Search results for: scope of cyber attacks

Authors: Yang Yu, Jian Wang, Jiqiang Liu, Lei Han, Xudong He, Shaohua Lv

Abstract:

As the increasing network attacks become more and more complex, network situation assessment based on log analysis cannot meet the requirements to ensure network security because of the low quality of logs and alerts. This paper addresses the lack of consideration of security attributes of hosts and attacks in the network. Identity and effectiveness of Distributed Denial of Service (DDoS) are hard to be proved in risk assessment based on alerts and flow matching. This paper proposes a multi-dimension threat situation assessment method based on network security attributes. First, the paper offers an improved Common Vulnerability Scoring System (CVSS) calculation, which includes confident risk, integrity risk, availability risk and a weighted risk. Second, the paper introduces deterioration rate of properties collected by sensors in hosts and network, which aimed at assessing the time and level of DDoS attacks. Third, the paper introduces distribution of asset value in security attributes considering features of attacks and network, which aimed at assessing and show the whole situation. Experiments demonstrate that the approach reflects effectiveness and level of DDoS attacks, and the result can show the primary threat in network and security requirement of network. Through comparison and analysis, the method reflects more in security requirement and security risk situation than traditional methods based on alert and flow analyzing.

Keywords: DDoS evaluation, improved CVSS, network security attribute, threat situation assessment

Procedia PDF Downloads 183

Authors: Zahra Abdolkarimi, Naser Zourikalatehsamad,

Abstract:

Up to 40 years ago, after recognition of epilepsy, it was generally believed that these attacks occurred randomly and suddenly. However, thanks to the advance of mathematics and engineering, such attacks can be predicted within a few minutes or hours. In this way, various algorithms for long-term prediction of the time and frequency of the first attack are presented. In this paper, by considering the nonlinear nature of brain signals and dynamic recorded brain signals, ANFIS model is presented to predict the brain signals, since according to physiologic structure of the onset of attacks, more complex neural structures can better model the signal during attacks. Contribution of this work is the co-evolution algorithm for optimization of ANFIS network parameters. Our objective is to predict brain signals based on time series obtained from brain signals of the people suffering from epilepsy using ANFIS. Results reveal that compared to other methods, this method has less sensitivity to uncertainties such as presence of noise and interruption in recorded signals of the brain as well as more accuracy. Long-term prediction capacity of the model illustrates the usage of planted systems for warning medication and preventing brain signals.

Keywords: co-evolution algorithms, brain signals, time series, neural networks, ANFIS model, physiologic structure, time prediction, epilepsy suffering, illustrates model

Procedia PDF Downloads 247

Authors: Masa Popovac, Philip Fine

Abstract:

Information and Communication Technologies (ICTs) have altered our social environments, and young people in particular have immersed themselves in the digital age. Despite countless benefits, younger ICT users are being exposed to various online risks such as contact with strangers, viewing of risky content, sending or receiving sexually themed images or comments (i.e. ‘sexting’) as well as cyber bullying. Parents may not be fully aware of the online spaces their children inhabit and often struggle to implement effective mediation strategies. This quantitative study explored (i) three types of online risks (contact risks, content risks and conduct risks), (ii) cyber bullying victimization and perpetration, and (iii) parental mediation among a sample of 689 South African adolescents aged between 12-17 years. Survey data was also collected for 227 of their parents relating to their perceptions of their child’s online experiences. A comparison between adolescent behaviors and parental perceptions was examined on the three variables in the study. Findings reveal various online risk taking behaviors. In terms of contact risks, 56% of adolescents reported having contact with at least one online stranger, with many meeting these strangers in person. Content risks included exposure to harmful information such as websites promoting extreme diets or self-harm as well as inappropriate content: 84% of adolescents had seen violent content and 75% had seen sexual content online. Almost 60% of adolescents engaged in conduct risks such as sexting. Eight online victimization behaviors were examined in the study and 79% of adolescents had at least one of these negative experiences, with a third (34%) defining this experience as cyber bullying. A strong connection between victimization and perpetration was found, with 63% of adolescents being both a victim and perpetrator. Very little parental mediation of ICT use was reported. Inferential statistics revealed that parents consistently underestimated their child’s online risk taking behaviors as well as their cyber bullying victimization and perpetration. Parents also overestimated mediation strategies in the home. The generational gap in the knowledge and use of ICTs is a barrier to effective parental mediation and online safety, since many negative online experiences by adolescents go undetected and can continue for extended periods of time thereby exacerbating the potential psychological and emotional distress. The study highlights the importance of including parents in online safety efforts.

Keywords: cyber bullying, online risk behaviors, parental mediation, South Africa

Procedia PDF Downloads 452

Authors: Arellano Karina, Diego Avila-Pesántez, Leticia Vaca-Cárdenas, Alberto Arellano, Carmen Mantilla

Abstract:

Nowadays, security threats in Voice over IP (VoIP) systems are an essential and latent concern for people in charge of security in a corporate network, because, every day, new Denial-of-Service (DoS) attacks are developed. These affect the business continuity of an organization, regarding confidentiality, availability, and integrity of services, causing frequent losses of both information and money. The purpose of this study is to establish the necessary measures to mitigate DoS threats, which affect the availability of VoIP systems, based on the Session Initiation Protocol (SIP). A Security Model called MS-DoS-SIP is proposed, which is based on two approaches. The first one analyzes the recommendations of international security standards. The second approach takes into account weaknesses and threats. The implementation of this model in a VoIP simulated system allowed to minimize the present vulnerabilities in 92% and increase the availability time of the VoIP service into an organization.

Keywords: Denial-of-Service SIP attacks, MS-DoS-SIP, security model, VoIP-SIP vulnerabilities

Procedia PDF Downloads 169

Authors: Aanshika Puri, Sakshi Mehrotra

Abstract:

Technology has always been a double edged sword. The constant rut of updating oneself to a better and newer version is the new norm. ‘Being Online’ is the latest addition to one’s everyday routine. Availability of various social online platforms being served on a platter topped with easy and cheap access to the internet makes it simple and doable for people of all social backgrounds. Interestingly, in India, a recent development is the line of demarcation between people from varied backgrounds, doing the vanishing act. One finds everybody on at least one, if not more, social platforms in a desire to stay connected. For instance, this ranges from sending a ‘WhatsApp’ message to a vegetable vendor for ordering your daily needs to vendors and small entrepreneurs. Even a rickshaw puller now has access to a mobile phone, an internet connection and apps/ platforms to stay connected. Recent observations show the extent to which everyone is hooked on to their mobile phones/ tabs/ laptops/ etc. Young mothers use them to distract their children and keep them busy while they finish the task at hand. Exposure to this part of the technology at such a tender age requires responsible and careful handling. Talking of adolescents, their self- image depends on their online social image to a large extent. There is a desire to be liked and accepted by the peer group at all times. Cyber-bullying is a by-product of the 24/7 availability of these resources. There is enough research-based evidence to prove the psychosocial and emotional impact on the development and well-being of the victim. The present paper attempts to understand the dynamics of cyber bullying vis-à-vis the developmental and mental health issues faced by the bully.

Keywords: Developmental Psychology, Empathy & Resilience Based Interventions, Mental Well-Being of Cyber Bully, Positive Psychology

Procedia PDF Downloads 224

Authors: Doaa Wael, Naswa Abdelbaky

Abstract:

Malware is malicious software that is built to cause destructive actions and damage information systems and networks. Malware infections increase rapidly, and types of malware have become more sophisticated, which makes the malware detection process more difficult. On the other side, the Internet of Things IoT technology is vulnerable to malware attacks. These IoT devices are always connected to the internet and lack security. This makes them easy for hackers to access. These malware attacks are becoming the go-to attack for hackers. Thus, in order to deal with this challenge, new malware detection techniques are needed. Currently, building a blockchain solution that allows IoT devices to download any file from the internet and to verify/approve whether it is malicious or not is the need of the hour. In recent years, blockchain technology has stood as a solution to everything due to its features like decentralization, persistence, and anonymity. Moreover, using blockchain technology overcomes some difficulties in malware detection and improves the malware detection ratio over-than the techniques that do not utilize blockchain technology. In this paper, we study malware detection models which are based on blockchain technology. Furthermore, we elaborate on the effect of blockchain technology in malware detection, especially in the android environment.

Keywords: malware analysis, blockchain, malware attacks, malware detection approaches

Procedia PDF Downloads 43

Authors: Preston Nabors, Nasseh Tabrizi

Abstract:

Portable Document Format (PDF) files have gained significant popularity for sharing and distributing documents due to their universal compatibility. However, the widespread use of PDF files has made them attractive targets for cybercriminals, who exploit vulnerabilities to deliver malware and compromise the security of end-user systems. This paper reviews notable contributions in PDF malware detection, including static, dynamic, signature-based, and hybrid analysis. It presents a comprehensive examination of PDF malware detection techniques, focusing on the emerging threat of adversarial sampling and the need for robust defense mechanisms. The paper highlights the vulnerability of machine learning classifiers to evasion attacks. It explores adversarial sampling techniques in PDF malware detection to produce mimicry and reverse mimicry evasion attacks, which aim to bypass detection systems. Improvements for future research are identified, including accessible methods, applying adversarial sampling techniques to malicious payloads, evaluating other models, evaluating the importance of features to malware, implementing adversarial defense techniques, and conducting comprehensive examination across various scenarios. By addressing these opportunities, researchers can enhance PDF malware detection and develop more resilient defense mechanisms against adversarial attacks.

Keywords: adversarial attacks, adversarial defense, adversarial machine learning, intrusion detection, PDF malware, malware detection, malware detection evasion

Procedia PDF Downloads 14

Authors: Ersun N. Kurtulus

Abstract:

One of the strategic goals of left-wing terrorism, both in its Anarchist and Marxist-Leninist forms, was mobilization of masses as a first step in launching a revolution. However, in the canonical texts of left-wing terrorist literature (such as the works of Brousse, Nachaev, Bakunin, Kropotkin, Most, Heinzen, Guevara and Marighella) it is not clear how resort to terrorist tactics such as assassinations or bomb attacks will lead to mobilization of masses. This link is usually presumed and taken for granted. However, in other, less known terrorist texts, where there is some elaboration upon this link, two conflicting views emerge: (i) terrorist attacks are supposed to cause state repression which in turn radicalizes masses and opens up the way for recruitment and mobilization versus (ii) terrorist attacks are supposed to demonstrate the hollowness of the already existent state repression and thereby encourage mobilization of masses that are already radicalized but inactive due fear caused by state repression. The paper argues that terrorism studies have largely overemphasized the former while the latter has remained more or less unnoticed.

Keywords: terrorism, repression, radical left, mobilization of masses

Procedia PDF Downloads 187

Authors: Babak Pourghahramani

Abstract:

One of the modern crimes against property and ownership in the cyber-space is the computer fraud. Despite being modern, the aforementioned crime has its roots in the principles of religious jurisprudence. In some cases, this crime is compatible with the traditional regulations and that is when the computer is considered as a crime commitment device and also some computer frauds that take place in the context of electronic exchanges are considered as crime based on the E-commerce Law (approved in 2003) but the aforementioned regulations are flawed and until recent years there was no comprehensive law in this regard; yet after some years the Computer Crime Act was approved in 2009/26/5 and partly solved the problem of legal vacuum. The present study intends to investigate the computer fraud according to Iran's Computer Crime Act and by taking into consideration the international documents.

Keywords: fraud, cyber fraud, computer fraud, classic fraud, computer crime

Procedia PDF Downloads 304

Authors: S. B. Kumbalavati, J. D. Mallapur, K. Y. Bendigeri

Abstract:

A mobile Ad-hoc network (MANET) is a multihop wireless network where nodes communicate each other without any pre-deployed infrastructure. There is no central administrating unit. Hence, MANET is generally prone to many of the attacks. These attacks may alter, release or deny data. These attacks are nothing but intrusions. Intrusion is a set of actions that attempts to compromise integrity, confidentiality and availability of resources. A major issue in the design and operation of ad-hoc network is sharing the common spectrum or common channel bandwidth among all the nodes. We are performing intrusion detection using game theory approach. Game theory is a mathematical tool for analysing problems of competition and negotiation among the players in any field like marketing, e-commerce and networking. In this paper mathematical model is developed using game theory approach and intruders are detected and removed. Bandwidth utilization is estimated and comparison is made between bandwidth utilization with intrusion detection technique and without intrusion detection technique. Percentage of intruders and efficiency of the network is analysed.

Keywords: ad-hoc network, IDS, game theory, sensor networks

Procedia PDF Downloads 354

Authors: Manpreet Kaur, Amita Rani, Sanjay Kumar

Abstract:

The Internet of Things (IoT), a cyber-physical paradigm, allows a large number of devices to connect and send the sensory data in the network simultaneously. This tremendous amount of data generated leads to very high network load consequently resulting in network congestion. It further amounts to frequent loss of useful information and depletion of significant amount of nodes’ energy. Therefore, there is a need to control congestion in IoT so as to prolong network lifetime and improve the quality of service (QoS). Hence, we propose a two-level clustering based routing algorithm considering congestion score and packet priority metrics that focus on minimizing the network congestion. In the proposed Priority based Congestion Control (PBCC) protocol the sensor nodes in IoT network form clusters that reduces the amount of traffic and the nodes are prioritized to emphasize important data. Simultaneously, a congestion score determines the occurrence of congestion at a particular node. The proposed protocol outperforms the existing Packet Discard Network Clustering (PDNC) protocol in terms of buffer size, packet transmission range, network region and number of nodes, under various simulation scenarios.

Keywords: internet of things, cyber-physical systems, congestion control, priority, transmission rate

Procedia PDF Downloads 281

Authors: Joseph Udofia, Isaac Olufadewa

Abstract:

Everyday, the size of Electronic Health Records data keeps increasing as new patients visit health practitioner and returning patients fulfil their appointments. As these data grow, so is their susceptibility to cyber-attacks from criminals waiting to exploit this data. In the US, the damages for cyberattacks were estimated at $8 billion (2018), $11.5 billion (2019) and $20 billion (2021). These attacks usually involve the exposure of PII. Health data is considered PII, and its exposure carry significant impact. To this end, an enhancement of Health Policy and Standards in relation to data security, especially among patients and their clinical providers, is critical to ensure ethical practices, confidentiality, and trust in the healthcare system. As Clinical accelerators and applications that contain user data are used, it is expedient to have a review and revamp of policies like the Payment Card Industry Data Security Standard (PCI DSS), the Health Insurance Portability and Accountability Act (HIPAA), the Fast Healthcare Interoperability Resources (FHIR), all aimed to ensure data protection and security in healthcare. FHIR caters for healthcare data interoperability, FHIR caters to healthcare data interoperability, as data is being shared across different systems from customers to health insurance and care providers. The astronomical cost of implementation has deterred players in the space from ensuring compliance, leading to susceptibility to data exfiltration and data loss on the security accuracy of protected health information (PHI). Though HIPAA hones in on the security accuracy of protected health information (PHI) and PCI DSS on the security of payment card data, they intersect with the shared goal of protecting sensitive information in line with industry standards. With advancements in tech and the emergence of new technology, it is necessary to revamp these policies to address the complexity and ambiguity, cost barrier, and ever-increasing threats in cyberspace. Healthcare data in the wrong hands is a recipe for disaster, and we must enhance its protection and security to protect the mental health of the current and future generations.

Keywords: cloud security, healthcare, cybersecurity, policy and standard

Procedia PDF Downloads 45

Authors: Johannes Günther

Abstract:

Time Sensitive Networking (TSN), standardized in the IEEE 802.1 standard, has been lent increasing attention in the context of mission critical systems. Such mission critical systems, e.g., in the automotive domain, aviation, industrial, and smart factory domain, are responsible for coordinating complex functionalities in real time. In many of these contexts, a reliable data exchange fulfilling hard time constraints and quality of service (QoS) conditions is of critical importance. TSN standards are able to provide guarantees for deterministic communication behaviour, which is in contrast to common best-effort approaches. Therefore, the superior QoS guarantees of TSN may aid in the development of new technologies, which rely on low latencies and specific bandwidth demands being fulfilled. TSN extends existing Ethernet protocols with numerous standards, providing means for synchronization, management, and overall real-time focussed capabilities. These additional QoS guarantees, as well as management mechanisms, lead to an increased attack surface for potential malicious attackers. As TSN guarantees certain deadlines for priority traffic, an attacker may degrade the QoS by delaying a packet beyond its deadline or even execute a denial of service (DoS) attack if the delays lead to packets being dropped. However, thus far, security concerns have not played a major role in the design of such standards. Thus, while TSN does provide valuable additional characteristics to existing common Ethernet protocols, it leads to new attack vectors on networks and allows for a range of potential attacks. One answer to these security risks is to deploy defense mechanisms according to a moving target defense (MTD) strategy. The core idea relies on the reduction of the attackers' knowledge about the network. Typically, mission-critical systems suffer from an asymmetric disadvantage. DoS or QoS-degradation attacks may be preceded by long periods of reconnaissance, during which the attacker may learn about the network topology, its characteristics, traffic patterns, priorities, bandwidth demands, periodic characteristics on links and switches, and so on. Here, we implemented and tested several MTD-like defense strategies against different attacker models of varying capabilities and budgets, as well as collaborative attacks of multiple attackers within a network, all within the context of TSN networks. We modelled the networks and tested our defense strategies on an OMNET++ testbench, with networks of different sizes and topologies, ranging from a couple dozen hosts and switches to significantly larger set-ups.

Keywords: network security, time sensitive networking, moving target defense, cyber security

Procedia PDF Downloads 41

Authors: M. Mansouri, P. Jaklitsch, E. Teiniker

Abstract:

SQL injection on web applications is a very popular kind of attack. There are mechanisms such as intrusion detection systems in order to detect this attack. These strategies often rely on techniques implemented at high layers of the application but do not consider the low level of system calls. The problem of only considering the high level perspective is that an attacker can circumvent the detection tools using certain techniques such as URL encoding. One technique currently used for detecting low-level attacks on privileged processes is the tracing of system calls. System calls act as a single gate to the Operating System (OS) kernel; they allow catching the critical data at an appropriate level of detail. Our basic assumption is that any type of application, be it a system service, utility program or Web application, “speaks” the language of system calls when having a conversation with the OS kernel. At this level we can see the actual attack while it is happening. We conduct an experiment in order to demonstrate the suitability of system call analysis for detecting SQL injection. We are able to detect the attack. Therefore we conclude that system calls are not only powerful in detecting low-level attacks but that they also enable us to detect high-level attacks such as SQL injection.

Keywords: Linux system calls, web attack detection, interception, SQL

Procedia PDF Downloads 324

Authors: Amirreza Fazely Hamedani, Muzzamil Aziz, Philipp Wieder, Ramin Yahyapour

Abstract:

Software-defined networking in recent years came into the sight of so many network designers as a successor to the traditional networking. Unlike traditional networks where control and data planes engage together within a single device in the network infrastructure such as switches and routers, the two planes are kept separated in software-defined networks (SDNs). All critical decisions about packet routing are made on the network controller, and the data level devices forward the packets based on these decisions. This type of network is vulnerable to DDoS attacks, degrading the overall functioning and performance of the network by continuously injecting the fake flows into it. This increases substantial burden on the controller side, and the result ultimately leads to the inaccessibility of the controller and the lack of network service to the legitimate users. Thus, the protection of this novel network architecture against denial of service attacks is essential. In the world of cybersecurity, attacks and new threats emerge every day. It is essential to have tools capable of managing and analyzing all this new information to detect possible attacks in real-time. These tools should provide a comprehensive solution to automatically detect, predict and prevent abnormalities in the network. Big data encompasses a wide range of studies, but it mainly refers to the massive amounts of structured and unstructured data that organizations deal with on a regular basis. On the other hand, it regards not only the volume of the data; but also that how data-driven information can be used to enhance decision-making processes, security, and the overall efficiency of a business. This paper presents an intelligent big data framework as a solution to handle illegitimate traffic burden on the SDN network created by the numerous DDoS attacks. The framework entails an efficient defence and monitoring mechanism against DDoS attacks by employing the state of the art machine learning techniques.

Keywords: apache spark, apache kafka, big data, DDoS attack, machine learning, SDN network

Procedia PDF Downloads 138

Authors: Sara Alshehri, Bayan Alenzi, Atheer Alshehri, Samia Chelloug, Zainab Almry, Hussah Albugmai

Abstract:

This paper concerns body area networks sensor that collect signals around a human body. The black hole attacks are the main security challenging problem because the data traffic can be dropped at any node. The focus of our proposed solution is to efficiently route data packets while detecting black hole nodes.

Keywords: body sensor networks, security, black hole, routing, broadcasting, OMNeT++

Procedia PDF Downloads 613

Authors: Jasmin H. Kwon , Thomas M. Brinthaupt

Abstract:

There is a general lack of consumer behavior research on seasonal shopping events. Studying these kinds of events is interesting and important for several reasons. First, global shopping opportunities have implications for cross-cultural shopping events and effects on seasonal events in other countries. Second, seasonal shopping events are subject to economic conditions and may wane in popularity, especially with e-commerce options. Third, retailers can expand the success of their seasonal shopping events by taking advantage of cross-cultural opportunities. Fourth, it is interesting to consider how consumers from other countries might take advantage of different countries’ seasonal shopping events. Many countries have seasonal shopping events such as Black Friday. Research on these kinds of events can lead to the identification of cross-cultural similarities and differences in consumer behavior. We compared shopping motivations of college students who did (n=36) and did not (n=81) shop on Cyber Monday. The results showed that the groups did not differ significantly on any of the shopping motivation subscales. The Cyber Monday shoppers reported being significantly more likely to agree than disagree that their online shopping experience was enjoyable and exciting. They were more likely to disagree than agree that their experience was overwhelming. In addition, they agreed that they shopped only for deals, purchased the exact items they wanted, and thought that their efforts were worth it. Finally, they intended to shop again at next year’s Cyber Monday. It appears that there are many positive aspects to online seasonal shopping, independent of one’s typical shopping motivations. Different countries have seasonal events similar to the Black Friday and Cyber Monday shopping holiday (e.g., Boxing Day, Fukubukuro, China’s Singles Day). In Korea, there is increasing interest in taking advantage of U.S. Black Friday and Cyber Monday opportunities. Government officials are interested in adapting the U.S. holiday to Korean retailers, essentially recreating the Black Friday/Cyber Monday holiday there. Similarly, the Japanese Fukubukuro ('Lucky Bag') holiday is being adapted by other countries such as Korea and the U.S. International shipping support companies are also emerging that help customers to identify and receive products from other countries. U.S. department stores also provide free shipping on international orders for certain items. As these structural changes are occurring and new options for global shopping emerge, the need to understand the role of shoppers’ motivations becomes even more important. For example, the Cyber Monday results are particularly relevant to the new landscape with e-commerce and cross-cultural opportunities, since many of these events involve e-commerce. Within today’s global market, physical location of a retail store is no longer a limitation to growing one’s market share. From a consumer perspective, it is important to investigate how shopping motivations are related to e-commerce seasonal events. From a retail perspective, understanding the shopping motivations of international customers would help retailers to expand and better tailor their seasonal shopping events beyond the boundaries of their own countries. From a collaborative perspective, research on this topic can include interdisciplinary researchers, including those from fashion merchandising, marketing, retailing, and psychology.

Keywords: Black Friday, cross-cultural research, Cyber Monday, seasonal shopping behavior

Procedia PDF Downloads 372

Authors: Sohni Siddiqui, Anja Schultze-Krumbholz

Abstract:

Our lives now revolve more around online-related tasks, as the internet has become a necessity. One of the disturbance concerns with high internet usage is the multiplication of cyber-associated risky behaviors such as cyber aggression and/or cyberbullying. Cyber Bullying is an emerging issue that needs immediate attention from many stakeholders such as parents, doctors, school administrators, policymakers, researchers, and others, especially in the COVID-19 pandemic when online learning has been adopted as an instructional strategy, and there is a continuous rise in cyberbullying cases. The aim of the article is to review existing successful and emerging interventions designed to control bullying and cyberbullying by engaging individuals through teachers’ professional development and adopting a whole-school approach. The study identified the strengths and limitations of the programs and suggested improvements to existing interventions. Preparing interventions with a strong theoretical framework, integrating applications of emerging theories in interventions, promoting proactive and reactive strategies in combination, beginning with the baseline needs assessment surveys, reducing digital time and digital divide among parents and children, promoting the concept of lead trainer, peer trainer, and hot spots, focusing on physical activities, use of landmarks are some of the recommendations proposed by authors. In addition to face-to-face intervention, the researchers recommend updating and improving previous intervention programs with games and apps. Especially in the time of pandemic crises, when face-to-face interactions are limited and cyberbullying is triggered, the use of apps, web-based interventions, and games can be an effective way to control electronic perpetration and victimization.

Keywords: anti bullying programs, cyber bullying, individualized trainings, teachers’ professional development, whole school interventions

Procedia PDF Downloads 111

Authors: Michaela Vašková

Abstract:

With the increasing dependence of countries on the critical infrastructure, it increases their vulnerability. Big threat is primarily in the human factor (personnel of the critical infrastructure) and in terrorist attacks. It emphasizes the development of methodology for searching of weak points and their subsequent elimination. This article discusses methods for the analysis of safety in the objects of critical infrastructure. It also contains proposal for methodology for training employees of security services in the objects of the critical infrastructure and developing scenarios of attacks on selected objects of the critical infrastructure.

Keywords: critical infrastructure, object of critical infrastructure, protection, safety, security, security audit

Procedia PDF Downloads 315

Authors: Asma Ben Yaghlane, Mohamed Naceur Azaiez

Abstract:

In this paper, we briefly introduce the concept of Poisson attacks in the case of defense/attack strategies where attacks are assumed to be continuous. We suggest a game model in which the attacker will combine both criteria of a sufficient confidence level of a successful attack and a reasonably small size of the estimation error in order to launch an attack. Here, estimation error arises from assessing the system failure upon attack using aggregate data at the system level. The corresponding error is referred to as aggregation error. On the other hand, the defender will attempt to deter attack by making one or both criteria inapplicable. The defender will build his/her strategy by both strengthening the targeted system and increasing the size of error. We will formulate the defender problem based on appropriate optimization models. The attacker will opt for a Bayesian updating in assessing the impact on the improvement made by the defender. Then, the attacker will evaluate the feasibility of the attack before making the decision of whether or not to launch it. We will provide illustrations to better explain the process.

Keywords: attacker, defender, game theory, information

Procedia PDF Downloads 428

Authors: Alese Boniface K., Adu Michael K., Owa Victor K.

Abstract:

Security can be defined as the degree of resistance to, or protection from harm. It applies to any vulnerable and valuable assets, such as persons, dwellings, communities, nations or organizations. Cybercrime is any crime committed or facilitated via the Internet. It is any criminal activity involving computers and networks. It can range from fraud to unsolicited emails (spam). It includes the distant theft of government or corporate secrets through criminal trespass into remote systems around the globe. Nigeria like any other nations of the world is currently having their own share of the menace that has been used even as tools by terrorists. This paper is an attempt at presenting cyber security as an issue that requires a coordinated national response. It also acknowledges and advocates the key roles to be played by stakeholders and the importance of forging strong partnerships to prevent and tackle cybercrime in Nigeria.

Keywords: security, cybercrime, internet, government, stakeholders, partnerships

Procedia PDF Downloads 500

Authors: Yael Deutsch, Arieh Gavious

Abstract:

The threat of aviation terrorism and its potential damage became significant after the 9/11 terror attacks. These attacks have led authorities and leaders to suggest that security personnel should overcome politically correct scruples about profiling and use it openly. However, there is a lack of knowledge about the smart usage of profiling and its advantages. We analyze game models that are suitable to specific real-world scenarios, focusing on profiling as a tool to detect potential violators, such as terrorists and smugglers. We provide analytical and clear answers to difficult questions, and by that help fighting against harmful violation acts.

Keywords: game theory, profiling, security, nash equilibrium

Procedia PDF Downloads 79

Authors: Mohamamd Shahjahan

Abstract:

Background: Cybercrime is common phenomenon at present both developed and developing countries. Young generation, especially adolescents now engaged internet frequently and they commit cybercrime frequently in Bangladesh. Objective: In this regard, the present study on the pattern of cybercrime among youngers of Bangladesh has been conducted. Methods and tools: This study was a cross-sectional study, descriptive in nature. Non-probability accidental sampling technique has been applied to select the sample because of the nonfinite population and the sample size was 167. A printed semi-structured questionnaire was used to collect data. Results: The study shows that adolescents mainly do hacking (94.6%), pornography (88.6%), software piracy (85 %), cyber theft (82.6%), credit card fraud (81.4%), cyber defamation (75.6%), sweet heart swindling (social network) (65.9%) etc. as cybercrime. According to findings the major causes of cybercrime among the respondents in Bangladesh were- weak laws (88.0%), defective socialization (81.4%), peer group influence (80.2%), easy accessibility to internet (74.3%), corruption (62.9%), unemployment (58.7%), and poverty (24.6%) etc. It is evident from the study that 91.0% respondents used password cracker as the techniques of cyber criminality. About 76.6%, 72.5%, 71.9%, 68.3% and 60.5% respondents’ technique was key loggers, network sniffer, exploiting, vulnerability scanner and port scanner consecutively. Conclusion: The study concluded that pattern of cybercrimes is frequently changing and increasing dramatically. Finally, it is recommending that the private public partnership and execution of existing laws can be controlling this crime.

Keywords: cybercrime, adolescents, pattern, internet

Procedia PDF Downloads 41

Authors: Andrea Tundis, Carlos García Cordero, Rolf Egert, Alfredo Garro, Max Mühlhäuser

Abstract:

Resilience is an important system property that relies on the ability of a system to automatically recover from a degraded state so as to continue providing its services. Resilient systems have the means of detecting faults and failures with the added capability of automatically restoring their normal operations. Mastering resilience in the domain of Cyber-Physical Systems is challenging due to the interdependence of hybrid hardware and software components, along with physical limitations, laws, regulations and standards, among others. In order to overcome these challenges, this paper presents a modeling approach, based on the concept of Dynamic Cells, tailored to the management of Smart Grids. Additionally, a heuristic algorithm that works on top of the proposed modeling approach, to find resilient configurations, has been defined and implemented. More specifically, the model supports a flexible representation of Smart Grids and the algorithm is able to manage, at different abstraction levels, the resource consumption of individual grid elements on the presence of failures and faults. Finally, the proposal is evaluated in a test scenario where the effectiveness of such approach, when dealing with complex scenarios where adequate solutions are difficult to find, is shown.

Keywords: cyber-physical systems, energy management, optimization, smart grids, self-healing, resilience, security

Procedia PDF Downloads 301

Authors: Arif Anwar Surani, Salman Ali, Asif Surani, Sohaib Zahid, Akbar Shoukat Ali, Zeeshan-Ul-Hassan Usmani, Joseph Varon, Salim Surani

Abstract:

Objective: Terrorism and suicidal bomb blast attacks are commonplace in Karachi, Pakistan. During the years 2000 to 2007, there were over 60 bomb explosions resulting in more than 1500 casualties. These explosions produce a wide variety of external injuries. We undertook this study to evaluate pattern of external injury produced after bomb blast attacks and to compare injury profile resulting from explosions in open versus semi-confined blast environments. Method: A retrospective, cross-sectional, study was conducted to review injuries sustained after bomb blast attacks in Karachi, Pakistan, from January 2000 to October 2007. Emergency medical records and medico legal certificates of patients presented to three major public sector hospitals of Karachi were evaluated using self-design proforma. Results: Data of 481 victims meet inclusion criteria and were incorporated for final analysis. Of these, 63.6% were injured in open spaces and 36.4% were injured in semi-confined blast environments. Lacerations were commonly encountered as external injury (47.7%) followed by penetrating wounds (15.3%). Lower and upper extremities were most commonly affected (38.6% and 19% respectively). Open and semi-confined blast environments produced a specific injury pattern and profile (p=<0.001). Conclusions: Bomb blast attacks in Karachi produce an external injury pattern consistent with other studies, with exception of an increased frequency in penetrating wounds. Semi-confined blast environments were associated with severe injuries. Further studies are required to better classify injuries and their severity based on standardized scoring systems. Effective emergency response systems must be designed to cope with mass causalities following bomb explosions.

Keywords: bomb blast attacks, injury pattern, external injury, open space, semi-confined space, blast environment

Procedia PDF Downloads 373

Authors: Francesco Buccafurri, Celeste Romolo

Abstract:

Nowadays phishing is the most frequent starting point of cyber-attack vectors. Phishing is implemented both via email and social network messages. While a wide scientific literature exists which addresses the problem of contrasting email spam-phishing, no specific countermeasure has been so far proposed for phishing included into private messages of social network platforms. Unfortunately, the problem is severe. This paper proposes an approach against social network phishing, based on a non invasive collaborative information-sharing approach which leverages blockchain. The detection method works by filtering candidate messages, by distilling them by means of a distance-preserving hash function, and by publishing hashes over a public blockchain through a trusted smart contract (thus avoiding denial of service attacks). Phishing detection exploits social information embedded into social network profiles to identify similar messages belonging to disjoint contexts. The main contribution of the paper is to introduce a new approach to contrasting the problem of social network phishing, which, despite its severity, received little attention by both research and industry.

Keywords: phishing, social networks, information sharing, blockchain

Procedia PDF Downloads 296

Authors: Sidra Shabbir, Ayesha Manzoor, Mehreen Sirshar

Abstract:

The use of the network communication has imposed serious threats to the security of assets over the network. Network security is getting more prone to active and passive attacks which may result in serious consequences to data integrity, confidentiality and availability. Various cryptographic techniques have been proposed in the past few years to combat with the concerned problem by ensuring quality but in order to have a fully secured network; a framework of new cryptosystem was needed. This paper discusses certain cryptographic techniques which have shown far better improvement in the network security with enhanced quality assurance. The scope of this research paper is to cover the security pitfalls in the current systems and their possible solutions based on the new cryptosystems. The development of new cryptosystem framework has paved a new way to the widespread network communications with enhanced quality in network security.

Keywords: cryptography, network security, encryption, decryption, integrity, confidentiality, security algorithms, elliptic curve cryptography

Procedia PDF Downloads 702

Authors: Ali Youniss Aidbaiss, G. Unnikrishnan, Anoob Hakim

Abstract:

Scope changes, scope creeps, cost and time overruns have become common in projects in the oil and gas sector. Even in repetitive projects, failure to implement lessons learnt and correct past mistakes have resulted in various setbacks. This paper describes the concept of reusing successfully implemented design packages as templates for repetitive projects, and thereby lowering the instances of project failures. Units or systems successfully installed in projects can be identified and taken up for preparing template design packages. Standardization of units and systems helps to develop templates from successful designs which can be repeatedly used with confidence. These packages can be used with minimum modifications for developing FEED packages faster, saving cost and other valuable resources. Lessons learnt from the completed project incorporated in the templates avoid repeating past mistakes during detailed design, procurement and execution. With template packages, consistent quality can be maintained for similar projects, avoiding scope creep and scope changes which will ultimately result in cost and time savings.

Keywords: engineering work package, repetitive construction, template design package, time saving in projects

Procedia PDF Downloads 285

Authors: Sinchul Back, Sun Ho Kim, Jennifer LaPrade, Ilju Seong

Abstract:

Due to the advantage of using the Internet, cybercriminals can reach target(s) without border controls. Prior research on criminology and crime science has largely been void of empirical studies on journey-to-cybercrime and crime opportunity. Thus, the purpose of this study is to understand more about cyber offender spatial decision making associated with crime opportunity factors (i.e., co-offending, offender-stranger). Data utilized in this study were derived from 306 U.S. Federal court cases of cybercrime. The findings of this study indicated that there was a positive relationship between co-offending and journey-to-cybercrime, whereas there was no link between offender-stranger and journey-to-cybercrime. Also, the results showed that there was no relationship between cybercriminal sex, age, and journey-to-cybercrime. The policy implications and limitations of this study are discussed.

Keywords: co-offending, crime opportunity, journey-to-cybercrime, offender-stranger

Procedia PDF Downloads 148

Authors: M. Sandhya, R. M. Madhumitha, Sharmila Sankar

Abstract:

Interoperable medical devices (IMDs) face threats due to the increased attack surface accessible by interoperability and the corresponding infrastructure. Initiating networking and coordination functionalities primarily modify medical systems' security properties. Understanding the threats is a vital first step in ultimately crafting security solutions for such systems. The key to this problem is coming up with some common types of threats or attacks with those of security and privacy, and providing this information as a roadmap. This paper analyses the security issues in interoperability of devices and presents the main types of threats that have to be considered to build a secured system.

Keywords: interoperability, threats, attacks, medical devices

Procedia PDF Downloads 304