Search results for: cyber attacks

Authors: Marianne Lumacang, Jessarine Dultra, Joana Fenol

Abstract:

Filipinos are known to be conservative, sex or pornography is not discussed openly in the Philippines, topic of sex, when raised, will most likely elicit snickers, jokes, and blushes in most Filipino or expressions of disgust. However, a lot of Filipinos are still engaging into this kind of activity for some reasons. The study aims to determine young adult’s point of view about cyber pornography viewing, as well as their reasons for engagement, and its effects on them and their relationship with their partner. Interpretative Phenomenological Analysis was used to explore how young adults make sense of cyber pornography viewing. The study focused on Filipino young adults who are in a romantic or married relationship, engage in cyber pornography viewing, and currently residing in Cavite, Philippines. A total of four young adult couples, four females and four males participated in the study as research participants. Data gathered from a total of four young adult couples resulted to a total of nine superordinate themes focusing on (1) exploring young adult couple’s rationales for cyber pornography viewing, (2) experiences of positive effects in engaging to cyber pornography viewing, (3) experiences of negative effects in engaging to cyber pornography viewing, (4) experience of infidelity, (5) experience of necessity, (6) females perception about cyber pornography viewing towards self, (7) males perception about cyber pornography viewing towards self, (8) males perception about cyber pornography viewing towards romantic partner, and (9) males perception about cyber pornography viewing towards others.

Keywords: cyberpornography, Filipino, interpretative phenomenological analysis, making sense of cyberpornography, young adult

Procedia PDF Downloads 286

Authors: Laxmi R. Kasaraneni

Abstract:

The Internet connects all the networks, including the nation’s critical infrastructure that are used extensively by not only a nation’s government and military to protect sensitive information and execute missions, but also the primary infrastructure that provides services that enable modern conveniences such as education, potable water, electricity, natural gas, and financial transactions. It has become the central nervous system for the government, the citizens, and the industries. When it is attacked, the effects can ripple far and wide impacts not only to citizens’ well-being but nation’s economy, civil infrastructure, and national security. As such, these critical services may be targeted by malicious hackers during cyber warfare, it is imperative to not only protect them and mitigate any immediate or potential threats, but to also understand the current or potential impacts beyond the IT networks or the organization. The Nation’s IT infrastructure which is now vital for communication, commerce, and control of our physical infrastructure, is highly vulnerable to attack. While existing technologies can address some vulnerabilities, fundamentally new architectures and technologies are needed to address the larger structural insecurities of an infrastructure developed in a more trusting time when mass cyber attacks were not foreseen. This research is intended to improve the core functions of the Internet and critical-sector information systems by providing a clear path to create a safe, secure, and resilient cyber environment that help stakeholders at all levels of government, and the private sector work together to develop the cybersecurity capabilities that are key to our economy, national security, and public health and safety. This research paper also emphasizes the present and future cyber security threats, the capabilities and goals of cyber attackers, a strategic concept and steps to implement cybersecurity for maximum effectiveness, enabling technologies, some strategic assumptions and critical challenges, and the future of cyberspace.

Keywords: critical challenges, critical infrastructure, cyber security, enabling technologies, national security

Procedia PDF Downloads 260

Authors: Van Trieu, Shouhuai Xu, Yusheng Feng

Abstract:

Tracking attack trajectories can be difficult, with limited information about the nature of the attack. Even more difficult as attack information is collected by Intrusion Detection Systems (IDSs) due to the current IDSs having some limitations in identifying malicious and anomalous traffic. Moreover, IDSs only point out the suspicious events but do not show how the events relate to each other or which event possibly cause the other event to happen. Because of this, it is important to investigate new methods capable of performing the tracking of attack trajectories task quickly with less attack information and dependency on IDSs, in order to prioritize actions during incident responses. This paper proposes a two-level graph causality framework for tracking attack trajectories in internet networks by leveraging observable malicious behaviors to detect what is the most probable attack events that can cause another event to occur in the system. Technically, given the time series of malicious events, the framework extracts events with useful features, such as attack time and port number, to apply to the conditional independent tests to detect the relationship between attack events. Using the academic datasets collected by IDSs, experimental results show that the framework can quickly detect the causal pairs that offer meaningful insights into the nature of the internet network, given only reasonable restrictions on network size and structure. Without the framework’s guidance, these insights would not be able to discover by the existing tools, such as IDSs. It would cost expert human analysts a significant time if possible. The computational results from the proposed two-level graph network model reveal the obvious pattern and trends. In fact, more than 85% of causal pairs have the average time difference between the causal and effect events in both computed and observed data within 5 minutes. This result can be used as a preventive measure against future attacks. Although the forecast may be short, from 0.24 seconds to 5 minutes, it is long enough to be used to design a prevention protocol to block those attacks.

Keywords: causality, multilevel graph, cyber-attacks, prediction

Procedia PDF Downloads 131

Authors: Ayomide Oyedele

Abstract:

In the dynamic landscape of cybersecurity, "Strategic Cyber Sentinel" emerges as a revolutionary framework, transcending traditional approaches. This paper pioneers a holistic strategy, weaving together threat intelligence, machine learning, and adaptive defenses. Through meticulous real-world simulations, we demonstrate the unprecedented resilience of our framework against evolving cyber threats. "Strategic Cyber Sentinel" redefines proactive threat mitigation, offering a robust defense architecture poised for the challenges of tomorrow.

Keywords: cybersecurity, resilience, threat intelligence, machine learning, adaptive defenses

Procedia PDF Downloads 35

Authors: Suleman Ibrahim

Abstract:

Purpose: The research is seeking people's perceptions on cybercrime issues, rather than their knowledge of the facts. Unlike the Tripartite Cybercrime Framework (TCF), the binary models are ill-equipped to differentiate between cyber fraud (a socioeconomic crime) and cyber bullying or cyber stalking (psychosocial cybercrimes). Whilst the binary categories suggested that digital crimes are dichotomized: (i.e. cyber-enabled and cyber-dependent), the TCF, recently proposed, argued that cybercrimes can be conceptualized into three groups: socioeconomic, psychosocial and geopolitical. Concomitantly, as regards to the experience/perceptions of cybercrime, the TCF’s claim requires substantiation beyond its theoretical realm. Approach/Methodology: This scholar endeavor framed with the TCF, deploys a survey method to explore the experience of cybercrime across gender. Drawing from over 400 participants in the UK, this study aimed to contrast the differential perceptions/experiences of socioeconomic cybercrime (e.g. cyber fraud) and psychological cybercrime (e.g. cyber bullying and cyber stalking) across gender. Findings: The results revealed that cyber stalking was rated as least serious of the different digital crime categories. Further revealed that female participants judged all types of cybercrimes as more serious than male participants, with the exception of socioeconomic cybercrime – cyber fraud. This distinction helps to emphasize that gender cultures and nuances not only apply both online and offline, it emphasized the utilitarian value of the TCF. Originality: Unlike existing data, this study has contrasted the differential perceptions and experience of socioeconomic and psychosocial cybercrimes with more refined variables.

Keywords: gender variations, psychosocial cybercrime, socioeconomic cybercrime, tripartite cybercrime framework

Procedia PDF Downloads 352

Authors: Roy. H. A. Lindelauf

Abstract:

Cyberattacks are complex processes consisting of multiple interwoven tasks conducted by a set of agents. Interdictions and defenses against such attacks often rely on cyber kill chain (CKC) models. A CKC is a framework that tries to capture the actions taken by a cyber attacker. There exists a growing body of literature on CKCs. Most of this work either a) describes the CKC with respect to one or more specific cyberattacks or b) discusses the tools and technologies used by the attacker at each stage of the CKC. Defenders, facing scarce resources, have to decide where to allocate their resources given the CKC and partial knowledge on the tools and techniques attackers use. In this presentation CKCs are analyzed through the lens of covert projects, i.e., interrelated tasks that have to be conducted by agents (human and/or computer) with the aim of going undetected. Various aspects of covert project models have been studied abundantly in the operations research and game theory domain, think of resource-limited interdiction actions that maximally delay completion times of a weapons project for instance. This presentation has investigated both cooperative and non-cooperative game theoretic covert project models and elucidated their relation to CKC modelling. To view a CKC as a covert project each step in the CKC is broken down into tasks and there are players of which each one is capable of executing a subset of the tasks. Additionally, task inter-dependencies are represented by a schedule. Using multi-glove cooperative games it is shown how a defender can optimize the allocation of his scarce resources (what, where and how to monitor) against an attacker scheduling a CKC. This study presents and compares several cooperative game theoretic solution concepts as metrics for assigning resources to the monitoring of agents.

Keywords: cyber defense, cyber kill chain, game theory, information warfare techniques

Procedia PDF Downloads 112

Authors: Najmeh Abedzadeh, Matthew Jacobs

Abstract:

An intrusion detection system (IDS) is a software application that monitors malicious activities and generates alerts if any are detected. However, most network activities in IDS datasets are normal, and the relatively few numbers of attacks make the available data imbalanced. Consequently, cyber-attacks can hide inside a large number of normal activities, and machine learning algorithms have difficulty learning and classifying the data correctly. In this paper, a comprehensive literature review is conducted on different types of algorithms for both implementing the IDS and methods in correcting the imbalanced IDS dataset. The most famous algorithms are machine learning (ML), deep learning (DL), synthetic minority over-sampling technique (SMOTE), and reinforcement learning (RL). Most of the research use the CSE-CIC-IDS2017, CSE-CIC-IDS2018, and NSL-KDD datasets for evaluating their algorithms.

Keywords: IDS, imbalanced datasets, sampling algorithms, big data

Procedia PDF Downloads 275

Authors: Francesco Lubrano, Fabrizio Bertone, Federico Stirano

Abstract:

Modern societies strongly depend on Critical Infrastructures (CI). Hospitals, power supplies, water supplies, telecommunications are just few examples of CIs that provide vital functions to societies. CIs like hospitals are very complex environments, characterized by a huge number of cyber and physical systems that are becoming increasingly integrated. Ensuring a high level of security within such critical infrastructure requires a deep knowledge of vulnerabilities, threats, and potential attacks that may occur, as well as defence and prevention or mitigation strategies. The possibility to remotely monitor and control almost everything is pushing the adoption of network-connected devices. This implicitly introduces new threats and potential vulnerabilities, posing a risk, especially to those devices connected to the Internet. Modern medical devices used in hospitals are not an exception and are more and more being connected to enhance their functionalities and easing the management. Moreover, hospitals are environments with high flows of people, that are difficult to monitor and can somehow easily have access to the same places used by the staff, potentially creating damages. It is therefore clear that physical and cyber threats should be considered, analysed, and treated together as cyber-physical threats. This means that an integrated approach is required. SAFECARE, an integrated cyber-physical security solution, tries to respond to the presented issues within healthcare infrastructures. The challenge is to bring together the most advanced technologies from the physical and cyber security spheres, to achieve a global optimum for systemic security and for the management of combined cyber and physical threats and incidents and their interconnections. Moreover, potential impacts and cascading effects are evaluated through impact propagation models that rely on modular ontologies and a rule-based engine. Indeed, SAFECARE architecture foresees i) a macroblock related to cyber security field, where innovative tools are deployed to monitor network traffic, systems and medical devices; ii) a physical security macroblock, where video management systems are coupled with access control management, building management systems and innovative AI algorithms to detect behavior anomalies; iii) an integration system that collects all the incoming incidents, simulating their potential cascading effects, providing alerts and updated information regarding assets availability.

Keywords: cyber security, defence strategies, impact propagation, integrated security, physical security

Procedia PDF Downloads 138

Authors: Rabia Qusien

Abstract:

New media has emerged as a significant force in the society which connects people across the globe. Where new media brought many advantages for its users, there is a darker aspect of new technology in the form of cyberbullying. Researcher has employed survey method to reach to its targeted audience. Sample of 604 respondents was selected from one of metropolitan city of Pakistan Lahore to collect the data. Equal sample from both genders was selected to apply gender analysis. Results of this study indicate that cyber bullying is having significant psychological and educational effects. Females face more cyber bullying incidents as compared to males so they face more severe effects of cyber bullying. A comprehensive analysis of managing strategies depicts that mostly youth tries to handle this issue personally but at times they seek the support of their family and friends when they face severe issues. Due to privacy concerns females get more upset and they are more likely to seek social support from friends and family.

Keywords: cyber bullying, cyber victims, educational impacts, psychological impacts

Procedia PDF Downloads 111

Authors: Kamyar Fakhr, Roozbeh Salmani

Abstract:

Alphonse Bertillon developed the first biometric security system in the 1800s. Today, many governments and giant companies are considering or have procured biometrically enabled security schemes. Iris is a kaleidoscope of patterns and colors. Each individual holds a set of irises more unique than their thumbprint. Every single day, giant companies like Google and Apple are experimenting with reliable biometric systems. Now, after almost 200 years of improvements, face ID does not work with masks, it gives access to fake 3D images, and there is no global usage of biometric recognition systems as national identity (ID) card. The goal of this paper is to demonstrate the advantages of iris recognition overall biometric recognition systems. It make two extensions: first, we illustrate how a very large amount of internet fraud and cyber abuse is happening due to bugs in face recognition systems and in a very large dataset of 3.4M people; second, we discuss how establishing a secure global network of iris recognition devices connected to authoritative convolutional neural networks could be the safest solution to this dilemma. Another aim of this study is to provide a system that will prevent system infiltration caused by cyber-attacks and will block all wireframes to the data until the main user ceases the procedure.

Keywords: biometric system, convolutional neural network, cyber-attack, secure

Procedia PDF Downloads 188

Authors: Vasileios Anastopoulos

Abstract:

Cyber threat intelligence assists organizations in understanding the threats they face and helps them make educated decisions on preparing their defenses. Sharing of threat intelligence and threat information is increasingly leveraged by organizations and enterprises, and various software solutions are already available, with the open-source malware information sharing platform (MISP) being a popular one. In this work, a methodology for the production of cyber threat intelligence using the threat information stored in MISP is proposed. The methodology leverages the discipline of social network analysis and the diamond model, a model used for intrusion analysis, to produce cyber threat intelligence. The workings are demonstrated with a case study on a production MISP instance of a real organization. The paper concluded with a discussion on the proposed methodology and possible directions for further research.

Keywords: cyber threat intelligence, diamond model, malware information sharing platform, social network analysis

Procedia PDF Downloads 125

Authors: Adem Peker, Yüksel Eroğlu, İsmail Ay

Abstract:

As the information and communication technologies have become embedded in everyday life of adolescents, both their possible benefits and risks to adolescents are being identified. The information and communication technologies provide opportunities for adolescents to connect with peers and to access to information. However, as with other social connections, users of information and communication devices have the potential to meet and interact with in harmful ways. One emerging example of such interaction is cyber bullying. Cyber bullying occurs when someone uses the information and communication technologies to harass or embarrass another person. Cyber bullying can take the form of malicious text messages and e-mails, spreading rumours, and excluding people from online groups. Cyber bullying has been linked to psychological problems for cyber bullies and victims. Therefore, it is important to determine how internet addiction contributes to cyber bullying. Building on this question, this study takes a closer look at the relationship between internet addiction and cyber bullying. For this purpose, in this study, based on descriptive relational model, it was hypothesized that loss of control, excessive desire to stay online, and negativity in social relationships, which are dimensions of internet addiction, would be associated positively with cyber bullying and victimization. Participants were 383 high school students (176 girls and 207 boys; mean age, 15.7 years). Internet addiction was measured by using Internet Addiction Scale. The Cyber Victim and Bullying Scale was utilized to measure cyber bullying and victimization. The scales were administered to the students in groups in the classrooms. In this study, stepwise regression analyses were utilized to examine the relationships between dimensions of internet addiction and cyber bullying and victimization. Before applying stepwise regression analysis, assumptions of regression were verified. According to stepwise regression analysis, cyber bullying was predicted by loss of control (β=.26, p<.001) and negativity in social relationships (β=.13, p<.001). These variables accounted for 9 % of the total variance, with the loss of control explaining the higher percentage (8 %). On the other hand, cyber victimization was predicted by loss of control (β=.19, p<.001) and negativity in social relationships (β=.12, p<.001). These variables altogether accounted for 8 % of the variance in cyber victimization, with the best predictor loss of control (7 % of the total variance). The results of this study demonstrated that, as expected, loss of control and negativity in social relationships predicted cyber bullying and victimization positively. However, excessive desire to stay online did not emerge a significant predictor of both cyberbullying and victimization. Consequently, this study would enhance our understanding of the predictors of cyber bullying and victimization since the results proposed that internet addiction is related with cyber bullying and victimization.

Keywords: cyber bullying, internet addiction, adolescents, regression

Procedia PDF Downloads 288

Authors: Sandro Bartolini, Alessandro Mecocci, Alessio Medaglini

Abstract:

The growing popularity of systems based on unmanned aerial vehicles (UAVs) is highlighting their vulnerability, particularly in relation to the positioning system used. Typically, UAV architectures use the civilian GPS, which is exposed to a number of different attacks, such as jamming or spoofing. This is why it is important to develop alternative methodologies to accurately estimate the actual UAV position without relying on GPS measurements only. In this paper, we propose a position estimate method for UAVs based on monocular visual odometry. We have developed a flight control system capable of keeping track of the entire trajectory travelled, with a reduced dependency on the availability of GPS signals. Moreover, the simplicity of the developed solution makes it applicable to a wide range of commercial drones. The final goal is to allow for safer flights in all conditions, even under cyber-attacks trying to deceive the drone.

Keywords: visual odometry, autonomous uav, position measurement, autonomous outdoor flight

Procedia PDF Downloads 188

Authors: Habib Gorine, Rabia Saleh

Abstract:

Mobile Ad-Hoc Networks are the special type of wireless networks which share common security requirements with other networks such as confidentiality, integrity, authentication, and availability, which need to be addressed in order to secure data transfer through the network. Their routing protocols are vulnerable to various malicious attacks which could have a devastating consequence on data security. In this paper, three types of attacks such as selfish, gray hole, and black hole attacks have been applied to the two most important routing protocols in MANET named dynamic source routing and ad-hoc on demand distance vector in order to analyse and compare the impact of these attacks on the Network performance in terms of throughput, average delay, packet loss, and consumption of energy using NS2 simulator.

Keywords: MANET, wireless networks, routing protocols, malicious attacks, wireless networks simulation

Procedia PDF Downloads 282

Authors: Irfan Mohiuddin, Ahmad Al Mogren

Abstract:

In recent years, cloud computing has earned substantial attention in the Oil and Gas Industry and provides services in all the phases of the industry lifecycle. Oil and gas supply infrastructure, in particular, is more vulnerable to accidental, natural and intentional threats because of its widespread distribution. Numerous surveys have been conducted on cloud security and privacy. However, to the best of our knowledge, hardly any survey is carried out that reviews cyber security in all phases with a cloud computing perspective. Moreover, a distinctive classification is performed for all the cloud-based cyber security measures based on the cloud component in use. The classification approach will enable researchers to identify the required technique used to enhance the security in specific cloud components. Also, the limitation of each component will allow the researchers to design optimal algorithms. Lastly, future directions are given to point out the imminent challenges that can pave the way for researchers to further enhance the resilience to cyber security threats in the oil and gas industry.

Keywords: cyber security, cloud computing, safety and security, oil and gas industry, security threats, oil and gas pipelines

Procedia PDF Downloads 113

Authors: Kevin Fernagut, Olivier Flauzac, Erick M. G. Robledo, Florent Nolot

Abstract:

The adoption of modern lightweight virtualization often comes with new threats and network vulnerabilities. This paper seeks to assess this with a different approach studying the behavior of a testbed built with tools such as Kernel-Based Virtual Machine (KVM), Linux Containers (LXC) and Docker, by performing stress tests within a platform where students experiment simultaneously with cyber-attacks, and thus observe the impact on the campus network and also find the best solution for cyber-security learning. Interesting outcomes can be found in the literature comparing these technologies. It is, however, difficult to find results of the effects on the global network where experiments are carried out. Our work shows that other physical hosts and the faculty network were impacted while performing these trials. The problems found are discussed, as well as security solutions and the adoption of new network policies.

Keywords: containerization, containers, cybersecurity, cyberattacks, isolation, performance, virtualization, virtual machines

Procedia PDF Downloads 114

Authors: Urva Maryam

Abstract:

The information has become an important asset to the current cosmos. Globally, various tactics are being observed to confine the spread of information as it makes people vulnerable to security attacks. Open Source Intelligence (OSINT) is a publicly available source that has disseminated information about users or websites, companies, and various organizations. This paper focuses on the quantitative method of exploring various OSINT tools that reveal public information of personals. This information could further facilitate phishing attacks. Phishing attacks can be launched on email addresses, open ports, and unsecure web-surfing. This study allows to analyze the information retrieved from OSINT tools, i.e. theHarvester, and Maltego that can be used to send phishing attacks to individuals.

Keywords: e-mail spoofing, Maltego, OSINT, phishing, spear phishing, theHarvester

Procedia PDF Downloads 107

Authors: Urva Maryam

Abstract:

Information has become an important asset to the current cosmos. Globally, various tactics are being observed to confine the spread of information as it makes people vulnerable to security attacks. Open Source Intelligence (OSINT) is a publicly available source that has disseminated information about users or website, companies, and various organizations. This paper focuses on the quantitative method of exploring various OSINT tools that reveal public information of personals. This information could further facilitate the phishing attacks. Phishing attacks can be launched on email addresses, open ports, and unsecured web-surfing. This study allows to analyze information retrieved from OSINT tools i.e., the Harvester, and Maltego, that can be used to send phishing attacks to individuals.

Keywords: OSINT, phishing, spear phishing, email spoofing, the harvester, maltego

Procedia PDF Downloads 43

Authors: Shireen Simon

Abstract:

Cyberbullying among schoolchildren and teenagers became a hot issue discussed by Malaysian society. Cyberbullying is a new age of bullying because it uses the modern digital technology intentionally to hurt and degrade someone in the cyber world. Cyberbullying is a problem affecting many teenagers as they embrace online communication and interaction whereby virtual world with no borders. By adopting a qualitative approach, this study has captured 8 cyberbullied victims’ school experience. Even years after leaving school, these 8 cyberbullied victims remember how it feels to be bullied in the cyber world. The principal investigator also tries to identify the possibility factors that contribute to cyberbullying among these 8 victims. The result shows that these victims were bullied differently in cyber world. This study not just primarily focuses on cyberbullying issues among schoolchildren and teenagers; it also addresses the motives and causes of cyberbullying. Lastly, this article will be served as guidance for school teachers, parents and teenagers to prepare to tackle cyberbullying together. Cyberbullying is no laughing matter in our community, and it is time to spread the seeds of peace inspires others to do the same.

Keywords: cyberbullying, cyber victimization, internet, school experience, teenagers

Procedia PDF Downloads 261

Authors: Nathaniel Evans, Jessica Boersma, Kenneth Kass

Abstract:

With technology and STEM fields growing every day, there is a significant projected shortfall in qualified cybersecurity workers. As such, it is essential to develop a cybersecurity curriculum that builds skills and cultivates interest in cybersecurity early on. With new jobs being created every day and an already significant gap in the job market, it is vital that educators are pro-active in introducing a cybersecurity curriculum where students are able to learn new skills and engage in an age-appropriate cyber curriculum. Within this growing world of cybersecurity, students should engage in age-appropriate technology and cybersecurity curriculum, starting with elementary school (k-5), extending through high school, and ultimately into college. Such practice will provide students with the confidence, skills, and, ultimately, the opportunity to work in the burgeoning information security field. This paper examines educational methods, pedagogical practices, current cybersecurity curricula, and other educational resources and conducts analysis for false assumptions and developmental appropriateness. It also examines and identifies common mistakes with current cyber curriculum and lessons and discuss strategies for improvement. Throughout the lessons that were reviewed, many common mistakes continued to pop up. These mistakes included age appropriateness, technology resources that were available, and consistency of student’s skill levels. Many of these lessons were written for the wrong grade levels. The ones written for the elementary level all had activities that assumed that every student in the class could read at grade level and also had background knowledge of the cyber activity at hand, which is not always the case. Another major mistake was that these lessons assumed that all schools had any kind of technology resource available to them. Some schools are 1:1, and others are only allotted three computers in their classroom where the students have to share. While coming up with a cyber-curriculum, it has to be kept in mind that not all schools are the same, not every classroom is the same. There are many students who are not reading at their grade level or have not had exposure to the digital world. We need to start slow and ease children into the cyber world. Once they have a better understanding, it will be easier to move forward with these lessons and get the students engaged. With a better understanding of common mistakes that are being made, a more robust curriculum and lessons can be created that no only spark a student’s interest in this much-needed career field but encourage learning while keeping our students safe from cyber-attacks.

Keywords: assumptions, cybersecurity, k-12, teacher

Procedia PDF Downloads 134

Authors: Serzhan Ashirov, Dana Nour, Rafat Rob, Khaled Alotaibi

Abstract:

There has been a fast growth in the introduction and use of communications, information, monitoring, and sensing technologies. The new technologies are making their way to the Industrial Control Systems as embedded in products, software applications, IT services, or commissioned to enable integration and automation of increasingly global supply chains. As a result, the lines that separated the physical, digital, and cyber world have diminished due to the vast implementation of the new, disruptive digital technologies. The variety and increased use of these technologies introduce many cybersecurity risks affecting cyber-resilience of the supply chain, both in terms of the product or service delivered to a customer and members of the supply chain operation. US department of energy considers supply chain in the IR4 space to be the weakest link in cybersecurity. The IR4 identified the digitization of the field devices, followed by digitalization that eventually moved through the digital transformation space with little care for the new introduced cybersecurity risks. This paper will examine the best methodologies for securing the electrical substations from cybersecurity attacks due to supply chain risks, and due to digitization effort. SCADA systems are the most vulnerable part of the power system infrastructure due to digitization and due to the weakness and vulnerabilities in the supply chain security. The paper will discuss in details how create a secure supply chain methodology, secure substations, and mitigate the risks due to digitization

Keywords: cybersecurity, supply chain methodology, secure substation, digitization

Procedia PDF Downloads 37

Authors: Hazem Munawer Al-Otum

Abstract:

In this work, an efficient watermarking technique is proposed and can be used for detecting intentional attacks in RGB color images. The proposed technique can be implemented for image authentication and exhibits high robustness against unintentional common image processing attacks. It deploys two measures to discern between intentional and unintentional attacks based on using a quantization-based technique in a modified 2D multi-pyramidal DWT transform. Simulations have shown high accuracy in detecting intentionally attacked regions while exhibiting high robustness under moderate to severe common image processing attacks.

Keywords: image authentication, copyright protection, semi-fragile watermarking, tamper detection

Procedia PDF Downloads 224

Authors: Jessemyn Modiini, Timothy Lynar, Elena Sitnikova

Abstract:

We present a novel enhanced compartmental model for malware spread analysis in cyber security. This paper applies cyber security data features to epidemiological compartmental models to model the infectious potential of malware. Compartmental models are most efficient for calculating the infectious potential of a disease. In this paper, we discuss and profile epidemiologically relevant data features from a Domain Name System (DNS) dataset. We then apply these features to epidemiological compartmental models to network traffic features. This paper demonstrates how epidemiological principles can be applied to the novel analysis of key cybersecurity behaviours and trends and provides insight into threat modelling above that of kill-chain analysis. In applying deterministic compartmental models to a cyber security use case, the authors analyse the deficiencies and provide an enhanced stochastic model for cyber epidemiology. This enhanced compartmental model (SUEICRN model) is contrasted with the traditional SEIR model to demonstrate its efficacy.

Keywords: cybersecurity, epidemiology, cyber epidemiology, malware

Procedia PDF Downloads 82

Authors: Lauren Provost

Abstract:

The digital world remains increasingly vulnerable, making the development of effective cybersecurity approaches even more critical in supporting the success of the digital economy and national security. Although approaches to cybersecurity have shifted and improved in the last decade with new models, especially with cloud computing and mobility, a record number of high severity vulnerabilities were recorded in the National Institute of Standards and Technology (NIST), and its National Vulnerability Database (NVD) in 2020. This is due, in part, to the increasing complexity of cyber ecosystems. Security must be approached with a more comprehensive, multi-tool strategy that addresses the complexity of cyber ecosystems, including the human factor. Ethical hacking has emerged as such an approach: a more effective, multi-strategy, comprehensive approach to cyber security's most pressing needs, especially understanding the human factor. Research on ethical hacking, however, is limited in scope. The two main objectives of this work are to (1) provide highlights of case studies in ethical hacking, (2) provide a conceptual framework for research in ethical hacking that embraces and addresses both technical and nontechnical security measures. Recommendations include an improved conceptual framework for research centered on ethical hacking that addresses many factors and attributes of significant attacks that threaten computer security; a more robust, integrative multi-layered framework embracing the complexity of cybersecurity ecosystems.

Keywords: ethical hacking, literature review, penetration testing, social engineering

Procedia PDF Downloads 178

Authors: Jong-Hyo Park, Eunyoung Choi, Jae-Yeon Lim, Seon-Suk Lee, Yeong-Rong Koo, Ji-Ung Kwon, Kyung-Sung Kim, Jong-Ik Lee, Juhan Park, Hyun-Kyu Lee, Won-Kyoung Oh, Jisang Lee, Jiwon Choe

Abstract:

Due to COVID-19, cyber violence among youths has soared as they spend more time online than before. In contrast to the deepening concerns, measurement tools that can assess the vulnerability of cyber violence in individual youths still need to be supplemented. The measurement tools lack consideration of various factors related to cyber violence among youths. Most of the tools are self-report questionnaires, and these adolescents' self-report questionnaire forms can underestimate the harmful behavior and overestimate the damage experience. Therefore, this study aims to develop a multi-report measurement tool for youths that can reliably measure individuals' ecological factors related to cyber violence. The literature review explored factors related to cyber violence, and the questions were constructed. The face validity of the questions was confirmed by conducting focus group interviews. Exploratory and confirmatory factor analyses (N=671) were also conducted for statistical validation. This study developed a multi-report measurement tool for cyber violence with 161 questions, consisting of six domains: online behavior, cyber violence awareness, victimization-perpetration-witness experience, coping efficacy (individuals, peers, teachers, and parents), psychological characteristics, and pro-social capabilities. In addition to self-report from a youth respondent, this measurement tool includes peers, teachers, and parents reporting for the respondent. It is possible to reliably measure the ecological factors of individual youths who are vulnerable or highly resistant to cyber violence. In schools, teachers could refer to the measurement results for guiding students, better understanding their cyber violence conditions, and assessing their pro-social capabilities. With the measurement results, teachers and police officers could detect perpetrators or victims and intervene immediately. In addition, this measurement tool could analyze the effects of the prevention and intervention programs for cyber violence and draw appropriate suggestions.

Keywords: adolescents, cyber violence, cyber violence measurement tool, measurement tool, multi-report measurement tool, youths

Procedia PDF Downloads 71

Authors: Belbahi Ahlam

Abstract:

With the phenomenal growth in the Internet, network security has become an integral part of computer and information security. In order to come up with measures that make networks more secure, it is important to learn about the vulnerabilities that could exist in a computer network and then have an understanding of the typical attacks that have been carried out in such networks. The first half of this paper will expose the readers to the classical network attacks that have exploited the typical vulnerabilities of computer networks in the past and solutions that have been adopted since then to prevent or reduce the chances of some of these attacks. The second half of the paper will expose the readers to the different network security controls including the network architecture, protocols, standards and software/ hardware tools that have been adopted in modern day computer networks.

Keywords: network security, attacks and controls, computer and information, solutions

Procedia PDF Downloads 417

Authors: Sneha Leslie

Abstract:

The current situation in the cyber world is that crimes performed by Botnets are increasing and the masterminds (botmaster) are not detectable easily. The botmaster in the botnet compromises the legitimate host machines in the network and make them bots or zombies to initiate the cyber-attacks. This paper will focus on the live detection of the botmaster in the network by using the strong framework 'metasploit', when distributed denial of service (DDOS) attack is performed by the botnet. The affected victim machine will be continuously monitoring its incoming packets. Once the victim machine gets to know about the excessive count of packets from any IP, that particular IP is noted and details of the noted systems are gathered. Using the vulnerabilities present in the zombie machines (already compromised by botmaster), the victim machine will compromise them. By gaining access to the compromised systems, applications are run remotely. By analyzing the incoming packets of the zombies, the victim comes to know the address of the botmaster. This is an effective and a simple system where no specific features of communication protocol are considered.

Keywords: bonet, DDoS attack, network security, detection system, metasploit framework

Procedia PDF Downloads 223

Authors: Misha Teimouri

Abstract:

Our world has been transformed by the use of the internet and the constant flow of information. While this transmission has its benefits, it has also added significant challenges to family relations, primarily in the field of parenting and children's digital lives. Screens, speed, and connectedness are the words that characterize the lives of today's digital generation; it's as if the entire world is in their pockets at all times. Parents attempt to regulate and control their children's internet use in the hopes of maximizing the advantages and minimizing the disadvantages of their children's internet use; however, given that children spend more time online, particularly ever since the pandemic, children's cyber-aggression has become an issue for them. Children may externalize their behavior online, bully others, send anger/hatred/resist messages, share violent and bloody content, and engage in sexting. These types of online aggression make parenting more difficult, especially for digital immigrant parents compared to digital native parents. In response to these challenges, this study investigated the level of cyber aggression among children, as well as the effects of digi-parenting (active, monitoring, restrictive, and warm and supportive) on children's cyber-aggression (sexual, verbal, visual) as victims or aggressors. The study also determined whether there were any differences in parenting styles between digital natives (DN) and digital immigrants. In accordance with the study, boys and older children are more likely to engage in cyber aggression as aggressors, whereas girls and younger children are more likely to engage as victims. Warmth and supportive digiparenting have a greater impact on children's cyber-aggression (sexual, verbal, and visual) as victims or aggressors. This study also found that, when compared to DI parents, DN parents are more successful at digi-parenting and reducing their children's exposure to cyber-aggression.

Keywords: digi-parenting, cyber-aggression, digital natives, digital immigrants, children's cyber-aggression (sexual, verbal, visual)

Procedia PDF Downloads 21

Authors: Yunos Zahri, Ab Hamid R. Susanty, Ahmad Mustaffa

Abstract:

This paper explores the need for a national baseline study on understanding the level of cyber security situational awareness among primary and secondary school students in Malaysia. The online survey method was deployed to administer the data collection exercise. The target groups were divided into three categories: Group 1 (primary school aged 7-9 years old), Group 2 (primary school aged 10-12 years old), and Group 3 (secondary school aged 13-17 years old). A different questionnaire set was designed for each group. The survey topics/areas included Internet and digital citizenship knowledge. Respondents were randomly selected from rural and urban areas throughout all 14 states in Malaysia. A total of 9,158 respondents participated in the survey, with most states meeting the minimum sample size requirement to represent the country’s demographics. The findings and recommendations from this baseline study are fundamental to develop teaching modules required for children to understand the security risks and threats associated with the Internet throughout their years in school. Early exposure and education will help ensure healthy cyber habits among millennials in Malaysia.

Keywords: cyber security awareness, cyber security education, cyber security, school students

Procedia PDF Downloads 265

Authors: Papathanasiou Anastasios, Liontos George, Liagkou Vasiliki, Glavas Euripides

Abstract:

The purpose of this paper is to describe the growing problem of various cyber fraud schemes that exist on the internet and are currently among the most prevalent. The main focus of this paper is to provide a detailed description of the modus operandi, tools, and techniques utilized in four basic typologies of cyber frauds: Business Email Compromise (BEC) attacks, investment fraud, romance scams, and online sales fraud. The paper aims to shed light on the methods employed by cybercriminals in perpetrating these types of fraud, as well as the strategies they use to deceive and victimize individuals and businesses on the internet. Furthermore, this study outlines defense strategies intended to tackle the issue head-on, with a particular emphasis on the crucial role played by European Legislation. European legislation has proactively adapted to the evolving landscape of cyber fraud, striving to enhance cybersecurity awareness, bolster user education, and implement advanced technical controls to mitigate associated risks. The paper evaluates the advantages and innovations brought about by the European Legislation while also acknowledging potential flaws that cybercriminals might exploit. As a result, recommendations for refining the legislation are offered in this study in order to better address this pressing issue.

Keywords: business email compromise, cybercrime, European legislation, investment fraud, NIS, online sales fraud, romance scams

Procedia PDF Downloads 55