4,052 research outputs found
OnionBots: Subverting Privacy Infrastructure for Cyber Attacks
Over the last decade botnets survived by adopting a sequence of increasingly
sophisticated strategies to evade detection and take overs, and to monetize
their infrastructure. At the same time, the success of privacy infrastructures
such as Tor opened the door to illegal activities, including botnets,
ransomware, and a marketplace for drugs and contraband. We contend that the
next waves of botnets will extensively subvert privacy infrastructure and
cryptographic mechanisms. In this work we propose to preemptively investigate
the design and mitigation of such botnets. We first, introduce OnionBots, what
we believe will be the next generation of resilient, stealthy botnets.
OnionBots use privacy infrastructures for cyber attacks by completely
decoupling their operation from the infected host IP address and by carrying
traffic that does not leak information about its source, destination, and
nature. Such bots live symbiotically within the privacy infrastructures to
evade detection, measurement, scale estimation, observation, and in general all
IP-based current mitigation techniques. Furthermore, we show that with an
adequate self-healing network maintenance scheme, that is simple to implement,
OnionBots achieve a low diameter and a low degree and are robust to
partitioning under node deletions. We developed a mitigation technique, called
SOAP, that neutralizes the nodes of the basic OnionBots. We also outline and
discuss a set of techniques that can enable subsequent waves of Super
OnionBots. In light of the potential of such botnets, we believe that the
research community should proactively develop detection and mitigation methods
to thwart OnionBots, potentially making adjustments to privacy infrastructure.Comment: 12 pages, 8 figure
Adversarial behaviours knowledge area
The technological advancements witnessed by our society in recent decades have brought
improvements in our quality of life, but they have also created a number of opportunities for
attackers to cause harm. Before the Internet revolution, most crime and malicious activity
generally required a victim and a perpetrator to come into physical contact, and this limited
the reach that malicious parties had. Technology has removed the need for physical contact
to perform many types of crime, and now attackers can reach victims anywhere in the world, as long as they are connected to the Internet. This has revolutionised the characteristics of crime and warfare, allowing operations that would not have been possible before. In this document, we provide an overview of the malicious operations that are happening on the Internet today. We first provide a taxonomy of malicious activities based on the attacker’s motivations and capabilities, and then move on to the technological and human elements that adversaries require to run a successful operation. We then discuss a number of frameworks that have been proposed to model malicious operations. Since adversarial behaviours are not a purely technical topic, we draw from research in a number of fields (computer science, criminology, war studies). While doing this, we discuss how these frameworks can be used by researchers and practitioners to develop effective mitigations against malicious online operations.Published versio
Multi-Layer Cyber-Physical Security and Resilience for Smart Grid
The smart grid is a large-scale complex system that integrates communication
technologies with the physical layer operation of the energy systems. Security
and resilience mechanisms by design are important to provide guarantee
operations for the system. This chapter provides a layered perspective of the
smart grid security and discusses game and decision theory as a tool to model
the interactions among system components and the interaction between attackers
and the system. We discuss game-theoretic applications and challenges in the
design of cross-layer robust and resilient controller, secure network routing
protocol at the data communication and networking layers, and the challenges of
the information security at the management layer of the grid. The chapter will
discuss the future directions of using game-theoretic tools in addressing
multi-layer security issues in the smart grid.Comment: 16 page
Contested Deployment
As indicated in the 2018 National Defense Strategy and evolving Multi-Domain Operations doctrine, the assumption the homeland will provide a secure space for mobilization and deployment is no longer valid. This integrated research project goes beyond affirming this assumption and contributes to efforts to mitigate the concerns a contested deployment entails.
Following the introductory chapter, Chapter 2, “Army Deployments in a Contested Homeland: A Framework for Protection,” explores how current coordination and cooperation mechanisms between the DoD and state and local government may need realignment, with civil authorities preparing themselves to support military mobilization. Chapter 3, “Strategic Seaports and National Defense in a Contested Environment,” examines the 22 strategic seaports across the United States, identifying issues with throughput, structural integrity, security, readiness, funding, and authorities. Chapter 4, “Single Point of Failure,” identifies how strict adherence to a business efficiency model for munition production and distribution may jeopardize the successful employment of military forces. Chapter 5, “The Interstate Highway System: Reinvestment Needed before a Contested Deployment,” provides the status of the deteriorating road network and explains how associated vulnerabilities could be exploited by an adversary. The two appendices provide points for consideration on cyberattacks and defense and the impacts a full mobilization of reserve forces would have on the homeland.https://press.armywarcollege.edu/monographs/1944/thumbnail.jp
A cyber-security framework for development, defense and innovation at NATO
The article is of strategic nature. It projects the importance of cyber-security as policy, while reflecting the need for enhancing constantly NATO’s (North Atlantic Treaty Organization) cyber-dimensional strategy, management, and operations. There is a policy need for constant innovation and entrepreneurship in security, one that reflects also NATO’s practical needs; its security resilience and business continuity. At a time of strategic challenges and policy recommendations, the production of this article is timely. It examines NATOs Heads of States and Governments decision of the Brussels Summit meeting on Cyber Security that was held in July 2018. The article proposes a framework of strategic re-alignment, with a stronger eye toward practical innovation and entrepreneurship; practicality in operational management, while enhancing political cooperation and tactical/strategic preparation for field operations. The aim, design, and setting of this article explicitly and methodologically evaluates NATO’s security and cyber-security options to come for the near future. The article integrates and proposes a new design for a new format of collective defense. The article considers cyber-defense as key tool for current and future operational and network centric operations. The article enables us to comprehend better the Alliance’ global and regional needs the framework of current and future defense, requesting at the same time for a holistic approach to innovation and entrepreneurship, while new geostrategic and geo-economic challenges emerge
Recommended from our members
The THREAT-ARREST Cyber-Security Training Platform
Cyber security is always a main concern for critical infrastructures and nation-wide safety and sustainability. Thus, advanced cyber ranges and security training is becoming imperative for the involved organizations. This paper presets a cyber security training platform, called THREAT-ARREST. The various platform modules can analyze an organization’s system, identify the most critical threats, and tailor a training program to its personnel needs. Then, different training programmes are created based on the trainee types (i.e. administrator, simple operator, etc.), providing several teaching procedures and accomplishing diverse learning goals. One of the main novelties of THREAT-ARREST is the modelling of these programmes along with the runtime monitoring, management, and evaluation operations. The platform is generic. Nevertheless, its applicability in a smart energy case study is detailed
- …