Search results for: scope of cyber attacks

Authors: Belbahi Ahlam

Abstract:

With the phenomenal growth in the Internet, network security has become an integral part of computer and information security. In order to come up with measures that make networks more secure, it is important to learn about the vulnerabilities that could exist in a computer network and then have an understanding of the typical attacks that have been carried out in such networks. The first half of this paper will expose the readers to the classical network attacks that have exploited the typical vulnerabilities of computer networks in the past and solutions that have been adopted since then to prevent or reduce the chances of some of these attacks. The second half of the paper will expose the readers to the different network security controls including the network architecture, protocols, standards and software/ hardware tools that have been adopted in modern day computer networks.

Keywords: network security, attacks and controls, computer and information, solutions

Procedia PDF Downloads 419

Authors: Sneha Leslie

Abstract:

The current situation in the cyber world is that crimes performed by Botnets are increasing and the masterminds (botmaster) are not detectable easily. The botmaster in the botnet compromises the legitimate host machines in the network and make them bots or zombies to initiate the cyber-attacks. This paper will focus on the live detection of the botmaster in the network by using the strong framework 'metasploit', when distributed denial of service (DDOS) attack is performed by the botnet. The affected victim machine will be continuously monitoring its incoming packets. Once the victim machine gets to know about the excessive count of packets from any IP, that particular IP is noted and details of the noted systems are gathered. Using the vulnerabilities present in the zombie machines (already compromised by botmaster), the victim machine will compromise them. By gaining access to the compromised systems, applications are run remotely. By analyzing the incoming packets of the zombies, the victim comes to know the address of the botmaster. This is an effective and a simple system where no specific features of communication protocol are considered.

Keywords: bonet, DDoS attack, network security, detection system, metasploit framework

Procedia PDF Downloads 224

Authors: Misha Teimouri

Abstract:

Our world has been transformed by the use of the internet and the constant flow of information. While this transmission has its benefits, it has also added significant challenges to family relations, primarily in the field of parenting and children's digital lives. Screens, speed, and connectedness are the words that characterize the lives of today's digital generation; it's as if the entire world is in their pockets at all times. Parents attempt to regulate and control their children's internet use in the hopes of maximizing the advantages and minimizing the disadvantages of their children's internet use; however, given that children spend more time online, particularly ever since the pandemic, children's cyber-aggression has become an issue for them. Children may externalize their behavior online, bully others, send anger/hatred/resist messages, share violent and bloody content, and engage in sexting. These types of online aggression make parenting more difficult, especially for digital immigrant parents compared to digital native parents. In response to these challenges, this study investigated the level of cyber aggression among children, as well as the effects of digi-parenting (active, monitoring, restrictive, and warm and supportive) on children's cyber-aggression (sexual, verbal, visual) as victims or aggressors. The study also determined whether there were any differences in parenting styles between digital natives (DN) and digital immigrants. In accordance with the study, boys and older children are more likely to engage in cyber aggression as aggressors, whereas girls and younger children are more likely to engage as victims. Warmth and supportive digiparenting have a greater impact on children's cyber-aggression (sexual, verbal, and visual) as victims or aggressors. This study also found that, when compared to DI parents, DN parents are more successful at digi-parenting and reducing their children's exposure to cyber-aggression.

Keywords: digi-parenting, cyber-aggression, digital natives, digital immigrants, children's cyber-aggression (sexual, verbal, visual)

Procedia PDF Downloads 24

Authors: Yunos Zahri, Ab Hamid R. Susanty, Ahmad Mustaffa

Abstract:

This paper explores the need for a national baseline study on understanding the level of cyber security situational awareness among primary and secondary school students in Malaysia. The online survey method was deployed to administer the data collection exercise. The target groups were divided into three categories: Group 1 (primary school aged 7-9 years old), Group 2 (primary school aged 10-12 years old), and Group 3 (secondary school aged 13-17 years old). A different questionnaire set was designed for each group. The survey topics/areas included Internet and digital citizenship knowledge. Respondents were randomly selected from rural and urban areas throughout all 14 states in Malaysia. A total of 9,158 respondents participated in the survey, with most states meeting the minimum sample size requirement to represent the country’s demographics. The findings and recommendations from this baseline study are fundamental to develop teaching modules required for children to understand the security risks and threats associated with the Internet throughout their years in school. Early exposure and education will help ensure healthy cyber habits among millennials in Malaysia.

Keywords: cyber security awareness, cyber security education, cyber security, school students

Procedia PDF Downloads 266

Authors: Papathanasiou Anastasios, Liontos George, Liagkou Vasiliki, Glavas Euripides

Abstract:

The purpose of this paper is to describe the growing problem of various cyber fraud schemes that exist on the internet and are currently among the most prevalent. The main focus of this paper is to provide a detailed description of the modus operandi, tools, and techniques utilized in four basic typologies of cyber frauds: Business Email Compromise (BEC) attacks, investment fraud, romance scams, and online sales fraud. The paper aims to shed light on the methods employed by cybercriminals in perpetrating these types of fraud, as well as the strategies they use to deceive and victimize individuals and businesses on the internet. Furthermore, this study outlines defense strategies intended to tackle the issue head-on, with a particular emphasis on the crucial role played by European Legislation. European legislation has proactively adapted to the evolving landscape of cyber fraud, striving to enhance cybersecurity awareness, bolster user education, and implement advanced technical controls to mitigate associated risks. The paper evaluates the advantages and innovations brought about by the European Legislation while also acknowledging potential flaws that cybercriminals might exploit. As a result, recommendations for refining the legislation are offered in this study in order to better address this pressing issue.

Keywords: business email compromise, cybercrime, European legislation, investment fraud, NIS, online sales fraud, romance scams

Procedia PDF Downloads 56

Authors: Tun Myat Aung, Ni Ni Hla

Abstract:

This paper begins by describing basic properties of finite field and elliptic curve cryptography over prime field and binary field. Then we discuss the discrete logarithm problem for elliptic curves and its properties. We study the general common attacks on elliptic curve discrete logarithm problem such as the Baby Step, Giant Step method, Pollard’s rho method and Pohlig-Hellman method, and describe in detail experiments of these attacks over prime field and binary field. The paper finishes by describing expected running time of the attacks and suggesting strong elliptic curves that are not susceptible to these attacks.c

Keywords: discrete logarithm problem, general attacks, elliptic curve, prime field, binary field

Procedia PDF Downloads 198

Authors: Miral Sabry AlAshry

Abstract:

The main objective of the study is to investigate the effectiveness of Egyptian Journalists through the Anti-Cyber and Information Technology Crimes Law, as well as its implications for journalistic practice and the implications for press freedom in Egypt. Questionnaires were undertaken with 192 journalists representing four official newspapers, and in-depth interviews were held with 15 journalists. The study used an Authoritarian theory as a theoretical framework. The study revealed that the government placed restrictions on journalists by using the law to oppress them.

Keywords: anti-cyber and information technology crimes law, media legislation, personal information, Egyptian constitution

Procedia PDF Downloads 341

Authors: Nareshkumar Harale, B. B. Meshram

Abstract:

The continued exponential growth of successful cyber intrusions against today’s businesses has made it abundantly clear that traditional perimeter security measures are no longer adequate and effective. We evolved the network trust architecture from trust-untrust to Zero-Trust, With Zero Trust, essential security capabilities are deployed in a way that provides policy enforcement and protection for all users, devices, applications, data resources, and the communications traffic between them, regardless of their location. Information exchange over the Internet, in spite of inclusion of advanced security controls, is always under innovative, inventive and prone to cyberattacks. TCP/IP protocol stack, the adapted standard for communication over network, suffers from inherent design vulnerabilities such as communication and session management protocols, routing protocols and security protocols are the major cause of major attacks. With the explosion of cyber security threats, such as viruses, worms, rootkits, malwares, Denial of Service attacks, accomplishing efficient and effective intrusion detection and prevention is become crucial and challenging too. In this paper, we propose a design and analysis model for next generation network intrusion detection and protection system as part of layered security strategy. The proposed system design provides intrusion detection for wide range of attacks with layered architecture and framework. The proposed network intrusion classification framework deals with cyberattacks on standard TCP/IP protocol, routing protocols and security protocols. It thereby forms the basis for detection of attack classes and applies signature based matching for known cyberattacks and data mining based machine learning approaches for unknown cyberattacks. Our proposed implemented software can effectively detect attacks even when malicious connections are hidden within normal events. The unsupervised learning algorithm applied to network audit data trails results in unknown intrusion detection. Association rule mining algorithms generate new rules from collected audit trail data resulting in increased intrusion prevention though integrated firewall systems. Intrusion response mechanisms can be initiated in real-time thereby minimizing the impact of network intrusions. Finally, we have shown that our approach can be validated and how the analysis results can be used for detecting and protection from the new network anomalies.

Keywords: network intrusion detection, network intrusion prevention, association rule mining, system analysis and design

Procedia PDF Downloads 200

Authors: Hideyuki Shintani, Ichiro Koshijima

Abstract:

In Cyber Physical System (CPS), if there are a large number of persons in the process, a role of person in CPS might be different comparing with the one-man system. It is also necessary to consider how Human-in-The-Loop Cyber Physical Systems (HiTLCPS) ensure safety of each person in the loop process. In this paper, the authors discuss a system safety framework with an illustrative example with STAMP model to clarify what point for safety should be considered and what role of person in the should have.

Keywords: cyber-physical-system, human-in-the-loop, safety, STAMP model

Procedia PDF Downloads 291

Authors: Ahlem Abid, Farah Jemili

Abstract:

Intrusion detection has been the subject of numerous studies in industry and academia, but cyber security analysts always want greater precision and global threat analysis to secure their systems in cyberspace. To improve intrusion detection system, the visualisation of the security events in form of graphs and diagrams is important to improve the accuracy of alerts. In this paper, we propose an approach of an IDS based on cloud computing, big data technique and using a machine learning graph algorithm which can detect in real time different attacks as early as possible. We use the MAWILab intrusion detection dataset . We choose Microsoft Azure as a unified cloud environment to load our dataset on. We implement the k2 algorithm which is a graphical machine learning algorithm to classify attacks. Our system showed a good performance due to the graphical machine learning algorithm and spark structured streaming engine.

Keywords: Apache Spark Streaming, Graph, Intrusion detection, k2 algorithm, Machine Learning, MAWILab, Microsoft Azure Cloud

Procedia PDF Downloads 113

Authors: Merve Sadetas Sezer, Ismail Sahin, Ahmet Oguz Akturk

Abstract:

With the use of developing technology, mostly in communication and entertainment, students spend considerable time on the internet. In addition to the advantages provided by the internet, social isolation brings problems such as addiction. This is one of the problems of the virtual violence. Cyber-bullying is the common name of the intensities which students are exposed on the internet. The purpose of this study designed as a qualitative research is to find out the cyber bullying varieties and its effects on elementary school students. The participants of this research are 6th, 7th and 8th grade students of a primary school and 24 students agreed to participate in the study. The students were asked to fill an interview with semi-structured open-ended questions. According to the results obtained in the research, the most important statements determined by the participants are breaking passwords on social networking sites, slang insult to blasphemy and taking friendship offers from unfamiliar people. According to participants from the research, the most used techniques to prevent themselves from cyber bullying are to complain to the site administrator, closing accounts on social networking sites and countercharging. Also, suggestions were presented according to the findings.

Keywords: bullying, cyber-bullying, elementary, peer-relationship, virtual victimization

Procedia PDF Downloads 319

Authors: Ahmed Abdulla Ashlam, Atta Badii, Frederic Stahl

Abstract:

In recent years, SQL injection attacks have been identified as being prevalent against web applications. They affect network security and user data, which leads to a considerable loss of money and data every year. This paper presents the use of classification algorithms in machine learning using a method to classify the login data filtering inputs into "SQLi" or "Non-SQLi,” thus increasing the reliability and accuracy of results in terms of deciding whether an operation is an attack or a valid operation. A method Web-App auto-generated twin data structure replication. Shielding against SQLi attacks (WebAppShield) that verifies all users and prevents attackers (SQLi attacks) from entering and or accessing the database, which the machine learning module predicts as "Non-SQLi" has been developed. A special login form has been developed with a special instance of data validation; this verification process secures the web application from its early stages. The system has been tested and validated, up to 99% of SQLi attacks have been prevented.

Keywords: SQL injection, attacks, web application, accuracy, database

Procedia PDF Downloads 121

Authors: Allan Munyao Mukuki

Abstract:

The nexus between terrorism and human rights has become a big challenge in the fight against terrorism globally. This is hinged on the fact that terrorism and human rights are interrelated to the extent that, when the former starts, the latter is violated. This direct linkage was recognised in the Vienna Declaration and Programme of Action as adopted by the World Conference on Human Rights in Vienna on 25 June 1993 which agreed that acts of terrorism in all its forms and manifestations are aimed at the destruction of human rights. Hence, terrorism constitutes an assault on our most basic human rights. To this end, the first part of this paper will focus on the nexus between terrorism and human rights and endeavors to draw a co-relation between these two concepts. The second part thereafter will analyse the emerging concept of cyber-terrorism and how it takes place. Further, an analysis of cyber counter-terrorism balanced as against human rights will also be undertaken. This will be done through the analysis of the concept of ‘securitisation’ of human rights as well as the need to create a balance between counterterrorism efforts as against the protection of human rights at all costs. The paper will then concludes with recommendations on how to balance counter-terrorism and human rights in the modern age.

Keywords: balance, counter-terrorism, cyber-terrorism, human rights, security, violation

Procedia PDF Downloads 374

Authors: Masaya Yoshikawa, Toshiya Asai, Ryoma Matsuhisa, Yusuke Nozaki, Kensaku Asahi

Abstract:

Recently, side-channel attacks, which estimate secret keys using side-channel information such as power consumption and compromising emanations of cryptography circuits embedded in hardware, have become a serious problem. In particular, electromagnetic analysis attacks against cryptographic circuits between information processing and electromagnetic fields, which are related to secret keys in cryptography circuits, are the most threatening side-channel attacks. Therefore, it is important to evaluate tamper resistance against electromagnetic analysis attacks for cryptography circuits. The present study performs basic examination of the tamper resistance of cryptography circuits using electromagnetic analysis attacks with noise resources.

Keywords: tamper resistance, cryptographic circuit, hardware security evaluation, noise resources

Procedia PDF Downloads 465

Authors: Hailyie Tekleselase

Abstract:

Deep learning is increasingly used as a building block of security systems. However, neural networks are hard to interpret and typically solid to the practitioner. This paper presents a detail survey of computing methods in cyber security, and analyzes the prospects of enhancing the cyber security capabilities by suggests that of accelerating the intelligence of the security systems. There are many AI-based applications used in industrial scenarios such as Internet of Things (IoT), smart grids, and edge computing. Machine learning technologies require a training process which introduces the protection problems in the training data and algorithms. We present machine learning techniques currently applied to the detection of intrusion, malware, and spam. Our conclusions are based on an extensive review of the literature as well as on experiments performed on real enterprise systems and network traffic. We conclude that problems can be solved successfully only when methods of artificial intelligence are being used besides human experts or operators.

Keywords: artificial intelligence, machine learning, deep learning, cyber security, big data

Procedia PDF Downloads 99

Authors: Neda Seyyedi, Reza Berangi

Abstract:

Voice over IP (VOIP) network, also known as Internet telephony, is growing increasingly having occupied a large part of the communications market. With the growth of each technology, the related security issues become of particular importance. Taking advantage of this technology in different environments with numerous features put at our disposal, there arises an increasing need to address the security threats. Being IP-based and playing a signaling role in VOIP networks, Session Initiation Protocol (SIP) lets the invaders use weaknesses of the protocol to disable VOIP service. One of the most important threats is denial of service attack, a branch of which in this article we have discussed as flooding attacks. These attacks make server resources wasted and deprive it from delivering service to authorized users. Distributed denial of service attacks and attacks with a low rate can mislead many attack detection mechanisms. In this paper, we introduce a mechanism which not only detects distributed denial of service attacks and low rate attacks, but can also identify the attackers accurately. We detect and prevent flooding attacks in SIP protocol using Shannon (FDP-S), Renyi (FDP-R) and Tsallis (FDP-T) entropy. We conducted an experiment to compare the percentage of detection and rate of false alarm messages using any of the Shannon, Renyi and Tsallis entropy as a measure of disorder. Implementation results show that, according to the parametric nature of the Renyi and Tsallis entropy, by changing the parameters, different detection percentages and false alarm rates will be gained with the possibility to adjust the sensitivity of the detection mechanism.

Keywords: VOIP networks, flooding attacks, entropy, computer networks

Procedia PDF Downloads 373

Authors: Tshegofatso Rambau, Tonderai Muchenje

Abstract:

Zero-day attacks (ZDA) are increasing day by day; there are many vulnerabilities in systems and software that date back decades. Companies keep discovering vulnerabilities in their systems and software and work to release patches and updates. A zero-day vulnerability is a software fault that is not widely known and is unknown to the vendor; attackers work very quickly to exploit these vulnerabilities. These are major security threats with a high success rate because businesses lack the essential safeguards to detect and prevent them. This study focuses on the factors and techniques that can help us detect zero-day attacks. There are various methods and techniques for detecting vulnerabilities. Various companies like edges can offer penetration testing and smart vulnerability management solutions. We will undertake literature studies on zero-day attacks and detection methods, as well as modeling approaches and simulations, as part of the study process.

Keywords: zero-day attacks, exploitation, vulnerabilities

Procedia PDF Downloads 68

Authors: Jamal Wiwoho, Pujiyono, Triyanto

Abstract:

Terrorism is a real enemy for all countries, including Indonesia. Bomb attacks in some parts of Indonesia are proof that Indonesia has serious problems with terrorism. Perpetrators of terror are arrested and imprisoned, and some of them were executed. However, this method did not succeed in stopping the terrorist attacks. Former terrorists continue to carry out bomb attacks. Therefore, this paper proposes a program towards deradicalization efforts of former terrorists through entrepreneurship. This is necessary because it is impossible to change their radical ideology. The program is also motivated by understanding that terrorists generally come from poor families. This program aims to occupy their time with business activities so there is no time to plan and carry out bomb attacks. This research is an empirical law study. Data were collected by literature study, observation, and in-depth interviews. Data were analyzed with the Miles and Huberman interactive model. The results show that the entrepreneurship program is effective to prevent terrorist attack. Former terrorists are busy with their business. Therefore, they have no time to carry out bomb attacks.

Keywords: deradicalization, terrorism, terrorists, entrepreneurship

Procedia PDF Downloads 240

Authors: Sulaiman Al Amro

Abstract:

There are currently considerable challenges concerning data security and privacy, particularly in relation to modern technologies. This includes the virtual world known as the Metaverse, which consists of a virtual space that integrates various technologies and is therefore susceptible to cyber threats such as malware, phishing, and identity theft. This has led recent studies to propose the development of Metaverse forensic frameworks and the integration of advanced technologies, including machine learning for intrusion detection and security. In this context, the application of first-order logic offers a formal and systematic approach to defining the conditions of cyberattacks, thereby contributing to the development of effective detection mechanisms. In addition, formalizing the rules and patterns of cyber threats has the potential to enhance the overall security posture of the Metaverse and, thus, the integrity and safety of this virtual environment. The current paper focuses on the primary actions employed by avatars for potential attacks, including Interval Temporal Logic (ITL) and behavior-based detection to detect an avatar’s abnormal activities within the Metaverse. The research established that the proposed framework attained an accuracy of 92.307%, resulting in the experimental results demonstrating the efficacy of ITL, including its superior performance in addressing the threats posed by avatars within the Metaverse domain.

Keywords: security, privacy, metaverse, cyberattacks, detection, first-order logic

Procedia PDF Downloads 13

Authors: Nataliya Venelinova

Abstract:

The paper proposes a new interdisciplinary model of reconsidering the role of mass communication effects by coverage of terrorism. The idea of 4P model is based on the synergy, created by the information strategy of threat, predominantly used by terrorist groups, the effects of mediating the symbolic action of the terrorist attacks or the taking of responsibility of any attacks, and the reshaped public perception for security after the attacks being mass communicated. The paper defines the mass communication cycle of terrorism, which leads not only to re-agenda setting of the societies, but also spirally amplifying the effect of propagating fears by over-informing on terrorism attacks. This finally results in the outlining of the so called 4P-model of information terrorism: mass propaganda, panic, paranoia and pandemic.

Keywords: information terrorism, mass communication cycle, public perception, security

Procedia PDF Downloads 141

Authors: Abdulrahman S. Alqahtani

Abstract:

The revolution of computing and networks could revolutionise terrorism in the same way that it has brought about changes in other aspects of life. The modern technological era has faced countries with a new set of security challenges. There are many states and potential adversaries who have the potential and capacity in cyberspace, which makes them able to carry out cyber-attacks in the future. Some of them are currently conducting surveillance, gathering and analysis of technical information, and mapping of networks and nodes and infrastructure of opponents, which may be exploited in future conflicts. This poster presents the results of the quantitative study (survey) to test the validity of the proposed theoretical framework for the cyber terrorist threats. This theoretical framework will help to in-depth understand these new digital terrorist threats. It may also be a practical guide for managers and technicians in critical infrastructure, to understand and assess the threats they face. It might also be the foundation for building a national strategy to counter cyberterrorism. In the beginning, it provides basic information about the data. To purify the data, reliability and exploratory factor analysis, as well as confirmatory factor analysis (CFA) were performed. Then, Structural Equation Modelling (SEM) was utilised to test the final model of the theory and to assess the overall goodness-of-fit between the proposed model and the collected data set.

Keywords: cyberterrorism, critical infrastructure, , national security, theoretical framework, terrorism

Procedia PDF Downloads 374

Authors: Nayak Amar, Turner Naomi, Gobina Edward

Abstract:

The Scottish Higher Education Institutes must report their scope 1 & 2 emissions, whereas reporting scope 3 is optional. Scope 3 is indirect emissions which embodies a significant component of total carbon footprint and therefore it is important to record, measure and report it accurately. Robert Gordon University (RGU) reported only business travel, grid transmission and distribution, water supply and transport, and recycling scope 3 emissions. This study estimates the RGUs total scope 3 emissions by comparing it with a similar HEI in scale. The scope 3 emission reporting of sixteen Scottish HEI was studied. Glasgow Caledonian University was identified as the nearest neighbour by comparing its students' full time equivalent, staff full time equivalent, research-teaching split, budget, and foundation year. Apart from the peer, data was also collected from the Higher Education Statistics Agency database. RGU reported emissions from business travel, grid transmission and distribution, water supply, and transport and recycling. This study estimated RGUs scope 3 emissions from procurement, student-staff commute, and international student trip. The result showed that RGU covered only 11% of the scope 3 emissions. The major contributor to scope 3 emissions were procurement (48%), student commute (21%), international student trip (16%), and staff commute (4%). The estimated scope 3 emission was more than 14 times the reported emissions. This study has shown the relative importance of each scope 3 emissions source, which gives a guideline for the HEIs, on where to focus their attention to capture maximum scope 3 emissions. Moreover, it has demonstrated that it is possible to estimate the scope 3 emissions with limited data.

Keywords: HEI, university, emission calculations, scope 3 emissions, emissions reporting

Procedia PDF Downloads 61

Authors: Azene Zenebe

Abstract:

Deep learning is a subset of machine learning which incorporates techniques for the construction of artificial neural networks and found to be useful for modeling complex problems with large dataset. Deep learning requires a very high power computational and longer time for training. By aggregating computing power, high performance computer (HPC) has emerged as an approach to resolving advanced problems and performing data-driven research activities. Cyber threat intelligence (CIT) is actionable information or insight an organization or individual uses to understand the threats that have, will, or are currently targeting the organization. Results of review of literature will be presented along with results of experimental study that compares the performance of tree-based and function-base machine learning including deep learning algorithms using secondary dataset collected from darknet.

Keywords: deep-learning, cyber security, cyber threat modeling, tree-based machine learning, function-based machine learning, data science

Procedia PDF Downloads 120

Authors: Otto Kakhidze, Hoda Alkhzaimi, Adam Ramey, Nasir Memon

Abstract:

This paper provides an alternative, cyber security based a conceptual framework for the ethics of automated warfare. The large body of work produced on fully or partially autonomous warfare systems tends to overlook malicious security factors as in the possibility of technical attacks on these systems when it comes to the moral and legal decision-making. The argument provides a risk-oriented justification to why technical malicious risks cannot be dismissed in legal, ethical and policy considerations when warfare models are being implemented and deployed. The assumptions of the paper are supported by providing a broader model that contains the perspective of technological vulnerabilities through the lenses of the Game Theory, Just War Theory as well as standard and non-standard defense ethics. The paper argues that a conventional risk-benefit analysis without considering ethical factors is insufficient for making legal and policy decisions on automated warfare. This approach will provide the substructure for security and defense experts as well as legal scholars, ethicists and decision theorists to work towards common justificatory grounds that will accommodate the technical security concerns that have been overlooked in the current legal and policy models.

Keywords: automated warfare, ethics of automation, inherent hijacking, security vulnerabilities, risk, uncertainty

Procedia PDF Downloads 333

Authors: Godiya Atsiya Pius

Abstract:

The recent dimension of terrorist attacks and violence in West Africa and Nigeria in particular has attracted both academic and global concerns. Children, young girls and women are now victims of violent attacks and insurgency in their own country. Today, we have a reverse situation where women and children were spared during violence in the past. Empirical evidence shows that millions of children, young girls and women are caught up in violent attacks in which they are not merely spectatorial, but victims of circumstance. Some fall victims of a general onslaught against civilians by the drivers of such conflicts. Others die as part of a calculated genocide. Still others are taken as hostages as part of a deliberate attack on them. With particular reference to over 200 Chibok school girls that were abducted by the Boko Haram Islamic sect in Maiduguri, Borno state, Nigeria, this study shall attempt a theoretical exploration of the circumstances surrounding the insurgency attacks on these categories of vulnerable groups in Nigeria. This paper also intends to examine the nature, dimensions, causes, effects as well as implications of these attacks on women and children in West Africa. The paper shall sum up with conclusion and possible recommendations that could help the region in the 21st century and beyond.

Keywords: insurgency, gender, violence, security, vulnerable groups

Procedia PDF Downloads 441

Authors: Nihar Bheda

Abstract:

Protecting digital assets such as networks, systems, and data from advanced cyber threats is the aim of Digital Immunity Systems (DIS), which are a subset of cybersecurity. With features like continuous monitoring, coordinated reactions, and long-term adaptation, DIS seeks to mimic biological immunity. This minimizes downtime by automatically identifying and eliminating threats. Traditional security measures, such as firewalls and antivirus software, are insufficient for enterprises, such as healthcare providers, given the rapid evolution of cyber threats. The number of medical record breaches that have occurred in recent years is proof that attackers are finding healthcare data to be an increasingly valuable target. However, obstacles to enhancing security include outdated systems, financial limitations, and a lack of knowledge. DIS is an advancement in cyber defenses designed specifically for healthcare settings. Protection akin to an "immune system" is produced by core capabilities such as anomaly detection, access controls, and policy enforcement. Coordination of responses across IT infrastructure to contain attacks is made possible by automation and orchestration. Massive amounts of data are analyzed by AI and machine learning to find new threats. After an incident, self-healing enables services to resume quickly. The implementation of DIS is consistent with the healthcare industry's urgent requirement for resilient data security in light of evolving risks and strict guidelines. With resilient systems, it can help organizations lower business risk, minimize the effects of breaches, and preserve patient care continuity. DIS will be essential for protecting a variety of environments, including cloud computing and the Internet of medical devices, as healthcare providers quickly adopt new technologies. DIS lowers traditional security overhead for IT departments and offers automated protection, even though it requires an initial investment. In the near future, DIS may prove to be essential for small clinics, blood banks, imaging centers, large hospitals, and other healthcare organizations. Cyber resilience can become attainable for the whole healthcare ecosystem with customized DIS implementations.

Keywords: digital immunity system, cybersecurity, healthcare data, emerging technology

Procedia PDF Downloads 35

Authors: Bhaumik Tyagi, Mandeep Kaur, Kanika Singla

Abstract:

The advancement of blockchain has facilitated scholars to remodel e-voting systems for future generations. Server-side attacks like SQL injection attacks and DOS attacks are the most common attacks nowadays, where malicious codes are injected into the system through user input fields by illicit users, which leads to data leakage in the worst scenarios. Besides, quantum attacks are also there which manipulate the transactional data. In order to deal with all the above-mentioned attacks, integration of blockchain, convolutional neural network (CNN), and Quantum Key Distribution is done in this very research. The utilization of blockchain technology in e-voting applications is not a novel concept. But privacy and security issues are still there in a public and private blockchains. To solve this, the use of a hybrid blockchain is done in this research. This research proposed cryptographic signatures and blockchain algorithms to validate the origin and integrity of the votes. The convolutional neural network (CNN), a normalized version of the multilayer perceptron, is also applied in the system to analyze visual descriptions upon registration in a direction to enhance the privacy of voters and the e-voting system. Quantum Key Distribution is being implemented in order to secure a blockchain-based e-voting system from quantum attacks using quantum algorithms. Implementation of e-voting blockchain D-app and providing a proposed solution for the privacy of voters in e-voting using Blockchain, CNN, and Quantum Key Distribution is done.

Keywords: hybrid blockchain, secure e-voting system, convolutional neural networks, quantum key distribution, one-time pad

Procedia PDF Downloads 54

Authors: Zhang Xingnan, Huang Jingjia, Feng Yue, Burra Venkata Durga Kumar

Abstract:

This paper proposes a comprehensive approach to mitigate ROP (Return-Oriented Programming) attacks by combining internal operating system protection mechanisms and hardware-assisted techniques. Through extensive literature review, we identify the effectiveness of ASLR (Address Space Layout Randomization) and LBR (Last Branch Record) in preventing ROP attacks. We present a process involving buffer overflow detection, hardware-assisted ROP attack detection, and the use of Turing detection technology to monitor control flow behavior. We envision a specialized tool that views and analyzes the last branch record, compares control flow with a baseline, and outputs differences in natural language. This tool offers a graphical interface, facilitating the prevention and detection of ROP attacks. The proposed approach and tool provide practical solutions for enhancing software security.

Keywords: operating system, ROP attacks, returning-oriented programming attacks, ASLR, LBR, CFI, DEP, code randomization, hardware-assisted CFI

Procedia PDF Downloads 55

Authors: Pardis Moslemzadeh Tehrani, Nazura Abdul Manap, Hamed Ladoni Damghani, Rohimi Bin Shapiee

Abstract:

In recent years the speed of new technology has brought forth so many new issues. Cyberspace is among the new technologies that need novel ways to address the various issues that have arisen. While cyberspace is a technical notion that defies a single definition, this new technology requires the adoption and application of new laws. In order to manage issues arising from the existence of cyberspace, proper policies and definitions must be formulated which satisfy both technical and legal aspects. One difficulty in this regard is due to the unique features of cyberspace architecture. This article proposes to define cyberspace and cyber terrorism. This will allow for a more effective and comprehensive addressing of legal issues as they can then be handled better by introducing a new factor to the otherwise ordinary analysis in whichever field is implicated such as the nature and place of use.

Keywords: cyberspace, cyber terrorism, technical definition, legal definition

Procedia PDF Downloads 553

Authors: Jonathan Sohn

Abstract:

Deep neural networks (DNNs) have shown state-of-the-art performance for many applications, including computer vision, natural language processing, and speech recognition. Recently, adversarial attacks have been studied in the context of deep neural networks, which aim to alter the results of deep neural networks by modifying the inputs slightly. For example, an adversarial attack on a DNN used for object detection can cause the DNN to miss certain objects. As a result, the reliability of DNNs is undermined by their lack of robustness against adversarial attacks, raising concerns about their use in safety-critical applications such as autonomous driving. In this paper, we focus on studying the adversarial attacks and defenses on DNNs for image classification. There are two types of adversarial attacks studied which are fast gradient sign method (FGSM) attack and projected gradient descent (PGD) attack. A DNN forms decision boundaries that separate the input images into different categories. The adversarial attack slightly alters the image to move over the decision boundary, causing the DNN to misclassify the image. FGSM attack obtains the gradient with respect to the image and updates the image once based on the gradients to cross the decision boundary. PGD attack, instead of taking one big step, repeatedly modifies the input image with multiple small steps. There is also another type of attack called the target attack. This adversarial attack is designed to make the machine classify an image to a class chosen by the attacker. We can defend against adversarial attacks by incorporating adversarial examples in training. Specifically, instead of training the neural network with clean examples, we can explicitly let the neural network learn from the adversarial examples. In our experiments, the digit recognition accuracy on the MNIST dataset drops from 97.81% to 39.50% and 34.01% when the DNN is attacked by FGSM and PGD attacks, respectively. If we utilize FGSM training as a defense method, the classification accuracy greatly improves from 39.50% to 92.31% for FGSM attacks and from 34.01% to 75.63% for PGD attacks. To further improve the classification accuracy under adversarial attacks, we can also use a stronger PGD training method. PGD training improves the accuracy by 2.7% under FGSM attacks and 18.4% under PGD attacks over FGSM training. It is worth mentioning that both FGSM and PGD training do not affect the accuracy of clean images. In summary, we find that PGD attacks can greatly degrade the performance of DNNs, and PGD training is a very effective way to defend against such attacks. PGD attacks and defence are overall significantly more effective than FGSM methods.

Keywords: deep neural network, adversarial attack, adversarial defense, adversarial machine learning

Procedia PDF Downloads 158