Design and Development of Intelligent Security Management Systems: Threat Detection and Response in Cyber-based Infrastructures

Yahya Javed (11792741)

19 December 2021

<div>Cyber-based infrastructures and systems serve as the operational backbone of many industries and resilience of such systems against cyber-attacks is of paramount importance. As the complexity and scale of the Cyber-based Systems (CBSs) has increased many folds over the years, the attack surface has also been widened, making CBSs more vulnerable to cyber-attacks. This dissertation addresses the challenges in post intrusion security management operations of threat detection and threat response in the networks connecting CBSs. In threat detection, the increase in scale of cyber networks and the rise in sophistication of cyber-attacks has introduced several challenges. The primary challenge is the requirement to detect complex multi-stage cyber-attacks in realtime by processing the immense amount of traffic produced by present-day networks. In threat response, the issue of delay in responding to cyber-attacks and the functional interdependencies among different systems of CBS has been observed to have catastrophic effects, as a cyber attack that compromises one constituent system of a CBS can quickly disseminate to others. This can result in a cascade effect that can impair the operability of the entire CBS. To address the challenges in threat detection, this dissertation proposes PRISM, a hierarchical threat detection architecture that uses a novel attacker behavior model-based sampling technique to minimize the realtime traffic processing overhead. PRISM has a unique multi-layered architecture that monitors network traffic distributedly to provide efficiency in processing and modularity in design. PRISM employs a Hidden Markov Model-based prediction mechanism to identify multi-stage attacks and ascertain the attack progression for a proactive response. Furthermore, PRISM introduces a stream management procedure that rectifies the issue of alert reordering when collected from distributed alert reporting systems. To address the challenges in threat response, this dissertation presents TRAP, a novel threat response and recovery architecture that localizes the cyber-attack in a timely manner, and simultaneously recovers the affected system functionality. The dissertation presents comprehensive performance evaluation of PRISM and TRAP through extensive experimentation, and shows their effectiveness in identifying threats and responding to them while achieving all of their design objectives.</div>

Computer Engineering

Security Architecture

threat detection

threat response

sampling algorithms

Distributed computing

prediction models

cyber situation awareness

Proactive responses

System recovery

African American Women Middle Managers’ Stories of Stereotype Threat and Leadership Aspirations

Ashley, Rockell Chandler

01 January 2019

Even with the rise of racial diversity in the workplace, African American women remain underrepresented in upper management and organizational leadership positions, making up only 1% of U.S. corporate officers. The purpose of this qualitative narrative inquiry study was to explore the daily experiences of African American women middle managers in regard to stereotype threat and the effect of these experiences on their engagement with leadership aspirations. The narrative inquiry method was used to address this gap and answer the research question, through storytelling from African American women in middle-management positions. This study was framed by 2 key concepts that focus on minority group workplace experiences with stereotype threat and the implications of these experiences on minority group members for their engagement with leadership aspirations: Inzlicht and Kang’s concept of stereotype threat spillover and Major, Spencer, Schmader, Wolfe, and Crocker’s concept of psychological disengagement. The data-gathering process involved semistructured telephone interviews with 7 college-educated African American women, in U.S.-based organizations, in which participants told the story of their stereotype threat experiences in middle management roles. Two of the 5 key themes uncovered were impact of stereotype threat spillover and disengagement from leadership and career aspirations. The information gathered from the narrative study will help drive social change by bringing awareness to the issue and reducing threat experiences of disadvantaged groups across organizations.

Black women in Management

Challenges facing Black women

psychological disengagement

stereotype threat

stereotype threat spillover

Stereotyping of Black women

African American Studies

Organizational Behavior and Theory

The Impact of a Mindful State on Ego-Salience and Self-Control

Goodman, Robert J.

21 May 2009

No description available.

Psychology

Social Psychology

mindfulness

self-regulation

ego-depletion

ego-salience

self-relevant cognition

meditation

self

social threat

negative feedback

ego-threat

CYBERWAR - Det virtuella kriget

Jusufovic, Almin

January 2014

Syftet med denna uppsats är bland annat att utforskabegreppet cyber-war. Cyber-attacker utgör stora hot mot infrastrukturen,datorstyrda system och nätverksbaserade tjänster, enligt tidigare forskning. Menhur hotfulla är dessa attacker egentligen? Ska vi frukta att framtida krig blirvirtuella? Kan en ond grupp av människor med några rader av kod få kontroll övervår nation? För att få en bättre förståelse och för att kunna svara på frågorna, harjag med hjälp av tidigare publicerade publikationer gjort en litteraturanalys.Analysen bygger på sammanställning och jämförelse av åtta olika publikationer.Enligt forskningen så tyder tecken på att cyber-war kan vara ett framtida hot. / The purpose of this paper is to explore the concept of cyber-war. Cyber-attacks pose major threats to infrastructure, computer systems and network-based services, according to previous research. But how threatening are these attacks? Should we fear that future wars will be virtual? Can a group of people with a few lines of code get control of our nation? To get a better understanding and be able to answer these questions, I have used previously published publications and have made a literature analysis. The analysis is based on a compilation and comparison of eight different publications. According to the research, cyber-war may be a future threat.

Cyber-war

Cyber-threat

Cyber-attack

Cyber-terrorism

Virtuella Attacker

Cyber krig

Virtuellt krig

Cyber war

Cyber threat

Cyber terrorism

Engineering and Technology

Teknik och teknologier

Vilken svensk säkerhet? : En kvalitativ studie av Försvarsberedningens rapporter utifrån Köpenhamnsskolans teori om ett vidgat säkerhetbegrepp

Jonsson, Rickard

January 2016

Given the armed conflict in Ukraine, the terrorist attacks in Paris and elsewhere in Europe and the pressing issue of climate change one could argue that there are no longer room for just one sector in security studies. Based on Barry Buzan, Ole Wæver and Jaap de Wilde’s theory of securitization the aim of this paper is to study whether the Swedish Defense Committee perceive threats in any sectors other than the traditional military sector in its two reports or not and therefore also if the Defense Committee has adapted the wider security concept; and if so answer the question of what other sectors the Committee put forward in the reports. The aim is also to compare the findings in the two reports with each other to point out similarities and differences the Defense Committee’s perception of threats. The method used in this paper was an intense qualitative content analysis where the author manually examined the two reports to find indications on what kind of threats was present in the reports and how they were presented. The result of the study shows that all sectors with the exception of the societal sector in the Copenhagen School were present in the reports. An additional result of the study was that there were many similarities and differences in the reports; one similarity being that Russia was perceived as a threat in both reports while one distinction was the only in the latest report were a global financial crisis perceived as a threat.

Copenhagen School

Securitization

Sweden

Defense Committee

Threat

Perception

Köpenhamnsskolan

Säkerhetisering

Sverige

Försvarsberedningen

Hotuppfattning

Hotbilder och dess utmanare : De mediala opinionsbildarnas filtrering av hotbilder och maktutövande i den svenska Nato-debatten

Sigfrid, Olof

January 2016

This study examines perceptions of threats and the actors in the Swedish Nato-debate. The particular sequence of debate which is investigated took place in Swedish media during the summer of 2015. The objects examined in this study are the actors involved in the debate and the perceptions of threats formed by these actors. Lack of knowledge regarding how debates are formed by actors, through their perceptions of threats, makes us unable to fully comprehend how and why these perceptions are formed. This lack of knowledge makes us unable to evaluate the debate beyond the claims of the participating actors. This study seeks to explain how perceptions of threats in the chosen debate-sequence were formed through filtration. Theory considering filtration of perceived threats states that the actors forming perceived threats does this through psychological-, bureaucratic-, political- and medial processes. Actors and their perceived threats can also exercise power. Whether the actors and their discourses have exercised power in the Swedish Nato-debate is examined through a relational- and productive power perspective. Results show that the participating actors examined, scientists, journalists and politicians, have all formed perceived threats through different forms of filtration, and all actors have in some way exercised relational or productive power in the debate.

Threat perception

filtration of perceived threats

Nato

Swedish Nato-debate

relational and productive power.

Effects of trait anxiety and cognitive appraisals on emotional reactions to psychological and physical stressors

Abdullatif, Qutayba

01 January 2006

This study investigated the effects of individual differences in trait anxiety on cognitive appraisals and emotional reactions to stressful situations. Specifically, the effects of trait anxiety on the evaluation of psychological and physical threats to well-being were examined in relation to state-anxiety. To accomplish this goal, a proposed model consisting of elements from the Lazarus and Folkman Stress and Coping Model (1984) and Spielberger's State Trait distinctions is presented. To our knowledge, this is the first proposed model to attempt to combine trait anxiety, primary and secondary appraisals, and state anxiety and to utilize path analytic models in assessing empirical and theoretical fit. Results from mean comparisons indicate that participants reacted with higher elevations of S-anxiety in the psychological threat condition as compared to the physical threat condition. This finding is significant and unique since this is the first study that examines the differential effect of the type of stressor on the mediated path between T-anxiety and S-anxiety. Additional analyses indicated that T-Anxiety also influenced primary and secondary cognitive appraisals and participants with higher T-Anxiety demonstrated higher levels of primary appraisals and lower levels of secondary appraisals.

Stress reactions

Psychological threat

Physical danger

Coping

Model

American Studies

Arts and Humanities

The Construction of Immigrants´ Identity in the EU : A Foucauldian discourse analysis of EU common migration policy

Lebedeva, Alexandra, Lopez, Mercedes

January 2014

The aim of the study is to analyse the discursive construction of the immigrants‟ identity within the EU‟s common migration policy. More specifically, this study seeks to identify what discourses are constituted within the EU, and how these discourses are constructed. Moreover, the study efforts to understand what consequences these discourses may have to the identity of immigrants. In order to achieve the aim of the study, a number of policy documents and agreements have been analysed. This analysis is implemented by applying a social constructivist approach, based on the notion about ethnic identities, securitisation theory, discourse theory and the theoretical concepts of Eurocentrism and Europeanisation. The methodological approach applied to the analysis is the Foucauldian genealogical discourse analysis.The conclusion of the study is that the EU, through its policy documents, has contributed to the construction of the following discourses: identity discourse, threat discourse and power discourse. Consequently, the analysis showed that these discourses may affect the image of immigrants negatively. The strengthening of “we” and “them” identities is emphasised through categorisation of immigrants, integration provisions, and through managing security and migration questions together.

discourse

Eurocentrism

European Union

Foucault

identity

migration

power

securitization

social constructivism

threat

policy

Riksdagspartiers konstruktioner av flyktingfrågan : En kritisk diskursanalys med fokus på säkerhet i relation till flyktingmottagande

Markgren, Sarah

January 2015

Sweden has traditionally been portrayed as a tolerant and generous country in terms of its migration policy. In conjunction with the increased flow of refugees in 2015 this image of Sweden has slowly but surely come to be questioned. Swedish political parties have raised concerns over the increased number of asylum seekers, and stressed the social, political and economic implications it may have for the Swedish society. This essay examines how Swedish political parties frame the refugee issue, and how these frames can be understood from a security lens. The following questions have been examined; How do Swedish parlamentary parties frame the refugee issue? To what extent is the refugee issue securitized in the Swedish context? What consequences can securitization of the refugee issue have for Swedish citizens’ attitudes to the welcoming of refugees? Two complementary methods are used to analyze the material. In the first step, Faircloughs critical discourse analysis uncover Swedish parliamentary parties frames of the refugee issue. In the second step, the securitization theory is applied in order to relate these refugee portrayals to security. Four central refugee discourses are identified in the material, following are; solidarity, responsibility, identity and expenditures. The essay argues that the refugee issue tends to be framed as a security threat of parties on the right wing of the political spectrum. Parties such as the Moderate Party and the Sweden Democrats have securitized the refugee issue. These parties frame the issue in terms of expenditures and identity, which follow a security rhetoric. The remaining parties show a great concern on the issue, but put emphasis on solidarity and responsibility. Successful securitization has thus not taken place among these parties.

Sweden

migration policy

refugee

framing

securitization

critical discourse analysis

security threat

Socio-technical analysis of system-of-systems using responsibility modelling

Greenwood, David

January 2012

Society is challenging systems engineers by demanding increasingly complex and integrated IT systems (Northrop et al., 2006; RAE, 2004) e.g. integrated enterprise resource planning systems, integrated healthcare systems and business critical services provisioned using cloud based resources. These types of IT system are often systems-of-systems (SoS). That is to say they are composed of multiple systems that are operated and managed by independent parties and are distributed across multiple organisational boundaries, geographies or legal jurisdictions (Maier, 1998). SoS are notorious for becoming problematic due to interconnected technical and social issues. Practitioners claim that they are ill equipped to deal with the sociotechnical challenges posed by system-of-systems. One of these challenges is to identify the socio-technical threats associated with building, operating and managing systems whose parts are distributed across organisational boundaries. Another is how to troubleshoot these systems when they exhibit undesirable behaviour. This thesis aims to provide a modelling abstraction and an extensible technique that enables practitioners to identify socio-technical threats prior to implementation and troubleshoot SoS post-implementation. This thesis evaluates existing modelling abstractions for their suitability to represent SoS and suggests that an agent-responsibility based modelling abstraction may provide a practical and scalable way of representing SoS for socio-technical threat identification and troubleshooting. The practicality and scalability of the abstraction is explored through the use of case studies that motivate the extension of existing responsibility-based techniques so that new classes of system (coalitions-of-systems) and new classes of threat (agent-related threats) may be analysed. This thesis concludes that the notion of ‘responsibility' is a promising abstraction for representing and analysing systems that are composed of parts that are independently managed and maintained by agents spanning multiple organisational boundaries e.g. systems-of-systems, enterprise-scale systems.

004.21