Моделювання процесів розповсюдження шкідливого програмного забезпечення у комп'ютерних мережах

Об’єктом дослідження є соціальні та комп’ютерні мережі. Предметом дослідження є відповідні моделі та апарат комплексних мереж. Метою роботи є дослідження процесів розповсюдження шкідливого програмного забезпечення, у тому числі мережевих та XSS хробаків, у соціальних та комп’ютерних мережах із використанням апарату комплексних мереж, SIR моделей та клітинкового автомату, а також виявлення особливостей процесу розповсюдження шкідливого коду в комплексних мережах.The object of research is social and computer networks. The subject of research is the relevant models and apparatus of complex networks. The aim of the work is to study the processes of malware distribution, including network and XSS worms, in social and computer networks using the device of complex networks, SIR models and cellular automaton, as well as to identify features of malicious code distribution in complex networks

A Study of Existing Cross-Site Scripting Detection and Prevention Techniques Using XAMPP and VirtualBox

Most operating websites experience a cyber-attack at some point. Cross-site Scripting (XSS) attacks are cited as the top website risk. More than 60 percent of web applications are vulnerable to them, and they ultimately are responsible for over 30 percent of all web application attacks. XSS attacks are complicated, and they often are used in conjunction with social engineering techniques to cause even more damage. Although prevention techniques exist, hackers still find points of vulnerability to launch their attacks. This project explored what XSS attacks are, examples of popular attacks, and ways to detect and prevent them. Using knowledge gained and lessons-learned from analyzing prior XSS incidents, a simulation environment was built using XAMPP and VirtualBox. Four typical XSS attacks were launched in this virtual environment, and their potential to cause significant damage was measured and compared using the Common Vulnerability Scoring System (CVSS) Calculator. Recommendations are offered for approaches to impeding XSS attacks including solutions involving sanitizing data, whitelisting data, implementing a content security policy and statistical analysis tools

Web Server Security and Survey on Web Application Security

A web server is a computer host configured and connected to Internet, for serving the web pages on request. Information on the public web server is accessed by anyone and anywhere on the Internet. Since web servers are open to public access they can be subjected to attempts by hackers to compromise the servers security. Hackers can deface websites and steal data valuable data from systems. This can translate into significant loss of revenue if it is a financial institution or e-commerce site. In the case of corporate or government systems, loss of important data means launch of information espionages or information warfare on their sites. Apart from data loss or theft, web defacement can also result in significant damage to the image of company [1]. The fact that an attacker can strike remotely makes a Web server an appealing target. Understanding threats to Web server and being able to identify appropriate countermeasures permits to anticipate many attacks and thwart the ever-growing numbers of attackers [3]. This work begins by reviewing the most common threats that affect Web servers. It then uses this perspective to find certain countermeasures. A key concept of this work focuses on the survey of most prevailing attacks that occurs due to certain vulnerabilities present in the web technology or programming which are exploited by attackers and also presents general countermeasures. In addition, various methods to detect and prevent those attacks are discussed and highlighted the summary and comparative analysis of the approaches on the basis of different attacks that shows you how to improve Web servers security

Reducing risky security behaviours:utilising affective feedback to educate users

Despite the number of tools created to help end-users reduce risky security behaviours, users are still falling victim to online attacks. This paper proposes a browser extension utilising affective feedback to provide warnings on detection of risky behaviour. The paper provides an overview of behaviour considered to be risky, explaining potential threats users may face online. Existing tools developed to reduce risky security behaviours in end-users have been compared, discussing the success rate of various methodologies. Ongoing research is described which attempts to educate users regarding the risks and consequences of poor security behaviour by providing the appropriate feedback on the automatic recognition of risky behaviour. The paper concludes that a solution utilising a browser extension is a suitable method of monitoring potentially risky security behaviour. Ultimately, future work seeks to implement an affective feedback mechanism within the browser extension with the aim of improving security awareness

Mathematical Modeling of worm infection on computer in a Network: Case study in the Computer Laboratory, Mathematics Department, Diponegoro University, Indonesia

Worm infection were an infection that attack a computer, it work by multiplied itself after got into a computer and made it over work and caused a computer to slowing down. Worm spreading infection describe by nonlinear mathematic model form with VEISV (Vulnerable, Exposed, Infected, Secured) as the model. Worm free equilibrium and endemic equilibrium were calculated to obtain the stability analysis, and numeric solution were performed using data from Computer Laboratory, Mathematics Department of Faculty of Sciences and Mathematics, Diponegoro University using Runge-Kutta fourth-order method. From the result of stability analysis we obtained that worm free equilibrium were not stable and endemic equilibrium were locally asymptotically stable, and from the result of numeric solution every class proportion from model were obtained

Cyber Security Concerns in Social Networking Service

Today’s world is unimaginable without online social networks. Nowadays, millions of people connect with their friends and families by sharing their personal information with the help of different forms of social media. Sometimes, individuals face different types of issues while maintaining the multimedia contents like, audios, videos, photos because it is difficult to maintain the security and privacy of these multimedia contents uploaded on a daily basis. In fact, sometimes personal or sensitive information could get viral if that leaks out even unintentionally. Any leaked out content can be shared and made a topic of popular talk all over the world within few seconds with the help of the social networking sites. In the setting of Internet of Things (IoT) that would connect millions of devices, such contents could be shared from anywhere anytime. Considering such a setting, in this work, we investigate the key security and privacy concerns faced by individuals who use different social networking sites differently for different reasons. We also discuss the current state-of-the-art defense mechanisms that can bring somewhat long-term solutions to tackling these threats

Cybersecurity, an approach via Pentesting; Ciberseguretat, una aproximació via Pentesting

This work is an approach to pentesting, an area of cybersecurity that consists of attacking computer environments to discover and exploit vulnerabilities, with the ultimate goal of documenting the attack and being able to gather information about the security of the system. A review of the basic concepts of information security and cybersecurity is included, i.e. types of malware such as viruses or Trojans, possible vulnerabilities such as 0- day or cross-site scripting (XSS) and finally concepts such as social engineering or brute force attacks. The details of the Kali Linux GNU/Linux distribution are described and some com mands and recommendations for optimizing pentesting are presented. The study of pentesting covers the legal bases, types, phases of execution, the most common tools and the OWASP organization and its role. As a practical part, a series of attack vectors are detailed with real examples and a pentesting test is performed on a machine in a controlled environment.Aquest treball és una aproximació al pentesting, una àrea de ciberseguretat que con sisteix en atacar entorns informàtics per descobrir i explotar vulnerabilitats, amb l’objectiu final de documentar l’atac i poder recopilar informació sobre la seguretat del sistema. S’inclou una revisió dels conceptes bàsics de seguretat de la informació i ciberse guretat, és a dir, tipus de malware com virus o troians, possibles vulnerabilitats com ara les 0-day o els cross-site scripting (XSS) i finalment conceptes com l’enginyeria social o els atacs de força bruta. Es descriuen els detalls de la distribució de Kali Linux de GNU/Linux i es presenten algunes ordres i recomanacions per optimitzar el pentesting. L’estudi de pentesting tracta les seves bases legals, els tipus, les fases d’execució, les eines més comunes, l’organització OWASP i el seu rol. Com a part pràctica, es detallen una sèrie de vectors d’atac amb exemples reals i es realitza una prova de pentesting en una màquina en un entorn controlat