2017 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA)最新文献

{"title":"Modeling the effects of amount and timing of deception in simulated network scenarios","authors":"Palvi Aggarwal, Cleotilde González, V. Dutt","doi":"10.1109/CyberSA.2017.8073405","DOIUrl":"https://doi.org/10.1109/CyberSA.2017.8073405","url":null,"abstract":"With the growth of digital infrastructure, cyber-attacks are increasing in the real-world. Cyber-attacks are deliberate exploitation of computer systems, technology-dependent enterprises, and networks. Deception, i.e., the act of making someone believe in something that is not true, could be a way of countering cyber-attacks. In this paper, we propose a real-time simulation environment (“Deception Game”), which we used to evaluate and model the decision making of hackers in the presence of deception. In an experiment, using a repeated Deception Game (N = 100 participants), we analyzed the effect of two factors on participants' decisions to attack a computer network: amount of deception used and the timing of deception. Across 10-attack trials, the amount of deception used was manipulated at 2-levels: low and high. The timing of deception was manipulated at 2-levels: early and late. Results revealed that using late and high deception caused a reduction in attacks on regular webserver compared to early and low deception. Furthermore, we developed a cognitive model of hacker's decision-making using Instance-Based Learning (IBL) Theory, a theory of decisions from experience. The parameters obtained from the model helped explain the reasons for our experimental results.","PeriodicalId":365296,"journal":{"name":"2017 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA)","volume":"32 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132690387","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Performance evaluation of a fragmented secret share system","authors":"Elochukwu A. Ukwandu, W. Buchanan, Gordon Russell","doi":"10.1109/CyberSA.2017.8073396","DOIUrl":"https://doi.org/10.1109/CyberSA.2017.8073396","url":null,"abstract":"There are many risks in moving data into public storage environments, along with an increasing threat around large-scale data leakage. Secret sharing scheme has been proposed as a keyless and resilient mechanism to mitigate this, but scaling through large scale data infrastructure has remained the bane of using secret sharing scheme in big data storage and retrievals. This work applies secret sharing methods as used in cryptography to create robust and secure data storage and retrievals in conjunction with data fragmentation. It outlines two different methods of distributing data equally to storage locations as well as recovering them in such a manner that ensures consistent data availability irrespective of file size and type. Our experiments consist of two different methods — data and key shares. Using our experimental results, we were able to validate previous works on the effects of threshold on file recovery. Results obtained also revealed the varying effects of share writing to and retrieval from storage locations other than computer memory. The implication is that increase in fragment size at varying file and threshold sizes rather than add overheads to file recovery, do so on creation instead, underscoring the importance of choosing a varying fragment size as file size increases.","PeriodicalId":365296,"journal":{"name":"2017 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA)","volume":"197 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115004158","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Cr@ck3n: A cyber alerts visualization object","authors":"David Brosset, Camille Cavelier, Benjamin Costé, Y. Kermarrec, Joffrey Lartigaud, Pedro Merino Laso","doi":"10.1109/CyberSA.2017.8073401","DOIUrl":"https://doi.org/10.1109/CyberSA.2017.8073401","url":null,"abstract":"With the increasing number of connected devices and given the complexity of computer networks, to identify cyber anomalies is more and more challenging. Either at home, in the work place or for military defense purposes a better cyber situation awareness is needed. However, the visualization methods are often made for specialists and the information difficult to interpret. In this paper we describe an object made for the visualization of abnormal network events in a user-friendly way using colors, sound and information scrolling. It is still under development but the first user feedback are encouraging.","PeriodicalId":365296,"journal":{"name":"2017 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA)","volume":"70 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122675840","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Visualizing network events in a muggle friendly way","authors":"Outi-Marja Latvala, Tommi Keränen, S. Noponen, Niko Lehto, Mirko Sailio, Mikko Valta, Pia Olli","doi":"10.1109/CyberSA.2017.8073400","DOIUrl":"https://doi.org/10.1109/CyberSA.2017.8073400","url":null,"abstract":"This paper describes a work in progress for a proof of concept which visualizes network events of an industrial automation system in a 3D fish tank view. It aims to enable an automation operator, who most likely is a non-network-expert, to spot anomalies in network traffic and also to memorise past seen anomalies more easily. The developed solution builds upon three components: a Snort event-log forwarder, a database and the 3D fish tank to visualize the events. Different kind of fishes were chosen to present network nodes, and how they move in the fish tank describes the event. Visualization system was implemented using the Unity game engine. As this is still a work in progress, more development is needed; especially adding functionality to visualize normal network traffic besides Snort events is crucial. However, the first version showed interest among people, as this differs from traditional network event visualizations.","PeriodicalId":365296,"journal":{"name":"2017 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA)","volume":"35 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125325053","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A location privacy system in mobile network using game theory","authors":"B. K. Alese, A. Thompson, Patricia Yetunde Oni","doi":"10.1109/CyberSA.2017.8073404","DOIUrl":"https://doi.org/10.1109/CyberSA.2017.8073404","url":null,"abstract":"The continuous dissemination of location information of mobile users has affected the security of mobile devices and also increased the location privacy vulnerability which necessitated the use of game theory approach to solve the problem. This research designs a location privacy system of n-player game that analyses the behaviour of mobile nodes in the network. Each player aims at maximizing its location privacy at minimum cost by strategically choosing series of actions in the game. The design was simulated using Java programming language configured on Windows 7 platform. The results of the games played were presented with analysis showing the strategies chosen by the mobile nodes. The players had opportunity of choosing perfect strategies as the number of players participating in the game increases thus, enhance the level of location privacy achieved by the players.","PeriodicalId":365296,"journal":{"name":"2017 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA)","volume":"17 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125620148","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"For cloud services on a user's multiple devices, how do we measure the trusted zone defended by anti-malware?","authors":"A. Arrott, Ivan Macalintal, I. McMillan","doi":"10.1109/CyberSA.2017.8073394","DOIUrl":"https://doi.org/10.1109/CyberSA.2017.8073394","url":null,"abstract":"Cloud access security brokers (CASBs) operating in what has come to be called the cloud security gateway market are gaining industry acceptance as the next evolution in defending trusted zones for networked computing. The traditional clientserver framework of individual endpoint security coupled with enterprise network gateway security is proving inadequate to the overlapping extended networks created by mobility and cloud services. Useful measurement of the effectiveness of anti-malware and other cybersecurity defenses requires a clear definition of the trusted zones being defended. The value proposition of CASB services implies the successful defense of hundreds of individual trusted zones (one for each cloud service) for each individual user endpoint. The authors explore a different approach to defining the defended trusted zone in the era of multiple mobile endpoints and layered interacting cloud services. Defining the individual Office 365 user account as an example of a trusted zone for an individual user, the authors use traditional metrics of anti-malware efficacy to measure the properties of a well-defined singular trusted zone in the current environment where a user accesses hundreds of cloud services from multiple personal devices. Results of laboratory tests are presented where: the system-under-test is an individual Office 365 user account (Office 365 E3); the stimulus workloads (attack samples) are multiple forms of malicious activity (portable executable files, malicious links, weaponized documents, phishing emails); the attack vectors are through Office 365 cloud services (Exchange, SharePoint, OneDrive); and we measure the ability of malware to be successfully moved from being unavailable to the Office 365 user account to becoming available (regardless of what device the account owners use to access their individual Office 365 accounts). The goal of this research is to provide evidence as to the adequacy of adopting an individual user's overall internet access account as a simpler framework for the defended trusted zone for individual use of cloud services.","PeriodicalId":365296,"journal":{"name":"2017 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129888694","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A graphic-based cryptographic model for authentication","authors":"B. K. Alese, A. Akindele, F. Dahunsi, A. Thompson, Tosin A. Adesuyi","doi":"10.1109/CyberSA.2017.8073395","DOIUrl":"https://doi.org/10.1109/CyberSA.2017.8073395","url":null,"abstract":"Conventional password has been used for authentication for a long time due to its advantages. However, it drawbacks such as weak or unrecalled passwords has frequently compromised security. This paper presents a graphic-based cryptographic model (GBCM) with enhanced usability and security. The GBCM model consists of registration and verification stages that users must successfully complete in order to be authenticated. A hybrid technique based on recognition, cued and pure recall was adopted. The GBCM security is enhanced by using a three-level authentication mode, secret key, operator and scrambling of grid cells, thereby mitigating shoulder surfing attack; usability is enhanced using grid cell identity (ID) and images. Consequently, the implementation shows that, out of 18 users registration done with the system, 83.33% remembered their images, 83.33% also remembered their secret keys while 88.89% remembered their operator, resulting in 77.78% successful login. The login success proves user friendliness of the GBCM system.","PeriodicalId":365296,"journal":{"name":"2017 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA)","volume":"216 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134089820","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A situation-aware user interface to assess users' ability to construct strong passwords: A conceptual architecture","authors":"Eliana Stavrou","doi":"10.1109/CyberSA.2017.8073385","DOIUrl":"https://doi.org/10.1109/CyberSA.2017.8073385","url":null,"abstract":"Text-based passwords are still one of the main techniques to authenticate the users. Although a variety of measures (e.g. awareness activities, password-strength checkers, password-composition policies, etc.) are taken to prevent users from selecting weak passwords, the problem remains. A main factor that leads to weak passwords is the lack of awareness on what constitutes a strong password. Organizations should assess the users' ability to construct a strong password through the assessment of their password's strength, and taking into consideration the users' practices that are typically applied when selecting a password. In this way, organizations can be aware of the situation, that is, if their users follow good or bad password construction practices. Depending on the practice utilized, the organization's security level can be affected. Bad password construction practices can lead to weak passwords which can increase the risk of unauthorized access. Therefore, organizations should target for good practices to be utilized by their users in an effort to decrease the possibility of unauthorized access. A typical way to assess a password's strength is by trying to crack it using password cracking tools. An assessor, e.g. system administrator, requires a fair amount of knowledge on how password cracking tools operate and need to be configured. Also, it is essential to be aware of the bad practices that users typically utilize. Such knowledge is not always present. Furthermore, these tools and their respective graphical user interface, have not been designed with the objective of assessing the users' awareness level against bad password construction practices. This paper proposes a conceptual architecture to assist in designing a situation-aware user interface to assess users' ability to construct a password that is not easily crackable. An initial mock prototype has been developed to realize the proposed architecture and identify the main features of the user interface.","PeriodicalId":365296,"journal":{"name":"2017 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA)","volume":"130 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116264393","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Socio-economic factors in cybercrime: Statistical study of the relation between socio-economic factors and cybercrime","authors":"P. Solano, A. J. R. Peinado","doi":"10.1109/CyberSA.2017.8073392","DOIUrl":"https://doi.org/10.1109/CyberSA.2017.8073392","url":null,"abstract":"The expansion of the access to the Internet around the world has changed society as we know it. Having access to an unlimited source of information has changed the lives of individuals and communities. Even so, this new-found connectivity has created new risks. The Internet has enabled criminals to target data around the world and has put in reach critical infrastructure. Data breaches in companies affect millions threatening the privacy of people. Companies are exposed to big economic losses if they fail to protect their data. And in the military arena nations are preparing for cyberwar. From a defensive point of view is critical to predict and prepare systems against attacks. To help, this study analyses correlations between socio-economic factors and attacks. We want to confirm if there is a link that can help drawing patterns on attacks. To do that we will categorise cyber incidents and run a statistical correlation on them. Correlation does not imply causality but it helps further research on the causes of cybercrime.","PeriodicalId":365296,"journal":{"name":"2017 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA)","volume":"20 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127654514","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Multi-dimensional structural data integration for proactive cyber-defence","authors":"Ikwu Ruth","doi":"10.1109/CYBERSA.2017.8073390","DOIUrl":"https://doi.org/10.1109/CYBERSA.2017.8073390","url":null,"abstract":"The current cyber defences at technical and operational levels have consistently proven inefficient to counter the ever-growing sophistication of the adversary and modern cyber-attacks. Given the interconnectedness of modern societies, physical and cyber events, building proactive cyber defence models that consider the interconnectedness of events and activities across the physical, social and economic realities of cyberspace is an important task that helps detect early warning signs of cyber-attacks and predict the future occurrences of cyber-attacks. The concept of The Entangled cyberspace as introduced in this paper, is a cyber-defence analytical framework that captures the effects of activities on one layer of cyberspace, on the events that emerge on other layers of cyberspace. This article describes cyberspace from an analytical perspective and identifies primary sources of data and information from various layers of cyberspace. The framework provides a solid foundation for building proactive cyber defence models from a seemingly entangled cyberspace.","PeriodicalId":365296,"journal":{"name":"2017 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA)","volume":"45 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123238624","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}