Your search keyword '"cyber attack"' showing total 23 results

1. Understanding and Classifying Permanent Denial-of-Service Attacks

Author

Stanislav Abaimov

Subjects

cyber attack, denial of service, exploit, Technology (General), T1-995

Abstract

In the evolving landscape of cybersecurity threats, permanent denial-of-service (PDoS) attacks have emerged as a particularly damaging form of cyber aggression. Unlike the more well-known denial-of-service (DoS) attacks, which disrupt services temporarily, PDoS attacks aim to inflict irreversible damage to systems, often resulting in significant system overhauls and requiring hardware replacement. To enable the development of effective security measures, but also to address the knowledge gaps, this paper presents an in-depth exploration of PDoS attacks, emphasizing their distinguishing characteristics, underlying mechanisms, and potential further development. Through a comprehensive case study, this research highlights diverse tactics and strategies employed by attackers, from targeting IoT devices to manipulating boot processes and exploiting firmware vulnerabilities. A novel classification of PDoS attack vectors is proposed that also explains the ways in which the systems can be compromised. The findings confirm the pressing need for adaptive and robust defense mechanisms to mitigate the threats posed by PDoS attacks in our interconnected digital world.

Published

2024

2. Security Control of Cyber–Physical Systems under Cyber Attacks: A Survey

Author

Wei Xing and Jun Shen

Subjects

cyber–physical system, cyber attack, security control, Chemical technology, TP1-1185

Abstract

Cyber–physical systems (CPSs), which combine computer science, control systems, and physical elements, have become essential in modern industrial and societal contexts. However, their extensive integration presents increasing security challenges, particularly due to recurring cyber attacks. Therefore, it is crucial to explore CPS security control. In this review, we systematically examine the prevalent cyber attacks affecting CPSs, such as denial of service, false data injection, and replay attacks, explaining their impacts on CPSs’ operation and integrity, as well as summarizing classic attack detection methods. Regarding CPSs’ security control approaches, we comprehensively outline protective strategies and technologies, including event-triggered control, switching control, predictive control, and optimal control. These approaches aim to effectively counter various cyber threats and strengthen CPSs’ security and resilience. Lastly, we anticipate future advancements in CPS security control, envisioning strategies to address emerging cyber risks and innovations in intelligent security control techniques.

Published

2024

3. Improved Gorilla Troops Optimizer-Based Fuzzy PD-(1+PI) Controller for Frequency Regulation of Smart Grid under Symmetry and Cyber Attacks

Author

Rajivgandhi Pachaiyappan, Elankurisil Arasan, and Kannan Chandrasekaran

Subjects

gorilla troops optimizer, smart grid, frequency control, fuzzy PD-(1+PI) controller, cyber attack, Mathematics, QA1-939

Abstract

In a smart grid (SG) system with load uncertainties and the integration of variable solar and wind energies, an effective frequency control strategy is necessary for generation and load balancing. Cyberattacks are emerging threats, and SG systems are typical cyber-attack targets. This work suggests an improved gorilla troops optimizer (iGTO)-based fuzzy PD-(1+PI) (FPD-(1+PI)) structure for the frequency control of an SG system. The SG contains a diesel engine generator (DEG), renewable sources like wind turbine generators(WTGs), solar photovoltaic (PV), and storage elements such as flywheel energy storage systems (FESSs) and battery energy storage systems (BESSs) in conjunction with electric vehicles (EVs). Initially, the dominance of the projected iGTO over the gorilla troops optimizer (GTO) and some recently suggested optimization algorithms are demonstrated by considering benchmark test functions. In the next step, a traditional PID controller is used, and the efficacy of the GTO method is compared with that of the GTO, particle swarm optimization (PSO), and genetic algorithm (GA) methods. In the next stage, the superiority of the proposed FPD-(1+PI) structure over fuzzy PID (FPID) and PID structures is demonstrated under various symmetry operating conditions as well as under different cyberattacks, leading to a denial of service (DoS) and delay in signal transmission.

Published

2023

4. Impact, Vulnerabilities, and Mitigation Strategies for Cyber-Secure Critical Infrastructure

Author

Hugo Riggs, Shahid Tufail, Imtiaz Parvez, Mohd Tariq, Mohammed Aquib Khan, Asham Amir, Kedari Vineetha Vuda, and Arif I. Sarwat

Subjects

computer networks, cyber attack, signal detection, machine learning, smart grid, Chemical technology, TP1-1185

Abstract

Several critical infrastructures are integrating information technology into their operations, and as a result, the cyber attack surface extends over a broad range of these infrastructures. Cyber attacks have been a serious problem for industries since the early 2000s, causing significant interruptions to their ability to produce goods or offer services to their clients. The thriving cybercrime economy encompasses money laundering, black markets, and attacks on cyber-physical systems that result in service disruptions. Furthermore, extensive data breaches have compromised the personally identifiable information of millions of people. This paper aims to summarize some of the major cyber attacks that have occurred in the past 20 years against critical infrastructures. These data are gathered in order to analyze the types of cyber attacks, their consequences, vulnerabilities, as well as the victims and attackers. Cybersecurity standards and tools are tabulated in this paper in order to address this issue. This paper also provides an estimate of the number of major cyber attacks that will occur on critical infrastructure in the future. This estimate predicts a significant increase in such incidents worldwide over the next five years. Based on the study’s findings, it is estimated that over the next 5 years, 1100 major cyber attacks will occur on critical infrastructures worldwide, each causing more than USD 1 million in damages.

Published

2023

5. Ensuring SDN Resilience under the Influence of Cyber Attacks: Combining Methods of Topological Transformation of Stochastic Networks, Markov Processes, and Neural Networks

Author

Igor Kotenko, Igor Saenko, Andrey Privalov, and Oleg Lauta

Subjects

cyber attack, resilience, software-defined network, Markov process, correct action coefficient, method of topological transformation of stochastic networks, Technology

Abstract

The article proposes an approach to ensuring the functioning of Software-Defined Networks (SDN) in cyber attack conditions based on the analytical modeling of cyber attacks using the method of topological transformation of stochastic networks. Unlike other well-known approaches, the proposed approach combines the SDN resilience assessment based on analytical modeling and the SDN state monitoring based on a neural network. The mathematical foundations of this assessment are considered, which make it possible to calculate the resilience indicators of SDN using analytical expressions. As the main indicator, it is proposed to use the correct operation coefficient for the resilience of SDN. The approach under consideration involves the development of verbal models of cyber attacks, followed by the construction of their analytical models. In order to build analytical models of cyber attacks, the method of topological transformation of stochastic networks (TTSN) is used. To obtain initial data in the simulation, the SDN simulation bench was justified and deployed in the EVE-NG (Emulated Virtual Environment Next Generation) virtual environment. The result of the simulation is the time distribution function and the average time for the cyber attack implementation. These results are then used to evaluate the SDN resilience indicators, which are found by using the Markov processes theory. In order to ensure the resilience of the SDN functioning, the article substantiates an algorithm for monitoring the state of controllers and their automatic restructuring, built on the basis of a neural network. When one is choosing a neural network, a comparative evaluation of the convolutional neural network and the LSTM neural network is carried out. The experimental results of analytical modeling and simulation are presented and their comparative evaluation is carried out, which showed that the proposed approach has a sufficiently high accuracy, completeness of the obtained solutions and it took a short time to obtain the result.

Published

2023

6. A Network Intrusion Detection Method Incorporating Bayesian Attack Graph and Incremental Learning Part

Author

Kongpei Wu, Huiqin Qu, and Conggui Huang

Subjects

Bayesian attack graph, cyber attack, XGBoost, intrusion detection, IL, Information technology, T58.5-58.64

Abstract

For the current stage of complex and changing network environments and correlated and synchronized vulnerability attacks, this study first fuses attack graph technology and Bayesian networks and constructs Bayesian attack graphs toportray the correlation relationships between vulnerabilities and discovering attackers’ intentions. Meanwhile, improving the Bayesian attack graph is difficult because it is difficult to achieve active updates and adapt to the changing network environment and other problems. The study proposed a detection method that integrated the Bayesian attack graph and the XGBoost incremental learning (IL) approach. Experiments showed that the IL model had an accuracy of 0.951, an accuracy of 0.999, a recall of 0.815, an F1 value of 0.898, and an Area Under Curve (AUC) value of 0.907. The prediction ability of this method was better than that of the base model. Bayesian attack graphs fused with IL can detect attacks in the network more efficiently and accurately, so the probability of each node in the network system being attacked can be updated in real time.

Published

2023

7. ATC Level Tactical Manoeuvring during Descent for Mitigating Impact of ADS-B Message Injection Cyber Attack

Author

Mohd Ruzeiny Kamaruzzaman, Mohammad Delwar Hossain, Yuzo Taenaka, and Youki Kadobayashi

Subjects

air traffic control, cyber attack, message injection, ghost aircraft, tactical manoeuvring, impact mitigation, Engineering machinery, tools, and implements, TA213-215

Abstract

To reduce delays caused by an ADS-B Message Injection attack, we propose an Air Traffic Control (ATC) level tactical manoeuvring framework for maintaining safe flight trajectories while reducing diversion from the original trajectory during the descent phase. This framework is formed based on three key elements: a high impact attack scenario, the consideration of the standard ATC incidence response, and safety manoeuvring with reduced diversion for the affected aircraft. Simulation results showed that the tactical manoeuvring records a faster time to return to the original path prior to the attack incident compared to a conventional simplified safe diversion instructed by the ATC.

Published

2022

8. Network Meddling Detection Using Machine Learning Empowered with Blockchain Technology

Author

Muhammad Umar Nasir, Safiullah Khan, Shahid Mehmood, Muhammad Adnan Khan, Muhammad Zubair, and Seong Oun Hwang

Subjects

machine learning, network security, meddling detection, cyber attack, Chemical technology, TP1-1185

Abstract

The study presents a framework to analyze and detect meddling in real-time network data and identify numerous meddling patterns that may be harmful to various communication means, academic institutes, and other industries. The major challenge was to develop a non-faulty framework to detect meddling (to overcome the traditional ways). With the development of machine learning technology, detecting and stopping the meddling process in the early stages is much easier. In this study, the proposed framework uses numerous data collection and processing techniques and machine learning techniques to train the meddling data and detect anomalies. The proposed framework uses support vector machine (SVM) and K-nearest neighbor (KNN) machine learning algorithms to detect the meddling in a network entangled with blockchain technology to ensure the privacy and protection of models as well as communication data. SVM achieves the highest training detection accuracy (DA) and misclassification rate (MCR) of 99.59% and 0.41%, respectively, and SVM achieves the highest-testing DA and MCR of 99.05% and 0.95%, respectively. The presented framework portrays the best meddling detection results, which are very helpful for various communication and transaction processes.

Published

2022

9. Research on Network Attack Traffic Detection HybridAlgorithm Based on UMAP-RF

Author

Xiaoyu Du, Cheng Cheng, Yujing Wang, and Zhijie Han

Subjects

internet, cyber attack, random forest, UMAP, machine learning, Industrial engineering. Management engineering, T55.4-60.8, Electronic computers. Computer science, QA75.5-76.95

Abstract

Network attack traffic detection plays a crucial role in protecting network operations and services. To accurately detect malicious traffic on the internet, this paper designs a hybrid algorithm UMAP-RF for both binary and multiclassification network attack detection tasks. First, the network traffic data are dimensioned down with UMAP algorithm. The random forest algorithm is improved based on parameter optimization, and the improved random forest algorithm is used to classify the network traffic data, distinguishing normal data from abnormal data and classifying nine different types of network attacks from the abnormal data. Experimental results on the UNSW-NB15 dataset, which are significant improvements compared to traditional machine-learning methods, show that the UMAP-RF hybrid model can perform network attack traffic detection effectively, with accuracy and recall rates of 92.6% and 91%, respectively.

Published

2022

10. GridAttackAnalyzer: A Cyber Attack Analysis Framework for Smart Grids

Author

Tan Duy Le, Mengmeng Ge, Adnan Anwar, Seng W. Loke, Razvan Beuran, Robin Doss, and Yasuo Tan

Subjects

smart grid, cybersecurity, cyber attack, vulnerability, graphical security modeling, attack graph, Chemical technology, TP1-1185

Abstract

The smart grid is one of the core technologies that enable sustainable economic and social developments. In recent years, various cyber attacks have targeted smart grid systems, which have led to severe, harmful consequences. It would be challenging to build a real smart grid system for cybersecurity experimentation and validation purposes. Hence, analytical techniques, with simulations, can be considered as a practical solution to make smart grid cybersecurity experimentation possible. This paper first provides a literature review on the current state-of-the-art in smart grid attack analysis. We then apply graphical security modeling techniques to design and implement a Cyber Attack Analysis Framework for Smart Grids, named GridAttackAnalyzer. A case study with various attack scenarios involving Internet of Things (IoT) devices is conducted to validate the proposed framework and demonstrate its use. The functionality and user evaluations of GridAttackAnalyzer are also carried out, and the evaluation results show that users have a satisfying experience with the usability of GridAttackAnalyzer. Our modular and extensible framework can serve multiple purposes for research, cybersecurity training, and security evaluation in smart grids.

Published

2022

11. Attack Categorisation for IoT Applications in Critical Infrastructures, a Survey

Author

Edward Staddon, Valeria Loscri, and Nathalie Mitton

Subjects

cyber attack, attack categorisation, cyber security, IoT, critical infrastructures, challenges, Technology, Engineering (General). Civil engineering (General), TA1-2040, Biology (General), QH301-705.5, Physics, QC1-999, Chemistry, QD1-999

Abstract

With the ever advancing expansion of the Internet of Things (IoT) into our everyday lives, the number of attack possibilities increases. Furthermore, with the incorporation of the IoT into Critical Infrastructure (CI) hardware and applications, the protection of not only the systems but the citizens themselves has become paramount. To do so, specialists must be able to gain a foothold in the ongoing cyber attack war-zone. By organising the various attacks against their systems, these specialists can not only gain a quick overview of what they might expect but also gain knowledge into the specifications of the attacks based on the categorisation method used. This paper presents a glimpse into the area of IoT Critical Infrastructure security as well as an overview and analysis of attack categorisation methodologies in the context of wireless IoT-based Critical Infrastructure applications. We believe this can be a guide to aid further researchers in their choice of adapted categorisation approaches. Indeed, adapting appropriated categorisation leads to a quicker attack detection, identification, and recovery. It is, thus, paramount to have a clear vision of the threat landscapes of a specific system.

Published

2021

12. Threat Defense: Cyber Deception Approach and Education for Resilience in Hybrid Threats Model

Author

William Steingartner, Darko Galinec, and Andrija Kozina

Subjects

cyber attack, cyber deception, cyber threats, hybrid threats model, resilience, Mathematics, QA1-939

Abstract

This paper aims to explore the cyber-deception-based approach and to design a novel conceptual model of hybrid threats that includes deception methods. Security programs primarily focus on prevention-based strategies aimed at stopping attackers from getting into the network. These programs attempt to use hardened perimeters and endpoint defenses by recognizing and blocking malicious activities to detect and stop attackers before they can get in. Most organizations implement such a strategy by fortifying their networks with defense-in-depth through layered prevention controls. Detection controls are usually placed to augment prevention at the perimeter, and not as consistently deployed for in-network threat detection. This architecture leaves detection gaps that are difficult to fill with existing security controls not specifically designed for that role. Rather than using prevention alone, a strategy that attackers have consistently succeeded against, defenders are adopting a more balanced strategy that includes detection and response. Most organizations deploy an intrusion detection system (IDS) or next-generation firewall that picks up known attacks or attempts to pattern match for identification. Other detection tools use monitoring, traffic, or behavioral analysis. These reactive defenses are designed to detect once they are attacked yet often fail. They also have some limitations because they are not designed to catch credential harvesting or attacks based on what appears as authorized access. They are also often seen as complex and prone to false positives, adding to analyst alert fatigue. The security industry has focused recent innovation on finding more accurate ways to recognize malicious activity with technologies such as user and entity behavioral analytics (UEBA), big data, artificial intelligence (AI), and deception.

Published

2021

13. Cyber Attack Detection Scheme for a Load Frequency Control System Based on Dual-Source Data of Compromised Variables

Author

Wenjun Bi, Kaifeng Zhang, and Chunyu Chen

Subjects

load frequency control (LFC), cyber attack, Siamese network, attack detection scheme, unknown input observer, Technology, Engineering (General). Civil engineering (General), TA1-2040, Biology (General), QH301-705.5, Physics, QC1-999, Chemistry, QD1-999

Abstract

Cyber attacks bring key challenges to the system reliability of load frequency control (LFC) systems. Attackers can compromise the measured data of critical variables of the LFC system, making the data received by the defender unreliable and resulting in system frequency fluctuation or even collapse. In this paper, to detect potential attacks on measured data, we propose a novel attack detection scheme using the dual-source data (DSD) of compromised variables. First, we study the characteristics of the compromised LFC system considering potentially vulnerable variables and different types of attack templates. Second, by designing a variable observer, the relationship between the known security variables and the variables which are at risk of being compromised in the LFC system is established. The features of the data obtained by the observer can reflect those of the true data. Third, a Siamese network (SN) is designed to quantify the distance between the characteristics of measured data and that of observed data. Finally, an attack detection scheme is designed by analyzing the similarity of the DSD. Simulation results verify the feasibility of the detection scheme studied in this paper.

Published

2021

14. The Spatial Analysis of the Malicious Uniform Resource Locators (URLs): 2016 Dataset Case Study

Author

Raid W. Amin, Hakki Erhan Sevil, Salih Kocak, Guillermo Francia, and Philip Hoover

Subjects

cyber attack, spatial analysis, Uniform Resource Locators (URLs), phishing, malware, spam, Information technology, T58.5-58.64

Abstract

In this study, we aimed to identify spatial clusters of countries with high rates of cyber attacks directed at other countries. The cyber attack dataset was obtained from Canadian Institute for Cybersecurity, with over 110,000 Uniform Resource Locators (URLs), which were classified into one of 5 categories: benign, phishing, malware, spam, or defacement. The disease surveillance software SaTScanTM was used to perform a spatial analysis of the country of origin for each cyber attack. It allowed the identification of spatial and space-time clusters of locations with unusually high counts or rates of cyber attacks. Number of internet users per country obtained from the 2016 CIA World Factbook was used as the population baseline for computing rates and Poisson analysis in SaTScanTM. The clusters were tested for significance with a Monte Carlo study within SaTScanTM, where any cluster with p < 0.05 was designated as a significant cyber attack cluster. Results using the rate of the different types of malicious URL cyber attacks are presented in this paper. This novel approach of studying cyber attacks from a spatial perspective provides an invaluable relative risk assessment for each type of cyber attack that originated from a particular country.

Published

2020

15. Early-Stage Detection of Cyber Attacks

Author

Martina Pivarníková, Pavol Sokol, and Tomáš Bajtoš

Subjects

cyber attack, attack prediction, attack projection, early-stage detection, Bayesian network, Information technology, T58.5-58.64

Abstract

Nowadays, systems around the world face many cyber attacks every day. These attacks consist of numerous steps that may occur over an extended period of time. We can learn from them and use this knowledge to create tools to predict and prevent the attacks. In this paper, we introduce a way to sort cyber attacks in stages, which can help with the detection of each stage of cyber attacks. In this way, we can detect the earlier stages of the attack. We propose a solution using Bayesian network algorithms to predict how the attacks proceed. We can use this information for more effective defense against cyber threats.

Published

2020

16. Cyber Attack Prevention Based on Evolutionary Cybernetics Approach

Author

Dmitry Zegzhda, Daria Lavrova, Evgeny Pavlenko, and Anna Shtyrkina

Subjects

information security, cyber–physical systems, cyber attack, evolutionary cybernetics, self-regulation, graph theory, Mathematics, QA1-939

Abstract

The paper looks at the problem of cybersecurity in modern cyber–physical systems and proposes an evolutionary model approach to counteract cyber attacks by self-regulating the structure of the system, as well as several evolutionary indicators to assess the state of the system. The application of evolutionary models makes it possible to describe the regularities of systems behavior and their technical development, which is especially important regarding cyber attacks, which are the cause of a discontinuous evolution of complex systems. A practical example describes a system behavior during attacks and the self-regulation of its structure. The methodological approach consists of using evolutionary models to describe how modern cyber–physical systems can counteract cyber attacks and evolve, building on the experience of past security incidents. The main conclusions and recommendations are presented in the Discussion section, and they consist of the fact that using an evolutionary approach will not only increase the security of cyber–physical systems, but also define the principles of building systems that are resistant to cyber attacks.

Published

2020

17. Attacker Behaviour Forecasting Using Methods of Intelligent Data Analysis: A Comparative Review and Prospects

Author

Elena Doynikova, Evgenia Novikova, and Igor Kotenko

Subjects

cyber attack, attacker, attacker profile, attacker behaviour, metrics, features, attributes, intelligent data analysis, attack forecasting, comparative review, Information technology, T58.5-58.64

Abstract

Early detection of the security incidents and correct forecasting of the attack development is the basis for the efficient and timely response to cyber threats. The development of the attack depends on future steps available to the attackers, their goals, and their motivation—that is, the attacker “profile” that defines the malefactor behaviour in the system. Usually, the “attacker profile” is a set of attacker’s attributes—both inner such as motives and skills, and external such as existing financial support and tools used. The definition of the attacker’s profile allows determining the type of the malefactor and the complexity of the countermeasures, and may significantly simplify the attacker attribution process when investigating security incidents. The goal of the paper is to analyze existing techniques of the attacker’s behaviour, the attacker’ profile specifications, and their application for the forecasting of the attack future steps. The implemented analysis allowed outlining the main advantages and limitations of the approaches to attack forecasting and attacker’s profile constructing, existing challenges, and prospects in the area. The approach for attack forecasting implementation is suggested that specifies further research steps and is the basis for the development of an attacker behaviour forecasting technique.

Published

2020

18. Hierarchical Multi-Stage Cyber Attack Scenario Modeling Based on G&E Model for Cyber Risk Simulation Analysis

Author

Myung Kil Ahn, Yong Hyun Kim, and Jung-Ryun Lee

Subjects

cyber attack, attack modeling, cyber risk simulation, tactical network, network security, Technology, Engineering (General). Civil engineering (General), TA1-2040, Biology (General), QH301-705.5, Physics, QC1-999, Chemistry, QD1-999

Abstract

With the advancement in cyber-defense capabilities, cyber attacks have continued to evolve like living creatures to breach security. Assuming the possibility of various enemy attacks, it is necessary to select an appropriate course of action by proactively analyzing and predicting the consequences of a particular security event. Cyber attacks, especially in large-scale military network environments, have a fatal effect on security; therefore, various experiments and analyses must be conducted to establish the necessary preparations. Herein, we propose a hierarchical multi-stage cyber attack scenario modeling based on the goal and effect (G&E) model and analysis system, which enables expression of various goals of attack and damage effects without being limited to specific type. The proposed method is applicable to large-scale networks and can be utilized in various scenario-based cyber combat experiments.

Published

2020

19. Detection and Modeling of Cyber Attacks with Petri Nets

Author

Bartosz Jasiul, Marcin Szpyrka, and Joanna Śliwa

Subjects

malware, cyber attack, colored Petri net, malware detection, behavioral analysis, Science, Astrophysics, QB460-466, Physics, QC1-999

Abstract

The aim of this article is to present an approach to develop and verify a method of formal modeling of cyber threats directed at computer systems. Moreover, the goal is to prove that the method enables one to create models resembling the behavior of malware that support the detection process of selected cyber attacks and facilitate the application of countermeasures. The most common cyber threats targeting end users and terminals are caused by malicious software, called malware. The malware detection process can be performed either by matching their digital signatures or analyzing their behavioral models. As the obfuscation techniques make the malware almost undetectable, the classic signature-based anti-virus tools must be supported with behavioral analysis. The proposed approach to modeling of malware behavior is based on colored Petri nets. This article is addressed to cyber defense researchers, security architects and developers solving up-to-date problems regarding the detection and prevention of advanced persistent threats.

Published

2014

20. CNA Tactics and Techniques: A Structure Proposal

Author

Hector Marco-Gisbert, Antonio Villalón-Huerta, and Ismael Ripoll-Ripoll

Subjects

Control and Optimization, Intelligence gathering, TTP, Computer Networks and Communications, Computer science, Control (management), 09.- Desarrollar infraestructuras resilientes, promover la industrialización inclusiva y sostenible, y fomentar la innovación, 02 engineering and technology, Computer security, computer.software_genre, lcsh:Technology, 0202 electrical engineering, electronic engineering, information engineering, Computer network attack, Instrumentation, Structure (mathematical logic), lcsh:T, 11.- Conseguir que las ciudades y los asentamientos humanos sean inclusivos, seguros, resilientes y sostenibles, Cyber-physical system, 020206 networking & telecommunications, CNA, IO, Cyber attack, Techniques, ARQUITECTURA Y TECNOLOGIA DE COMPUTADORES, 16.- Promover sociedades pacíficas e inclusivas para el desarrollo sostenible, facilitar acceso a la justicia para todos y crear instituciones eficaces, responsables e inclusivas a todos los niveles, Information operations, Information Operations, Cyber-attack, 020201 artificial intelligence & image processing, computer, Tactics

Abstract

Destructive and control operations are today a major threat for cyber physical systems. These operations, known as Computer Network Attack (CNA), and usually linked to state-sponsored actors, are much less analyzed than Computer Network Exploitation activities (CNE), those related to intelligence gathering. While in CNE operations the main tactics and techniques are defined and well structured, in CNA there is a lack of such consensuated approaches. This situation hinders the modeling of threat actors, which prevents an accurate definition of control to identify and to neutralize malicious activities. In this paper, we propose the first global approach for CNA operations that can be used to map real-world activities. The proposal significantly reduces the amount of effort need to identify, analyze, and neutralize advanced threat actors targeting cyber physical systems. It follows a logical structure that can be easy to expand and adapt.

Published

2021

21. The Spatial Analysis of the Malicious Uniform Resource Locators (URLs): 2016 Dataset Case Study

Author

Philip Hoover, Hakki Erhan Sevil, Guillermo A. Francia, Raid W. Amin, and Salih Kocak

Subjects

spatial analysis, Computer science, Population, phishing, 02 engineering and technology, computer.software_genre, Computer security, Uniform Resource Locators (URLs), Resource (project management), defacement, spam, 0202 electrical engineering, electronic engineering, information engineering, Baseline (configuration management), education, cyber attack, education.field_of_study, lcsh:T58.5-58.64, malware, lcsh:Information technology, 020206 networking & telecommunications, Phishing, Country of origin, Identification (information), Malware, Cyber-attack, 020201 artificial intelligence & image processing, computer, Information Systems

Abstract

In this study, we aimed to identify spatial clusters of countries with high rates of cyber attacks directed at other countries. The cyber attack dataset was obtained from Canadian Institute for Cybersecurity , with over 110,000 Uniform Resource Locators (URLs), which were classified into one of 5 categories: benign, phishing, malware, spam, or defacement. The disease surveillance software SaTScanTM was used to perform a spatial analysis of the country of origin for each cyber attack. It allowed the identification of spatial and space-time clusters of locations with unusually high counts or rates of cyber attacks. Number of internet users per country obtained from the 2016 CIA World Factbook was used as the population baseline for computing rates and Poisson analysis in SaTScanTM. The clusters were tested for significance with a Monte Carlo study within SaTScanTM, where any cluster with p &lt, 0.05 was designated as a significant cyber attack cluster. Results using the rate of the different types of malicious URL cyber attacks are presented in this paper. This novel approach of studying cyber attacks from a spatial perspective provides an invaluable relative risk assessment for each type of cyber attack that originated from a particular country.

Published

2020

22. Attacker Behaviour Forecasting Using Methods of Intelligent Data Analysis: A Comparative Review and Prospects

Author

Igor Kotenko, Evgenia Novikova, and Elena Doynikova

Subjects

Process (engineering), Computer science, Data_MISCELLANEOUS, Early detection, attributes, 02 engineering and technology, Computer security, computer.software_genre, comparative review, metrics, Set (abstract data type), 0202 electrical engineering, electronic engineering, information engineering, features, attacker profile, cyber attack, Cyber threats, intelligent data analysis, lcsh:T58.5-58.64, lcsh:Information technology, 020206 networking & telecommunications, attack forecasting, attacker, Cyber-attack, attacker behaviour, 020201 artificial intelligence & image processing, computer, Information Systems

Abstract

Early detection of the security incidents and correct forecasting of the attack development is the basis for the efficient and timely response to cyber threats. The development of the attack depends on future steps available to the attackers, their goals, and their motivation—that is, the attacker “profile” that defines the malefactor behaviour in the system. Usually, the “attacker profile” is a set of attacker’s attributes—both inner such as motives and skills, and external such as existing financial support and tools used. The definition of the attacker’s profile allows determining the type of the malefactor and the complexity of the countermeasures, and may significantly simplify the attacker attribution process when investigating security incidents. The goal of the paper is to analyze existing techniques of the attacker’s behaviour, the attacker’ profile specifications, and their application for the forecasting of the attack future steps. The implemented analysis allowed outlining the main advantages and limitations of the approaches to attack forecasting and attacker’s profile constructing, existing challenges, and prospects in the area. The approach for attack forecasting implementation is suggested that specifies further research steps and is the basis for the development of an attacker behaviour forecasting technique.

Published

2020

23. Detection and Modeling of Cyber Attacks with Petri Nets

Author

Joanna Śliwa, Bartosz Jasiul, and Marcin Szpyrka

Subjects

behavioral analysis, malware, Process (engineering), End user, Computer science, General Physics and Astronomy, lcsh:Astrophysics, Petri net, computer.software_genre, Computer security, lcsh:QC1-999, Cryptovirology, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, malware detection, Digital signature, colored Petri net, lcsh:QB460-466, Obfuscation, Malware, Cyber-attack, lcsh:Q, lcsh:Science, computer, lcsh:Physics, cyber attack

Abstract

The aim of this article is to present an approach to develop and verify a method of formal modeling of cyber threats directed at computer systems. Moreover, the goal is to prove that the method enables one to create models resembling the behavior of malware that support the detection process of selected cyber attacks and facilitate the application of countermeasures. The most common cyber threats targeting end users and terminals are caused by malicious software, called malware. The malware detection process can be performed either by matching their digital signatures or analyzing their behavioral models. As the obfuscation techniques make the malware almost undetectable, the classic signature-based anti-virus tools must be supported with behavioral analysis. The proposed approach to modeling of malware behavior is based on colored Petri nets. This article is addressed to cyber defense researchers, security architects and developers solving up-to-date problems regarding the detection and prevention of advanced persistent threats.

Published

2014