Tools and Technologies for Professional Offensive Cyber Operations

2013 ◽  
Vol 3 (3) ◽  
pp. 49-71 ◽  
Author(s):  
T. J. Grant
Keyword(s):  
Cyber Security ◽  
Computer Network ◽  
Canonical Model ◽  
Process Models ◽  
Cyber Attack ◽  
Analysis And Design ◽  
Structured Analysis ◽  
The Right ◽  
Computer Network Exploitation ◽  
Attack Process

Since 2008, several countries have published new national cyber security strategies that allow for the possibility of offensive cyber operations. Typically, national strategies call for the establishment of a cyber operations unit capable of computer network defence, exploitation, and, in some nations, attack. The cyber operations unit will be manned by professionals and operate under government authority compliant with national and international law. Our research focuses on offensive cyber operations (i.e. computer network exploitation and attack). The cyber unit must be provided with the right resources, in the form of accommodation, computing and networking infrastructure, tools and technologies, doctrine, and training. We contend that the open literature gives an unbalanced view of what tools and technologies a professional group needs because it emphasizes malware and, to a lesser extent, the delivery media used by cyber criminals. Hence, the purpose of this paper is to identify systematically the tools and technologies needed for professional, offensive cyber operations. A canonical model of the cyber attack process was obtained by rationally reconstructing a set of existing attack process models found in the literature. This canonical model was formalized using Structured Analysis and Design Technique (SADT) notation, in which processes are logically linked by inputs, outputs, controls, and mechanisms. A set of tools and technologies was extracted from the mechanisms. The canonical model and set of tools and technologies have been checked by subject matter experts.

Believing in Ghosts

2021 ◽  
Vol 2 (1) ◽  
pp. 48-69
Author(s):  
André Lopes ◽  
Keyword(s):  
Artificial Intelligence ◽  
Short Story ◽  
Government Policy ◽  
Cyber Security ◽  
Computer Network ◽  
Turing Test ◽  
Computer Skills ◽  
Presidential Candidate ◽  
Cyber Attack ◽  
Near Future

What does it mean to be alive? At what point does artificial intelligence know enough to be alive? Does the Turing test even matter? If we want the best government policy possible, does it matter if it comes from a computer? In this work of philosophical short story fiction, Rain is hired to do cyber-security for Presidential candidate Mr. Booker. There is a cyber-attack into Booker’s computer network and Rain is called to answer for the breach. In the process of digging into the data, Rain finds out that Booker is an actor, what is known in society as a “ghost,” and that all of the policy and speeches he has been given are being written by a sophisticated artificial intelligence using polling and other data. He says, literally, the perfect things at the perfect times, to the perfect audience. While artificial people, like news reporters, bloggers, actors, and influencers, are slowly becoming standard in this near future story, the idea of a politician being nothing more but an actor serving as a vessel for AI is unprecedented. Before Rain can decide what to do with her newfound information she is framed and is forced to use all her computer skills just to keep herself out of jail.

Network Security System Implementation Using Raspberry Pi-Based Random Port Knocking Sent Via Telegram

2018 ◽  
Vol 7 (2) ◽  
pp. 61-67
Author(s):  
Iga Revva Princiss Jeinever
Keyword(s):  
High Risk ◽  
Network Security ◽  
Computer Networks ◽  
Computer Network ◽  
Security System ◽  
Raspberry Pi ◽  
System Implementation ◽  
The Right ◽  
Network Administrators ◽  
Ip Block

Computer networks are basically not safe to access freely. Security gaps in the network can be seen by irresponsible people with various techniques. Opening a port for access carries a high risk of being attacked by an attacker. In this connection, network administrators are required to work more to be able to secure the computer network they manage. One form of network security that is often used by network administrators in server management is through remote login such as ports on telnet, SSH, etc. A port that is always open is a network security hole that can be used by people who are not responsible for logging into the server. Focusing on these problems, in this study, Random Port Knocking is the right way and can be used to increase network security. With Random Port Knocking, the port will be opened as needed, the port will automatically change when it fails to log in more than three times and IP will automatically be blocked and access will not continue so that attacks on the network can be avoided and network security stability can be further improved. The final result of this research shows that the method applied in this research makes server safe. Because port randomization and IP block make irresponsible parties try harder to penetrate firewall walls.

Design and Application of Urban Planning and Location System Based on GIS Technology

2017 ◽  
Vol 42 (3) ◽  
pp. 5-9
Author(s):  
Qinglin Luan ◽  
Li Zhang
Keyword(s):  
Urban Planning ◽  
Evaluation Method ◽  
Rapid Development ◽  
Gis Technology ◽  
Analysis And Design ◽  
Location System ◽  
Overall Design ◽  
Structured Analysis ◽  
Factor Evaluation ◽  
Economic Construction

Chinese cities are becoming larger and urbanization is accelerating with the rapid development of China's economic construction and formulation of planning objectives. Traditional manual management and information processing methods cannot satisfy the requirements of modern urban planning management. Thus, this study analyzes the application of geographic information system (GIS) in urban planning, starting with the characteristics of GIS technology. Structured analysis and design are conducted for urban planning and the location system. The software engineering approach is adopted throughout the entire process, from the survey to the overall design of the system and database. The evaluation factors of the pension facilities in Baohe, Hefei are extracted through the factor evaluation method, and the weight value is determined. The GIS analysis method is then used, and site suitability evaluation is performed on the Baohe district land layout. Results show that the application of urban planning and a location system based on GIS technology can provide the basis for urban planning.

SARCP - Exploiting Cyber-Attack Prediction Through Socially-Aware Recommendation

2022 ◽  
Vol 14 (1) ◽  
pp. 0-0
Keyword(s):  
Social Network ◽  
Real World ◽  
Cyber Security ◽  
Betweenness Centrality ◽  
Cyber Attacks ◽  
Experimental Results ◽  
Cyber Attack ◽  
Defence Mechanisms ◽  
Network Measure ◽  
Recommender Algorithm

In the domain of cyber security, the defence mechanisms of networks has traditionally been placed in a reactionary role. Cyber security professionals are therefore disadvantaged in a cyber-attack situation due to the fact that it is vital that they maneuver such attacks before the network is totally compromised. In this paper, we utilize the Betweenness Centrality network measure (social property) to discover possible cyber-attack paths and then employ computation of similar personality of nodes/users to generate predictions about possible attacks within the network. Our method proposes a social recommender algorithm called socially-aware recommendation of cyber-attack paths (SARCP), as an attack predictor in the cyber security defence domain. In a social network, SARCP exploits and delivers all possible paths which can result in cyber-attacks. Using a real-world dataset and relevant evaluation metrics, experimental results in the paper show that our proposed method is favorable and effective.

scholarly journals Object Oriented VS Structured Analysis and Design in System Development Courses

2019 ◽  
Vol 8 (6S3) ◽  
pp. 82-88
Keyword(s):  
System Analysis ◽  
Survey Methodology ◽  
System Development ◽  
Object Oriented ◽  
Analysis And Design ◽  
Institutions Of Higher Learning ◽  
Structured Analysis ◽  
The One ◽  
Structured Analysis And Design

Objectives: The main aim of this study was to investigate the factors that influence students’, academicians’, clients’, as well as developer’s preferences in choosing their preferred approach in system development, namely structured analysis design (SAD) or object-oriented analysis and design (OOAD). Methods: The research design was based on a survey methodology and a case study. For the survey, questionnaires were administered to 30 students and 38 academicians, who were randomly selected from several Malaysian universities. For the case study, the requirements of the information system were modeled and presented to several clients to elicit their feedback. The survey data were analyzed using SPSS Findings: The result shows that students preferred the use of OOAD approach, which clearly outnumbered those who preferred the SAD approach, which stood at 33%. Interestingly, the majority (53%) of academicians preferred the use of a mixture of both approaches. Likewise, the clients shared a similar view with the academicians, whereas the developer preferred the OOAD approach. Application/Improvements: Clearly, the findings suggest that both approaches are essential, but the one that is widely used by developers and preferred by students is OOAD, and thus should be given priority when it comes to structured analysis and design. As such, curriculum designers and institutions of higher learning, particularly those offering system analysis and design and related courses, should make the necessary changes to the existing curriculum such that the academic programs offered will be able to produce highly competent and skilled analysts and designers as required by the industry.

scholarly journals Cyber Attacks on Critical Infrastructure

2016 ◽  
pp. 448-465
Author(s):  
Ana Kovacevic ◽  
Dragana Nikolic
Keyword(s):  
Control Systems ◽  
Cyber Security ◽  
Critical Infrastructure ◽  
Cyber Attacks ◽  
Cyber Attack ◽  
Future Directions ◽  
Infrastructure Systems ◽  
Cyber Threats ◽  
Scada Systems ◽  
Insight Into

We are facing the expansion of cyber incidents, and they are becoming more severe. This results in the necessity to improve security, especially in the vulnerable field of critical infrastructure. One of the problems in the security of critical infrastructures is the level of awareness related to the effect of cyberattacks. The threat to critical infrastructure is real, so it is necessary to be aware of it and anticipate, predict, and prepare against a cyber attack. The main reason for the escalation of cyberattacks in the field of Critical Infrastructure (CI) may be that most control systems used for CI do not utilise propriety protocols and software anymore; they instead utilise standard solutions. As a result, critical infrastructure systems are more than ever before becoming vulnerable and exposed to cyber threats. It is important to get an insight into what attack types occur, as this may help direct cyber security efforts. In this chapter, the authors present vulnerabilities of SCADA systems against cyber attack, analyse and classify existing cyber attacks, and give future directions to achieve better security of SCADA systems.

scholarly journals Cubesat Antenna Analysis and Design: Are you using the right computational electromagnetic tool?

2021 ◽  
Vol 10 (2) ◽  
pp. 1-18
Author(s):  
I. Latachi ◽  
T. Rachidi ◽  
M. Karim
Keyword(s):  
Selection Process ◽  
Critical Role ◽  
Antenna System ◽  
Antenna Design ◽  
Design Processes ◽  
Analysis And Design ◽  
Trade Offs ◽  
Development Costs ◽  
Communication Links ◽  
The Right

Antenna systems play a critical role in establishing wireless communication links and sustaining remote sensing requirements for Cubesat applications. In addition to the usual antenna design requirements, Cubesat-based spacecrafts impose additional stringent constraints related to the on-board available space, power consumption and development costs. To develop optimal antenna prototypes while considering all these constraints and decrease trial and error related costs, computational electromagnetics (CEM) simulation tools are used. The accuracy of simulation results depends to a great extent on the choice of the appropriate CEM tool for the particular antenna problem to be analyzed; ergo, identifying and answering key questions about design objectives and requirements is necessary for informed decision-making throughout the selection and design processes. However, this could be quite challenging because of existing gaps both in the practitioners’ knowledge about different CEM tools capabilities, limitations, and design know-how. This is especially true for non-specialists such as students and academics involved in student driven Cubesat projects. Therefore, the rationale of this manuscript is to bridge those gaps and clarify some common misconception commonly encountered during the selection and design processes. In that regard, first, an overview of existing antenna configurations commonly used in Cubesat communications is provided. Next, antenna design general workflow is presented. Then, capabilities and limitations of different CEM solving methods are presented. After that, CEM software selection process trade-offs and possible sources of errors are discussed from a practical viewpoint. Finally, a case study of Masat-1 antenna system design is presented as practical example.

Sign in / Sign up

Export Citation Format

Share Document