Pub Date : 2019-09-01DOI: 10.1109/ICoCSec47621.2019.8971017
Salah Mohammed A. F., M. F. Marhusin, R. Sulaiman
There are various approaches to detect malware. Among them is via dynamic analysis which is a very essential technique capable of detecting unknown malware. The dynamic analysis monitors the behaviour of the executable by providing its execution behaviour information. Since the complexity of the malware is increasing, it is important to monitor the malware and study how malware behaves to help in detecting it. In this paper, we highlighted the instrumentation technique to observe behaviour of Portable Executable execution. We briefly explored some of the related works. We discussed about dynamic analysis and Windows API Calls. We discussed on our realtime behaviour monitor. The concept of n-gram was explained and before concluding, several challenges were highlighted.
{"title":"Instrumenting API Hooking for a Realtime Dynamic Analysis","authors":"Salah Mohammed A. F., M. F. Marhusin, R. Sulaiman","doi":"10.1109/ICoCSec47621.2019.8971017","DOIUrl":"https://doi.org/10.1109/ICoCSec47621.2019.8971017","url":null,"abstract":"There are various approaches to detect malware. Among them is via dynamic analysis which is a very essential technique capable of detecting unknown malware. The dynamic analysis monitors the behaviour of the executable by providing its execution behaviour information. Since the complexity of the malware is increasing, it is important to monitor the malware and study how malware behaves to help in detecting it. In this paper, we highlighted the instrumentation technique to observe behaviour of Portable Executable execution. We briefly explored some of the related works. We discussed about dynamic analysis and Windows API Calls. We discussed on our realtime behaviour monitor. The concept of n-gram was explained and before concluding, several challenges were highlighted.","PeriodicalId":272402,"journal":{"name":"2019 International Conference on Cybersecurity (ICoCSec)","volume":"11 34","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"113980017","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-09-01DOI: 10.1109/ICoCSec47621.2019.8970801
Nurfadilah Ariffini, A. Zainal, M. A. Maarof, Mohamad Nizam Kassim
Analyzing text especially in Malware domain is quite challenging. Even with Natural Language Processing approach, it limits with the absence of specific Named Entity recognizer to extract related entities of malware from unstructured data like text. It is essential to automate the process of extracting information such as Ransomware entity from text and the information extracted could be used as knowledge reasoning like profiling the behaviour of Ransomware using the information available on the Internet. Although the text itself is unstructured, informal text like Internet forum has its problems and challenges to perform the analysis and extraction process. Thus, the performance of machine learning in carrying out the classification of entities from this type of text depending on the complexity of the model. Therefore, this paper presents the comparison of few supervised learning techniques (CRF, Naive Bayes, and SVM) for model training in extracting Ransomware entities from unstructured text in terms of their performance.
{"title":"Ransomware Entities Classification with Supervised Learning for Informal Text","authors":"Nurfadilah Ariffini, A. Zainal, M. A. Maarof, Mohamad Nizam Kassim","doi":"10.1109/ICoCSec47621.2019.8970801","DOIUrl":"https://doi.org/10.1109/ICoCSec47621.2019.8970801","url":null,"abstract":"Analyzing text especially in Malware domain is quite challenging. Even with Natural Language Processing approach, it limits with the absence of specific Named Entity recognizer to extract related entities of malware from unstructured data like text. It is essential to automate the process of extracting information such as Ransomware entity from text and the information extracted could be used as knowledge reasoning like profiling the behaviour of Ransomware using the information available on the Internet. Although the text itself is unstructured, informal text like Internet forum has its problems and challenges to perform the analysis and extraction process. Thus, the performance of machine learning in carrying out the classification of entities from this type of text depending on the complexity of the model. Therefore, this paper presents the comparison of few supervised learning techniques (CRF, Naive Bayes, and SVM) for model training in extracting Ransomware entities from unstructured text in terms of their performance.","PeriodicalId":272402,"journal":{"name":"2019 International Conference on Cybersecurity (ICoCSec)","volume":"68 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122343429","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
A cyber attack is a malicious and deliberate attempt by an individual or organization to breach the integrity, confidentiality, and/or availability of data or services of an information system of another individual or organization. Being able to attribute a cyber attack is a crucial question for security but this question is also known to be a difficult problem. The main reason why there is currently no solution that automatically identifies the initiator of an attack is that attackers usually use proxies, i.e. an intermediate node that relays a host over the network. In this paper, we propose to formalize the problem of identifying the initiator of a cyber attack. We show that if the attack scenario used by the attacker is known, then we are able to resolve the cyber attribution problem. Indeed, we propose a model to formalize these attack scenarios, that we call attack patterns, and give an efficient algorithm to search for attack pattern on a communication history. Finally, we experimentally show the relevance of our approach.
{"title":"Using Attack Pattern for Cyber Attack Attribution","authors":"Florent Avellaneda, El-Hackemi Alikacem, Femi Jaafar","doi":"10.1109/ICoCSec47621.2019.8970906","DOIUrl":"https://doi.org/10.1109/ICoCSec47621.2019.8970906","url":null,"abstract":"A cyber attack is a malicious and deliberate attempt by an individual or organization to breach the integrity, confidentiality, and/or availability of data or services of an information system of another individual or organization. Being able to attribute a cyber attack is a crucial question for security but this question is also known to be a difficult problem. The main reason why there is currently no solution that automatically identifies the initiator of an attack is that attackers usually use proxies, i.e. an intermediate node that relays a host over the network. In this paper, we propose to formalize the problem of identifying the initiator of a cyber attack. We show that if the attack scenario used by the attacker is known, then we are able to resolve the cyber attribution problem. Indeed, we propose a model to formalize these attack scenarios, that we call attack patterns, and give an efficient algorithm to search for attack pattern on a communication history. Finally, we experimentally show the relevance of our approach.","PeriodicalId":272402,"journal":{"name":"2019 International Conference on Cybersecurity (ICoCSec)","volume":"17 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125604796","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-09-01DOI: 10.1109/ICoCSec47621.2019.8971126
Asmaa Tellabi, Jaafar Fehmi, Sabri Abdelbast, C. Ruland
Over the years, virtualization has been deployed due to the benefits it offers, such as a better interoperability and improved performances. Two popular architectures of computers have been widely used in virtualization, x86 and ARM processors. The key component in virtualization is the hypervisor, which is a virtual machine manager that allows multiple guest operating systems (OS) to run on a single host system at the same time. Researchers and practitioners identified the challenge of enabling critical applications to share a common hardware platform without interfering one another as one of the main virtualization safety challenges. In this context, XtratuM was specified as a hypervisor designed to meet safety critical requirements in virtualization. In this paper, a comparison between XtratuM communication performances will be provided for ARM and x86 architectures. Different schedules will be given to partitions in order to examine the effect it has on each communication channel. As it will be demonstrated in this paper, Queuing messages (QC) are slower than Sampling Messages (SP), and this is caused by the internal structure and how messages are sent between partitions. As seen from tests, the version of XtratuM for x86 processors is faster than the one for ARM processors; this is also caused by the differences found in both architectures. In addition, a modified system’s architecture based on a previous architecture will be presented, which was modified in order to fit more the limits of XtratuM.
{"title":"On the Analysis of the Impact of Scheduling Plans in Safety Critical Requirements in Virtualization","authors":"Asmaa Tellabi, Jaafar Fehmi, Sabri Abdelbast, C. Ruland","doi":"10.1109/ICoCSec47621.2019.8971126","DOIUrl":"https://doi.org/10.1109/ICoCSec47621.2019.8971126","url":null,"abstract":"Over the years, virtualization has been deployed due to the benefits it offers, such as a better interoperability and improved performances. Two popular architectures of computers have been widely used in virtualization, x86 and ARM processors. The key component in virtualization is the hypervisor, which is a virtual machine manager that allows multiple guest operating systems (OS) to run on a single host system at the same time. Researchers and practitioners identified the challenge of enabling critical applications to share a common hardware platform without interfering one another as one of the main virtualization safety challenges. In this context, XtratuM was specified as a hypervisor designed to meet safety critical requirements in virtualization. In this paper, a comparison between XtratuM communication performances will be provided for ARM and x86 architectures. Different schedules will be given to partitions in order to examine the effect it has on each communication channel. As it will be demonstrated in this paper, Queuing messages (QC) are slower than Sampling Messages (SP), and this is caused by the internal structure and how messages are sent between partitions. As seen from tests, the version of XtratuM for x86 processors is faster than the one for ARM processors; this is also caused by the differences found in both architectures. In addition, a modified system’s architecture based on a previous architecture will be presented, which was modified in order to fit more the limits of XtratuM.","PeriodicalId":272402,"journal":{"name":"2019 International Conference on Cybersecurity (ICoCSec)","volume":"51 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131707072","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-09-01DOI: 10.1109/ICoCSec47621.2019.8971076
Burkan Hawash, U. A. Mokhtar, Z. M. Yusof
The growing volume of records in Oil and Gas corporations, especially in developing countries, is problematic because they are managed manually which causes the risk of losing information. Therefore, organizations should adopt electronic systems in order to avoid this problem. The success of Electronic Records Management System (ERMS) adoption by many organizations in developed and developing countries encourages its adoption in the Yemen Oil and Gas Corporation (YOGC) subsidiaries. This study intends to investigate the current practice of Records Management in YOGC subsidiaries including how YOGC manages records to meet the legislative requirements in the country while achieving their operational and strategic objectives. The study uses literature content analysis to identify the ERMS adoption challenges that similar organizations faced in developing countries. The data collected via phone interviews with twelve IT managers in the subsidiaries and in the Ministry of Oil and Minerals. Results show that YOGC Subsidiaries encounter substantial challenges when managing records including the capability to comply with government regulations and policies when creating records, difficult to identify records and the continuous need for storage space. This study concludes that ERMS should be adopted by the Subsidiaries to streamline and strengthen the system for management of records to remain competitive in the market.
{"title":"The primarily study of Electronic Records Management System (ERMS) for Yemen Oil and Gas Corporation (YOGC) Subsidiaries","authors":"Burkan Hawash, U. A. Mokhtar, Z. M. Yusof","doi":"10.1109/ICoCSec47621.2019.8971076","DOIUrl":"https://doi.org/10.1109/ICoCSec47621.2019.8971076","url":null,"abstract":"The growing volume of records in Oil and Gas corporations, especially in developing countries, is problematic because they are managed manually which causes the risk of losing information. Therefore, organizations should adopt electronic systems in order to avoid this problem. The success of Electronic Records Management System (ERMS) adoption by many organizations in developed and developing countries encourages its adoption in the Yemen Oil and Gas Corporation (YOGC) subsidiaries. This study intends to investigate the current practice of Records Management in YOGC subsidiaries including how YOGC manages records to meet the legislative requirements in the country while achieving their operational and strategic objectives. The study uses literature content analysis to identify the ERMS adoption challenges that similar organizations faced in developing countries. The data collected via phone interviews with twelve IT managers in the subsidiaries and in the Ministry of Oil and Minerals. Results show that YOGC Subsidiaries encounter substantial challenges when managing records including the capability to comply with government regulations and policies when creating records, difficult to identify records and the continuous need for storage space. This study concludes that ERMS should be adopted by the Subsidiaries to streamline and strengthen the system for management of records to remain competitive in the market.","PeriodicalId":272402,"journal":{"name":"2019 International Conference on Cybersecurity (ICoCSec)","volume":"93 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134009627","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-09-01DOI: 10.1109/ICoCSec47621.2019.8971117
June Jeremiah
In this ever-changing digital connected world of Internet of Things (IoT) and new innovative technologies of software and application developments, cyber security has drastically changed and become critical issue for individuals and businesses globally. Security is one of the critical requirements in today’s world where by network devices are connected together and easily accessible anytime anywhere. Data integrity and protecting access of information between connected devices is the basic need to secure today cyber space. This paper aims at implementation of a decoy based technology, Honeypot along with a Raspberry Pi to enhance network security by simulating weak security and vulnerabilities to attract attackers. The Honeypot will monitor and record all the malicious activities launched by the attacker, the data will be used for security auditing to improve security where needed easily and cost effectively.
{"title":"Intrusion Detection System to Enhance Network Security Using Raspberry PI Honeypot in Kali Linux","authors":"June Jeremiah","doi":"10.1109/ICoCSec47621.2019.8971117","DOIUrl":"https://doi.org/10.1109/ICoCSec47621.2019.8971117","url":null,"abstract":"In this ever-changing digital connected world of Internet of Things (IoT) and new innovative technologies of software and application developments, cyber security has drastically changed and become critical issue for individuals and businesses globally. Security is one of the critical requirements in today’s world where by network devices are connected together and easily accessible anytime anywhere. Data integrity and protecting access of information between connected devices is the basic need to secure today cyber space. This paper aims at implementation of a decoy based technology, Honeypot along with a Raspberry Pi to enhance network security by simulating weak security and vulnerabilities to attract attackers. The Honeypot will monitor and record all the malicious activities launched by the attacker, the data will be used for security auditing to improve security where needed easily and cost effectively.","PeriodicalId":272402,"journal":{"name":"2019 International Conference on Cybersecurity (ICoCSec)","volume":"46 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134073694","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-09-01DOI: 10.1109/ICoCSec47621.2019.8970947
R. Dremliuga, A. Iakovenko, N. Prisekina
Virtual reality technologies have a huge and not yet fully realized potential to change the existing practices of life, production and education. Despite all the advantages of using this technology, it can be used to commit crimes. Moreover, the use of this technology as a means of committing a crime gives the offender a number of advantages. Despite all the advantages of using this technology, it can be used to commit crimes. Moreover, the use of this technology as a means of committing a crime gives the offender a number of advantages. These advantages include: a multijurisdictional problem in prosecuting the offender, the ability of such a virtual environment to create an illusion of realism for the user, an integration of virtual-world environments with devices that can affect the user in the real world. Al of which allows the commission of crimes with characteristics not previously available. In addition, paper is devoted to a number of issues related to VR that have prerequisites to fall within the scope of criminal law.
{"title":"Crime in virtual reality: discussion","authors":"R. Dremliuga, A. Iakovenko, N. Prisekina","doi":"10.1109/ICoCSec47621.2019.8970947","DOIUrl":"https://doi.org/10.1109/ICoCSec47621.2019.8970947","url":null,"abstract":"Virtual reality technologies have a huge and not yet fully realized potential to change the existing practices of life, production and education. Despite all the advantages of using this technology, it can be used to commit crimes. Moreover, the use of this technology as a means of committing a crime gives the offender a number of advantages. Despite all the advantages of using this technology, it can be used to commit crimes. Moreover, the use of this technology as a means of committing a crime gives the offender a number of advantages. These advantages include: a multijurisdictional problem in prosecuting the offender, the ability of such a virtual environment to create an illusion of realism for the user, an integration of virtual-world environments with devices that can affect the user in the real world. Al of which allows the commission of crimes with characteristics not previously available. In addition, paper is devoted to a number of issues related to VR that have prerequisites to fall within the scope of criminal law.","PeriodicalId":272402,"journal":{"name":"2019 International Conference on Cybersecurity (ICoCSec)","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125564093","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-09-01DOI: 10.1109/icocsec47621.2019.8971046
{"title":"ICoCSec 2019 Table of contents","authors":"","doi":"10.1109/icocsec47621.2019.8971046","DOIUrl":"https://doi.org/10.1109/icocsec47621.2019.8971046","url":null,"abstract":"","PeriodicalId":272402,"journal":{"name":"2019 International Conference on Cybersecurity (ICoCSec)","volume":"23 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122271413","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: