10,143 research outputs found
Survival in the e-conomy: 2nd Australian information warfare & security conference 2001
This is an international conference for academics and industry specialists in information warfare, security, and other related fields. The conference has drawn participants from national and international organisations
Intrusion detection and management over the world wide web
As the Internet and society become ever more integrated so the number of Internet users continues to grow. Today there are 1.6 billion Internet users. They use its services to work from home, shop for gifts, socialise with friends, research the family holiday and manage their finances. Through generating both wealth and employment the Internet and our economies have also become interwoven. The growth of the Internet has attracted hackers and organised criminals. Users are targeted for financial gain through malware and social engineering attacks. Industry has responded to the growing threat by developing a range defences: antivirus software, firewalls and intrusion detection systems are all readily available. Yet the Internet security problem continues to grow and Internet crime continues to thrive. Warnings on the latest application vulnerabilities, phishing scams and malware epidemics are announced regularly and serve to heighten user anxiety. Not only are users targeted for attack but so too are businesses, corporations, public utilities and even states. Implementing network security remains an error prone task for the modern Internet user. In response this thesis explores whether intrusion detection and management can be effectively offered as a web service to users in order to better protect them and heighten their awareness of the Internet security threat
Dissection of Modern Malicious Software
The exponential growth of the number of malicious software samples, known by malware in
the specialized literature, constitutes nowadays one of the major concerns of cyber-security
professionals. The objectives of the creators of this type of malware are varied, and the means
used to achieve them are getting increasingly sophisticated. The increase of the computation
and storage resources, as well as the globalization have been contributing to this growth, and
fueling an entire industry dedicated to developing, selling and improving systems or solutions for
securing, recovering, mitigating and preventing malware related incidents. The success of these
systems typically depends of detailed analysis, often performed by humans, of malware samples
captured in the wild. This analysis includes the search for patterns or anomalous behaviors that
may be used as signatures to identify or counter-attack these threats.
This Master of Science (Ms.C.) dissertation addresses problems related with dissecting and analyzing
malware. The main objectives of the underlying work were to study and understand the
techniques used by this type of software nowadays, as well as the methods that are used by
specialists on that analysis, so as to conduct a detailed investigation and produce structured
documentation for at least one modern malware sample. The work was mostly focused in malware
developed for the Operating Systems (OSs) of the Microsoft Windows family for desktops.
After a brief study of the state of the art, the dissertation presents the classifications applied to
malware, which can be found in the technical literature on the area, elaborated mainly by an
industry community or seller of a security product. The structuring of the categories is nonetheless
the result of an effort to unify or complete different classifications. The families of some of
the most popular or detected malware samples are also presented herein, initially in a tabular
form and, subsequently, via a genealogical tree, with some of the variants of each previously
described family. This tree provides an interesting perspective over malware and is one of the
contributions of this programme.
Within the context of the description of functionalities and behavior of malware, some advanced
techniques, with which modern specimens of this type of software are equipped to ease their
propagation and execution, while hindering their detection, are then discussed with more detail.
The discussion evolves to the presentation of the concepts related to the detection and defense
against modern malware, along with a small introduction to the main subject of this work. The
analysis and dissection of two samples of malware is then the subject of the final chapters of the
dissertation. A basic static analysis is performed to the malware known as Stuxnet, while the
Trojan Banker known as Tinba/zuzy is subdued to both basic and advanced dynamic analysis.
The results of this part of the work emphasize difficulties associated with these tasks and the
sophistication and dangerous level of samples under investigation.O crescimento exponencial do número de amostras de software malicioso, conhecido na gíria
informática como malware, constitui atualmente uma das maiores preocupações dos profissionais
de cibersegurança. São vários os objetivos dos criadores deste tipo de software e a forma
cada vez mais sofisticada como os mesmos são alcançados. O aumento da computação e capacidade
de armazenamento, bem como a globalização, têm contribuído para este crescimento, e
têm alimentado toda uma indústria dedicada ao desenvolvimento, venda e melhoramento de
sistemas ou soluções de segurança, recuperação, mitigação e prevenção de incidentes relacionados
com malware. O sucesso destes sistemas depende normalmente da análise detalhada, feita
muitas vezes por humanos, de peças de malware capturadas no seu ambiente de atuação. Esta
análise compreende a procura de padrões ou de comportamentos anómalos que possam servir
de assinatura para identificar ou contra-atacar essas ameaças.
Esta dissertação aborda a problemática da análise e dissecação de malware. O trabalho que
lhe está subjacente tinha como objetivos estudar e compreender as técnicas utilizadas por este
tipo de software hoje em dia, bem como as que são utilizadas por especialistas nessa análise,
de forma a conduzir uma investigação detalhada e a produzir documentação estruturada sobre
pelo menos uma amostra de malware moderna. O trabalho focou-se, sobretudo, em malware
desenvolvido para os sistemas operativos da família Microsoft Windows para computadores de
secretária. Após um breve estudo ao estado da arte, a dissertação apresenta as classificações
de malware encontradas na literatura técnica da especialidade, principalmente usada pela indústria,
resultante de um esforço de unificação das mesmas. São também apresentadas algumas
das famílias de malware mais detetadas da atualidade, inicialmente através de uma tabela e,
posteriormente, através de uma árvore geneológica, com algumas das variantes de cada uma das
famílias descritas previamente. Esta árvore fornece uma perspetiva interessante sobre malware
e constitui uma das contribuições deste programa de mestrado.
Ainda no âmbito da descrição de funcionalidades e comportamentos do malware, são expostas,
com algum detalhe, algumas técnicas avançadas com as quais os programas maliciosos mais
modernos são por vezes munidos com o intuito a facilitar a sua propagação e execução, dificultando
a sua deteção. A descrição evolui para a apresentação dos conceitos adjacentes à deteção
e combate ao malware moderno, assim como para uma pequena introdução ao tema principal
deste trabalho. A análise e dissecação de duas amostras de malware moderno surgem nos capítulos
finais da dissertação. Ao malware conhecido por Stuxnet é feita a análise básica estática,
enquanto que ao Trojan Banker Tinba/zusy é feita e demonstrada a análise dinâmica básica e
avançada. Os resultados desta parte são demonstrativos do grau de sofisticação e perigosidade
destas amostras e das dificuldades associadas a estas tarefas
Assessing and augmenting SCADA cyber security: a survey of techniques
SCADA systems monitor and control critical infrastructures of national importance such as power generation and distribution, water supply, transportation networks, and manufacturing facilities. The pervasiveness, miniaturisations and declining costs of internet connectivity have transformed these systems from strictly isolated to highly interconnected networks. The connectivity provides immense benefits such as reliability, scalability and remote connectivity, but at the same time exposes an otherwise isolated and secure system, to global cyber security threats. This inevitable transformation to highly connected systems thus necessitates effective security safeguards to be in place as any compromise or downtime of SCADA systems can have severe economic, safety and security ramifications. One way to ensure vital asset protection is to adopt a viewpoint similar to an attacker to determine weaknesses and loopholes in defences. Such mind sets help to identify and fix potential breaches before their exploitation. This paper surveys tools and techniques to uncover SCADA system vulnerabilities. A comprehensive review of the selected approaches is provided along with their applicability
Challenges in Complex Systems Science
FuturICT foundations are social science, complex systems science, and ICT.
The main concerns and challenges in the science of complex systems in the
context of FuturICT are laid out in this paper with special emphasis on the
Complex Systems route to Social Sciences. This include complex systems having:
many heterogeneous interacting parts; multiple scales; complicated transition
laws; unexpected or unpredicted emergence; sensitive dependence on initial
conditions; path-dependent dynamics; networked hierarchical connectivities;
interaction of autonomous agents; self-organisation; non-equilibrium dynamics;
combinatorial explosion; adaptivity to changing environments; co-evolving
subsystems; ill-defined boundaries; and multilevel dynamics. In this context,
science is seen as the process of abstracting the dynamics of systems from
data. This presents many challenges including: data gathering by large-scale
experiment, participatory sensing and social computation, managing huge
distributed dynamic and heterogeneous databases; moving from data to dynamical
models, going beyond correlations to cause-effect relationships, understanding
the relationship between simple and comprehensive models with appropriate
choices of variables, ensemble modeling and data assimilation, modeling systems
of systems of systems with many levels between micro and macro; and formulating
new approaches to prediction, forecasting, and risk, especially in systems that
can reflect on and change their behaviour in response to predictions, and
systems whose apparently predictable behaviour is disrupted by apparently
unpredictable rare or extreme events. These challenges are part of the FuturICT
agenda
- …