43 research outputs found
Awareness and perception of phishing variants from Policing, Computing and Criminology students in Canterbury Christ Church University
This study focuses on gauging awareness of different phishing communication students in the School of Law, Policing and Social Sciences and the School of Engineering, Technology and Design in Canterbury Christ Church University and their perception of different phishing variants. There is an exploration of the underlying factors in which students fall victim to different types of phishing attacks from questionnaires and a focus group. The students’ perception of different types of phishing variants was varied from the focus group and anonymised questionnaires. A total of 177 respondents participated in anonymised questionnaires in the study. Students were asked a mixture of scenario-based questions on different phishing attacks, their awareness levels of security tools that can be used against some phishing variants, and if they received any phishing emails in the past. Additionally, 6 computing students in a focus group discussed different types of phishing attacks and recommended potential security countermeasures against them. The vulnerabilities and issues of anti-phishing software, firewalls, and internet browsers that have security toolbars are explained in the study against different types of phishing attacks.
The focus group was with computing students and their knowledge about certain phishing variants was limited. The discussion within the focus group was gauging the computing students' understanding and awareness of phishing variants. The questionnaire data collection sample was with first year criminology and final year policing students which may have influenced the results of the questionnaire in terms of their understanding, security countermeasures, and how they identify certain phishing variants. The anonymised questionnaire awareness levels on different types of phishing fluctuated in terms of lack of awareness on certain phishing variants. Some criminology and policing students either did not know about phishing variants or had limited knowledge about different types of phishing communication, security countermeasures, the identifying features of a phishing message, and the precautions they should take against phishing variants from fraudsters
Columbia Chronicle (10/13/2014)
Student newspaper from October 13, 2014 entitled The Columbia Chronicle. This issue is 44 pages and is listed as Volume 50, Number 7. Cover story: College reboots its fundraising Editor-in-Chief: Tyler Eaglehttps://digitalcommons.colum.edu/cadc_chronicle/1917/thumbnail.jp
Free Culture and the Digital Library Symposium Proceedings 2005: Proceedings of a Symposium held on October 14, 2005 at Emory University, Atlanta, Georgia.
Outlines the themes and contributions of the Free Culture and the Digital Library Symposium.The article provides a summary of the conflict of interests between those who seek to preserve ashared commons of information for society and those who seek to commodify information. Iintroduce a theoretical framework called Transmediation to help explain the changes in mediathat society is currently experiencing
Cost-effective Detection of Drive-by-Download Attacks with Hybrid Client Honeypots
With the increasing connectivity of and reliance on computers and networks,
important aspects of computer systems are under a constant threat.
In particular, drive-by-download attacks have emerged as a new threat to
the integrity of computer systems. Drive-by-download attacks are clientside
attacks that originate fromweb servers that are visited byweb browsers.
As a vulnerable web browser retrieves a malicious web page, the malicious
web server can push malware to a user's machine that can be executed
without their notice or consent.
The detection of malicious web pages that exist on the Internet is prohibitively
expensive. It is estimated that approximately 150 million malicious
web pages that launch drive-by-download attacks exist today. Socalled
high-interaction client honeypots are devices that are able to detect
these malicious web pages, but they are slow and known to miss attacks.
Detection ofmaliciousweb pages in these quantitieswith client honeypots
would cost millions of US dollars.
Therefore, we have designed a more scalable system called a hybrid
client honeypot. It consists of lightweight client honeypots, the so-called
low-interaction client honeypots, and traditional high-interaction client
honeypots. The lightweight low-interaction client honeypots inspect web
pages at high speed and forward only likely malicious web pages to the
high-interaction client honeypot for a final classification.
For the comparison of client honeypots and evaluation of the hybrid
client honeypot system, we have chosen a cost-based evaluation method:
the true positive cost curve (TPCC). It allows us to evaluate client honeypots
against their primary purpose of identification of malicious web
pages. We show that costs of identifying malicious web pages with the
developed hybrid client honeypot systems are reduced by a factor of nine
compared to traditional high-interaction client honeypots.
The five main contributions of our work are:
High-Interaction Client Honeypot The first main contribution of
our work is the design and implementation of a high-interaction
client honeypot Capture-HPC. It is an open-source, publicly available
client honeypot research platform, which allows researchers and
security professionals to conduct research on malicious web pages
and client honeypots. Based on our client honeypot implementation
and analysis of existing client honeypots, we developed a component
model of client honeypots. This model allows researchers to
agree on the object of study, allows for focus of specific areas within
the object of study, and provides a framework for communication of
research around client honeypots.
True Positive Cost Curve As mentioned above, we have chosen a
cost-based evaluationmethod to compare and evaluate client honeypots
against their primary purpose of identification ofmaliciousweb
pages: the true positive cost curve. It takes into account the unique
characteristics of client honeypots, speed, detection accuracy, and resource
cost and provides a simple, cost-based mechanism to evaluate
and compare client honeypots in an operating environment. As
such, the TPCC provides a foundation for improving client honeypot
technology. The TPCC is the second main contribution of our work.
Mitigation of Risks to the Experimental Design with HAZOP - Mitigation
of risks to internal and external validity on the experimental
design using hazard and operability (HAZOP) study is the third
main contribution. This methodology addresses risks to intent (internal
validity) as well as generalizability of results beyond the experimental
setting (external validity) in a systematic and thorough
manner.
Low-Interaction Client Honeypots - Malicious web pages are usually
part of a malware distribution network that consists of several
servers that are involved as part of the drive-by-download attack.
Development and evaluation of classification methods that assess
whether a web page is part of a malware distribution network is the
fourth main contribution.
Hybrid Client Honeypot System - The fifth main contribution is the
hybrid client honeypot system. It incorporates the mentioned classification
methods in the form of a low-interaction client honeypot
and a high-interaction client honeypot into a hybrid client honeypot
systemthat is capable of identifying malicious web pages in a cost effective
way on a large scale. The hybrid client honeypot system outperforms
a high-interaction client honeypot with identical resources
and identical false positive rate
Rights on news : expanding copyright on the internet
Defence date: 18 February 2020Examining Board: Prof. Giovanni Sartor, EUI (Supervisor); Prof. Pier Luigi Parcu, EUI; Prof. Lionel Bently, University of Cambridge; Prof. Christophe Geiger, University of StrasbourgThe internet and digital technologies have irreversibly changed the way we find and consume news. Legacy news organisations, publishers of newspapers, have moved to the internet. In the online news environment, however, they are no longer the exclusive suppliers of news. New digital intermediaries have emerged, search engines and news aggregators in particular. They select and display links and fragments of press publishers’ content as a part of their services, without seeking the news organisations’ prior consent. To shield themselves from exploitation by digital intermediaries, press publishers have begun to seek legal protection, and called for the introduction of a new right under the umbrella of copyright and related rights. Following these calls, the press publishers’ right was introduced into the EU copyright framework by the Directive on Copyright in the Digital Single Market in 2019
U.S. strategic cyber deterrence options
The U.S. government appears incapable of creating an adequate strategy to alter the
behavior of the wide variety of malicious actors seeking to inflict harm or damage through
cyberspace. This thesis provides a systematic analysis of contemporary deterrence
strategies and offers the U.S. the strategic option of active cyber defense designed for
continuous cybered conflict. It examines the methods and motivations of the wide array of
malicious actors operating in the cyber domain. The thesis explores how the theories of
strategy and deterrence underpin the creation of strategic deterrence options and what role
deterrence plays with respect to strategies, as a subset, a backup, an element of one or another
strategic choice. It looks at what the government and industry are doing to convince
malicious actors that their attacks will fail and that risk of consequences exists. The thesis
finds that contemporary deterrence strategies of retaliation, denial and entanglement lack
the conditions of capability, credibility, and communications that are necessary to change
the behavior of malicious actors in cyberspace. This research offers a midrange theory of
active cyber defense as a way to compensate for these failings through internal systemic
resilience and tailored disruption capacities that both frustrate and punish the wide range of
malicious actors regardless of origin or intentions. The thesis shows how active cyber defense
is technically capable and legally viable as an alternative strategy in the U.S. to strengthen
the deterrence of cyber attacks
The Treatment of Advanced Persistent Threats on Windows Based Systems
Advanced Persistent Threat (APT) is the name given to individuals or groups
who write malicious software (malware) and who have the intent to perform actions
detrimental to the victim or the victims' organisation. This thesis investigates ways in
which it is possible to treat APTs before, during and after the malware has been laid
down on the victim's computer. The scope of the thesis is restricted to desktop and
laptop computers with hard disk drives. APTs have different motivations for their
work and this thesis is agnostic towards their origin and intent.
Anti-malware companies freely present the work of APTs in many ways but
summarise mainly in the form of white papers. Individually, pieces of these works
give an incomplete picture of an APT but in aggregate it is possible to construct a
view of APT families and pan-APT commonalities by comparing and contrasting the
work of many anti-malware companies; it as if there are alot of the pieces of a jigsaw
puzzle but there is no box lid available with the complete picture. In addition,
academic papers provide proof of concept attacks and observations, some of which
may become used by malware writers. Gaps in, and extensions to, the public
knowledge may be filled through inference, implication, interpolation and
extrapolation and form the basis for this thesis.
The thesis presents a view of where APTs lie on windows-based systems. It
uses this view to create and build generic views of where APTs lie on Hard Disc
Drives on Windows based systems using the Lockheed Martin Cyber Kill Chain.
This is then used to treat APTs on Windows based IT systems using purpose-built
software in such a way that the malware is negated by. The thesis does not claim to find all malware on but it demonstrates how to increase the cost of doing business for APTs, for example by overwriting unused disc space so APTs cannot place malware there.
The software developed was able to find Indicators of Compromise on all eight Hard Disc Drives provided for analysis. Separately, from a corpus of 228 files
known to be associated with malware it identified approximately two thirds as Indicators of Compromise
Stepping Up the Cybersecurity Game: Protecting Online Services from Malicious Activity
The rise in popularity of online services such as social networks,web-based emails, and blogs has made them a popular platform for attackers.Cybercriminals leverage such services to spread spam, malware, and stealpersonal information from their victims.In a typical cybercriminal operation, miscreants first infect their victims' machines with malicious software and have themjoin a botnet, which is a network of compromised computers. In the second step,the infected machines are often leveraged to connect to legitimate onlineservices and perform malicious activities.As a consequence, online services receive activity from both legitimate and malicious users. However, while legitimate users use these services for thepurposes they were designed for, malicious parties exploit them for theirillegal actions, which are often linked to an economic gain. In this thesis, I showthat the way in which malicious users and legitimate ones interact with Internetservices presents differences. I then develop mitigation techniques thatleverage such differences to detect and block malicious parties that misuseInternet services.As examples of this research approach, I first study the problem of spammingbotnets, which are misused to send hundreds of millions of spam emails tomailservers spread across the globe. I show that botmasters typically split alist of victim email addresses among their bots, and that it is possible toidentify bots belonging to the same botnet by enumerating the mailservers thatare contacted by IP addresses over time. I developed a system, calledBotMagnifier, which learns the set of mailservers contacted by the bots belongingto a certain botnet, and finds more bots belonging to that same botnet.I then study the problem of misused accounts on online social networks. I firstlook at the problem of fake accounts that are set up by cybercriminals to spreadmalicious content. I study the modus operandi of the cybercriminalscontrolling such accounts, and I then develop a system to automatically flag asocial network accounts as fake. I then look at the problem of legitimateaccounts getting compromised by miscreants, and I present COMPA, a system thatlearns the typical habits of social network users and considers messages thatdeviate from the learned behavior as possible compromises. As a last example, I present EvilCohort, a system that detects communities ofonline accounts that are accessed by the same botnet. EvilCohort works byclustering together accounts that are accessed by a common set of IP addresses,and can work on any online service that requires the use of accounts (socialnetworks, web-based emails, blogs, etc.)
Recommended from our members
Free Culture and the Digital Library Symposium Proceedings 2005
This book of proceedings includes seventeen papers from a symposium held at Emory University. The symposium papers discuss subjects relating to free culture in digital libraries