Determining Small Business Cybersecurity Strategies to Prevent Data Breaches

Saber, Jennifer

01 January 2016

Cybercrime is one of the quickest growing areas of criminality. Criminals abuse the speed, accessibility, and privacy of the Internet to commit diverse crimes involving data and identity theft that cause severe damage to victims worldwide. Many small businesses do not have the financial and technological means to protect their systems from cyberattack, making them vulnerable to data breaches. This exploratory multiple case study, grounded in systems thinking theory and routine activities theory, encompassed an investigation of cybersecurity strategies used by 5 small business leaders in Middlesex County, Massachusetts. The data collection process involved open-ended online questionnaires, semistructured face-to-face interviews, and review of company documents. Based on methodological triangulation of the data sources and inductive analysis, 3 emergent themes identified are policy, training, and technology. Key findings include having a specific goal and tactical approach when creating small business cybersecurity strategies and arming employees with cybersecurity training to increase their awareness of security compliance. Recommendations include small business use of cloud computing to remove the burden of protecting data on their own, thus making it unnecessary to house corporate servers. The study has implications for positive social change because small business leaders may apply the findings to decrease personal information leakage, resulting from data breaches, which affects the livelihood of individuals or companies if disclosure of their data occurs.

Cybercrime

Cyber Security

Business

Ranks and Partial Cuts in Forward Hypergraphs

Sawilla, Reginald Elias

02 May 2011

Many real-world relations are networks that can be modelled with a kind of directed hypergraph named a forward hypergraph (F-graph). F-graphs capture the semantics of both conjunctive and disjunctive dependency relations. Logic statements are sometimes represented using AND/OR directed graphs and they directly correspond with F-graphs; we provide algorithms to convert between the two types of graph. One problem of interest in networks is determining the degree to which the network, with a priority on certain elements, depends upon individual nodes. We address this problem by providing an algorithm, AssetRank, which computes vertex ranks and takes into account network priorities, preferential dependencies, and extra-network influences. A second problem of interest in networks is optimizing the removal of nodes to separate two subcommunities (source and target) to the greatest practical degree, even when a complete disconnection is impractical. The problem is complicated by the need to consider the cost of removing nodes, a budget that constrains the degree to which separation is possible, cascading effects of removing a node, non-linear effects of removing nodes in combination, and removing nodes with the greatest impact on the subcommunities. To this end, we use F-graphs and introduce the concepts of vertex closures and closure-relation graphs. We created two partial-cut algorithms: the first one computes an optimal solution to this NP-hard optimization problem, and the second one estimates an optimization by exploring the closure-relation graph in a best-first search manner. Computer network defence provides a ready application area. Network defenders wish to understand which services and hosts are defence priorities (defence goals), and then, which configurations and vulnerabilities are the most useful to attackers in reaching the defence goals. The defenders' resources are constrained in terms of available person-hours, finances, and acceptable impacts to operations. The work in this thesis supports network defenders by providing actionable information that efficiently removes attack enablers and ensures defence priorities. We present an integration of our algorithms with commercial and open-source network security software. / Thesis (Ph.D, Computing) -- Queen's University, 2011-04-30 22:17:52.062

hypergraph ranks

hypergraph cuts

cyber security

decision support

Developing a framework for e-commerce privacy and data protection in developing nations : a case study of Nigeria

Adelola, Tiwalade

January 2017

The emergence of e-commerce has brought about many benefits to a country s economy and individuals, but the openness of the Internet has given rise to misuse of personal data and Internet security issues. Therefore, various countries have developed and implemented cyber-security awareness measures to counter this. However, there is currently a definite lack in this regard in Nigeria, as there are currently, little government-led and sponsored Internet security awareness initiatives. In addition, a security illiterate person will not know of the need to search for these awareness programmes online, particularly in Nigeria s case, where personal information security may not be regarded as an overly important issue for citizens. Therefore, this research attempts to find a means to reduce the privacy and data protection issues. It highlights the privacy and data protection problem in developing countries, using Nigeria as a case study, and seeks to provide a solution focusing on improving Internet security culture rather than focusing on solely technological solutions. The research proves the existence of the privacy and data protection problem in Nigeria by analysing the current privacy practices, Internet users perceptions and awareness knowledge, and by identifying factors specific to Nigeria that influence their current privacy and data protection situation. The research develops a framework for developing countries that consists of recommendations for relevant stakeholders and awareness training. In the case of Nigeria, the stakeholders are the government and organisations responsible for personal information security, and an awareness training method has been created to take into account Nigeria s unique factors. This training method encompasses promoting Internet security awareness through contextual training and promoting awareness programmes. Industry experts and Nigerian Internet users validated the framework. The findings obtained from the validation procedure indicated that the framework is applicable to the current situation in Nigeria and would assist in solving the privacy and Internet problem in Nigeria. This research offers recommendations that will assist the Nigerian government, stakeholders such as banks and e commerce websites, as well as Nigerian Internet users, in resolving the stated problems.

Vi ger bort vår personliga integritet för att få veta vilken M & M vi är : En kvalitativ intervjustudie med individer med kunskap om hacking

Bengtsson, Clara, Leikas, Nette

January 2018

The digital environment is facing changes and threats from different factors. Digitalisation seeks to exceed all boundaries at the expense of something we used to value high. Privacy today is a subject that garners a lot of attention due to its deterioration. This study aims to assess this dilemma from different angles and find easier ways to understand it. It considers components like updating legislation, companies’ business models and lack of available information. All this is done from the perspective of hackers and cyber security professionals by researchers without further IT background. Thus, the methodology of the study consists of qualitative interviews with persons who possess a great knowledge of the digital world. After the interviews the study has found a connection between an individual’s privacy and his choices, level of knowledge and society’s structures. The results indicate that information has become so highly valued that it can be used as a currency. This creates for example the possibility for big companies to exploit their power in order to affect opinions and consumer behaviour. However, individuals donate their privacy voluntarily in exchange for free services. Therefore, they should be offered clear information by those who recognise the threats. The study also proposes some suggestions from the professionals for better privacy.

privacy

cyber security

digitalisation

GDPR

Media and Communications

Medie- och kommunikationsvetenskap

Federated authentication using the Cloud (Cloud Aura)

Al Abdulwahid, Abdulwahid Abdullah

January 2017

Individuals, businesses and governments undertake an ever-growing range of activities online and via various Internet-enabled digital devices. Unfortunately, these activities, services, information and devices are the targets of cybercrimes. Verifying the user legitimacy to use/access a digital device or service has become of the utmost importance. Authentication is the frontline countermeasure of ensuring only the authorised user is granted access; however, it has historically suffered from a range of issues related to the security and usability of the approaches. Traditionally deployed in a point-of-entry mode (although a number of implementations also provide for re-authentication), the intrusive nature of the control is a significant inhibitor. Thus, it is apparent that a more innovative, convenient and secure user authentication solution is vital. This thesis reviews the authentication methods along with the current use of authentication technologies, aiming at developing a current state-of-the-art and identifying the open problems to be tackled and available solutions to be adopted. It also investigates whether these authentication technologies have the capability to fill the gap between the need for high security whilst maximising user satisfaction. This is followed by a comprehensive literature survey and critical analysis of the existing research domain on continuous and transparent multibiometric authentication. It is evident that most of the undertaken studies and proposed solutions thus far endure one or more shortcomings; for instance, an inability to balance the trade-off between security and usability, confinement to specific devices, lack or negligence of evaluating users’ acceptance and privacy measures, and insufficiency or absence of real tested datasets. It concludes that providing users with adequate protection and convenience requires innovative robust authentication mechanisms to be utilised in a universal manner. Accordingly, it is paramount to have a high level of performance, scalability, and interoperability amongst existing and future systems, services and devices. A survey of 302 digital device users was undertaken and reveals that despite the widespread interest in more security, there is a quite low number of respondents using or maintaining the available security measures. However, it is apparent that users do not avoid applying the concept of authentication security but avoid the inconvenience of its current common techniques (biometrics are having growing practical interest). The respondents’ perceptions towards Trusted Third-Party (TTP) enable utilising biometrics for a novel authentication solution managed by a TTP working on multiple devices to access multiple services. However, it must be developed and implemented considerately. A series of experimental feasibility analysis studies disclose that even though prior Transparent Authentication Systems (TAS) models performed relatively well in practice on real live user data, an enhanced model utilising multibiometric fusion outweighs them in terms of the security and transparency of the system within a device. It is also empirically established that a centralised federated authentication approach using the Cloud would help towards constructing a better user profile encompassing multibiometrics and soft biometric information from their multiple devices and thus improving the security and convenience of the technique beyond those of unimodal, the Non-Intrusive and Continuous Authentication (NICA), and the Weighted Majority Voting Fusion (WMVF) and what a single device can do by itself. Furthermore, it reduces the intrusive authentication requests by 62%-74% (of the total assumed intrusive requests without operating this model) in the worst cases. As such, the thesis proposes a novel authentication architecture, which is capable of operating in a transparent, continuous and convenient manner whilst functioning across a range of digital devices – bearing in mind it is desirable to work on differing hardware configurations, operating systems, processing capabilities and network connectivity but they are yet to be validated. The approach, entitled Cloud Aura, can achieve high levels of transparency thereby being less dependent on secret-knowledge or any other intrusive login and leveraging the available devices capabilities without requiring any external sensors. Cloud Aura incorporates a variety of biometrics from different types, i.e. physiological, behavioural, and soft biometrics and deploys an on-going identity confidence level based upon them, which is subsequently reflected on the user privileges and mapped to the risk level associated to them, resulting in relevant reaction(s). While in use, it functions with minimal processing overhead thereby reducing the time required for the authentication decision. Ultimately, a functional proof of concept prototype is developed showing that Cloud Aura is feasible and would have the provisions of effective security and user convenience.

005.8

Anomaly-Based Detection of Malicious Activity in In-Vehicle Networks

Taylor, Adrian

January 2017

Modern automobiles have been proven vulnerable to hacking by security researchers. By exploiting vulnerabilities in the car's external interfaces, attackers can access a car's controller area network (CAN) bus and cause malicious effects. We seek to detect these attacks on the bus as a last line of defence against automotive cyber attacks. The CAN bus standard defines a low-level message structure, upon which manufacturers layer their own proprietary command protocols; attacks must similarly be tailored for their target. This variability makes intrusion detection methods difficult to apply to the automotive CAN bus. Nevertheless, the bus traffic is generated by machines; thus we hypothesize that it can be characterized with machine learning, and that attacks produce anomalous traffic. Our goals are to show that anomaly detection trained without understanding of the message contents can detect attacks, and to create a framework for understanding how the characteristics of a novel attack can be used to predict its detectability. We developed a model that describes attacks based on their effect on bus traffic, informed by a review of published material on car hacking in combination with analysis of CAN traffic from a 2012 Subaru Impreza. The model specifies three high-level categories of effects: attacks that insert foreign packets, attacks that affect packet timing, and attacks that only modify data within packets. Foreign packet attacks are trivially detectable. For timing-based anomalies, we developed features suitable for one-class classification methods. For packet stream data word anomalies, we adapted recurrent neural networks and multivariate Markov model methods to sequence anomaly detection and compared their performance. We conducted experiments to evaluate our detection methods with special attention to the trade-off between precision and recall, given that a practical system requires a very low false alarm rate. The methods were evaluated by synthesizing anomalies within each attack category, parameterized to adjust their covertness. We generalize from the results to enable prediction of detection rates for new attacks using these methods.

anomaly detection

cyber security

intrusion detection

recurrent neural network

Improving Model Performance with Robust PCA

Bennett, Marissa A.

15 May 2020

As machine learning becomes an increasingly relevant field being incorporated into everyday life, so does the need for consistently high performing models. With these high expectations, along with potentially restrictive data sets, it is crucial to be able to use techniques for machine learning that increase the likelihood of success. Robust Principal Component Analysis (RPCA) not only extracts anomalous data, but also finds correlations among the given features in a data set, in which these correlations can themselves be used as features. By taking a novel approach to utilizing the output from RPCA, we address how our method effects the performance of such models. We take into account the efficiency of our approach, and use projectors to enable our method to have a 99.79% faster run time. We apply our method primarily to cyber security data sets, though we also investigate the effects on data sets from other fields (e.g. medical).

Machine Learning

Robust PCA

Feature Engineering

Cyber Security

Projectors

PCA

Towards Advanced Malware Classification: A Reused Code Analysis of Mirai Bonnet and Ransomware

January 2020

abstract: Due to the increase in computer and database dependency, the damage caused by malicious codes increases. Moreover, gravity and the magnitude of malicious attacks by hackers grow at an unprecedented rate. A key challenge lies on detecting such malicious attacks and codes in real-time by the use of existing methods, such as a signature-based detection approach. To this end, computer scientists have attempted to classify heterogeneous types of malware on the basis of their observable characteristics. Existing literature focuses on classifying binary codes, due to the greater accessibility of malware binary than source code. Also, for the improved speed and scalability, machine learning-based approaches are widely used. Despite such merits, the machine learning-based approach critically lacks the interpretability of its outcome, thus restricts understandings of why a given code belongs to a particular type of malicious malware and, importantly, why some portions of a code are reused very often by hackers. In this light, this study aims to enhance understanding of malware by directly investigating reused codes and uncovering their characteristics. To examine reused codes in malware, both malware with source code and malware with binary code are considered in this thesis. For malware with source code, reused code chunks in the Mirai botnet. This study lists frequently reused code chunks and analyzes the characteristics and location of the code. For malware with binary code, this study performs reverse engineering on the binary code for human readers to comprehend, visually inspects reused codes in binary ransomware code, and illustrates the functionality of the reused codes on the basis of similar behaviors and tactics. This study makes a novel contribution to the literature by directly investigating the characteristics of reused code in malware. The findings of the study can help cybersecurity practitioners and scholars increase the performance of malware classification. / Dissertation/Thesis / Masters Thesis Computer Science 2020

Computer science

Cyber-security

Mirai Botnet

Ransomware

Reused-code

Návrh, tvorba a implementace softwarové aplikace ve firemním prostředí / Design, Creation and Implementation of Software Application in the Corporate Environment

Zavadilová, Patrícia

January 2021

The master’s thesis is focused on the design and creation of a solution for converting company’s software application into the mobile and web form. The main goal is make business processes more efficient and maintain information and cyber security. The result should be a system that brings an innovative and convenient solution, time and financial savings.

Použitelnost Deepfakes v oblasti kybernetické bezpečnosti / Applicability of Deepfakes in the Field of Cyber Security

Firc, Anton

January 2021

Deepfake technológia je v poslednej dobe na vzostupe. Vzniká mnoho techník a nástrojov pre tvorbu deepfake médií a začínajú sa používať ako pre nezákonné tak aj pre prospešné činnosti. Nezákonné použitie vedie k výskumu techník pre detekciu deepfake médií a ich neustálemu zlepšovaniu, takisto ako k potrebe vzdelávať širokú verejnosť o nástrahách, ktoré táto technológia prináša. Jedna z málo preskúmaných oblastí škodlivého použitia je používanie deepfake pre oklamanie systémov hlasovej autentifikácie. Názory spoločnosti na vykonateľnosť takýchto útokov sa líšia, no existuje len málo vedeckých dôkazov. Cieľom tejto práce je preskúmať aktuálnu pripravenosť systémov hlasovej biometrie čeliť deepfake nahrávkam. Vykonané experimenty ukazujú, že systémy hlasovej biometrie sú zraniteľné pomocou deepfake nahrávok. Napriek tomu, že skoro všetky verejne dostupné nástroje a modely sú určené pre syntézu anglického jazyka, v tejto práci ukazujem, že syntéza hlasu v akomkoľvek jazyku nie je veľmi náročná. Nakoniec navrhujem riešenie pre zníženie rizika ktoré deepfake nahrávky predstavujú pre systémy hlasovej biometrie, a to používať overenie hlasu závislé na texte, nakoľko som ukázal, že je odolnejšie proti deepfake nahrávkam.