Skip to main content

2021 | Buch

Security Incidents & Response Against Cyber Attacks

herausgegeben von: Akashdeep Bhardwaj, Varun Sapra

Verlag: Springer International Publishing

Buchreihe : EAI/Springer Innovations in Communication and Computing


Über dieses Buch

This book provides use case scenarios of machine learning, artificial intelligence, and real-time domains to supplement cyber security operations and proactively predict attacks and preempt cyber incidents. The authors discuss cybersecurity incident planning, starting from a draft response plan, to assigning responsibilities, to use of external experts, to equipping organization teams to address incidents, to preparing communication strategy and cyber insurance. They also discuss classifications and methods to detect cybersecurity incidents, how to organize the incident response team, how to conduct situational awareness, how to contain and eradicate incidents, and how to cleanup and recover. The book shares real-world experiences and knowledge from authors from academia and industry.


Chapter 1. Introduction to Security Incidents and Response Against Cyber Attacks
This introduction chapter presents the different concepts and context of the book. It explains how the pandemic has led to digital transformation and therefore a dramatic increase in security incidents and cyberattacks. How training to mitigate security incidents and cyberattacks has resulted in more hackers and cybercriminals being trained. To make matters worse, security incidents and cyberattacks are now being armed with technologies like Artificial Intelligence, which can easily outsmart human responses in trying to detect, mitigate, and counter attacks. Along the way, we have learnt a lot and developed ISO27000 standards, NIST 800 61 Incident Handling Guides, as well as local and regional Computer Security Incident Response Teams (CSIRT). A security incident or cyberattack takes place when there is an unauthorized access to an organization computer network. Computer Emergency Response Teams (CERT) and Computer Security Incident Response Teams (CSIRT) are usually responsible for attending to security incidents and cyberattacks at the organizational, national, and regional level. It is important that actual or suspected security incidents be reported as early as possible so that organizations can limit the damage and cost of recovery.
Sam Goundar
Chapter 2. By Failing to Prepare, You Are Preparing to Fail
This chapter addresses the critical need to be prepared to respond to incidents and events that may cause a business disruption. It includes benign activity like policy and procedure development and the active activities like training, awareness, drills, solutions, automation, and more—small components that make up the whole in respect of the domain of Incident Response and Management, as part of the Cyber Security Management System in an organization. Unfortunately, organizations do not provision for establishing a separate IR/IM function and this is a weakness in the overall management system. Options are available to outsource IR/IM expertise and the Security office must exercise diligence when seeking to contract the function. The author will provide guidance to setup as well as pointers to remember if taking the outsourcing route. Nothing underscores the importance of planning and preparing as the saying “By failing to prepare, you are preparing to fall.”
Dinesh O. Bareja
Chapter 3. Design of Block-Chain Polynomial Digests for Secure Message Authentication
The advent of the internet and cloud solutions have completely transformed the conventional storage and retrieval mechanisms. In modern computing, the data are not under the manual control of the owner. This demands radical solutions to be incorporated for this model to address the integrity violations of the remote data. This chapter attempts to perform the functional analysis of standard digest functions and it proposes an idea for the design of a block-chain based 512-bit digest function using polynomials. Besides, this chapter attempts to examine the erratic behavior of the proposed design through the avalanche response, near-collision response, and statistical analysis of confusion and diffusion. The result proves the response of the proposed design is random and also the proposed design meets the strict avalanche criteria. Therefore, the block-chain based polynomial digest could be considered as an alternative for the contemporary digest function in the perspective of security.
P. Karthik, P. Shanthi Bala, R. Sunitha
Chapter 4. Collaborative Approaches for Security of Cloud and Knowledge Management Systems: Benefits and Risks
Cloud Computing pattern is becoming more and more trendy, due to the enormous decrease in the time, cost, and effort to conversation software program development needs. A knowledge management approach is highly utilized in enterprises in appliances such as intelligence methods, employment authority, supercomputer learning, in the public domain, protection, and conventional administration. Knowledge management remains believed towards remaining a few of these categories issues parts. To identify, develop, describe, repository, or disseminate knowledge, the existing devices, the equipment, or techniques that must not be stayed knowledgeable to achieve something the agreement needs the intended used for growth. This study article explores the innumerable characteristics similar to clarifications used aimed at the benefits and consequences of applying cloud computing in knowledge management systems, presenting the greatest degree of security applied to the knowledge management enterprise is a challenging that realizes exactly how to be resolved by applying cloud computing. Furthermore, cloud computing is competent to maintain knowledge management ahead and all around simultaneously with technology.
N. Jayashri, K. Kalaiselvi
Chapter 5. Exploring Potential of Transfer Deep Learning for Malicious Android Applications Detection
Mal Image represents any type of malicious executable (Windows files, APKs) for using image-based features for building classifiers. In recent years, Mal Image-based malware classification is getting attention, which provides a new approach to malware research and addresses some of the bottlenecks of traditional approaches. With the advancement in computing capacities in recent years, neural network research has gained tremendous attention. As a result, deep learning-based image classification techniques report very high accuracy for different classification tasks such as face detection and recognition, object identification, etc. In this proposed work, the authors have combined these two evolving techniques to improve android malware detection. For this chapter, the research involved experiments with transfer learning techniques under deep learning models and android malware detection techniques. The experimental result of various pre-trained models in terms of accuracy is in the range of 75–80%, but this technique can overcome bottlenecks such as analysis obstacles and obfuscation of traditional methods.
Mohammed Alshehri
Chapter 6. Exploring and Analysing Surface, Deep, Dark Web and Attacks
Data is termed as huge asset in today’s World. In this paper, an introduction to WWW, classification of different kinds of web, i.e. surface web, deep web and dark web is discussed along with differences among them. Trending research on deep and dark web is discussed focusing on benefits of deep web. The significance of searching deep web data underneath the surface web aids in getting access to gigantic data as 96% of data is hidden inside the deep web and it is freely available. TOR is a tool to access the deep data and how this works along with its benefits are deliberated and is the objective of this chapter. Deep web accessing method is described in detail with suitable examples. Ongoing research in deep web is discussed and later, attacks faced by the deep web and how cyber criminals use the dark web is emphasized. An overview of web, types of web and how it works is discussed focusing on surface web, deep web and dark web. Distinguish characteristics between deep and dark web are portrayed well with suitable examples. Attacks faced by the deep web are explained and the need to secure individuals system when accessing data hidden deeply inside the web and necessary measures to be considered are discussed.
Jabeen Sultana, Abdul Khader Jilani
Chapter 7. Securing ERP Cyber Systems by Preventing Holistic Industrial Intrusion
ERP systems can be defined as the software designed for ensuring the smooth, accurate and fast business processes of any enterprise ranging from small scale to large businesses. The business process could be any area of the enterprise, namely, human resource management, supply chain management, payables management, receivable management, asset management, or customer relationship management. ERPs are connected to internet and intranet, thus, security of the ERP has become a concern for large organizations. The situation is becoming more intense after the introduction of IOT wherein organizations connect multiple devices linked to the network to control various aspects of the business. Moving to connected IP systems not only provides the automation because existing systems require expensive maintenance and are complex. ERP systems are proprietary software, which were made to be used inside the four walls of enterprise, and are more prone to cyberattacks.
Sunil Kaushik
Chapter 8. Infrastructure Design to Secure Cloud Environments Against DDoS-Based Attacks
The worldwide infrastructure facilitator for corporations and home customers today is cloud computing. Cloud infrastructure provides infinite consistency in the computing power, storage, and network bandwidth in order for them to satisfy the demands of operation in an optimal manner. Cloud computing allows technology firms, internet suppliers, and home consumers to consistently minimize investments and implementation expenditures. Increased use of cloud-based technology by multinational businesses located in offices, remote areas, and home users was also motivated by the proximity to fast speed connectivity and internet access.
This chapter focuses on the creation of a detailed and stable networking architecture to minimize the attacks on hybrid clouds by the distributed denial of service. The writers first published an investigation into cybersecurity problems and the effect on cloud environments. The authors analyzed the study of cloud infrastructure, denial of service, and malware identification and mitigation methods released between January 2010 and December 2020. Current strategies to prevent distributed service denial attacks were tested by the authors. The authors then developed and introduced a stable framework for networks that mitigates distributed service denial attacks on hybrid cloud environments. The proposed infrastructures and the findings contrasted with the single data center architectural architecture were carried out at the network- and device-level assaults. This chapter further discusses future study directions.
Akashdeep Bhardwaj, Sam Goundar, Luxmi Sapra
Chapter 9. Classifying Cyberattacks Amid Covid-19 Using Support Vector Machine
Internet plays dominant role amid Covid-19 pandemic as to meet day-to-day activities. As education system, financial transactions, businesses, and social gatherings started to function in online mode, leading to tremendous use of networks peaked to the level of cyberattacks. Simultaneously, the thirst for finding the data related to Covid-19 in order to take necessary precautions gave rise to huge risk of cyberattacks by browsing Covid-19 related websites, apps and falling into the trap of attackers risking the systems security. This research work considers the tweets related to cyberattacks and classifies using machine learning techniques and analyzes the impact of this pandemic. It was observed that support vector machine yielded high accuracy of 94% in classifying Covid-19, followed by decision tree with accuracy of 88% among other classifiers. The results were evaluated on different metrics like error rate, precision recall, and F-Score. SVM yielded high results among all.
Jabeen Sultana, Abdul Khader Jilani
Chapter 10. Cybersecurity Incident Response Against Advanced Persistent Threats (APTs)
Recent technological innovations and new age computing models in IT infrastructure have provided faster bandwidth speeds, cloud computing, mobile computing and virtualization have virtually melted the boundaries between traditional on premise and internet based enterprise security perimeter. This has created a data-rich digital era, which is in fact an excellent opportunity for hackers and threat vectors leading to cybercrime. In fact, cybercrime has been progressing at the highest pace in last few years. Advanced Persistent Threat or APT is a highly sophisticated threat. Initially, such attacks focused and targeted government, state, or financial institutions only. However, recent breach reports and studies have started to indicate the trend of APT involving wider domains. This chapter takes a critical look at the impact and incidents due to advanced persistent threats and the advanced evasion techniques for packing, encryption, and behavior obfuscation during APT attacks to hide their malicious behavior and evade detection.
Akashdeep Bhardwaj
Chapter 11. IoT Architecture Vulnerabilities and Security Measures
Human as the most intelligent and skillful creature never ends its quench to find easy, smart and efficient solutions to the emerging problems with the help of growing technology. IoT is one such computing and infrastructural paradigm which integrates many other technologies within it to deduce the smart and intelligent mechanisms to perform tasks in varying arenas whether it’s day-to-day activities or in a problematic oriented activities such as health diagnosis, natural calamities, military applications, education, research, transportation, inventory, agriculture, energy harvesting, forestry, communication, and entertainment. Even though these all are majorly handled by smart and intelligent devices, the major concern that surfaces out is the security and maintenance of these devices which are susceptible to malicious networks. This chapter focuses on all the aspects of security concerns related to the IoT environment and its devices.
Gaytri Bakshi
Chapter 12. Authentication Attacks
Internet is known as an amazing stage that changes the manner in which we impart and perform business exchanges in current technology. It has now contacted each part of our lives alongside developing of fresher security dangers, prepared to set out towards the journey of destructions. Transmitted information level is turning out to be progressively significant particularly as associations that used to just be completed offline, for example, bank and business trades are presently being done online as Internet banking and electronic business trades, and harms because of such assaults will be more prominent. As expanding measures of individual information are surfacing on the Web, it is basic to stay careful about the dangers encompassing the ease with which our private details can be accessed and exploited. This is where terms like authentication come into picture.
Ankit Vishnoi
Correction to: Security Incidents & Response Against Cyber Attacks
Akashdeep Bhardwaj, Varun Sapra
Security Incidents & Response Against Cyber Attacks
herausgegeben von
Akashdeep Bhardwaj
Varun Sapra
Springer International Publishing
Electronic ISBN
Print ISBN