Analyzing Global Cyber Attack Correlates Through an Open Database

Aiello, Brady Benjamin

01 June 2018

As humanity becomes more reliant on digital storage and communication for every aspect of life, cyber attacks pose a growing threat. However, cyber attacks are generally understood as individual incidents reported in technological circles, sometimes tied to a particular vulnerability. They are not generally understood through the macroscopic lens of statistical analysis spanning years over several countries and sectors, leaving researchers largely ignorant of the larger trends and correlates between attacks. This is large part due to the lack of a coherent and open database of prominent attacks. Most data about cyber attacks has been captured using a repository of common vulnerabilities and exposures (CVE’s), and \honey pots", unsecured internet-connected devices which record attacks as they occur against them. These approaches help in the process of identifying vulnerabilities, but they do not capture the real world impact these attacks achieve. Therefore, in this thesis I create a database of 4,000 cyber attacks using a semi-open data source, and perform analytical queries on it to gather insights into how cyber attack volume varies among countries and sectors, and the correlates of cyber attack victims. From here, it is also possible to relate socio-economic data such as GDP and World Happiness Index to cyber attack volume. The end result is an open database of cyber attacks that allows researchers to understand the larger underlying forces which propel cyber attacks.

cybersecurity

cyber attacks

socioeconomic

political

malware

Information Security

Challenging Policies That Do Not Play Fair: A Credential Relevancy Framework Using Trust Negotiation Ontologies

Leithead, Travis S.

29 August 2005

This thesis challenges the assumption that policies will "play fair" within trust negotiation. Policies that do not "play fair" contain requirements for authentication that are misleading, irrelevant, and/or incorrect, based on the current transaction context. To detect these unfair policies, trust negotiation ontologies provide the context to determine the relevancy of a given credential set for a particular negotiation. We propose a credential relevancy framework for use in trust negotiation that utilizes ontologies to process the set of all available credentials C and produce a subset of credentials C' relevant to the context of a given negotiation. This credential relevancy framework reveals the credentials inconsistent with the current negotiation and detects potentially malicious policies that request these credentials. It provides a general solution for detecting policies that do not "play fair," such as those used in credential phishing attacks, malformed policies, and malicious strategies. This thesis motivates the need for a credential relevancy framework, outlines considerations for designing and implementing it (including topics that require further research), and analyzes a prototype implementation. The credential relevancy framework prototype, analyzed in this thesis, has the following two properties: first, it incurs less than 10% extra execution time compared to a baseline trust negotiation prototype (e.g., TrustBuilder); second, credential relevance determination does not compromise the desired goals of trust negotiation—transparent and automated authentication in open systems. Current trust negotiation systems integrated with a credential relevancy framework will be enabled to better defend against users that do not always "play fair" by incorporating a credential relevancy framework.

trust negotiation

policies

malicious

attacks

framework

privacy

security

Computer Sciences

Intrusion Detection in the Internet of Things : From Sniffing to a Border Router’s Point of View

Bull, Victoria

January 2023

The Internet of Things is expanding, and with the increasing numbers of connected devices,exploitation of those devices also becomes more common. Since IoT devices and IoT networksare used in many crucial areas in modern societies, ranging from everything between securityand militrary applications to healthcare monitoring and production efficiency, the need to securethese devices is of great importance for researchers and businesses. This project explores howan intrusion detection system called DETONAR can be used on border router logs, instead of itsoriginal use of sniffer devices. Using DETONAR in this way allows us to detect many differentattacks, without contributing to the additional cost of deploying sniffer devices and the additionalrisk of the sniffer devices themselves becoming the target of attack

Internet of Things

IoT

intrusion detection

routing attacks

Computer Engineering

Datorteknik

Towards An Enterprise Self-healing System against Botnets Attacks

Alhomoud, Adeeb M., Awan, Irfan U., Pagna Disso, Jules F.

05 1900

no / Protecting against cyber attacks is no longer a problem of organizations and home users only. Cyber security programs are now a priority of most governments. Cyber criminals have been using botnets to gain control over millions of computer, steel information and commit other malicious activities. In this paper we propose a self-healing architecture that was originally inspired from a nature paradigm and applied in the computer field. Our solution is designed to work within a network domain. We present the initial design of our solution based on the principles of self healing systems and the analysis of botnet behaviour. We discuss how to either neutralize or reverse (correct) their actions ensuring that network operations continue without disruption.

A Next Generation Approach to Combating Botnets

Alhomoud, Adeeb M., Awan, Irfan U., Pagna Disso, Jules F., Younas, M.

04 1900

no / As part of a defense-in-depth security solution for domain-controlled enterprise networks, a proposed self-healing system architecture is designed to increase resiliency against botnets with minimal disruption to network services.

A self-healing framework to combat cyber attacks. Analysis and development of a self-healing mitigation framework against controlled malware attacks for enterprise networks.

Alhomoud, Adeeb M.

January 2014

Cybercrime costs a total loss of about $338 billion annually which makes it one of the most profitable criminal activities in the world. Controlled malware (Botnet) is one of the most prominent tools used by cybercriminals to infect, compromise computer networks and steal important information. Infecting a computer is relatively easy nowadays with malware that propagates through social networking in addition to the traditional methods like SPAM messages and email attachments. In fact, more than 1/4 of all computers in the world are infected by malware which makes them viable for botnet use. This thesis proposes, implements and presents the Self-healing framework that takes inspiration from the human immune system. The designed self-healing framework utilises the key characteristics and attributes of the nature’s immune system to reverse botnet infections. It employs its main components to heal the infected nodes. If the healing process was not successful for any reason, it immediately removes the infected node from the Enterprise’s network to a quarantined network to avoid any further botnet propagation and alert the Administrators for human intervention. The designed self-healing framework was tested and validated using different experiments and the results show that it efficiently heals the infected workstations in an Enterprise network.

Attack Strategies in Federated Learning for Regression Models : A Comparative Analysis with Classification Models

Leksell, Sofia

January 2024

Federated Learning (FL) has emerged as a promising approach for decentralized model training across multiple devices, while still preserving data privacy. Previous research has predominantly concentrated on classification tasks in FL settings, leaving  a noticeable gap in FL research specifically for regression models. This thesis addresses this gap by examining the vulnerabilities of Deep Neural Network (DNN) regression models within FL, with a specific emphasis on adversarial attacks. The primary objective is to examine the impact on model performance of two distinct adversarial attacks-output-flipping and random weights attacks. The investigation involves training FL models on three distinct data sets, engaging eight clients in the training process. The study varies the presence of malicious clients to understand how adversarial attacks influence model performance.  Results indicate that the output-flipping attack significantly decreases the model performance with involvement of at least two malicious clients. Meanwhile, the random weights attack demonstrates a substantial decrease even with just one malicious client out of the eight. It is crucial to note that this study's focus is on a theoretical level and does not explicitly account for real-world settings such as non-identically distributed (non-IID) settings,  extensive data sets, and a larger number of clients. In conclusion, this study contributes to the understanding of adversarial attacks in FL, specifically focusing on DNN regression models. The results highlights the importance of defending FL models against adversarial attacks, emphasizing the significance of future research in this domain.

Federated Learning

Adversarial Attacks

Regression

Classification

Computer Sciences

Datavetenskap (datalogi)

Attack Strategies in Federated Learning for Regression Models : A Comparative Analysis with Classification Models

Leksell, Sofia

January 2024

Federated Learning (FL) has emerged as a promising approach for decentralized model training across multiple devices, while still preserving data privacy. Previous research has predominantly concentrated on classification tasks in FL settings, leaving  a noticeable gap in FL research specifically for regression models. This thesis addresses this gap by examining the vulnerabilities of Deep Neural Network (DNN) regression models within FL, with a specific emphasis on adversarial attacks. The primary objective is to examine the impact on model performance of two distinct adversarial attacks-output-flipping and random weights attacks. The investigation involves training FL models on three distinct data sets, engaging eight clients in the training process. The study varies the presence of malicious clients to understand how adversarial attacks influence model performance.  Results indicate that the output-flipping attack significantly decreases the model performance with involvement of at least two malicious clients. Meanwhile, the random weights attack demonstrates a substantial decrease even with just one malicious client out of the eight. It is crucial to note that this study's focus is on a theoretical level and does not explicitly account for real-world settings such as non-identically distributed (non-IID) settings,  extensive data sets, and a larger number of clients. In conclusion, this study contributes to the understanding of adversarial attacks in FL, specifically focusing on DNN regression models. The results highlights the importance of defending FL models against adversarial attacks, emphasizing the significance of future research in this domain.

Federated Learning

Adversarial Attacks

Regression

Classification

Interaction Technologies

Interaktionsteknik

EVASIVE INTERNET PROTOCOL: END TO END PERFORMANCE

Maaz, Khan

23 June 2011

No description available.

Computer Science

Capabilities

internet

security

attacks, spoofing

DDoS

Evasive internet

Design of DPA-Resistant Integrated Circuits

Gohil, Nikhil N.

January 2017

No description available.

Engineering

Hardware Security

SDMLp

DPA

Side Channel Attacks