1,465 research outputs found
The Evolution of Android Malware and Android Analysis Techniques
Publisher policy: author can archive post-print on institutional repository. Publisher's version/PDF cannot be used. Publisher copyright and source must be acknowledged. Must link to publisher version with statement that this is the definitive version and DOI. Must state that version on repository is the authors versio
The Dynamics of Internet Traffic: Self-Similarity, Self-Organization, and Complex Phenomena
The Internet is the most complex system ever created in human history.
Therefore, its dynamics and traffic unsurprisingly take on a rich variety of
complex dynamics, self-organization, and other phenomena that have been
researched for years. This paper is a review of the complex dynamics of
Internet traffic. Departing from normal treatises, we will take a view from
both the network engineering and physics perspectives showing the strengths and
weaknesses as well as insights of both. In addition, many less covered
phenomena such as traffic oscillations, large-scale effects of worm traffic,
and comparisons of the Internet and biological models will be covered.Comment: 63 pages, 7 figures, 7 tables, submitted to Advances in Complex
System
Propagation, Detection and Containment of Mobile Malware.
Today's enterprise systems and networks are frequent targets of
malicious attacks, such as worms, viruses, spyware and intrusions
that can disrupt, or even disable critical services. Recent trends
suggest that by combining spyware as a malicious payload with worms
as a delivery mechanism, malicious programs can potentially be used
for industrial espionage and identity theft. The problem is
compounded further by the increasing convergence of wired, wireless
and cellular networks, since virus writers can now write malware
that can crossover from one network segment to another,
exploiting services and vulnerabilities specific to each network.
This dissertation makes four primary contributions. First, it builds
more accurate malware propagation models for emerging hybrid malware
(i.e., malware that use multiple propagation vectors such as
Bluetooth, Email, Peer-to-Peer, Instant Messaging, etc.), addressing
key propagation factors such as heterogeneity of nodes, services and
user mobility within the network. Second, it develops a proactive containment framework based on group-behavior of
hosts against such malicious agents in an enterprise setting. The
majority of today's anti-virus solutions are reactive, i.e., these
are activated only after a malicious activity has been detected at a
node in the network. In contrast, proactive containment has the
potential of closing the vulnerable services ahead of infection, and
thereby halting the spread of the malware. Third, we study (1) the
current-generation mobile viruses and worms that target SMS/MMS
messaging and Bluetooth on handsets, and the corresponding exploits,
and (2) their potential impact in a large SMS provider network using
real-life SMS network data. Finally, we propose a new behavioral
approach for detecting emerging malware targeting mobile handsets.
Our approach is based on the concept of generalized behavioral
patterns instead of traditional signature-based detection. The
signature-based methods are not scalable for deployment in mobile
devices due to limited resources available on today's typical
handsets. Further, we demonstrate that the behavioral approach not
only has a compact footprint, but also can detect new classes of
malware that combine some features from existing classes of malware.Ph.D.Computer Science & EngineeringUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttp://deepblue.lib.umich.edu/bitstream/2027.42/60849/1/abose_1.pd
Survival in the e-conomy: 2nd Australian information warfare & security conference 2001
This is an international conference for academics and industry specialists in information warfare, security, and other related fields. The conference has drawn participants from national and international organisations
Machine Learning based Anomaly Detection for Cybersecurity Monitoring of Critical Infrastructures
openManaging critical infrastructures requires to increasingly rely on Information and Communi-
cation Technologies. The last past years showed an incredible increase in the sophistication
of attacks. For this reason, it is necessary to develop new algorithms for monitoring these
infrastructures. In this scenario, Machine Learning can represent a very useful ally. After a
brief introduction on the issue of cybersecurity in Industrial Control Systems and an overview
of the state of the art regarding Machine Learning based cybersecurity monitoring, the
present work proposes three approaches that target different layers of the control network
architecture. The first one focuses on covert channels based on the DNS protocol, which can
be used to establish a command and control channel, allowing attackers to send malicious
commands. The second one focuses on the field layer of electrical power systems, proposing
a physics-based anomaly detection algorithm for Distributed Energy Resources. The third
one proposed a first attempt to integrate physical and cyber security systems, in order to face
complex threats. All these three approaches are supported by promising results, which gives
hope to practical applications in the next future.openXXXIV CICLO - SCIENZE E TECNOLOGIE PER L'INGEGNERIA ELETTRONICA E DELLE TELECOMUNICAZIONI - Elettromagnetismo, elettronica, telecomunicazioniGaggero, GIOVANNI BATTIST
Development and Validation of a Proof-of-Concept Prototype for Analytics-based Malicious Cybersecurity Insider Threat in a Real-Time Identification System
Insider threat has continued to be one of the most difficult cybersecurity threat vectors detectable by contemporary technologies. Most organizations apply standard technology-based practices to detect unusual network activity. While there have been significant advances in intrusion detection systems (IDS) as well as security incident and event management solutions (SIEM), these technologies fail to take into consideration the human aspects of personality and emotion in computer use and network activity, since insider threats are human-initiated. External influencers impact how an end-user interacts with both colleagues and organizational resources. Taking into consideration external influencers, such as personality, changes in organizational polices and structure, along with unusual technical activity analysis, would be an improvement over contemporary detection tools used for identifying at-risk employees. This would allow upper management or other organizational units to intervene before a malicious cybersecurity insider threat event occurs, or mitigate it quickly, once initiated.
The main goal of this research study was to design, develop, and validate a proof-of-concept prototype for a malicious cybersecurity insider threat alerting system that will assist in the rapid detection and prediction of human-centric precursors to malicious cybersecurity insider threat activity. Disgruntled employees or end-users wishing to cause harm to the organization may do so by abusing the trust given to them in their access to available network and organizational resources. Reports on malicious insider threat actions indicated that insider threat attacks make up roughly 23% of all cybercrime incidents, resulting in $2.9 trillion in employee fraud losses globally. The damage and negative impact that insider threats cause was reported to be higher than that of outsider or other types of cybercrime incidents. Consequently, this study utilized weighted indicators to measure and correlate simulated user activity to possible precursors to malicious cybersecurity insider threat attacks. This study consisted of a mixed method approach utilizing an expert panel, developmental research, and quantitative data analysis using the developed tool on simulated data set. To assure validity and reliability of the indicators, a panel of subject matter experts (SMEs) reviewed the indicators and indicator categorizations that were collected from prior literature following the Delphi technique. The SMEs’ responses were incorporated into the development of a proof-of-concept prototype. Once the proof-of-concept prototype was completed and fully tested, an empirical simulation research study was conducted utilizing simulated user activity within a 16-month time frame. The results of the empirical simulation study were analyzed and presented. Recommendations resulting from the study also be provided
Cybersecurity: Past, Present and Future
The digital transformation has created a new digital space known as
cyberspace. This new cyberspace has improved the workings of businesses,
organizations, governments, society as a whole, and day to day life of an
individual. With these improvements come new challenges, and one of the main
challenges is security. The security of the new cyberspace is called
cybersecurity. Cyberspace has created new technologies and environments such as
cloud computing, smart devices, IoTs, and several others. To keep pace with
these advancements in cyber technologies there is a need to expand research and
develop new cybersecurity methods and tools to secure these domains and
environments. This book is an effort to introduce the reader to the field of
cybersecurity, highlight current issues and challenges, and provide future
directions to mitigate or resolve them. The main specializations of
cybersecurity covered in this book are software security, hardware security,
the evolution of malware, biometrics, cyber intelligence, and cyber forensics.
We must learn from the past, evolve our present and improve the future. Based
on this objective, the book covers the past, present, and future of these main
specializations of cybersecurity. The book also examines the upcoming areas of
research in cyber intelligence, such as hybrid augmented and explainable
artificial intelligence (AI). Human and AI collaboration can significantly
increase the performance of a cybersecurity system. Interpreting and explaining
machine learning models, i.e., explainable AI is an emerging field of study and
has a lot of potentials to improve the role of AI in cybersecurity.Comment: Author's copy of the book published under ISBN: 978-620-4-74421-
- …