92,417 research outputs found
VEHICLE-TO-EVERYTHING THREAT PROTECTION USING SECURITY INTELLIGENCE ENGINE AND MULTI-ACCESS EDGE COMPUTING
Techniques are described herein for a threat protection mechanism for Vehicle-to-Everything (V2X) communication channels. This includes shared intelligence at the Multi-access Edge Computing (MEC) function, Security Intelligence Engine (SIE), Original Equipment Manufacturer (OEM) vendors, application providers, and external device vendors. It is capable of securing Vehicle User Entities (V-UEs) simultaneously in real time
WLCG Security Operations Centres Working Group
Security monitoring is an area of considerable interest for sites in the Worldwide LHC
Computing Grid (WLCG), particularly as we move as a community towards the use of
a growing range of computing models and facilities. There is an increasingly large set
of tools available for these purposes, many of which work in concert and use concepts
drawn from the use of analytics for Big Data. The integration of these tools into what
is commonly called a Security Operations Centre (SOC), however, can be a complex task
- the open source project Apache Metron (which at the time of writing is in incubator
stage and is an evolution of the earlier OpenSOC project) is a popular example of one
such integration. At the same time, the necessary scope and rollout of such tools can vary
widely for sites of different sizes and topologies. Nevertheless, the use of such platforms
could be critical for security in modern Grid and Cloud sites across all scientific disciplines.
In parallel, the use and need for threat intelligence sharing is at a key stage and is an
important component of a SOC. Grid and Cloud security is a global endeavour - modern
threats can affect the entire community, and trust between sites is of utmost importance.
Threat intelligence sharing platforms are a vital component to building this trust as well
as propagating useful threat data. The MISP software (Malware Information Sharing
Platform) is a very popular and
exible tool for this purpose, in use at a wide range of
organizations in different domains across the world.
In this context we present the work of the WLCG Security Operations Centres Work-
ing Group, which was created to coordinate activities in these areas across the WLCG.
The mandate of this group includes the development of a scalable SOC reference design
applicable for a range of sites by examining current and prospective SOC projects & tools.
In particular we report on the first work on the deployment of MISP and the Bro Intru-
sion Detection System at a number of WLCG sites as SOC components, including areas
of integration between these tools. We also report on our future roadmap and framework,
which includes the Apache Metron project
Securing the Skies: Cybersecurity Strategies for Smart City Cloud using Various Algorithams
As smart cities continue to evolve, their reliance on cloud computing technologies becomes increasingly apparent, enabling the seamless integration of data-driven services and urban functionalities. However, this transformation also raises concerns about the security of the vast and interconnected cloud infrastructures that underpin these cities' operations. This paper explores the critical intersection of cloud computing and cybersecurity within the context of smart cities.
This research is dealing with challenges posed by the rapid expansion of smart city initiatives and their reliance on cloud-based solutions. It investigates the vulnerabilities that emerge from this technological convergence, emphasizing the potential risks to data privacy, urban services, and citizen well-being. The abstract presents a comprehensive overview of the evolving threat landscape that smart cities face in the realm of cloud computing.
To address these challenges, the abstract highlights the importance of proactive cybersecurity strategies tailored specifically to the unique needs of smart cities. It underscores the significance of adopting a multi-layered approach that encompasses robust encryption protocols, intrusion detection systems, threat intelligence sharing, and collaborative efforts among stakeholders. Drawing insights from existing research and real-world case studies, the abstract showcases innovative solutions that leverage advanced technologies like artificial intelligence and blockchain to fortify the security posture of smart city cloud infrastructures. It explores the role of data governance, user authentication, and anomaly detection in creating a resilient cybersecurity framework that safeguards critical urban systems
Autonomic computing architecture for SCADA cyber security
Cognitive computing relates to intelligent computing platforms that are based on the disciplines of artificial intelligence, machine learning, and other innovative technologies. These technologies can be used to design systems that mimic the human brain to learn about their environment and can autonomously predict an impending anomalous situation. IBM first used the term ‘Autonomic Computing’ in 2001 to combat the looming complexity crisis (Ganek and Corbi, 2003). The concept has been inspired by the human biological autonomic system. An autonomic system is self-healing, self-regulating, self-optimising and self-protecting (Ganek and Corbi, 2003). Therefore, the system should be able to protect itself against both malicious attacks and unintended mistakes by the operator
Adaptive Traffic Fingerprinting for Darknet Threat Intelligence
Darknet technology such as Tor has been used by various threat actors for
organising illegal activities and data exfiltration. As such, there is a case
for organisations to block such traffic, or to try and identify when it is used
and for what purposes. However, anonymity in cyberspace has always been a
domain of conflicting interests. While it gives enough power to nefarious
actors to masquerade their illegal activities, it is also the cornerstone to
facilitate freedom of speech and privacy. We present a proof of concept for a
novel algorithm that could form the fundamental pillar of a darknet-capable
Cyber Threat Intelligence platform. The solution can reduce anonymity of users
of Tor, and considers the existing visibility of network traffic before
optionally initiating targeted or widespread BGP interception. In combination
with server HTTP response manipulation, the algorithm attempts to reduce the
candidate data set to eliminate client-side traffic that is most unlikely to be
responsible for server-side connections of interest. Our test results show that
MITM manipulated server responses lead to expected changes received by the Tor
client. Using simulation data generated by shadow, we show that the detection
scheme is effective with false positive rate of 0.001, while sensitivity
detecting non-targets was 0.016+-0.127. Our algorithm could assist
collaborating organisations willing to share their threat intelligence or
cooperate during investigations.Comment: 26 page
Mining Threat Intelligence about Open-Source Projects and Libraries from Code Repository Issues and Bug Reports
Open-Source Projects and Libraries are being used in software development
while also bearing multiple security vulnerabilities. This use of third party
ecosystem creates a new kind of attack surface for a product in development. An
intelligent attacker can attack a product by exploiting one of the
vulnerabilities present in linked projects and libraries.
In this paper, we mine threat intelligence about open source projects and
libraries from bugs and issues reported on public code repositories. We also
track library and project dependencies for installed software on a client
machine. We represent and store this threat intelligence, along with the
software dependencies in a security knowledge graph. Security analysts and
developers can then query and receive alerts from the knowledge graph if any
threat intelligence is found about linked libraries and projects, utilized in
their products
Autonomic computing meets SCADA security
© 2017 IEEE. National assets such as transportation networks, large manufacturing, business and health facilities, power generation, and distribution networks are critical infrastructures. The cyber threats to these infrastructures have increasingly become more sophisticated, extensive and numerous. Cyber security conventional measures have proved useful in the past but increasing sophistication of attacks dictates the need for newer measures. The autonomic computing paradigm mimics the autonomic nervous system and is promising to meet the latest challenges in the cyber threat landscape. This paper provides a brief review of autonomic computing applications for SCADA systems and proposes architecture for cyber security
- …