Evaluating the Provision of Botnet Defences using Translational Research Concepts.

Botnet research frequently draws on concepts from other fields. An example is the use of epidemiological models when studying botnet propagation, which facilitate an understanding of bot spread dynamics and the exploration of behavioural theory. Whilst the literature is rich with these models, it is lacking in work aimed at connecting the insights of theoretical research with day-to-day practice. To address this, we look at botnets through the lens of implementation science, a discipline from the field of translational research in health care, which is designed to evaluate the implementation process. In this paper, we explore key concepts of implementation science, and propose a framework-based approach to improve the provision of security measures to network entities. We demonstrate the approach using existing propagation models, and discuss the role of implementation science in malware defence

Modelling DoS Attacks & Interoperability in the Smart Grid

Smart grids perform the crucial role of delivering electricity to millions of people and driving today’s industries. However, the integration of physical operational technology (OT) with IT systems introduces many security challenges. Denial-of-Service (DoS) is a well-known IT attack with a large potential for damage within the smart grid. Whilst DoS is relatively well-understood in IT networks, the unique characteristics and requirements of smart grids bring up new challenges. In this paper, we examine this relationship and propose the OT impact chain to capture possible sequences of events resulting from an IT-side DoS attack. We then apply epidemic principles to explore the same dynamics using the proposed S-A-C model

Network anomaly detection using adversarial Deep Learning

Dissertação de mestrado integrado em Engenharia InformáticaComputer networks security is becoming an important and challenging topic. In particular, one currently witnesses increasingly complex attacks which are also bound to become more and more sophisticated with the advent of artificial intelligence technologies. Intrusion detection systems are a crucial component in network security. However, the limited number of publicly available network datasets and their poor traffic variety and attack diversity are a major stumbling block in the proper development of these systems. In order to overcome such difficulties and therefore maximise the detection of anomalies in the network, it is proposed the use of Adversarial Deep Learning techniques to increase the amount and variety of existing data and, simultaneously, to improve the learning ability of the classification models used for anomaly detection. This master’s dissertation main goal is the development of a system that proves capable of improving the detection of anomalies in the network through the use of Adversarial Deep Learning techniques, in particular, Generative Adversarial Networks. With this in mind, firstly, a state-of-the-art analysis and a review of existing solutions were addressed. Subsequently, efforts were made to build a modular solution to learn from imbalanced datasets with applications not only in the field of anomaly detection in the network, but also in all areas affected by imbalanced data problems. Finally, it was demonstrated the feasibility of the developed system with its application to a network flow dataset.A segurança das redes de computadores tem-se vindo a tornar num tópico importante e desafiador. Em particular, atualmente testemunham-se ataques cada vez mais complexos que, com o advento das tecnologias de inteligência artificial, tendem a tornar-se cada vez mais sofisticados. Sistemas de deteção de intrusão são uma peça chave na segurança de redes de computadores. No entanto, o número limitado de dados públicos de fluxo de rede e a sua pobre diversidade e variedade de ataques revelam-se num grande obstáculo para o correto desenvolvimento destes sistemas. De forma a ultrapassar tais adversidades e consequentemente melhorar a deteção de anomalias na rede, é proposto que sejam utilizadas técnicas de Adversarial Deep Learning para aumentar o número e variedade de dados existentes e, simultaneamente, melhorar a capacidade de aprendizagem dos modelos de classificação utilizados na deteção de anomalias. O objetivo principal desta dissertação de mestrado é o desenvolvimento de um sistema que se prove capaz de melhorar a deteção de anomalias na rede através de técnicas de Adversarial Deep Learning, em particular, através do uso de Generative Adversarial Networks. Neste sentido, primeiramente, procedeu-se à análise do estado de arte assim como à investigação de soluções existentes. Posteriormente, atuou-se de forma a desenvolver uma solução modular com aplicação não só na área de deteção de anomalias na rede, mas também em todas as áreas afetadas pelo problema de dados desbalanceados. Por fim, demonstrou-se a viabilidade do sistema desenvolvido com a sua aplicação a um conjunto de dados de fluxo de rede

A taxonomy of attacks and a survey of defence mechanisms for semantic social engineering attacks

Social engineering is used as an umbrella term for a broad spectrum of computer exploitations that employ a variety of attack vectors and strategies to psychologically manipulate a user. Semantic attacks are the specific type of social engineering attacks that bypass technical defences by actively manipulating object characteristics, such as platform or system applications, to deceive rather than directly attack the user. Commonly observed examples include obfuscated URLs, phishing emails, drive-by downloads, spoofed web- sites and scareware to name a few. This paper presents a taxonomy of semantic attacks, as well as a survey of applicable defences. By contrasting the threat landscape and the associated mitigation techniques in a single comparative matrix, we identify the areas where further research can be particularly beneficial

Methods for improving robustness against adversarial machine learning attacks

Machine learning systems can improve the efficiency of real-world tasks, including in the cyber security domain; however, these models are susceptible to adversarial attacks; indeed, an arms race exists between adversaries and defenders. The benefits of these systems have been accepted without fully considering their vulnerabilities, resulting in the deployment of vulnerable machine learning models in adversarial environments. For example, intrusion detection systems are relied upon to accurately discern between malicious and benign traffic but can be fooled into allowing malware onto a networks. Robustness is the stability of performance in well-trained models facing adversarial examples. This thesis tackles the urgent problem of improving the robustness of machine learning models, enabling safer deployments in adversarial domains. The logical outputs of this research are countermeasures against adversarial examples. Original contributions to knowledge are: a survey of adversarial machine learning in the cyber security domain, a generalizable approach for feature vulnerability and robustness assessment, and a constraint-based method of generating transferable functionality-preserving adversarial examples in an intrusion detection domain. Novel defences against adversarial examples are presented: Feature selection with recursive feature elimination, and hierarchical classification. Machine learning classifiers can be used in both visual and non-visual domains. Most research in adversarial machine learning considers the visual domain. A primary focus of this work is how adversarial attacks can be effectively used in non-visual domains, such as cyber security. For example, attackers may exploit weaknesses in an intrusion detection system classifier, enabling an intrusion to masquerade as benign traffic. Easily fooled systems are of limited use in critical areas such as cyber security. In future, more sophisticated adversarial attacks could be used by ransomware and malware authors to evade detection by machine learning Intrusion Detection Systems. Experiments in this thesis focus on intrusion detection case studies and use Python code and Python libraries: the CleverHans API, and the Adversarial Robustness Toolkit libraries to generate adversarial examples, and the HiClass library to facilitate Hierarchical Classification. An adversarial arms race is playing out in cyber security. Every time defences are improved, adversaries find new ways to breach networks. Currently, one of the most critical holes in defences are adversarial examples. This thesis examines the problem of robustness against adversarial examples for machine learning systems and contributes novel countermeasures, aiming to enable the deployment of machine learning in critical domains

Risk and threat mitigation techniques in internet of things (IoT) environments: a survey

Security in the Internet of Things (IoT) remains a predominant area of concern. Although several other surveys have been published on this topic in recent years, the broad spectrum that this area aims to cover, the rapid developments and the variety of concerns make it impossible to cover the topic adequately. This survey updates the state of the art covered in previous surveys and focuses on defences and mitigations against threats rather than on the threats alone, an area that is less extensively covered by other surveys. This survey has collated current research considering the dynamicity of the IoT environment, a topic missed in other surveys and warrants particular attention. To consider the IoT mobility, a life-cycle approach is adopted to the study of dynamic and mobile IoT environments and means of deploying defences against malicious actors aiming to compromise an IoT network and to evolve their attack laterally within it and from it. This survey takes a more comprehensive and detailed step by analysing a broad variety of methods for accomplishing each of the mitigation steps, presenting these uniquely by introducing a “defence-in-depth” approach that could significantly slow down the progress of an attack in the dynamic IoT environment. This survey sheds a light on leveraging redundancy as an inherent nature of multi-sensor IoT applications, to improve integrity and recovery. This study highlights the challenges of each mitigation step, emphasises novel perspectives, and reconnects the discussed mitigation steps to the ground principles they seek to implement

Leveraging The Multi-Disciplinary Approach to Countering Organised Crime

This paper provides a high-level evaluation of organised crime and the threats arising from online organised crime, within a multi-disciplinary perspective. It draws on a range of academic, industry and other materials to distinguish the key characteristics of online organised crime and to identify some of the multi-disciplinary resources which are available to counter it. Real-life case studies and other examples, together with the Tables in the Appendices, are used to demonstrate how contemporary online organised crime is profit-driven and has a strong commercial focus. The paper is accompanied by a series of Appendices and Glossaries and a comprehensive Reference list (provided within a separate document to facilitate crossreferencing with this paper) that includes suggestions for further reading and research. Section Three begins by demonstrating how there are many possible approaches which can be taken towards organised crime, which may at first appear confusing, contradictory or overwhelming. It mentions that law enforcement is adopting a multidisciplinary approach and working in partnership with other sectors, including the business sector, to counter the problem. Next, the paper attempts to separate the ‘fact from the fiction’ of organised crime, highlighting the pitfalls of relying on any single source (for instance, media reports or statistics) when analysing the subject. It identifies reliable sources for information about organised crime (for instance, the United Nations Convention on Transnational Organised Crime and several established, academic sources) and aggregates some of the key organised crime characteristics from the sources within Tables 1 to 6 in Appendix A. Having established that, despite initial impressions, it is possible to obtain a consensus view about theoretical organised crime characteristics within carefully-defined parameters, the project aligns the theoretical criteria against real-life online organised crime case studies. This establishes that, although there are many similarities between terrestrial and online organised crime groups (OOCGs), the online groups also display characteristics which are unique to them, for instance a high dependence on the use of the Internet and transnational strategies. With regard to online involvement by ‘traditional’ organised crime groups such as the Mafia, the paper highlights that, although there is some indication in both the theoretical literature and the case studies that traditional organised crime groups are targeting the Internet, the evidence in the case studies suggests that involvement of traditional organised crime groups is not a dominant feature at the moment. In Section Four, the paper assumes a non-technical IS perspective and describes some of the vulnerable elements within information technology, especially within the structures of the Internet and the Web, which all offenders, including OOCGs, are exploiting. It explains some of the reasons why these vulnerabilities exist and why they are attractive to offenders. In particular, it highlights the serious threat which crimeware, which is often sold and distributed by OOCGs, poses to the Web environment. In Section Five, the paper shifts to a business perspective, emphasising the importance of understanding online organised crime business models and mentioning the work of particular authors whose work in this field adopts a multi-disciplinary approach. The paper then uses Morphological Analysis (MA) to demonstrate how a multidisciplinary approach to strategic analysis can utilise the skills and experience of IS/business professionals, as well as assisting them to manage the threat which OOCGs may pose to their business. The paper concludes with the observation from academic and industry sources that directly targeting the profit-making aspects of an online organised crime business may be one of the most effective responses to the problem

Integrating Systems and Economic Models for Security Investments in the Presence of Dynamic Stochastic Shocks

Organizations deploy a number of security measures with differing intensities to protect their company’s information assets. These assets are found in various location within a company, with differing levels of security applied to them. Such measures protect the different aspects of the organization’s information systems, which are typically separated into three different attributes; confidentiality, integrity, and availability. We start by defining a system in terms of its locations, resources and processes to use as an underlying framework for our security model. We then systematically define the time evolution of all the three attributes when subjected to shocks aiming at degrading the system’s capacity. We shock each of the attributes of the system and trace the adjustment of the attributes and policy responses; we undertake this exercise for different types of organizations: a military weapons system operator, a financial firm or bank, a retail organization, and a medical research organization, producing their impulse-response functions to quantify their responses and speed of adjustment. This economic model is validated through various means, including Monte Carlo simulations. We find that organizations, although they react in similar ways to shocks to their attributes over time, and are able quickly to get back to their pre-shock states over time, differ in the intensity of their policy responses which differ depending upon the character of the organization

Security Technologies and Methods for Advanced Cyber Threat Intelligence, Detection and Mitigation

The rapid growth of the Internet interconnectivity and complexity of communication systems has led us to a significant growth of cyberattacks globally often with severe and disastrous consequences. The swift development of more innovative and effective (cyber)security solutions and approaches are vital which can detect, mitigate and prevent from these serious consequences. Cybersecurity is gaining momentum and is scaling up in very many areas. This book builds on the experience of the Cyber-Trust EU project’s methods, use cases, technology development, testing and validation and extends into a broader science, lead IT industry market and applied research with practical cases. It offers new perspectives on advanced (cyber) security innovation (eco) systems covering key different perspectives. The book provides insights on new security technologies and methods for advanced cyber threat intelligence, detection and mitigation. We cover topics such as cyber-security and AI, cyber-threat intelligence, digital forensics, moving target defense, intrusion detection systems, post-quantum security, privacy and data protection, security visualization, smart contracts security, software security, blockchain, security architectures, system and data integrity, trust management systems, distributed systems security, dynamic risk management, privacy and ethics