Haifeng Zhou,Chunming Wu,Ming Jiang,Boyang Zhou,Wen Gao,Tingting Pan,Min Huang

DOI: https://doi.org/10.1109/mcom.2015.7081074

IF: 9.03

2015-01-01

IEEE Communications Magazine

Abstract:The past few years have witnessed revolutionary advances in network technology. Along with new techniques such as SDN come lots of new network security challenges. Conventional network security mechanisms are incompetent to overcome these challenges, since they are built on a static network configuration that facilitates attackers in finding the weaknesses of a network. In this article, we conceive a novel conceptual network security mechanism, the evolving defense mechanism (EDM), to resolve current and future security problems. EDM is based on a bio-inspired idea of network configuration variations. According to the security requirements of the system, the user, and the network security state, EDM selects an efficient network configuration variation strategy to prevent corresponding security threats. Combined with SDN implementation, EDM resolves security problems from a new angle and is capable of evolving with new network security technology. We sketch a way to implement EDM and present its reference framework, which serves as an ecosystem and coexisting environment for various kinds of network configuration variations. The proposed mechanism avoids the deficiency of conventional mechanisms and has potential to cope with emerging security threats.

Qiang Wu,Ran Wang,Xincheng Yan,Chunming Wu,Rongxing Lu

DOI: https://doi.org/10.1109/MWC.001.2100251

IF: 12.777

2022-01-01

IEEE Wireless Communications

Abstract:Opening-up sharing has prompted the multi-tenancy architecture, whereby different vendors (including outsourcees) work together with network operators to form a vibrant service ecosystem, resulting in several advantages as well as risks. In particular, the static nature of existing architectures in network functions virtualization-based (NFV-based) clouds facilitate hacking. Thus, much attention has been focused on determining how to avoid the uncontrollable cloud security induced by complex production relations and non-trustworthy software/hardware sources when the two sets of security risks intersect. In this article, we investigate latent persistent threats against cloud environments and determine a high degree of complementarity and consistency between the NFV-based cloud environment and the dynamic defense concept. More specifically, new NFV-based cloud features provide an effective implementation for dynamic defense, while the generalized robustness of dynamic defense theory allows for high security gains. Intrinsic cloud security (iCS) is then proposed to align NFV-based clouds, mimicking defense and the moving target defense (MTD) paradigm to implement a seamless integration and symbiosis evolution between security and NFV-based clouds. We quantify the impact on system overhead to account for efficiency and cost issues. The simulation analysis demonstrates that the enhanced mode is able to consistently obtain a more beneficial and stable defense compared with the counterparts.

Daojing He,Sammy Chan,Yan Zhang,Chunming Wu,Bing Wang

DOI: https://doi.org/10.1109/mis.2013.105

IF: 6.744

2014-01-01

IEEE Intelligent Systems

Abstract:Attack-defense models play an important role in the design of cybersecurity systems. Here, the authors review some traditional and prevailing attack-defense models along with their weaknesses. Then, they survey some recently proposed paradigm shifts to these models based on which more effective security strategies can be designed. Further, they provide some suggestions on how to adopt the new models, and present challenges that need to be addressed in this field.

WUChunming

DOI: https://doi.org/10.3969/j.issn.1009-6868.2016.01.009

2016-01-01

Abstract:Dynamic network proactive security defence is an effective method for solving the unknown vulnerabilities and back door attacks in the information system. In this paper, the evolution defense mechanism (EDM) is proposed. According to the security status, network system security needs, EDM can select the best network configuration change elements to deal with potential attacks and ensure the safety requirements of a specific level. Dynamic reconfiguration and changes of the network need to be considered in accordance with the security situation of the system and the possible network attacks. The key is how to detect and the security situation and network attacks. It proposes that study on dynamic network proactive security defense in China is in the initial stage, and there is stil much work to do.

Arindam Dan,Sumit Gupta

DOI: https://doi.org/10.1007/978-981-13-1544-2_2

2018-10-05

Abstract:Our modern life has been influenced in myriad ways by the Internet and digital technologies along with its every ameliorating advancement. But its omnipresence has consequently turned out be a boon for cyber attackers and intruders. The colossal impact of the Internet and the widespread growth of E-business have cleared the way for cyber fraudulence whereby attackers tend to target various public agencies especially the employees of Call Centre. The intruders have been using various techniques and tools of Social Engineering for the purpose of security breach and data leakage. This paper proposes a Social Engineering Attack Detection and Data Protection Model which can be used by the employees of any agency to not only detect the social engineering attacks but also to protect their files containing sensitive data and information from an attacker. Hence, this model will be very helpful and effective in resisting the attacker from manipulating himself or herself, in ensuring data protection and in safeguarding the security of employees.

Jan Domnik,Alexander Holland

DOI: https://doi.org/10.3390/jcp4020009

2024-03-30

Journal of Cybersecurity and Privacy

Abstract:In an evolving cybersecurity landscape marked by escalating data breaches and regulatory demands, data leakage prevention (DLP) has emerged as one of several defense mechanisms. This study underscores unresolved foundational issues within DLP, revealing that it remains a significant challenge in large organizations. This highlights the necessity for a holistic approach to DLP to effectively address these persistent challenges. By developing a DLP Maturity Model, adapted from the renowned C2M2 framework, this research provides a comprehensive tool for assessing organizational DLP capabilities and pinpointing critical gaps. Applying the DLP Maturity Model within the financial sector as demonstrated through a banking scenario showcases its relevance and added value. This application illuminates the model’s effectiveness in securing sensitive data and adhering to essential regulatory standards, highlighting its adaptability across various compliance landscapes. Implementing this DLP Maturity Model in a banking scenario showcases its applicability, highlighting its ability to formulate a strategy to secure sensitive data and comply with regulatory standards. This approach aligns with the concept of a continuous risk-based strategy, merging the holistic model to identify and address critical insider risks within organizations. The study addresses a specific gap in DLP research, notably the lack of a holistic framework for assessing and enhancing DLP strategies across organizations. It equips practitioners with a foundational tool to determine current DLP maturity and devise strategies for mitigating insider-driven data breach risks, thereby bolstering organizational cybersecurity resilience.

computer science, information systems, interdisciplinary applications, software engineering

Abel Yeboah-Ofori,Francisca Afua Opoku-Boateng

DOI: https://doi.org/10.1108/crr-09-2022-0017

2023-03-22

Continuity & Resilience Review

Abstract:Purpose Various organizational landscapes have evolved to improve their business processes, increase production speed and reduce the cost of distribution and have integrated their Internet with small and medium scale enterprises (SMEs) and third-party vendors to improve business growth and increase global market share, including changing organizational requirements and business process collaborations. Benefits include a reduction in the cost of production, online services, online payments, product distribution channels and delivery in a supply chain environment. However, the integration has led to an exponential increase in cybercrimes, with adversaries using various attack methods to penetrate and exploit the organizational network. Thus, identifying the attack vectors in the event of cyberattacks is very important in mitigating cybercrimes effectively and has become inevitable. However, the invincibility nature of cybercrimes makes it challenging to detect and predict the threat probabilities and the cascading impact in an evolving organization landscape leading to malware, ransomware, data theft and denial of service attacks, among others. The paper explores the cybercrime threat landscape, considers the impact of the attacks and identifies mitigating circumstances to improve security controls in an evolving organizational landscape. Design/methodology/approach The approach follows two main cybercrime framework design principles that focus on existing attack detection phases and proposes a cybercrime mitigation framework (CCMF) that uses detect, assess, analyze, evaluate and respond phases and subphases to reduce the attack surface. The methods and implementation processes were derived by identifying an organizational goal, attack vectors, threat landscape, identification of attacks and models and validation of framework standards to improve security. The novelty contribution of this paper is threefold: first, the authors explore the existing threat landscapes, various cybercrimes, models and the methods that adversaries are deploying on organizations. Second, the authors propose a threat model required for mitigating the risk factors. Finally, the authors recommend control mechanisms in line with security standards to improve security. Findings The results show that cybercrimes can be mitigated using a CCMF to detect, assess, analyze, evaluate and respond to cybercrimes to improve security in an evolving organizational threat landscape. Research limitations/implications The paper does not consider the organizational size between large organizations and SMEs. The challenges facing the evolving organizational threat landscape include vulnerabilities brought about by the integrations of various network nodes. Factor influencing these vulnerabilities includes inadequate threat intelligence gathering, a lack of third-party auditing and inadequate control mechanisms leading to various manipulations, exploitations, exfiltration and obfuscations. Practical implications Attack methods are applied to a case study for the implementation to evaluate the model based on the design principles. Inadequate cyber threat intelligence (CTI) gathering, inadequate attack modeling and security misconfigurations are some of the key factors leading to practical implications in mitigating cybercrimes. Social implications There are no social implications; however, cybercrimes have severe consequences for organizations and third-party vendors that integrate their network systems, leading to legal and reputational damage. Originality/value The paper's originality considers mitigating cybercrimes in an evolving organization landscape that requires strategic, tactical and operational management imperative using the proposed framework phases, including detect, assess, analyze, evaluate and respond phases and subphases to reduce the attack surface, which is currently inadequate.

Duane Wilson,Jeff Avery

DOI: https://doi.org/10.48550/arXiv.1606.08378

2016-06-27

Cryptography and Security

Abstract:Existing processes and methods for incident handling are geared towards infrastructures and operational models that will be increasingly outdated by cloud computing. Research has shown that to adapt incident handling to cloud computing environments, cloud customers must establish clarity about their requirements on Cloud Service Providers (CSPs) for successful handling of incidents and contract CSPs accordingly. Secondly, CSPs must strive to support these requirements and mirror them in their Service Level Agreements. Intrusion Detection Systems (IDS) have been used widely to detect malicious behaviors in network communication and hosts. Facing new application scenarios in Cloud Computing, the IDS approaches yield several problems since the operator of the IDS should be the user, not the administrator of the Cloud infrastructure. Cloud providers need to enable possibilities to deploy and configure IDS for the user - which poses its own challenges. Current research and commercial solutions primarily focus on protecting against Denial of Service attacks and attacks against the Cloud's virtual infrastructure. To counter these challenges, we propose a capability that aims to both detect and prevent the potential of data exfiltration by using a novel deception-based methodology. We also introduce a method of increasing the data protection level based on various threat conditions.

Mehran Alidoost Nia

DOI: https://doi.org/10.48550/arXiv.2312.17358

2023-12-29

Abstract:This paper presents the adaptive software security model, an innovative approach integrating the MAPE-K loop and the Software Development Life Cycle (SDLC). It proactively embeds security policies throughout development, reducing vulnerabilities from different levels of software engineering. Three primary contributions-MAPE-K integration, SDLC embedding, and analytical insights-converge to create a comprehensive approach for strengthening software systems against security threats. This research represents a paradigm shift, adapting security measures with agile software development and ensuring continuous improvement in the face of evolving threats. The model emerges as a robust solution, addressing the crucial need for adaptive software security strategies in modern software development. We analytically discuss the advantages of the proposed model.

Software Engineering,Cryptography and Security

Morgan Reece,Theodore Lander Jr.,Sudip Mittal,Nidhi Rastogi,Josiah Dykstra,Andy Sampson

2023-11-02

Abstract:As organizations increasingly use cloud services to host their IT infrastructure, there is a need to share data among these cloud hosted services and systems. A majority of IT organizations have workloads spread across different cloud service providers, growing their multi-cloud environments. When an organization grows their multi-cloud environment, the threat vectors and vulnerabilities for their cloud systems and services grow as well. The increase in the number of attack vectors creates a challenge of how to prioritize mitigations and countermeasures to best defend a multi-cloud environment against attacks. Utilizing multiple industry standard risk analysis tools, we conducted an analysis of multi-cloud threat vectors enabling calculation and prioritization for the identified mitigations and countermeasures. The prioritizations from the analysis showed that authentication and architecture are the highest risk areas of threat vectors. Armed with this data, IT managers are able to more appropriately budget cybersecurity expenditure to implement the most impactful mitigations and countermeasures.

Cryptography and Security

Zhimin Tang,Duohe Ma,Xiaoyan Sun,Kai Chen,Liming Wang,Junye Jiang

DOI: https://doi.org/10.1109/iscc58397.2023.10218253

2023-01-01

Abstract:Traditional defense methods are hard to change the inherent vulnerabilities of static data storage, single data access, and deterministic data content, leading to frequent data leakage incidents. Moving target defense (MTD) techniques can increase data diversity and unpredictability by dynamically shifting the data attack surface. However, in the existing methods, the data lacks sufficient dynamics due to insufficient shifting space and shifting frequency of attack surface, and legitimate users are inevitably greatly affected. This study proposes a data MTD method that the data changes dynamically based on real-time multi-source user access information. Through the multidimensional user stratification mechanism, we establish a novel dynamic data model that uses the combination of random deception strategies to convert metadata properties and content of data based on the user risk levels, while data remains unchanged for legitimate users. Multiple sets of experiments demonstrate the effectiveness and low consumption of our data dynamic defense approach.

Florence Sèdes

2024-06-17

Abstract:Major transformations related to information technologies affect InformationSystems (IS) that support the business processes of organizations and their actors. Deployment in a complex environment involving sensitive, massive and heterogeneous data generates risks with legal, social and financial impacts. This context of transition and openness makes the security of these IS central to the concerns of organizations. The digitization of all processes and the opening to IoT devices (Internet of Things) has fostered the emergence of a new formof crime, i.e. cybercrime.This generic term covers a number of malicious acts, the majority of which are now perpetrated using social engineering strategies, a phenomenon enabling a combined exploitation of ``human'' vulnerabilities and digital tools. The maliciousness of such attacks lies in the fact that they turn users into facilitators of cyber-attacks, to the point of being perceived as the ``weak link'' of <a class="link-external link-http" href="http://cybersecurity.As" rel="external noopener nofollow">this http URL</a> deployment policies prove insufficient, it is necessary to think about upstream steps: knowing how to anticipate, identifying weak signals and outliers, detect early and react quickly to computer crime are therefore priority issues requiring a prevention and cooperation <a class="link-external link-http" href="http://approach.In" rel="external noopener nofollow">this http URL</a> this overview, we propose a synthesis of literature and professional practices on this subject.

Cryptography and Security,Databases

Etkin Getir

2024-11-10

Abstract:While there is a plethora of cybersecurity and risk management frameworks for different target audiences and use cases, micro-businesses (MBs) are often overlooked. As the smallest business entities, MBs represent a special case with regard to cybersecurity for two reasons: (1) Having fewer than 10 employees, they tend to lack cybersecurity expertise. (2) Because of their low turnover, they usually have a limited budget for cybersecurity. As a result, MBs are often the victims of security breaches and cyber-attacks every year, as demonstrated by various studies. This calls for a non-technical, simple solution tailored specifically for MBs. To address this pressing need, the SEANCE Cybersecurity Framework was developed through a 7-step methodology: (1) A literature review was conducted to explore the current state of research and available frameworks and methodologies, (2) followed by a qualitative survey to identify the cybersecurity challenges faced by MBs. (3) After analyzing the results of the literature review and the survey, (4) the relevant aspects of existing frameworks and tools for MBs were identified and (5) a non-technical framework was developed. (6) A web-based tool was developed to facilitate the implementation of the framework and (7) another qualitative survey was conducted to gather feedback. The SEANCE Framework suggests considering possible vulnerabilities and cyber threats in six hierarchical layers: (1) Self, (2) Employees, (3) Assets, (4) Network, (5) Customers and (6) Environment, with the underlying idea of a vulnerability in an inner layer propagates to the outer layers and therefore needs to be prioritized.

Cryptography and Security

Juan Manuel R. Mosso

DOI: https://doi.org/10.48550/arXiv.1506.03830

2015-06-12

Abstract:The Internet Economy has a strong dependency on cyberspace. This raises security risk scenarios due to the increasing number of vulnerabilities and the increased frequency and sophistication of cyber attacks, especially with the advent of advanced threats of APT type. This paper presents a model of Intelligent Cybersecurity (ICS) for detect, deny, disrupt, degrade, deceive and destroy enemy capabilities in cyberspace. This is achieved through the conceptual and technical development of a Capacity for Cyber Intelligence (CCI) which aims to interfere destructively C2 capabilities of the adversary, penetrating its decision loops with the speed necessary to displace him to a reactive posture. Finally, unlike the security models raised classically, the concept of ICSI suggests that the advantage in the conflict can be obtained by defense and not always by the attacker. As theoretical support, the "Offensive System Reference Model" (OSRM) is presented, which is used to think cyber conflict at all levels, from a perspective coordinated and synchronized with the rest of the traditional forces under the present set; and a justification of the capacity from the modern perspective C2.

Cryptography and Security

Matthew Chan,Nathaniel Snyder,Marcus Lucas,Luis Garcia,Oleg Sokolsky,James Weimer,Insup Lee,Paulo Tabuada,Saman Zonouz,Mani Srivastava

DOI: https://doi.org/10.48550/arXiv.2210.07531

2022-10-14

Abstract:Although organizations are continuously making concerted efforts to harden their systems against network attacks by air-gapping critical systems, attackers continuously adapt and uncover covert channels to exfiltrate data from air-gapped systems. For instance, attackers have demonstrated the feasibility of exfiltrating data from a computer sitting in a Faraday cage by exfiltrating data using magnetic fields. Although a large body of work has recently emerged highlighting various physical covert channels, these attacks have mostly targeted open-loop cyber-physical systems where the covert channels exist on physical channels that are not being monitored by the victim. Network architectures such as fog computing push sensitive data to cyber-physical edge devices--whose physical side channels are typically monitored via state estimation. In this paper, we formalize covert data exfiltration that uses existing cyber-physical models and infrastructure of individual devices to exfiltrate data in a stealthy manner, i.e., we propose a method to circumvent cyber-physical state estimation intrusion detection techniques while exfiltrating sensitive data from the network. We propose a generalized model for encoding and decoding sensitive data within cyber-physical control loops. We evaluate our approach on a distributed IoT network that includes computation nodes residing on physical drones as well as on an industrial control system for the control of a robotic arm. Unlike prior works, we formalize the constraints of covert cyber-physical channel exfiltration in the presence of a defender performing state estimation.

Cryptography and Security

Vasileios Mavroeidis,Kamer Vishi,Audun Jøsang

DOI: https://doi.org/10.48550/arXiv.1809.09434

2018-09-25

Cryptography and Security

Abstract:This paper presents PS0, an ontological framework and a methodology for improving physical security and insider threat detection. PS0 can facilitate forensic data analysis and proactively mitigate insider threats by leveraging rule-based anomaly detection. In all too many cases, rule-based anomaly detection can detect employee deviations from organizational security policies. In addition, PS0 can be considered a security provenance solution because of its ability to fully reconstruct attack patterns. Provenance graphs can be further analyzed to identify deceptive actions and overcome analytical mistakes that can result in bad decision-making, such as false attribution. Moreover, the information can be used to enrich the available intelligence (about intrusion attempts) that can form use cases to detect and remediate limitations in the system, such as loosely-coupled provenance graphs that in many cases indicate weaknesses in the physical security architecture. Ultimately, validation of the framework through use cases demonstrates and proves that PS0 can improve an organization's security posture in terms of physical security and insider threat detection.

Valentina Casola,Alessandra De Benedictis,Carlo Mazzocca,Rebecca Montanari

DOI: https://doi.org/10.1109/tetc.2022.3197464

2022-01-01

IEEE Transactions on Emerging Topics in Computing

Abstract:Cyber-physical systems (CPSs) rely upon the deep integration of computation and physical processes/systems, enabled by Internet of Things (IoT), edge computing, and cloud technologies. Noticeably, cybersecurity is a major concern in CPSs, since attacks may exploit both cyber and physical vulnerabilities and damage significantly physical equipment, compromise operational safety, and impact negatively on product quality and performance. In this context, CPS design should take both security and resilience requirements into account, by identifying the needed measures not only to prevent but also to withstand, recover from, and adapt to adverse conditions and attacks. The approach proposed in this paper aims at improving the security and resilience of a CPS deployment through a model-based design methodology leveraging security-by-design principles and Moving Target Defense (MTD) techniques, consisting in continually shifting a system configuration to reduce the attack success probability and survive attacks. Our methodology, in particular, is meant to support the threat modeling process of a CPS and the identification, based on spotted threats and on the properties of involved assets and data, of the security controls to include within the design to mitigate existing threats and of the MTD techniques to integrate in order to increase resilience.

computer science, information systems,telecommunications

Tolga Mataracioglu,Sevgi Ozkan,Ray Hackney

DOI: https://doi.org/10.48550/arXiv.1507.02458

2015-07-09

Abstract:This research considers the impact of social engineering security attacks which are noted as taking opportunities for critically exploiting user awareness and behavior. The research proposes in this respect a managerial method in an attempt to enhance or even ensure protection. The aim of this study is to construct a security lifecycle model against these eventualities and to analyze the test results that have been carried out within the context of the Turkish public sector. The main objective of the study is to determine why employees shared sensitive information by stating fallacies and related amendments through interviews and thus to understand user actions when they are face to face with a real social engineering attack. The research findings demonstrate that employees in Turkish public organizations are not sufficiently aware of information security and they generally ignore critically important security procedures. This represents an important illustration of the increasing need for further generalized user awareness and responsibilities where individuals and not simply software form a critical element of the security protection portfolio.

Cryptography and Security,Computers and Society

Kaif Qureshi,Aditya Choudhary,Aakash Sharma,Anant Singh,Kinjal Singh

DOI: https://doi.org/10.56025/ijaresm.2023.1205242072

2024-01-01

Abstract:Cyber Security plays an important role in the field of information technology. As more business activities are being automated and an increasing number of computers are being used to store sensitive information, the need for secure computer systems becomes more apparent. Securing the information have become one of the biggest challenges in the present day. Whenever we think about the cyber security the first thing that comes to our mind is ‘cyber crimes’ which are increasing immensely day by day. Various Governments and companies are taking many measures in order to prevent these cyber-crimes. The Internet itself has become critical for governments, companies, financial institutions, and millions of everyday users. Besides various measures cyber security is still a very big concern to many. This paper mainly focuses on challenges faced by cyber security on the latest technologies. It also focuses on latest about the cyber security techniques, ethics and the trends changing the face of cyber. Threats to the integrity, security and dependability of the World Wide Web (WWW) are ever-evolving. Conventional security solutions sometimes find it difficult to keep up with the ever-evolving strategies used by hackers. By combining adaptive security mechanisms designed especially for protecting the WWW with dynamic threat analysis approaches, our research offers a unique way to handle this difficulty.

Sybren de Kinderen,Monika Kaczmarek-Heß,Simon Hacks

DOI: https://doi.org/10.1007/s12599-024-00899-y

2024-10-30

Business & Information Systems Engineering

Abstract:The increased reliance of organizations on information technology inherently increases their vulnerability to cyber-security attacks. As a response, a host of cyber-security approaches exists. While useful, these approaches exhibit shortcomings such as an inclination to be fragmented, not accounting for up-to-date organizational data, focusing on singular vulnerabilities only, and being reactive, i.e., focusing on patching up vulnerabilities in current systems. The paper presents and evaluates a modeling method aiming to address those shortcomings and to support security by design with a focus on the electricity sector. The proposed modeling method encompasses a multi-level reference model reconstructing and integrating existing initiatives and supporting top-down and bottom-up analyses. Compared to earlier work, the paper contributes (1) a process model for cyber-security by design, which proactively considers security as a first-class citizen during the design process, (2) a complete coverage of the multi-level model, in terms of three views complementing the introduced process model, (3) an elaborated evaluation, in terms of reporting on an additional design science cycle.

computer science, information systems