Adaptive Traffic Fingerprinting for Darknet Threat Intelligence

Darknet technology such as Tor has been used by various threat actors for organising illegal activities and data exfiltration. As such, there is a case for organisations to block such traffic, or to try and identify when it is used and for what purposes. However, anonymity in cyberspace has always been a domain of conflicting interests. While it gives enough power to nefarious actors to masquerade their illegal activities, it is also the cornerstone to facilitate freedom of speech and privacy. We present a proof of concept for a novel algorithm that could form the fundamental pillar of a darknet-capable Cyber Threat Intelligence platform. The solution can reduce anonymity of users of Tor, and considers the existing visibility of network traffic before optionally initiating targeted or widespread BGP interception. In combination with server HTTP response manipulation, the algorithm attempts to reduce the candidate data set to eliminate client-side traffic that is most unlikely to be responsible for server-side connections of interest. Our test results show that MITM manipulated server responses lead to expected changes received by the Tor client. Using simulation data generated by shadow, we show that the detection scheme is effective with false positive rate of 0.001, while sensitivity detecting non-targets was 0.016+-0.127. Our algorithm could assist collaborating organisations willing to share their threat intelligence or cooperate during investigations.Comment: 26 page

Grid infrastructures for the electronics domain: requirements and early prototypes from an EPSRC pilot project

The fundamental challenges facing future electronics design is to address the decreasing – atomistic - scale of transistor devices and to understand and predict the impact and statistical variability these have on design of circuits and systems. The EPSRC pilot project “Meeting the Design Challenges of nanoCMOS Electronics” (nanoCMOS) which began in October 2006 has been funded to explore this space. This paper outlines the key requirements that need to be addressed for Grid technology to support the various research strands in this domain, and shows early prototypes demonstrating how these requirements are being addressed

Towards Identifying and closing Gaps in Assurance of autonomous Road vehicleS - a collection of Technical Notes Part 1

This report provides an introduction and overview of the Technical Topic Notes (TTNs) produced in the Towards Identifying and closing Gaps in Assurance of autonomous Road vehicleS (Tigars) project. These notes aim to support the development and evaluation of autonomous vehicles. Part 1 addresses: Assurance-overview and issues, Resilience and Safety Requirements, Open Systems Perspective and Formal Verification and Static Analysis of ML Systems. Part 2: Simulation and Dynamic Testing, Defence in Depth and Diversity, Security-Informed Safety Analysis, Standards and Guidelines

Hackers as terrorists? Why it doesn't compute

The bulk of this article is concerned with showing why computer hackers and terrorists are unlikely to form an unholy alliance to engage in so-called cyberterrorism. The remainder of the paper examines why neither hacktivists nor crackers fall easily into the cyberterrorist category eithe

Prospects for large-scale financial systems simulation

As the 21st century unfolds, we find ourselves having to control, support, manage or otherwise cope with large-scale complex adaptive systems to an extent that is unprecedented in human history. Whether we are concerned with issues of food security, infrastructural resilience, climate change, health care, web science, security, or financial stability, we face problems that combine scale, connectivity, adaptive dynamics, and criticality. Complex systems simulation is emerging as the key scientific tool for dealing with such complex adaptive systems. Although a relatively new paradigm, it is one that has already established a track record in fields as varied as ecology (Grimm and Railsback, 2005), transport (Nagel et al., 1999), neuroscience (Markram, 2006), and ICT (Bullock and Cliff, 2004). In this report, we consider the application of simulation methodologies to financial systems, assessing the prospects for continued progress in this line of research

The enemy has passed through the gate: insider threats, the dark triad, and the challenges around security

Purpose – The purpose of this paper is to highlight the potential role that the so-called “toxic triangle” (Padilla et al., 2007) can play in undermining the processes around effectiveness. It is the interaction between leaders, organisational members, and the environmental context in which those interactions occur that has the potential to generate dysfunctional behaviours and processes. The paper seeks to set out a set of issues that would seem to be worthy of further consideration within the Journal and which deal with the relationships between organisational effectiveness and the threats from insiders.<p></p> Design/methodology/approach – The paper adopts a systems approach to the threats from insiders and the manner in which it impacts on organisation effectiveness. The ultimate goal of the paper is to stimulate further debate and discussion around the issues.<p></p> Findings – The paper adds to the discussions around effectiveness by highlighting how senior managers can create the conditions in which failure can occur through the erosion of controls, poor decision making, and the creation of a culture that has the potential to generate failure. Within this setting, insiders can serve to trigger a series of failures by their actions and for which the controls in place are either ineffective or have been by-passed as a result of insider knowledge.<p></p> Research limitations/implications – The issues raised in this paper need to be tested empirically as a means of providing a clear evidence base in support of their relationships with the generation of organisational ineffectiveness.<p></p> Practical implications – The paper aims to raise awareness and stimulate thinking by practising managers around the role that the “toxic triangle” of issues can play in creating the conditions by which organisations can incubate the potential for crisis.<p></p> Originality/value – The paper seeks to bring together a disparate body of published work within the context of “organisational effectiveness” and sets out a series of dark characteristics that organisations need to consider if they are to avoid failure. The paper argues the case that effectiveness can be a fragile construct and that the mechanisms that generate failure also need to be actively considered when discussing what effectiveness means in practice.<p></p&gt

Mapping factors influencing EAI adoption in the local government authorities on different phases of the adoption lifecycle

Several private and public organisations have adopted Enterprise Application Integration (EAI), however, its application in the Local Government Authorities (LGAs) is limited. Although, there exist few EAI adoption models, these models mainly focus on a number of different factors (e.g. benefits, barriers, cost) influencing the decision making process for EAI adoption. Moreover, these models do not illustrate which factor(s) influence the decision making process for EAI adoption on the adoption lifecycle phases. Literature indicates that the adoption process involves a sequence of phases an organisation passes through before taking the decision for adoption. This exemplifies that LGAs may also have to pass through several adoption phases before taking the decision to adopt EAI. However, due to the: (a) multiplicity of diverse EAI adoption factors and (b) not able to recognise which factor(s) influence EAI on adoption lifecycle phases, it may not be easy for LGAs to take decisions to adopt EAI by merely focusing on different factors. This may impede the decision making process for EAI adoption in LGAs. Notwithstanding, the implications of EAI have yet to be assessed, leaving scope for timeliness and novel research. Therefore, it is of high importance to investigate this area within LGAs and result in research that contributes towards successful EAI adoption. This paper makes a step forward as it: (a) investigates and proposes four adoption lifecycle phases, (b) validates the adoption lifecycle phases and (c) mapping the factors influencing EAI adoption on the adoption lifecycle phases, through a case study. Hence, it significantly contributes to the body of knowledge and practice. In doing so, providing sufficient support to the decision makers for speeding up the decision making process for EAI adoption in LGAs

ERP implementation methodologies and frameworks: a literature review

Enterprise Resource Planning (ERP) implementation is a complex and vibrant process, one that involves a combination of technological and organizational interactions. Often an ERP implementation project is the single largest IT project that an organization has ever launched and requires a mutual fit of system and organization. Also the concept of an ERP implementation supporting business processes across many different departments is not a generic, rigid and uniform concept and depends on variety of factors. As a result, the issues addressing the ERP implementation process have been one of the major concerns in industry. Therefore ERP implementation receives attention from practitioners and scholars and both, business as well as academic literature is abundant and not always very conclusive or coherent. However, research on ERP systems so far has been mainly focused on diffusion, use and impact issues. Less attention has been given to the methods used during the configuration and the implementation of ERP systems, even though they are commonly used in practice, they still remain largely unexplored and undocumented in Information Systems research. So, the academic relevance of this research is the contribution to the existing body of scientific knowledge. An annotated brief literature review is done in order to evaluate the current state of the existing academic literature. The purpose is to present a systematic overview of relevant ERP implementation methodologies and frameworks as a desire for achieving a better taxonomy of ERP implementation methodologies. This paper is useful to researchers who are interested in ERP implementation methodologies and frameworks. Results will serve as an input for a classification of the existing ERP implementation methodologies and frameworks. Also, this paper aims also at the professional ERP community involved in the process of ERP implementation by promoting a better understanding of ERP implementation methodologies and frameworks, its variety and history