633 research outputs found
Command & Control: Understanding, Denying and Detecting - A review of malware C2 techniques, detection and defences
In this survey, we first briefly review the current state of cyber attacks,
highlighting significant recent changes in how and why such attacks are
performed. We then investigate the mechanics of malware command and control
(C2) establishment: we provide a comprehensive review of the techniques used by
attackers to set up such a channel and to hide its presence from the attacked
parties and the security tools they use. We then switch to the defensive side
of the problem, and review approaches that have been proposed for the detection
and disruption of C2 channels. We also map such techniques to widely-adopted
security controls, emphasizing gaps or limitations (and success stories) in
current best practices.Comment: Work commissioned by CPNI, available at c2report.org. 38 pages.
Listing abstract compressed from version appearing in repor
Evidence of complex contagion of information in social media: An experiment using Twitter bots
It has recently become possible to study the dynamics of information diffusion in techno-social systems at scale, due to the emergence of online platforms, such as Twitter, with millions of users. One question that systematically recurs is whether information spreads according to simple or complex dynamics: does each exposure to a piece of information have an independent probability of a user adopting it (simple contagion), or does this probability depend instead on the number of sources of exposure, increasing above some threshold (complex contagion)? Most studies to date are observational and, therefore, unable to disentangle the effects of confounding factors such as social reinforcement, homophily, limited attention, or network community structure. Here we describe a novel controlled experiment that we performed on Twitter using 'social bots' deployed to carry out coordinated attempts at spreading information. We propose two Bayesian statistical models describing simple and complex contagion dynamics, and test the competing hypotheses. We provide experimental evidence that the complex contagion model describes the observed information diffusion behavior more accurately than simple contagion. Future applications of our results include more effective defenses against malicious propaganda campaigns on social media, improved marketing and advertisement strategies, and design of effective network intervention techniques
Adversarial behaviours knowledge area
The technological advancements witnessed by our society in recent decades have brought
improvements in our quality of life, but they have also created a number of opportunities for
attackers to cause harm. Before the Internet revolution, most crime and malicious activity
generally required a victim and a perpetrator to come into physical contact, and this limited
the reach that malicious parties had. Technology has removed the need for physical contact
to perform many types of crime, and now attackers can reach victims anywhere in the world, as long as they are connected to the Internet. This has revolutionised the characteristics of crime and warfare, allowing operations that would not have been possible before. In this document, we provide an overview of the malicious operations that are happening on the Internet today. We first provide a taxonomy of malicious activities based on the attacker’s motivations and capabilities, and then move on to the technological and human elements that adversaries require to run a successful operation. We then discuss a number of frameworks that have been proposed to model malicious operations. Since adversarial behaviours are not a purely technical topic, we draw from research in a number of fields (computer science, criminology, war studies). While doing this, we discuss how these frameworks can be used by researchers and practitioners to develop effective mitigations against malicious online operations.Published versio
Graph Mining for Cybersecurity: A Survey
The explosive growth of cyber attacks nowadays, such as malware, spam, and
intrusions, caused severe consequences on society. Securing cyberspace has
become an utmost concern for organizations and governments. Traditional Machine
Learning (ML) based methods are extensively used in detecting cyber threats,
but they hardly model the correlations between real-world cyber entities. In
recent years, with the proliferation of graph mining techniques, many
researchers investigated these techniques for capturing correlations between
cyber entities and achieving high performance. It is imperative to summarize
existing graph-based cybersecurity solutions to provide a guide for future
studies. Therefore, as a key contribution of this paper, we provide a
comprehensive review of graph mining for cybersecurity, including an overview
of cybersecurity tasks, the typical graph mining techniques, and the general
process of applying them to cybersecurity, as well as various solutions for
different cybersecurity tasks. For each task, we probe into relevant methods
and highlight the graph types, graph approaches, and task levels in their
modeling. Furthermore, we collect open datasets and toolkits for graph-based
cybersecurity. Finally, we outlook the potential directions of this field for
future research
Study of Peer-to-Peer Network Based Cybercrime Investigation: Application on Botnet Technologies
The scalable, low overhead attributes of Peer-to-Peer (P2P) Internet
protocols and networks lend themselves well to being exploited by criminals to
execute a large range of cybercrimes. The types of crimes aided by P2P
technology include copyright infringement, sharing of illicit images of
children, fraud, hacking/cracking, denial of service attacks and virus/malware
propagation through the use of a variety of worms, botnets, malware, viruses
and P2P file sharing. This project is focused on study of active P2P nodes
along with the analysis of the undocumented communication methods employed in
many of these large unstructured networks. This is achieved through the design
and implementation of an efficient P2P monitoring and crawling toolset. The
requirement for investigating P2P based systems is not limited to the more
obvious cybercrimes listed above, as many legitimate P2P based applications may
also be pertinent to a digital forensic investigation, e.g, voice over IP,
instant messaging, etc. Investigating these networks has become increasingly
difficult due to the broad range of network topologies and the ever increasing
and evolving range of P2P based applications. In this work we introduce the
Universal P2P Network Investigation Framework (UP2PNIF), a framework which
enables significantly faster and less labour intensive investigation of newly
discovered P2P networks through the exploitation of the commonalities in P2P
network functionality. In combination with a reference database of known
network characteristics, it is envisioned that any known P2P network can be
instantly investigated using the framework, which can intelligently determine
the best investigation methodology and greatly expedite the evidence gathering
process. A proof of concept tool was developed for conducting investigations on
the BitTorrent network.Comment: This is a thesis submitted in fulfilment of a PhD in Digital
Forensics and Cybercrime Investigation in the School of Computer Science,
University College Dublin in October 201
- …