A. Assmuth, W. Cockshott, Jana Kipke, K. Renaud, Lewis Mackenzie, W. Vanderbauwhede, Matthias Söllner, Tilo Fischer, G. Weir
Industrial control systems (ICSs) are, at present, extremely vulnerable to cyber attack because they are homogenous and interconnected. Mitigating solutions are urgently required because systems breaches can feasibly lead to fatalities. In this paper we propose the deployment of permuted code onto Physically Unclonable Unique Processors in order to resist common cyber attacks. We present our proposal and explain how it would resist attacks from hostile agents.
{"title":"Improving Resilience by Deploying Permuted Code onto Physically Unclonable Unique Processors","authors":"A. Assmuth, W. Cockshott, Jana Kipke, K. Renaud, Lewis Mackenzie, W. Vanderbauwhede, Matthias Söllner, Tilo Fischer, G. Weir","doi":"10.1109/CCC.2016.30","DOIUrl":"https://doi.org/10.1109/CCC.2016.30","url":null,"abstract":"Industrial control systems (ICSs) are, at present, extremely vulnerable to cyber attack because they are homogenous and interconnected. Mitigating solutions are urgently required because systems breaches can feasibly lead to fatalities. In this paper we propose the deployment of permuted code onto Physically Unclonable Unique Processors in order to resist common cyber attacks. We present our proposal and explain how it would resist attacks from hostile agents.","PeriodicalId":120509,"journal":{"name":"2016 Cybersecurity and Cyberforensics Conference (CCC)","volume":"77 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-10-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134050164","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Cyber criminals increasingly target Small and Medium Sized Businesses (SMEs) since they are perceived to have the weakest defences. Some will not survive a cyber attack, and others will have their ability to continue trading seriously impaired. There is compelling evidence that, at present, SMEs do not seem to be implementing all the advisable security measures which could help them to resist such attacks. Many in the security industry believe that this is because SMEs do not take the threat seriously. This paper reports on a study to find out whether this is the case, or not. The primary finding is that most SMEs do care about the threat but that very few implement even a small subset of the available security precautions. One contributory factor seemed to be the uncertainty caused by the wealth of conflicting and confusing online advice offered by industry and official bodies. This seemed to be hindering rather than helping SMEs so that they did not know what actions to take to improve their resilience. The conclusion is a recommendation for actions to be taken to better inform SMEs and help them to secure their systems more effectively.
{"title":"Cybersecurity and the Unbearability of Uncertainty","authors":"K. Renaud, G. Weir","doi":"10.1109/CCC.2016.29","DOIUrl":"https://doi.org/10.1109/CCC.2016.29","url":null,"abstract":"Cyber criminals increasingly target Small and Medium Sized Businesses (SMEs) since they are perceived to have the weakest defences. Some will not survive a cyber attack, and others will have their ability to continue trading seriously impaired. There is compelling evidence that, at present, SMEs do not seem to be implementing all the advisable security measures which could help them to resist such attacks. Many in the security industry believe that this is because SMEs do not take the threat seriously. This paper reports on a study to find out whether this is the case, or not. The primary finding is that most SMEs do care about the threat but that very few implement even a small subset of the available security precautions. One contributory factor seemed to be the uncertainty caused by the wealth of conflicting and confusing online advice offered by industry and official bodies. This seemed to be hindering rather than helping SMEs so that they did not know what actions to take to improve their resilience. The conclusion is a recommendation for actions to be taken to better inform SMEs and help them to secure their systems more effectively.","PeriodicalId":120509,"journal":{"name":"2016 Cybersecurity and Cyberforensics Conference (CCC)","volume":"17 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-10-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121704981","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The incorporation of ICT in public sector organisations is progressing rapidly in Oman where the government sees this as a means to enhance the delivery of online services. In this context, preserving the security of information, and making Information Security a core organisational aspect in public sector organisations, requires attention from management. Our research is the first known attempt to gauge management attitudes toward Information Security in Oman. We also consider how such attitudes influence Information Security governance. In addressing these issues, we review current compliance with Information Security procedures in Omani public sector organisations, review management attitudes toward Information Security governance practices, and explore how management attitudes toward Information Security impact upon these aspects.
{"title":"Management Attitudes toward Information Security in Omani Public Sector Organisations","authors":"Fathiya Al Izki, G. Weir","doi":"10.1109/CCC.2016.28","DOIUrl":"https://doi.org/10.1109/CCC.2016.28","url":null,"abstract":"The incorporation of ICT in public sector organisations is progressing rapidly in Oman where the government sees this as a means to enhance the delivery of online services. In this context, preserving the security of information, and making Information Security a core organisational aspect in public sector organisations, requires attention from management. Our research is the first known attempt to gauge management attitudes toward Information Security in Oman. We also consider how such attitudes influence Information Security governance. In addressing these issues, we review current compliance with Information Security procedures in Omani public sector organisations, review management attitudes toward Information Security governance practices, and explore how management attitudes toward Information Security impact upon these aspects.","PeriodicalId":120509,"journal":{"name":"2016 Cybersecurity and Cyberforensics Conference (CCC)","volume":"21 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-10-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115795314","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
With an ever-increasing trend of cybercrimes and incidents due to software vulnerabilities and exposures, effective and proactive vulnerability management becomes imperative in modern organisations regardless large or small. Forecasting models leveraging rich historical vulnerability disclosure data undoubtedly provide important insights to inform the cyber community with the anticipated risks. In this paper, we proposed a novel framework for statistically analysing long-term vulnerability time series between January 1999 and January 2016. By utilising this sound framework, we initiated an important study on not only testing but also modelling persistent volatilities in the data. In sharp contrast to the existing models, we consider capturing both mean and conditional variance latent in the disclosure series. Through extensive empirical studies, a composite model is shown to effectively capture the sporadic nature of vulnerability time series. In addition, this paper paves the way for further study on the stochastic perspective of cyber vulnerability proliferation towards more accurate prediction models and better risk management.
{"title":"Exploiting Vulnerability Disclosures: Statistical Framework and Case Study","authors":"Mingjian Tang, M. Alazab, Yuxiu Luo","doi":"10.1109/CCC.2016.10","DOIUrl":"https://doi.org/10.1109/CCC.2016.10","url":null,"abstract":"With an ever-increasing trend of cybercrimes and incidents due to software vulnerabilities and exposures, effective and proactive vulnerability management becomes imperative in modern organisations regardless large or small. Forecasting models leveraging rich historical vulnerability disclosure data undoubtedly provide important insights to inform the cyber community with the anticipated risks. In this paper, we proposed a novel framework for statistically analysing long-term vulnerability time series between January 1999 and January 2016. By utilising this sound framework, we initiated an important study on not only testing but also modelling persistent volatilities in the data. In sharp contrast to the existing models, we consider capturing both mean and conditional variance latent in the disclosure series. Through extensive empirical studies, a composite model is shown to effectively capture the sporadic nature of vulnerability time series. In addition, this paper paves the way for further study on the stochastic perspective of cyber vulnerability proliferation towards more accurate prediction models and better risk management.","PeriodicalId":120509,"journal":{"name":"2016 Cybersecurity and Cyberforensics Conference (CCC)","volume":"80 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-10-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134443567","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Cyber-attacks are on the rise due to the increased usage of social networking application's built-in Android devices via Wi-Fi connections, which has resulted in privacy issues. Several studies have been conducted to investigate Android phones, however, none of these have proposed a comprehensive Android investigation method, which begins with a Man-in-the-Middle attack and ending in a criminal investigation. The purpose of this research is to propose an Android forensics framework against such Wi-Fi attacks, using advanced forensic tools, such as the Cellebrite Universal Forensic Extraction Device and the Oxygen. This will assist the researcher to prove the suggested arguments in the following: 1. To implement guidelines for the forensic examiners, especially for those new in the field of forensics, and 2. To guide Android and social networking application developers to enhance the level of security. Furthermore, this study recommends the best data extraction methods designed for Android devices.
{"title":"Android Forensics: Investigating Social Networking Cybercrimes against Man-in-the-Middle Attacks","authors":"K. Zaabi","doi":"10.1109/CCC.2016.15","DOIUrl":"https://doi.org/10.1109/CCC.2016.15","url":null,"abstract":"Cyber-attacks are on the rise due to the increased usage of social networking application's built-in Android devices via Wi-Fi connections, which has resulted in privacy issues. Several studies have been conducted to investigate Android phones, however, none of these have proposed a comprehensive Android investigation method, which begins with a Man-in-the-Middle attack and ending in a criminal investigation. The purpose of this research is to propose an Android forensics framework against such Wi-Fi attacks, using advanced forensic tools, such as the Cellebrite Universal Forensic Extraction Device and the Oxygen. This will assist the researcher to prove the suggested arguments in the following: 1. To implement guidelines for the forensic examiners, especially for those new in the field of forensics, and 2. To guide Android and social networking application developers to enhance the level of security. Furthermore, this study recommends the best data extraction methods designed for Android devices.","PeriodicalId":120509,"journal":{"name":"2016 Cybersecurity and Cyberforensics Conference (CCC)","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130771289","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The cheapest form of communication in the world today is email, and its simplicity makes it vulnerable to many threats. One of the most important threats to email is spam, unsolicited email, normally with an advertising content sent out as a mass mailing. Malicious spam is spam with malicious content in forms of harmful attachments or links to phishing websites. In the case of educational institutes, malicious spam threatens the privacy and security of large amount of sensitive data relating to staff and students. Hence, a system that can automatically learn how to classify malicious spam in educational institutes is highly desirable. In this paper, we aim to improve detection of malicious spam through feature selection, with focus on the educational field. We propose a model that employs a novel dataset for the process of feature selection, a step for improving classification in later stage. This dataset is unprecedented as no research in the literature was intended to serve malicious spam detection in a specific domain or field such as the educational field. Feature selection is expected to improve training time and accuracy of malicious spam detection.
{"title":"A Proposed Model for Malicious Spam Detection in Email Systems of Educational Institutes","authors":"Aisha Zaid, Ja'far Alqatawna, Ammar Huneiti","doi":"10.1109/CCC.2016.24","DOIUrl":"https://doi.org/10.1109/CCC.2016.24","url":null,"abstract":"The cheapest form of communication in the world today is email, and its simplicity makes it vulnerable to many threats. One of the most important threats to email is spam, unsolicited email, normally with an advertising content sent out as a mass mailing. Malicious spam is spam with malicious content in forms of harmful attachments or links to phishing websites. In the case of educational institutes, malicious spam threatens the privacy and security of large amount of sensitive data relating to staff and students. Hence, a system that can automatically learn how to classify malicious spam in educational institutes is highly desirable. In this paper, we aim to improve detection of malicious spam through feature selection, with focus on the educational field. We propose a model that employs a novel dataset for the process of feature selection, a step for improving classification in later stage. This dataset is unprecedented as no research in the literature was intended to serve malicious spam detection in a specific domain or field such as the educational field. Feature selection is expected to improve training time and accuracy of malicious spam detection.","PeriodicalId":120509,"journal":{"name":"2016 Cybersecurity and Cyberforensics Conference (CCC)","volume":"59 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114827471","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The growth in technology usage came along with many risks and increase in cybercrimes incidents. Phishing attacks are a form of cybercrimes by which attackers trick victims in order to obtain personal and sensitive information. Phishers motivations include gaining unauthorized information and access, cause financial loss and many more negative impacts. While cybercriminals keep developing their techniques, investigating different attack styles and methodologies are important steps toward developing effective protection mechanisms. This paper contributes to this direction by presenting and analyzing various phishing attack styles including Nigerian, Ghanaian, Chinese and Russian cybercrime styles. Due to richness of learning resources Russians and Chinese were found to be using more advanced techniques than Ghanaians and Nigerians who has limited resources.
{"title":"Analyzing CyberCrimes Strategies: The Case of Phishing Attack","authors":"Rola Al Halaseh, Ja'far Alqatawna","doi":"10.1109/CCC.2016.25","DOIUrl":"https://doi.org/10.1109/CCC.2016.25","url":null,"abstract":"The growth in technology usage came along with many risks and increase in cybercrimes incidents. Phishing attacks are a form of cybercrimes by which attackers trick victims in order to obtain personal and sensitive information. Phishers motivations include gaining unauthorized information and access, cause financial loss and many more negative impacts. While cybercriminals keep developing their techniques, investigating different attack styles and methodologies are important steps toward developing effective protection mechanisms. This paper contributes to this direction by presenting and analyzing various phishing attack styles including Nigerian, Ghanaian, Chinese and Russian cybercrime styles. Due to richness of learning resources Russians and Chinese were found to be using more advanced techniques than Ghanaians and Nigerians who has limited resources.","PeriodicalId":120509,"journal":{"name":"2016 Cybersecurity and Cyberforensics Conference (CCC)","volume":"34 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132498820","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In the era of digital economy and high penetration rate of technology, cybercrime is taking over a great span of the cyberworld. Novice to experienced users are subject to being victims to cyber criminals. Phishing attempts lead to critical issues and risks for online users, and for companies as well. This research proposes a framework for fraud prevention by enabling the automatic detection of malicious websites. The applicability of the framework is validated by various types of experiments. The experiments tries to model phishing websites using various algorithms and approaches, including hybrid approaches. It is apparent that the performance of Random Forest Trees algorithm overperformed several other algorithms. Accordingly, the framework is proved to be useful in the segregation of malicious online content and phishing attempts. In addition the results call for more investigation and improvement in fraud prevention approaches.
{"title":"Fraud Prevention Framework for Electronic Business Environments: Automatic Segregation of Online Phishing Attempts","authors":"Nazeeh Ghatasheh","doi":"10.1109/CCC.2016.17","DOIUrl":"https://doi.org/10.1109/CCC.2016.17","url":null,"abstract":"In the era of digital economy and high penetration rate of technology, cybercrime is taking over a great span of the cyberworld. Novice to experienced users are subject to being victims to cyber criminals. Phishing attempts lead to critical issues and risks for online users, and for companies as well. This research proposes a framework for fraud prevention by enabling the automatic detection of malicious websites. The applicability of the framework is validated by various types of experiments. The experiments tries to model phishing websites using various algorithms and approaches, including hybrid approaches. It is apparent that the performance of Random Forest Trees algorithm overperformed several other algorithms. Accordingly, the framework is proved to be useful in the segregation of malicious online content and phishing attempts. In addition the results call for more investigation and improvement in fraud prevention approaches.","PeriodicalId":120509,"journal":{"name":"2016 Cybersecurity and Cyberforensics Conference (CCC)","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126409281","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Websites typically include many forms or web elements that allow users to enter and submit data. This data will be eventually executed in the back-end databases. Users can, intentionally or unintentionally enter improper input data that, if reach those back-end databases, may cause some serious security or damaging problems. For proper user interface design as well as for security reasons, it is important for web-designers to consider input-validation techniques at the user interface level or as early as possible. The goal is to stop further actions for any invalid input data. In this paper, we conducted an evaluation study of how much input validation is used by web-designers. We used some of the web attacks that target improper input validations as indicators to show the quality of the input validation process for the evaluated websites. Results showed that those types of attacks continue to be effective and serious methods. Results showed also that there is a need for systematic and frequent evaluation for those websites to ensure that basic input validation guidelines are observed.
{"title":"Websites' Input Validation and Input-Misuse-Based Attacks","authors":"I. Alsmadi, Iyad Alazzam","doi":"10.1109/CCC.2016.31","DOIUrl":"https://doi.org/10.1109/CCC.2016.31","url":null,"abstract":"Websites typically include many forms or web elements that allow users to enter and submit data. This data will be eventually executed in the back-end databases. Users can, intentionally or unintentionally enter improper input data that, if reach those back-end databases, may cause some serious security or damaging problems. For proper user interface design as well as for security reasons, it is important for web-designers to consider input-validation techniques at the user interface level or as early as possible. The goal is to stop further actions for any invalid input data. In this paper, we conducted an evaluation study of how much input validation is used by web-designers. We used some of the web attacks that target improper input validations as indicators to show the quality of the input validation process for the evaluated websites. Results showed that those types of attacks continue to be effective and serious methods. Results showed also that there is a need for systematic and frequent evaluation for those websites to ensure that basic input validation guidelines are observed.","PeriodicalId":120509,"journal":{"name":"2016 Cybersecurity and Cyberforensics Conference (CCC)","volume":"39 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131648487","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
With the advent of Advanced Persistent Threats (APTs) and exploits such as Eurograbber, we can no longer trust the user's PC or mobile phone to be honest in their transactions with banks. This paper reviews the current state of the art in protecting PCs from malware and APTs that can modify banking transactions, and identifies their strengths and weaknesses. It then proposes an enhanced USB device based on speech and vision. User trials with a software prototype show that such a device is both user friendly and that users are less susceptible to accepting subtly modified transaction with this device than with other vision only USB devices. Since human factors are usually the weakest point in the security chain, and are often the way that APT actors perform their attacks, the focus of the proposed solution is on improving the usability of existing USB devices. However the device is still not failsafe, and therefore may not be as preferable as Sm@rt TAN-plus that is currently used by many German banks.
{"title":"Boosting Usability for Protecting Online Banking Applications Against APTs","authors":"Mohannad J. Alhanahnah, D. Chadwick","doi":"10.1109/CCC.2016.13","DOIUrl":"https://doi.org/10.1109/CCC.2016.13","url":null,"abstract":"With the advent of Advanced Persistent Threats (APTs) and exploits such as Eurograbber, we can no longer trust the user's PC or mobile phone to be honest in their transactions with banks. This paper reviews the current state of the art in protecting PCs from malware and APTs that can modify banking transactions, and identifies their strengths and weaknesses. It then proposes an enhanced USB device based on speech and vision. User trials with a software prototype show that such a device is both user friendly and that users are less susceptible to accepting subtly modified transaction with this device than with other vision only USB devices. Since human factors are usually the weakest point in the security chain, and are often the way that APT actors perform their attacks, the focus of the proposed solution is on improving the usability of existing USB devices. However the device is still not failsafe, and therefore may not be as preferable as Sm@rt TAN-plus that is currently used by many German banks.","PeriodicalId":120509,"journal":{"name":"2016 Cybersecurity and Cyberforensics Conference (CCC)","volume":"54 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134201339","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: