Search results for: insider threat

Authors: Claire Norman-Maillet

Abstract:

Insider fraud, otherwise known as occupational, employee, or internal fraud, is a financial crime threat. Perpetrated by defrauding (or attempting to defraud) one’s current, prospective, or past employer, an ‘employee’ covers anyone employed by the company, including board members and contractors. The Coronavirus pandemic has forced insider fraud into the spotlight, and it isn’t dimming. As the focus of most academics and practitioners has historically been on that of ‘external fraud’, insider fraud is often overlooked or not considered to be a real threat. However, since COVID-19 changed the working world, pushing most of us into remote or hybrid working, employers cannot easily keep an eye on what their staff are doing, which has led to reliance on trust and transparency. This, therefore, brings about an increased risk of insider fraud perpetration. The objective of this paper is to explore why insider fraud is, therefore, now the biggest threat to a business. To achieve the research objective, participating individuals within the financial crime sector (either as a practitioner or consultants) attended semi-structured interviews with the researcher. The principal recruitment strategy for these individuals was via the researcher’s LinkedIn network. The main findings in the research suggest that insider fraud has been ignored and rejected as a threat to a business, owing to a reluctance to admit that a colleague may perpetrate. A positive of the Coronavirus pandemic is that it has forced insider fraud into a more prominent position and giving it more importance on a business’ agenda and risk register. Despite insider fraud always having been a possibility (and therefore a risk) within any business, it is very rare that a business has given it the attention it requires until now, if at all. The research concludes that insider fraud needs to prioritised by all businesses, and even ahead of external fraud. The research also provides advice on how a business can add new or enhance existing controls to mitigate the risk.

Keywords: insider fraud, occupational fraud, COVID-19, COVID, coronavirus, pandemic, internal fraud, financial crime, economic crime

Procedia PDF Downloads 34

Authors: Claire Norman-Maillet

Abstract:

Insider fraud is a major financial crime threat whereby an employee defrauds (or attempts to defraud) their current, prospective, or past employer. ‘Employee’ covers anyone employed by the company, including Board members and part-time staff. Insider fraud can take many forms, including an employee working alone or in collusion with others. Insider fraud has been on the rise since the Coronavirus pandemic and shows no signs of slowing. The objective of the research is to better understand how FinTechs are impacted by insider fraud and, therefore, how to stop it. This research will make an original contribution to the financial crime field, given the timing of this research being intertwined with the cost-of-living crisis in the UK and the global Coronavirus pandemic. This research focuses on insider fraud within FinTechs specifically, as they are arguably a modern phenomenon in the financial institutions space and have cutting-edge technology at their disposal. To achieve the research objective, the researcher held semi-structured interviews with over 20 individuals who deal with insider fraud perpetration in a practitioner, recruitment, or advisory capacity. The interviews were subsequently transcribed and analysed thematically. Main findings in the research suggest that FinTechs are arguably in the best position to combat insider fraud, given their focus on using recent technologies, as this can be used to combat the threat. However, insider fraud has been ignored owing to the denial of accepting the possibility that colleagues would defraud their employer, as well as the idea that external fraud is the most important threat. The research concludes that, whilst the technology is understandably prioritised by FinTechs for providing an agreeable customer experience, insider fraud needs to be given a platform upon which to be recognised as a significant threat to any company. Moreover, insider fraud needs to be given the same level of weighting and attention by Executive Committees and Boards as the customer experience.

Keywords: insider fraud, occupational fraud, COVID-19, COVID, Coronavirus, pandemic, internal fraud, financial crime, economic crime

Procedia PDF Downloads 28

Authors: Claire Norman-Maillet

Abstract:

Insider fraud, including its various synonyms such as occupational, employee or internal fraud, is a major financial crime threat whereby an employee defrauds (or attempts to defraud) their current, prospective, or past employer. ‘Employee’ covers anyone employed by the company, including contractors, directors, and part time staff; they may be a solo bad actor or working in collusion with others, whether internal or external. Insider fraud is even more of a concern given the impacts of the Coronavirus pandemic, which has generated multiple opportunities to commit insider fraud. Insider fraud is something that is not necessarily thought of as a significant financial crime threat; the focus of most academics and practitioners has historically been on that of ‘external fraud’ against businesses or entities where an individual or group has no professional ties. Without the face-to-face, ‘over the shoulder’ capabilities of staff being able to keep an eye on their employees, there is a heightened reliance on trust and transparency. With this, naturally, comes an increased risk of insider fraud perpetration. The objective of the research is to better understand how companies are impacted by insider fraud, and therefore how to stop it. This research will make both an original contribution and stimulate debate within the financial crime field. The financial crime landscape is never static – criminals are always creating new ways to perpetrate financial crime, and new legislation and regulations are implemented as attempts to strengthen controls, in addition to businesses doing what they can internally to detect and prevent it. By focusing on insider fraud specifically, the research will be more specific and will be of greater use to those in the field. To achieve the aims of the research, semi-structured interviews were conducted with 22 individuals who either work in financial services and deal with insider fraud or work within insider fraud perpetration in a recruitment or advisory capacity. This was to enable the sourcing of information from a wide range of individuals in a setting where they were able to elaborate on their answers. The principal recruitment strategy was engaging with the researcher’s network on LinkedIn. The interviews were then transcribed and analysed thematically. Main findings in the research suggest that insider fraud has been ignored owing to the denial of accepting the possibility that colleagues would defraud their employer. Whilst Coronavirus has led to a significant rise in insider fraud, this type of crime has been a major risk to businesses since their inception, however have never been given the financial or strategic backing required to be mitigated, until it's too late. Furthermore, Coronavirus should have led to companies tightening their access rights, controls and policies to mitigate the insider fraud risk. However, in most cases this has not happened. The research concludes that insider fraud needs to be given a platform upon which to be recognised as a threat to any company and given the same level of weighting and attention by Executive Committees and Boards as other types of economic crime.

Keywords: fraud, insider fraud, economic crime, coronavirus, Covid-19

Procedia PDF Downloads 36

Authors: Sarthak Kumar Jena, Chandra Sekhar Mishra, Prabina Rajib

Abstract:

Purpose: This paper aims to derive undervaluation signal from the insiders trading of Indian companies where the ownership is complex and concentrated, investors protection is weak, and the insider rules and regulations are not stringent like developed country. This study examines the relationship between insider trading with short term and long term abnormal return. The study also examines the relationship between insider trading and the actual share repurchase by the firm. Methodology: A sample of 78 companies over the period 2008-2013 are analyzed in the study due to not availability of insider data in Indian context. For preliminary analysis T-test and Wilcoxon rank sum test is used to find the difference between the insider trading before and after the share repurchase announcement. Tobit model is used to find out whether insider trading influence shares repurchase decisions or not. Return on the basis of market model and buy hold are calculated in the previous year and the following year of share repurchase announcement. Findings: The paper finds that insider trading around share repurchase is more than control firms and there is positive and significant difference in insider buying between the previous year of share buyback announcement and the following year of buyback announcement. Insider buying before share repurchase announcement has a positive influence on share repurchase decisions. We find insider buying has a positive and significant relationship with announcement return, whereas insider selling has a negative significant relationship with announcement return. Actual share repurchase and program completion also depend on insider trading before share repurchase. Research limitation: The study is constrained by the small sample size, so the results should be viewed by keeping this limitation in mind. Originality: The paper is to our best knowledge the first study based on Indian context to extend the insider trading literature to share repurchase event and examine insider trading to find out undervaluation signal associated with insider buying.

Keywords: insider trading, buyback, open market share repurchase, signalling

Procedia PDF Downloads 159

Authors: Abdoulaye Diop, Nahid Emad, Thierry Winter, Mohamed Hilia

Abstract:

Data assets protection is a crucial issue in the cybersecurity field. Companies use logical access control tools to vault their information assets and protect them against external threats, but they lack solutions to counter insider threats. Nowadays, insider threats are the most significant concern of security analysts. They are mainly individuals with legitimate access to companies information systems, which use their rights with malicious intents. In several fields, behavior anomaly detection is the method used by cyber specialists to counter the threats of user malicious activities effectively. In this paper, we present the step toward the construction of a user and entity behavior analysis framework by proposing a behavior anomaly detection model. This model combines machine learning classification techniques and graph-based methods, relying on linear algebra and parallel computing techniques. We show the utility of an ensemble learning approach in this context. We present some detection methods tests results on an representative access control dataset. The use of some explored classifiers gives results up to 99% of accuracy.

Keywords: cybersecurity, data protection, access control, insider threat, user behavior analysis, ensemble learning, high performance computing

Procedia PDF Downloads 96

Authors: Shamatha Shetty, Sakshi Dhabadi, Prerana M., Indushree B.

Abstract:

About 66% of firms claim that insider attacks are more likely to happen. The frequency of insider incidents has increased by 47% in the last two years. The goal of this work is to prevent dangerous employee behavior by using keyloggers and the Machine Learning (ML) model. Every keystroke that the user enters is recorded by the keylogging program, also known as keystroke logging. Keyloggers are used to stop improper use of the system. This enables us to collect all textual data, save it in a CSV file, and analyze it using an ML algorithm and the VirusTotal API. Many large companies use it to methodically monitor how their employees use computers, the internet, and email. We are utilizing the SVM algorithm and the VirusTotal API to improve overall efficiency and accuracy in identifying specific patterns and words to automate and offer the report for improved monitoring.

Keywords: cyber security, machine learning, cyclic process, email notification

Procedia PDF Downloads 20

Authors: Roman Kulikov, Svetlana Kolesnikova

Abstract:

Last decade Cloud Computing technologies have been rapidly becoming ubiquitous. Each year more and more organizations, corporations, internet services and social networks trust their business sensitive information to Public Cloud. The data storage in Public Cloud is protected by security mechanisms such as firewalls, cryptography algorithms, backups, etc.. In this way, however, only outsider attacks can be prevented, whereas virtualization tools can be easily compromised by insider. The protection of Public Cloud’s critical elements from internal intruder remains extremely challenging. A hypervisor, also called a virtual machine manager, is a program that allows multiple operating systems (OS) to share a single hardware processor in Cloud Computing. One of the hypervisor's functions is to enforce access control policies. Furthermore, it prevents guest OS from disrupting each other and from accessing each other's memory or disk space. Hypervisor is the one of the most critical and vulnerable elements in Cloud Computing infrastructure. Nevertheless, it has been poorly protected from being compromised by insider. By exploiting certain vulnerabilities, privilege escalation can be easily achieved in insider attacks on hypervisor. In this way, an internal intruder, who has compromised one process, is able to gain control of the entire virtual machine. Thereafter, the consequences of insider attacks in Public Cloud might be more catastrophic and significant to virtual tools and sensitive data than of outsider attacks. So far, almost no preventive security countermeasures have been developed. There has been little attention paid for developing models to assist risks mitigation strategies. In this paper formal model of insider attacks on hypervisor is designed. Our analysis identifies critical hypervisor`s vulnerabilities that can be easily compromised by internal intruder. Consequently, possible conditions for successful attacks implementation are uncovered. Hence, development of preventive security countermeasures can be improved on the basis of the proposed model.

Keywords: insider attack, public cloud, cloud computing, hypervisor

Procedia PDF Downloads 333

Authors: Howard Chitimira

Abstract:

The European Union (EU) was probably the first body to establish multinational anti-market abuse laws aimed at enhancing the detection and curbing of cross-border market abuse activities in its member states. Put differently, the EU Insider Dealing Directive was adopted in 1989 and was the first law that harmonised the insider trading ban among the EU member states. Thereafter, the European Union Directive on Insider Dealing and Market Manipulation (EU Market Abuse Directive) was adopted in a bid to improve and effectively discourage all the forms of market abuse in the EU’s securities and financial markets. However, the EU Market Abuse Directive had its own gaps and flaws. In light of this, the Market Abuse Regulation and the Criminal Sanctions for Market Abuse Directive were enacted to repeal and replace the EU Market Abuse Directive in 2016. The article examines the adequacy of the EU Market Abuse Directive and its implementation in the United Kingdom (UK) prior to the British exit (Brexit). This is done to investigate the possible implications of the Brexit referendum outcome of 23 June 2016 on the future regulation of market abuse in the UK.

Keywords: market abuse, insider trading, market manipulation, European Union, United Kingdom

Procedia PDF Downloads 217

Authors: Vasileios Anastopoulos

Abstract:

Cyber threat intelligence assists organizations in understanding the threats they face and helps them make educated decisions on preparing their defenses. Sharing of threat intelligence and threat information is increasingly leveraged by organizations and enterprises, and various software solutions are already available, with the open-source malware information sharing platform (MISP) being a popular one. In this work, a methodology for the production of cyber threat intelligence using the threat information stored in MISP is proposed. The methodology leverages the discipline of social network analysis and the diamond model, a model used for intrusion analysis, to produce cyber threat intelligence. The workings are demonstrated with a case study on a production MISP instance of a real organization. The paper concluded with a discussion on the proposed methodology and possible directions for further research.

Keywords: cyber threat intelligence, diamond model, malware information sharing platform, social network analysis

Procedia PDF Downloads 121

Authors: Aleksandra Gajda

Abstract:

Among students between 12 and 13, the probability of activating the stereotype threat increases noticeably. Girls consider themselves weaker in science, while boys consider themselves weaker in the field of language skills. This phenomenon is disturbing because it may result in wrong choices of the further path of education, not consistent with the actual competences of the students. Meanwhile, negative effects of the stereotype threat, observable in the loss of focus on the task and transferring it to dealing with fear of failure, can be reduced by various factors. The study examined the impact of creativity on eliminating the stereotype threat. The experiment in the form of a 2 (gender: male vs. female) x 3 (traditional gender roles: neutral version vs. nontraditional gender roles) x 2 (creativity: low vs. high) factorial design was conducted. The results showed that a high level of creative abilities may reduce the negative effects of stereotype threat in educational setting.

Keywords: creativity, education, language skills, mathematical skills, stereotype threat

Procedia PDF Downloads 81

Authors: Mirko Sailio

Abstract:

Border crossing automatization reduces required human resources in handling people crossing borders. As technology replaces and augments the work done by border officers, new cyber threats arise to threaten border security. This research analyses the current cyber threat actors and their capabilities. The analysis is conducted by gathering the threat actor data from a wide range of public sources. A model for a general border automatization system is presented, and its most significant cyber-security attributes are then compared to threat actor activity and capabilities in order to predict priorities in securing such systems. Organized crime and nation-state actors present the clearest threat to border cyber-security, and additional focus is given to their motivations and activities.

Keywords: border automation, cyber-security, threat actors, border cyber-security

Procedia PDF Downloads 167

Authors: Jihen Bennaceur, Wissem Zouaghi, Ali Mabrouk

Abstract:

The major aim of cyber threat intelligence (CTI) is to provide sophisticated knowledge about cybersecurity threats to ensure internal and external safeguards against modern cyberattacks. Inaccurate, incomplete, outdated, and invaluable threat intelligence is the main problem. Therefore, data analysis based on AI algorithms is one of the emergent solutions to overcome the threat of information-sharing issues. In this paper, we propose a supervised machine learning-based algorithm to improve threat information sharing by providing a sophisticated classification of cyber threats and data. Extensive simulations investigate the accuracy, precision, recall, f1-score, and support overall to validate the designed algorithm and to compare it with several supervised machine learning algorithms.

Keywords: threat information sharing, supervised learning, data classification, performance evaluation

Procedia PDF Downloads 109

Authors: Howard Chitimira

Abstract:

In Australia, the market abuse prohibition is generally well accepted by the investing and non-investing public as well as by the government. This co-operative and co-ordinated approach on the part of all the relevant stakeholders has to date given rise to an increased awareness and commendable combating of market abuse activities in the Australian corporations, companies, and securities markets. It is against this background that this article seeks to comparatively explore the general enforcement approaches that are employed to combat market abuse (insider trading and market manipulation) activity in Australia and South Africa. In relation to this, the role of selected enforcement authorities and possible enforcement methods which may be learnt from both the Australian and South African experiences will be isolated where necessary for consideration by such authorities, especially, in the South African market abuse regulatory framework.

Keywords: insider trading, market abuse, market manipulation, regulation

Procedia PDF Downloads 268

Authors: Sarah Mhae Diaz, Erika Anna De Leon, Jacklin Alwil Cartagena, Geordan Caruncong, Micah Riezl Gonzales

Abstract:

This study examined the intervention of threat and surveillance on the obedience of 100 preschool children through a task variable experiment replicated from the previous studies of Higbee (1979), and Chua, J., Chua, M., & Pico (1983). Nowadays, obedience among Filipino children to authority is disregarded since they are more outspoken and rebel due to social influences. With this, aside from corporal punishment, threat and surveillance became a mean of inducing obedience. Threat, according to the Dissonance Theory, can give attitudinal change. On the other hand, surveillance, according to the Theory of Social Facilitation, can either contribute to the completion or failure to do a task. Through a 2x2 factorial design, results show; (1) threat (F(1,96) = 12.487, p < 0.05) and (2) surveillance (F(1,96)=9.942, p<.05) had a significant main effect on obedience, suggesting that the Dissonance Theory and Theory of Social Facilitation is respectively true in the study. On the other hand, (3) no interaction (F(1,96)=1.303, p > .05) was seen since threat and surveillance both have a main effect that could be positive or negative, or could be because of their complementary property as supported by the post-hoc results. Also, (4) most effective commanding style is threat and surveillance setting (M = 30.04, SD = 7.971) due to the significant main effect of the two variables. With this, in the Filipino Setting, threat and surveillance has proven to be a very effective strategy to discipline and induce obedience from a child.

Keywords: experimental study, obedience, preschool children, surveillance, threat

Procedia PDF Downloads 461

Authors: Senay Yitmen

Abstract:

This research investigated individual’s support and helping intentions towards Syrian refugees in Turkey. This is examined in relation to perceived threat and negative emotions, and also to the perceptions of whether one’s intimate social network (family and friends) considers Syrians a threat (descriptive network norm) and whether this network morally supports Syrian refugees (injunctive norms). A questionnaire study was conducted among Turkish participants (n= 565) and the results showed that perception of threat was associated with negative emotions which, in turn, were related to less support of Syrian refugees. Additionally, descriptive norms moderated the relationship between perceived threat and negative emotions towards Syrian refugees. Furthermore, injunctive norms moderated the relationship between negative emotions and support to Syrian refugees. Specifically, the findings indicate that perceived threat is associated with less support of Syrian refugees through negative emotions when descriptive norms are weak and injunctive norms are strong. Injunctive norms appear to trigger a dilemma over the decision to conform or not to conform: when one has negative emotions as a result of perceived threat, it becomes more difficult to conform to the moral obligation of injunctive norms which is associated with less support of Syrian refugees. Hence, these findings demonstrate that both descriptive and injunctive norms are important and play different roles in individual’s support of Syrian refugees.

Keywords: descriptive norms, emotions, injunctive norms, the perception of threat

Procedia PDF Downloads 157

Authors: Jonathan W. Z. Lim, Vrizlynn L. L. Thing

Abstract:

Cybercrimes are on the rise, in part due to technological advancements, as well as increased avenues of exploitation. Sophisticated threat actors are leveraging on such advancements to execute their malicious intentions. The increase in cybercrimes is prevalent, and it seems unlikely that they can be easily eradicated. A more serious concern is that the community may come to accept the notion that this will become the trend. As such, the key question revolves around how we can reduce cybercrime in this evolving landscape. In our paper, we propose to build a systematic framework through the lens of a cyber threat actor. We explore the motivation factors behind the crimes and the crime stages of the threat actors. We then formulate intervention plans so as to discourage the act of committing malicious cyber activities and also aim to integrate ex-cyber offenders back into society.

Keywords: crime motivations, crime prevention, cybercrime, ex-cyber criminals

Procedia PDF Downloads 107

Authors: Arun Prabhakar

Abstract:

Threat modeling is an important activity carried out in the initial stages of the development lifecycle that helps in building proactive security measures in the product. Though there are many techniques and tools available today, one of the common challenges with the traditional methods is the lack of a systematic approach in identifying security threats. The proposed solution describes an organized model by defining ontologies that help in building patterns to enumerate threats. The concepts of graph theory are applied to build the pattern for discovering threats for any given scenario. This graph-based solution also brings in other benefits, making it a customizable and scalable model.

Keywords: directed acyclic graph, ontology, patterns, threat identification, threat modeling

Procedia PDF Downloads 107

Authors: Raluca Ana Maria Viziteu, Anna Prudnikova

Abstract:

Industrial control systems (ICS) have received much attention in recent years due to the convergence of information technology (IT) and operational technology (OT) that has increased the interdependence of safety and security issues to be considered. These issues require ICS-tailored solutions. That led to the need to creation of a methodology for supporting ICS device manufacturers and system integrators in carrying out threat modeling of embedded ICS devices in a way that guarantees the quality of the identified threats and minimizes subjectivity in the threat identification process. To research, the possibility of creating such a methodology, a set of existing standards, regulations, papers, and publications related to threat modeling in the ICS sector and other sectors was reviewed to identify various existing methodologies and methods used in threat modeling. Furthermore, the most popular ones were tested in an exploratory phase on a specific PLC device. The outcome of this exploratory phase has been used as a basis for defining specific characteristics of ICS embedded devices and their deployment scenarios, identifying the factors that introduce subjectivity in the threat modeling process of such devices, and defining metrics for evaluating the minimum quality requirements of identified threats associated to the deployment of the devices in existing infrastructures. Furthermore, the threat modeling methodology was created based on the previous steps' results. The usability of the methodology was evaluated through a set of standardized threat modeling requirements and a standardized comparison method for threat modeling methodologies. The outcomes of these verification methods confirm that the methodology is effective. The full paper includes the outcome of research on different threat modeling methodologies that can be used in OT, their comparison, and the results of implementing each of them in practice on a PLC device. This research is further used to build a threat modeling methodology tailored to OT environments; a detailed description is included. Moreover, the paper includes results of the evaluation of created methodology based on a set of parameters specifically created to rate threat modeling methodologies.

Keywords: device manufacturers, embedded devices, industrial control systems, threat modeling

Procedia PDF Downloads 51

Authors: Anna Siegler, Sara Bigazzi, Sara Serdult, Ildiko Bokretas

Abstract:

Social identity emerging from group membership defines the representational processes of our social reality. Based on our theoretical assumption the subjective perception of identity threat leads to an instable identity structure. The need to re-establish the positive identity will lead us to strengthen group boundaries. Prejudice in our perspective offer psychological security those who thinking in exclusive barriers, and we suggest that those who identify highly with their ingroup/national identity and less with superordinate identities take distance from others and this is related to their perception of threat. In our study we used a newly developed questionnaire, the Multiple Threat and Prejudice Questionnaire (MTPQ) which measure identity threat at different dimensions of identification (national, existential, gender, religious) and the distancing of different outgroups, over and above we worked with Social Dominance Orientation (SDO) and Identification with All Humanity Scale (IWAH). We conduct one data collection (N=1482) in a Hungarian sample to examine the connection between national threat and distance-taking, and this survey includes the investigation (N=218) of identification with different group categories. Our findings confirmed that those who feel themselves threatened in their national identity aspects are less likely to identify themselves with superordinate groups and this correlation is much stronger when they think about the nation as a bio-cultural unit, while if nation defined as a social-economy entity this connection is less powerful and has just the opposite direction.

Keywords: group boundaries, identity threat, prejudice, superordinate groups

Procedia PDF Downloads 370

Authors: Yang Luo, Beibei Wang

Abstract:

In this paper, we present a design methodology of lightweight register transfer level (RTL) hardware threat implemented based on a MAX II FPGA platform. The dynamic power consumed by the toggling of the various bit of registers as well as the dynamic power consumed per unit of logic circuits were analyzed. The hardware threat was designed taking advantage of the differences in dynamic power consumed per unit of logic circuits to hide the transfer information. The experiment result shows that the register hardware threat was successfully implemented by using different dynamic power consumed per unit of logic circuits to hide the key information of DES encryption module. It needs more than 100000 sample curves to reduce the background noise by comparing the sample space when it completely meets the time alignment requirement. In additional, an external trigger signal is playing a very important role to detect the hardware threat in this experiment.

Keywords: side-channel analysis, hardware Trojan, register transfer level, dynamic power

Procedia PDF Downloads 250

Authors: Miyoko Taniguchi

Abstract:

Conflict and violence have prevailed over the last four decades in conflict-affected areas in Muslim Mindanao, despite the signing of several peace agreements between the Philippine government and Islamic separatist insurgents (the Moro National Liberation Front (MNLF) and the Moro Islamic Liberation Front (MILF)), and peacebuilding activities on the ground. In the meantime, the peace talks had been facilitated and mediated by international actors such as the Organization of Islamic Cooperation (OIC) and its member countries such as Indonesia, and Malaysia, and Japan. In 2014, both the Government of the Philippines (GPH) and the MILF finally reached a Comprehensive Peace Agreement (CAB) in 2014 under the Aquino III administration, though a Bangsamoro Basic Law (BBL) based on the CAB was not enacted at the Catholic-majority of the Philippine Congress. After a long process of deliberations at the Congress, Republic Act 11054, known as the Bangsamoro Organic Law (BOL), was enacted in 2018 under the Duterate administration. In the beginning, President Duterte adopted an 'inclusive approach' that involves the MILF, all factions of the MNLF, non-Islamized indigenous peoples, and other influential clan leaders to align all peace processes under a single Bangsamoro peace process. A notable difference from past administrations, there is an explicit recognition of all agreements and legislations based on the rights of each stakeholder. This created a new identity as 'Bangsamoro', the residents of Muslim Mindanao, enhancing political legitimacy. Besides, it should be noted an important role of 'insider mediators' -a platform for the Bangsamoro from diverse sectors attempting to work within their respective organizations in Moro society. Give the above background, this paper aims at probing the effectiveness of insider mediation as one of the alternative approaches for mediation in the peace process. For the objectives, this research uses qualitative methods such as process-tracing and semi-structured interviews from diverse groups of stakeholders at from the state to the regional level, including the government officials involved in peace process under the Presidential Office, rebels (MILF and MNLF), civil society organizations involved in lobbying and facilitating peace process, especially in the legislative process. The key outcomes and findings are that the Insider Mediators Group, formed in 2016, had taken on a significant role in facilitating the achievement of a wider consensus among stakeholders on major Moro issues such as BBL’s passing during the last administration to call for unity among the Bangsamoro. Most of its members are well-educated professionals affiliated with the MILF, the MNLF, and influential clans. One of the group’s biggest achievements has been the lobbying and provision of legal advice to legislators who were not necessarily knowledgeable about the peace process during the deliberation of the bicameral conference of the BBL, which eventually led to its passage. It can be concluded that in the long run, strengthening vertical and horizontal relations between the Moro society and the State and among the Moro peoples that can be viewed as a means to sustainable peace.

Keywords: insider mediation, Mindanao, peace process, Moro Islamic liberation front

Procedia PDF Downloads 89

Authors: B. Lokuketagoda, M. Weerakoon, U. Madushan, A. N. Senaratne, K. Y. Abeywardena

Abstract:

Ransomware has become a common threat in past few years and the recent threat reports show an increase of growth in Ransomware infections. Researchers have identified different variants of Ransomware families since 2015. Lack of knowledge of the user about the threat is a major concern. Ransomware detection methodologies are still growing through the industry. Email is the easiest method to send Ransomware to its victims. Uninformed users tend to click on links and attachments without much consideration assuming the emails are genuine. As a solution to this in this paper R-Killer Ransomware detection tool is introduced. Tool can be integrated with existing email services. The core detection Engine (CDE) discussed in the paper focuses on separating suspicious samples from emails and handling them until a decision is made regarding the suspicious mail. It has the capability of preventing execution of identified ransomware processes. On the other hand, Sandboxing and URL analyzing system has the capability of communication with public threat intelligence services to gather known threat intelligence. The R-Killer has its own mechanism developed in its Proactive Monitoring System (PMS) which can monitor the processes created by downloaded email attachments and identify potential Ransomware activities. R-killer is capable of gathering threat intelligence without exposing the user’s data to public threat intelligence services, hence protecting the confidentiality of user data.

Keywords: ransomware, deep learning, recurrent neural networks, email, core detection engine

Procedia PDF Downloads 176

Authors: Ranj Tofik

Abstract:

This article aims to demonstrate a link and/or correlation between the rise of China and the US-Iranian conflict, from a US point of view. To demonstrate this link, the article relies on the content analysis method by analyzing American reports and official data. This article concludes that this correlation indicates that the more China rises and the greater the Chinese threat to America, the more changes will occur in the US-Iranian conflict and the US actions regarding this conflict will increase – in the form of imposing sanctions and using means of pressure on Iran, or trying to reach an agreement and settlement with Iran. This article, via noting and observing that correlation, also claims that before 2012, Iran was a regional threat to US interests in the Middle East. However, after 2012 when the rise of China became one of the major threats to America, Iran, because of its rapprochement with China, became also part of the Chinese threat, which is a threat to America's global standing. In addition, observing this correlation indicates the possibility that the rise of China and its threat to the USA has become one of the main drivers in the US-Iranian conflict. Consequently, it can be said that Iran has become a vital issue in the US-China rivalry, as it has become an appropriate gateway for China to enter the Middle East and undermine US hegemony there.

Keywords: China-Iran relations, China's rise, JCPOA, US-Chinese competition, US-Iranian conflict

Procedia PDF Downloads 55

Authors: Nadine Sammy, Mark Wilson, Samuel Vine

Abstract:

The Theory of Challenge and Threat States in Athletes (TCTSA) states that self-efficacy is an antecedent of challenge and threat. These states result from conscious and unconscious evaluations of situational demands and personal resources and are represented by both cognitive and physiological markers. Challenge is considered a more adaptive stress response as it is associated with a more efficient cardiovascular profile, as well as better performance and attention effects compared with threat. Self-efficacy is proposed to influence challenge/threat because an individual’s belief that they have the skills necessary to execute the courses of action required to succeed contributes to a perception that they can cope with the demands of the situation. This study experimentally examined the effects of self-efficacy on cardiovascular responses (challenge and threat), demand and resource evaluations, performance and attention under pressurised conditions. Forty-five university students were randomly assigned to either a control (n=15), low self-efficacy (n=15) or high self-efficacy (n=15) group and completed baseline and pressurised golf putting tasks. Self-efficacy was manipulated using false feedback adapted from previous studies. Measures of self-efficacy, cardiovascular reactivity, demand and resource evaluations, task performance and attention were recorded. The high self-efficacy group displayed more favourable cardiovascular reactivity, indicative of a challenge state, compared with the low self-efficacy group. The former group also reported high resource evaluations, but no task performance or attention effects were detected. These findings demonstrate that levels of self-efficacy influence cardiovascular reactivity and perceptions of resources under pressurised conditions.

Keywords: cardiovascular, challenge, performance, threat

Procedia PDF Downloads 203

Authors: Li Qiang, Yang Ze-Ming, Liu Bao-Xu, Jiang Zheng-Wei

Abstract:

With the increasing complexity of cyberspace security, the cyber-attack attribution has become an important challenge of the security protection systems. The difficult points of cyber-attack attribution were forced on the problems of huge data handling and key data missing. According to this situation, this paper presented a reasoning method of cyber-attack attribution based on threat intelligence. The method utilizes the intrusion kill chain model and Bayesian network to build attack chain and evidence chain of cyber-attack on threat intelligence platform through data calculation, analysis and reasoning. Then, we used a number of cyber-attack events which we have observed and analyzed to test the reasoning method and demo system, the result of testing indicates that the reasoning method can provide certain help in cyber-attack attribution.

Keywords: reasoning, Bayesian networks, cyber-attack attribution, Kill Chain, threat intelligence

Procedia PDF Downloads 406

Authors: Ayomide Oyedele

Abstract:

In the dynamic landscape of cybersecurity, "Strategic Cyber Sentinel" emerges as a revolutionary framework, transcending traditional approaches. This paper pioneers a holistic strategy, weaving together threat intelligence, machine learning, and adaptive defenses. Through meticulous real-world simulations, we demonstrate the unprecedented resilience of our framework against evolving cyber threats. "Strategic Cyber Sentinel" redefines proactive threat mitigation, offering a robust defense architecture poised for the challenges of tomorrow.

Keywords: cybersecurity, resilience, threat intelligence, machine learning, adaptive defenses

Procedia PDF Downloads 31

Authors: Mohammad Shameel, Peter K. K. Loh, James H. Ng

Abstract:

Cybercrime is a new category of crime which poses a different challenge for crime investigators and incident responders. Attackers can mask their identities using a suite of tools and with the help of the deep web, which makes them difficult to track down. Scouring the deep web manually takes time and is inefficient. There is a growing need for a tool to scour the deep web to obtain useful evidence or intel automatically. In this paper, we will explain the background and motivation behind the research, present a survey of existing research on related tools, describe the design of our own crime/threat intelligence hunting tool prototype, demonstrate its capability with some test cases and lastly, conclude with proposals for future enhancements.

Keywords: cybercrime, deep web, threat intelligence, web crawler

Procedia PDF Downloads 137

Authors: Kai Qian, Lixin Tao

Abstract:

Mobile devices such as smartphones are getting more and more popular in our daily lives. The security vulnerability and threat attacks become a very emerging and important research and education topic in computing security discipline. There is a need to have an innovative mobile security hands-on laboratory to provide students with real world relevant mobile threat analysis and protection experience. This paper presents an authentic teaching and learning mobile security approach with smartphone devices which covers most important mobile threats in most aspects of mobile security. Each lab focuses on one type of mobile threats, such as mobile messaging threat, and conveys the threat analysis and protection in multiple ways, including lectures and tutorials, multimedia or app-based demonstration for threats analysis, and mobile app development for threat protections. This authentic learning approach is affordable and easily-adoptable which immerse students in a real world relevant learning environment with real devices. This approach can also be applied to many other mobile related courses such as mobile Java programming, database, network, and any security relevant courses so that can learn concepts and principles better with the hands-on authentic learning experience.

Keywords: mobile computing, Android, network, security, labware

Procedia PDF Downloads 369

Authors: Xudong He, Jian Wang, Jiqiang Liu, Lei Han, Yang Yu, Shaohua Lv

Abstract:

Nowadays, the threats of the internet are enormous and increasing; however, the classification of huge alert messages generated in this environment is relatively monotonous. It affects the accuracy of the network situation assessment, and also brings inconvenience to the security managers to deal with the emergency. In order to deal with potential network threats effectively and provide more effective data to improve the network situation awareness. It is essential to build a hierarchical filtering method to prevent the threats. In this paper, it establishes a model for data monitoring, which can filter systematically from the original data to get the grade of threats and be stored for using again. Firstly, it filters the vulnerable resources, open ports of host devices and services. Then use the entropy theory to calculate the performance changes of the host devices at the time of the threat occurring and filter again. At last, sort the changes of the performance value at the time of threat occurring. Use the alerts and performance data collected in the real network environment to evaluate and analyze. The comparative experimental analysis shows that the threat filtering method can effectively filter the threat alerts effectively.

Keywords: correlation analysis, hierarchical filtering, multisource data, network security

Procedia PDF Downloads 169

Authors: Hilya Mudrika Arini, Nur Aini Masruroh, Budi Hartono

Abstract:

There are more than 20 terrorist threats from 2002 to 2012 in Indonesia. Despite of this fact, preventive solution through studies in the field of national security in Indonesia has not been conducted comprehensively. This study aims to provide a preventive solution by developing prediction model of the terrorist threat in Indonesia by using Bayesian network. There are eight stages to build the model, started from literature review, build and verify Bayesian belief network to what-if scenario. In order to build the model, four experts from different perspectives are utilized. This study finds several significant findings. First, news and the readiness of terrorist group are the most influent factor. Second, according to several scenarios of the news portion, it can be concluded that the higher positive news proportion, the higher probability of terrorist threat will occur. Therefore, the preventive solution to reduce the terrorist threat in Indonesia based on the model is by keeping the positive news portion to a maximum of 38%.

Keywords: Bayesian network, decision analysis, national security system, text mining

Procedia PDF Downloads 354