Traditional defences such as intrusion detection systems, firewalls and antivirus software are not enough to prevent security breaches caused by highly targeted cyber threats. As many of these attacks go undetected, this paper shows the results of a case study which consists of implementation of a methodology that selects, maps, deploys, tests and monitors the deceptions for the purpose of early detection. Metrics are developed to validate the effectiveness of the deception implementation. Firstly, various deception mechanisms are mapped to the first three phases of the intrusion kill chain: reconnaissance, weaponization and delivery. Then, Red Teams were recruited to test the deceptions for two case scenarios. Applying metrics, it is shown that the deceptions in the case studies are effective in the detection of cyber threats before the target asset was exploited and successful in creating attacker confusion and uncertainty about the organization’s network topology, services and resources.
{"title":"A case study about the use and evaluation of cyber deceptive methods against highly targeted attacks","authors":"Alexandria Farar, Hayretdin Bahsi, Bernhards Blumbergs","doi":"10.1109/CYBERINCIDENT.2017.8054640","DOIUrl":"https://doi.org/10.1109/CYBERINCIDENT.2017.8054640","url":null,"abstract":"Traditional defences such as intrusion detection systems, firewalls and antivirus software are not enough to prevent security breaches caused by highly targeted cyber threats. As many of these attacks go undetected, this paper shows the results of a case study which consists of implementation of a methodology that selects, maps, deploys, tests and monitors the deceptions for the purpose of early detection. Metrics are developed to validate the effectiveness of the deception implementation. Firstly, various deception mechanisms are mapped to the first three phases of the intrusion kill chain: reconnaissance, weaponization and delivery. Then, Red Teams were recruited to test the deceptions for two case scenarios. Applying metrics, it is shown that the deceptions in the case studies are effective in the detection of cyber threats before the target asset was exploited and successful in creating attacker confusion and uncertainty about the organization’s network topology, services and resources.","PeriodicalId":298850,"journal":{"name":"2017 International Conference On Cyber Incident Response, Coordination, Containment & Control (Cyber Incident)","volume":"50 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134633996","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-06-01DOI: 10.1109/CYBERINCIDENT.2017.8054639
Mohamed Amoud, O. Roudiès
Mobile Devices offer enriched services and information for the end users. Achieving security in such a dynamic and heterogeneous environment is a challenging task. Hence, adaptive security is an applicable solution for this challenge. It is able to automatically select security mechanisms and their parameters at runtime in order to preserve the required security level in a changing environment. In this paper, we propose a self-adaptive security solution for Mobile Devices (Smartphone, Tablets,...) based on the combination of the MAPE-K reference model to dynamic negotiate and deploy of security policies, and DSPL approach to reconfigure the security level of the applications at runtime and monitor the changes in the context. The novelty of our approach comes from dynamic negotiation of security policies and automatic reconfiguration of security level to instantiate the new security policies at runtime in order to be capable of deploying adaptive security mechanisms to satisfy different security needs at different conditions.
{"title":"Dynamic adaptation and reconfiguration of security in mobile devices","authors":"Mohamed Amoud, O. Roudiès","doi":"10.1109/CYBERINCIDENT.2017.8054639","DOIUrl":"https://doi.org/10.1109/CYBERINCIDENT.2017.8054639","url":null,"abstract":"Mobile Devices offer enriched services and information for the end users. Achieving security in such a dynamic and heterogeneous environment is a challenging task. Hence, adaptive security is an applicable solution for this challenge. It is able to automatically select security mechanisms and their parameters at runtime in order to preserve the required security level in a changing environment. In this paper, we propose a self-adaptive security solution for Mobile Devices (Smartphone, Tablets,...) based on the combination of the MAPE-K reference model to dynamic negotiate and deploy of security policies, and DSPL approach to reconfigure the security level of the applications at runtime and monitor the changes in the context. The novelty of our approach comes from dynamic negotiation of security policies and automatic reconfiguration of security level to instantiate the new security policies at runtime in order to be capable of deploying adaptive security mechanisms to satisfy different security needs at different conditions.","PeriodicalId":298850,"journal":{"name":"2017 International Conference On Cyber Incident Response, Coordination, Containment & Control (Cyber Incident)","volume":"10 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124837186","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-06-01DOI: 10.1109/CYBERINCIDENT.2017.8054638
T. Hoang, Nhi-Yen Tran-Thi
This paper proposes an alternative fuzzy logic controller to create the anti-swing controller of the 3D crane system. Simultaneously, it uses more genetic algorithms (GA) to optimize the parameters inside the crane controller. The controller’s purpose controls the crane’s position and maintains the smallest payload swing angle possible at the desired position in order to reduce industrial accidents and increase work performance. In addition, we create a new fuzzy rule which is more effective than other fuzzy rules or controllers. This completely solves the position control but the payload swing angle is still small, making it difficult for the other controllers. Moreover, the simulated results from the proposed fuzzy rule demonstrate better robust stabilization when compared with the other fuzzy rules or controllers.
{"title":"Robust anti – swing control of 3D crane system using GA – FUZZY","authors":"T. Hoang, Nhi-Yen Tran-Thi","doi":"10.1109/CYBERINCIDENT.2017.8054638","DOIUrl":"https://doi.org/10.1109/CYBERINCIDENT.2017.8054638","url":null,"abstract":"This paper proposes an alternative fuzzy logic controller to create the anti-swing controller of the 3D crane system. Simultaneously, it uses more genetic algorithms (GA) to optimize the parameters inside the crane controller. The controller’s purpose controls the crane’s position and maintains the smallest payload swing angle possible at the desired position in order to reduce industrial accidents and increase work performance. In addition, we create a new fuzzy rule which is more effective than other fuzzy rules or controllers. This completely solves the position control but the payload swing angle is still small, making it difficult for the other controllers. Moreover, the simulated results from the proposed fuzzy rule demonstrate better robust stabilization when compared with the other fuzzy rules or controllers.","PeriodicalId":298850,"journal":{"name":"2017 International Conference On Cyber Incident Response, Coordination, Containment & Control (Cyber Incident)","volume":"6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124352013","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-06-01DOI: 10.1109/CYBERINCIDENT.2017.8054637
S. Miserendino, Corey Maynard, Jacob Davis
Cyber security operations face a daily flood of security events generated by automated security tools and analytics. These events must be rapidly and accurately triaged to remove false positives and focus investigations on those presenting the greatest risks to the enterprise and requiring immediate remediation. We introduce ThreatVectors as a contextual triage workflow and event visualization tool to aid operators in event triage. ThreatVectors use a streaming event processing framework for event correlation, aggregation and prioritization based on user definable event collections and a cyber-triage domain specific language. Triage work progress is shown using a novel progress bar matrix. Event collection visualization includes abstract event thumbnails for event overview and a dynamic filtering mechanism based on metafield hierarchies. Bulk adjudication of filtered event views and event clusters is supported. User testing on large enterprise networks indicates the approach has significant potential for aiding in identifying multievent campaigns, supporting collaborative triage and reducing total time spent triaging events.
{"title":"ThreatVectors: contextual workflows and visualizations for rapid cyber event triage","authors":"S. Miserendino, Corey Maynard, Jacob Davis","doi":"10.1109/CYBERINCIDENT.2017.8054637","DOIUrl":"https://doi.org/10.1109/CYBERINCIDENT.2017.8054637","url":null,"abstract":"Cyber security operations face a daily flood of security events generated by automated security tools and analytics. These events must be rapidly and accurately triaged to remove false positives and focus investigations on those presenting the greatest risks to the enterprise and requiring immediate remediation. We introduce ThreatVectors as a contextual triage workflow and event visualization tool to aid operators in event triage. ThreatVectors use a streaming event processing framework for event correlation, aggregation and prioritization based on user definable event collections and a cyber-triage domain specific language. Triage work progress is shown using a novel progress bar matrix. Event collection visualization includes abstract event thumbnails for event overview and a dynamic filtering mechanism based on metafield hierarchies. Bulk adjudication of filtered event views and event clusters is supported. User testing on large enterprise networks indicates the approach has significant potential for aiding in identifying multievent campaigns, supporting collaborative triage and reducing total time spent triaging events.","PeriodicalId":298850,"journal":{"name":"2017 International Conference On Cyber Incident Response, Coordination, Containment & Control (Cyber Incident)","volume":"42 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126784236","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1900-01-01DOI: 10.1109/socialmedia.2017.8057355
Cyril Onwubiko
There have been longitudinal advances in both cybersecurity and cyber-threats in recent years. With cybersecurity, for instance, there are now mechanisms to geographically locate an entity; there are those that can intercept most forms of electronic communications, and those that can recover most types of hidden images and data in electronic devices. The pace of change and advancements has equally been astronomical and astonishing. Technology refresh cycles have been slashed, and are now estimated to between 12 to 18 months, while the number of cyber users or entities has quadrupled in the last five years. These continuous changes have left an ever increasing gap between cybersecurity, that is, control mechanisms (a.k.a. safeguards) that help protect, detect, respond and recover organisational or national cyber investment, and cyber-threats, that is, threats that aim to exploit, breach or circumvent the cyber controls. This gap between cybersecurity on one hand and cyber-threats on the other hand appears to widen even further in areas with far greater financial rewards for the criminals, or nation state political gains. Exploits are now common and frequent, and impacts far much greater than before. This situation is further exacerbated by the lack of adequate and well deployed security operations centres to monitor organizational cyber investments.
{"title":"Security operations centre: situation awareness, threat intelligence and cybercrime","authors":"Cyril Onwubiko","doi":"10.1109/socialmedia.2017.8057355","DOIUrl":"https://doi.org/10.1109/socialmedia.2017.8057355","url":null,"abstract":"There have been longitudinal advances in both cybersecurity and cyber-threats in recent years. With cybersecurity, for instance, there are now mechanisms to geographically locate an entity; there are those that can intercept most forms of electronic communications, and those that can recover most types of hidden images and data in electronic devices. The pace of change and advancements has equally been astronomical and astonishing. Technology refresh cycles have been slashed, and are now estimated to between 12 to 18 months, while the number of cyber users or entities has quadrupled in the last five years. These continuous changes have left an ever increasing gap between cybersecurity, that is, control mechanisms (a.k.a. safeguards) that help protect, detect, respond and recover organisational or national cyber investment, and cyber-threats, that is, threats that aim to exploit, breach or circumvent the cyber controls. This gap between cybersecurity on one hand and cyber-threats on the other hand appears to widen even further in areas with far greater financial rewards for the criminals, or nation state political gains. Exploits are now common and frequent, and impacts far much greater than before. This situation is further exacerbated by the lack of adequate and well deployed security operations centres to monitor organizational cyber investments.","PeriodicalId":298850,"journal":{"name":"2017 International Conference On Cyber Incident Response, Coordination, Containment & Control (Cyber Incident)","volume":"5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129027390","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: