Here’s how the ransomware attack was stopped – and why it could soon start again

Description to be added.Cannot be left empt

What will cyber security look like in the next 10 years?

Description to be added.Cannot be left empt

An Analysis of Pre-Infection Detection Techniques for Botnets and other Malware

Traditional techniques for detecting malware, such as viruses, worms and rootkits, rely on identifying virus-specific signature definitions within network traffic, applications or memory. Because a sample of malware is required to define an attack signature, signature detection has drawbacks when accounting for malware code mutation, has limited use in zero-day protection and is a post-infection technique requiring malware to be present on a device in order to be detected. A malicious bot is a malware variant that interconnects with other bots to form a botnet. Amongst their multiple malicious uses, botnets are ideal for launching mass Distributed Denial of Services attacks against the ever increasing number of networked devices that are starting to form the Internet of Things and Smart Cities. Regardless of topology; centralised Command & Control or distributed Peer-to-Peer, bots must communicate with their commanding botmaster. This communication traffic can be used to detect malware activity in the cloud before it can evade network perimeter defences and to trace a route back to source to takedown the threat. This paper identifies the inefficiencies exhibited by signature-based detection when dealing with botnets. Total botnet eradication relies on traffic-based detection methods such as DNS record analysis, against which malware authors have multiple evasion techniques. Signature-based detection displays further inefficiencies when located within virtual environments which form the backbone of data centre infrastructures, providing malware with a new attack vector. This paper highlights a lack of techniques for detecting malicious bot activity within such environments, proposing an architecture based upon flow sampling protocols to detect botnets within virtualised environments

Botnet Detection in Virtual Environments Using NetFlow

For both enterprises and service providers, the exponential growth of cloud and virtual infrastructures brings vast performance and financial benefits but this growth has undoubtedly introduced unforeseen problems in terms of new opportunities for malware and cybercrime to flourish. Botnets could be created entirely within the cloud using virtual resources, for a myriad of purposes including DDoS-as-a-Service. This study has sought to determine whether distributed packet capture utilising mirroring technology or some form of sampling mechanism provides better performance for detecting cybercrime style activities within virtual environments. Recommendations are for a distributed monitoring technique which can provide end-to-end monitoring capabilities while minimising the performance impact on popular adoptions of cloud or virtual infrastructures. Investigations have concentrated on distributed monitoring techniques utilising virtual network switches, looking for a proof of concept demonstrator where sample Command & Control and Peer-to-Peer botnet activities can be detected utilising flow capture technologies such as NetFlow, sFlow or IPFIX. This paper demonstrates how by inserting a monitoring function into a virtual or cloud architecture the capture and analysis of traffic parameters using NetFlow can be used to identify the presence of an HTTP-based Command & Control botnet

Holistic Blockchain Approach to Foster Trust, Privacy and Security in IoT Based Ambient Assisted Living Environment

The application of blockchains techniques in the Internet of Things (IoT) is gaining much attention with new solutions proposed in diverse areas of the IoT. Conventionally IoT systems are designed to follow the centralised paradigm where security and privacy control is vested on a 'trusted' third-party. This design leaves the user at the mercy of a sovereign broker and in addition, susceptible to several attacks. The implicit trust and the inferred reliability of centralised systems have been challenged recently following several privacy violations and personal data breaches. Consequently, there is a call for more secure decentralised systems that allows for finer control of user privacy while providing secure communication. Propitiously, the blockchain holds much promise and may provide the necessary framework for the design of a secure IoT system that guarantees fine-grained user privacy in a trustless manner. In this paper, we propose a holistic blockchain-based decentralised model for Ambient Assisted Living (AAL) environment. The nodes in our proposed model utilize smart contracts to define interaction rules while working collaboratively to contribute storage and computing resources. Based on the blockchain technique, our proposed model promotes trustless interaction and enhanced user's privacy through the blockchain-Interplanetary File System (IPFS) alliance. The proposed model also addresses the shortfall of storage constraints exhibited in many IoT systems

QoSVisor: QoS Framework for SDN

The increasing demand for network services and quality across wide selections of digital applications in the internet era has caused growing congestion and raised questions about how to deal with prioritizing data in ways tailored to particular uses of applications and managing peak congestion times. Software Defined Network (SDN) in particular Slicing Strategy, seems the best solution due to its new constitution intelligently implemented through the SDN OpenFlow protocol. However, Slicing Strategies specifically “FlowVisor” are limited in certain mechanisms such as Traffic Engineering (TE), which make it a requirement to find new ways to deliver Quality of Service (QoS) for different applications. In this paper, QoSVisor presented as an SDN extension action QoS Slicer based as an enhancement to the standard FlowVisor operation slicing tools to ensure the QoS for each Slice-based class of application

Practical Experiences of Building an IPFIX Based Open Source Botnet Detector

The academic study of flow-based malware detection has primarily focused on NetFlow v5 and v9. In 2013 IPFIX was ratified as the flow export standard. As part of a larger project to develop protection methods for Cloud Service Providers from botnet threats, this paper considers the challenges involved in designing an open source IPFIX based botnet detection function. This paper describes how these challenges were overcome and presents an open source system built upon Xen hypervisor and Open vSwitch that is able to display botnet traffic within Cloud Service Provider-style virtualised environments. The system utilises Euler property graphs to display suspect “botnests”. The conceptual framework presented provides a vendor-neutral, real-time detection mechanism for monitoring botnet communication traffic within cloud architectures and the Internet of Things

Personalising the iCampus; an End-User Programming approach

Abstract-This paper explores the possibility of facilitating better end user engagement with the iCampus by providing a platform (Pervasive-interactive-Programming) to program the functionality of iCampus intelligent environments. We first introduce Pervasive-interactive-Programming (PiP), explaining the principles and presenting some recent results. By way of an example, we discuss how end-user programming could be used to configure the functionality of a student campus dormitory. We then consider how these techniques might be expanded to cater for other iCampus' areas. Finally, we comment on the future direction of our research

A novel autonomous management distributed system for cloud computing environments

This paper describes a novel modular design of an autonomous management distributed system (AMDS) for cloud computing environments and it presents its implementation with the Scala programming language. The AMDS was designed from the ground up with distributed deployment, modularity and security in mind, using a full object oriented approach. A key feature of this system is the ability to gather and store information from various networking and monitoring devices from within the same computing cluster. Another key feature is the ability to intelligently control VMWare vSphere local instances based on analysis of collected data and predefined parameters. vSphere in turn, once it receives commands from the AMDS, proceeds to issue instructions to multiple locally monitored ESXi severs in order to maximize energy efficiency, reduce the carbon footprint and minimize running costs. The predefined parameters are based on results from a previous paper written by the authors. The AMDS has been deployed on the authors’ test bed and is currently running successfully. Test results show highly potential industrial applications in datacenter energy management and lowering of operating costs