Best practice strategy framework for developing countries to secure cyberspace

12 November 2015

M.Com. (Informatics) / Cyber issues are global phenomena in a world of inter-related systems, and as such, the discussion on cybersecurity frameworks, policies and strategies inevitably requires reference to, and benchmarking with regional, continental and global trends and solutions. This, in the context of the effects of globalisation on developing countries, with specific reference to areas such as Africa as a developing continent with regard to the protection of its cyberspace. More drastic measures, such as the utilization of cyber warfare techniques and pre-emptive cyber strike-teams in addition to traditional cybersecurity mechanisms as an essential part of a national security effort to protect cyberspace has become more prevalent within the developed worlds. Likewise, developing nations need to gear themselves in a structured, coordinated and responsible way in order to do their part to secure their own environments. Cyberspace is a dynamic global environment with cyber related issues being a global concern. Although countries generally regulate their own cyber environment through policy; cross-border cyber issues are difficult to resolve and the lack of international cyber laws impede cybersecurity efforts. Cybercrime and the management of cross-border cyber incidents are becoming a growing national security concern as the lack of effective controls leave critical infrastructure and the cyber-connected environment vulnerable to attack. Some developing countries are on track with the maturity of their cybersecurity initiatives, but appropriate cybersecurity frameworks for many developing countries require careful consideration, especially due to the lack of resources, infrastructure and local technology development capabilities.

Computer networks - Security measures

Data encryption (Computer science)

Cyberspace - Security measures

Cyberterrorism - Prevention

Information warfare - Prevention

Cyber security in power systems

Sridharan, Venkatraman

06 April 2012

Many automation and power control systems are integrated into the 'Smart Grid' concept for efficiently managing and delivering electric power. This integrated approach created several challenges that need to be taken into consideration such as cyber security issues, information sharing, and regulatory compliance. There are several issues that need to be addressed in the area of cyber security. Currently, there are no metrics for evaluating cyber security and methodologies to detect cyber attacks are in their infancy. There is a perceived lack of security built into the smart grid systems, but there is no mechanism for information sharing on cyber security incidents. In this thesis, we discuss the vulnerabilities in power system devices, and present ideas and a proposal towards multiple-threat system intrusion detection. We propose to test the multiple-threat methods for cyber security monitoring on a multi-laboratory test bed, and aid the development of a SCADA test bed, to be constructed on the Georgia Tech Campus.

Cyber security

SCADA

NERC

PLA

Electric power distribution

Cyberterrorism

Computer security

Computer networks Security measures

M.I.D.A.S. : metrics identification of attack surfaces / Metrics identification of attack surfaces

Meek, Joshua A.

05 May 2012

This thesis endeavors to determine the feasibility of design metrics as a predictor of attack surface size by finding a positive correlation between one or more design metrics and an application’s attack surface measurement. An attack surface is the set of ways in which an adversary can enter a system and potentially cause damage. For an experimental setting, six open-source java-based projects were analyzed. For each project, the attack surface is assessed using Microsoft’s Attack Surface Analyzer, which takes a snapshot of a system state before and after the installation of product(s) and displays the changes to a number of key elements of the Windows attack surface. A collection of design metrics was collected from each open-source project as well. The goal is to find a metric or set of metrics that predicted the attack surface changes identified by the Attack Surface Analyzer. / Department of Computer Science

Cyberterrorism -- Prevention

Software measurement

Computer security -- Design

Microsoft Attack Surface Analyzer

Applications of GUI usage analysis

Imsand, Eric Shaun. Hamilton, John A.,

January 2008

Thesis (Ph. D.)--Auburn University, 2008. / Abstract. Includes bibliographical references (p. 119-122).

Security and Statistics on Power Grids

Escobar Santoro, Mauro

January 2019

Improving the functioning and the safety of the electrical grids is a topic of great concern, given its magnitude and importance in today's world. In this thesis, we focus in these two subjects. In the first part, we study undetectable cyber-physical attacks on power grids, which are attacks that involve physical disruptions, including tripping lines and load modifications, and sensor output alterations. We propose a sophisticated attack model described under the full Alternating Current (AC) power flow equations and show its feasibility on large grids from a test cases library. As counter-measures, we propose different defensive strategies that the network's controller can apply under a suspected cyber attack. These are random, simple and fast procedures that change the voltages across the network and aim to unmask the current status of the system, assuming that the attacker cannot react against their randomness. Secondly, with access to data collected through Phasor Measurement Units (PMUs) by a power utility in the United States, we perform statistical analyses on the frequency and voltage time series that have been recorded at a rate of 30 Hz. We focus on intervals of time where the sampled data shows to be in steady-state conditions and, with the use of appropriate signal processing filters, we are able to extract hidden anomalies such as spatio-temporal correlations between sensors and harmonic distortions.

Industrial engineering

Electrical engineering

Cyberterrorism

Power resources--Data processing

Countering Expansion and Organization of Terrorism in Cyberspace

Ogunlana, Sunday Oludare

01 January 2018

Terrorists use cyberspace and social media technology to create fear and spread violent ideologies, which pose a significant threat to public security. Researchers have documented the importance of the application of law and regulation in dealing with the criminal activities perpetrated through the aid of computers in cyberspace. Using routine activity theory, this study assessed the effectiveness of technological approaches to mitigating the expansion and organization of terrorism in cyberspace. The study aligned with the purpose area analysis objective of classifying and assessing potential terrorist threats to preempt and mitigate the attacks. Data collection included document content analysis of the open-source documents, government threat assessments, legislation, policy papers, and peer-reviewed academic literature and semistructured interviews with fifteen security experts in Nigeria. Yin's recommended analysis process of iterative and repetitive review of materials was applied to the documents analysis, including interviews of key public and private sector individuals to identify key themes on Nigeria's current effort to secure the nation's cyberspace. The key findings were that the new generation of terrorists who are more technological savvy are growing, cybersecurity technologies are effective and quicker tools, and bilateral/multilateral cooperation is essential to combat the expansion of terrorism in cyberspace. The implementation of recommendations from this study will improve the security in cyberspace, thereby contributing to positive social change. The data provided may be useful to stakeholders responsible for national security, counterterrorism, law enforcement on the choice of cybersecurity technologies to confront terrorist expansion, and organization in cyberspace.

counterterrorism

cybersecurity

cyberspace

cyberterrorism

jihadist

Propaganda

Computer Sciences

Public Policy

Social and Behavioral Sciences

Překonání patové situace: Vyhlídky na spolupráci mezi Ruskem a USA v oblasti kybrnetické bezpečnosti / Beyond the Impasse: Prospects for Joint Cooperation between Russia and the US in Cybersecurity

Myftari, Kledian

January 2021

Russia and the US have both articulated their willingness to develop a regime for counter cyberterrorism. Yet, to date, they have been unsuccessful in following through with this goal. Their failure to form such a regime can best be explained through the lens of social constructivism, and most specifically, through the concept of strategic culture, given that such an approach allows for the examination of ideological, historical, and cultural issues that have shaped the strategy choices of both countries. Russia and the US have successfully formed regimes with other countries in which issues of counter cyberterrorism come to play. Russia has entered into agreements with BRICS and with the Shanghai Cooperation Organization. The US has involved itself in cybersecurity regimes both with its NATO allies and with its Latin American and Caribbean allies. Russia and the US have furthermore entered into a number of agreements with each other, including the Anti-Ballistic Missile Treaty, the Intermediate- Range Nuclear Forces Treaty, and New-START. A strategic culture perspective, which focuses primarily on historical factors, such as a history of invasion or lack thereof, and the relations of both countries with their respective neighbors, reveals how the discourse of human rights and the freedoms of...

Toward A Secure Account Recovery: Machine Learning Based User Modeling for protection of Account Recovery in a Managed Environment

Alubala, Amos Imbati

January 2023

As a result of our heavy reliance on internet usage and running online transactions, authentication has become a routine part of our daily lives. So, what happens when we lose or cannot use our digital credentials? Can we securely recover our accounts? How do we ensure it is the genuine user that is attempting a recovery while at the same time not introducing too much friction for the user? In this dissertation, we present research results demonstrating that account recovery is a growing need for users as they increase their online activity and use different authentication factors. We highlight that the account recovery process is the weakest link in the authentication domain because it is vulnerable to account takeover attacks because of the less secure fallback authentication mechanisms usually used. To close this gap, we study user behavior-based machine learning (ML) modeling as a critical part of the account recovery process. The primary threat model for ML implementation in the context of authentication is poisoning and evasion attacks. Towards that end, we research randomized modeling techniques and present the most effective randomization strategy in the context of user behavioral biometrics modeling for account recovery authentication. We found that a randomization strategy that exclusively relied on the user’s data, such as stochastically varying the features used to generate an ensemble of models, outperformed a design that incorporated external data, such as adding gaussian noise to outputs. This dissertation asserts that account recovery process security posture can be vastly improved by incorporating user behavior modeling to add resiliency against account takeover attacks and nudging users towards voluntary adoption of more robust authentication factors.

Computer science

Data recovery (Computer science)

Cyberterrorism

Random noise theory

Distributed deployment of Therminators in the network

Cheng, Kah Wai

12 1900

Approved for public release; distribution in unlimited. / The idea of deploying a distributed network intrusion system using Therminator is explored in this thesis. There are many advantages in having a distributed system compared to a standalone network intrusion system. The underlying principle of Therminator is modeling network traffic on conversation exchange models. Using Zippo, a new implementation of Therminator, the experimental setup consisted of multiple sensors reporting individual findings to a central server for aggregated analysis. Different scenarios of network attacks and intrusions were planned to investigate the effectiveness of the distributed system. The network attacks were taken from the M.I.T Lincoln Lab 1999 Data Sets. The distributed system was subjected to different combinations of network attacks in various parts of the network. The results were then analyzed to understand the behavior of the distributed system in response to the different attacks. In general, the distributed system detected all attacks under each scenario. Some surprising observations also indicated attack responses occurring in unanticipated scenarios. These results are subject to further investigation. / Defence Science & Technology Agency Singapore

Computer networks

Security measures

Computer security

Cyberterrorism

Prevention

Distributed

Network Intrusion System

Therminator

Zippo

Lincoln Lab Data

Robust and secure monitoring and attribution of malicious behaviors

Srivastava, Abhinav

08 July 2011

Worldwide computer systems continue to execute malicious software that degrades the systemsâ performance and consumes network capacity by generating high volumes of unwanted traffic. Network-based detectors can effectively identify machines participating in the ongoing attacks by monitoring the traffic to and from the systems. But, network detection alone is not enough; it does not improve the operation of the Internet or the health of other machines connected to the network. We must identify malicious code running on infected systems, participating in global attack networks. This dissertation describes a robust and secure approach that identifies malware present on infected systems based on its undesirable use of network. Our approach, using virtualization, attributes malicious traffic to host-level processes responsible for the traffic. The attribution identifies on-host processes, but malware instances often exhibit parasitic behaviors to subvert the execution of benign processes. We then augment the attribution software with a host-level monitor that detects parasitic behaviors occurring at the user- and kernel-level. User-level parasitic attack detection happens via the system-call interface because it is a non-bypassable interface for user-level processes. Due to the unavailability of one such interface inside the kernel for drivers, we create a new driver monitoring interface inside the kernel to detect parasitic attacks occurring through this interface. Our attribution software relies on a guest kernelâ s data to identify on-host processes. To allow secure attribution, we prevent illegal modifications of critical kernel data from kernel-level malware. Together, our contributions produce a unified research outcome --an improved malicious code identification system for user- and kernel-level malware.

Systems security

Virtualization

Malware detection

Security architecture

Malware (Computer software)

Denial of service attacks

Cyberterrorism

Computer viruses

Kernel functions