I see EK: A lightweight technique to reveal exploit kit family by overall URL patterns of infection chains

The prevalence and nonstop evolving technical sophistication of exploit kits (EKs) is one of the most challenging shifts in the modern cybercrime landscape. Over the last few years, malware infections via drive-by download attacks have been orchestrated with EK infrastructures. Malicious advertisements and compromised websites redirect victim browsers to web-based EK families that are assembled to exploit client-side vulnerabilities and finally deliver evil payloads. A key observation is that while the webpage contents have drastic differences between distinct intrusions executed through the same EK, the patterns in URL addresses stay similar. This is due to the fact that autogenerated URLs by EK platforms follow specific templates. This practice in use enables the development of an efficient system that is capable of classifying the responsible EK instances. This paper proposes novel URL features and a new technique to quickly categorize EK families with high accuracy using machine learning algorithms. Rather than analyzing each URL individually, the proposed overall URL patterns approach examines all URLs associated with an EK infection automatically. The method has been evaluated with a popular and publicly available dataset that contains 240 different real-world infection cases involving over 2250 URLs, the incidents being linked with the 4 major EK flavors that occurred throughout the year 2016. The system achieves up to 100% classification accuracy with the tested estimators

Evolutionary Multiobjective Feature Selection for Sentiment Analysis

AuthorSentiment analysis is one of the prominent research areas in data mining and knowledge discovery, which has proven to be an effective technique for monitoring public opinion. The big data era with a high volume of data generated by a variety of sources has provided enhanced opportunities for utilizing sentiment analysis in various domains. In order to take best advantage of the high volume of data for accurate sentiment analysis, it is essential to clean the data before the analysis, as irrelevant or redundant data will hinder extracting valuable information. In this paper, we propose a hybrid feature selection algorithm to improve the performance of sentiment analysis tasks. Our proposed sentiment analysis approach builds a binary classification model based on two feature selection techniques: an entropy-based metric and an evolutionary algorithm. We have performed comprehensive experiments in two different domains using a benchmark dataset, Stanford Sentiment Treebank, and a real-world dataset we have created based on World Health Organization (WHO) public speeches regarding COVID-19. The proposed feature selection model is shown to achieve significant performance improvements in both datasets, increasing classification accuracy for all utilized machine learning and text representation technique combinations. Moreover, it achieves over 70% reduction in feature size, which provides efficiency in computation time and space

EPICS: A Framework for Enforcing Security Policies in Composite Web Services

With advances in cloud computing and the emergence of service marketplaces, the popularity of composite services marks a paradigm shift from single-domain monolithic systems to cross-domain distributed services, which raises important privacy and security concerns. Access control becomes a challenge in such systems because authentication, authorization and data disclosure may take place across endpoints that are not known to clients. The clients lack options for specifying policies to control the sharing of their data and have to rely on service providers which offer limited selection of security and privacy preferences. This lack of awareness and loss of control over data sharing increases threats to a client's data and diminishes trust in these systems. We propose EPICS, an efficient and effective solution for enforcing security policies in composite Web services that protects data privacy throughout the service interaction lifecycle. The solution ensures that the data are distributed along with the client policies that dictate data access and an execution monitor that controls data disclosure. It empowers data owners with control of data disclosure decisions during interactions with remote services and reduces the risk of unauthorized access. The paper presents the design, implementation, and evaluation of the EPICS framework

Kaptan Corelli'nin Mandolini'nde Orpheus ve Eurydice Miti

Since primordial times, myths have had an important effect on literature. Along with the influence of postmodernism, myths are deconstructed. Like myths, music is an indispensable part of man, and Orpheus Myth shows a close connection between music and myth. The aim of this thesisis to define myth and examine the artistic means used in Captain Corelli’s Mandolin by Louis de Bernières through the lens of an appropriate comparative methodology such as Carl Gustav Jung?s archetypes, Joseph Campbell?s monomythical journey and Claude Levi-Strauss?s my themes, focusing on the similarities and differences between the Myth of Orpheus and Eurydice and Captain Corelli’s Mandolin as well as deconstructing the myth and focusing on the relationship between music and myth.Zamanın başından beri, mitlerin edebiyat üzerinde önemli bir etkisi olmuştur. Postmodernizmle birlikte, mitler ters yüz edilmiştir. Mitler gibi, müzik de insanoğlunun vazgeçilmez parçası olmuştur ve Orfeus Mit, müzik ve mitin arasındaki yakın bağlantıyı gösterir. Bu tezin amacı, Orfeus ve Euridike Mit ve Kaptan Corelli?nin Mandolin?i arasındaki karakterlerin benzerlik ve farklılıklarına vurgu yaparak ve miti de konstrüksiyon yapıp müzik ve mit arasındaki ilişkiye odaklanarak, Carl Gustav Jung?unarketipleri, Joseph Campbell?in kahramanın yolculuğu ve Claude Levi-Strauss?un temaları gibi uygun bir karşılaştırma method ışığında, Kaptan Corelli?nin Mandolin?inde kullanılan artistic anlamları incelemekti

Askeri Otonom Sistemlerde Blokzincir Tabanlı Veri Güvenliği

Advances in technology have enabled the increased use of autonomous systems such as unmanned aerial vehicles (UAVs) in military operations and other critical military communications. While the use of autonomous systems has greatly facilitated military operations, provided a global view of the operational environment and eased sensitive data collection, making possible reduced casualties, it has also created a greater cyber attack surface due to its high level of automation. The existence of adversaries targeting this attack surface can seriously damage military operations by tampering with critical message content used in autonomous systems decision making. In order to ensure the successful operation of autonomous military systems, mechanisms must be developed to strictly protect the integrity of the collected / exchanged data and messages, and an immutable record of each message must be provided. These mechanisms should also be used to control autonomous systems under critical failures or attacks occurring during or after military operations. Blockchain has recently emerged as a technology that provides a decentralized architecture to achieve an unchangeable history of interactions between parties that are part of a distributed network. While blockchain is currently used in various fields such as cryptocurrencies, supply chain management and e-voting systems, it also has the potential to provide secure communication in autonomous systems. In this study, a blockchain-based communication architecture is proposed that guarantees integrity assurance and permanent recording of messages exchanged between all parties, including UAVs and ground control stations, in a military autonomous system network. The proposed secure communication architecture has been theoretically evaluated in terms of its resistance to the types of cyber attacks frequently encountered in distributed systems, and it has been shown to provide protection against attacks that compromise data integrity as well as spoofed authentication attempts. The proposed blockchain-based architecture is promising to increase the resilience of military autonomous systems against cyberattacks that aim to hurt the success of military operations through data content manipulation.Yakın dönemde teknolojide yaşanan gelişmeler, askeri operasyonlarda ve diğer kritik askeri iletişimlerde insansız hava araçları (İHA'lar ve SİHA'lar) gibi otonom sistemlerin artan kullanımına olanak sağlamıştır. Otonom sistemlerin kullanımı askeri operasyonları büyük ölçüde kolaylaştırmış, hassas veri toplama ve operasyon ortamına küresel bir bakış sağlamış ve kayıpları azaltmış olsa da, içerdiği yüksek otomasyon seviyesi nedeniyle daha büyük bir siber saldırı yüzeyi yaratmıştır. Bu saldırı yüzeyinin düşmanlar tarafından kullanılması, otonom sistemlerin karar vermesinde kullanılan kritik mesaj içeriğinin manipüle edilmesi yoluyla askeri operasyonlara ciddi şekilde zarar verebilir. Otonom askeri sistemlerin başarılı bir şekilde çalışmasını sağlamak için, toplanan / değiş tokuş edilen veri ve mesajların bütünlüğünü sıkı bir şekilde koruyacak mekanizmaların geliştirilmesi ve her mesajın değişmez bir kaydının sağlanması gerekir. Bu mekanizmalar ayrıca askeri operasyon sırasında veya sonrasında meydana gelen kritik arızalar veya saldırılar altında otonom sistemleri denetlemek için de kullanılabilir olmalıdır. Blokzincir, dağıtık bir ağın parçası olan taraflar arasında değiştirilemez bir etkileşim geçmişi elde etmek için merkezi olmayan bir mimari sağlayan bir teknoloji olarak yakın zamanda ortaya çıkmıştır. Blokzincir şu anda kriptoparalar, tedarik zinciri yönetimi ve e-oylama sistemleri gibi çeşitli alanlarda kullanılırken, aynı zamanda otonom sistemlerde güvenli iletişim sağlama potansiyeline de sahiptir. Bu çalışmada, bir askeri otonom sistem ağındaki İHA'lar ve yer kontrol istasyonları dahil tüm taraflar arasında değiş tokuş edilen mesajların bütünlük güvencesini ve kalıcı bir kaydını garanti eden blokzincir tabanlı bir iletişim mimarisi önerilmiştir. Önerilen güvenli iletişim mimarisi dağıtık sistemlerde sıklıkla rastlanılan siber saldırı türlerine dayanıklılığı açısından incelenmiş, veri bütünlüğünü bozma ve kimlik denetimini yanıltma saldırılarına karşı koruma sağladığı gösterilmiştir. Blokzincir tabanlı bu mimari, askeri ortamlarda son derece güvenilir iletişimi sağlama ve bu sistemleri veri içeriği manipülasyonu yoluyla yanıltmayı amaçlayan siber saldırılara karşı direnç artırmayı vaat etmektedir

Know your EK: A content and workflow analysis approach for exploit kits

The prevalence and non-stop evolving technical sophistication of Exploit Kits (EKs) is one of the most challenging shifts in the modern cybercrime landscape. Over the last few years, malware infection via drive-by-download attacks have been orchestrated with EK infrastructures. An EK serves various types of malicious content via several threat vectors for a variety of criminal attempts, which are mostly monetary-centric. Malicious emails, malicious advertisements, and compromised websites redirect victim browsers to web-based EK families that are assembled to exploit client-side vulnerabilities and finally deliver evil payloads. Examples include mining crypto-currency to generate revenue, encrypting valuable files to demand ransom, stealing sensitive information for fraud, and turning the victim machine to a zombie to make it an instrument for further attacks. In this paper we provide an in-depth discussion of the EK philosophy and internals. We provide content analysis of the EK families from a publicly available dataset of over 2250 URLs using abstract syntax trees and propose strategies for protection from the devastating effects of this increasingly popular threat

A Digital Twins Approach to Smart Grid Security Testing and Standardization

The exponential growth of the Internet of Things in recent years has created an ever larger cyber attack surface, introducing new security vulnerabilities for all computerized systems. Among the most significant of those systems are industrial control systems (ICS) consisting of many cyber physical components, and smart grids are a prominent example of ICS, whose failures have potential to cause major disruptions in all aspects of our daily lives. In this paper, we provide an overview of smart grid cybersecurity standards, and review major threats to smart grid environments at the physical, network and application layers. In order to overcome the current lack of standards for security evaluation of smart grids, we propose a digital twins based approach for the complete lifecycle of a smart grid, which accurately models the functioning of the physical grid and avoids service disruptions caused by running security tests on the actual grid. A digital twins based approach is promising to provide a common ground for the development of standardized models for continuous and comprehensive penetration testing of smart grid

A secure model for efficient live migration of containers

Cloud services have become increasingly widespread in the past decade due to their ability to reduce the complexity and the cost of managing computers and networks. Cloud applications are run in virtualized environments such as virtual machines and containers to be able to allocate resources in an inexpensive manner. Both of these approaches require effective resource utilization, for which an important enabling technology is live migration, which involves moving a service from one host to another with the minimum possible downtime. Live migration is also required for system maintenance, load balancing, and protecting services from attacks through moving target defense. While migrating a service, the system should not be vulnerable to attacks. In this work, we propose a secure model for efficient live migration of containers. Because the applications are isolated from each other while running in Docker containers, checkpointing method was used to generate required migration data. In our proposed model, we provide security of the migration data using secure authentication, and ensuring all connections between the nodes are protected to provide communication security, making the system protected against migration attacks. The efficiency of the migration system designed based on the proposed model has been proven on stateless and stateful sample applications. Experiments with applications running on the Docker container platform demonstrate that the proposed approach achieves significantly better performance than its virtual machine live migration counterpart

A Shrinkage Approach for Modeling Non-Stationary Relational Autocorrelation

Recent research has shown that collective classification in relational data often exhibit significant performance gains over conventional approaches that classify instances individually. This is primarily due to the presence of autocorrelation in relational datasets, meaning that the class labels of related entities are correlated and inferences about one instance can be used to improve inferences about linked instances. Statistical relational learning techniques exploit relational autocorrelation by modeling global autocorrelation dependencies under the assumption that the level of autocorrelation is stationary throughout the dataset. To date, there has been no work examining the appropriateness of this stationarity assumption. In this paper; we examine two real-world datasets and show that there is significant variance in the autocorrelation dependencies throughout the relational data graphs. We develop a shrinkage technique for modeling this non-stationary autocorrelation and show that it achieves significant accuracy gains over competing techniques that model either local or global autocorrelation dependencies in isolation