From cyber-security deception to manipulation and gratification through gamification

Over the last two decades the field of cyber-security has experienced numerous changes associated with the evolution of other fields, such as networking, mobile communications, and recently the Internet of Things (IoT) [3]. Changes in mindsets have also been witnessed, a couple of years ago the cyber-security industry only blamed users for their mistakes often depicted as the number one reason behind security breaches. Nowadays, companies are empowering users, modifying their perception of being the weak link, into being the center-piece of the network design [4]. Users are by definition "in control" and therefore a cyber-security asset. Researchers have focused on the gamification of cyber- security elements, helping users to learn and understand the concepts of attacks and threats, allowing them to become the first line of defense to report anoma- lies [5]. However, over the past years numerous infrastructures have suffered from malicious intent, data breaches, and crypto-ransomeware, clearly showing the technical "know-how" of hackers and their ability to bypass any security in place, demonstrating that no infrastructure, software or device can be consid- ered secure. Researchers concentrated on the gamification, learning and teaching theory of cyber-security to end-users in numerous fields through various techniques and scenarios to raise cyber-situational awareness [2][1]. However, they overlooked the users’ ability to gather information on these attacks. In this paper, we argue that there is an endemic issue in the the understanding of hacking practices leading to vulnerable devices, software and architectures. We therefore propose a transparent gamification platform for hackers. The platform is designed with hacker user-interaction and deception in mind enabling researchers to gather data on the techniques and practices of hackers. To this end, we developed a fully extendable gamification architecture allowing researchers to deploy virtualised hosts on the internet. Each virtualised hosts contains a specific vulnerability (i.e. web application, software, etc). Each vulnerability is connected to a game engine, an interaction engine and a scoring engine

Fear and perceived likelihood of victimization in the traditional and cyber settings

This study considers the influence of perceived likelihood, demographics (gender and education) and personality on fear of victimization and cyber-victimization using a survey design (N=159). The results suggest that perceived likelihood of victimization predicts fear of victimization in traditional contexts. Women tend to be more fearful of victimization in traditional and cyber contexts, confirming previous research. No group differences emerged in relation to education. Self-esteem and self-efficacy were not significant predictors of fear or perceived likelihood of victimization. However, perceived likelihood was a significant predictor of fear of victimization in traditional settings. This may suggest that different variables (such as awareness of vulnerability) may play a role in fear of victimization in cyber settings. Further group comparisons revealed that fear of victimization and cybervictimization depended on whether or not participants reported high or low perceived likelihood of victimization and internet use. Higher internet use was associated with greater fear of victimization, especially in combination with greater perceived likelihood of victimization. This may suggest an exposure effect, in that being online more frequently may also increase awareness of cyber incidents

Efficient Computations of a Security Index for False Data Attacks in Power Networks

The resilience of Supervisory Control and Data Acquisition (SCADA) systems for electric power networks for certain cyber-attacks is considered. We analyze the vulnerability of the measurement system to false data attack on communicated measurements. The vulnerability analysis problem is shown to be NP-hard, meaning that unless $P = NP$ there is no polynomial time algorithm to analyze the vulnerability of the system. Nevertheless, we identify situations, such as the full measurement case, where it can be solved efficiently. In such cases, we show indeed that the problem can be cast as a generalization of the minimum cut problem involving costly nodes. We further show that it can be reformulated as a standard minimum cut problem (without costly nodes) on a modified graph of proportional size. An important consequence of this result is that our approach provides the first exact efficient algorithm for the vulnerability analysis problem under the full measurement assumption. Furthermore, our approach also provides an efficient heuristic algorithm for the general NP-hard problem. Our results are illustrated by numerical studies on benchmark systems including the IEEE 118-bus system

Analisis Dan Mitigasi Celah Keamanan Website SIMPKN Informatika Menggunakan Metode Owasp Zed Attack Proxy (ZAP)

In today's technological developments, there are a variety of conveniences in processing information data that make it easier for every individual to build a website. Websites are one of the most common platforms for delivering information and services over the Internet. Even today, Websites are widely used in essential services, but this widespread use makes Websites popular targets for various threats in the form of cyber attacks. Although most technologies have been developed to protect websites and at least minimize cyber attacks, little has been done to establish the relationship between these technologies and provide a comprehensive picture of website application security research. To check website security vulnerabilities, you can use the OWASP (Open Web Application Security Project) method. One OWASP method that can analyze website vulnerabilities thoroughly is OWASP ZAP (Zed Attack Proxy). And not only analyzing website vulnerabilities but also providing security assessments on websites with OWASP Risk Rating which makes it easier to carry out mitigation on websites. This can provide recommendations for further improvements and can be implemented by system developers. This research aims to analyze the security vulnerabilities of the Muhammadiyah University of Malang SIMPKN Informatics Website using the OWASP ZAP method to obtain information from vulnerability testing results, assess the level of vulnerability through vulnerability testing results, and mitigate the Muhammadiyah Malang University SIMPKN Informatics Website to prevent attacks from occurring

Two theoretical dimensions of the cyber hate crime

The impact and relationship between technologies and society establish the development of certain adaptive models, based on coexistence (Human-information-Machine), as well as several behavioral and cognitive changes of the human being, and new models of influence and social control through ubiquitous communication. which is the basis of a new social units called "virtual communities". The rupture of social norms that accompanies rapid social change, and subsequently the appearance of sub-cultural values establishes gaining status of participation in criminal activities, the components of social unites in general conform to social norms by social ties. the individuals or groups see themselves unfairly disadvantaged compared to other similar individuals, within physical-cybernetic ecosystem environment, which supports the interconnection and transformation of social phenomenon of digital dimension, with several implications in cyber hate crime. Thereby establishing the theoretical basis for further research looking which social vulnerability, identify the trajectory of the massive vector of impact "Information", which is a component of social cybernetics from the following three dimensions: (P) Propagation - (R) Replica - (C) Control called the "Cyber Hate Crime Pathway" that links hate crimes within the cyber-physical ecosystem, and where different types of social vulnerability are established. This study incorporates an epistemology approach of the relation between social and cybernetic theories, that will allow establishing a scientific base for future research in the field of new phenomena that will continue to appear within the Physical-Cybernetic ecosystem. It will also allow the contributions and implications to science derived from the product of this research establish a global holistic field applied to criminal justice system, academic and the new entities of social cybernetic

Machine-assisted Cyber Threat Analysis using Conceptual Knowledge Discovery

Over the last years, computer networks have evolved into highly dynamic and interconnected environments, involving multiple heterogeneous devices and providing a myriad of services on top of them. This complex landscape has made it extremely difficult for security administrators to keep accurate and be effective in protecting their systems against cyber threats. In this paper, we describe our vision and scientific posture on how artificial intelligence techniques and a smart use of security knowledge may assist system administrators in better defending their networks. To that end, we put forward a research roadmap involving three complimentary axes, namely, (I) the use of FCA-based mechanisms for managing configuration vulnerabilities, (II) the exploitation of knowledge representation techniques for automated security reasoning, and (III) the design of a cyber threat intelligence mechanism as a CKDD process. Then, we describe a machine-assisted process for cyber threat analysis which provides a holistic perspective of how these three research axes are integrated together

A Model-Based Approach to Security Analysis for Cyber-Physical Systems

Evaluating the security of cyber-physical systems throughout their life cycle is necessary to assure that they can be deployed and operated in safety-critical applications, such as infrastructure, military, and transportation. Most safety and security decisions that can have major effects on mitigation strategy options after deployment are made early in the system's life cycle. To allow for a vulnerability analysis before deployment, a sufficient well-formed model has to be constructed. To construct such a model we produce a taxonomy of attributes; that is, a generalized schema for system attributes. This schema captures the necessary specificity that characterizes a possible real system and can also map to the attack vector space associated with the model's attributes. In this way, we can match possible attack vectors and provide architectural mitigation at the design phase. We present a model of a flight control system encoded in the Systems Modeling Language, commonly known as SysML, but also show agnosticism with respect to the modeling language or tool used.Comment: 8 pages, 5 figures, conferenc