5,513 research outputs found
Economic Factors of Vulnerability Trade and Exploitation
Cybercrime markets support the development and diffusion of new attack
technologies, vulnerability exploits, and malware. Whereas the revenue streams
of cyber attackers have been studied multiple times in the literature, no
quantitative account currently exists on the economics of attack acquisition
and deployment. Yet, this understanding is critical to characterize the
production of (traded) exploits, the economy that drives it, and its effects on
the overall attack scenario. In this paper we provide an empirical
investigation of the economics of vulnerability exploitation, and the effects
of market factors on likelihood of exploit. Our data is collected
first-handedly from a prominent Russian cybercrime market where the trading of
the most active attack tools reported by the security industry happens. Our
findings reveal that exploits in the underground are priced similarly or above
vulnerabilities in legitimate bug-hunting programs, and that the refresh cycle
of exploits is slower than currently often assumed. On the other hand,
cybercriminals are becoming faster at introducing selected vulnerabilities, and
the market is in clear expansion both in terms of players, traded exploits, and
exploit pricing. We then evaluate the effects of these market variables on
likelihood of attack realization, and find strong evidence of the correlation
between market activity and exploit deployment. We discuss implications on
vulnerability metrics, economics, and exploit measurement.Comment: 17 pages, 11 figures, 14 table
Towards Realistic Threat Modeling: Attack Commodification, Irrelevant Vulnerabilities, and Unrealistic Assumptions
Current threat models typically consider all possible ways an attacker can
penetrate a system and assign probabilities to each path according to some
metric (e.g. time-to-compromise). In this paper we discuss how this view
hinders the realness of both technical (e.g. attack graphs) and strategic (e.g.
game theory) approaches of current threat modeling, and propose to steer away
by looking more carefully at attack characteristics and attacker environment.
We use a toy threat model for ICS attacks to show how a realistic view of
attack instances can emerge from a simple analysis of attack phases and
attacker limitations.Comment: Proceedings of the 2017 Workshop on Automated Decision Making for
Active Cyber Defens
Baseline Review of the Status and Management of the Caribbean Spiny Lobster Fisheries in the Caricom Region
This report provides a review of the status and management of the Caribbean Spiny Lobster Fisheries in the CARICOM region. It provides a general overview of the habitat requirements and threats to survival of this lobster, along with the distribution and population in each country with Caribbean Spiny Lobster Fisheries. Each country's domestic use, international trade, and conservation and management measures are also reviewed
Climate Science: Is it currently designed to answer questions?
For a variety of inter-related cultural, organizational, and political
reasons, progress in climate science and the actual solution of scientific
problems in this field have moved at a much slower rate than would normally be
possible. Not all these factors are unique to climate science, but the heavy
influence of politics has served to amplify the role of the other factors. Such
factors as the change in the scientific paradigm from a dialectic opposition
between theory and observation to an emphasis on simulation and observational
programs, the inordinate growth of administration in universities and the
consequent increase in importance of grant overhead, and the hierarchical
nature of formal scientific organizations are cosidered. This paper will deal
with the origin of the cultural changes and with specific examples of the
operation and interaction of these factors. In particular, we will show how
political bodies act to control scientific institutions, how scientists adjust
both data and even theory to accommodate politically correct positions, and how
opposition to these positions is disposed of.Comment: 36 pages, no figures. v2: footnotes 16, 19, 20 added, footnote 17
changed, typos corrected. v3: description of John Holdren corrected, expanded
discussion of I=PAT formula, typos corrected. v4: The reference to Deming
(2005) added in v3 stated that a 1995 email in question was from Jonathan
Overpeck. In fact, Deming had left the sender of the email unnamed. The
revision v4 now omits the identification of Overpeck. However, the revision
v4 now includes a more recent and verifiable reference to a 2005 emai
Coastal hunter-gatherers and social evolution: marginal or central?
General accounts of global trends in world prehistory are dominated by narratives of conquest on land: scavenging and hunting of land mammals, migration over land bridges and colonisation of new continents, gathering of plants, domestication, cultivation, and ultimately sustained population growth founded on agricultural surplus. Marine and aquatic resources fit uneasily into this sequence of social and economic development, and societies strongly dependent on them have often been regarded as relatively late in the sequence, geographically marginal or anomalous. We consider the biases and preconceptions of the ethnographic and archaeological records that have contributed to this view of marginality and examine some current issues focusing on the role of marine resources at the Mesolithic-Neolithic transition of northwest Europe. We suggest that pre-existing conventions should be critically re-examined, that coastlines may have played a more significant, widespread and persistent role as zones of attraction for human dispersal, population growth and social interaction than is commonly recognised, and that this has been obscured by hunter-gatherer and farmer stereotypes of prehistoric economies
The Face of Extinction: Are Charismatic Species More Vulnerable To Endangerment?
Conservationists have suggested extinction is non-random; some species are more prone to extinction than others. Multiple traits (e.g., large bodied, long-lived, slow-reproducing, migratory, habitat and/or dietary specialists) have been cited as contributing to the endangerment of species. Due to global anthropogenic demand for wild species (e.g., sport, trade, fashion, medicine, religion, food), I propose charisma as an additional trait of endangerment. This predicts charismatic species are more often targets of direct exploitation than less charismatic species, and that global demand will continue to increase with world population and development. These species represent our most iconic and animated organisms. I quantified charisma through color, ornamentation, and vocalizations in 1609 Old and New World species of passerine and psittaciform birds; this represents approximately 1/6 of all extant avian species worldwide. Color and ornamentation correlate significantly with both exploitation and endangerment, while melodious song, occurring only in passerines, correlates significantly with endangerment only. Mimicry did not appear to have an effect on either exploitation or endangerment. Additionally, an increase in number of variables (e.g., color, ornamentation, mimicry, song), number of colors, and proportion of color increased exploitation and endangerment overall. These charismatic traits, which also represent the exaggerated traits resulting from sexual selection, have been hypothesized as potential contributors to speciation. I propose overexploitation is removing charismatic species from the Earth’s biota as well as negatively influencing speciation rates, thereby accelerating homogenization of global biodiversity. This study might be valuable in identification of species that are potential targets of exploitation, and suggests a need for conservation of charismatic species in the future
Hacker Combat: A Competitive Sport from Programmatic Dueling & Cyberwarfare
The history of humanhood has included competitive activities of many
different forms. Sports have offered many benefits beyond that of
entertainment. At the time of this article, there exists not a competitive
ecosystem for cyber security beyond that of conventional capture the flag
competitions, and the like. This paper introduces a competitive framework with
a foundation on computer science, and hacking. This proposed competitive
landscape encompasses the ideas underlying information security, software
engineering, and cyber warfare. We also demonstrate the opportunity to rank,
score, & categorize actionable skill levels into tiers of capability.
Physiological metrics are analyzed from participants during gameplay. These
analyses provide support regarding the intricacies required for competitive
play, and analysis of play. We use these intricacies to build a case for an
organized competitive ecosystem. Using previous player behavior from gameplay,
we also demonstrate the generation of an artificial agent purposed with
gameplay at a competitive level
- …