发布求助
文献互助 智能选刊 最新文献

2018 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA)最新文献

筛选
英文 中文
A Netnographic Study on the Dark Net Ecosystem for Ransomware 勒索软件暗网生态系统的网络学研究
2018 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA) Pub Date : 2018-06-01 DOI: 10.1109/CyberSA.2018.8551424
Y. Bayoumy, P. H. Meland, G. Sindre
{"title":"A Netnographic Study on the Dark Net Ecosystem for Ransomware","authors":"Y. Bayoumy, P. H. Meland, G. Sindre","doi":"10.1109/CyberSA.2018.8551424","DOIUrl":"https://doi.org/10.1109/CyberSA.2018.8551424","url":null,"abstract":"For more than a decade, businesses and private citizens alike have been tormented by an online phenomenon that has changed our stance on cyber security. Ransomware, malicious software that demands payment in exchange for a stolen functionality, has grown beyond expectations. The development and distribution of ransomware is stimulated by social networks active in the Dark Net. From the cyber criminal perspective, this is an ideal platform to participate in a business ecosystem, either as an author, vendor or distributor of ransomware. Within the Dark Net, they can find forums and marketplaces that offer complete secrecy and concealment of the user’s identity. Studying the activities taking place within the Dark Net sites can improve our situational awareness on upcoming threats and how we can defend against them. In this research, a netnographic study was done to obtain useful data such as observations of the marketplace economies and reflections on the social interactions between the different stakeholders involved in the creation and distribution of ransomware.","PeriodicalId":352813,"journal":{"name":"2018 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA)","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133436065","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
Compound Password System for Mobile 手机复合密码系统
2018 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA) Pub Date : 2018-06-01 DOI: 10.1109/CyberSA.2018.8551445
Zachary Hills, David F. Arppe, Amin Ibrahim, K. El-Khatib
{"title":"Compound Password System for Mobile","authors":"Zachary Hills, David F. Arppe, Amin Ibrahim, K. El-Khatib","doi":"10.1109/CyberSA.2018.8551445","DOIUrl":"https://doi.org/10.1109/CyberSA.2018.8551445","url":null,"abstract":"Authentication on mobile devices deviates from the traditional text-based password system. The choice to use alternative password systems comes at a cost and in this paper we explore the current issues with said systems and propose a new method for authentication on mobile devices. In this paper we explore the current landscape of mobile authentication. The mobile authentication systems, Personal Identification Number and Pattern passwords both have issues which makes them weak to attacks. Our goal is to create a scheme that can strengthen the security of mobile passwords by combining both methods of authentication. When a new security system is implemented there is two factors that determine the system’s success, the complexity of the system and the usability or feasibility of the system. This paper looks to define the complexity of our scheme in terms of security.","PeriodicalId":352813,"journal":{"name":"2018 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA)","volume":"46 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132488943","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Enhancing Cyber Situational Awareness: A New Perspective of Password Auditing Tools 增强网络态势感知:密码审计工具的新视角
2018 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA) Pub Date : 2018-06-01 DOI: 10.1109/CyberSA.2018.8551404
Eliana Stavrou
{"title":"Enhancing Cyber Situational Awareness: A New Perspective of Password Auditing Tools","authors":"Eliana Stavrou","doi":"10.1109/CyberSA.2018.8551404","DOIUrl":"https://doi.org/10.1109/CyberSA.2018.8551404","url":null,"abstract":"Password auditing can enhance the cyber situational awareness of defenders, e.g. cyber security/IT professionals, with regards to the strength of text-based authentication mechanisms utilized in an organization. Auditing results can proactively indicate if weak passwords exist in an organization, decreasing the risks of compromisation. Password cracking is a typical and time-consuming way to perform password auditing. Given that defenders perform password auditing within a specific evaluation timeframe, the cracking process needs to be optimized to yield useful results. Existing password cracking tools do not provide holistic features to optimize the process. Therefore, the need arises to build new password auditing toolkits to assist defenders to achieve their task in an effective and efficient way. Moreover, to maximize the benefits of password auditing, a security policy should be utilized. Currently the efforts focus on the specification of password security policies, providing rules on how to construct passwords. This work proposes the functionality that should be supported by next-generation password auditing toolkits and provides guidelines to drive the specification of a relevant password auditing policy.","PeriodicalId":352813,"journal":{"name":"2018 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA)","volume":"52 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127051630","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
CoCoa: An Ontology for Cybersecurity Operations Centre Analysis Process 网络安全运营中心分析过程的本体
2018 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA) Pub Date : 2018-06-01 DOI: 10.1109/CyberSA.2018.8551486
Cyril Onwubiko
{"title":"CoCoa: An Ontology for Cybersecurity Operations Centre Analysis Process","authors":"Cyril Onwubiko","doi":"10.1109/CyberSA.2018.8551486","DOIUrl":"https://doi.org/10.1109/CyberSA.2018.8551486","url":null,"abstract":"A cybersecurity operations centre ontology for analysis (CoCoa) is proposed, which aligns to the NIST cybersecurity framework. CoCoa is a process ontology for the CSOC analysis processes that provides the cybersecurity analysts operational situational awareness of the vital aspects of the CSOC. The process ontology offers a fundamental shift from log collection to the analysis of five overarching threat intelligence and information sources (namely – events and logs, network information, structured digital feed, semi and un-structured feed and threat intelligence), which should allow the CSOC to provide proactive monitoring, detection of inflight, emerging and complex threats that would not have ordinarily been detected through only events and logs. Further, and most importantly, the proposed ontology is then used to identify how cyber incidents can be realised and detected through ontology-based knowledge graph.","PeriodicalId":352813,"journal":{"name":"2018 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA)","volume":"175 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133813986","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 23
Cyber Insurance and Security Interdependence: Friends or Foes? 网络保险与安全相互依赖:是敌是友?
2018 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA) Pub Date : 2018-06-01 DOI: 10.1109/CyberSA.2018.8551447
G. Uuganbayar, A. Yautsiukhin, F. Martinelli
{"title":"Cyber Insurance and Security Interdependence: Friends or Foes?","authors":"G. Uuganbayar, A. Yautsiukhin, F. Martinelli","doi":"10.1109/CyberSA.2018.8551447","DOIUrl":"https://doi.org/10.1109/CyberSA.2018.8551447","url":null,"abstract":"Cyber insurance is a cyber risk treatment option which allows transferring losses to another party for a fee. Although researchers and practitioners see cyber insurance as a desirable practice, the new market faces several practical (e.g., lack of data) and theoretical (effect of security interdependency) challenges. One of the most important questions from the cyber security point of view is whether cyber insurance is an incentive to self-protection investments. Several studies have shown that with cyber insurance available, agents are more willing to buy insurance than investing in self-protection.In this study, we investigate how security interdependence affects the incentive of agents to invest in self-protection with/without cyber insurance available to them. In particular, we are interested in comparing the investments with and without insurance available for agents when the degree of interdependence changes. In the study, we model a competitive cyber insurance market and assume no information asymmetry.","PeriodicalId":352813,"journal":{"name":"2018 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA)","volume":"33 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124811398","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Cyber Kill Chain based Threat Taxonomy and its Application on Cyber Common Operational Picture 基于网络杀伤链的威胁分类及其在网络公共作战图景中的应用
2018 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA) Pub Date : 2018-06-01 DOI: 10.1109/CyberSA.2018.8551383
Sungyoung Clio, Insung Han, Hyunsook Jeong, Jin-Soo Kim, Sungmo Koo, Haengrok Oh, Moosung Park
{"title":"Cyber Kill Chain based Threat Taxonomy and its Application on Cyber Common Operational Picture","authors":"Sungyoung Clio, Insung Han, Hyunsook Jeong, Jin-Soo Kim, Sungmo Koo, Haengrok Oh, Moosung Park","doi":"10.1109/CyberSA.2018.8551383","DOIUrl":"https://doi.org/10.1109/CyberSA.2018.8551383","url":null,"abstract":"Over a decade, intelligent and persistent forms of cyber threats have been damaging to the organizations’ cyber assets and missions. In this paper, we analyze current cyber kill chain models that explain the adversarial behavior to perform advanced persistent threat (APT) attacks, and propose a cyber kill chain model that can be used in view of cyber situation awareness. Based on the proposed cyber kill chain model, we propose a threat taxonomy that classifies attack tactics and techniques for each attack phase using CAPEC, ATT&CK that classify the attack tactics, techniques, and procedures (TTPs) proposed by MITRE. We also implement a cyber common operational picture (CyCOP) to recognize the situation of cyberspace. The threat situation can be represented on the CyCOP by applying cyber kill chain based threat taxonomy.","PeriodicalId":352813,"journal":{"name":"2018 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA)","volume":"10 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122256137","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 18
首页 上一页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信