scholarly journals Mathematical Study of Advanced Persistent Threat (APT) Hunting Techniques

2020 ◽  
pp. 1-24
Author(s):  
Argyrios Alexopoulos ◽  
Nicholas J. Daras
Keyword(s):  
Cyber Attacks ◽  
Nation State ◽  
Cyber Attack ◽  
Mathematical Study ◽  
Cyber Defense ◽  
Modus Operandi ◽  
Protection Measures ◽  
Advanced Persistent Threat ◽  
Rigorous Description ◽  
Cyber Kill Chain

The paper documents, based mainly on [3]-[6] published papers where a consistent mathematical description of cyberspace and various types of Cyber-Attacks and protection measures are presented, a holistic mathematical approach to a rigorous description of Advanced Persistent Threat (APT) actors’ modus operandi through various scenarios and Cyber Kill Chain stages [2]. After referring [6] to the various elements of Cyber-Attacks we propose some techniques (via 5 scenarios) of tracking the modus operandi of the most sophisticated and non-linear cyber actors, the Advanced Persistent Threat actors that are usually nation-state or nation-state backed and usually stay undetected for an extended time in later stages of Cyber Kill Chain in defenders’ networks. Keywords: Valuation of cyber assets, vulnerability of cyber assets, node supervision, sophistication of an attack germ of cyber-attack, cyber defense, proactive cyber protection, Advanced Persistent Threat (APT) actors, Indication of Compromise (IOC), Tactics, Techniques and Procedures (TTPs).

scholarly journals Strengthening Multistakeholder Integrated through Shared Responsibility in the face of Cyber Attacks Threat

2020 ◽  
Vol 4 (1) ◽  
pp. 63-74
Author(s):  
Dararida Fandra Mahira ◽  
Dwi Suci Rohmahwatin ◽  
Nabila Dian Suciningtyas
Keyword(s):  
Virtual Worlds ◽  
Cyber Attacks ◽  
Shared Responsibility ◽  
Internet Technology ◽  
Cyber Attack ◽  
Security Strategy ◽  
Cyber Defense ◽  
Resistance System ◽  
The Face ◽  
Hazard Sources

The development of the Internet can increase the threat to the country's roughness in cyberspace. Cybersecurity is required as protection of virtual worlds from hazard sources. Cyber defense is also required as a form of an effort to maintain cybersecurity or cyberspace. The development of Internet technology is a new challenge for defense and security strategy that must be owned by the country. Based on these facts and issues, Indonesia needs an integrated and synergistic cyber-resistance system to realize national resilience and security in the face of cyber attack threats. This research uses the normative juridical method. This research is expected to improve the cyber resistance system in Indonesia.

scholarly journals Security Risk Analysis of Active Distribution Networks with Large-Scale Controllable Loads under Malicious Attacks

Complexity ◽  
2021 ◽  
Vol 2021 ◽  
pp. 1-12
Author(s):  
Jiaqi Liang ◽  
Yibei Wu ◽  
Jun’e Li ◽  
Xiong Chen ◽  
Heqin Tong ◽  
...  
Keyword(s):  
Large Scale ◽  
Distribution Networks ◽  
Cyber Attacks ◽  
Stable Operation ◽  
Cyber Attack ◽  
Distributed Energy ◽  
Protection Measures ◽  
Attack Model ◽  
The Impact ◽  
Active Distribution Networks

With the development of distributed networks, the remote controllability of the distributed energy objects and the vulnerability of user-side information security protection measures make distributed energy objects extremely vulnerable to malicious control by attackers. Hence, the large-scale loads may produce abnormal operation performance, such as load casting/dropping synchronously or frequent and synchronous casting and dropping, and hence, it can threaten the security and stable operation of the distribution networks. First, we analyze the security threats faced by industrial controllable load, civil controllable load, and the gains and losses of attacks on the distribution networks. Considering the factors of cyber attacks, we propose a control model and cyber attack model in active distribution networks (ADNs). And, three types of attacks that the target suffered are defined on the basis of “on” and “off” modes for control. Then, the controllable load was maliciously controlled as the research object, and a suitable scenario is selected. The impact of malicious control of the controllable load on the power supply reliability and power quality of the distribution networks are simulated and analyzed, and risk consequences for different types of attacks are provided.

scholarly journals Entropy-Based Evaluation of DNS Activity for Threat Hunting

2021 ◽  
pp. 25-31
Author(s):  
Argyrios (Argi) Alexopoulos
Keyword(s):  
Anomaly Detection ◽  
Mathematical Description ◽  
Cyber Attacks ◽  
Mathematical Approach ◽  
Domain Name System ◽  
Domain Name ◽  
Protection Measures ◽  
Advanced Persistent Threat ◽  
Cyber Threat ◽  
High Level

The paper documents, based mainly on published papers where a consistent mathematical description of cyberspace and various types of Cyber-Attacks and protection measures are presented, a mathematical approach for Cyber Threat Hunting using Domain Name System (DNS) observations. After referring to the various Advanced Persistent Threat (APT) hunting techniques we propose a high level, mainly, entropy-based technique for detecting the existence of various threat vectors in our networks, demystifying DNS Anomalies. Keywords: Domain Name System (DNS), Advanced Persistent Threat (APT) actors, Entropy, Anomaly Detection.

scholarly journals Railway Defender Kill Chain to Predict and Detect Cyber-Attacks

2020 ◽  
pp. 47-90 ◽  
Author(s):  
Ravdeep Kour ◽  
Adithya Thaduri ◽  
Ramin Karim
Keyword(s):  
Open System ◽  
System Architecture ◽  
Early Stage ◽  
Cyber Attacks ◽  
Chain Model ◽  
Cyber Attack ◽  
Industrial Control ◽  
Intrusion Prevention ◽  
Railway System ◽  
Cyber Kill Chain

Most organizations focus on intrusion prevention technologies, with less emphasis on prediction and detection. This research looks at prediction and detection in the railway industry. It uses an extended cyber kill chain (CKC) model and an industrial control system (ICS) cyber kill chain for detection and proposes predictive technologies that will help railway organizations predict and recover from cyber-attacks. The extended CKC model consists of both internal and external cyber kill chain; breaking the chain at an early stage will help the defender stop the adversary’s malicious actions. This research incorporates an OSA (open system architecture) for railways with the railway cybersecurity OSA-CBM (open system architecture for condition-based maintenance) architecture. The railway cybersecurity OSACBM architecture consists of eight layers; cybersecurity information moves from the initial level of data acquisition to data processing, data analysis, incident detection, incident assessment, incident prognostics, decision support, and visualization. The main objective of the research is to predict, prevent, detect, and respond to cyber-attacks early in the CKC by using defensive controls called the Railway Defender Kill Chain (RDKC). The contributions of the research are as follows. First, it adapts and modifies the railway cybersecurity OSA-CBM architecture for railways. Second, it adapts the cyber kill chain model for the railway. Third, it introduces the Railway Defender Kill Chain. Fourth, it presents examples of cyber-attack scenarios in the railway system.

Cyber Attack Detection of I&C Systems in NPPS Based on Physical Process Data

2016 ◽  
Author(s):  
Jianghai Li ◽  
Xiaojin Huang
Keyword(s):  
Control Systems ◽  
Physical Process ◽  
Cyber Security ◽  
Attack Detection ◽  
Cyber Attacks ◽  
Information Networks ◽  
Cyber Attack ◽  
Process Data ◽  
Cyber Defense ◽  
Multiple Variables

The cyber security problem is posing new challenges to the current safety analysis of nuclear power plants. Historically, analogue control systems in the absence of interactive communications are immune to cyber-attacks; however, digital control systems with extensive interconnection of reprogrammable components are intensely vulnerable to cyber-attacks which shed light on the significance and urgency of the cyber security. The current cyber security approaches, which merely focus on information networks, have not given multi-faceted considerations to instrumentation and control (I&C) systems. The cyber-attack on I&C systems may lead to more severe consequences, including the abnormal change of parameters, the malfunction of equipment, and even the accident condition. The existing cyber security approaches for information networks, such as firewalls, encryption, can enhance the cyber security of I&C systems, but are often insufficient in addressing challenges associate with the I&C systems which link cyber space and physical systems. The defense approach based on physical information should be developed to meet the emerging challenges. In this paper, we propose the cyber-physical security (CPS) approach based on the physical process data for the cyber defense. This approach does not intend to replace current cyber defense mechanisms. It could be served as the last barrier for security defense. The goal of the CPS defense approach is to detect attacks at the beginning of the occurrence of physical process anomalies cause by cyber-attacks. A practical implementation of the CPS approach is proposed and its influence on the existing infrastructure is discussed. The statistical analysis techniques are utilized on physical process data for attack detection. The method of dynamic principal component analysis (dynamic PCA) is employed to characterize the correlation of multiple variables in the normal operational condition. In the abnormal operational occurrence, the chi-square detector is able to distinguish adversarial cyber-attacks from ordinary random failures.

The invisible hole of information on SMB's cybersecurity

2019 ◽  
Vol 7 (1) ◽  
pp. 14-26
Author(s):  
Ruti Gafni ◽  
Tal Pavel
Keyword(s):  
Mass Communication ◽  
Cyber Attacks ◽  
Communication Media ◽  
Specific Information ◽  
Exploratory Research ◽  
Cyber Attack ◽  
Public Attention ◽  
Cyber Threats ◽  
Accessible Information ◽  
Types Of Information

Small and Medium Businesses (SMB) use Internet and computer-based tools in their daily processes, sometimes without being aware to the cyber threats, or without knowing how to be prepared in case of a cyber-attack, although they are a major target for cyber-attacks. Specific information about cybersecurity needed by SMBs, in order to cope with cyber threats, is not always available or easily accessible. In this study, a vast search of different types of information about SMBs’ cybersecurity was performed, in order to find whether a hole of accessible information exists in this area. This exploratory research covered general mass communication media channels, technological and professional cybersecurity websites, and academic journals, and found that indeed very few studies, articles and news items were published in this matter. Leveraging knowledge and awareness, diminishing the shame for reporting cyber-attacks, and increasing mass communication media interest and public attention, may be activities to cover this “invisible hole”.

The Structure of Cyber Attacks

2020 ◽  
Vol 9 (1) ◽  
pp. 43-52
Author(s):  
Silviu-Elian MITRĂ
Keyword(s):  
Mode Of Action ◽  
Cyber Attacks ◽  
Cyber Attack ◽  
Computer Viruses ◽  
Unique Mode ◽  
External Sources

The objective of this portfolio is to ensure a good understanding of the topic of the complex and unique mode of action of cyber attacks, as well as the study of the ways in which they occur. The content of this portfolio includes from the beginning of computer viruses to the specific modern mechanisms of cyber attack undertaken by cybercriminals in order to cause detriment, but also theft or damage to certain information. Furthermore, this paper also provides essential aspects regarding the protection methods that users must undertake so that they can prevent and at the same time face these dangers specific to our age. In the elaboration of this study, there were used both personal methods, by applying my own knowledge accumulated through the study, and accessing external sources containing information necessary to complete the insufficiently analyzed problems. In essence, the elaboration of this study ensured the coverage of all relevant domains and aspects that are based on the structure and conception of cyber attacks, as well as in the manner provided by their action and manifestation.

Building a Cybersecurity Culture in the Industrial Control System Environment

2019 ◽  
Vol 8 (1) ◽  
pp. 39-44
Author(s):  
Claudia ARAUJO MACEDO ◽  
Jos MENTING
Keyword(s):  
Control System ◽  
Control Systems ◽  
Cyber Attacks ◽  
Cyber Attack ◽  
Industrial Control System ◽  
Security Measures ◽  
Industrial Control ◽  
Industrial Control Systems ◽  
System A ◽  
Educational Processes

Cybersecurity in industrial control system environments has become a significant concern and is even more relevant in the context of critical infrastructures where control system disruption could have a profound impact on health, safety and the environment. This makes this type of system a major target for malicious activities. Notwithstanding an organization’s interest in protecting its industrial control systems against cyber-attacks, the implementation of security measures, whether technical, organizational or human, still faces resistance and is often seen as a constraint. Using the best technology to protect industrial control systems makes no sense if persons with access do not act attentively and protectively. Technical and human cybersecurity measures are intrinsically linked, and it is essential that all persons with access to these systems are fully aware of the inherent cyber risks. Organizations must also act so that staff receive appropriate training on how to keep systems continuously protected against cyber-attack when carrying out their daily tasks. These educational processes can contribute to building an effective cybersecurity culture fully reflective of management and staff attitudes, so that the availability, integrity and confidentiality of information in industrial control systems can be assured.

SARCP - Exploiting Cyber-Attack Prediction Through Socially-Aware Recommendation

2022 ◽  
Vol 14 (1) ◽  
pp. 0-0
Keyword(s):  
Social Network ◽  
Real World ◽  
Cyber Security ◽  
Betweenness Centrality ◽  
Cyber Attacks ◽  
Experimental Results ◽  
Cyber Attack ◽  
Defence Mechanisms ◽  
Network Measure ◽  
Recommender Algorithm

In the domain of cyber security, the defence mechanisms of networks has traditionally been placed in a reactionary role. Cyber security professionals are therefore disadvantaged in a cyber-attack situation due to the fact that it is vital that they maneuver such attacks before the network is totally compromised. In this paper, we utilize the Betweenness Centrality network measure (social property) to discover possible cyber-attack paths and then employ computation of similar personality of nodes/users to generate predictions about possible attacks within the network. Our method proposes a social recommender algorithm called socially-aware recommendation of cyber-attack paths (SARCP), as an attack predictor in the cyber security defence domain. In a social network, SARCP exploits and delivers all possible paths which can result in cyber-attacks. Using a real-world dataset and relevant evaluation metrics, experimental results in the paper show that our proposed method is favorable and effective.

Comparing Single Tier and Three Tier Infrastructure Designs against DDoS Attacks

2017 ◽  
Vol 7 (3) ◽  
pp. 59-75 ◽  
Author(s):  
Akashdeep Bhardwaj ◽  
Sam Goundar
Keyword(s):  
Data Center ◽  
Denial Of Service ◽  
Cyber Attacks ◽  
Cyber Attack ◽  
Ddos Attacks ◽  
Design Data ◽  
Application Performance ◽  
Server Virtualization ◽  
Security Officers ◽  
Cloud Environments

With the rise in cyber-attacks on cloud environments like Brute Force, Malware or Distributed Denial of Service attacks, information security officers and data center administrators have a monumental task on hand. Organizations design data center and service delivery with the aim of catering to maximize device provisioning & availability, improve application performance, ensure better server virtualization and end up securing data centers using security solutions at internet edge protection level. These security solutions prove to be largely inadequate in times of a DDoS cyber-attack. In this paper, traditional data center design is reviewed and compared to the proposed three tier data center. The resilience to withstand against DDoS attacks is measured for Real User Monitoring parameters, compared for the two infrastructure designs and the data is validated using T-Test.

Sign in / Sign up

Export Citation Format

Share Document