Cyber Threat Intelligence : Challenges and Opportunities

The ever increasing number of cyber attacks requires the cyber security and forensic specialists to detect, analyze and defend against the cyber threats in almost realtime. In practice, timely dealing with such a large number of attacks is not possible without deeply perusing the attack features and taking corresponding intelligent defensive actions, this in essence defines cyber threat intelligence notion. However, such an intelligence would not be possible without the aid of artificial intelligence, machine learning and advanced data mining techniques to collect, analyse, and interpret cyber attack evidences. In this introductory chapter we first discuss the notion of cyber threat intelligence and its main challenges and opportunities, and then briefly introduce the chapters of the book which either address the identified challenges or present opportunistic solutions to provide threat intelligence.Comment: 5 Page

PrivExtractor:Towards Redressing the Imbalance of Understanding Between Virtual Assistant Users and Vendors

The use of voice-controlled virtual assistants (VAs) is significant, and user numbers increase every year. Extensive use of VAs has provided the large, cash-rich technology companies who sell them with another way of consuming users' data, providing a lucrative revenue stream. Whilst these companies are legally obliged to treat users' information "fairly and responsibly,"artificial intelligence techniques used to process data have become incredibly sophisticated, leading to users' concerns that a lack of clarity is making it hard to understand the nature and scope of data collection and use.There has been little work undertaken on a self-contained user awareness tool targeting VAs. PrivExtractor, a novel web-based awareness dashboard for VA users, intends to redress this imbalance of understanding between the data "processors"and the user. It aims to achieve this using the four largest VA vendors as a case study and providing a comparison function that examines the four companies' privacy practices and their compliance with data protection law.As a result of this research, we conclude that the companies studied are largely compliant with the law, as expected. However, the user remains disadvantaged due to the ineffectiveness of current data regulation that does not oblige the companies to fully and transparently disclose how and when they use, share, or profit from the data. Furthermore, the software tool developed during the research is, we believe, the first that is capable of a comparative analysis of VA privacy with a visual demonstration to increase ease of understanding for the user

Fintech cybersecurity challenges and regulations: Bahrain case study

Winds of change are blowing across the financial systems, with services and advancements in Financial Technology (FinTech) influencing all aspects of the financial sector and generating a continual stream of innovations. Despite benefits offered by FinTech, it creates new challenges that endanger financial institutes’ stability and integrity. As cyber-attacks increasingly threaten the FinTech industry, cybersecurity can be considered as one of the main challenges that need to be addressed to properly manage risks associated with integrating FinTech services in people’s day-to-day life. This Systematic Literature Review (SLR) highlights the cybersecurity challenges that FinTech industry faces and discusses existing measures that can effectively manage FinTech cybersecurity risks. An analysis of the existing literature and regulations is carried out to identify comparable components that exist across some internationally well-known cybersecurity standards and frameworks. Considering Bahrain as a case study, the paper explores key elements and factors that were not addressed adequately while implementing such standards. Research findings indicate that creating a cybersecurity framework for FinTech could be advantageous and offers a new perspective on the topic by demonstrating a natural extension of the existing knowledge. The findings offer useful suggestions for Bahrain’s financial regulators to get better acquainted with these aspects. It lays the foundation to develop a cybersecurity framework for FinTech specifically for Bahrain, and it endeavors to raise the level of cybersecurity and a trusted electronic environment for both the customers and service providers in Bahrain

FinTech Cybersecurity Challenges and Regulations: Bahrain Case Study

Winds of change are blowing across the financial systems, with services and advancements in Financial Technology (FinTech) influencing all aspects of the financial sector and generating a continual stream of innovations. Despite benefits offered by FinTech, it creates new challenges that endanger financial institutes’ stability and integrity. As cyber-attacks increasingly threaten the FinTech industry, cybersecurity can be considered as one of the main challenges that need to be addressed to properly manage risks associated with integrating FinTech services in people’s day-to-day life. This Systematic Literature Review (SLR) highlights the cybersecurity challenges that FinTech industry faces and discusses existing measures that can effectively manage FinTech cybersecurity risks. An analysis of the existing literature and regulations is carried out to identify comparable components that exist across some internationally well-known cybersecurity standards and frameworks. Considering Bahrain as a case study, the paper explores key elements and factors that were not addressed adequately while implementing such standards. Research findings indicate that creating a cybersecurity framework for FinTech could be advantageous and offers a new perspective on the topic by demonstrating a natural extension of the existing knowledge. The findings offer useful suggestions for Bahrain’s financial regulators to get better acquainted with these aspects. It lays the foundation to develop a cybersecurity framework for FinTech specifically for Bahrain, and it endeavors to raise the level of cybersecurity and a trusted electronic environment for both the customers and service providers in Bahrain

A hierarchical key pre-distribution scheme for fog networks

Security in fog computing is multi-faceted, and one particular challenge is establishing a secure communication channel between fog nodes and end devices. This emphasizes the importance of designing efficient and secret key distribution scheme to facilitate fog nodes and end devices to establish secure communication channels. Existing secure key distribution schemes designed for hierarchical networks may be deployable in fog computing, but they incur high computational and communication overheads and thus consume significant memory. In this paper, we propose a novel hierarchical key pre-distribution scheme based on “Residual Design” for fog networks. The proposed key distribution scheme is designed to minimize storage overhead and memory consumption, while increasing network scalability. The scheme is also designed to be secure against node capture attacks. We demonstrate that in an equal-size network, our scheme achieves around 84% improvement in terms of node storage overhead, and around 96% improvement in terms of network scalability. Our research paves the way for building an efficient key management framework for secure communication within the hierarchical network of fog nodes and end devices. KEYWORDS: Fog Computing, Key distribution, Hierarchical Networks

On the Security and Privacy Challenges of Virtual Assistants

Since the purchase of Siri by Apple, and its release with the iPhone 4S in 2011, virtualassistants (VAs) have grown in number and popularity. The sophisticated natural language processingand speech recognition employed by VAs enables users to interact with them conversationally, almostas they would with another human. To service user voice requests, VAs transmit large amounts ofdata to their vendors; these data are processed and stored in the Cloud. The potential data securityand privacy issues involved in this process provided the motivation to examine the current state ofthe art in VA research. In this study, we identify peer-reviewed literature that focuses on securityand privacy concerns surrounding these assistants, including current trends in addressing how voiceassistants are vulnerable to malicious attacks and worries that the VA is recording without the user’sknowledge or consent. The findings show that not only are these worries manifold, but there is agap in the current state of the art, and no current literature reviews on the topic exist. This reviewsheds light on future research directions, such as providing solutions to perform voice authenticationwithout an external device, and the compliance of VAs with privacy regulations

MDSClone: Multidimensional Scaling Aided Clone Detection in Internet of Things

Cloning is a very serious threat in the Internet of Things (IoT), owing to the simplicity for an attacker to gather configuration and authentication credentials from a non-tamper-proof node, and replicate it in the network. In this paper, we propose MDSClone, a novel clone detection method based on multidimensional scaling (MDS). MDSClone appears to be very well suited to IoT scenarios, as it: 1) detects clones without the need to know the geographical positions of nodes; 2) unlike prior methods, it can be applied to hybrid networks that comprise both static and mobile nodes, for which no mobility pattern may be assumed a priori. Moreover, a further advantage of MDSClone is that 3) the core part of the detection algorithm can be parallelized, resulting in an acceleration of the whole detection mechanism. Our thorough analytical and experimental evaluations demonstrate that MDSClone can achieve a 100% clone detection probability. Moreover, we propose several modifications to the original MDS calculation, which lead to over a 75% speed up in large scale scenarios. The demonstrated efficiency of MDSClone proves that it is a promising method towards a practical clone detection design in IoT