Mathematical Modeling of worm infection on computer in a Network: Case study in the Computer Laboratory, Mathematics Department, Diponegoro University, Indonesia

Worm infection were an infection that attack a computer, it work by multiplied itself after got into a computer and made it over work and caused a computer to slowing down. Worm spreading infection describe by nonlinear mathematic model form with VEISV (Vulnerable, Exposed, Infected, Secured) as the model. Worm free equilibrium and endemic equilibrium were calculated to obtain the stability analysis, and numeric solution were performed using data from Computer Laboratory, Mathematics Department of Faculty of Sciences and Mathematics, Diponegoro University using Runge-Kutta fourth-order method. From the result of stability analysis we obtained that worm free equilibrium were not stable and endemic equilibrium were locally asymptotically stable, and from the result of numeric solution every class proportion from model were obtained

Malware Propagation in Online Social Networks: Modeling, Analysis and Real-world Implementations

The popularity and wide spread usage of online social networks (OSNs) have attracted hackers and cyber criminals to use OSNs as an attack platform to spread malware. Over the last few years, Facebook users have experienced hundreds of malware attacks. A successful attack can lead to tens of millions of OSN accounts being compromised and computers being infected. Cyber criminals can mount massive denial of service attacks against Internet infrastructures or systems using compromised accounts and computers. Malware infecting a user's computer have the ability to steal login credentials and other confidential information stored on the computer, install ransomware and infect other computers on the same network. Therefore, it is important to understand propagation dynamics of malware in OSNs in order to detect, contain and remove them as early as possible. The objective of this dissertation is thus to model and study propagation dynamics of various types of malware in social networks such as Facebook, LinkedIn and Orkut. In particular, - we propose analytical models that characterize propagation dynamics of cross-site scripting and Trojan malware, the two major types of malware propagating in OSNs. Our models assume the topological characteristics of real-world social networks, namely, low average shortest distance, power-law distribution of node degrees and high clustering coefficient. The proposed models were validated using a real-world social network graph. - we present the design and implementation of a cellular botnet named SoCellBot that uses the OSN platform as a means to recruit and control cellular bots on smartphones. SoCellBot utilizes OSN messaging systems as communication channels between bots. We then present a simulation-based analysis of the botnet's strategies to maximize the number of infected victims within a short amount of time and, at the same time, minimize the risk of being detected. - we describe and analyze emerging malware threats in OSNs, namely, clickjacking, extension-based and Magnet malware. We discuss their implementations and working mechanics, and analyze their propagation dynamics via simulations. - we evaluate the performance of several selective monitoring schemes used for malware detection in OSNs. With selective monitoring, we select a set of important users in the network and monitor their and their friends activities and posts for malware threats. These schemes differ in how the set of important users is selected. We evaluate and compare the effectiveness of several selective monitoring schemes in terms of malware detection in OSNs

Cross-site Scripting Attack Detection Using Machine Learning with Hybrid Features

This study aims to measure the classification accuracy of XSS attacks by using a combination of two methods of determining feature characteristics, namely using linguistic computation and feature selection. XSS attacks have a certain pattern in their character arrangement, this can be studied by learners using n-gram modeling, but in certain cases XSS characteristics can contain a certain meta and synthetic this can be learned using feature selection modeling. From the results of this research, hybrid feature modeling gives good accuracy with an accuracy value of 99.87%, it is better than previous studies which the average is still below 99%, this study also tries to analyze the false positive rate considering that the false positive rate in attack detection is very influential for the convenience of the information security team, with the modeling proposed, the false positive rate is very small, namely 0.039%This study aims to measure the classification accuracy of XSS attacks by using a combination of two methods of determining feature characteristics, namely using linguistic computation and feature selection. XSS attacks have a certain pattern in their character arrangement, this can be studied by learners using n-gram modeling, but in certain cases XSS characteristics can contain a certain meta and synthetic this can be learned using feature selection modeling. From the results of this research, hybrid feature modeling gives good accuracy with an accuracy value of 99.87%, it is better than previous studies which the average is still below 99%, this study also tries to analyze the false positive rate considering that the false positive rate in attack detection is very influential for the convenience of the information security team, with the modeling proposed, the false positive rate is very small, namely 0.039

AVOIDIT IRS: An Issue Resolution System To Resolve Cyber Attacks

Cyber attacks have greatly increased over the years and the attackers have progressively improved in devising attacks against specific targets. Cyber attacks are considered a malicious activity launched against networks to gain unauthorized access causing modification, destruction, or even deletion of data. This dissertation highlights the need to assist defenders with identifying and defending against cyber attacks. In this dissertation an attack issue resolution system is developed called AVOIDIT IRS (AIRS). AVOIDIT IRS is based on the attack taxonomy AVOIDIT (Attack Vector, Operational Impact, Defense, Information Impact, and Target). Attacks are collected by AIRS and classified into their respective category using AVOIDIT.Accordingly, an organizational cyber attack ontology was developed using feedback from security professionals to improve the communication and reusability amongst cyber security stakeholders. AIRS is developed as a semi-autonomous application that extracts unstructured external and internal attack data to classify attacks in sequential form. In doing so, we designed and implemented a frequent pattern and sequential classification algorithm associated with the five classifications in AVOIDIT. The issue resolution approach uses inference to educate the defender on the plausible cyber attacks. The AIRS can work in conjunction with an intrusion detection system (IDS) to provide a heuristic to cyber security breaches within an organization. AVOIDIT provides a framework for classifying appropriate attack information, which is fundamental in devising defense strategies against such cyber attacks. The AIRS is further used as a knowledge base in a game inspired defense architecture to promote game model selection upon attack identification. Future work will incorporate honeypot attack information to improve attack identification, classification, and defense propagation.In this dissertation, 1,025 common vulnerabilities and exposures (CVEs) and over 5,000 lines of log files instances were captured in the AIRS for analysis. Security experts were consulted to create rules to extract pertinent information and algorithms to correlate identified data for notification. The AIRS was developed using the Codeigniter [74] framework to provide a seamless visualization tool for data mining regarding potential cyber attacks relative to web applications. Testing of the AVOIDIT IRS revealed a recall of 88%, precision of 93%, and a 66% correlation metric

Моделювання процесів розповсюдження шкідливого програмного забезпечення у комп'ютерних мережах

Об’єктом дослідження є соціальні та комп’ютерні мережі. Предметом дослідження є відповідні моделі та апарат комплексних мереж. Метою роботи є дослідження процесів розповсюдження шкідливого програмного забезпечення, у тому числі мережевих та XSS хробаків, у соціальних та комп’ютерних мережах із використанням апарату комплексних мереж, SIR моделей та клітинкового автомату, а також виявлення особливостей процесу розповсюдження шкідливого коду в комплексних мережах.The object of research is social and computer networks. The subject of research is the relevant models and apparatus of complex networks. The aim of the work is to study the processes of malware distribution, including network and XSS worms, in social and computer networks using the device of complex networks, SIR models and cellular automaton, as well as to identify features of malicious code distribution in complex networks

Reviewing effectivity in security approaches towards strengthening internet architecture

The usage of existing Internet architecture is shrouded by various security loopholes and hence is highly ineffective towards resisting potential threats over internet. Hence, it is claimed that future internet architecture has been evolved as a solution to address this security gaps of existing internet architecture. Therefore, this paper initiates its discussion by reviewing the existing practices of web security in conventional internet architecture and has also discussed about some recent solutions towards mitigating potentially reported threats e.g. cross-site scripting, SQL inject, and distributed denial-of-service. The paper has also discussed some of the recent research contribution towards security solution considering future internet architecture. The proposed manuscripts contributes to showcase the true effectiveness of existing approaches with respect to advantages and limitation of existing approaches along with explicit highlights of existing research problems that requires immediate attention

Cybersecurity, an approach via Pentesting; Ciberseguretat, una aproximació via Pentesting

This work is an approach to pentesting, an area of cybersecurity that consists of attacking computer environments to discover and exploit vulnerabilities, with the ultimate goal of documenting the attack and being able to gather information about the security of the system. A review of the basic concepts of information security and cybersecurity is included, i.e. types of malware such as viruses or Trojans, possible vulnerabilities such as 0- day or cross-site scripting (XSS) and finally concepts such as social engineering or brute force attacks. The details of the Kali Linux GNU/Linux distribution are described and some com mands and recommendations for optimizing pentesting are presented. The study of pentesting covers the legal bases, types, phases of execution, the most common tools and the OWASP organization and its role. As a practical part, a series of attack vectors are detailed with real examples and a pentesting test is performed on a machine in a controlled environment.Aquest treball és una aproximació al pentesting, una àrea de ciberseguretat que con sisteix en atacar entorns informàtics per descobrir i explotar vulnerabilitats, amb l’objectiu final de documentar l’atac i poder recopilar informació sobre la seguretat del sistema. S’inclou una revisió dels conceptes bàsics de seguretat de la informació i ciberse guretat, és a dir, tipus de malware com virus o troians, possibles vulnerabilitats com ara les 0-day o els cross-site scripting (XSS) i finalment conceptes com l’enginyeria social o els atacs de força bruta. Es descriuen els detalls de la distribució de Kali Linux de GNU/Linux i es presenten algunes ordres i recomanacions per optimitzar el pentesting. L’estudi de pentesting tracta les seves bases legals, els tipus, les fases d’execució, les eines més comunes, l’organització OWASP i el seu rol. Com a part pràctica, es detallen una sèrie de vectors d’atac amb exemples reals i es realitza una prova de pentesting en una màquina en un entorn controlat