecast may
help with threat awareness by providing a probable value and range for future
cyber events one week ahead. Other potential applications for cyber event
forecasting include proactive allocation of resources and capabilities for
cyber defense (e.g., analyst staffing and sensor configuration) in CSSPs.
Enhanced threat awareness may improve cybersecurity.Comment: Revised version resubmitted to journa
An Analytics Enabled Wireless Anti-Intruder Monitoring and Alarm System
Home intruder detection and alarm system rely on a number of factors to determine if an alarm should be
triggered. These factors depend greatly on the type of sensors used and the amount of analytical capability built into the alarm system. Presently, most home intruder detection and alarm systems in the market are highly prone to false alarms because they do not have any analytical capability. In this paper, an analytics enabled wireless anti-intruder monitoring and alarm system that is simple and low in cost is proposed. The proposed alarm system uses still images and the location of sensed motion within the premises of the home to help home owners make informed alarm triggering decisions. The designed security system offers the option of allowing
multiple key holders receive security alerts via the cellular networkâs Short Message Service (SMS). The system also gives the option of sending distress messages to the police or trusted neighbours
A Worst Practices Guide to Insider Threats: Lessons from Past Mistakes
Insider threats are perhaps the most serious challenges that nuclear security systems face. All of the cases of theft of nuclear materials where the circumstances of the theft are known were perpetrated either by insiders or with the help of insiders; given that the other cases involve bulk material stolen covertly without anyone being aware the material was missing, there is every reason to believe that they were perpetrated by insiders as well. Similarly, disgruntled workers from inside nuclear facilities have perpetrated many of the known incidents of nuclear sabotage. The most recent example of which we are aware is the apparent insider sabotage of a diesel generator at the San Onofre nuclear plant in the United States in 2012; the most spectacular was an incident three decades ago in which an insider placed explosives directly on the steel pressure vessel head of a nuclear reactor and then detonated them.While many such incidents, including the two just mentioned, appear to have been intended to send a message to management, not to spread radioactivity, they highlight the immense dangers that could arise from insiders with more malevolent intent. As it turns out, insiders perpetrate a large fraction of thefts from heavily guarded non-nuclear facilities as well. Yet organizations often find it difficult to understandand protect against insider threats. Why is this the case?Part of the answer is that there are deep organizational and cognitive biases that lead managers to downplay the threats insiders pose to their nuclear facilities and operations. But another part of the answer is that those managing nuclear security often have limited information about incidents that have happened in other countries or in other industries, and the lessons that might be learned from them.The IAEA and the World Institute for Nuclear Security (WINS) produce"best practices" guides as a way of disseminating ideas and procedures that have been identified as leading to improved security. Both have produced guides on protecting against insider threats.5 But sometimes mistakes are even moreinstructive than successes.Here, we are presenting a kind of "worst practices" guide of serious mistakes made in the past regarding insider threats. While each situation is unique, and serious insider problems are relatively rare, the incidents we describe reflect issues that exist in many contexts and that every nuclear security manager should consider. Common organizational practices -- such as prioritizing production over security, failure to share information across subunits, inadequate rules or inappropriate waiving of rules, exaggerated faith in group loyalty, and excessive focus on external threats -- can be seen in many past failures to protect against insider threats
CLASSIFYING AND RESPONDING TO NETWORK INTRUSIONS
Intrusion detection systems (IDS) have been widely adopted within the IT community, as
passive monitoring tools that report security related problems to system administrators.
However, the increasing number and evolving complexity of attacks, along with the
growth and complexity of networking infrastructures, has led to overwhelming numbers of
IDS alerts, which allow significantly smaller timeframe for a human to respond. The need
for automated response is therefore very much evident. However, the adoption of such
approaches has been constrained by practical limitations and administrators' consequent
mistrust of systems' abilities to issue appropriate responses.
The thesis presents a thorough analysis of the problem of intrusions, and identifies false
alarms as the main obstacle to the adoption of automated response. A critical examination
of existing automated response systems is provided, along with a discussion of why a new
solution is needed. The thesis determines that, while the detection capabilities remain
imperfect, the problem of false alarms cannot be eliminated. Automated response
technology must take this into account, and instead focus upon avoiding the disruption of
legitimate users and services in such scenarios. The overall aim of the research has
therefore been to enhance the automated response process, by considering the context of an
attack, and investigate and evaluate a means of making intelligent response decisions.
The realisation of this objective has included the formulation of a response-oriented
taxonomy of intrusions, which is used as a basis to systematically study intrusions and
understand the threats detected by an IDS. From this foundation, a novel Flexible
Automated and Intelligent Responder (FAIR) architecture has been designed, as the basis
from which flexible and escalating levels of response are offered, according to the context
of an attack. The thesis describes the design and operation of the architecture, focusing
upon the contextual factors influencing the response process, and the way they are
measured and assessed to formulate response decisions. The architecture is underpinned by
the use of response policies which provide a means to reflect the changing needs and
characteristics of organisations.
The main concepts of the new architecture were validated via a proof-of-concept prototype
system. A series of test scenarios were used to demonstrate how the context of an attack
can influence the response decisions, and how the response policies can be customised and
used to enable intelligent decisions. This helped to prove that the concept of flexible
automated response is indeed viable, and that the research has provided a suitable
contribution to knowledge in this important domain
Why We Cannot (Yet) Ensure the Cybersecurity of Safety-Critical Systems
There is a growing threat to the cyber-security of safety-critical systems.
The introduction of Commercial Off The Shelf (COTS) software, including
Linux, specialist VOIP applications and Satellite Based Augmentation Systems
across the aviation, maritime, rail and power-generation infrastructures has created
common, vulnerabilities. In consequence, more people now possess the technical
skills required to identify and exploit vulnerabilities in safety-critical systems.
Arguably for the first time there is the potential for cross-modal attacks
leading to future âcyber stormsâ. This situation is compounded by the failure of
public-private partnerships to establish the cyber-security of safety critical applications.
The fiscal crisis has prevented governments from attracting and retaining
competent regulators at the intersection of safety and cyber-security. In particular,
we argue that superficial similarities between safety and security have led
to security policies that cannot be implemented in safety-critical systems. Existing
office-based security standards, such as the ISO27k series, cannot easily be integrated
with standards such as IEC61508 or ISO26262. Hybrid standards such as
IEC 62443 lack credible validation. There is an urgent need to move beyond
high-level policies and address the more detailed engineering challenges that
threaten the cyber-security of safety-critical systems. In particular, we consider
the ways in which cyber-security concerns undermine traditional forms of safety
engineering, for example by invalidating conventional forms of risk assessment.
We also summarise the ways in which safety concerns frustrate the deployment of
conventional mechanisms for cyber-security, including intrusion detection systems
Pool Safety and Technology
Much has been much done to prevent unintentional drownings in swimming pools, especially for children. However it still remains a significant problem today. Working in coordination with the Consumer Product Safety Commission (CPSC), we researched aspects of the problem, focusing primarily on the contribution of technology and then developed concepts to help alleviate the problem. We made recommendations to the CPSC on how to further develop the Submersion Prevention Effectiveness Rating system and the Submersion Prevention System concepts we created
- âŠ