Visible to the public Biblio

Found 189 results

Filters: Keyword is Organizations  [Clear All Filters]
2021-07-08
Raja, S. Kanaga Suba, Sathya, A., Priya, L..  2020.  A Hybrid Data Access Control Using AES and RSA for Ensuring Privacy in Electronic Healthcare Records. 2020 International Conference on Power, Energy, Control and Transmission Systems (ICPECTS). :1—5.
In the current scenario, the data owners would like to access data from anywhere and anytime. Hence, they will store their data in public or private cloud along with encryption and particular set of attributes to access control on the cloud data. While uploading the data into public or private cloud they will assign some attribute set to their data. If any authorized cloud user wants to download their data they should enter that particular attribute set to perform further actions on the data owner's data. A cloud user wants to register their details under cloud organization to access the data owner's data. Users wants to submit their details as attributes along with their designation. Based on the Users details Semi-Trusted Authority generates decryption keys to get control on owner's data. A user can perform a lot of operation over the cloud data. If the user wants to read the cloud data he needs to be entering some read related, and if he wants to write the data he needs to be entering write related attribute. For each and every action user in an organization would be verified with their unique attribute set. These attributes will be stored by the admins to the authorized users in cloud organization. These attributes will be stored in the policy files in a cloud. Along with this attribute,a rule based engine is used, to provide the access control to user. If any user leaks their decryption key to the any malicious user data owners wants to trace by sending audit request to auditor and auditor will process the data owners request and concludes that who is the convict.
2021-06-28
Lehrfeld, Michael R..  2020.  Preventing the Insider – Blocking USB Write Capabilities to Prevent IP Theft. 2020 SoutheastCon. 2:1–7.
The Edward Snowden data breach of 2013 clearly illustrates the damage that insiders can do to an organization. An insider's knowledge of an organization allows them legitimate access to the systems where valuable information is stored. Because they belong within an organizations security perimeter, an insider is inherently difficult to detect and prevent information leakage. To counter this, proactive measures must be deployed to limit the ability of an insider to steal information. Email monitoring at the edge is can easily be monitored for large file exaltation. However, USB drives are ideally suited for large-scale file extraction in a covert manner. This work discusses a process for disabling write-access to USB drives while allowing read-access. Allowing read-access for USB drives allows an organization to adapt to the changing security posture of the organization. People can still bring USB devices into the organization and read data from them, but exfiltration is more difficult.
2021-06-24
Stöckle, Patrick, Grobauer, Bernd, Pretschner, Alexander.  2020.  Automated Implementation of Windows-related Security-Configuration Guides. 2020 35th IEEE/ACM International Conference on Automated Software Engineering (ASE). :598—610.
Hardening is the process of configuring IT systems to ensure the security of the systems' components and data they process or store. The complexity of contemporary IT infrastructures, however, renders manual security hardening and maintenance a daunting task. In many organizations, security-configuration guides expressed in the SCAP (Security Content Automation Protocol) are used as a basis for hardening, but these guides by themselves provide no means for automatically implementing the required configurations. In this paper, we propose an approach to automatically extract the relevant information from publicly available security-configuration guides for Windows operating systems using natural language processing. In a second step, the extracted information is verified using the information of available settings stored in the Windows Administrative Template files, in which the majority of Windows configuration settings is defined. We show that our implementation of this approach can extract and implement 83% of the rules without any manual effort and 96% with minimal manual effort. Furthermore, we conduct a study with 12 state-of-the-art guides consisting of 2014 rules with automatic checks and show that our tooling can implement at least 97% of them correctly. We have thus significantly reduced the effort of securing systems based on existing security-configuration guides. In many organizations, security-configuration guides expressed in the SCAP (Security Content Automation Protocol) are used as a basis for hardening, but these guides by themselves provide no means for automatically implementing the required configurations. In this paper, we propose an approach to automatically extract the relevant information from publicly available security-configuration guides for Windows operating systems using natural language processing. In a second step, the extracted information is verified using the information of available settings stored in the Windows Administrative Template files, in which the majority of Windows configuration settings is defined. We show that our implementation of this approach can extract and implement 83% of the rules without any manual effort and 96% with minimal manual effort. Furthermore, we conduct a study with 12 state-of-the-art guides consisting of 2014 rules with automatic checks and show that our tooling can implement at least 97% of them correctly. We have thus significantly reduced the effort of securing systems based on existing security-configuration guides. In this paper, we propose an approach to automatically extract the relevant information from publicly available security-configuration guides for Windows operating systems using natural language processing. In a second step, the extracted information is verified using the information of available settings stored in the Windows Administrative Template files, in which the majority of Windows configuration settings is defined. We show that our implementation of this approach can extract and implement 83% of the rules without any manual effort and 96% with minimal manual effort. Furthermore, we conduct a study with 12 state-of-the-art guides consisting of 2014 rules with automatic checks and show that our tooling can implement at least 97% of them correctly. We have thus significantly reduced the effort of securing systems based on existing security-configuration guides. We show that our implementation of this approach can extract and implement 83% of the rules without any manual effort and 96% with minimal manual effort. Furthermore, we conduct a study with 12 state-of-the-art guides consisting of 2014 rules with automatic checks and show that our tooling can implement at least 97% of them correctly. We have thus significantly reduced the effort of securing systems based on existing security-configuration guides.
2021-05-25
Sabillon, Regner, Serra-Ruiz, Jordi, Cavaller, Victor, Cano, Jeimy.  2017.  A Comprehensive Cybersecurity Audit Model to Improve Cybersecurity Assurance: The CyberSecurity Audit Model (CSAM). 2017 International Conference on Information Systems and Computer Science (INCISCOS). :253—259.

Nowadays, private corporations and public institutions are dealing with constant and sophisticated cyberthreats and cyberattacks. As a general warning, organizations must build and develop a cybersecurity culture and awareness in order to defend against cybercriminals. Information Technology (IT) and Information Security (InfoSec) audits that were efficient in the past, are trying to converge into cybersecurity audits to address cyber threats, cyber risks and cyberattacks that evolve in an aggressive cyber landscape. However, the increase in number and complexity of cyberattacks and the convoluted cyberthreat landscape is challenging the running cybersecurity audit models and putting in evidence the critical need for a new cybersecurity audit model. This article reviews the best practices and methodologies of global leaders in the cybersecurity assurance and audit arena. By means of the analysis of the current approaches and theoretical background, their real scope, strengths and weaknesses are highlighted looking forward a most efficient and cohesive synthesis. As a resut, this article presents an original and comprehensive cybersecurity audit model as a proposal to be utilized for conducting cybersecurity audits in organizations and Nation States. The CyberSecurity Audit Model (CSAM) evaluates and validates audit, preventive, forensic and detective controls for all organizational functional areas. CSAM has been tested, implemented and validated along with the Cybersecurity Awareness TRAining Model (CATRAM) in a Canadian higher education institution. A research case study is being conducted to validate both models and the findings will be published accordingly.

Abbas, Syed Ghazanfar, Hashmat, Fabiha, Shah, Ghalib A..  2020.  A Multi-layer Industrial-IoT Attack Taxonomy: Layers, Dimensions, Techniques and Application. 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). :1820—1825.

Industrial IoT (IIoT) is a specialized subset of IoT which involves the interconnection of industrial devices with ubiquitous control and intelligent processing services to improve industrial system's productivity and operational capability. In essence, IIoT adapts a use-case specific architecture based on RFID sense network, BLE sense network or WSN, where heterogeneous industrial IoT devices can collaborate with each other to achieve a common goal. Nonetheless, most of the IIoT deployments are brownfield in nature which involves both new and legacy technologies (SCADA (Supervisory Control and Data Acquisition System)). The merger of these technologies causes high degree of cross-linking and decentralization which ultimately increases the complexity of IIoT systems and introduce new vulnerabilities. Hence, industrial organizations becomes not only vulnerable to conventional SCADA attacks but also to a multitude of IIoT specific threats. However, there is a lack of understanding of these attacks both with respect to the literature and empirical evaluation. As a consequence, it is infeasible for industrial organizations, researchers and developers to analyze attacks and derive a robust security mechanism for IIoT. In this paper, we developed a multi-layer taxonomy of IIoT attacks by considering both brownfield and greenfield architecture of IIoT. The taxonomy consists of 11 layers 94 dimensions and approximately 100 attack techniques which helps to provide a holistic overview of the incident attack pattern, attack characteristics and impact on industrial system. Subsequently, we have exhibited the practical relevance of developed taxonomy by applying it to a real-world use-case. This research will benefit researchers and developers to best utilize developed taxonomy for analyzing attack sequence and to envisage an efficient security platform for futuristic IIoT applications.

2021-05-13
Jenkins, Ira Ray, Smith, Sean W..  2020.  Distributed IoT Attestation via Blockchain. 2020 20th IEEE/ACM International Symposium on Cluster, Cloud and Internet Computing (CCGRID). :798—801.

We propose a novel attestation architecture for the Internet of Things (IoT). Our distributed attestation network (DAN) utilizes blockchain technology to store and share device information. We present the design of this new attestation architecture as well as a prototype system chosen to emulate an IoT deployment with a network of Raspberry Pi, Infineon TPMs, and a Hyperledger Fabric blockchain.

Susukailo, Vitalii, Opirskyy, Ivan, Vasylyshyn, Sviatoslav.  2020.  Analysis of the attack vectors used by threat actors during the pandemic. 2020 IEEE 15th International Conference on Computer Sciences and Information Technologies (CSIT). 2:261—264.

This article describes attacks methods, vectors and technics used by threat actors during pandemic situations in the world. Identifies common targets of threat actors and cyber-attack tactics. The article analyzes cybersecurity challenges and specifies possible solutions and improvements in cybersecurity. Defines cybersecurity controls, which should be taken against analyzed attack vectors.

Everson, Douglas, Cheng, Long.  2020.  Network Attack Surface Simplification for Red and Blue Teams. 2020 IEEE Secure Development (SecDev). :74–80.
Network port scans are a key first step to developing a true understanding of a network-facing attack surface. However in large-scale networks, the data resulting from such scans can be too numerous for Red Teams to process for manual and semiautomatic testing. Indiscriminate port scans can also compromise a Red Team seeking to quickly gain a foothold on a network. A large attack surface can even complicate Blue Team activities like threat hunting. In this paper we provide a cluster analysis methodology designed to group similar hosts to reduce security team workload and Red Team observability. We also measure the Internet-facing network attack surface of 13 organizations by clustering their hosts based on similarity. Through a case study we demonstrate how the output of our clustering technique provides new insight to both Red and Blue Teams, allowing them to quickly identify potential high-interest points on the attack surface.
2021-04-27
Putz, B., Pernul, G..  2020.  Detecting Blockchain Security Threats. 2020 IEEE International Conference on Blockchain (Blockchain). :313—320.
In many organizations, permissioned blockchain networks are currently transitioning from a proof-of-concept stage to production use. A crucial part of this transition is ensuring awareness of potential threats to network operations. Due to the plethora of software components involved in distributed ledgers, threats may be difficult or impossible to detect without a structured monitoring approach. To this end, we conduct a survey of attacks on permissioned blockchains and develop a set of threat indicators. To gather these indicators, a data processing pipeline is proposed to aggregate log information from relevant blockchain components, enriched with data from external sources. To evaluate the feasibility of monitoring current blockchain frameworks, we determine relevant data sources in Hyperledger Fabric. Our results show that the required data is mostly available, but also highlight significant improvement potential with regard to threat intelligence, chaincode scanners and built-in metrics.
Hammoud, O. R., Tarkhanov, I. A..  2020.  Blockchain-based open infrastructure for URL filtering in an Internet browser. 2020 IEEE 14th International Conference on Application of Information and Communication Technologies (AICT). :1—4.
This research is dedicated to the development of a prototype of open infrastructure for users’ internet traffic filtering on a browser level. We described the advantages of a distributed approach in comparison with current centralized solutions. Besides, we suggested a solution to define the optimum size for a URL storage block in Ethereum network. This solution may be used for the development of infrastructure of DApps applications on Ethereum network in future. The efficiency of the suggested approach is supported by several experiments.
2021-04-08
Althebyan, Q..  2019.  A Mobile Edge Mitigation Model for Insider Threats: A Knowledgebase Approach. 2019 International Arab Conference on Information Technology (ACIT). :188—192.
Taking care of security at the cloud is a major issue that needs to be carefully considered and solved for both individuals as well as organizations. Organizations usually expect more trust from employees as well as customers in one hand. On the other hand, cloud users expect their private data is maintained and secured. Although this must be case, however, some malicious outsiders of the cloud as well as malicious insiders who are cloud internal users tend to disclose private data for their malicious uses. Although outsiders of the cloud should be a concern, however, the more serious problems come from Insiders whose malicious actions are more serious and sever. Hence, insiders' threats in the cloud should be the top most problem that needs to be tackled and resolved. This paper aims to find a proper solution for the insider threat problem in the cloud. The paper presents a Mobile Edge Computing (MEC) mitigation model as a solution that suits the specialized nature of this problem where the solution needs to be very close to the place where insiders reside. This in fact gives real-time responses to attack, and hence, reduces the overhead in the cloud.
Roy, P., Mazumdar, C..  2018.  Modeling of Insider Threat using Enterprise Automaton. 2018 Fifth International Conference on Emerging Applications of Information Technology (EAIT). :1—4.
Substantial portions of attacks on the security of enterprises are perpetrated by Insiders having authorized privileges. Thus insider threat and attack detection is an important aspect of Security management. In the published literature, efforts are on to model the insider threats based on the behavioral traits of employees. The psycho-social behaviors are hard to encode in the software systems. Also, in some cases, there are privacy issues involved. In this paper, the human and non-human agents in a system are described in a novel unified model. The enterprise is described as an automaton and its states are classified secure, safe, unsafe and compromised. The insider agents and threats are modeled on the basis of the automaton and the model is validated using a case study.
Spooner, D., Silowash, G., Costa, D., Albrethsen, M..  2018.  Navigating the Insider Threat Tool Landscape: Low Cost Technical Solutions to Jump Start an Insider Threat Program. 2018 IEEE Security and Privacy Workshops (SPW). :247—257.
This paper explores low cost technical solutions that can help organizations prevent, detect, and respond to insider incidents. Features and functionality associated with insider risk mitigation are presented. A taxonomy for high-level categories of insider threat tools is presented. A discussion of the relationship between the types of tools points out the nuances of insider threat control deployment, and considerations for selecting, implementing, and operating insider threat tools are provided.
Mundie, D. A., Perl, S., Huth, C. L..  2013.  Toward an Ontology for Insider Threat Research: Varieties of Insider Threat Definitions. 2013 Third Workshop on Socio-Technical Aspects in Security and Trust. :26—36.
The lack of standardization of the terms insider and insider threat has been a noted problem for researchers in the insider threat field. This paper describes the investigation of 42 different definitions of the terms insider and insider threat, with the goal of better understanding the current conceptual model of insider threat and facilitating communication in the research community.
Claycomb, W. R., Huth, C. L., Phillips, B., Flynn, L., McIntire, D..  2013.  Identifying indicators of insider threats: Insider IT sabotage. 2013 47th International Carnahan Conference on Security Technology (ICCST). :1—5.
This paper describes results of a study seeking to identify observable events related to insider sabotage. We collected information from actual insider threat cases, created chronological timelines of the incidents, identified key points in each timeline such as when attack planning began, measured the time between key events, and looked for specific observable events or patterns that insiders held in common that may indicate insider sabotage is imminent or likely. Such indicators could be used by security experts to potentially identify malicious activity at or before the time of attack. Our process included critical steps such as identifying the point of damage to the organization as well as any malicious events prior to zero hour that enabled the attack but did not immediately cause harm. We found that nearly 71% of the cases we studied had either no observable malicious action prior to attack, or had one that occurred less than one day prior to attack. Most of the events observed prior to attack were behavioral, not technical, especially those occurring earlier in the case timelines. Of the observed technical events prior to attack, nearly one third involved installation of software onto the victim organizations IT systems.
2021-03-30
Ashiku, L., Dagli, C..  2020.  Agent Based Cybersecurity Model for Business Entity Risk Assessment. 2020 IEEE International Symposium on Systems Engineering (ISSE). :1—6.

Computer networks and surging advancements of innovative information technology construct a critical infrastructure for network transactions of business entities. Information exchange and data access though such infrastructure is scrutinized by adversaries for vulnerabilities that lead to cyber-attacks. This paper presents an agent-based system modelling to conceptualize and extract explicit and latent structure of the complex enterprise systems as well as human interactions within the system to determine common vulnerabilities of the entity. The model captures emergent behavior resulting from interactions of multiple network agents including the number of workstations, regular, administrator and third-party users, external and internal attacks, defense mechanisms for the network setting, and many other parameters. A risk-based approach to modelling cybersecurity of a business entity is utilized to derive the rate of attacks. A neural network model will generalize the type of attack based on network traffic features allowing dynamic state changes. Rules of engagement to generate self-organizing behavior will be leveraged to appoint a defense mechanism suitable for the attack-state of the model. The effectiveness of the model will be depicted by time-state chart that shows the number of affected assets for the different types of attacks triggered by the entity risk and the time it takes to revert into normal state. The model will also associate a relevant cost per incident occurrence that derives the need for enhancement of security solutions.

Ganfure, G. O., Wu, C.-F., Chang, Y.-H., Shih, W.-K..  2020.  DeepGuard: Deep Generative User-behavior Analytics for Ransomware Detection. 2020 IEEE International Conference on Intelligence and Security Informatics (ISI). :1—6.

In the last couple of years, the move to cyberspace provides a fertile environment for ransomware criminals like ever before. Notably, since the introduction of WannaCry, numerous ransomware detection solution has been proposed. However, the ransomware incidence report shows that most organizations impacted by ransomware are running state of the art ransomware detection tools. Hence, an alternative solution is an urgent requirement as the existing detection models are not sufficient to spot emerging ransomware treat. With this motivation, our work proposes "DeepGuard," a novel concept of modeling user behavior for ransomware detection. The main idea is to log the file-interaction pattern of typical user activity and pass it through deep generative autoencoder architecture to recreate the input. With sufficient training data, the model can learn how to reconstruct typical user activity (or input) with minimal reconstruction error. Hence, by applying the three-sigma limit rule on the model's output, DeepGuard can distinguish the ransomware activity from the user activity. The experiment result shows that DeepGuard effectively detects a variant class of ransomware with minimal false-positive rates. Overall, modeling the attack detection with user-behavior permits the proposed strategy to have deep visibility of various ransomware families.

2021-03-29
Erulanova, A., Soltan, G., Baidildina, A., Amangeldina, M., Aset, A..  2020.  Expert System for Assessing the Efficiency of Information Security. 2020 7th International Conference on Electrical and Electronics Engineering (ICEEE). :355—359.

The paper considers an expert system that provides an assessment of the state of information security in authorities and organizations of various forms of ownership. The proposed expert system allows to evaluate the state of compliance with the requirements of both organizational and technical measures to ensure the protection of information, as well as the level of compliance with the requirements of the information protection system in general. The expert assessment method is used as a basic method for assessing the state of information protection. The developed expert system provides a significant reduction in routine operations during the audit of information security. The results of the assessment are presented quite clearly and provide an opportunity for the leadership of the authorities and organizations to make informed decisions to further improve the information protection system.

Mar, Z., Oo, K. K..  2020.  An Improvement of Apriori Mining Algorithm using Linked List Based Hash Table. 2020 International Conference on Advanced Information Technologies (ICAIT). :165–169.
Today, the huge amount of data was using in organizations around the world. This huge amount of data needs to process so that we can acquire useful information. Consequently, a number of industry enterprises discovered great information from shopper purchases found in any respect times. In data mining, the most important algorithms for find frequent item sets from large database is Apriori algorithm and discover the knowledge using the association rule. Apriori algorithm was wasted times for scanning the whole database and searching the frequent item sets and inefficient of memory requirement when large numbers of transactions are in consideration. The improved Apriori algorithm is adding and calculating third threshold may increase the overhead. So, in the aims of proposed research, Improved Apriori algorithm with LinkedList and hash tabled is used to mine frequent item sets from the transaction large amount of database. This method includes database is scanning with Improved Apriori algorithm and frequent 1-item sets counts with using the hash table. Then, in the linked list saved the next frequent item sets and scanning the database. The hash table used to produce the frequent 2-item sets Therefore, the database scans the only two times and necessary less processing time and memory space.
Kotra, A., Eldosouky, A., Sengupta, S..  2020.  Every Anonymization Begins with k: A Game-Theoretic Approach for Optimized k Selection in k-Anonymization. 2020 International Conference on Advances in Computing and Communication Engineering (ICACCE). :1–6.
Privacy preservation is one of the greatest concerns when data is shared between different organizations. On the one hand, releasing data for research purposes is inevitable. On the other hand, sharing this data can jeopardize users' privacy. An effective solution, for the sharing organizations, is to use anonymization techniques to hide the users' sensitive information. One of the most popular anonymization techniques is k-Anonymization in which any data record is indistinguishable from at least k-1 other records. However, one of the fundamental challenges in choosing the value of k is the trade-off between achieving a higher privacy and the information loss associated with the anonymization. In this paper, the problem of choosing the optimal anonymization level for k-anonymization, under possible attacks, is studied when multiple organizations share their data to a common platform. In particular, two common types of attacks are considered that can target the k-anonymization technique. To this end, a novel game-theoretic framework is proposed to model the interactions between the sharing organizations and the attacker. The problem is formulated as a static game and its different Nash equilibria solutions are analytically derived. Simulation results show that the proposed framework can significantly improve the utility of the sharing organizations through optimizing the choice of k value.
2021-03-22
Vimercati, S. de Capitani di, Foresti, S., Paraboschi, S., Samarati, P..  2020.  Enforcing Corporate Governance's Internal Controls and Audit in the Cloud. 2020 IEEE 13th International Conference on Cloud Computing (CLOUD). :453–461.
More and more organizations are today using the cloud for their business as a quite convenient alternative to in-house solutions for storing, processing, and managing data. Cloud-based solutions are then permeating almost all aspects of business organizations, resulting appealing also for functions that, already in-house, may result sensitive or security critical, and whose enforcement in the cloud requires then particular care. In this paper, we provide an approach for securely relying on cloud-based services for the enforcement of Internal Controls and Audit (ICA) functions for corporate governance. Our approach is based on the use of selective encryption and of tags to provide a level of self-protection to data and for enabling only authorized parties to access data and perform operations on them, providing privacy and integrity guarantees, as well as accountability and non-repudiation.
2021-03-15
Danilova, A., Naiakshina, A., Smith, M..  2020.  One Size Does Not Fit All: A Grounded Theory and Online Survey Study of Developer Preferences for Security Warning Types. 2020 IEEE/ACM 42nd International Conference on Software Engineering (ICSE). :136–148.
A wide range of tools exist to assist developers in creating secure software. Many of these tools, such as static analysis engines or security checkers included in compilers, use warnings to communicate security issues to developers. The effectiveness of these tools relies on developers heeding these warnings, and there are many ways in which these warnings could be displayed. Johnson et al. [46] conducted qualitative research and found that warning presentation and integration are main issues. We built on Johnson et al.'s work and examined what developers want from security warnings, including what form they should take and how they should integrate into their workflow and work context. To this end, we conducted a Grounded Theory study with 14 professional software developers and 12 computer science students as well as a focus group with 7 academic researchers to gather qualitative insights. To back up the theory developed from the qualitative research, we ran a quantitative survey with 50 professional software developers. Our results show that there is significant heterogeneity amongst developers and that no one warning type is preferred over all others. The context in which the warnings are shown is also highly relevant, indicating that it is likely to be beneficial if IDEs and other development tools become more flexible in their warning interactions with developers. Based on our findings, we provide concrete recommendations for both future research as well as how IDEs and other security tools can improve their interaction with developers.
2021-03-09
Oosthoek, K., Doerr, C..  2020.  From Hodl to Heist: Analysis of Cyber Security Threats to Bitcoin Exchanges. 2020 IEEE International Conference on Blockchain and Cryptocurrency (ICBC). :1—9.

Bitcoin is gaining traction as an alternative store of value. Its market capitalization transcends all other cryptocurrencies in the market. But its high monetary value also makes it an attractive target to cyber criminal actors. Hacking campaigns usually target the weakest points in an ecosystem. In Bitcoin, these are currently the exchange platforms. As each exchange breach potentially decreases Bitcoin's market value by billions, it is a threat not only to direct victims, but to everyone owning Bitcoin. Based on an extensive analysis of 36 breaches of Bitcoin exchanges, we show the attack patterns used to exploit Bitcoin exchange platforms using an industry standard for reporting intelligence on cyber security breaches. Based on this we are able to provide an overview of the most common attack vectors, showing that all except three hacks were possible due to relatively lax security. We also show that while the security regimen of Bitcoin exchanges is not on par with other financial service providers, the use of stolen credentials, which does not require any hacking, is decreasing. We also show that the amount of BTC taken during a breach is decreasing, as well as the exchanges that terminate after being breached. With exchanges being targeted by nation-state hacking groups, security needs to be a first concern.

Wilkens, F., Fischer, M..  2020.  Towards Data-Driven Characterization of Brute-Force Attackers. 2020 IEEE Conference on Communications and Network Security (CNS). :1—9.

Brute-force login attempts are common for every host on the public Internet. While most of them can be discarded as low-threat attacks, targeted attack campaigns often use a dictionary-based brute-force attack to establish a foothold in the network. Therefore, it is important to characterize the attackers' behavior to prioritize defensive measures and react to new threats quickly. In this paper we present a set of metrics that can support threat hunters in characterizing brute-force login attempts. Based on connection metadata, timing information, and the attacker's dictionary these metrics can help to differentiate scans and to find common behavior across distinct IP addresses. We evaluated our novel metrics on a real-world data set of malicious login attempts collected by our honeypot Honeygrove. We highlight interesting metrics, show how clustering can be leveraged to reveal common behavior across IP addresses, and describe how selected metrics help to assess the threat level of attackers. Amongst others, we for example found strong indicators for collusion between ten otherwise unrelated IP addresses confirming that a clustering of the right metrics can help to reveal coordinated attacks.

2021-02-01
Wickramasinghe, C. S., Marino, D. L., Grandio, J., Manic, M..  2020.  Trustworthy AI Development Guidelines for Human System Interaction. 2020 13th International Conference on Human System Interaction (HSI). :130–136.
Artificial Intelligence (AI) is influencing almost all areas of human life. Even though these AI-based systems frequently provide state-of-the-art performance, humans still hesitate to develop, deploy, and use AI systems. The main reason for this is the lack of trust in AI systems caused by the deficiency of transparency of existing AI systems. As a solution, “Trustworthy AI” research area merged with the goal of defining guidelines and frameworks for improving user trust in AI systems, allowing humans to use them without fear. While trust in AI is an active area of research, very little work exists where the focus is to build human trust to improve the interactions between human and AI systems. In this paper, we provide a concise survey on concepts of trustworthy AI. Further, we present trustworthy AI development guidelines for improving the user trust to enhance the interactions between AI systems and humans, that happen during the AI system life cycle.