Graph Mining for Cybersecurity: A Survey

The explosive growth of cyber attacks nowadays, such as malware, spam, and intrusions, caused severe consequences on society. Securing cyberspace has become an utmost concern for organizations and governments. Traditional Machine Learning (ML) based methods are extensively used in detecting cyber threats, but they hardly model the correlations between real-world cyber entities. In recent years, with the proliferation of graph mining techniques, many researchers investigated these techniques for capturing correlations between cyber entities and achieving high performance. It is imperative to summarize existing graph-based cybersecurity solutions to provide a guide for future studies. Therefore, as a key contribution of this paper, we provide a comprehensive review of graph mining for cybersecurity, including an overview of cybersecurity tasks, the typical graph mining techniques, and the general process of applying them to cybersecurity, as well as various solutions for different cybersecurity tasks. For each task, we probe into relevant methods and highlight the graph types, graph approaches, and task levels in their modeling. Furthermore, we collect open datasets and toolkits for graph-based cybersecurity. Finally, we outlook the potential directions of this field for future research

Author Retains Full Rights

Software and systems complexity can have a profound impact on information security. Such complexity is not only imposed by the imperative technical challenges of monitored heterogeneous and dynamic (IP and VLAN assignments) network infrastructures, but also through the advances in exploits and malware distribution mechanisms driven by the underground economics. In addition, operational business constraints (disruptions and consequences, manpower, and end-user satisfaction), increase the complexity of the problem domain... Copyright SANS Institut

Cryptocurrency vs fiat currency: Architecture, algorithm, cashflow & ledger technology on emerging economy subtitle: The influential facts of cryptocurrency and fiat currency

Typically, electronic currency like digital or cryptocurrency both are influencing the world economy under the ledger technology, where as traditional fiat currency plays vital role in socio economy followed by conventional printing method. This review paper is basically focused on most influential facts behind the economical elements like the applicable operation via successful blockchain algorithm, architecture and mining operation based on contents from journal publications, online publications, news reports, seminars and workshops. Several aspects of crypto and fiat currencies are rolling on emergingeconomy, from this point, this paper tries to figure out how consensus algorithm and growing numbers of crypto and fiat currencies are performed with its existing pros and cons towards further developing process

USING BLOCKCHAIN TO BUILD DECENTRALIZED ACCESS CONTROL IN A PEER-TO-PEER E-LEARNING PLATFORM

In the context of E-learning platforms, the amount of research focusing on access control is proliferating. However, research related to the decentralized access control in this field is scarce. To improve such area of research, an innovative model of decentralized access control used to protect the collaborative peer-to-peer E-learning platform has been proposed. In this model, the integrity, authenticity, non-repudiation and traceability of E-learning resources are ensured by using Blockchain platform. Also, RESTful web service and Go/Java programming language will be used as tools to implement this model. A key metric is measured to evaluate the proposed model: average response time. To increase the accuracy, some experiments (144) have been carried out. The same experiment is conducted in two comparatively different network environment: Local Area Network (LAN) and Cloud Web Service (such as Amazon Web Service). LAN running environment represents the optimal condition while Cloud environment stands for the actual condition in the real world. When the number of clients in my proposed E-learning platform is relatively small (consisting of one to thirty concurrent clients interacting with E-learning resources), the average response time in the LAN environment is much faster (nearly 1.5 times) than that in Cloud environment. Nevertheless, when the number of clients is on a large scale, the difference of average response time between this two environment becomes insignificant. Besides, adding servers in both environments can increase the horizontal scalability. Furthermore, adding servers in Cloud environment can boost the system performance dramatically. However, extending the delay could have an impact on the system performance but negligible

An investigation into the current state of web based cryptominers and cryptojacking

The aim of this research was to conduct a review of the current state and extent of surreptitious crypto mining software and its prevalence as a means for income generation. Income is generated through the use of a viewer's browser to execute custom JavaScript code to mine cryptocurrencies such as Monero and Bitcoin. The research aimed to measure the prevalence of illicit mining scripts being utilised for “in-browser" cryptojacking while further analysing the ecosystems that support the cryptomining environment. The extent of the research covers aspects such as the content (or type) of the sites hosting malicious “in-browser" cryptomining software as well as the occurrences of currencies utilised in the cryptographic mining and the analysis of cryptographic mining code samples. This research aims to compare the results of previous work with the current state of affairs since the closure of Coinhive in March 2018. Coinhive were at the time the market leader in such web based mining services. Beyond the analysis of the prevalence of cryptomining on the web today, research into the methodologies and techniques used to detect and counteract cryptomining are also conducted. This includes the most recent developments in malicious JavaScript de-obfuscation as well as cryptomining signature creation and detection. Methodologies for heuristic JavaScript behaviour identification and subsequent identification of potential malicious out-liars are also included within the research of the countermeasure analysis. The research revealed that although no longer functional, Coinhive remained as the most prevalent script being used for “in-browser" cryptomining services. While remaining the most prevalent, there was however a significant decline in overall occurrences compared to when coinhive.com was operational. Analysis of the ecosystem hosting \in-browser" mining websites was found to be distributed both geographically as well as in terms of domain categorisations.Thesis (MSc) -- Faculty of Science, Computer Science, 202

Computational Resource Abuse in Web Applications

Internet browsers include Application Programming Interfaces (APIs) to support Web applications that require complex functionality, e.g., to let end users watch videos, make phone calls, and play video games. Meanwhile, many Web applications employ the browser APIs to rely on the user's hardware to execute intensive computation, access the Graphics Processing Unit (GPU), use persistent storage, and establish network connections. However, providing access to the system's computational resources, i.e., processing, storage, and networking, through the browser creates an opportunity for attackers to abuse resources. Principally, the problem occurs when an attacker compromises a Web site and includes malicious code to abuse its visitor's computational resources. For example, an attacker can abuse the user's system networking capabilities to perform a Denial of Service (DoS) attack against third parties. What is more, computational resource abuse has not received widespread attention from the Web security community because most of the current specifications are focused on content and session properties such as isolation, confidentiality, and integrity. Our primary goal is to study computational resource abuse and to advance the state of the art by providing a general attacker model, multiple case studies, a thorough analysis of available security mechanisms, and a new detection mechanism. To this end, we implemented and evaluated three scenarios where attackers use multiple browser APIs to abuse networking, local storage, and computation. Further, depending on the scenario, an attacker can use browsers to perform Denial of Service against third-party Web sites, create a network of browsers to store and distribute arbitrary data, or use browsers to establish anonymous connections similarly to The Onion Router (Tor). Our analysis also includes a real-life resource abuse case found in the wild, i.e., CryptoJacking, where thousands of Web sites forced their visitors to perform crypto-currency mining without their consent. In the general case, attacks presented in this thesis share the attacker model and two key characteristics: 1) the browser's end user remains oblivious to the attack, and 2) an attacker has to invest little resources in comparison to the resources he obtains. In addition to the attack's analysis, we present how existing, and upcoming, security enforcement mechanisms from Web security can hinder an attacker and their drawbacks. Moreover, we propose a novel detection approach based on browser API usage patterns. Finally, we evaluate the accuracy of our detection model, after training it with the real-life crypto-mining scenario, through a large scale analysis of the most popular Web sites