A Review on Distributed Denial of Service Attack On Network Traffic

Distributed Denial of Service (DDoS) attacks is the most difficult issues for network security. The attacker utilizes vast number of traded off hosts to dispatch attack on victim. Different DDoS defense components go for distinguishing and keeping the attack traffic. The adequacy relies upon the purpose of sending. The reason for this paper is to examine different detection and defense mechanism, their execution and deployment attributes. This helps in understanding which barrier ought to be sent under what conditions and at what areas

The Guilty (Silicon) Mind: Blameworthiness and Liability in Human-Machine Teaming

As human science pushes the boundaries towards the development of artificial intelligence (AI), the sweep of progress has caused scholars and policymakers alike to question the legality of applying or utilising AI in various human endeavours. For example, debate has raged in international scholarship about the legitimacy of applying AI to weapon systems to form lethal autonomous weapon systems (LAWS). Yet the argument holds true even when AI is applied to a military autonomous system that is not weaponised: how does one hold a machine accountable for a crime? What about a tort? Can an artificial agent understand the moral and ethical content of its instructions? These are thorny questions, and in many cases these questions have been answered in the negative, as artificial entities lack any contingent moral agency. So what if the AI is not alone, but linked with or overseen by a human being, with their own moral and ethical understandings and obligations? Who is responsible for any malfeasance that may be committed? Does the human bear the legal risks of unethical or immoral decisions by an AI? These are some of the questions this manuscript seeks to engage with

Ethical Issues in cybersecurity: employing red teams, responding to ransomware attacks and attempting botnet takedowns

The following four research questions are analysed in this thesis: What are the ethical issues that arise in cybersecurity in the business domain? Is it ethically appropriate for organisations to employ red teams to find security vulnerabilities? What is the ethically appropriate organisational response to a ransomware attack? Is it ethically appropriate for organisations to attempt a botnet takedown in response to a DDoS attack? The first research question is answered by way of a literature review which reveals that many ethical issues arise in cybersecurity in the business domain. The second, third and fourth research questions are analysed using a strategic method described by Robert A Phillips. This method, based on stakeholder theory and the political theory of John Rawls, provides a philosophical basis for stakeholder legitimacy and the prioritisation of stakeholders’ interests should conflict of interests amongst stakeholders arise. This method can be replicated by decision-makers to determine ethically appropriate courses of action to take

Best practices in cloud-based Penetration Testing

This thesis addresses and defines best practices in cloud-based penetration testing. The aim of this thesis is to give guidance for penetration testers how cloud-based penetration testing differs from traditional penetration testing and how certain aspects are limited compared to traditional penetration testing. In addition, this thesis gives adequate level of knowledge to reader what are the most important topics to consider when organisation is ordering a penetration test of their cloud-based systems or applications. The focus on this thesis is the three major cloud service providers (Microsoft Azure, Amazon AWS, and Google Cloud Platform). The purpose of this research is to fill the gap in scientific literature about guidance for cloud-based penetration testing for testers and organisations ordering penetration testing. This thesis contains both theoretical and empirical methods. The result of this thesis is focused collection of best practices for penetration tester, who is conducting penetration testing for cloud-based systems. The lists consist of topics focused on planning and execution of penetration testing activities

Evolving attackers against wireless sensor networks using genetic programming

Recent hardware developments have made it possible for the Internet of Things (IoT) to be built. A wide variety of industry sectors, including manufacturing, utilities, agriculture, transportation, and healthcare are actively seeking to incorporate IoT technologies in their operations. The increased connectivity and data sharing that give IoT systems their advantages also increase their vulnerability to attack. In this study, the authors explore the automated generation of attacks using genetic programming (GP), so that defences can be tested objectively in advance of deployment. In the authors' system, the GP-generated attackers targeted publish-subscribe communications within a wireless sensor networks that was protected by an artificial immune intrusion detection system (IDS) taken from the literature. The GP attackers successfully suppressed more legitimate messages than the hand-coded attack used originally to test the IDS, whilst reducing the likelihood of detection. Based on the results, it was possible to reconfigure the IDS to improve its performance. Whilst the experiments were focussed on establishing a proof-of-principle rather than a turnkey solution, they indicate that GP-generated attackers have the potential to improve the protection of systems with large attack surfaces, in a way that is complementary to traditional testing and certification

A Survey of Adversarial Machine Learning in Cyber Warfare

The changing nature of warfare has seen a paradigm shift from the conventional to asymmetric, contactless warfare such as information and cyber warfare. Excessive dependence on information and communication technologies, cloud infrastructures, big data analytics, data-mining and automation in decision making poses grave threats to business and economy in adversarial environments. Adversarial machine learning is a fast growing area of research which studies the design of Machine Learning algorithms that are robust in adversarial environments. This paper presents a comprehensive survey of this emerging area and the various techniques of adversary modelling. We explore the threat models for Machine Learning systems and describe the various techniques to attack and defend them. We present privacy issues in these models and describe a cyber-warfare test-bed to test the effectiveness of the various attack-defence strategies and conclude with some open problems in this area of research.

Intelligent network intrusion detection using an evolutionary computation approach

With the enormous growth of users\u27 reliance on the Internet, the need for secure and reliable computer networks also increases. Availability of effective automatic tools for carrying out different types of network attacks raises the need for effective intrusion detection systems. Generally, a comprehensive defence mechanism consists of three phases, namely, preparation, detection and reaction. In the preparation phase, network administrators aim to find and fix security vulnerabilities (e.g., insecure protocol and vulnerable computer systems or firewalls), that can be exploited to launch attacks. Although the preparation phase increases the level of security in a network, this will never completely remove the threat of network attacks. A good security mechanism requires an Intrusion Detection System (IDS) in order to monitor security breaches when the prevention schemes in the preparation phase are bypassed. To be able to react to network attacks as fast as possible, an automatic detection system is of paramount importance. The later an attack is detected, the less time network administrators have to update their signatures and reconfigure their detection and remediation systems. An IDS is a tool for monitoring the system with the aim of detecting and alerting intrusive activities in networks. These tools are classified into two major categories of signature-based and anomaly-based. A signature-based IDS stores the signature of known attacks in a database and discovers occurrences of attacks by monitoring and comparing each communication in the network against the database of signatures. On the other hand, mechanisms that deploy anomaly detection have a model of normal behaviour of system and any significant deviation from this model is reported as anomaly. This thesis aims at addressing the major issues in the process of developing signature based IDSs. These are: i) their dependency on experts to create signatures, ii) the complexity of their models, iii) the inflexibility of their models, and iv) their inability to adapt to the changes in the real environment and detect new attacks. To meet the requirements of a good IDS, computational intelligence methods have attracted considerable interest from the research community. This thesis explores a solution to automatically generate compact rulesets for network intrusion detection utilising evolutionary computation techniques. The proposed framework is called ESR-NID (Evolving Statistical Rulesets for Network Intrusion Detection). Using an interval-based structure, this method can be deployed for any continuous-valued input data. Therefore, by choosing appropriate statistical measures (i.e. continuous-valued features) of network trafc as the input to ESRNID, it can effectively detect varied types of attacks since it is not dependent on the signatures of network packets. In ESR-NID, several innovations in the genetic algorithm were developed to keep the ruleset small. A two-stage evaluation component in the evolutionary process takes the cooperation of rules into consideration and results into very compact, easily understood rulesets. The effectiveness of this approach is evaluated against several sources of data for both detection of normal and abnormal behaviour. The results are found to be comparable to those achieved using other machine learning methods from both categories of GA-based and non-GA-based methods. One of the significant advantages of ESR-NIS is that it can be tailored to specific problem domains and the characteristics of the dataset by the use of different fitness and performance functions. This makes the system a more flexible model compared to other learning techniques. Additionally, an IDS must adapt itself to the changing environment with the least amount of configurations. ESR-NID uses an incremental learning approach as new flow of traffic become available. The incremental learning approach benefits from less required storage because it only keeps the generated rules in its database. This is in contrast to the infinitely growing size of repository of raw training data required for traditional learning

Cyber-security training: A comparative analysis of cyber-ranges and emerging trends

Οι επιθέσεις στον κυβερνοχώρο γίνονται όλο και πιο προηγμένες και δύσκολα ανιχνεύσιμες, προέρχονται από ποικίλες πήγες και πραγματοποιούνται λαμβάνοντας πολλαπλές διαστάσεις και παίρνοντας διάφορες μορφές. Η ανάγκη οικοδόμησης και πειραματισμού σε προηγμένους μηχανισμούς ασφάλειας στον κυβερνοχώρο, καθώς και η συνεχής κατάρτιση με τη χρήση σύγχρονων μεθοδολογιών, τεχνικών και ενημερωμένων ρεαλιστικών σεναρίων είναι ζωτικής σημασίας. Τα Cyber Ranges μπορούν να προσφέρουν το περιβάλλον μέσα στο οποίο οι ιδικοί και επαγγελματίες στον τομέα της ασφάλειας στον κυβερνοχώρο μπορούν να εφαρμόσουν τεχνικές και δεξιότητες και να εκπαιδεύονται σε προσομοιώσεις σύνθετων δικτύων μεγάλης κλίμακας, προκειμένου να ανταποκριθούν σε πραγματικά σενάρια επίθεσης στον κυβερνοχώρο. Επιπλέον, μπορούν να προσομοιώσουν ένα περιβάλλον για τους επαγγελματίες της ασφάλειας πληροφοριών, να αξιολογήσουν τις διαδικασίες χειρισμού και αντιμετώπισης περιστατικών και να δοκιμάσουν νέες τεχνολογίες, προκειμένου να βοηθήσουν στην πρόληψη επιθέσεων στον κυβερνοχώρο. Κύριος σκοπός της παρούσας εργασίας είναι να περιγράψει τις λειτουργίες διαφόρων Cyber Ranges και να τονίσει τα κύρια δομικά στοιχεία και γνωρίσματα τους, να παρουσιάσει την υψηλού επιπέδου αρχιτεκτονική ενός υπερσύγχρονου Cyber Range και ταυτόχρονα να ταξινομήσει τα χαρακτηριστικά των υπό ανάλυση Cyber Ranges σύμφωνα με τα χαρακτηριστικά του προτεινόμενου.Cyber-attacks are becoming stealthier and more sophisticated can stem from various sources, using multiple vectors and taking different forms. The need for building and experimenting on advanced cyber-security mechanisms, as well as continuous training using state-of-the-art methodologies, techniques and up-to-date realistic scenarios is vital. Cyber Ranges can provide the environment where cyber-security experts and professionals can practice technical and soft skills and be trained on emulated large-scale complex networks in the way to respond to real-world cyber-attack scenarios. Furthermore, they can simulate an environment for information security professionals, to evaluate incident handling and response procedures and to test new technologies, in order to help prevent cyber-attacks. The main objective of this paper is to describe the functionalities of various Cyber Ranges and to highlight their key components and characteristics, to demonstrate a high-level architecture of a state-of-the-art Cyber Range while classifying the features of the reviewed Cyber Ranges according to the attributes of the proposed one