Conceptualizing human resilience in the face of the global epidemiology of cyber attacks

Computer security is a complex global phenomenon where different populations interact, and the infection of one person creates risk for another. Given the dynamics and scope of cyber campaigns, studies of local resilience without reference to global populations are inadequate. In this paper we describe a set of minimal requirements for implementing a global epidemiological infrastructure to understand and respond to large-scale computer security outbreaks. We enumerate the relevant dimensions, the applicable measurement tools, and define a systematic approach to evaluate cyber security resilience. From the experience in conceptualizing and designing a cross-national coordinated phishing resilience evaluation we describe the cultural, logistic, and regulatory challenges to this proposed public health approach to global computer assault resilience. We conclude that mechanisms for systematic evaluations of global attacks and the resilience against those attacks exist. Coordinated global science is needed to address organised global ecrime

Malware Triage Approach using a Task Memory based on Meta-Transfer Learning Framework

To enhance the efficiency of incident response triage operations, it is not cost-effective to defend all systems equally in a complex cyber environment. Instead, prioritizing the defense of critical functionality and the most vulnerable systems is desirable. Threat intelligence is crucial for guiding Security Operations Center (SOC) analysts' focus toward specific system activity and provides the primary contextual foundation for interpreting security alerts. This paper explores novel approaches for improving incident response triage operations, including dealing with attacks and zero-day malware. This solution for rapid prioritization of different malware have been raised to formulate fast response plans to minimize socioeconomic damage from the massive growth of malware attacks in recent years, it can also be extended to other incident response. We propose a malware triage approach that can rapidly classify and prioritize different malware classes to address this concern. We utilize a pre-trained ResNet18 network based on Siamese Neural Network (SNN) to reduce the biases in weights and parameters. Furthermore, our approach incorporates external task memory to retain the task information of previously encountered examples. This helps to transfer experience to new samples and reduces computational costs, without requiring backpropagation on external memory. Evaluation results indicate that the classification aspect of our proposed method surpasses other similar classification techniques in terms of performance. This new triage strategy based on task memory with meta-learning evaluates the level of similarity matching across malware classes to identify any risky and unknown malware (e.g., zero-day attacks) so that a defense of those that support critical functionality can be conducted

In-Memory Data Anonymization Using Scalable and High Performance RDD Design

Recent studies in data anonymization techniques have primarily focused on MapReduce. However, these existing MapReduce based approaches often suffer from many performance overheads due to their inappropriate use of data allocation, expensive disk I/O access and network transfer, and no support for iterative tasks. We propose “SparkDA” which is a new novel anonymization technique that is designed to take the full advantage of Spark platform to generate privacy-preserving anonymized dataset in the most efficient way possible. Our proposal offers a better partition control, in-memory operation and cache management for iterative operations that are heavily utilised for data anonymization processing. Our proposal is based on Spark’s Resilient Distributed Dataset (RDD) with two critical operations of RDD, such as FlatMapRDD and ReduceByKeyRDD, respectively. The experimental results demonstrate that our proposal outperforms the existing approaches in terms of performance and scalability while maintaining high data privacy and utility levels. This illustrates that our proposal is capable to be used in a wider big data applications that demands privacy

Matrix Encryption Walks for Lightweight Cryptography

In this paper, we propose a new symmetric stream cipher encryption algorithm based on Graph Walks and 2-dimensional matrices, called Matrix Encryption Walks (MEW). We offer example Key Matrices and show the efficiency of the proposed method, which operates in linear complexity with an extremely large key space and low-resource requirements. We also provide the Proof of Concept code for the encryption algorithm and a detailed analysis of the security of our proposed MEW. The MEW algorithm is designed for low-resource environments such as IoT or smart devices and is therefore intended to be simple in operation. The encryption, decryption, and key generation time, along with the bytes required to store the key, are all discussed, and similar proposed algorithms are examined and compared. We further discuss the avalanche effect, key space, frequency analysis, Shannon entropy, and chosen/known plaintext-ciphertext attacks, and how MEW remains robust against these attacks. We have also discussed the potential for future research into algorithms such as MEW, which make use of alternative structures and graphic methods for improving encryption models

Deep Q-Learning Based Reinforcement Learning Approach for Network Intrusion Detection

The rise of the new generation of cyber threats demands more sophisticated and intelligent cyber defense solutions equipped with autonomous agents capable of learning to make decisions without the knowledge of human experts. Several reinforcement learning methods (e.g., Markov) for automated network intrusion tasks have been proposed in recent years. In this paper, we introduce a new generation of the network intrusion detection method, which combines a Q-learning based reinforcement learning with a deep feed forward neural network method for network intrusion detection. Our proposed Deep Q-Learning (DQL) model provides an ongoing auto-learning capability for a network environment that can detect different types of network intrusions using an automated trial-error approach and continuously enhance its detection capabilities. We provide the details of fine-tuning different hyperparameters involved in the DQL model for more effective self-learning. According to our extensive experimental results based on the NSL-KDD dataset, we confirm that the lower discount factor, which is set as 0.001 under 250 episodes of training, yields the best performance results. Our experimental results also show that our proposed DQL is highly effective in detecting different intrusion classes and outperforms other similar machine learning approaches