7,009 research outputs found
Malicious User Experience Design Research for Cybersecurity
This paper explores the factors and theory behind the user-centered research
that is necessary to create a successful game-like prototype, and user
experience, for malicious users in a cybersecurity context. We explore what is
known about successful addictive design in the fields of video games and
gambling to understand the allure of breaking into a system, and the joy of
thwarting the security to reach a goal or a reward of data. Based on the
malicious user research, game user research, and using the GameFlow framework,
we propose a novel malicious user experience design approac
Vulnerability anti-patterns:a timeless way to capture poor software practices (Vulnerabilities)
There is a distinct communication gap between the software engineering and cybersecurity communities when it comes to addressing reoccurring security problems, known as vulnerabilities. Many vulnerabilities are caused by software errors that are created by software developers. Insecure software development practices are common due to a variety of factors, which include inefficiencies within existing knowledge transfer mechanisms based on vulnerability databases (VDBs), software developers perceiving security as an afterthought, and lack of consideration of security as part of the software development lifecycle (SDLC). The resulting communication gap also prevents developers and security experts from successfully sharing essential security knowledge. The cybersecurity community makes their expert knowledge available in forms including vulnerability databases such as CAPEC and CWE, and pattern catalogues such as Security Patterns, Attack Patterns, and Software Fault Patterns. However, these sources are not effective at providing software developers with an understanding of how malicious hackers can exploit vulnerabilities in the software systems they create. As developers are familiar with pattern-based approaches, this paper proposes the use of Vulnerability Anti-Patterns (VAP) to transfer usable vulnerability knowledge to developers, bridging the communication gap between security experts and software developers. The primary contribution of this paper is twofold: (1) it proposes a new pattern template – Vulnerability Anti-Pattern – that uses anti-patterns rather than patterns to capture and communicate knowledge of existing vulnerabilities, and (2) it proposes a catalogue of Vulnerability Anti-Patterns (VAP) based on the most commonly occurring vulnerabilities that software developers can use to learn how malicious hackers can exploit errors in software
Towards Secure and Safe Appified Automated Vehicles
The advancement in Autonomous Vehicles (AVs) has created an enormous market
for the development of self-driving functionalities,raising the question of how
it will transform the traditional vehicle development process. One adventurous
proposal is to open the AV platform to third-party developers, so that AV
functionalities can be developed in a crowd-sourcing way, which could provide
tangible benefits to both automakers and end users. Some pioneering companies
in the automotive industry have made the move to open the platform so that
developers are allowed to test their code on the road. Such openness, however,
brings serious security and safety issues by allowing untrusted code to run on
the vehicle. In this paper, we introduce the concept of an Appified AV platform
that opens the development framework to third-party developers. To further
address the safety challenges, we propose an enhanced appified AV design schema
called AVGuard, which focuses primarily on mitigating the threats brought about
by untrusted code, leveraging theory in the vehicle evaluation field, and
conducting program analysis techniques in the cybersecurity area. Our study
provides guidelines and suggested practice for the future design of open AV
platforms
Algorithm Selection Framework for Cyber Attack Detection
The number of cyber threats against both wired and wireless computer systems
and other components of the Internet of Things continues to increase annually.
In this work, an algorithm selection framework is employed on the NSL-KDD data
set and a novel paradigm of machine learning taxonomy is presented. The
framework uses a combination of user input and meta-features to select the best
algorithm to detect cyber attacks on a network. Performance is compared between
a rule-of-thumb strategy and a meta-learning strategy. The framework removes
the conjecture of the common trial-and-error algorithm selection method. The
framework recommends five algorithms from the taxonomy. Both strategies
recommend a high-performing algorithm, though not the best performing. The work
demonstrates the close connectedness between algorithm selection and the
taxonomy for which it is premised.Comment: 6 pages, 7 figures, 1 table, accepted to WiseML '2
The future of Cybersecurity in Italy: Strategic focus area
This volume has been created as a continuation of the previous one, with the aim of outlining a set of focus areas and actions that the Italian Nation research community considers essential. The book touches many aspects of cyber security, ranging from the definition of the infrastructure and controls needed to organize cyberdefence to the actions and technologies to be developed to be better protected, from the identification of the main technologies to be defended to the proposal of a set of horizontal actions for training, awareness raising, and risk management
- …