Intrusion detection and management over the world wide web

As the Internet and society become ever more integrated so the number of Internet users continues to grow. Today there are 1.6 billion Internet users. They use its services to work from home, shop for gifts, socialise with friends, research the family holiday and manage their finances. Through generating both wealth and employment the Internet and our economies have also become interwoven. The growth of the Internet has attracted hackers and organised criminals. Users are targeted for financial gain through malware and social engineering attacks. Industry has responded to the growing threat by developing a range defences: antivirus software, firewalls and intrusion detection systems are all readily available. Yet the Internet security problem continues to grow and Internet crime continues to thrive. Warnings on the latest application vulnerabilities, phishing scams and malware epidemics are announced regularly and serve to heighten user anxiety. Not only are users targeted for attack but so too are businesses, corporations, public utilities and even states. Implementing network security remains an error prone task for the modern Internet user. In response this thesis explores whether intrusion detection and management can be effectively offered as a web service to users in order to better protect them and heighten their awareness of the Internet security threat

A general definition of malware

International audienceWe propose a general, formal definition of the concept of malware (malicious software) as a single sentence in the language of a certain modal logic. Our definition is general thanks to its abstract formulation, which, being abstract, is independent of--but nonetheless generally applicable to--the manifold concrete manifestations of malware. From our formulation of malware, we derive equally general and formal definitions of benware (benign software), anti-malware ("antibodies" against malware), and medware (medical software or "medicine" for affected software). We provide theoretical tools and practical techniques for the detection, comparison, and classification of malware and its derivatives. Our general defining principle is causation of (in)correctness

Ignorant Experts: Computer and Network Security Support From Internet Service Providers

The paper examines the advice and support provided by seven major Internet Service Providers in Australia through late 2009 and early 2010 in relation to computer and network security. Previous research has indicated that many end-users will attempt to utilise the support provided by Internet Service Providers as a simple and effective method by which to obtain key information in regards to computer security. This paper demonstrates that in many cases the individuals working at the help desk are either reluctant to provide IT security support or have insufficient skill to provide the correct information

Advances in modern botnet understanding and the accurate enumeration of infected hosts

Botnets remain a potent threat due to evolving modern architectures, inadequate remediation methods, and inaccurate measurement techniques. In response, this re- search exposes the architectures and operations of two advanced botnets, techniques to enumerate infected hosts, and pursues the scientific refinement of infected-host enu- meration data by recognizing network structures which distort measurement. This effort is motivated by the desire to reveal botnet behavior and trends for future mit- igation, methods to discover infected hosts for remediation in real time and threat assessment, and the need to reveal the inaccuracy in population size estimation when only counting IP addresses. Following an explanation of theoretical enumeration techniques, the architectures, deployment methodologies, and malicious output for the Storm and Waledac botnets are presented. Several tools developed to enumerate these botnets are then assessed in terms of performance and yield. Finally, this study documents methods that were developed to discover the boundaries and impact of NAT and DHCP blocks in network populations along with a footprint measurement based on relative entropy which better describes how uniformly infections communi- cate through their IP addresses. Population data from the Waledac botnet was used to evaluate these techniqu

Unauthorized Access

Going beyond current books on privacy and security, this book proposes specific solutions to public policy issues pertaining to online privacy and security. Requiring no technical or legal expertise, it provides a practical framework to address ethical and legal issues. The authors explore the well-established connection between social norms, privacy, security, and technological structure. They also discuss how rapid technological developments have created novel situations that lack relevant norms and present ways to develop these norms for protecting informational privacy and ensuring sufficient information security

Attribution, state responsibility, and the duty to prevent malicious cyber-attacks in international law

Malicious cyber-attacks, those cyber-attacks which do not rise to the level of force in international law, pose a significant problem to the international community. Attributing responsibility for malicious cyber-attacks is imperative if states are to respond and prevent the attacks from continuing. Unfortunately, due to both technical and legal issues attributing malicious cyber-attacks to the responsible state or non-state actor is difficult if not impossible in the vast majority of attacks. Even if an injured state may recursively trace the malicious cyber-attack to the responsible IP address, this is not enough under the current international customary law to hold a state or non-state actor responsible for the cyber-attack as it is virtually impossible to bridge the air gap between the computer system and end user to demonstrate affirmatively who initiated the attack. Even if a state could demonstrate the identity of the end user that initiated the attack, this is not enough to link the end user to the state for responsibility to lie under existing customary international law. As such this study was conducted to analyze the issue of malicious cyber-attacks as a matter of customary international law to ascertain mechanism to hold states responsible for malicious cyber-attacks which originate from a state’s sovereign territory. Specifically, this study addresses the issue of legal and technical attribution of malicious cyber-attacks for the purposes of holding states responsible for those attacks. This study argues that under existing customary international law attributing malicious cyber-attacks for the purpose of ascertaining state responsibility is difficult if not impossible. As such, this study proposes alternative theories, which already exist within customary international law, for holding states responsible for malicious cyber-attacks which originate from their sovereign territory. This study addresses alternative theories of state responsibility existing in customary international law such as those put forth in Trail Smelter and Corfu Channel and the theory of strict liability for ultra-hazardous activities. In addition, this study addresses the theory of indirect responsibility, the duty to prevent harm, and due diligence in cyber-space. Lastly this study analysis the impact of the post-9/11 invasion of Afghanistan by the United States and NATO forces and determines that a burgeoning rule of attribution may be present which would impact the attribution of malicious cyber-attacks to states. This study makes an original and important addition to the corpus of international law by addressing the issues of technical and legal attribution, state responsibility, and the duty to prevent malicious cyber-attacks as a matter of customary international law. This study is needed; malicious cyber-attacks implicate international law, as the majority are interstate in nature. However, international law currently has no paradigm, per se, in place to effectively deal with the issue of malicious cyber-attacks

Leveraging The Multi-Disciplinary Approach to Countering Organised Crime

This paper provides a high-level evaluation of organised crime and the threats arising from online organised crime, within a multi-disciplinary perspective. It draws on a range of academic, industry and other materials to distinguish the key characteristics of online organised crime and to identify some of the multi-disciplinary resources which are available to counter it. Real-life case studies and other examples, together with the Tables in the Appendices, are used to demonstrate how contemporary online organised crime is profit-driven and has a strong commercial focus. The paper is accompanied by a series of Appendices and Glossaries and a comprehensive Reference list (provided within a separate document to facilitate crossreferencing with this paper) that includes suggestions for further reading and research. Section Three begins by demonstrating how there are many possible approaches which can be taken towards organised crime, which may at first appear confusing, contradictory or overwhelming. It mentions that law enforcement is adopting a multidisciplinary approach and working in partnership with other sectors, including the business sector, to counter the problem. Next, the paper attempts to separate the ‘fact from the fiction’ of organised crime, highlighting the pitfalls of relying on any single source (for instance, media reports or statistics) when analysing the subject. It identifies reliable sources for information about organised crime (for instance, the United Nations Convention on Transnational Organised Crime and several established, academic sources) and aggregates some of the key organised crime characteristics from the sources within Tables 1 to 6 in Appendix A. Having established that, despite initial impressions, it is possible to obtain a consensus view about theoretical organised crime characteristics within carefully-defined parameters, the project aligns the theoretical criteria against real-life online organised crime case studies. This establishes that, although there are many similarities between terrestrial and online organised crime groups (OOCGs), the online groups also display characteristics which are unique to them, for instance a high dependence on the use of the Internet and transnational strategies. With regard to online involvement by ‘traditional’ organised crime groups such as the Mafia, the paper highlights that, although there is some indication in both the theoretical literature and the case studies that traditional organised crime groups are targeting the Internet, the evidence in the case studies suggests that involvement of traditional organised crime groups is not a dominant feature at the moment. In Section Four, the paper assumes a non-technical IS perspective and describes some of the vulnerable elements within information technology, especially within the structures of the Internet and the Web, which all offenders, including OOCGs, are exploiting. It explains some of the reasons why these vulnerabilities exist and why they are attractive to offenders. In particular, it highlights the serious threat which crimeware, which is often sold and distributed by OOCGs, poses to the Web environment. In Section Five, the paper shifts to a business perspective, emphasising the importance of understanding online organised crime business models and mentioning the work of particular authors whose work in this field adopts a multi-disciplinary approach. The paper then uses Morphological Analysis (MA) to demonstrate how a multidisciplinary approach to strategic analysis can utilise the skills and experience of IS/business professionals, as well as assisting them to manage the threat which OOCGs may pose to their business. The paper concludes with the observation from academic and industry sources that directly targeting the profit-making aspects of an online organised crime business may be one of the most effective responses to the problem