Visible to the public Cyber-crime Analysis 2015Conflict Detection Enabled

SoS Newsletter- Advanced Book Block


SoS Logo

Cyber-crime Analysis 2015


As cyber-crime grows, methods for preventing, detecting, and responding are growing as well.  Research is examining new faster more automated methods for dealing with cyber-crime both from a technical and a behavioral standpoint.  Human behavior, resilience, policy-based governance and metrics are the hard topics in the Science of Security that are related.  The work cited here was presented in 2015.

Stoll, J.; Bengez, R.Z., "Visual Structures for Seeing Cyber Policy Strategies," in Cyber Conflict: Architectures in Cyberspace (CyCon), 2015 7th International Conference on, pp. 135-152, 26-29 May 2015. doi: 10.1109/CYCON.2015.7158474

Abstract: In the pursuit of cyber security for organizations, there are tens of thousands of tools, guidelines, best practices, forensics, platforms, toolkits, diagnostics, and analytics available. However according to the Verizon 2014 Data Breach Report, “after analyzing 10 years of data... organizations cannot keep up with cyber crime-and the bad guys are winning.” Although billions are expended worldwide on cyber security, organizations struggle with complexity, e.g., the NISTIR 7628 guidelines for cyber-physical systems are over 600 pages of text. And there is a lack of information visibility. Organizations must bridge the gap between technical cyber operations and the business/social priorities since both sides are essential for ensuring cyber security. Identifying visual structures for information synthesis could help reduce the complexity while increasing information visibility within organizations. This paper lays the foundation for investigating such visual structures by first identifying where current visual structures are succeeding or failing. To do this, we examined publicly available analyses related to three types of security issues: 1) epidemic, 2) cyber attacks on an industrial network, and 3) threat of terrorist attack. We found that existing visual structures are largely inadequate for reducing complexity and improving information visibility. However, based on our analysis, we identified a range of different visual structures, and their possible trade-offs/limitation is framing strategies for cyber policy. These structures form the basis of evolving visualization to support information synthesis for policy actions, which has rarely been done but is promising based on the efficacy of existing visualizations for cyber incident detection, attacks, and situation awareness.

Keywords: data visualisation; security of data; terrorism; Verizon 2014 Data Breach Report; cyber attacks; cyber incident detection; cyber policy strategies; cyber security; information synthesis; information visibility; situation awareness; terrorist attack; visual structures; Complexity theory; Computer security; Data visualization; Organizations; Terrorism; Visualization; cyber security policy; human-computer interaction; organizations; visual structures; visualization (ID#: 15-8450)



Jain, N.; Kalbande, D.R., "Digital Forensic Framework Using Feedback and Case History Keeper," Communication, Information & Computing Technology (ICCICT), 2015 International Conference on, pp. 1-6, 15-17 Jan. 2015. doi: 10.1109/ICCICT.2015.7045670

Abstract: Cyber crime investigation is the integration of two technologies named theoretical methodology and second practical tools. First is the theoretical digital forensic methodology that encompasses the steps to investigate the cyber crime. And second technology is the practically development of the digital forensic tool which sequentially and systematically analyze digital devices to extract the evidence to prove the crime. This paper explores the development of digital forensic framework, combine the advantages of past twenty five forensic models and generate a algorithm to create a new digital forensic model. The proposed model provides the following advantages, a standardized method for investigation, the theory of model can be directly convert into tool, a history lookup facility, cost and time minimization, applicable to any type of digital crime investigation.

Keywords: computer crime; digital forensics; system monitoring; case history keeper;cyber crime investigation; digital crime investigation; digital forensic framework; feedback; forensic models; history lookup facility; Adaptation models; Computational modeling; Computers; Digital forensics;History; Mathematical model; Digital forensic framework; digital crime; evidence (ID#: 15-8451)



Armin, J.; Thompson, B.; Ariu, D.; Giacinto, G.; Roli, F.; Kijewski, P., "2020 Cybercrime Economic Costs: No Measure No Solution," in Availability, Reliability and Security (ARES), 2015 10th International Conference on, pp. 701-710, 24-27 Aug. 2015. doi: 10.1109/ARES.2015.56

Abstract: Governments needs reliable data on crime in order to both devise adequate policies, and allocate the correct revenues so that the measures are cost-effective, i.e., The money spent in prevention, detection, and handling of security incidents is balanced with a decrease in losses from offences. The analysis of the actual scenario of government actions in cyber security shows that the availability of multiple contrasting figures on the impact of cyber-attacks is holding back the adoption of policies for cyber space as their cost-effectiveness cannot be clearly assessed. The most relevant literature on the topic is reviewed to highlight the research gaps and to determine the related future research issues that need addressing to provide a solid ground for future legislative and regulatory actions at national and international levels.

Keywords: government data processing; security of data; cyber security; cyber space; cyber-attacks; cybercrime economic cost; economic costs; Computer crime; Economics; Measurement; Organizations; Reliability; Stakeholders (ID#: 15-8452)



Tosh, D.; Sengupta, S.; Kamhoua, C.; Kwiat, K.; Martin, A., "An Evolutionary Game-Theoretic Framework for Cyber-Threat Information Sharing," in Communications (ICC), 2015 IEEE International Conference on, pp. 7341-7346, 8-12 June 2015. doi: 10.1109/ICC.2015.7249499

Abstract: The initiative to protect against future cyber crimes requires a collaborative effort from all types of agencies spanning industry, academia, federal institutions, and military agencies. Therefore, a Cybersecurity Information Exchange (CYBEX) framework is required to facilitate breach/patch related information sharing among the participants (firms) to combat cyber attacks. In this paper, we formulate a non-cooperative cybersecurity information sharing game that can guide: (i) the firms (players)1 to independently decide whether to “participate in CYBEX and share” or not; (ii) the CYBEX framework to utilize the participation cost dynamically as incentive (to attract firms toward self-enforced sharing) and as a charge (to increase revenue). We analyze the game from an evolutionary game-theoretic strategy and determine the conditions under which the players' self-enforced evolutionary stability can be achieved. We present a distributed learning heuristic to attain the evolutionary stable strategy (ESS) under various conditions. We also show how CYBEX can wisely vary its pricing for participation to increase sharing as well as its own revenue, eventually evolving toward a win-win situation.

Keywords: evolutionary computation; game theory; security of data; CYBEX framework; ESS; academia; collaborative effort; combat cyber attacks; cyber crimes; cyber threat information sharing; cybersecurity information exchange; evolutionary game theoretic framework; evolutionary game theoretic strategy; evolutionary stable strategy; federal institutions; military agencies; self-enforced evolutionary stability; spanning industry; Computer security; Games; Information management; Investment; Sociology; Statistics; CYBEX; Cybersecurity; Evolutionary Game Theory; Incentive Model; Information Sharing (ID#: 15-8453)



Namazifard, A.; Tousi, A.; Amiri, B.; Aminilari, M.; Hozhabri, A.A., "Literature Review of Different Contention of E-Commerce Security and the Purview of Cyber Law Factors," in e-Commerce in Developing Countries: With focus on e-Business (ECDC), 2015 9th International Conference on, pp. 1-14, 16-16 April 2015. doi: 10.1109/ECDC.2015.7156333

Abstract: Today, by widely spread of information technology (IT) usage, E-commerce security and its related legislations are very critical issue in information technology and court law. There is a consensus that security matters are the significant foundation of e-commerce, electronic consumers, and firms' privacy. While e-commerce networks need a policy for security privacy, they should be prepared for a simple consumer friendly infrastructure. Hence it is necessary to review the theoretical models for revision. In This theory review, we embody a number of former articles that cover security of e-commerce and legislation ambit at the individual level by assessing five criteria. Whether data of articles provide an effective strategy for secure-protection challenges in e-commerce and e-consumers. Whether provisions clearly remedy precedents or they need to flourish? This paper focuses on analyzing the former discussion regarding e-commerce security and existence legislation toward cyber-crime activity of e-commerce the article also purports recommendation for subsequent research which is indicate that through secure factors of e-commerce we are able to fill the vacuum of its legislation.

Keywords: computer crime; data privacy; electronic commerce; information systems; legislation; IT; cyber law factor; cyber-crime activity; e-commerce security; information technology; legislation; security privacy policy; Business; Electronic commerce; Information technology; Internet; Legislation; Privacy; Security; cyberspace security; e-commerce law; e-consumer protection; jurisdiction (ID#: 15-8454)



Wazzan, M.A.; Awadh, M.H., "Towards Improving Web Attack Detection: Highlighting the Significant Factors," in IT Convergence and Security (ICITCS), 2015 5th International Conference on, pp. 1-5, 24-27 Aug. 2015. doi: 10.1109/ICITCS.2015.7293028

Abstract: Nowadays, with the rapid development of Internet, the use of Web is increasing and the Web applications have become a substantial part of people's daily life (e.g. E-Government, E-Health and E-Learning), as they permit to seamlessly access and manage information. The main security concern for e-business is Web application security. Web applications have many vulnerabilities such as Injection, Broken Authentication and Session Management, and Cross-site scripting (XSS). Subsequently, web applications have become targets of hackers, and a lot of cyber attack began to emerge in order to block the services of these Web applications (Denial of Service Attach). Developers are not aware of these vulnerabilities and have no enough time to secure their applications. Therefore, there is a significant need to study and improve attack detection for web applications through determining the most significant factors for detection. To the best of our knowledge, there is not any research that summarizes the influent factors of detection web attacks. In this paper, the author studies state-of-the-art techniques and research related to web attack detection: the author analyses and compares different methods of web attack detections and summarizes the most important factors for Web attack detection independent of the type of vulnerabilities. At the end, the author gives recommendation to build a framework for web application protection.

Keywords: Internet; computer crime; data protection; Internet; Web application protection; Web application security; Web application vulnerabilities; Web attack detection; XSS; broken authentication; cross-site scripting; cyber attack; denial of service attack; e-business; hackers; information access; information management; injection; session management; Buffer overflows; Computer crime; IP networks; Intrusion detection; Monitoring; Uniform resource locators (ID#: 15-8455)



Adebayo, Ojeniyi Joseph; ASuleiman, Idris; Ade, Abdulmalik Yunusa; Ganiyu, S.O; Alabi, I.O., "Digital Forensic Analysis for Enhancing Information Security," in Cyberspace (CYBER-Abuja), 2015 International Conference on, pp. 38-44, 4-7 Nov. 2015. doi: 10.1109/CYBER-Abuja.2015.7360517

Abstract: Digital Forensics is an area of Forensics Science that uses the application of scientific method toward crime investigation. The thwarting of forensic evidence is known as anti-forensics, the aim of which is ambiguous in the sense that it could be bad or good. The aim of this project is to simulate digital crimes scenario and carry out forensic and anti-forensic analysis to enhance security. This project uses several forensics and anti-forensic tools and techniques to carry out this work. The data analyzed were gotten from result of the simulation. The results reveal that although it might be difficult to investigate digital crime but with the help of sophisticated forensic tools/anti-forensics tools it can be accomplished.

Keywords: Analytical models; Computers; Cyberspace; Digital forensics; Information security; Operating systems; Digital forensic; anti-digital forensic; image acquisition; image integrity; privacy (ID#: 15-8456)



Zeb, K.; Baig, O.; Asif, M.K., "DDoS Attacks and Countermeasures in Cyberspace," in Web Applications and Networking (WSWAN), 2015 2nd World Symposium on, pp. 1-6, 21-23 March 2015. doi: 10.1109/WSWAN.2015.7210322

Abstract: In cyberspace, availability of the resources is the key component of cyber security along with confidentiality and integrity. Distributed Denial of Service (DDoS) attack has become one of the major threats to the availability of resources in computer networks. It is a challenging problem in the Internet. In this paper, we present a detailed study of DDoS attacks on the Internet specifically the attacks due to protocols vulnerabilities in the TCP/IP model, their countermeasures and various DDoS attack mechanisms. We thoroughly review DDoS attacks defense and analyze the strengths and weaknesses of different proposed mechanisms.

Keywords: Internet; computer network security; transport protocols; DDoS attack mechanisms; Internet; TCP-IP model; computer networks; cyber security; cyberspace; distributed denial of service attacks; Computer crime; Filtering; Floods; IP networks; Internet; Protocols; Servers; Cyber security; Cyber-attack; Cyberspace; DDoS Defense; DDoS attack; Mitigation; Vulnerability (ID#: 15-8457)



Gorton, D., "Modeling Fraud Prevention of Online Services Using Incident Response Trees and Value at Risk," in Availability, Reliability and Security (ARES), 2015 10th International Conference on, pp. 149-158, 24-27 Aug. 2015. doi: 10.1109/ARES.2015.17

Abstract: Authorities like the Federal Financial Institutions Examination Council in the US and the European Central Bank in Europe have stepped up their expected minimum security requirements for financial institutions, including the requirements for risk analysis. In a previous article, we introduced a visual tool and a systematic way to estimate the probability of a successful incident response process, which we called an incident response tree (IRT). In this article, we present several scenarios using the IRT which could be used in a risk analysis of online financial services concerning fraud prevention. By minimizing the problem of underreporting, we are able to calculate the conditional probabilities of prevention, detection, and response in the incident response process of a financial institution. We also introduce a quantitative model for estimating expected loss from fraud, and conditional fraud value at risk, which enables a direct comparison of risk among online banking channels in a multi-channel environment.

Keywords: Internet; computer crime; estimation theory; financial data processing; fraud; probability; risk analysis; trees (mathematics);IRT; conditional fraud value; cyber criminal; fraud prevention modelling; incident response tree; online financial service; probability estimation; risk analysis; Europe; Online banking; Probability; Trojan horses (ID#: 15-8458)



Tan Heng Chuan; Jun Zhang; Ma Maode; Chong, P.H.J.; Labiod, H., "Secure Public Key Regime (SPKR) in Vehicular Networks," in Cyber Security of Smart Cities, Industrial Control System and Communications (SSIC), 2015 International Conference on, pp. 1-7, 5-7 Aug. 2015. doi: 10.1109/SSIC.2015.7245678

Abstract: Public Key Regime (PKR) was proposed as an alternative to certificate based PKI in securing Vehicular Networks (VNs). It eliminates the need for vehicles to append their certificate for verification because the Road Side Units (RSUs) serve as Delegated Trusted Authorities (DTAs) to issue up-to-date public keys to vehicles for communications. If a vehicle's private/public key needs to be revoked, the root TA performs real time updates and disseminates the changes to these RSUs in the network. Therefore, PKR does not need to maintain a huge Certificate Revocation List (CRL), avoids complex certificate verification process and minimizes the high latency. However, the PKR scheme is vulnerable to Denial of Service (DoS) and collusion attacks. In this paper, we study these attacks and propose a pre-authentication mechanism to secure the PKR scheme. Our new scheme is called the Secure Public Key Regime (SPKR). It is based on the Schnorr signature scheme that requires vehicles to expend some amount of CPU resources before RSUs issue the requested public keys to them. This helps to alleviate the risk of DoS attacks. Furthermore, our scheme is secure against collusion attacks. Through numerical analysis, we show that SPKR has a lower authentication delay compared with the Elliptic Curve Digital Signature (ECDSA) scheme and other ECDSA based counterparts.

Keywords: mobile radio; public key cryptography; certificate revocation list; collusion attack; complex certificate verification process; delegated trusted authorities; denial of service attack; lower authentication delay; preauthentication mechanism; road side units; secure public key regime; vehicular networks; Authentication; Computer crime; Digital signatures; Public key; Vehicles; Collusion Attacks; Denial of Service Attacks; Schnorr signature; certificate-less PKI (ID#: 15-8459)



Bulbul, R.; Chee-Wooi Ten; Lingfeng Wang, "Prioritization Of MTTC-Based Combinatorial Evaluation For Hypothesized Substations Outages," in Power & Energy Society General Meeting, 2015 IEEE, pp. 1-5, 26-30 July 2015. doi: 10.1109/PESGM.2015.7286248

Abstract: Exhaustive enumeration of a S-select-k problem for hypothesized substations outages can be practically infeasible due to exponential growth of combinations as both S and k numbers increase. This enumeration of worst-case substations scenarios from the large set, however, can be improved based on the initial selection sets with the root nodes and segments. In this paper, the previous work of the reverse pyramid model (RPM) is enhanced with prioritization of root nodes and defined segmentations of substation list based on mean-time-to-compromise (MTTC) value that is associated with each substation. Root nodes are selected based on the threshold values of the substation ranking on MTTC values and are segmented accordingly from the root node set. Each segmentation is then being enumerated with S-select-k module to identify worst-case scenarios. The lowest threshold value on the list, e.g., a substation with no assignment of MTTC or extremely low number, is completely eliminated. Simulation shows that this approach demonstrates similar outcome of the risk indices among all randomly generated MTTC of the IEEE 30-bus system.

Keywords: IEEE standards; combinatorial mathematics; power generation reliability; risk management; substation protection; IEEE 30-bus system; MTTC-based combinatorial evaluation prioritization;S-select-k problem; hypothesized substation outage; randomly generated mean-time-to-compromise value;risk indices; substation ranking; Computer crime; Indexes; Power system reliability; Reliability ;Substations; Topology; Combinatorial verification; cyber-contingency analysis; mean time to compromise (MTTC) (ID#: 15-8460)



Ansilla, J.D.; Vasudevan, N.; JayachandraBensam, J.; Anunciya, J.D., "Data security in Smart Grid with Hardware Implementation Against DoS Attacks," in Circuit, Power and Computing Technologies (ICCPCT), 2015 International Conference on, pp. 1-7, 19-20 March 2015. doi: 10.1109/ICCPCT.2015.7159274

Abstract: Cultivation of Smart Grid refurbish with brisk and ingenious. The delinquent breed and sow mutilate in massive. This state of affair coerces security as a sapling which incessantly is to be irrigated with Research and Analysis. The Cyber Security is endowed with resiliency to the SYN flooding induced Denial of Service attack in this work. The proposed secure web server algorithm embedded in the LPC1768 processor ensures the smart resources to be precluded from the attack.

Keywords: Internet; computer network security; power engineering computing; smart power grids; DoS attacks; LPC1768 processor; SYN flooding; cybersecurity; data security; denial of service attack; secure Web server algorithm; smart grid; smart resources; Computer crime; Computers; Floods; IP networks; Protocols; Servers; ARM Processor; DoS; Hardware Implementation; SYNflooding; Smart Grid (ID#: 15-8461)



Aggarwal, P.; Grover, A.; Singh, S.; Maqbool, Z.; Pammi, V.S.C.; Dutt, V., "Cyber Security: A Game-Theoretic Analysis of Defender and Attacker Strategies in Defacing-Website Games," in Cyber Situational Awareness, Data Analytics and Assessment (CyberSA), 2015 International Conference on, pp. 1-8, 8-9 June 2015. doi: 10.1109/CyberSA.2015.7166127

Abstract: The rate at which cyber-attacks are increasing globally portrays a terrifying picture upfront. The main dynamics of such attacks could be studied in terms of the actions of attackers and defenders in a cyber-security game. However currently little research has taken place to study such interactions. In this paper we use behavioral game theory and try to investigate the role of certain actions taken by attackers and defenders in a simulated cyber-attack scenario of defacing a website. We choose a Reinforcement Learning (RL) model to represent a simulated attacker and a defender in a 2×4 cyber-security game where each of the 2 players could take up to 4 actions. A pair of model participants were computationally simulated across 1000 simulations where each pair played at most 30 rounds in the game. The goal of the attacker was to deface the website and the goal of the defender was to prevent the attacker from doing so. Our results show that the actions taken by both the attackers and defenders are a function of attention paid by these roles to their recently obtained outcomes. It was observed that if attacker pays more attention to recent outcomes then he is more likely to perform attack actions. We discuss the implication of our results on the evolution of dynamics between attackers and defenders in cyber-security games.

Keywords: Web sites; computer crime ;computer games; game theory; learning (artificial intelligence);RL model; attacker strategies; attacks dynamics; behavioral game theory; cyber-attacks; cyber-security game; defacing Website games; defender strategies; game-theoretic analysis; reinforcement learning; Cognitive science; Computational modeling; Computer security; Cost function; Games; Probabilistic logic; attacker; cognitive modeling; cyber security; cyber-attacks; defender; reinforcement-learning model (ID#: 15-8462)



Kilger, M., "Integrating Human Behavior Into the Development of Future Cyberterrorism Scenarios," in Availability, Reliability and Security (ARES), 2015 10th International Conference on, pp. 693-700, 24-27 Aug. 2015. doi: 10.1109/ARES.2015.105

Abstract: The development of future cyber terrorism scenarios is a key component in building a more comprehensive understanding of cyber threats that are likely to emerge in the near-to mid-term future. While developing concepts of likely new, emerging digital technologies is an important part of this process, this article suggests that understanding the psychological and social forces involved in cyber terrorism is also a key component in the analysis and that the synergy of these two dimensions may produce more accurate and detailed future cyber threat scenarios than either analytical element alone.

Keywords: computer crime; human factors; terrorism; cyber threats; cyberterrorism scenarios; digital technologies; human behavior; psychological force; social force; Computer crime; Computer hacking; Organizations; Predictive models; Psychology; Terrorism; cyberterrorism; motivation; psychological; scenario; social (ID#: 15-8463)



Ugwoke, F.N.; Okafor, K.C.; Chijindu, V.C., "Security Qos Profiling Against Cyber Terrorism in Airport Network Systems," in Cyberspace (CYBER-Abuja), 2015 International Conference on, pp. 241-251, 4-7 Nov. 2015. doi: 10.1109/CYBER-Abuja.2015.7360516

Abstract: Attacks on airport information network services in the form of Denial of Service (DoS), Distributed DoS (DDoS), and hijacking are the most effective schemes mostly explored by cyber terrorists in the aviation industry running Mission Critical Services (MCSs). This work presents a case for Airport Information Resource Management Systems (AIRMS) which is a cloud based platform proposed for the Nigerian aviation industry. Granting that AIRMS is susceptible to DoS attacks, there is need to develop a robust counter security network model aimed at pre-empting such attacks and subsequently mitigating the vulnerability in such networks. Existing works in literature regarding cyber security DoS and other schemes have not explored embedded Stateful Packet Inspection (SPI) based on OpenFlow Application Centric Infrastructure (OACI) for securing critical network assets. As such, SPI-OACI was proposed to address the challenge of Vulnerability Bandwidth Depletion DDoS Attacks (VBDDA). A characterization of the Cisco 9000 router firewall as an embedded network device with support for Virtual DDoS protection was carried out in the AIRMS threat mitigation design. Afterwards, the mitigation procedure and the initial phase of the design with Riverbed modeler software were realized. For the security Quality of Service (QoS) profiling, the system response metrics (i.e. SPI-OACI delay, throughput and utilization) in cloud based network were analyzed only for normal traffic flows. The work concludes by offering practical suggestion for securing similar enterprise management systems running on cloud infrastructure against cyber terrorists.

Keywords: Air traffic control; Airports; Atmospheric modeling; Computer crime; Floods; AIRMS; Attacks; Aviation Industry; Cloud Datacenters; DDoS; DoS; Mitigation Techniques; Vulnerabilities (ID#: 15-8464)



Rashid, A.; Moore, K.; May-Chahal, C.; Chitchyan, R., "Managing Emergent Ethical Concerns for Software Engineering in Society," in Software Engineering (ICSE), 2015 IEEE/ACM 37th IEEE International Conference on, vol. 2, pp. 523-526, 16-24 May 2015. doi: 10.1109/ICSE.2015.187

Abstract: This paper presents an initial framework for managing emergent ethical concerns during software engineering in society projects. We argue that such emergent considerations can neither be framed as absolute rules about how to act in relation to fixed and measurable conditions. Nor can they be addressed by simply framing them as non-functional requirements to be satisficed. Instead, a continuous process is needed that accepts the 'messiness' of social life and social research, seeks to understand complexity (rather than seek clarity), demands collective (not just individual) responsibility and focuses on dialogue over solutions. The framework has been derived based on retrospective analysis of ethical considerations in four software engineering in society projects in three different domains.

Keywords: ethical aspects; software engineering; software management; emergent ethical concern management; society projects; software engineering; Ethics; Law enforcement; Media; Societies; Software; Software engineering; Stakeholders; citizen science; cyber crime; ethics; software in society (ID#: 15-8465)



Olabelurin, A.; Veluru, S.; Healing, A.; Rajarajan, M., "Entropy Clustering Approach for Improving Forecasting in DDoS Attacks," in Networking, Sensing and Control (ICNSC), 2015 IEEE 12th International Conference on, pp. 315-320, 9-11 April 2015. doi: 10.1109/ICNSC.2015.7116055

Abstract: Volume anomaly such as distributed denial-of-service (DDoS) has been around for ages but with advancement in technologies, they have become stronger, shorter and weapon of choice for attackers. Digital forensic analysis of intrusions using alerts generated by existing intrusion detection system (IDS) faces major challenges, especially for IDS deployed in large networks. In this paper, the concept of automatically sifting through a huge volume of alerts to distinguish the different stages of a DDoS attack is developed. The proposed novel framework is purpose-built to analyze multiple logs from the network for proactive forecast and timely detection of DDoS attacks, through a combined approach of Shannon-entropy concept and clustering algorithm of relevant feature variables. Experimental studies on a cyber-range simulation dataset from the project industrial partners show that the technique is able to distinguish precursor alerts for DDoS attacks, as well as the attack itself with a very low false positive rate (FPR) of 22.5%. Application of this technique greatly assists security experts in network analysis to combat DDoS attacks.

Keywords: computer network security; digital forensics; entropy; forecasting theory; pattern clustering; DDoS attacks; FPR; IDS; Shannon-entropy concept; clustering algorithm; cyber-range simulation dataset; digital forensic analysis; distributed denial-of-service; entropy clustering approach; false positive rate; forecasting; intrusion detection system; network analysis; proactive forecast; project industrial partner; volume anomaly; Algorithm design and analysis; Clustering algorithms; Computer crime; Entropy; Feature extraction; Ports (Computers);Shannon entropy; alert management; distributed denial-of-service (DDoS) detection; k-means clustering analysis; network security; online anomaly detection (ID#: 15-8466)



Dehghanniri, H.; Letier, E.; Borrion, H., "Improving Security Decision under Uncertainty: A Multidisciplinary Approach," in Cyber Situational Awareness, Data Analytics and Assessment (CyberSA), 2015 International Conference on, pp. 1-7, 8-9 June 2015. doi: 10.1109/CyberSA.2015.7166134

Abstract: Security decision-making is a critical task in tackling security threats affecting a system or process. It often involves selecting a suitable resolution action to tackle an identified security risk. To support this selection process, decision-makers should be able to evaluate and compare available decision options. This article introduces a modelling language that can be used to represent the effects of resolution actions on the stakeholders' goals, the crime process, and the attacker. In order to reach this aim, we develop a multidisciplinary framework that combines existing knowledge from the fields of software engineering, crime science, risk assessment, and quantitative decision analysis. The framework is illustrated through an application to a case of identity theft.

Keywords: decision making; risk management; security of data; software engineering; crime science; identity theft; modelling language; quantitative decision analysis; risk assessment; security decision-making; security risk; security threat; software engineering; Companies; Credit cards; Decision making; Risk management; Security; Uncertainty; crime script; decision-making; identity theft; requirements engineering; risk; security; uncertainty (ID#: 15-8467)



Jinoh Kim; Ilhwan Moon; Kyungil Lee; Suh, S.C.; Ikkyun Kim, "Scalable Security Event Aggregation for Situation Analysis," in Big Data Computing Service and Applications (BigDataService), 2015 IEEE First International Conference on, pp. 14-23, March 30 2015-April 2 2015. doi: 10.1109/BigDataService.2015.28

Abstract: Cyber-attacks have been evolved in a way to be more sophisticated by employing combinations of attack methodologies with greater impacts. For instance, Advanced Persistent Threats (APTs) employ a set of stealthy hacking processes running over a long period of time, making it much hard to detect. With this trend, the importance of big-data security analytics has taken greater attention since identifying such latest attacks requires large-scale data processing and analysis. In this paper, we present SEAS-MR (Security Event Aggregation System over MapReduce) that facilitates scalable security event aggregation for comprehensive situation analysis. The introduced system provides the following three core functions: (i) periodic aggregation, (ii) on-demand aggregation, and (iii) query support for effective analysis. We describe our design and implementation of the system over MapReduce and high-level query languages, and report our experimental results collected through extensive settings on a Hadoop cluster for performance evaluation and design impacts.

Keywords: Big Data; computer crime; data analysis; parallel processing; pattern clustering; query languages; APT; Hadoop cluster; SEAS-MR; advanced persistent threats; attack methodologies; big-data security analytics; cyber-attacks; high-level query languages; large-scale data analysis; large-scale data processing; on-demand aggregation; performance evaluation; periodic aggregation; query support; scalable security event aggregation; security event aggregation system over MapReduce; situation analysis; stealthy hacking processes; Aggregates; Analytical models; Computers; Data processing; Database languages; Security; Sensors; Security event aggregation; big-data analytics; big-data computing; security analytics (ID#: 15-8468)



Masood, A.; Java, J., "Static Analysis for Web Service Security - Tools & Techniques for a Secure Development Life Cycle," in Technologies for Homeland Security (HST), 2015 IEEE International Symposium on, pp. 1-6, 14-16 April 2015. doi: 10.1109/THS.2015.7225337

Abstract: In this ubiquitous IoT (Internet of Things) era, web services have become a vital part of today's critical national and public sector infrastructure. With the industry wide adaptation of service-oriented architecture (SOA), web services have become an integral component of enterprise software eco-system, resulting in new security challenges. Web services are strategic components used by wide variety of organizations for information exchange on the internet scale. The public deployments of mission critical APIs opens up possibility of software bugs to be maliciously exploited. Therefore, vulnerability identification in web services through static as well as dynamic analysis is a thriving and interesting area of research in academia, national security and industry. Using OWASP (Open Web Application Security Project) web services guidelines, this paper discusses the challenges of existing standards, and reviews new techniques and tools to improve services security by detecting vulnerabilities. Recent vulnerabilities like Shellshock and Heartbleed has shifted the focus of risk assessment to the application layer, which for majority of organization means public facing web services and web/mobile applications. RESTFul services have now become the new service development paradigm normal; therefore SOAP centric standards such as XML Encryption, XML Signature, WS-Security, and WS-SecureConversation are nearly not as relevant. In this paper we provide an overview of the OWASP top 10 vulnerabilities for web services, and discuss the potential static code analysis techniques to discover these vulnerabilities. The paper reviews the security issues targeting web services, software/program verification and security development lifecycle.

Keywords: Web services; program diagnostics; program verification; security of data; Heartbleed; Internet of Things; Internet scale; OWASP; Open Web Application Security Project; RESTFul services; SOAP centric standards; Shellshock; WS-Secure Conversation; WS-security; Web applications; Web service security; Web services guidelines; XML encryption; XML signature; critical national infrastructure; dynamic analysis; enterprise software ecosystem; information exchange; mission critical API; mobile applications; national security and industry; program verification; public deployments; public sector infrastructure; risk assessment; secure development life cycle; security challenges; service development paradigm; service-oriented architecture; services security; software bugs; software verification; static code analysis; strategic components; ubiquitous IoT; vulnerabilities detection; vulnerability identification; Computer crime; Cryptography; Simple object access protocol; Testing; XML; Cyber Security; Penetration Testing; RESTFul API; SOA; SOAP; Secure Design; Secure Software Development; Security Code Review; Service Oriented Architecture; Source Code Analysis; Static Analysis Tool; Static Code Analysis; Web Application security; Web Services; Web Services Security (ID#: 15-8469)



Wood, P., "A Simulated Criminal Attack," in Cyber Security for Industrial Control Systems, pp. 1-21, 2-3 Feb. 2015. doi: 10.1049/ic.2015.0007

Abstract: Presents a collection of slides covering the following topics: advanced attack; threat analysis; remote information gathering; on-site reconnaissance; spear phishing plan; spear phishing exercise; branch office attack plan; branch office attack exercise; head office attack plan; head office attack exercise.

Keywords: computer crime; firewalls; Red Team exercise; a simulated criminal attack; advanced attack; branch office attack exercise; branch office attack plan; head office attack exercise; head office attack plan; on-site reconnaissance; remote information gathering; spear phishing exercise; spear phishing plan; threat analysis (ID#: 15-8470)



Nirmal, K.; Janet, B.; Kumar, R., "Phishing - The Threat That Still Exists," in Computing and Communications Technologies (ICCCT), 2015 International Conference on, pp. 139-143, 26-27 Feb. 2015. doi: 10.1109/ICCCT2.2015.7292734

Abstract: Phishing is an online security attack in which the hacker aims in harvesting sensitive information like passwords, credit card information etc. from the users by making them to believe what they see is what it is. This threat has been into existence for a decade and there has been continuous developments in counter attacking this threat. However, statistical study reveals how phishing is still a big threat to today's world as the online era booms. In this paper, we look into the art of phishing and have made a practical analysis on how the state of the art anti-phishing systems fail to prevent Phishing. With the loop-holes identified in the state-of-the-art systems, we move ahead paving the roadmap for the kind of system that will counter attack this online security threat more effectively.

Keywords: authorisation; computer crime; antiphishing systems; online security attack; online security threat; phishing attack; sensitive information harvesting; statistical analysis; Browsers; Computer hacking; Electronic mail; Google; Radiation detectors; Uniform resource locators; Computer Fraud; Cyber Security; Password theft; Phishing (ID#: 15-8471)



Treseangrat, K.; Kolahi, S.S.; Sarrafpour, B., "Analysis of UDP DDoS cyber flood attack and defense mechanisms on Windows Server 2012 and Linux Ubuntu 13," in Computer, Information and Telecommunication Systems (CITS), 2015 International Conference on, pp. 1-5, 15-17 July 2015. doi: 10.1109/CITS.2015.7297731

Abstract: Distributed Denial of Service (DoS) attacks are one of the major threats and among the hardest security problems in the Internet world. In this paper, we study the impact of a UDP flood attack on TCP throughputs, round-trip time, and CPU utilization on the latest version of Windows and Linux platforms, namely, Windows Server 2012 and Linux Ubuntu 13. This paper also evaluates several defense mechanisms including Access Control Lists (ACLs), Threshold Limit, Reverse Path Forwarding (IP Verify), and Network Load Balancing. Threshold Limit defense gave better results than the other solutions.

Keywords: Internet; Linux; computer network security; file servers; resource allocation; transport protocols; ACL; CPU utilization; IP verify; Internet world; Linux Ubuntu 13; TCP throughputs; UDP DDoS cyber flood attack; Windows Server 2012;Windows Sever 2012;access control lists; defense mechanisms; distributed denial of service attacks; network load balancing; reverse path forwarding; round-trip time; security problems; threshold limit; threshold limit defense; Computer crime; Floods; IP networks; Linux; Load management; Servers; Throughput; Cyber Security; UDP DDoS Attack (ID#: 15-8472)



Choejey, P.; Chun Che Fung; Kok Wai Wong; Murray, D.; Sonam, D., "Cybersecurity Challenges for Bhutan," in Electrical Engineering/Electronics, Computer, Telecommunications and Information Technology (ECTI-CON), 2015 12th International Conference on, pp. 1-5, 24-27 June 2015. doi: 10.1109/ECTICon.2015.7206975

Abstract: Information and Communications Technologies (ICTs), especially the Internet, have become a key enabler for government organisations, businesses and individuals. With increasing growth in the adoption and use of ICT devices such as smart phones, personal computers and the Internet, Cybersecurity is one of the key concerns facing modern organisations in both developed and developing countries. This paper presents an overview of cybersecurity challenges in Bhutan, within the context that the nation is emerging as an ICT developing country. This study examines the cybersecurity incidents reported both in national media and government reports, identification and analysis of different types of cyber threats, understanding of the characteristics and motives behind cyber-attacks, and their frequency of occurrence since 1999. A discussion on an ongoing research study to investigate cybersecurity management and practices for Bhutan's government organisations is also highlighted.

Keywords: Internet; government data processing; organisational aspects; security of data; Bhutan government organisations; ICT developing country; Internet; cybersecurity incidents; government organisations; government reports; information and communications technologies; national media; Computer crime; Computers; Government; Internet; Viruses (medical);Cybersecurity; cyber threats; cybersecurity management; hacking; phishing; spamming; viruses (ID#: 15-8473)



Spring, J.; Kern, S.; Summers, A., "Global Adversarial Capability Modeling," in Electronic Crime Research (eCrime), 2015 APWG Symposium on, pp. 1-21, 26-29 May 2015. doi: 10.1109/ECRIME.2015.7120797

Abstract: Intro: Computer network defense has models for attacks and incidents comprised of multiple attacks after the fact. However, we lack an evidence-based model the likelihood and intensity of attacks and incidents. Purpose: We propose a model of global capability advancement, the adversarial capability chain (ACC), to fit this need. The model enables cyber risk analysis to better understand the costs for an adversary to attack a system, which directly influences the cost to defend it. Method: The model is based on four historical studies of adversarial capabilities: capability to exploit Windows XP, to exploit the Android API, to exploit Apache, and to administer compromised industrial control systems. Result: We propose the ACC with five phases: Discovery, Validation, Escalation, Democratization, and Ubiquity. We use the four case studies as examples as to how the ACC can be applied and used to predict attack likelihood and intensity.

Keywords: Android (operating system); application program interfaces; computer network security; risk analysis; ACC; Android API; Apache; Windows XP; adversarial capability chain; attack likelihood prediction; compromised industrial control systems; computer network defense; cyber risk analysis; evidence-based model; global adversarial capability modeling; Analytical models; Androids; Biological system modeling; Computational modeling; Humanoid robots; Integrated circuit modeling; Software systems; CND; computer network defense; cybersecurity; incident response; intelligence; intrusion detection; modeling; security (ID#: 15-8474)



Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to for removal of the links or modifications.