Search results for: cyber threats

Authors: Azene Zenebe

Abstract:

Deep learning is a subset of machine learning which incorporates techniques for the construction of artificial neural networks and found to be useful for modeling complex problems with large dataset. Deep learning requires a very high power computational and longer time for training. By aggregating computing power, high performance computer (HPC) has emerged as an approach to resolving advanced problems and performing data-driven research activities. Cyber threat intelligence (CIT) is actionable information or insight an organization or individual uses to understand the threats that have, will, or are currently targeting the organization. Results of review of literature will be presented along with results of experimental study that compares the performance of tree-based and function-base machine learning including deep learning algorithms using secondary dataset collected from darknet.

Keywords: deep-learning, cyber security, cyber threat modeling, tree-based machine learning, function-based machine learning, data science

Procedia PDF Downloads 127

Authors: Nasir Baba Ahmed, Nicolas Daclin, Marc Olivaux, Gilles Dusserre

Abstract:

The Mobile field hospital is critical in terms of managing emergencies in crisis. It is a sub-section of the main hospitals and the health sector, tasked with delivering responsive, immediate, and efficient medical services during a crisis. With the aim to prevent further crisis, the assessment of the cyber assets follows different methods, to distinguish its strengths and weaknesses, and in turn achieve cyber resiliency. The work focuses on assessments of cyber resilience in field hospitals with trends growing in both the field hospital and the health sector in general. This creates opportunities for the adverse attackers and the response improvement objectives for attaining cyber resilience, as the assessments allow users and stakeholders to know the level of risks with regards to its cyber assets. Thus, the purpose is to show the possible threat vectors which open up opportunities, with contrast to current trends in the assessment of the mobile field hospitals’ cyber assets.

Keywords: assessment framework, cyber resilience, cyber security, mobile field hospital

Procedia PDF Downloads 136

Authors: Nesrin Demir, Betül Demirbağ

Abstract:

In recent years, the type and content of bullying in schools changes together with technological development. Many studies attribute bullying movement to virtual platform to the widespread use of social media and internet. The main goal of this research is to determine if there is a correlation between subjective well-being as a popular conception of Positive Psychology and being cyber bully/victim. For this purpose, 287 students from various public high schools in Malatya have reached. As assessment tool, Cyber Bully/Victim Scale and Self Well Being Scale for Adolescents were used. Results were discussed in the relevant literature.

Keywords: cyber bully, cyber victim, school counseling, subjective well-being

Procedia PDF Downloads 392

Authors: Richard McGregor, Carmen Reaiche, Stephen Boyle

Abstract:

Cyber threats are a relatively recent phenomenon and offer cyber insurers a dynamic and intelligent peril. As individuals en mass become increasingly digitally dependent, Personal Cyber Insurance (PCI) offers an attractive option to mitigate cyber risk at a personal level. This abstract proposes a literature review that conceptualises a framework for siting Personal Cyber Insurance (PCI) within the context of cyberspace. The lack of empirical research within this domain demonstrates an immediate need to define the scope of PCI to allow cyber insurers to understand personal cyber risk threats and vectors, customer awareness, capabilities, and their associated needs. Additionally, this will allow cyber insurers to conceptualise appropriate frameworks allowing effective management and distribution of PCI products and services within a landscape often in-congruent with risk attributes commonly associated with traditional personal line insurance products. Cyberspace has provided significant improvement to the quality of social connectivity and productivity during past decades and allowed enormous capability uplift of information sharing and communication between people and communities. Conversely, personal digital dependency furnish ample opportunities for adverse cyber events such as data breaches and cyber-attacksthus introducing a continuous and insidious threat of omnipresent cyber risk–particularly since the advent of the COVID-19 pandemic and wide-spread adoption of ‘work-from-home’ practices. Recognition of escalating inter-dependencies, vulnerabilities and inadequate personal cyber behaviours have prompted efforts by businesses and individuals alike to investigate strategies and tactics to mitigate cyber risk – of which cyber insurance is a viable, cost-effective option. It is argued that, ceteris parabus, the nature of cyberspace intrinsically provides characteristic peculiarities that pose significant and bespoke challenges to cyber insurers, often in-congruent with risk attributes commonly associated with traditional personal line insurance products. These challenges include (inter alia) a paucity of historical claim/loss data for underwriting and pricing purposes, interdependencies of cyber architecture promoting high correlation of cyber risk, difficulties in evaluating cyber risk, intangibility of risk assets (such as data, reputation), lack of standardisation across the industry, high and undetermined tail risks, and moral hazard among others. This study proposes a thematic overview of the literature deemed necessary to conceptualise the challenges to issuing personal cyber coverage. There is an evident absence of empirical research appertaining to PCI and the design of operational business models for this business domain, especially qualitative initiatives that (1) attempt to define the scope of the peril, (2) secure an understanding of the needs of both cyber insurer and customer, and (3) to identify elements pivotal to effective management and profitable distribution of PCI - leading to an argument proposed by the author that postulates that the traditional general insurance customer journey and business model are ill-suited for the lineaments of cyberspace. The findings of the review confirm significant gaps in contemporary research within the domain of personal cyber insurance.

Keywords: cyberspace, personal cyber risk, personal cyber insurance, customer journey, business model

Procedia PDF Downloads 80

Authors: Li Qiang, Yang Ze-Ming, Liu Bao-Xu, Jiang Zheng-Wei

Abstract:

With the increasing complexity of cyberspace security, the cyber-attack attribution has become an important challenge of the security protection systems. The difficult points of cyber-attack attribution were forced on the problems of huge data handling and key data missing. According to this situation, this paper presented a reasoning method of cyber-attack attribution based on threat intelligence. The method utilizes the intrusion kill chain model and Bayesian network to build attack chain and evidence chain of cyber-attack on threat intelligence platform through data calculation, analysis and reasoning. Then, we used a number of cyber-attack events which we have observed and analyzed to test the reasoning method and demo system, the result of testing indicates that the reasoning method can provide certain help in cyber-attack attribution.

Keywords: reasoning, Bayesian networks, cyber-attack attribution, Kill Chain, threat intelligence

Procedia PDF Downloads 416

Authors: Rafat Rob, Khaled Alotaibi, Dana Nour, Abdullah Albadrani, Abdulmohsen Mulhim

Abstract:

Power systems digitization solutions provides a comprehensive smart, cohesive, interconnected network, extensive connectivity between digital assets, physical power plants, and resources to form digital economies. However, digitization has exposed the classical air gapped power plants to the rapid spread of cyber threats and attacks in the process delaying and forcing many organizations to rethink their cyber security policies and standards before they can augment their operation the new advanced digital devices. Cyber Security requirements for power systems (and industry control systems therein) demand a new approach, unique methodology, and design process that is completely different to Cyber Security measures designed for the IT systems. In practice, Cyber Security strategy, as applied to power systems, tends to be closely aligned to those measures applied for IT system purposes. The differentiator for Cyber Security in terms of power systems are the physical assets and applications used, alongside the ever-growing rate of expansion within the industry controls sector (in comparison to the relatively saturated growth observed for corporate IT systems). These factors increase the magnitude of the cyber security risk within such systems. The introduction of smart devices and sensors along the grid initiate vulnerable entry points to the systems. Every installed Smart Meter is a target; the way these devices communicate with each other may instigate a Denial of Service (DoS) and Distributed Denial of Service (DDoS) attack. Attacking one sensor or meter has the potential to propagate itself throughout the power grid reaching the IT network, where it may manifest itself as a malware infiltration.

Keywords: supply chain, cybersecurity, maturity model, risk, smart grid

Procedia PDF Downloads 83

Authors: Nihar Bheda

Abstract:

Protecting digital assets such as networks, systems, and data from advanced cyber threats is the aim of Digital Immunity Systems (DIS), which are a subset of cybersecurity. With features like continuous monitoring, coordinated reactions, and long-term adaptation, DIS seeks to mimic biological immunity. This minimizes downtime by automatically identifying and eliminating threats. Traditional security measures, such as firewalls and antivirus software, are insufficient for enterprises, such as healthcare providers, given the rapid evolution of cyber threats. The number of medical record breaches that have occurred in recent years is proof that attackers are finding healthcare data to be an increasingly valuable target. However, obstacles to enhancing security include outdated systems, financial limitations, and a lack of knowledge. DIS is an advancement in cyber defenses designed specifically for healthcare settings. Protection akin to an "immune system" is produced by core capabilities such as anomaly detection, access controls, and policy enforcement. Coordination of responses across IT infrastructure to contain attacks is made possible by automation and orchestration. Massive amounts of data are analyzed by AI and machine learning to find new threats. After an incident, self-healing enables services to resume quickly. The implementation of DIS is consistent with the healthcare industry's urgent requirement for resilient data security in light of evolving risks and strict guidelines. With resilient systems, it can help organizations lower business risk, minimize the effects of breaches, and preserve patient care continuity. DIS will be essential for protecting a variety of environments, including cloud computing and the Internet of medical devices, as healthcare providers quickly adopt new technologies. DIS lowers traditional security overhead for IT departments and offers automated protection, even though it requires an initial investment. In the near future, DIS may prove to be essential for small clinics, blood banks, imaging centers, large hospitals, and other healthcare organizations. Cyber resilience can become attainable for the whole healthcare ecosystem with customized DIS implementations.

Keywords: digital immunity system, cybersecurity, healthcare data, emerging technology

Procedia PDF Downloads 38

Authors: James Kaweesa

Abstract:

The Internet of Things (IoT) has become a critical component of modern technology, enabling the connection of numerous devices to the internet. The interconnected nature of IoT devices, along with their heterogeneous and resource-constrained nature, makes them vulnerable to various types of attacks, such as malware, denial-of-service attacks, and network scanning. Intrusion Detection Systems (IDSs) are a key mechanism for protecting IoT networks and from attacks by identifying and alerting administrators to suspicious activities. In this review, the paper will discuss the different types of IDSs available for IoT systems and evaluate their effectiveness in detecting and preventing attacks. Also, examine the various evaluation methods used to assess the performance of IDSs and the challenges associated with evaluating them in IoT environments. The review will highlight the need for effective and efficient IDSs that can cope with the unique characteristics of IoT networks, including their heterogeneity, dynamic topology, and resource constraints. The paper will conclude by indicating where further research is needed to develop IDSs that can address these challenges and effectively protect IoT systems from cyber threats.

Keywords: cyber-threats, iot, intrusion detection system, networks

Procedia PDF Downloads 56

Authors: Mojtaba Fayaz, Richard Hallal

Abstract:

This study examines the various types of dangers that our virtual environment is vulnerable to, including how it can be attacked and how to avoid/secure our data. The terrain of cyberspace is never completely safe, and Covid- 19 has added to the confusion, necessitating daily periodic checks and evaluations. Cybercriminals have been able to enact with greater skill and undertake more conspicuous and sophisticated attacks while keeping a higher level of finesse by operating from home. Different types of cyberattacks, such as operation-based attacks, authentication-based attacks, and software-based attacks, are constantly evolving, but research suggests that software-based threats, such as Ransomware, are becoming more popular, with attacks expected to increase by 93 percent by 2020. The effectiveness of cyber frameworks has shifted dramatically as the pandemic has forced work and private life to become intertwined, destabilising security overall and creating a new front of cyber protection for security analysis and personal. The high-rise formats in which cybercrimes are carried out, as well as the types of cybercrimes that exist, such as phishing, identity theft, malware, and DDoS attacks, have created a new front of cyber protection for security analysis and personal safety. The overall strategy for 2022 will be the introduction of frameworks that address many of the issues associated with offsite working, as well as education that provides better information about commercialised software that does not provide the highest level of security for home users, allowing businesses to plan better security around their systems.

Keywords: cyber security, authentication, software, hardware, malware, COVID-19, threat actors, awareness, home users, confidentiality, integrity, availability, attacks

Procedia PDF Downloads 95

Authors: Uche A. Nnawulezi

Abstract:

The evolving global environment has as of late seen formative difficulties bordering on cyber crime and its attendant effects. This paper looks at what constitutes an offense of cyber crime under the tenets of International Law as no nation can lay bona-fide claim in managing cyber crime as a criminal phenomenon. Therefore, there has been a plethora of ideological, conceptual and mental propositions of policies aimed at domesticating cyber crimes – an international crime. These policies were as a result of parochial consideration and social foundations which negate the spirit of internationally accepted procedures. The study also noted that the non-domestication of cyber crime laws by most countries has led to an increase in cyber crimes and its attendant effects have remained unabated. The author has pointed out emerging international rules as a panacea for a sustainable cyber crime-free society. The paper relied on documentary evidence and hence scooped much of the data from secondary sources such as text books, journals, articles and periodicals and more so, opinion papers, emanating from international criminal court. It concludes that the necessary recommendations made in this paper, if fully adopted, shall go a long way in maintaining a cyber crime-free society. Ultimately, the domestic and international law mechanisms capable of dealing with cyber crime offenses should be expanded and be made proactive in order to deal with the demands of modern day challenges.

Keywords: criminology, cyber crime, domestic law, international law

Procedia PDF Downloads 166

Authors: Spyridon Plakoudas

Abstract:

After the capture of Al-Raqqah and the defeat of the short-lived Islamic Caliphate in 2017, everyone predicted the end of ISIS. However, ISIS proved far more resilient than initially thought. The militant group quickly regrouped from its defeat and started a low-intensity guerrilla campaign in central Iraq (near Kirkuk and Mosul) and north-eastern Syria (near Deir ez-Zorr). At the same time, ISIS doubled down on its cyber-campaign; actually, ISIS is as active on the cyber-domain as during the peak of its power in 2015. This paper, a spin-off paper from a co-authored book on the Syrian Civil War (due to be published by Rowman and Littlefield), intends to examine how ISIS operates in the cyber-domain and how this "Cyber-Caliphate" under re-construction is associated with its post-2017 strategy. This paper will draw on the discipline of War Studies (with an emphasis on Cyber-Security and Insurgency / Counter-Insurgency) and will benefit from the insights of interviewed experts on the field (e.g., Hassan Hasssan). This paper will explain how the successful operation of ISIS in the cyber-space preserves the myth of the “caliphate” amongst its worldwide followers (against the odds) and sustains the group’s ongoing insurgency in Syria and Iraq; in addition, this paper will suggest how this cyber-threat can be countered best.

Keywords: ISIS, cyber-jihad, Syrian Civil War, cyber-terrorism, insurgency and counter-insurgency

Procedia PDF Downloads 102

Authors: Auwal Nata'ala

Abstract:

The Information and Communication Technology (ICT) has had impacts in almost every area human endeavor. From business, industries, banks to none profit organizations. ICT has simplified business process such as sorting, summarizing, coding, updating and generating a report in a real-time processing mode. However, the use of these ICT facilities such as computer and internet has also brought unintended consequences of criminal activities such as spamming, credit card frauds, ATM frauds, phishing, identity theft, denial of services and other related cyber crimes. This study sought to examined cyber-crime and its impact on the banking institution in Nigeria. It also examined the existing policy framework and assessed the success of the institutional countermeasures in combating cyber crime in the banking industry. This paper X-ray’s cyber crimes, policies issues and provides insight from a Nigeria perspective.

Keywords: cyber crimes, e-banking, policies, ICT

Procedia PDF Downloads 390

Authors: Yatin Wadhawan, Clifford Neuman, Anas Al Majali

Abstract:

In this paper, we evaluate the resilience of the smart grid system in the presence of multiple cyber-physical attacks on its distinct functional components. We discuss attack-defense scenarios and their effect on smart grid resilience. Through contingency simulations in the Network and PowerWorld Simulator, we analyze multiple cyber-physical attacks that propagate from the cyber domain to power systems and discuss how such attacks destabilize the underlying power grid. The analysis of such simulations helps system administrators develop more resilient systems and improves the response of the system in the presence of cyber-physical attacks.

Keywords: smart grid, gas pipeline, cyber- physical attack, security, resilience

Procedia PDF Downloads 284

Authors: Kitty Kioskli, Theofanis Fotis, Nineta Polemi

Abstract:

The European Union (EU) directive Artificial Intelligence (AI) Act in Article 9 requires that risk management of AI systems includes both technical and human oversight, while according to NIST_AI_RFM (Appendix C) and ENISA AI Framework recommendations, claim that further research is needed to understand the current limitations of social threats and human-AI interaction. AI threats within social contexts significantly affect the security and trustworthiness of the AI systems; they are interrelated and trigger technical threats as well. For example, lack of explainability (e.g. the complexity of models can be challenging for stakeholders to grasp) leads to misunderstandings, biases, and erroneous decisions. Which in turn impact the privacy, security, accountability of the AI systems. Based on the NIST four fundamental criteria for explainability it can also classify the explainability threats into four (4) sub-categories: a) Lack of supporting evidence: AI systems must provide supporting evidence or reasons for all their outputs. b) Lack of Understandability: Explanations offered by systems should be comprehensible to individual users. c) Lack of Accuracy: The provided explanation should accurately represent the system's process of generating outputs. d) Out of scope: The system should only function within its designated conditions or when it possesses sufficient confidence in its outputs. Biases may also stem from historical data reflecting undesired behaviors. When present in the data, biases can permeate the models trained on them, thereby influencing the security and trustworthiness of the of AI systems. Social related AI threats are recognized by various initiatives (e.g., EU Ethics Guidelines for Trustworthy AI), standards (e.g. ISO/IEC TR 24368:2022 on AI ethical concerns, ISO/IEC AWI 42105 on guidance for human oversight of AI systems) and EU legislation (e.g. the General Data Protection Regulation 2016/679, the NIS 2 Directive 2022/2555, the Directive on the Resilience of Critical Entities 2022/2557, the EU AI Act, the Cyber Resilience Act). Measuring social threats, estimating the risks to AI systems associated to these threats and mitigating them is a research challenge. In this paper it will present the efforts of two European Commission Projects (FAITH and THEMIS) from the HorizonEurope programme that analyse the social threats by building cyber-social exercises in order to study human behaviour, traits, cognitive ability, personality, attitudes, interests, and other socio-technical profile characteristics. The research in these projects also include the development of measurements and scales (psychometrics) for human-related vulnerabilities that can be used in estimating more realistically the vulnerability severity, enhancing the CVSS4.0 measurement.

Keywords: social threats, artificial Intelligence, mitigation, social experiment

Procedia PDF Downloads 36

Authors: Katie Wood

Abstract:

Cyber criminals are constantly on the lookout for new opportunities to exploit organisation and cause destruction. This could lead to significant cause of economic loss for organisations in the form of destruction in finances, reputation and even the overall survival of the organization. Additionally, this leads to serious consequences on national security. The threat of possible cyber attacks places further pressure on organisations to ensure they are secure, at a time where international scale cyber attacks have occurred in a range of sectors. Stakeholders are wanting confidence that their data is protected. This is only achievable if a business fosters a resilient supply chain strategy which is implemented throughout its supply chain by having a strong cyber leadership culture. This paper will discuss the essential role and need for organisations to adopt a cyber leadership culture and direction to learn about own internal processes to ensure mitigating systemic vulnerability of its supply chains. This paper outlines that to protect national security there is an urgent need for cyber awareness culture change. This is required in all organisations, regardless of their sector or size, to implementation throughout the whole supplier chain to support and protect economic prosperity to make the UK more resilient to cyber-attacks. Through businesses understanding the supply chain and risk management cycle of their own operates has to be the starting point to ensure effective cyber migration strategies.

Keywords: cyber leadership, cyber migration strategies, resilient supply chain strategy, cybersecurity

Procedia PDF Downloads 211

Authors: M. Sandhya, R. M. Madhumitha, Sharmila Sankar

Abstract:

Interoperable medical devices (IMDs) face threats due to the increased attack surface accessible by interoperability and the corresponding infrastructure. Initiating networking and coordination functionalities primarily modify medical systems' security properties. Understanding the threats is a vital first step in ultimately crafting security solutions for such systems. The key to this problem is coming up with some common types of threats or attacks with those of security and privacy, and providing this information as a roadmap. This paper analyses the security issues in interoperability of devices and presents the main types of threats that have to be considered to build a secured system.

Keywords: interoperability, threats, attacks, medical devices

Procedia PDF Downloads 308

Authors: Anastasios Papathanasiou, George Liontos, Athanasios Katsouras, Vasiliki Liagkou, Euripides Glavas

Abstract:

Email remains a crucial communication tool due to its efficiency, accessibility and cost-effectiveness, enabling rapid information exchange across global networks. However, the global adoption of email has also made it a prime target for cyber threats, including phishing, malware and Business Email Compromise (BEC) attacks, which exploit its integral role in personal and professional realms in order to perform fraud and data breaches. To combat these threats, this research advocates for a multi-layered defense strategy incorporating advanced technological tools such as anti-spam and anti-malware software, machine learning algorithms and authentication protocols. Moreover, we developed an artificial intelligence model specifically designed to analyze email headers and assess their security status. This AI-driven model examines various components of email headers, such as "From" addresses, ‘Received’ paths and the integrity of SPF, DKIM and DMARC records. Upon analysis, it generates comprehensive reports that indicate whether an email is likely to be malicious or benign. This capability empowers users to identify potentially dangerous emails promptly, enhancing their ability to avoid phishing attacks, malware infections and other cyber threats.

Keywords: email security, artificial intelligence, header analysis, threat detection, phishing, DMARC, DKIM, SPF, ai model

Procedia PDF Downloads 19

Authors: Jonathan W. Z. Lim, Vrizlynn L. L. Thing

Abstract:

Cybercrimes are on the rise, in part due to technological advancements, as well as increased avenues of exploitation. Sophisticated threat actors are leveraging on such advancements to execute their malicious intentions. The increase in cybercrimes is prevalent, and it seems unlikely that they can be easily eradicated. A more serious concern is that the community may come to accept the notion that this will become the trend. As such, the key question revolves around how we can reduce cybercrime in this evolving landscape. In our paper, we propose to build a systematic framework through the lens of a cyber threat actor. We explore the motivation factors behind the crimes and the crime stages of the threat actors. We then formulate intervention plans so as to discourage the act of committing malicious cyber activities and also aim to integrate ex-cyber offenders back into society.

Keywords: crime motivations, crime prevention, cybercrime, ex-cyber criminals

Procedia PDF Downloads 114

Authors: Eke Chidi Idi

Abstract:

School violence is a global phenomenon that affects one of the core institutions of modern society to some degree across many countries, and on a global scale. Within this context, this study explores the impact of parental control on perpetrators of cyber bullying as a form of school-based violence in high schools in uMgungundlovu district of KwaZulu-Natal province in South Africa. Insights for this study were drawn from 18 in-depth interviews and two (2) focus group forums. The key themes that emerged from the findings include: (1) Parents are ignorant of their children involvement in cyber-crimes (2) Parents cannot adequately monitor what their children do on their cell phones (3) Female learners are the most affected as victims of cyber-crime.

Keywords: school, violence, parental control, cyber bullying

Procedia PDF Downloads 133

Authors: Marianne Lumacang, Jessarine Dultra, Joana Fenol

Abstract:

Filipinos are known to be conservative, sex or pornography is not discussed openly in the Philippines, topic of sex, when raised, will most likely elicit snickers, jokes, and blushes in most Filipino or expressions of disgust. However, a lot of Filipinos are still engaging into this kind of activity for some reasons. The study aims to determine young adult’s point of view about cyber pornography viewing, as well as their reasons for engagement, and its effects on them and their relationship with their partner. Interpretative Phenomenological Analysis was used to explore how young adults make sense of cyber pornography viewing. The study focused on Filipino young adults who are in a romantic or married relationship, engage in cyber pornography viewing, and currently residing in Cavite, Philippines. A total of four young adult couples, four females and four males participated in the study as research participants. Data gathered from a total of four young adult couples resulted to a total of nine superordinate themes focusing on (1) exploring young adult couple’s rationales for cyber pornography viewing, (2) experiences of positive effects in engaging to cyber pornography viewing, (3) experiences of negative effects in engaging to cyber pornography viewing, (4) experience of infidelity, (5) experience of necessity, (6) females perception about cyber pornography viewing towards self, (7) males perception about cyber pornography viewing towards self, (8) males perception about cyber pornography viewing towards romantic partner, and (9) males perception about cyber pornography viewing towards others.

Keywords: cyberpornography, Filipino, interpretative phenomenological analysis, making sense of cyberpornography, young adult

Procedia PDF Downloads 292

Authors: Brian Connett, Bryan O'Halloran

Abstract:

Systems assets within critical infrastructures were seemingly safe from the exploitation or attack by nefarious cyberspace actors. Now, critical infrastructure is a target and the resources to exploit the cyber physical systems exist. These resources are characterized in terms of patience, stealth, replication-ability and extraordinary robustness. System owners are obligated to maintain a high level of protection measures. The difficulty lies in knowing when to fortify a critical infrastructure against an impending attack. Models currently exist that demonstrate the value of knowing the attacker’s capabilities in the cyber realm and the strength of the target. The shortcomings of these models are that they are not designed to respond to the inherent fast timing of an attack, an impetus that can be derived based on open-source reporting, common knowledge of exploits of and the physical architecture of the infrastructure. A useful model will inform systems owners how to align infrastructure architecture in a manner that is responsive to the capability, willingness and timing of the attacker. This research group has used an existing theoretical model for estimating parameters, and through analysis, to develop a decision tool for would-be target owners. The continuation of the research develops further this model by estimating the variable parameters. Understanding these parameter estimations will uniquely position the decision maker to posture having revealed the vulnerabilities of an attacker’s, persistence and stealth. This research explores different approaches to improve on current attacker-defender models that focus on cyber threats. An existing foundational model takes the point of view of an attacker who must decide what cyber resource to use and when to use it to exploit a system vulnerability. It is valuable for estimating parameters for the model, and through analysis, develop a decision tool for would-be target owners.

Keywords: critical infrastructure, cyber physical systems, modeling, exploitation

Procedia PDF Downloads 170

Authors: Suleman Ibrahim

Abstract:

Purpose: The research is seeking people's perceptions on cybercrime issues, rather than their knowledge of the facts. Unlike the Tripartite Cybercrime Framework (TCF), the binary models are ill-equipped to differentiate between cyber fraud (a socioeconomic crime) and cyber bullying or cyber stalking (psychosocial cybercrimes). Whilst the binary categories suggested that digital crimes are dichotomized: (i.e. cyber-enabled and cyber-dependent), the TCF, recently proposed, argued that cybercrimes can be conceptualized into three groups: socioeconomic, psychosocial and geopolitical. Concomitantly, as regards to the experience/perceptions of cybercrime, the TCF’s claim requires substantiation beyond its theoretical realm. Approach/Methodology: This scholar endeavor framed with the TCF, deploys a survey method to explore the experience of cybercrime across gender. Drawing from over 400 participants in the UK, this study aimed to contrast the differential perceptions/experiences of socioeconomic cybercrime (e.g. cyber fraud) and psychological cybercrime (e.g. cyber bullying and cyber stalking) across gender. Findings: The results revealed that cyber stalking was rated as least serious of the different digital crime categories. Further revealed that female participants judged all types of cybercrimes as more serious than male participants, with the exception of socioeconomic cybercrime – cyber fraud. This distinction helps to emphasize that gender cultures and nuances not only apply both online and offline, it emphasized the utilitarian value of the TCF. Originality: Unlike existing data, this study has contrasted the differential perceptions and experience of socioeconomic and psychosocial cybercrimes with more refined variables.

Keywords: gender variations, psychosocial cybercrime, socioeconomic cybercrime, tripartite cybercrime framework

Procedia PDF Downloads 361

Authors: Mastoor Qubra

Abstract:

Cyber-attacks have frequently disrupted the critical infrastructures of the major global states and now, cyber threat has become one of the dire security risks for the states across the globe. Recently, ransomware cyber-attacks, wannacry and petya, have affected hundreds of thousands of computer servers and individuals’ private machines in more than hundred countries across Europe, Middle East, Asia, United States and Australia. Although, states are rapidly becoming aware of the destructive nature of this new security threat and counter measures are being taken but states’ isolated efforts would be inadequate to deal with this heinous security challenge, rather a global coordination and cooperation is inevitable in order to develop a credible cyber deterrence policy. Hence, the paper focuses that coordinated global approach is required to deter posed cyber threat. This paper intends to analyze the cyber security counter measures in four dimensions i.e. evaluation of prevalent strategies at bilateral level, initiatives and limitations for cooperation at global level, obstacles to combat cyber terrorism and finally, recommendations to deter the threat by applying tools of deterrence theory. Firstly, it focuses on states’ efforts to combat the cyber threat and in this regard, US-Australia Cyber Security Dialogue is comprehensively illustrated and investigated. Secondly, global partnerships and strategic and analytic role of multinational organizations, particularly United Nations (UN), to deal with the heinous threat, is critically analyzed and flaws are highlighted, for instance; less significance of cyber laws within international law as compared to other conflict prone issues. In addition to this, there are certain obstacles and limitations at national, regional and global level to implement the cyber terrorism counter strategies which are presented in the third section. Lastly, by underlining the gaps and grey areas in the current cyber security counter measures, it aims to apply tools of deterrence theory, i.e. defense, attribution and retaliation, in the cyber realm to contribute towards formulating a credible cyber deterrence strategy at global level. Thus, this study is significant in understanding and determining the inevitable necessity of counter cyber terrorism strategies.

Keywords: attribution, critical infrastructure, cyber terrorism, global cooperation

Procedia PDF Downloads 245

Authors: Kitty Kioskli, Nineta Polemi

Abstract:

Evaluating the levels of cyber-security risks within an enterprise is most important in protecting its information system, services and all its digital assets against security incidents (e.g. accidents, malicious acts, massive cyber-attacks). The existing risk assessment methodologies (e.g. eBIOS, OCTAVE, CRAMM, NIST-800) adopt a technical approach considering as attack factors only the capability, intention and target of the attacker, and not paying attention to the attacker’s psychological profile and personality traits. In this paper, a socio-technical approach is proposed in cyber risk assessment, in order to achieve more realistic risk estimates by considering the personality traits of the attackers. In particular, based upon principles from investigative psychology and behavioural science, a multi-dimensional, extended, quantifiable model for an attacker’s profile is developed, which becomes an additional factor in the cyber risk level calculation.

Keywords: attacker, behavioural models, cyber risk assessment, cybersecurity, human factors, investigative psychology, ISO27001, ISO27005

Procedia PDF Downloads 133

Authors: Abdoulaye Diop, Nahid Emad, Thierry Winter, Mohamed Hilia

Abstract:

Data assets protection is a crucial issue in the cybersecurity field. Companies use logical access control tools to vault their information assets and protect them against external threats, but they lack solutions to counter insider threats. Nowadays, insider threats are the most significant concern of security analysts. They are mainly individuals with legitimate access to companies information systems, which use their rights with malicious intents. In several fields, behavior anomaly detection is the method used by cyber specialists to counter the threats of user malicious activities effectively. In this paper, we present the step toward the construction of a user and entity behavior analysis framework by proposing a behavior anomaly detection model. This model combines machine learning classification techniques and graph-based methods, relying on linear algebra and parallel computing techniques. We show the utility of an ensemble learning approach in this context. We present some detection methods tests results on an representative access control dataset. The use of some explored classifiers gives results up to 99% of accuracy.

Keywords: cybersecurity, data protection, access control, insider threat, user behavior analysis, ensemble learning, high performance computing

Procedia PDF Downloads 103

Authors: Rabia Qusien

Abstract:

New media has emerged as a significant force in the society which connects people across the globe. Where new media brought many advantages for its users, there is a darker aspect of new technology in the form of cyberbullying. Researcher has employed survey method to reach to its targeted audience. Sample of 604 respondents was selected from one of metropolitan city of Pakistan Lahore to collect the data. Equal sample from both genders was selected to apply gender analysis. Results of this study indicate that cyber bullying is having significant psychological and educational effects. Females face more cyber bullying incidents as compared to males so they face more severe effects of cyber bullying. A comprehensive analysis of managing strategies depicts that mostly youth tries to handle this issue personally but at times they seek the support of their family and friends when they face severe issues. Due to privacy concerns females get more upset and they are more likely to seek social support from friends and family.

Keywords: cyber bullying, cyber victims, educational impacts, psychological impacts

Procedia PDF Downloads 117

Authors: Emhemed Shaklawoon, Ibrahim Althomali

Abstract:

We propose that we identify different defense mechanisms that were used before the introduction of the cloud and compare if their protection mechanisms are still valuable and to what degree. Note that in order to defend against vulnerability, we must know how this vulnerability is abused in an attack. Only then, we will be able to recognize if it is easier or harder to defend against cyber attacks.

Keywords: cloud computing, privacy, cyber attacks, defend the cloud

Procedia PDF Downloads 398

Authors: M. Şimşek

Abstract:

Rapidly changing factors that affect daily life also affect operational environment and the way military leaders fulfill their missions. With the help of technological developments, traditional linearity of conflict and war has started to fade away. Furthermore, mission domain has broadened to include traditional threats, hybrid threats and new challenges of cyber and space. Considering the future operational environment, future military leaders need to adapt themselves to the new challenges of the future battlefield. But how to decide what kind of features of leadership are required to operate and accomplish mission in the new complex battlefield? In this article, the main aim is to provide answers to this question. To be able to find right answers, first leadership and leadership components are defined, and then characteristics of future operational environment are analyzed. Finally, leadership features that are required to be successful in redefined battlefield are explained.

Keywords: future operational environment, leadership, leadership components

Procedia PDF Downloads 412

Authors: Adem Peker, Yüksel Eroğlu, İsmail Ay

Abstract:

As the information and communication technologies have become embedded in everyday life of adolescents, both their possible benefits and risks to adolescents are being identified. The information and communication technologies provide opportunities for adolescents to connect with peers and to access to information. However, as with other social connections, users of information and communication devices have the potential to meet and interact with in harmful ways. One emerging example of such interaction is cyber bullying. Cyber bullying occurs when someone uses the information and communication technologies to harass or embarrass another person. Cyber bullying can take the form of malicious text messages and e-mails, spreading rumours, and excluding people from online groups. Cyber bullying has been linked to psychological problems for cyber bullies and victims. Therefore, it is important to determine how internet addiction contributes to cyber bullying. Building on this question, this study takes a closer look at the relationship between internet addiction and cyber bullying. For this purpose, in this study, based on descriptive relational model, it was hypothesized that loss of control, excessive desire to stay online, and negativity in social relationships, which are dimensions of internet addiction, would be associated positively with cyber bullying and victimization. Participants were 383 high school students (176 girls and 207 boys; mean age, 15.7 years). Internet addiction was measured by using Internet Addiction Scale. The Cyber Victim and Bullying Scale was utilized to measure cyber bullying and victimization. The scales were administered to the students in groups in the classrooms. In this study, stepwise regression analyses were utilized to examine the relationships between dimensions of internet addiction and cyber bullying and victimization. Before applying stepwise regression analysis, assumptions of regression were verified. According to stepwise regression analysis, cyber bullying was predicted by loss of control (β=.26, p<.001) and negativity in social relationships (β=.13, p<.001). These variables accounted for 9 % of the total variance, with the loss of control explaining the higher percentage (8 %). On the other hand, cyber victimization was predicted by loss of control (β=.19, p<.001) and negativity in social relationships (β=.12, p<.001). These variables altogether accounted for 8 % of the variance in cyber victimization, with the best predictor loss of control (7 % of the total variance). The results of this study demonstrated that, as expected, loss of control and negativity in social relationships predicted cyber bullying and victimization positively. However, excessive desire to stay online did not emerge a significant predictor of both cyberbullying and victimization. Consequently, this study would enhance our understanding of the predictors of cyber bullying and victimization since the results proposed that internet addiction is related with cyber bullying and victimization.

Keywords: cyber bullying, internet addiction, adolescents, regression

Procedia PDF Downloads 292

Authors: Kevin Fernagut, Olivier Flauzac, Erick M. G. Robledo, Florent Nolot

Abstract:

The adoption of modern lightweight virtualization often comes with new threats and network vulnerabilities. This paper seeks to assess this with a different approach studying the behavior of a testbed built with tools such as Kernel-Based Virtual Machine (KVM), Linux Containers (LXC) and Docker, by performing stress tests within a platform where students experiment simultaneously with cyber-attacks, and thus observe the impact on the campus network and also find the best solution for cyber-security learning. Interesting outcomes can be found in the literature comparing these technologies. It is, however, difficult to find results of the effects on the global network where experiments are carried out. Our work shows that other physical hosts and the faculty network were impacted while performing these trials. The problems found are discussed, as well as security solutions and the adoption of new network policies.

Keywords: containerization, containers, cybersecurity, cyberattacks, isolation, performance, virtualization, virtual machines

Procedia PDF Downloads 121