Applications of Machine Learning to Threat Intelligence, Intrusion Detection and Malware

Artificial Intelligence (AI) and Machine Learning (ML) are emerging technologies with applications to many fields. This paper is a survey of use cases of ML for threat intelligence, intrusion detection, and malware analysis and detection. Threat intelligence, especially attack attribution, can benefit from the use of ML classification. False positives from rule-based intrusion detection systems can be reduced with the use of ML models. Malware analysis and classification can be made easier by developing ML frameworks to distill similarities between the malicious programs. Adversarial machine learning will also be discussed, because while ML can be used to solve problems or reduce analyst workload, it also introduces new attack surfaces

Incident Analysis & Digital Forensics in SCADA and Industrial Control Systems

SCADA and industrial control systems have been traditionally isolated in physically protected environments. However, developments such as standardisation of data exchange protocols and increased use of IP, emerging wireless sensor networks and machine-to-machine communication mean that in the near future related threat vectors will require consideration too outside the scope of traditional SCADA security and incident response. In the light of the significance of SCADA for the resilience of critical infrastructures and the related targeted incidents against them (e.g. the development of stuxnet), cyber security and digital forensics emerge as priority areas. In this paper we focus on the latter, exploring the current capability of SCADA operators to analyse security incidents and develop situational awareness based on a robust digital evidence perspective. We look at the logging capabilities of a typical SCADA architecture and the analytical techniques and investigative tools that may help develop forensic readiness to the level of the current threat environment requirements. We also provide recommendations for data capture and retention

An Epistemological Inquiry into the Incorporation of Emergency Management Concept in the Homeland Security with a Post-Disaster Security Centric Focus

The historical roots of the Emergency Management concept in the U.S. date back to 19th century. As disasters occurred, policies relating to disaster response have been developed, and many statuary provisions, including several Federal Disaster Relief Acts, conceptually established the framework of Emergency Management. In 1979, with the foundation of the Federal Emergency Management Agency (FEMA), disaster relief efforts were finally institutionalized, and the federal government acknowledged that Emergency Management included mitigation, preparedness, response and recovery activities as abbreviated \u27MPRR.\u27 However, after 2000, the U.S. experienced two milestone events - the September 11 terrorist attacks in 2001 and Hurricane Katrina in 2005. Following the foundation of the Department of Homeland Security (DHS) in 2002, the definitional context of Emergency Management and its phases/components, simply its essence, evolved and was incorporated into many official documents differently, creating contextual inconsistencies. Recent key official documents embody epistemological problems that have the potential to traumatize the coherence of the Homeland Security contextual framework as well as to impose challenges theoretically to the education and training of Homeland Security/Emergency Management stakeholders. Furthermore, the conceptual design of the Emergency Support Functions (ESF) which have been defined within the context of the National Response Framework (NRF) displays similar problematic symptoms, and existing urban area Public Safety and Security planning processes have also not been supported by methodologies that are aligned with the post-disaster security requirements. To that end, the conceptual framework of Emergency Management and its incorporation in the Homeland Security global architecture should be revised and redefined to enhance coherence and reliability. Coherence in the contextual structure directly links to the system\u27s organizational structure and its viability functions. Also, holistic multi-dimensional system representations/abstractions, which would support appreciation of the system\u27s complex context, should be incorporated in policy documents to be utilized to educate the relevant stakeholders (individuals, teams, etc.) during the training/orientation programs. In addition, the NRF and its ESFs should be reviewed through a post-disaster security centric focus, since the post-disaster environment has unique characteristics that should be addressed by different approaches. In that sense, this dissertation develops a Post-Disaster Security Index (PDSI) Model that provides valuable insights for security agents and other Emergency Management and Homeland Security stakeholders

Eliciting People’s Conceptual Models of Activities and Systems

People using computer systems are required to work with the concepts implemented by system developers. If there is a poor fit between system concepts and users’ pre-existing conceptualisation of domain and task, this places a high workload on the user as they translate between their own conceptualisation and that imposed by the system. The focus of this paper is on how to identify users’ conceptualisations of a domain – ideally, prior to system implementation. For this, it is necessary to gather verbal data from people that allows them to articulate their conceptual models in ways that are not overly constrained by existing devices but allows them to articulate taken-for-granted knowledge. Possible study types include semi-structured interviews, contextual inquiry interviews and think-aloud protocols. The authors discuss how to design a study, covering choosing between different kinds of study, detailed planning of questions and tasks, data gathering, and preliminary data analysis

High-level information fusion for risk and accidents prevention in pervasive oil industry environments

Proceedings of: 12th International Conference on Practical Applications of Agents and Multi-Agent Systems, University of Salamanca (Spain), 4th-6th June, 2014.Information fusion studies theories and methods to effectively combine data from multiple sensors and related information to achieve more specific inferences that could be achieved by using a single, independent sensor. Information fused from sensors and data mining analysis has recently attracted the attention of the research community for real-world applications. In this sense, the deployment of an Intelligent Offshore Oil Industry Environment will help to figure out a risky scenario based on the events occurred in the past related to anomalies and the profile of the current employee (role, location, etc.). In this paper we propose an information fusion model for an intelligent oil environment in which employees are alerted about possible risk situations while their are moving around their working place. The layered architecture, implements a reasoning engine capable of intelligently filtering the context profile of the employee (role, location) for the feature selection of an inter-transaction mining process. Depending on the employee contextual information he will receive intelligent alerts based on the prediction model that use his role and his current location. This model provides the big picture about risk analysis for that employee at that place in that moment.This work was partially funded by CNPq BJT Project 407851/2012-