AI-driven Techniques for Malware and Malicious Code Detection

Hou, Shifu

26 August 2022

No description available.

Computer Science

Towards An Enterprise Self-healing System against Botnets Attacks

Alhomoud, Adeeb M., Awan, Irfan U., Pagna Disso, Jules F.

05 1900

no / Protecting against cyber attacks is no longer a problem of organizations and home users only. Cyber security programs are now a priority of most governments. Cyber criminals have been using botnets to gain control over millions of computer, steel information and commit other malicious activities. In this paper we propose a self-healing architecture that was originally inspired from a nature paradigm and applied in the computer field. Our solution is designed to work within a network domain. We present the initial design of our solution based on the principles of self healing systems and the analysis of botnet behaviour. We discuss how to either neutralize or reverse (correct) their actions ensuring that network operations continue without disruption.

A Next Generation Approach to Combating Botnets

Alhomoud, Adeeb M., Awan, Irfan U., Pagna Disso, Jules F., Younas, M.

04 1900

no / As part of a defense-in-depth security solution for domain-controlled enterprise networks, a proposed self-healing system architecture is designed to increase resiliency against botnets with minimal disruption to network services.

A Study On API Security Pentesting

Asemi, Hadi

01 October 2023

Application Programming Interfaces (APIs) are essential in the digital realm as the bridge enabling seamless communication and collaboration between diverse software applications. Their significance lies in simplifying the integration of different systems, allowing them to work together effortlessly and share data. APIs are used in various applications, for example, healthcare, banks, authentication, etc. Ensuring the security of APIs is critical to ensure data security, privacy, and more. Therefore, the security of APIs is not only urgent but mandatory for pentesting APIs at every stage of development and to catch vulnerabilities early. The primary purpose of this research is to provide guidelines to help apply existing tools for reconnaissance and authentication pentesting. To achieve this goal, we first introduce the basics of API and OWASP's Top 10 API security vulnerabilities. Secondly, we propose deployable scripts developed for Ubuntu Debian Systems to install pentesting tools automatically. These scripts allow future students to participate in API security courses and conduct API security pentesting. API security pentesting, regarding reconnaissance and authentication, is discussed based on the configured system. For reconnaissance, passive and active approaches are introduced with different tools for authentication, including password-based authentication brute-forcing, one-time password (OTP) brute-forcing, and JSON web token brute force.

Cyber Security

API Pentesting

Cyber Tools

API

Ethical hacking

The social production of vulnerabilities online : A Tale about digitalised disaster

Nilsson, Emma

January 2023

This thesis aims to display how disastrous events in the cyber domain can be understood to have root causes attributed to non-technical vulnerabilities. The goal is to show the accelerating importance in understanding the cyber domain as any other societal arena. Further, the European Union and reports about the threat landscape from the European Union Agency for Cybersecurity will be analysed. Theoretical assumption from the field of disaster risk reduction about vulnerabilities will be used to understand how vulnerabilities are understood in the empirical material. The first report which was released in the year of 2012 and the most current one from the year of 2022 will be compared to understand patterns and correlations in the development during the last decade. The results shows that the reports have multiple features that can be interpreted as understanding of how events offline relate to threats online. Further the comparison shows that even if superficial factors and their appearance have changed, the underlying vulnerabilities have much in common.

Vulnerabilities

cyber security

disaster risk reduction

prevention

Political Science

Statsvetenskap

A proposed framework that enhances the quality of cyber security audits

Matsikidze, Hezel

23 March 2023

The need to protect information systems or assets remains crucial today. Innovations in technology have led to rapid developments and as technology continues to advance, so is the need to protect information systems. Amongst numerous effects of cyber-attacks on organizations, huge financial losses which in turn affect the economy have since been reported. Cyber security audits need to be strengthened to tighten the protection of information systems. The importance of cybersecurity audits is widely endorsed in literature. Nonetheless, frameworks used to audit cybersecurity are viewed as‘sometimes' weak links to cybersecurity due to their drawbacks in auditing cyber security. A review of literature indicated that cyber-attacks are more rampant in the African continent with the financial sector being the most targeted. Literature also highlighted that the use of relevant frameworks for auditing cyber security improves the quality and effectiveness of audits thereby enhancing cyber security. Studies in information systems have mostly looked at the adoption of frameworks, types of cyber threats and tools needed to audit. Nonetheless, it is important to note that few scholars have examined the applicability and effectiveness of the existing frameworks in auditing cyber security. Furthermore, previous studies emphasize on enhancing cyber security without a particular focus on auditing cyber security including assessing the role of the auditor during the process. As a result, this study looked at cyber security from an auditing perspective with a particular focus on the strengths and weaknesses of the current frameworks that are being used to audit cyber security including. The study also looked at the factors that enhance the effectiveness of cyber security audits. The study draws from different theories, literature and from the strengths and drawbacks of existing frameworks to create an explanatory model. To statistically test and evaluate the model, a quantitative research approach was employed to collect, analyze, and interpret data from South Africa. Data was collected using a questionnaire which was distributed to IT auditors and cyber security professionals from the Information Systems Audit and Control Association (ISACA) South African chapter members. The National Institute of Standards and Technology (NIST) cyber security framework was found to be the widely adopted framework followed by the International Organization for Standardization (ISO) standards, with the Control Objectives for Information Technologies (COBIT) being the least employed framework. The COBIT framework was found to be more aligned to Information Technology governance rather than cyber security. Furthermore, results of this study indicate that effectiveness of cyber security audits is dependent upon competencies of auditors including their ethics and integrity. Results further indicate that frameworks used for auditing are effective to some extent if properly implemented. A proper alignment of an auditor's competencies which include ethics and integrity, and an adoption of a relevant framework will result in effective cyber security audits that reduce the risks of cyber-attacks. Concerning the contribution to practice, results from this study can help organizations to determine and review focus areas of cyber security auditing that they need to emphasize and develop on. Furthermore, the developed model can be used by auditors to develop an audit plan and conduct audits that are effective in identifying, protecting, detecting, preventing, and recovering information systems or assets. The methodological, theoretical, and practical contributions are further discussed in this thesis along with limitations, recommendations, and areas for future research.

Cyber security

Frameworks

IT auditing

Information assets

Information systems

The Effects of Inhibitory Control and Perceptual Attention on Cyber Security

Pearson, Ed

03 May 2019

This dissertation recommends research to investigate the effects inhibitory control and perceptual attention have on the cyber security decision-making process. Understanding the effects that inhibitory control and perceptual attention have on the security decision- making process will allow for better defenses to be developed against social engineering and phishing. A survey and review of previous research in the area of Human Computer- Interaction and Security is presented. An experiment is performed to evaluate inhibitory control, which is composed of prepotent response inhibition, resistance to distractor interference, and resistance to proactive interference (PI). Additionally, the experiment evaluates perceptual attention and the security decision-making process.

information security

security icons

cyber security knowledge

security indicators

Open-Source Testbed to Evaluate the Cybersecurity of Phasor Measurement Units

Zimmermann, Markus Kenneth

22 June 2022

The Phasor Measurement Unit provides clear data for ease of grid visibility. A major component of the device is the Global Positioning System (GPS) for time synchronization across the board. However, this device has become more susceptible to cyber-attacks such as spoofing. This paper constructs an opensource testbed for the playback of PMU data and testing of cyberattacks on PMUs. Using a local GPS device to simulate what is done in the PMU, MATLAB for data conversion, and Linux operating system running on Ubuntu, the simulator can be constructed. The spoofing attack is done by adding a phase shift of the incoming data to simulate that the data is coming from a different time stamp and shifts between the original. Finally, it is all brought together by viewing the output in an open source Phasor Data Concentrator (PDC) to validate the process. / Master of Science / To monitor the bulk electrical grid, devices used to calculate at what level the grid is at and what point in time as well. These devices that are called Phasor Measurement Units and send this data to the control center for engineers to process and make decisions. Within each device is a Global Positioning System (GPS) to tell which device is sending data and at what time. The GPS device is what is susceptible to be entered by malicious individuals. To better prepare and prevent this, a testbed would be a good solution to test if the preventative measure works. However, the best of the best costs too much money, so the next best solution is an open source test bed that could be implemented anyway. The work in this paper constructs an opensource testbed and simulates a full GPS spoofing attack.

Phasor Measurement Unit (PMU)

Cyber-security

GPS Spoofing

Mining Security Risks from Massive Datasets

Liu, Fang

09 August 2017

Cyber security risk has been a problem ever since the appearance of telecommunication and electronic computers. In the recent 30 years, researchers have developed various tools to protect the confidentiality, integrity, and availability of data and programs. However, new challenges are emerging as the amount of data grows rapidly in the big data era. On one hand, attacks are becoming stealthier by concealing their behaviors in massive datasets. One the other hand, it is becoming more and more difficult for existing tools to handle massive datasets with various data types. This thesis presents the attempts to address the challenges and solve different security problems by mining security risks from massive datasets. The attempts are in three aspects: detecting security risks in the enterprise environment, prioritizing security risks of mobile apps and measuring the impact of security risks between websites and mobile apps. First, the thesis presents a framework to detect data leakage in very large content. The framework can be deployed on cloud for enterprise and preserve the privacy of sensitive data. Second, the thesis prioritizes the inter-app communication risks in large-scale Android apps by designing new distributed inter-app communication linking algorithm and performing nearest-neighbor risk analysis. Third, the thesis measures the impact of deep link hijacking risk, which is one type of inter-app communication risks, on 1 million websites and 160 thousand mobile apps. The measurement reveals the failure of Google's attempts to improve the security of deep links. / Ph. D. / Cyber security risk has been a problem ever since the appearance of telecommunication and electronic computers. In the recent 30 years, researchers have developed various tools to prevent sensitive data from being accessed by unauthorized users, protect program and data from being changed by attackers, and make sure program and data to be available whenever needed. However, new challenges are emerging as the amount of data grows rapidly in the big data era. On one hand, attacks are becoming stealthier by concealing their attack behaviors in massive datasets. On the other hand, it is becoming more and more difficult for existing tools to handle massive datasets with various data types. This thesis presents the attempts to address the challenges and solve different security problems by mining security risks from massive datasets. The attempts are in three aspects: detecting security risks in the enterprise environment where massive datasets are involved, prioritizing security risks of mobile apps to make sure the high-risk apps being analyzed first and measuring the impact of security risks within the communication between websites and mobile apps. First, the thesis presents a framework to detect sensitive data leakage in enterprise environment from very large content. The framework can be deployed on cloud for enterprise and avoid the sensitive data being accessed by the semi-honest cloud at the same time. Second, the thesis prioritizes the inter-app communication risks in large-scale Android apps by designing new distributed inter-app communication linking algorithm and performing nearest-neighbor risk analysis. The algorithm runs on a cluster to speed up the computation. The analysis leverages each app’s communication context with all the other apps to prioritize the inter-app communication risks. Third, the thesis measures the impact of mobile deep link hijacking risk on 1 million websites and 160 thousand mobile apps. Mobile deep link hijacking happens when a user clicks a link, which is supposed to be opened by one app but being hijacked by another malicious app. Mobile deep link hijacking is one type of inter-app communication risks between mobile browser and apps. The measurement reveals the failure of Google’s attempts to improve the security of mobile deep links.

Cyber Security

Big Data Security

Mobile Security

Data Leakage Detection

Cyber Risk Perception and Risk Prioritization Among Cyber Security Professionals

Naenfeldt, Christine

January 2024

Cyber security is a fast-paced field, and it is important to understand what factors might drive the cyber professionals’ perception of risk when prioritizing risks. While gender differences have been previously observed in risk perception of cyber risks among non-professionals, this thesis will also look at years of experience as another aspect. The purpose of this thesis is to explore the subjective risk perception and risk prioritization among cyber security professionals. It seeks to study their risk perception and prioritization when they are assessing two specific risks on a risk assessment scale (risk matrix) even if the risks are assigned the same risk score. In this thesis, two specific types of risks (Social Engineering and System Intrusion) have been chosen for the risk descriptions, due to their common nature of cyber-attacks. To answer the thesis’ formulated questions, a quantitative study in the form of a questionnaire has been distributed to cyber security professionals (n=70) through professional networking channels. The results in this thesis revealed no significant relationship between risk prioritization and gender, nor between risk prioritization and years of experience. Risk perception was measured by the method of Walpole and Wilson (2021). For three of the four subscales (Affect, Exposure, Susceptibility) the cyber professionals perceived Risk A (Social Engineering) as statistically significantly higher than Risk B (System Intrusion). The results also showed that for both women and men, Risk A was perceived statistically significantly higher/larger than Risk B. There are some results in this thesis that align with previous research, however some are also indicating opposing findings. Traditionally, risk perception studies have focused on non-experts, and it is important to further explore the risk perception among professionals within a field since risk perception in general and in cyber security could be influenced by knowledge, expertise, and experience.

cyber security

risk perception

Other Engineering and Technologies

Annan teknik