Log analysis aided by latent semantic mapping

Buys, Stephanus

14 April 2013

In an age of zero-day exploits and increased on-line attacks on computing infrastructure, operational security practitioners are becoming increasingly aware of the value of the information captured in log events. Analysis of these events is critical during incident response, forensic investigations related to network breaches, hacking attacks and data leaks. Such analysis has led to the discipline of Security Event Analysis, also known as Log Analysis. There are several challenges when dealing with events, foremost being the increased volumes at which events are often generated and stored. Furthermore, events are often captured as unstructured data, with very little consistency in the formats or contents of the events. In this environment, security analysts and implementers of Log Management (LM) or Security Information and Event Management (SIEM) systems face the daunting task of identifying, classifying and disambiguating massive volumes of events in order for security analysis and automation to proceed. Latent Semantic Mapping (LSM) is a proven paradigm shown to be an effective method of, among other things, enabling word clustering, document clustering, topic clustering and semantic inference. This research is an investigation into the practical application of LSM in the discipline of Security Event Analysis, showing the value of using LSM to assist practitioners in identifying types of events, classifying events as belonging to certain sources or technologies and disambiguating different events from each other. The culmination of this research presents adaptations to traditional natural language processing techniques that resulted in improved efficacy of LSM when dealing with Security Event Analysis. This research provides strong evidence supporting the wider adoption and use of LSM, as well as further investigation into Security Event Analysis assisted by LSM and other natural language or computer-learning processing techniques. / LaTeX with hyperref package / Adobe Acrobat 9.54 Paper Capture Plug-in

Latent semantic indexing

Data mining

Computer networks -- Security measures

Computer hackers

Computer security

Governance responses to hacking in the banking sector of South Africa : an exploratory study

Roos, Christiaan J.

20 November 2013

D.Comm. (Auditing) / Organisations today are critically dependent on IT to enable business operations and ensure competitiveness in a growing international marketplace. At the same time, IT also introduces significant risks, such as hacking. The board of directors is ultimately responsible for mitigating IT risk as a component of business risk. This task is included in its corporate governance responsibilities, which, in the South African context, is underpinned by the King Code of Corporate Governance. The board of directors also plays a key role in identifying and enabling the most appropriate responses to IT risk, including hacking. This inevitably necessitates greater focus on and understanding of risks such as hacking. The determined and elusive nature of hackers makes them a significant threat to organisations today. Not only are hackers characterised by various profiles and motives, but they are also exceptionally skilled in exploiting weak security practices and software vulnerabilities, with attack techniques which range from non-technical social engineering to advanced technical attacks and exploits. Hackers are role-players in cybercrime and cyber warfare, as is evident from the media and information security survey results explored in this thesis, in particular within the banking sector, which is the financial backbone of the country. It is for this reason that the South African banking sector has been selected as the target population for this study. This study considers the meaning and nature of hacking, viewing it as either a risk or an event, which requires preventative or detective responses. The effect of hacking on business risks is explored next by identifying common business risks and common IT risks themes, where after the fundamental links between hacking and the IT risk themes are established. This study further argues that business risks are increased by IT risks, which implies that, by indirect association, business risks are increased by hacking. A response to this threat is required, in particular from a governance perspective, with the board of directors playing a fundamental role in supporting the appropriate responses. This study explores the advantages and disadvantages of various responses to hacking, highlighting the point that most traditional responses are not effective enough in fully mitigating the hacking threat. It is argued that ethical hacking is an effective response to the threat of hacking. The nature of ethical hacking is explored, including its objectives, motivation, advantages and disadvantages. The multi-faceted nature of the ethical hacking response is also considered. In order to explore the risks and responses to hacking in the banking sector in South Africa, an analysis of annual reports was conducted and two questionnaires were administered. The analysis of the annual reports of the 16 locally registered banks in South Africa highlighted differences in disclosure practices around IT risk, IT governance and hacking. This was followed by empirical testing in the local banking sector, by using a mixed-method approach in order to solicit mostly quantitative, but also qualitative, responses from company secretaries and individuals responsible for IT at the 16 locally registered banks. The results of the questionnaires indicated that the board of directors is not fully embracing its IT governance responsibilities and that IT matters are mostly dealt with by risk management committees at board level or IT steering committees at executive management level. The effect of IT risks on business risks such as human resource risk and physical risk is underestimated. Respondents were unclear about the effect of hacking on IT risks, such as IT human resource risk and lack of software development. The local banking sector is not fully aware of how hacking can affect organisations, and banks are not making enough use of ethical hacking as a response to the hacker threat. This is the first study of its kind to explore ethical hacking in the context of governance responses. The study breaks new ground by providing a unique in-depth analysis of the link between business risk, IT risk and hacking. It is also the first study into the various responses to hacking in the SA banking sector and will assist not only the banking industry but business at large in defining appropriate preventative and detective responses to hacking.

Computer security - Auditing

Computer hackers

Risk management

Strafbarkeit des unberechtigten Zugangs zu Computerdaten und -systemen /

Krutisch, Dorothee.

January 2004

Univ., Diss.--Saarbrücken, 2003. / Literaturverz. S. 241 - 255.

The Gautrain : active communication research on the manifestations of the hacker ethic by citizen journalists

Pritchard, Maritha.

January 2010

Thesis (MTech. degree in Journalism) -- Tshwane University of Technology, 2010. / Explores the themes derived from the six tenets of the hacker ethic in blog posts about the Gautrain project over a one-year period. It also describes how citizen journalists express the six tenets of the hacker ethic when blogging about the Gautrain project.

Railroads -- South Africa -- Gauteng.

Dissertations, Academic -- South Africa.

Hacktivism.

Citizen journalism.

Computer hackers.

Blogs -- Social aspects.

Um modelo complementar para aprimorar a segurança da informação no SDLC para dispositivos móveis: SDD - security driven development

Paulo, Luis Gonzaga de

20 August 2015

O uso de dispositivos móveis por um número cada vez maior de pessoas, e em um número crescente de atividades que requerem mais segurança da informação, coloca em evidência a necessidade de prover segurança nos softwares desse ambiente. O aspecto de segurança da informação em dispositivos móveis é preocupante. Entretanto os modelos utilizados pela indústria de software – e os encontrados na literatura atual - no desenvolvimento de aplicações móveis com requisitos de segurança da informação de alto nível ainda não respondem às necessidades de mais segurança reclamadas pelos usuários. O presente estudo considera que tais modelos podem ser melhorados com o incremento de métodos e técnicas específicas, algumas já utilizadas com sucesso no desenvolvimento de aplicações desktop ou não voltadas para o ambiente de dispositivos móveis. Este trabalho propõe a inclusão de abordagem de segurança da informação no início do ciclo de vida do desenvolvimento de software, a partir do estudo das ameaças e vulnerabilidades, da aplicação antecipada dos casos de abuso – aqui chamados de casos de uso impróprio, da análise de risco, dos testes de segurança baseados no risco e do uso de máquinas de ataque nos testes de segurança durante o processo de desenvolvimento do software. Para alcançar o objetivo desta pesquisa, os modelos mais conhecidos e utilizados no ciclo de vida do desenvolvimento de software são analisados do ponto de vista da segurança da informação, e uma nova abordagem é proposta por meio do uso de um modelo complementar de desenvolvimento de software voltado para a segurança. Alguns modelos de artefatos são apresentados e um estudo de caso aplicando os conceitos tratados na pesquisa é utilizado com o intuito de avaliar as principais contribuições discutidas no texto, e também alguns dos resultados preliminares obtidos com a realização do trabalho de pesquisa. / The increasingly wide and intense use of mobile devices - whose processing and storage capacity grows almost overcoming the desktops - exposes greatly issues relating to information security in this environment. This is a worrying fact. However, the models currently found in the literature and used by software industry in developing mobile applications with the highest information security requirements are not yet answering users’ needs for more security, and may be improved adding specific methods or techniques, sometimes already used in desktop - or not mobile ones - applications development. This work proposes to insert information security approach early in the software development life cycle using threats and vulnerabilities study, the early application of abuse case - also called misuse cases, the risk analysis, the risk based security test and the use of attack machines in the development process. To reach the research goal, this work analyzed usual models used on SDLC from the information security point of view, and presents a new approach thru the use of a security driven development complementary model. The work also presents some templates and uses a case study for apply the concepts and evaluate the main contributions discussed in the text, also as the preliminary results obtained on the research.

Software - Desenvolvimento

Software - Proteção

Proteção de dados

Hackers

Computação

Computer software - Development

Software protection

Data protection

Computer hackers

Computer science

An investigation into information security practices implemented by Research and Educational Network of Uganda (RENU) member institution

Kisakye, Alex

06 November 2012

Educational institutions are known to be at the heart of complex computing systems in any region in which they exist, especially in Africa. The existence of high end computing power, often connected to the Internet and to research network grids, makes educational institutions soft targets for attackers. Attackers of such networks are normally either looking to exploit the large computing resources available for use in secondary attacks or to steal Intellectual Property (IP) from the research networks to which the institutions belong. Universities also store a lot of information about their current students and staff population as well as alumni ranging from personal to financial information. Unauthorized access to such information violates statutory requirement of the law and could grossly tarnish the institutions name not to mention cost the institution a lot of money during post-incident activities. The purpose of this study was to investigate the information security practices that have been put in place by Research and Education Network of Uganda (RENU) member institutions to safeguard institutional data and systems from both internal and external security threats. The study was conducted on six member institutions in three phases, between the months of May and July 2011 in Uganda. Phase One involved the use of a customised quantitative questionnaire tool. The tool - originally developed by information security governance task-force of EDUCAUSE - was customised for use in Uganda. Phase Two involved the use of a qualitative interview guide in a sessions between the investigator and respondents. Results show that institutions rely heavily on Information and Communication Technology (ICT) systems and services and that all institutions had already acquired more than three information systems and had acquired and implemented some of the cutting edge equipment and systems in their data centres. Further results show that institutions have established ICT departments although staff have not been trained in information security. All institutions interviewed have ICT policies although only a few have carried out policy sensitization and awareness campaigns for their staff and students. / TeX

Computer hackers

Secure web applications against off-line password guessing attack : a two way password protocol with challenge response using arbitrary images

Lu, Zebin

14 August 2013

Indiana University-Purdue University Indianapolis (IUPUI) / The web applications are now being used in many security oriented areas, including online shopping, e-commerce, which require the users to transmit sensitive information on the Internet. Therefore, to successfully authenticate each party of web applications is very important. A popular deployed technique for web authentication is the Hypertext Transfer Protocol Secure (HTTPS) protocol. However the protocol does not protect the careless users who connect to fraudulent websites from being trapped into tricks. For example, in a phishing attack, a web user who connects to an attacker may provide password to the attacker, who can use it afterwards to log in the target website and get the victim’s credentials. To prevent phishing attacks, the Two-Way Password Protocol (TPP) and Dynamic Two-Way Password Protocol (DTPP) are developed. However there still exist potential security threats in those protocols. For example, an attacker who makes a fake website may obtain the hash of users’ passwords, and use that information to arrange offline password guessing attacks. Based on TPP, we incorporated challenge responses with arbitrary images to prevent the off-line password guessing attacks in our new protocol, TPP with Challenge response using Arbitrary image (TPPCA). Besides TPPCA, we developed another scheme called Rain to solve the same problem by dividing shared secrets into several rounds of negotiations. We discussed various aspects of our protocols, the implementation and experimental results.

Web Security

Web sites -- Security measures

World Wide Web -- Security measures

Computer network protocols -- Standards

Computer hackers

Computers -- Access control -- Passwords

Internet -- Security measures

Phishing -- Security measures

Hacking the law: an analysis of internet-based campaigning on digital rights in the European Union / Hacker la loi: analyse de campagnes d'influence assistées par internet autour des droits numériques dans l'Union européenne

Breindl, Yana

22 October 2011

Digital rights activism constitutes an exemplary case of how internet affordances can be mobilised to engender political change. The values and principles stemming from the hacker imaginaire, and free and open source software practices, underpin digital rights activism, which uses the internet as a tool, object and platform for the protection of rights in the digital realm. The analysis focuses on how digital rights activists use and adapt the political affordances of the internet to intervene in European Union policy-making. Two original case studies of internet-based campaigning at the European level (the “No Software Patents” and the “Telecoms package” campaigns) provide in-depth insight into the campaigning processes and their impact upon parliamentary politics. The cases highlight the complementarity of online and offline collective action, by examining processes of open collaboration, information disclosure and internet-assisted lobbying. The success of the “Telecoms package” campaign is then assessed, along with the perspective of the targets: members and staff of the European Parliament.<p><p>The belief in values of freedom, decentralisation, openness, creativity and progress inspires a particular type of activism, which promotes autonomy, participation and efficiency. The empirical evidence suggests that this set of principles can, at times, conflict with practices observed in the field. This has to do with the particular opportunity structure of the European Union and the characteristics of the movement. The EU favours functional integration of civil society actors who are expected to contribute technical and/or legal expertise. This configuration challenges internet-based protest networks that rely on highly independent and fluctuating engagement, and suffer from a lack of diversity and cohesion. The internet does not solve all obstacles to collective action. It provides, however, a networked infrastructure and tools for organising, coordinating and campaigning. Online and offline actions are not only supportive of each other. Internet-based campaigning can be successful once it reaches out beyond the internet, and penetrates the corridors of political institutions.<p> / Doctorat en Information et communication / info:eu-repo/semantics/nonPublished

Sciences humaines

Information et communication

Internet -- Political aspects -- Europe

Computer hackers -- Europe

Internet -- Aspect politique -- Europe

Internet -- Droit -- Europe

Pirates informatiques -- Europe

civil society / campagne d'influence

action collective

neutralité du net

Union européenne

société civile

Campaigning

political activism

collective action

propriété intellectuelle

TIC

internet

activisme politique

European Union

net neutrality

intellectual property rights

ICTs