Spelling suggestions: "subject:"blocchain"" "subject:"blokchain""
1 |
Cyber-Attack Modeling Analysis Techniques: An OverviewAl-Mohannadi, Hamad, Mirza, Qublai K.A., Namanya, Anitta P., Awan, Irfan U., Cullen, Andrea J., Pagna Disso, Jules F. January 2016 (has links)
Yes / Cyber attack is a sensitive issue in the world
of Internet security. Governments and business organisations
around the world are providing enormous effort to secure their
data. They are using various types of tools and techniques to
keep the business running, while adversaries are trying to breach
security and send malicious software such as botnets, viruses,
trojans etc., to access valuable data. Everyday the situation is
getting worse because of new types of malware emerging to attack
networks. It is important to understand those attacks both before
and after they happen in order to provide better security to
our systems. Understanding attack models provide more insight
into network vulnerability; which in turn can be used to protect
the network from future attacks. In the cyber security world, it
is difficult to predict a potential attack without understanding
the vulnerability of the network. So, it is important to analyse
the network to identify top possible vulnerability list, which will
give an intuitive idea to protect the network. Also, handling an
ongoing attack poses significant risk on the network and valuable
data, where prompt action is necessary. Proper utilisation of
attack modelling techniques provide advance planning, which
can be implemented rapidly during an ongoing attack event. This
paper aims to analyse various types of existing attack modelling
techniques to understand the vulnerability of the network; and
the behaviour and goals of the adversary. The ultimate goal is to
handle cyber attack in efficient manner using attack modelling
techniques.
|
2 |
Påverkansfaktorer i pansarduellen : människans roll i bekämpningskedjan / Influences in the armed duel : the man in the Kill Chain loopLaestadius, Nils January 2018 (has links)
This paper examines the technical and human factors that affect the time a gunner detects, identifies and destroy a target. The paper submits suggestions on technical and educational measures that can be rectified to save time in a combat process. Many battles between combat vehicles take place in swiftly situations, duel fighting. The combat distance is derived from simulated battles from all over Sweden and is set to as short distance as 300 m. The gunner can, under good weather conditions, identify a 2.3 m high target at a distance of 1520 m, but under difficult conditions like in fog, it may be hard to identify at the given distance of 300 m. This, together with, the hit probability of hitting the target due to system scattering and selection of aim point at the target, makes it difficult to determine the effect of the given fire. There is a risk that the gunner will overcompensate that with firing to many rounds at the target, which in turn leads to time losses. The purpose of the paper is to study the Kill chain process to build up knowledge of the processes, in order to understand where it is possible to optimize. This optimization should then reduce the time from detection until the target is destroyed. The results of the analysis show that the proven experience contained in the Armed Forces manuals and regulations is well balanced but lacks references so that traceability is inadequate. The result also shows that if rules of firing are followed, the opponent will be destroyed with sufficient effect. However, it depends on where the target is hit. In the front, it will be difficult to observe the effect, but a hit in the side of the target the effect will be fairly easy to observe as it leads to fire in a high number of extent. The gunner may have to fire up to eight rounds to be sure to destroy a combat vehicle depending on the distance to the target and where the round hit the target. With this result, it is recommended that a further examination be carried out on which algorithms can support image enhancing electro optics. Fusion of sensors plus fire and control systems ought to be examined to find solutions that enable predictive automatically sets of fire to speed up the kill chain. / Denna uppsats undersöker tekniska och mänskliga faktorer som påverkar tiden för en skytt att upptäcka, identifiera och nedkämpa ett mål på markarenan. Uppsatsen lägger fram förslag på vilka åtgärder ur tekniskt- och utbildningshänseende som kan åtgärdas för att spara tid vid ett bekämpningsförlopp. Många strider mellan stridsfordon sker på korta håll i snabba situationer, duellstrider. Stridsavståndet är framtaget från simulerade strider från hela Sverige och är i medeltal så kort som 300 m. Skytten kan med siktets sensor under goda väderleksförhållanden identifiera ett 2,3 m högt mål på 1520 m men kan under svårare förhållanden som i dimma få problem att identifiera motsvarande mål på stridsavstånd under 300 m. Detta tillsammans med sannolikheten att träffa målet på grund av systemspridning och val av riktpunkt gör att verkan kan vara svår att utvärdera och därmed finns risk att skytten fortsätter och bekämpar med risk för överbekämpning av målet som i sin tur leder till tidsförluster och minskad förmåga hos chefer att agera. Syftet med uppsatsen är att studera bekämpningsförloppet för att bygga upp kunskap inom området, för att kunna förstå var det går att optimera. Denna optimering skall sedan leda till att minska tiden från upptäckt till att målet är nedkämpat. Resultatet av undersökningen visar att den beprövade erfarenheten som återfinns i Försvarsmaktens handböcker och reglementen är väl avvägd men saknar referenser så att spårbarheten är bristfällig. Resultatet visar också att om skjutregler följs så kommer motståndaren att kunna nedkämpas med tillräcklig verkan. Dock så är det beroende på var i målet träffen tar. I front kommer det vara svårt att observera verkan medans träffar i sida leder till brand i stor utsträckning. Skytten kan vara tvungen att skjuta upp till åtta skott för att nedkämpa ett stridsfordon beroende på skjutavstånd och riktpunkt i målet. Med detta resultat så rekommenderas att det sker en fortsatt undersökning om vilka algoritmer som kan stödja en bildförbättrande optronik. Fusion av sensorer och eldledningssystemet bör undersökas för att hitta lösningar som gör det möjligt att prediktera eldmoment automatiskt för att snabba upp bekämpningskedjan.
|
3 |
Offensiva cyberoperationer : en undersökning ur ett humanitärrättsligt perspektiv / Offensive cyber operations : a study from an international humanitarian law perspectiveArell, Viktor January 2022 (has links)
Militär och civil verksamhet kan nyttja samma nätverk och vara beroende av samma digitala infrastruktur, vilket innebär att det kan uppstå svårigheter med att göra åtskillnad på vad som är civilt och vad som är militärt i samband med offensiva cyberoperationer. Offensiva cyberoperationers effekter kan dessutom vara svårkontrollerade. Följaktligen uppkommer frågan hur en offensiv cyberoperation ska genomföras med hänsyn till de humanitärrättsliga kraven på att skydda civila personer och objekt. Syftet med uppsatsen är att undersöka hur befälhavare i Försvarsmakten ska förhålla sig till humanitär rätt vid offensiva cyberoperationer under internationella väpnade konflikter. Med avstamp i detta syfte utgår uppsatsen från följande frågeställningar: Var går skiljelinjen mellan militära mål och civila i samband med Försvarsmaktens offensiva cyberoperationer under internationella väpnade konflikter? Hur kan sidoskador undvikas i samband med Försvarsmaktens offensiva cyberoperationer under internationella väpnade konflikter? Frågeställningarna besvaras genom att använda rättsdogmatiskmetod med Tilläggsprotokoll I till Genèvekonventionerna som huvudsaklig rättskälla. Analysen avseende hur sidoskador kan undvikas baseras på Lockheed Martins modell, Cyber kill chain. Uppsatsens slutsats är att det är ovidkommande för var skiljelinjen går om ett objekt ursprungligen är civilt, om användaren av objektet är civil eller om objektet delvis nyttjas för civila ändamål. Så länge objektet effektivt bidrar till militära operationer och en påverkan av objektet medför en avgjord militär fördel ska det klassificeras som ett militärt mål. Vidare är uppsatsens slutsats att informationsinhämtning och kontroll under hela operationsskedet är nyckeln till att undvika sidoskador i samband med Försvarsmaktens offensiva cyberoperationer under internationella väpnade konflikter. / Military and civilian functions can use the same network and depend on the same digital infrastructure, which means that there can be difficulties when distinguishing civilian objects from military objects during cyber operations. Moreover, the effects of offensive cyber operations can be difficult to control. Consequently, the question arises how an offensive cyber operation should be carried out in the light of the humanitarian law requirement to protect civilians and civilian objects. The purpose of the thesis is to examine how commanders in the Swedish Armed Forces shall comply with international humanitarian law during offensive cyber operations during international armed conflicts. Based on this purpose, the thesis revolves around the following questions: Where is the dividing line between military objectives and civilians when the Swedish Armed Forces carry out offensive cyber operations during international armed conflicts? How can collateral damage be avoided when the Swedish Armed Forces carry out offensive cyber operations during international armed conflicts? The questions are answered by using legal dogmatic method. Additional Protocol I to the Geneva Conventions is used as the main source of law. The analysis of how collateral damage can be avoided is based on Lockheed Martin's model, Cyber kill chain. The conclusion of the thesis is that it is irrelevant whether an object is originally civilian, if the user of the object is civilian or if the object is partly used for civilian purposes. As long as the object effectively contributes to military actions and an impact on the object entails a definite military advantage, it shall be classified as a military objective. Furthermore, the thesis concludes that information gathering and control throughout the operation is the key to avoiding collateral damage when the Swedish Armed Forces carry out offensive cyber operations during international armed conflicts.
|
4 |
Ransomware-attacker : En kvalitativ studie kring informationssäkerhetsarbetet inom mindre svenska kommunerJärgenstedt, Tindra, Kvernplassen, Nelly January 2023 (has links)
Ransomware-attacker har blivit ett allt större hot i och med samhällets ständigt pågående digitalisering. Denna studie undersöker vilka faktorer som är viktiga för att förhindra ransomware-attacker mot mindre svenska kommuner. För att åstadkomma detta genomfördes semistrukturerade intervjuer med sex olika respondenter. De som intervjuades arbetade alla i mindre svenska kommuner och hade god insyn och kunskap kring kommunens IT- och informationssäkerhetsarbete. Materialet analyserades sedan utifrån Protection Motivation Theory (PMT). Studien diskuterar både kommunernas attityd till informationssäkerhet samt konstaterar vilka säkerhetsåtgärder som utmärker sig som viktigast. Dessa var skyddade säkerhetskopior, utbildning samt kontinuitetsplaner kopplade till just IT-attacker. / Ransomware attacks have become an increasing threat with the ongoing digitalization of society. This study investigates what factors are important to prevent ransomware attacks against smaller Swedish municipalities. To accomplish this, semi-structured interviews were conducted with six different respondents. The interviewees all worked in smaller Swedish municipalities and had good insight and knowledge of the municipality's IT and information security work. The material was then analyzed using Protection Motivation Theory (PMT). The study discusses both the municipalities' attitude to information security and notes which security measures stand out as most important. These were protected backups, education and continuity plans linked to IT attacks. The paper then concludes with suggestions for further research.
|
5 |
Training Security Professionals in Social Engineering with OSINT and SieveMeyers, Jared James 01 June 2018 (has links)
This research attempts to create a novel process, Social Engineering Vulnerability Evaluation, SiEVE, to use open source data and open source intelligence (OSINT) to perform efficient and effectiveness spear phishing attacks. It is designed for use by "œred teams" and students learning to conduct a penetration test of an organization, using the vector of their workforce. The SiEVE process includes the stages of identifying targets, profiling the targets, and creating spear phishing attacks for the targets. The contributions of this research include the following: (1) The SiEVE process itself was developed using an iterative process to identify and fix initial shortcomings; (2) Each stage of the final version of the SiEVE process was evaluated in an experiment that compared performance of students using SiEVE against performance of those not using SiEVE in order to test effectiveness of the SiEVE process in a learning environment; Specifically, the study showed that those using the SiEVE process (a) did not identify more targets, (b) did identify more information about targets, and (c) did lead to more effective spear phishing attacks. The findings, limitations, and future work are discussed in order to provide next steps in developing formalized processes for red teams and students learning penetration testing.
|
6 |
Information Security Training and Serious GamesAgrianidis, Anastasios January 2021 (has links)
The digital transformation of the 21st century has led to a series of new possibilities and challenges, where one major concern of many major organizations and enterprises is promoting Information Security Awareness and Training (ISAT) for their employees. This aspect of Information Security (IS) can promote cybersecurity in the work environment against threats related to the human factor. Apart from traditional methods as workshops and seminars, researchers study the effect of gamification on ISAT, by proposing customized digital games to train employees regardless their IT skills. This thesis is trying to propose what techniques and approaches can be considered to train people throughout a full threat progression by studying the features of previous efforts. For this purpose, a literature study based on the principles of a systematic literature review (SLR) is essential to gather the available data and review their characteristics. More specifically, the solutions of the researchers are analyzed against the seven steps of the Lockheed Martin Cyber Kill Chain (LM CKC), where each game is classified to one or more phases, according to the training they offer. Thus, some tools can provide a wide range of training, covering many aspects of the CKC, while others are targeting a specific IS topic. The results also suggest that popular attacks involving social engineering, phishing, password and anti-malware software are addressed by many games, mainly in the early stages of the CKC and are focus on trainees without professional IT background. On the other hand, in the last two phases of the CKC, the majority of categorized games involves countermeasures that IS specialists must launch to prevent the security breach. Therefore, this study offers insight on the characteristics of serious games, which can influence an ISAT program, tailored to the enterprise’s distinct IS issue(s) and the IT background of the trainees.
|
7 |
UAV:ernas möte med en högteknologisk motståndare : en fallstudie av konfikten i UkrainaAndersson, Liam January 2019 (has links)
UAV:er används frekvent i samhället och med detta har den kommersiella marknaden växt. Därför är det rimligt att de används i större utsträckning i konflikter, vilket innebär att konflikter där båda parter har UAV:er som kan klassas som relativt högteknologiska möts blir troligare. Ukraina och Rysslands användande av UAV i Ukraina kan räknas som denna typ av konflikt. I uppsatsen är det UAV:er av den militära typen som diskuteras. Skillnaden mellan dessa och civila typer är framförallt räckvidd, flygtid och kvalitén på sensorerna.För att undersöka hur UAV:er nyttjas och taktiseras med i denna typ av konflikter har följande frågeställning använts: Hur påverkas nyttjandet av UAV:er i en konflikt mellan två högteknologiska motståndare?Genom att analysera beslutsprocessen med hjälp av OODA-loopen och bekämpningskedjan har författaren kunnat dra följande slutsatser om nyttjandet i denna typ av konflikt. Uppsatsen är genomförd som en fallstudie där metoderna kvalitativ textanalys och intervju använts Slutsatsen är att den multiplikator som UAV varit i Ukraina visar på att de kommer fortsätta användas i framtida konflikter. Trots att telekrig varit aktivt mot just UAV:erna och att de saknar motmedel mot störningen har de fortsatt att nyttjas, den multiplikatoreffekt de bidrar med kan motiveras stridsekonomiskt och väger tyngre än de problem som störningen innebär. / UAV: s are in more frequent use as a result of a growing commercial market. This increases the probability of UAV: s in conflicts. This means that conflicts where both sides have access to UAV: s that are relatively high-tech becomes more likely. Ukraine and Russia’s use of UAV: s in Ukraine can be described as this kind of conflict. In this paper it is primarily military UAV: s that are discussed. The difference between these and their civilian counterparts are range, flight time and the quality of the sensors. In order to understand how the use of UAV: s is being affected, the following question needs to be answered. How is the use of UAV: s affected in a conflict between two high-tech opponents? This was answered by analysing the decision-making process using the OODA loop and the kill chain. The paper is a case study which uses qualitative text analysis and an interview.The conclusion of this paper is that UAV: s has acted as a force multiplier in Ukraine and they will be used in future conflicts. Despite the electronic warfare against the UAV: s and the fact that they are missing systems for counteracting the disturbance both sides continue to use UAV: s. The force multiplier that is gained from using UAV: s is justified from a battle economic standpoint despite being hindered by electronic warfare.
|
8 |
Simulace správy informační bezpečnosti ve fakultním prostředí / Simulating information security management within a university environmentHložanka, Filip January 2020 (has links)
This diploma thesis is concerned with simulating information security management within a university environment. It is divided into three parts. The theoretical part focuses on describing the assets which could be part of a faculty network, attacks that could target it, security processes which could protect it and users that are active within it. The analytical part then applies these segments on a real faculty network. Based on this analysis, a set of specific assets, attacks, security processes and other tasks is created in order to simulate a simplified version of the analyzed network using a sophisticated cybernetic polygon. The security of the network is then assessed after several iterations of the simulations. Its parameters are adjusted in the effort to increase its security and the module is tested on an academic employee in order to assess its effectiveness. The conclusion evaluates the possibilities of increasing the security of the simulated network as well as the usability of the cybernetic polygon in practice.
|
Page generated in 0.0274 seconds