Skip to main content

2020 | Buch

Advances in Cyber Security Analytics and Decision Systems

insite
SUCHEN

Über dieses Buch

This book contains research contributions from leading cyber security scholars from around the world. The authors provide comprehensive coverage of various cyber security topics, while highlighting recent trends. The book also contains a compendium of definitions and explanations of concepts, processes, acronyms, and comprehensive references on existing literature and research on cyber security and analytics, information sciences, decision systems, digital forensics, and related fields. As a whole, the book is a solid reference for dynamic and innovative research in the field, with a focus on design and development of future-ready cyber security measures. Topics include defenses against ransomware, phishing, malware, botnets, insider threats, and many others.

Inhaltsverzeichnis

Frontmatter
Adaptive Attacker Strategy Development Against Moving Target Cyber Defenses
Abstract
A model of strategy formulation is used to study how an adaptive attacker learns to overcome a moving target cyber defense. The attacker–defender interaction is modeled as a game in which a defender deploys a temporal platform migration defense. Against this defense, a population of attackers develop strategies specifying the temporal ordering of resource investments that bring targeted zero-day exploits into existence. Attacker response to two defender temporal platform migration scheduling policies is examined. In the first defender scheduling policy, the defender selects the active platform in each match uniformly at random from a pool of available platforms. In the second policy, the defender schedules each successive platform to maximize the diversity of the source code presented to the attacker. Adaptive attacker response strategies are modeled by finite state machine (FSM) constructs that evolve during simulated play against defender strategies via an evolutionary algorithm. It is demonstrated that the attacker learns to invest heavily in exploit creation for the platform with the least similarity to other platforms when faced with a diversity defense, while avoiding investment in exploits for this least similar platform when facing a randomization defense. Additionally, it is demonstrated that the diversity-maximizing defense is superior for shorter duration attacker–defender engagements but performs suboptimally in extended attacker–defender interactions.
M. L. Winterrose, K. M. Carter, N. Wagner, W. W. Streilein
Deep Reinforcement Learning for Adaptive Cyber Defense and Attacker’s Pattern Identification
Abstract
The cyberattack has been increased rapidly since most of the devices are connected to networks due to Internet of Things (IoT) era. In addition, artificial intelligence (AI) is booming due to its capability to adapt to most of the science fields. AI has the capability to learn, identify, and recognize certain pattern according to their training approaches. This paper aims to propose reinforcement learning for adaptive cyber defense that is capable to avoid a certain pattern of attack and identify the pattern of attack from the cyber outlaw. The algorithm will learn and identify the behavior of the attack and attackers through the training dataset and then provide a counterattack to avoid unnecessary loss. The experimental result has shown the fitness of neural network algorithm and the proposed reinforcement learning framework with a 95% confidence rate. The correct prediction from the confusion matrix has also shown high value with 96%. The future works will be focused on the real-world data testing and hard-coded reinforcement algorithm to observe adaptability of the proposed framework.
Ahmad Hoirul Basori, Sharaf Jameel Malebary
Dynamic Recognition of Phishing URLs Using Deep Learning Techniques
Abstract
Phishing is a critical issue that faces the digital security. The straightforwardness of the web and Internet uncovered open doors for offenders to transfer malevolent substance at the same time with the upgrade of online business trades, for example, phishing – the demonstration of taking individual data which ascends in number. Internet clients’ costs have been increased to billions of dollars for each year due to phishing. Phishers use parodied email, Uniform Resource Locator (URL) locations of phony sites, and phishing programming to take individual data and monetary record subtleties, for example, usernames and passwords. The boycott system is definitely not a sufficient method to remain safe from the cybercriminals. Hence, phishing site pointers must be considered for this reason, with the presence and utilization of machine learning calculations. The current techniques make utilization of all separated attributes in the phishing URL location, prompting high false positive rate.
In this manner, the proposed work manages strategies for distinguishing phishing web destinations by investigating different attributes of genuine and phishing URLs utilizing profound learning procedures, for example, deep Boltzmann machine (DBM), stacked auto-encoder (SAE), and deep neural network (DNN). DBM and SAE are utilized for pre-preparing the model with a superior portrayal of data for attribute determination, among which SAE has accomplished lower misclassification mistake with nine and includes a diminished list of attributes and DNN is utilized for twofold grouping in distinguishing obscure URL as either a phishing URL or a genuine URL. The proposed framework accomplishes higher location rate of 94% with low false positive rate than other machine learning strategies.
S. Sountharrajan, M. Nivashini, Shishir K. Shandilya, E. Suganya, A. Bazila Banu, M. Karthiga
Efficient Reconfigurable Integrated Cryptosystems for Cybersecurity Protection
Abstract
Modern cryptosystems comprise various cryptographic mechanisms designed to defend cyber-attacks which target different application areas. For successful protection of the attacks, selection of suitable crypto algorithms and optimized implementations are required pertaining to the applications and attack types. To effectively utilize the advantages of the existing cryptographic mechanisms, various methods have been proposed for enhanced performance and better security. Cryptosystem implementations for high performance and constrained environments must be different as these platforms differ in terms of resource, performance, and security requirements. If the application incorporates both platforms for sensitive information exchange like healthcare IoT, a cryptosystem fulfilling the specific requirements of each platform and providing end-to-end security is needed. It is challenging to implement a cryptosystem which simultaneously meets the requirements of both environments using the same cryptosystem. In this chapter, efficient FPGA-based integrated cryptosystems are proposed for the security of high-performance platforms, constrained devices, and secure information exchange between them focusing on the security of healthcare IoT to address the challenges. Fewer number of algorithms are used achieving better throughput and smaller area in accordance with the specific implementations while saving extra space, key management, and key storage requirements compared to existing reported outcomes.
Abiy Tadesse Abebe, Yalemzewd Negash Shiferaw, P. G. V. Suresh Kumar
Data Analytics for Security Management of Complex Heterogeneous Systems: Event Correlation and Security Assessment Tasks
Abstract
This chapter considers the methods and techniques for security management of complex heterogeneous systems with an emphasis on event correlation and security assessment. The approach suggested in the chapter is based on the integrated analysis of big heterogeneous security data for event correlation, including syntactic and semantic analysis of security events and information. The key feature of the approach is the definition of various relationships between event properties within an automated adaptive correlation process. Correlation of heterogeneous security data allows detecting security incidents, as well as the chains of security events that led to these incidents. The results of event correlation are used in various tasks of security assessment. The approach to the security assessment is based on the Bayesian attack graphs, open security data representation standards, and vulnerability indexes from the Common Vulnerability Scoring System. The results of correlation are used on the stage of system assets criticality assessment for assets inventory and on the stage of security assessment to calculate probability of ongoing attack success considering incident statistics. A technique for vulnerability assessment based on the data mining is also described. The advantages and disadvantages of the suggested approaches, methods and techniques are outlined. The purpose of this chapter is to form a methodological basis for data analysis in security management, as well as to demonstrate its practical application, using the data set of event logs from the Windows operating system and from the SCADA power management system.
Igor Kotenko, Andrey Fedorchenko, Elena Doynikova
Cybersecurity Technologies for the Internet of Medical Wearable Devices (IoMWD)
Abstract
This book chapter presents several aspects regarding software and hardware vulnerabilities of the wearable medical devices, cyberattacks and security technologies for IoMWD, and cloud attacks. In the context of the increased confidence granted wearable devices for medical diagnosis or as a personal assistant for people with disabilities, a big problem is represented by the insured safety devices both at the level of the logic of data and hardware for correct operation of the wearable devices. The trust on these devices envisages this problem by people aged between 20 and 65 years in the context of the dull-witted market growth at almost 70 billion users of personalized medicine in 2025. Because personalized medicine through wearable devices involves network connection, IoMWD, sensitive personal data, and diagnostics or recipes, it is a massive risk in stealing personal data, disrupting networks, and corrupting communication in order to exploit the wearable vulnerabilities to damage the system and cause chaos. Also, for cyber threats, disruption-tolerant networking, data anonymization, and secure authentication could be used as mitigation.
Raluca Maria Aileni, George Suciu, Carlos Alberto Valderrama Sukuyama, Sever Pasca, Rajagopal Maheswar
Backmatter
Metadaten
Titel
Advances in Cyber Security Analytics and Decision Systems
herausgegeben von
Dr. Shishir K. Shandilya
Dr. Neal Wagner
Prof. Atulya K. Nagar
Copyright-Jahr
2020
Electronic ISBN
978-3-030-19353-9
Print ISBN
978-3-030-19352-2
DOI
https://doi.org/10.1007/978-3-030-19353-9

Neuer Inhalt