Skip to main content

Über dieses Buch

This handbook provides an overarching view of cyber security and digital forensic challenges related to big data and IoT environment, prior to reviewing existing data mining solutions and their potential application in big data context, and existing authentication and access control for IoT devices. An IoT access control scheme and an IoT forensic framework is also presented in this book, and it explains how the IoT forensic framework can be used to guide investigation of a popular cloud storage service.

A distributed file system forensic approach is also presented, which is used to guide the investigation of Ceph. Minecraft, a Massively Multiplayer Online Game, and the Hadoop distributed file system environment are also forensically studied and their findings reported in this book. A forensic IoT source camera identification algorithm is introduced, which uses the camera's sensor pattern noise from the captured image.

In addition to the IoT access control and forensic frameworks, this handbook covers a cyber defense triage process for nine advanced persistent threat (APT) groups targeting IoT infrastructure, namely: APT1, Molerats, Silent Chollima, Shell Crew, NetTraveler, ProjectSauron, CopyKittens, Volatile Cedar and Transparent Tribe.

The characteristics of remote-controlled real-world Trojans using the Cyber Kill Chain are also examined. It introduces a method to leverage different crashes discovered from two fuzzing approaches, which can be used to enhance the effectiveness of fuzzers. Cloud computing is also often associated with IoT and big data (e.g., cloud-enabled IoT systems), and hence a survey of the cloud security literature and a survey of botnet detection approaches are presented in the book. Finally, game security solutions are studied and explained how one may circumvent such solutions.

This handbook targets the security, privacy and forensics research community, and big data research community, including policy makers and government agencies, public and private organizations policy makers. Undergraduate and postgraduate students enrolled in cyber security and forensic programs will also find this handbook useful as a reference.



Big Data and Internet of Things Security and Forensics: Challenges and Opportunities

With millions to billions of connected Internet of Things (IoT) devices and systems sending heterogeneous raw and processed data through the IoT network, we need to be able to effectively utilize big data analytical techniques and solutions and ensure the security and privacy of IoT data and services against the broad range of attackers. Further complicating the challenge is the increasing number of nodes and complexity of the IoT network and ecosystem, for example the increasing number and size of audit and security logs and intrusion data to be collected and analyzed. The purpose of this handbook is to explore cyber security, forensics and threat intelligence challenges and solutions relating to IoT and big data.
Amin Azmoodeh, Ali Dehghantanha, Kim-Kwang Raymond Choo

Privacy of Big Data: A Review

Big data has become Buzzword in recent years. It is due to the fact that voluminous amount of structured, semi structured and unstructured data that is generated in the digital era. But, this huge data can be tracked and used for monetary benefits which thwart individual’s privacy. Hence numerous fruitful researches are made in privacy preservation. This book chapter lays emphases on the state-of-art privacy preserving data mining mechanisms and reviews the application of these mechanisms in big data environment.
S. Sangeetha, G. Sudha Sadasivam

A Bibliometric Analysis of Authentication and Access Control in IoT Devices

In order to be considered secure, the devices which make up the Internet of Things (IoT) need access control and authentication methods which are resilient against a wide range of attacks. This paper provides a bibliometric analysis of available academic research papers in this area from 2008 to 2017. We used a dataset of 906 academic papers and analysed the most productive countries, journals, authors and research institutions, as well as looking at the most common research areas, keywords and the most highly cited articles. We then looked at the trends in each country’s production finding that overall production is increasing as well as the number of countries contributing. We found that the countries of India, South Korea and USA are rising in their proportional contribution to the dataset whereas the established leader in production, China, is decreasing in dominance. Trends in keyword use showed that the proportion of research relating to Wireless Sensor Networks and RFID technology is decreasing, while the proportion of research into the area of IoT privacy is growing.
Samuel Grooby, Tooska Dargahi, Ali Dehghantanha

Towards Indeterminacy-Tolerant Access Control in IoT

The ultimate goal of any access control system is to assign precisely the necessary level of access (i.e., no more and no less) to each subject. Meeting this goal is challenging in an environment that is inherently scalable, heterogeneous and dynamic as the Internet of Things (IoT). This holds true as the volume, velocity and variety of data produced by wireless sensors, RFID tags and other enabling technologies in IoT introduce new challenges for data access. Traditional access control methods that rely on static, pre-defined access policies do not offer flexibility in dealing with the new challenges of the dynamic environment of IoT, which has been extensively studied in the relevant literature. This work, defines and studies the indeterminacy challenge for access control in the context of IoT, which to the best of our knowledge has not been studied in the relevant literature. The current access control models, even those that introduce some form of resiliency into the access decision process, cannot make a correct access decision in unpredicted scenarios, which are typically found in IoT due to its inherent characteristics that amplify indeterminacy. Therefore, this work stresses the need for a scalable, heterogeneous, and dynamic access control model that is able cope with indeterminate data access scenarios. To this end, this work proposes a conceptual framework for indeterminacy-tolerant access control in IoT.
Mohammad Heydari, Alexios Mylonas, Vasileios Katos, Dimitris Gritzalis

Private Cloud Storage Forensics: Seafile as a Case Study

Cloud storage forensics is an active research area, and this is unsurprising due to the increasing popularity of cloud storage services (e.g., Dropbox, Google Drive, and iCloud). Existing research generally focuses on public cloud forensics (e.g., client device forensics), rather than private cloud forensics (e.g., both client and server forensics). In this paper, we aim to address the gap by proposing a framework for forensics investigations of private cloud storage services. The proposed framework elaborates on procedures and artefact categories integral to the collection, preservation, analysis, and presentation of key evidential data from both client and server environments. Using the proposed framework to guide the investigation of Seafile, a popular open-source private cloud storage service, we demonstrate the types of client and server side artefacts that can be forensically recovered.
Yee-Yang Teing, Sajad Homayoun, Ali Dehghantanha, Kim-Kwang Raymond Choo, Reza M. Parizi, Mohammad Hammoudeh, Gregory Epiphaniou

Distributed Filesystem Forensics: Ceph as a Case Study

Cloud computing is becoming increasingly popular mainly because it offers more affordable technology and software solutions to start-ups and small and medium enterprises (SMEs). Depending on the business requirements there are various Cloud solution providers and services, yet because of this it becomes increasingly difficult for a digital investigator to collect and analyse all the relevant data when there is a need. Due to the complexity and increasing amounts of data, forensic investigation of Cloud is turning into a very complex and laborious endeavour. Ceph is a filesystem that provides a very high availability and data self-healing features, which ensure that data is always accessible without getting damaged or lost. Because of such features, Ceph is becoming a favourite file system for many cloud service providers. Hence, understanding the remnants of malicious users activities is become a priority in Ceph file system. In this paper, we are presenting residual evidences of users’ activities on Ceph file system on Linux Ubuntu 12.4 operating system and discuss the forensics relevance and importance of detected evidences. This research follows a well-known cloud forensics framework in collection, preservation and analysis of CephFS remnants on both client and server sides.
Krzysztof Nagrabski, Michael Hopkins, Milda Petraityte, Ali Dehghantanha, Reza M. Parizi, Gregory Epiphaniou, Mohammad Hammoudeh

Forensic Investigation of Cross Platform Massively Multiplayer Online Games: Minecraft as a Case Study

Minecraft, a Massively Multiplayer Online Game (MMOG), has reportedly millions of players from different age groups worldwide. With Minecraft being so popular, particularly with younger audiences, it is no surprise that the interactive nature of Minecraft has facilitated the commission of criminal activities such as denial of service attacks against gamers, cyberbullying, swatting, sexual communication, and online child grooming. In this research, we simulate the scenario of a typical Minecraft setting, using a Linux Ubuntu 16.04.3 machine, acting as the MMOG server, and client devices running Minecraft. Then, we forensically examine both server and client devices to reveal the type and extent of evidential artefacts that can be extracted.
Paul J. Taylor, Henry Mwiki, Ali Dehghantanha, Alex Akinbi, Kim-Kwang Raymond Choo, Mohammad Hammoudeh, Reza M. Parizi

Big Data Forensics: Hadoop Distributed File Systems as a Case Study

Big Data has fast become one of the most adopted computer paradigms within computer science and is considered an equally challenging paradigm for forensics investigators. The Hadoop Distributed File System (HDFS) is one of the most favourable big data platforms within the market, providing an unparalleled service with regards to parallel processing and data analytics. However, HDFS is not without its risks, having been reportedly targeted by cyber criminals as a means of stealing and exfiltrating confidential data. Using HDFS as a case study, we aim to detect remnants of malicious users’ activities within the HDFS environment. Our examination involves a thorough analysis of different areas of the HDFS environment, including a range of log files and disk images. Our experimental environment was comprised of a total of four virtual machines, all running Ubuntu. This HDFS research provides a thorough understanding of the types of forensically relevant artefacts that are likely to be found during a forensic investigation.
Mohammed Asim, Dean Richard McKinnel, Ali Dehghantanha, Reza M. Parizi, Mohammad Hammoudeh, Gregory Epiphaniou

Internet of Things Camera Identification Algorithm Based on Sensor Pattern Noise Using Color Filter Array and Wavelet Transform

The Internet of Things (IoT) is cutting-edge technology of recent decade and has influenced all aspects of our modern life. Its significance and wide-range applications necessitate imposing security and forensics techniques on IoT to obtain more reliability. Digital cameras are the noteworthy part of IoT that play a vital role in the variety of usages and this entails proposing forensic solutions to protect IoT and mitigate misapplication.
Identifying source camera of an image is an imperative subject in digital forensics. Noise characteristics of image, extraction of Sensor Pattern Noise (SPN) and its correlation with Photo Response Non-Uniformity (PRNU) has been employed in the majority of previously proposed methods. In this paper, a feature extraction method based on PRNU is proposed which provides features for classification with Support Vector Machine (SVM). The proposed method endeavours to separate more powerful signals which is linked to camera sensor pattern noise by identifying color filter array pattern. To overcome the computational complexity, the proposed method is boosted by utilizing wavelet transform plus reducing dimensions of the image by selecting the most important components of noise. Our experiments demonstrate that the proposed method outperforms in terms of accuracy and runtime.
Kimia Bolouri, Amin Azmoodeh, Ali Dehghantanha, Mohammad Firouzmand

Protecting IoT and ICS Platforms Against Advanced Persistent Threat Actors: Analysis of APT1, Silent Chollima and Molerats

One of the greatest threats to cyber security is the relatively recent increase in intrusion campaigns conducted by well trained, well-funded and patient adversaries. These groups are known as advanced persistent threats and they are a growing concern for governments and industries around the world. APTs may be backed by terrorist organisations, hacktivists or even nation state actors, conducting covert cyber-warfare against other countries. Due to the advanced capabilities of these groups, a non-targeted, catch-all defence strategy is unlikely to be successful. Instead, potential targets of APTs must be able to research and analyse previous attacks by the groups in order to tailor a cyber defence triage process based on the attacker’s modus operandi. In this paper we attempt to do just that using Diamond Model and kill chain analysis to craft a course of action matrix for three example APT groups.
Samuel Grooby, Tooska Dargahi, Ali Dehghantanha

Analysis of APT Actors Targeting IoT and Big Data Systems: Shell_Crew, NetTraveler, ProjectSauron, CopyKittens, Volatile Cedar and Transparent Tribe as a Case Study

Advanced Persistent Threats (APTs) can repeatedly threaten individuals, organisations and national targets, utilising varying tactics and methods to achieve their objectives. This study looks at six such threat groups, namely Shell_Crew, NetTraveler, ProjectSauron, CopyKittens, Volatile Cedar and Transparent Tribe, examines the methods used by each to traverse the cyber kill chain and highlights the array of capabilities that could be employed by adversary targets. Consideration for mitigation and active defence was then made with a view to preventing the effectiveness of the malicious campaigns. The study found that despite the complex nature of some adversaries, often straightforward methods could be employed at various levels in a networked environment to detract from the ability presented by some of the known threats.
Paul J. Taylor, Tooska Dargahi, Ali Dehghantanha

A Cyber Kill Chain Based Analysis of Remote Access Trojans

Computer networks and industrial systems are always under cyber threat and attack. Existing vulnerabilities in different parts of systems have given cyber attackers the opportunity to think about attacking, damaging or hindering the working process of important infrastructures of the country. Figuring out these threats and weak points which are used by malwares like Trojans, considering the evolution of used techniques for preventing identification and ways to identify, is a big challenge. Having a destructive hierarchy can help identification and risk mitigation strategies. In this paper, we have analyzed a hierarchy based on characteristics of remote-controlled malwares using 477 Trojans collected from real-world samples, using different methods of assessment. The carried out analysis used one of the popular models for identifying cyber threats named Cyber Kill Chain. We proposed a hierarchy based on dataset sample in different stage of malware lifecycle.
Reyhaneh HosseiniNejad, Hamed HaddadPajouh, Ali Dehghantanha, Reza M. Parizi

Evaluation and Application of Two Fuzzing Approaches for Security Testing of IoT Applications

The proliferation of Internet of Things (IoT) embedded with vulnerable software has raised serious doubts about security of IoT devices and networks. Enhancing fuzzing performance and efficiency to enable testing these software samples is a challenge. Fuzzing is an automated technique widely used to provide software quality assurance during testing to find flaws and bugs by providing random or invalid inputs to a computer software. However, the technique could take significant amount of time and effort to complete during the test phase of the software development lifecycle. Reducing the time required to fuzz a software will improve efficiency and productivity during the software testing phase to enable detailed analysis and fixing of bugs or flaws found in the computer program. There are a number of factors that influence the fuzzing technique, such as quality of test cases or invalid inputs used during the test and how these samples were collected or created. In this paper, we introduce a technique to leverage from the different crashes discovered from two fuzzing approaches to improve fuzzers by concentrating on utilised test cases. The code coverage is used as an efficiency metric to measure the test case on the tested software and to assess the quality of a given input. Different sample features were created and analysed to identify the most effective and efficient feature used as input for the fuzzer program to test the target software.
Omar M. K. Alhawi, Alex Akinbi, Ali Dehghantanha

Bibliometric Analysis on the Rise of Cloud Security

Cloud storage systems are becoming a gold mine for cyber attackers as they storage a lot of private and confidential information. Therefore, a lot of research is directed toward securing cloud platforms. Majority of cloud security related research or studies are emphasising on looking into prevention, detection, and mitigation methods against the threat in cloud computing. Although there are many research studies in this area, there are still no evidence of any bibliometric analysis on the cloud security context. This paper provides a bibliometric analysis of research development in cloud security from 2010 to 2018. A dataset of 656 academic papers are used for analysis in term of most productive countries, institutions, journals, authors, research areas, keywords, and also highly cited articles. We found that countries of China, India and United States are the top contributor of the findings. Trends in number of publication in the area of cloud security increases and the number of related keywords increases as well.
Lim Sze Thiam, Tooska Dargahi, Ali Dehghantanha

A Bibliometric Analysis of Botnet Detection Techniques

Botnets are rising as a platform for many unlawful cyber activities such as Distributed Denial of Service (DDoS) attacks, malware dissemination, phishing, click fraud, and so on. As of late, detecting botnet has been an intriguing research topic in relation to cybercrime analysis and cyber-threat prevention. This paper is an analysis of publications related to botnet detection techniques. We analyse 194 botnet related papers published between 2009 and 2018 in the ISI Web of Science database. Seven (7) criteria have been used for this analysis to detect highly-cited articles, most impactful journals, current research areas, most active researchers and institutions in the field. It was noted that the average number of publications related to botnet detection have been reduced recently, which could be because of overwhelming existing literature in the field. Asia is the most active and most productive continent in botnet research and computer science is the research area with most publications related to botnet detection as expected.
Shehu Amina, Raul Vera, Tooska Dargahi, Ali Dehghantanha

Security in Online Games: Current Implementations and Challenges

Security in online gaming is a growing target for hackers due to the amount of money involved in online gaming. Components are used in the security measures implemented for these games, but no single security component is 100% effective. Our research aims to investigate methods of game security and the components used in them, as well as the hacks used to exploit and circumvent online gaming security mechanisms. As a result, our study arrives to some interesting points, and outlines a number of recommendations and potential research directions. This, in turn, can pave the way for facilitating and empowering future research in this domain to assist game engineers and testers in security management.
Reza M. Parizi, Ali Dehghantanha, Kim-Kwang Raymond Choo, Mohammad Hammoudeh, Gregory Epiphaniou
Weitere Informationen

Premium Partner