Information security has grown as a prominent issue in our digital life. The network security is becoming more significant as the volume of data being exchanged over net increases day by day. Attack trees AT technique play an important role to investigate the threat analysis problem to known cyber attacks for risk assessment. The technique is especially effective in assessing and managing the risks from hostile, intelligent adversaries. It is useful for analyzing threats against assets ranging from information systems to physical infrastructure. By using attack tree modeling analysis an organization can understand the ways in which they will be attacked, determine the likelihood and impact damage of these attacks and decide what action to take where the risks are unacceptable. This paper describes the attack tree model for organization based on Client Server Network. It provides the ways for defending and preventing sensitive information from attackers. Attack tree modeling provides for effective security solutions, cost effective security solutions and defensible risk mitigation decisions. Sandar Pa Pa Thein | Phyu Phyu | Thin Thin Swe "Designing Security Assessment of Client- Server System using Attack Tree Modeling" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-3 | Issue-5 , August 2019, URL: https://www.ijtsrd.com/papers/ijtsrd26727.pdf Paper URL: https://www.ijtsrd.com/engineering/computer-engineering/26727/designing-security-assessment-of-client--server-system-using-attack-tree-modeling/sandar-pa-pa-thein
AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...IJNSA Journal
End users are increasingly vulnerable to attacks directed at web browsers which make the most of popularity of today’s web services. While organizations deploy several layers of security to protect their systems and data against unauthorised access, surveys reveal that a large fraction of end users do not utilize and/or are not familiar with any security tools. End users’ hesitation and unfamiliarity with security products contribute vastly to the number of online DDoS attacks, malware and Spam distribution. This work on progress paper proposes a design focused on the notion of increased participation of internet service providers in protecting end users. The proposed design takes advantage of three different detection tools to identify the maliciousness of a website content and alerts users through utilising Internet Content Adaptation Protocol (ICAP) by an In-Browser cross-platform messaging system. The system also incorporates the users’ online behaviour analysis to minimize the scanning intervals of malicious websites database by client honeypots. Findings from our proof of concept design and other research indicate that such a design can provide a reliable hybrid detection mechanism while introducing low delay time into user browsing experience.
Webinar: Get Ready to Detect, Respond & Recover from a Cyber AttackAujas
It is given that you will be hacked, irrespective of your level of cyber security. Learn how you can detect, respond & recover from cyber attacks. Quicker.
Key Content:
1. The threat landscape and how existing monitoring and response capabilities are ineffective in detecting and responding to advanced cyber attacks
2. Lifecycle and speed of an attack and how early detection can help in responding and managing losses
3. Blueprint for an effective (and vendor agnostic) Incident Management Program
If you have been tracking the Cyber Security News lately, one thing is for sure - Cyber Attacks are imminent and it is a matter of time when you will be the next one to come under an attack, if not already.
What Robert Mueller, Former Director of FBI said in RSA Conference in March 2012 is still very relevant.
"I am convinced that there are only two types of companies: those that have been hacked and those that will be. ” and what he says further makes it worse "And even they are converging into one category: companies that have been hacked and will be hacked again."
Cyber attacks are no more a work of lone warriors or a group of hackers but involve cyber crime syndicates, collaborating and pumping large amount of money, precision, knowledge, expertise and persistence. Their capabilities are equal if not better than state sponsors.
Data says that cyber security incidents affects all kinds of organizations - small, medium or large and across all industries - financial, telecom, utility, health care, education and more. Organizations fail to detect and respond to security incidents due to weak monitoring capabilities and lack of expertise, tools and procedures.
In this webinar we will look at the cause and effect of the problem, analyze preparedness and learn how you can better prepare, detect, respond and recover from cyber attacks.
This document discusses information system security. It defines information system security as collecting activities to protect information systems and stored data. It outlines four components of an IT security policy framework: policies, standards, procedures, and guidelines. It also discusses vulnerabilities, threats, attacks, and trends in attacks. Vulnerabilities refer to weaknesses, while threats use tools and scripts to launch attacks like reconnaissance, access, denial of service, and viruses/Trojans. Common attacks trends include malware, phishing, ransomware, denial of service, man-in-the-middle, cryptojacking, SQL injection, and zero-day exploits.
This document discusses network risks and vulnerabilities. It begins by defining vulnerabilities as software flaws or misconfigurations that weaken security. It then examines various types of vulnerabilities like design flaws, viruses, impersonation, worms, port scanning, man-in-the-middle attacks, denial-of-service attacks. The document also covers network risk assessment methodology and impact analysis. It concludes with a brief mention of network risk mitigation as a way to reduce risks.
IRJET- Cyber Attacks and its different TypesIRJET Journal
This document discusses different types of cyber attacks. It begins by providing context on how technology has increased connectivity but also vulnerabilities. The main types of cyber attacks discussed include:
1) Denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks which overload systems to disrupt service.
2) Man-in-the-middle (MitM) attacks where a third party intercepts communications between two others.
3) Phishing attacks which use fraudulent emails or websites to steal personal or credential information from users.
4) Drive-by download attacks where visiting an infected website automatically downloads malware without user interaction.
Countermeasures to these attacks include firewall
Behavior Analysis Of Malicious Web Pages Through Client Honeypot For Detectio...IJERA Editor
Malwares which is also known as malicious software’s is spreading through the exploiting the client side applications such as browsers, plug-ins etc. Attackers implant the malware codes in the user’s computer through web pages; thereby they are also known malicious web pages. Here in the paper, we present the usefulness of controlled environment in the form of client honeypots in detection of malicious web pages through collections of malicious intent in web pages and then perform detailed analysis for validation and confirmation of malicious web pages. First phase is collection of malicious infections through high interaction client honeypot, second phase is validations of the malicious infections embedded into web pages through behavior based analysis. Malwares which infect the client side applications and drop the malwares into user’s computers sometimes overrides the signature based detection techniques; thereby there is a need to study the behavior of the complete malicious web pages.
Recent ransomware cyberattack on a major oil pipeline caused gas prices to surge and gas stations in multiple states to experience shortages due to a several-day outage resulting from the attack.
Patents are a good information resource for obtaining the state of the art of AI technology innovations for defending against the ransomware attacks. Patent information can provide many valuable insights that can be exploited for developing and implementing new technologies. Patents can also be exploited to identify new product/service development opportunities.
This document discusses ransomware attacks, including their history, impact, and mitigation strategies. It provides an overview of common ransomware types and how they work. Statistics are presented on organizations and countries most affected by ransomware. The COVID-19 pandemic is noted to have increased ransomware attacks by exploiting remote work vulnerabilities. Effective mitigation involves backups, antivirus software, user training, and following best practices if a ransomware attack occurs.
AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...IJNSA Journal
End users are increasingly vulnerable to attacks directed at web browsers which make the most of popularity of today’s web services. While organizations deploy several layers of security to protect their systems and data against unauthorised access, surveys reveal that a large fraction of end users do not utilize and/or are not familiar with any security tools. End users’ hesitation and unfamiliarity with security products contribute vastly to the number of online DDoS attacks, malware and Spam distribution. This work on progress paper proposes a design focused on the notion of increased participation of internet service providers in protecting end users. The proposed design takes advantage of three different detection tools to identify the maliciousness of a website content and alerts users through utilising Internet Content Adaptation Protocol (ICAP) by an In-Browser cross-platform messaging system. The system also incorporates the users’ online behaviour analysis to minimize the scanning intervals of malicious websites database by client honeypots. Findings from our proof of concept design and other research indicate that such a design can provide a reliable hybrid detection mechanism while introducing low delay time into user browsing experience.
Webinar: Get Ready to Detect, Respond & Recover from a Cyber AttackAujas
It is given that you will be hacked, irrespective of your level of cyber security. Learn how you can detect, respond & recover from cyber attacks. Quicker.
Key Content:
1. The threat landscape and how existing monitoring and response capabilities are ineffective in detecting and responding to advanced cyber attacks
2. Lifecycle and speed of an attack and how early detection can help in responding and managing losses
3. Blueprint for an effective (and vendor agnostic) Incident Management Program
If you have been tracking the Cyber Security News lately, one thing is for sure - Cyber Attacks are imminent and it is a matter of time when you will be the next one to come under an attack, if not already.
What Robert Mueller, Former Director of FBI said in RSA Conference in March 2012 is still very relevant.
"I am convinced that there are only two types of companies: those that have been hacked and those that will be. ” and what he says further makes it worse "And even they are converging into one category: companies that have been hacked and will be hacked again."
Cyber attacks are no more a work of lone warriors or a group of hackers but involve cyber crime syndicates, collaborating and pumping large amount of money, precision, knowledge, expertise and persistence. Their capabilities are equal if not better than state sponsors.
Data says that cyber security incidents affects all kinds of organizations - small, medium or large and across all industries - financial, telecom, utility, health care, education and more. Organizations fail to detect and respond to security incidents due to weak monitoring capabilities and lack of expertise, tools and procedures.
In this webinar we will look at the cause and effect of the problem, analyze preparedness and learn how you can better prepare, detect, respond and recover from cyber attacks.
This document discusses information system security. It defines information system security as collecting activities to protect information systems and stored data. It outlines four components of an IT security policy framework: policies, standards, procedures, and guidelines. It also discusses vulnerabilities, threats, attacks, and trends in attacks. Vulnerabilities refer to weaknesses, while threats use tools and scripts to launch attacks like reconnaissance, access, denial of service, and viruses/Trojans. Common attacks trends include malware, phishing, ransomware, denial of service, man-in-the-middle, cryptojacking, SQL injection, and zero-day exploits.
This document discusses network risks and vulnerabilities. It begins by defining vulnerabilities as software flaws or misconfigurations that weaken security. It then examines various types of vulnerabilities like design flaws, viruses, impersonation, worms, port scanning, man-in-the-middle attacks, denial-of-service attacks. The document also covers network risk assessment methodology and impact analysis. It concludes with a brief mention of network risk mitigation as a way to reduce risks.
IRJET- Cyber Attacks and its different TypesIRJET Journal
This document discusses different types of cyber attacks. It begins by providing context on how technology has increased connectivity but also vulnerabilities. The main types of cyber attacks discussed include:
1) Denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks which overload systems to disrupt service.
2) Man-in-the-middle (MitM) attacks where a third party intercepts communications between two others.
3) Phishing attacks which use fraudulent emails or websites to steal personal or credential information from users.
4) Drive-by download attacks where visiting an infected website automatically downloads malware without user interaction.
Countermeasures to these attacks include firewall
Behavior Analysis Of Malicious Web Pages Through Client Honeypot For Detectio...IJERA Editor
Malwares which is also known as malicious software’s is spreading through the exploiting the client side applications such as browsers, plug-ins etc. Attackers implant the malware codes in the user’s computer through web pages; thereby they are also known malicious web pages. Here in the paper, we present the usefulness of controlled environment in the form of client honeypots in detection of malicious web pages through collections of malicious intent in web pages and then perform detailed analysis for validation and confirmation of malicious web pages. First phase is collection of malicious infections through high interaction client honeypot, second phase is validations of the malicious infections embedded into web pages through behavior based analysis. Malwares which infect the client side applications and drop the malwares into user’s computers sometimes overrides the signature based detection techniques; thereby there is a need to study the behavior of the complete malicious web pages.
Recent ransomware cyberattack on a major oil pipeline caused gas prices to surge and gas stations in multiple states to experience shortages due to a several-day outage resulting from the attack.
Patents are a good information resource for obtaining the state of the art of AI technology innovations for defending against the ransomware attacks. Patent information can provide many valuable insights that can be exploited for developing and implementing new technologies. Patents can also be exploited to identify new product/service development opportunities.
This document discusses ransomware attacks, including their history, impact, and mitigation strategies. It provides an overview of common ransomware types and how they work. Statistics are presented on organizations and countries most affected by ransomware. The COVID-19 pandemic is noted to have increased ransomware attacks by exploiting remote work vulnerabilities. Effective mitigation involves backups, antivirus software, user training, and following best practices if a ransomware attack occurs.
IT security in 2021: Why Ransomware Is Still The Biggest ThreatETech 7
Ransomware attacks continued to be a major threat in 2020 and will likely remain so in 2021. Ransomware encrypts users' files and demands ransom payments for the keys to decrypt them. It often infects systems through malicious attachments or links. Signs of infection include inability to access files, browser redirection, pop-ups, and crashes. Businesses can help prevent ransomware through employee education, backups, updated software/antivirus, disaster recovery plans, and managed security services.
This document discusses strategies for preventing data leakage. It proposes using a firewall to scan outgoing messages from employees and detect if they contain unauthorized transfers of sensitive data. If confidential information is detected in a message, the employee's ID would be reported to the administrator. The firewall would help enforce a data leakage prevention policy by identifying attempts to send protected information outside the authorized circle. The goal is to catch data leaks early before any damage occurs, since detection after the fact may be too late to remedy the situation. The proposed system aims to help organizations better safeguard their confidential information through proactive monitoring of employee communications.
Cybersecurity refers to protecting internet-connected systems, networks, programs, and data from malicious attacks. It aims to ensure confidentiality, integrity, and availability of data. The document discusses different types of cybersecurity including network security, application security, information security, identity management, operational security, mobile security, cloud security, and disaster recovery planning. It also covers common cybersecurity threats like malware, viruses, spyware, and describes their purpose and how they function. The overall goal of cybersecurity is to protect sensitive data and systems from unauthorized access or corruption.
The document discusses various aspects of computer security including common security fallacies, layers of security, security principles, threats, and an overview of security technologies. It describes physical security, host security, network security, and web application security as the key layers of security. It also defines basic security terminology and models like CIA triad, AAA, and the operational model involving prevention, detection, and response. Common security technologies discussed include encryption, firewalls, intrusion detection systems, antivirus software.
The document provides information about the Certified Computer Security Analyst (CCSA) program and training. It discusses the trainer, Semi Yulianto's qualifications and experience working with various security training and consulting organizations. It also lists some of the key topics covered in the CCSA training program, including vulnerabilities assessment, penetration testing methodology, security tools, and investigating vulnerabilities.
Enhanced method for intrusion detection over kdd cup 99 datasetijctet
This document discusses an enhanced method for intrusion detection using the KDD Cup 99 dataset. It aims to improve the accuracy of the dataset by analyzing the contribution of different attack classes to metrics like true positive rate and precision. The study examines these evaluation metrics for an intrusion detection system to identify which attack classes most impact recall and precision. The goal is to help improve the quality of the KDD Cup 99 dataset to achieve higher accuracy with lower false positives.
An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...ijtsrd
Millions of people worldwide have Internet access today. Intrusion detection technology is a modern wave of information technology monitoring devices to deter malicious activities. Malware development malicious software is a vital problem when it comes to designing intrusion detection systems IDS . The key challenge is to recognize unknown and hidden malware, because malware writers use various evasion techniques to mask information to avoid IDS detection. Malicious attacks have become more sophisticated and Furthermore, threats to security have increased, including a zero day attack on internet users. Through the use of IT in our daily lives, computer security has become critical. Cyber threats are becoming more complex and pose growing challenges when it comes to successful intrusion detection. Failure to prevent invading information, such as data privacy, integrity and availability can undermine the credibility of security services. Specific intrusion detection approaches were proposed in the literature to combat computer security threats. This paper consists of a literature survey of the IDS that uses program algorithms to use specific data collection and forensic techniques in real time. Data mining techniques for cyber research are introduced in support of intrusion detection. Mohammed I. Alghamdi "An Assessment of Intrusion Detection System (IDS) and Data-Set Overview: A Comprehensive Review of Recent Works" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-5 | Issue-2 , February 2021, URL: https://www.ijtsrd.com/papers/ijtsrd35730.pdf Paper Url: https://www.ijtsrd.com/computer-science/computer-security/35730/an-assessment-of-intrusion-detection-system-ids-and-dataset-overview-a-comprehensive-review-of-recent-works/mohammed-i-alghamdi
This document provides an overview of cyber security. It discusses the history and scale of cyber threats, principles of cyber security including confidentiality, integrity and availability. It describes different types of cyber security such as network security, application security and information security. It also outlines common cyber threats like cybercrime, cyberattacks and cyberterrorism. Additionally, it examines malicious actors, types of malware, hackers and cyber security strategies. The document emphasizes the importance of cyber security and provides tips for protecting against cyberattacks.
This document provides guidelines for organizations to prevent and respond to ransomware attacks. It recommends joining an information sharing organization and engaging with CISA to receive critical threat information and services. The document includes best practices for ransomware prevention, such as regularly backing up data offline, maintaining system images, patching software, securing remote access, and conducting phishing awareness training. It also provides tips to address infection vectors like internet-facing vulnerabilities, phishing emails, and precursor malware infections.
Protect Your IT Infrastructure from Zero-Day Attacks and New VulnerabilitiesSymantec
Protecting a business’s IT infrastructure is complex. Take, for example, a retailer operating a standard multi-tier infrastructure with both customer and partner portals. The infrastructure typically employs a mix of databases, in-house applications, third-party applications and web services, running in a heterogeneous OS environment and is constantly changing as technology advances and new business applications are added.
To ensure a base level of security and compliance, IT installs antivirus and uses a complex series of static network zones to protect the infrastructure.
This approach makes it difficult and slow to deploy new business applications and only provides protection from a casual attacker. The architecture becomes more complex as more applications and business services are introduced. Increasing IT infrastructure complexity also exacerbates existing challenges in protecting the environment from zero-day threats and from malicious actors eager to take advantage of newly discovered vulnerabilities.
Distribution Industry: What is Ransomware and How Does it Work?The TNS Group
Ransomware is a form of malware that essentially holds your system and files for ransom. When you’re hit with ransomware you have no access whatsoever to your data. It’s locked down but you still have the ability to access the ransom message from the cybercriminals. The message demands payment immediately, sometimes within 24 hours. It also includes what kind of payment which is sometimes an untraceable currency like Bitcoin.
This document discusses ransomware attacks and how to protect against them. It notes that ransomware attacks are increasingly common, with 79% of UK businesses reporting an attack in 2021. It describes the typical attack journey ransomware takes to infiltrate a network, highlighting how attackers target privileged admin credentials to access and encrypt important systems and backups. The document recommends implementing privileged access management (PAM) solutions to protect admin accounts and automate access, which can prevent attacks by restricting installs/changes and separating people from credentials. PAM provides security, auditability, and control while empowering users. The presentation promotes the Osirium Fast Protect PAM product.
Survey of apt and other attacks with reliable security schemes in manetijctet
This document summarizes security threats and challenges in mobile ad hoc networks (MANETs). It discusses advanced persistent threats (APTs) which aim to stealthily infiltrate networks to steal data. APTs use techniques like spear phishing and malware to infect systems. Malware types discussed include viruses, worms, trojans, and bots. The document also outlines requirements for securing MANETs against APTs, such as protecting devices and browsers from exploitation. Finally, it analyzes security issues in routing for MANETs and categorizes common routing protocols.
Fundamentals of information systems security ( pdf drive ) chapter 1newbie2019
This document discusses the growth of the internet and increased connectivity of devices beyond just computers. It notes that as internet usage has increased, issues of privacy, data security, and protecting sensitive information have become more important for both personal and business use. The document provides an overview of common security concepts and terms to help understand how to prevent cyberattacks and secure sensitive data. It also includes a table summarizing several high-profile data breaches between 2013-2015 at companies like Target, Anthem, and Sony Pictures that compromised personal and financial information for millions of customers.
The Next Generation Cognitive Security Operations Center: Network Flow Forens...Konstantinos Demertzis
A Security Operations Center (SOC) can be defined as an organized and highly skilled team that uses advanced computer forensics tools to prevent, detect and respond to cybersecurity incidents of an organization. The fundamental aspects of an effective SOC is related to the ability to examine and analyze the vast number of data flows and to correlate several other types of events from a cybersecurity perception. The supervision and categorization of network flow is an essential process not only for the scheduling, management, and regulation of the network’s services, but also for attacks identification and for the consequent forensics’ investigations. A serious potential disadvantage of the traditional software solutions used today for computer network monitoring, and specifically for the instances of effective categorization of the encrypted or obfuscated network flow, which enforces the rebuilding of messages packets in sophisticated underlying protocols, is the requirements of computational resources. In addition, an additional significant inability of these software packages is they create high false positive rates because they are deprived of accurate predicting mechanisms.
For all the reasons above, in most cases, the traditional software fails completely to recognize unidentified vulnerabilities and zero-day exploitations. This paper proposes a novel intelligence driven Network Flow Forensics Framework (NF3) which uses low utilization of computing power and resources, for the Next Generation Cognitive Computing SOC (NGC2SOC) that rely solely on advanced fully automated intelligence methods. It is an effective and accurate Ensemble Machine Learning forensics tool to Network Traffic Analysis, Demystification of Malware Traffic and Encrypted Traffic Identification.
Healthcare IT Security Threats & Ways to Defend ThemCheapSSLsecurity
Encryption is required under HIPAA to protect electronic personal healthcare information being transferred or stored. SSL encryption protects data in motion by encrypting connections between computers but other vulnerabilities need addressing. Healthcare organizations should educate employees, secure wireless networks, vet third parties, and limit potential network damage from breaches through measures like network segregation.
Intrusion detection and anomaly detection system using sequential pattern miningeSAT Journals
Abstract
Nowadays the security methods from password protected access up to firewalls which are used to secure the data as well as the networks from attackers. Several times these types of security methods are not enough to protect data. We can consider the use of Intrusion Detection Systems (IDS) is the one way to secure the data on critical systems. Most of the research work is going on the effectiveness and exactness of the intrusion detection, but these attempts are for the detection of the intrusions at the operating system and network level only. It is unable to detect the unexpected behavior of systems due to malicious transactions in databases. The method used for spotting any interferes on the information in the form of database known as database intrusion detection. It relies on enlisting the execution of a transaction. After that, if the recognized pattern is aside from those regular patterns actual is considered as an intrusion. But the identified problem with this process is that the accuracy algorithm which is used may not identify entire patterns. This type of challenges can affect in two ways. 1) Missing of the database with regular patterns. 2) The detection process neglects some new patterns. Therefore we proposed sequential data mining method by using new Modified Apriori Algorithm. The algorithm upturns the accurateness and rate of pattern detection by the process. The Apriori algorithm with modifications is used in the proposed model.
Keywords — Anomaly Detection, Modified Apriori Algorithm, Misuse detection, Sequential Pattern Mining
NETWORK INTRUSION DETECTION AND NODE RECOVERY USING DYNAMIC PATH ROUTINGNishanth Gandhidoss
This document describes a project report submitted for the degree of Bachelor of Technology in Information Technology. The report focuses on network intrusion detection and node recovery using dynamic path routing. It was submitted by three students - Nishanth G., Sudharshan N., and Surya Krishnan R. - to Sri Venkateswara College of Engineering in partial fulfillment of their degree requirements. The document includes sections on acknowledgements, abstract, contents, introduction, literature survey, system design, network topology, network intrusion detection and prevention, node recovery, source anonymity, dynamic path routing, results and discussions, and conclusions. It aims to address privacy and security issues in networks through techniques like encryption, evidence collection, risk assessment
This document discusses challenges in information assurance and authentication. It introduces common web authentication methods like SAML and Shibboleth that enable single sign-on across domains using federated identity. SAML allows sharing of authentication and authorization data in XML format. Shibboleth is an open source single sign-on system that uses SAML and allows identity federations. OpenID is also discussed as a decentralized authentication standard used by many websites. The document compares and contrasts these different authentication methods.
Antivirus software uses techniques like malware signatures, system monitoring, and machine learning to detect and remove viruses, malware, and other threats from computers. Key types include boot sector viruses, web scripting viruses, browser hijackers, and macro viruses. Popular antivirus programs provide multiple layers of protection through features like encryption, data backup, password security, and firewalls. 360 Total Security is an antivirus program that employs engines from Bitdefender and Avira to detect threats through heuristics and cloud-based scanning. It protects against risks like ransomware and unauthorized webcam access.
Network security is a dynamic art, with dangers appearing as fast as black hats can exploit vulnerabilities. While there are basic “golden rules” which can make life difficult for the bad guys, it remains a challenge to keep networks secure. John Chambers, Executive Chairman of Cisco, famously said “there are two types of companies: those that have been hacked, and those who don’t know they have been hacked”. The question for most organizations isn’t if they’re going to be breached, but how quickly they can isolate and mitigate the threat. In this paper, we’ll examine best practices for effective cybersecurity – from both a proactive (access hardening) and reactive (threat isolation and mitigation) perspective. We’ll address how network automation can help minimize cyberattacks by closing vulnerability gaps and how it can improve incident response times in the event of a cyberthreat. Finally, we’ll lay a vision for continuous network security, to explore how machine-to-machine automation may deliver an auto-securing and self-healing network.
Go to www.esgjrconsultinginc.com
Toward Continuous Cybersecurity With Network AutomationKen Flott
Network security is a dynamic art, with dangers appearing as
fast as black hats can exploit vulnerabilities. While there are
basic “golden rules” which can make life difficult for the bad
guys, it remains a challenge to keep networks secure. John
Chambers, Executive Chairman of Cisco, famously said “there
are two types of companies: those that have been hacked, and
those who don’t know they have been hacked”. The question
for most organizations isn’t if they’re going to be breached, but
how quickly they can isolate and mitigate the threat.
In this paper, we’ll examine best practices for effective
cybersecurity – from both a proactive (access hardening)
and reactive (threat isolation and mitigation) perspective.
We’ll address how network automation can help minimize
cyberattacks by closing vulnerability gaps and how it can
improve incident response times in the event of a cyberthreat.
Finally, we’ll lay a vision for continuous network security, to
explore how machine-to-machine automation may deliver an
auto-securing and self-healing network.
IT security in 2021: Why Ransomware Is Still The Biggest ThreatETech 7
Ransomware attacks continued to be a major threat in 2020 and will likely remain so in 2021. Ransomware encrypts users' files and demands ransom payments for the keys to decrypt them. It often infects systems through malicious attachments or links. Signs of infection include inability to access files, browser redirection, pop-ups, and crashes. Businesses can help prevent ransomware through employee education, backups, updated software/antivirus, disaster recovery plans, and managed security services.
This document discusses strategies for preventing data leakage. It proposes using a firewall to scan outgoing messages from employees and detect if they contain unauthorized transfers of sensitive data. If confidential information is detected in a message, the employee's ID would be reported to the administrator. The firewall would help enforce a data leakage prevention policy by identifying attempts to send protected information outside the authorized circle. The goal is to catch data leaks early before any damage occurs, since detection after the fact may be too late to remedy the situation. The proposed system aims to help organizations better safeguard their confidential information through proactive monitoring of employee communications.
Cybersecurity refers to protecting internet-connected systems, networks, programs, and data from malicious attacks. It aims to ensure confidentiality, integrity, and availability of data. The document discusses different types of cybersecurity including network security, application security, information security, identity management, operational security, mobile security, cloud security, and disaster recovery planning. It also covers common cybersecurity threats like malware, viruses, spyware, and describes their purpose and how they function. The overall goal of cybersecurity is to protect sensitive data and systems from unauthorized access or corruption.
The document discusses various aspects of computer security including common security fallacies, layers of security, security principles, threats, and an overview of security technologies. It describes physical security, host security, network security, and web application security as the key layers of security. It also defines basic security terminology and models like CIA triad, AAA, and the operational model involving prevention, detection, and response. Common security technologies discussed include encryption, firewalls, intrusion detection systems, antivirus software.
The document provides information about the Certified Computer Security Analyst (CCSA) program and training. It discusses the trainer, Semi Yulianto's qualifications and experience working with various security training and consulting organizations. It also lists some of the key topics covered in the CCSA training program, including vulnerabilities assessment, penetration testing methodology, security tools, and investigating vulnerabilities.
Enhanced method for intrusion detection over kdd cup 99 datasetijctet
This document discusses an enhanced method for intrusion detection using the KDD Cup 99 dataset. It aims to improve the accuracy of the dataset by analyzing the contribution of different attack classes to metrics like true positive rate and precision. The study examines these evaluation metrics for an intrusion detection system to identify which attack classes most impact recall and precision. The goal is to help improve the quality of the KDD Cup 99 dataset to achieve higher accuracy with lower false positives.
An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...ijtsrd
Millions of people worldwide have Internet access today. Intrusion detection technology is a modern wave of information technology monitoring devices to deter malicious activities. Malware development malicious software is a vital problem when it comes to designing intrusion detection systems IDS . The key challenge is to recognize unknown and hidden malware, because malware writers use various evasion techniques to mask information to avoid IDS detection. Malicious attacks have become more sophisticated and Furthermore, threats to security have increased, including a zero day attack on internet users. Through the use of IT in our daily lives, computer security has become critical. Cyber threats are becoming more complex and pose growing challenges when it comes to successful intrusion detection. Failure to prevent invading information, such as data privacy, integrity and availability can undermine the credibility of security services. Specific intrusion detection approaches were proposed in the literature to combat computer security threats. This paper consists of a literature survey of the IDS that uses program algorithms to use specific data collection and forensic techniques in real time. Data mining techniques for cyber research are introduced in support of intrusion detection. Mohammed I. Alghamdi "An Assessment of Intrusion Detection System (IDS) and Data-Set Overview: A Comprehensive Review of Recent Works" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-5 | Issue-2 , February 2021, URL: https://www.ijtsrd.com/papers/ijtsrd35730.pdf Paper Url: https://www.ijtsrd.com/computer-science/computer-security/35730/an-assessment-of-intrusion-detection-system-ids-and-dataset-overview-a-comprehensive-review-of-recent-works/mohammed-i-alghamdi
This document provides an overview of cyber security. It discusses the history and scale of cyber threats, principles of cyber security including confidentiality, integrity and availability. It describes different types of cyber security such as network security, application security and information security. It also outlines common cyber threats like cybercrime, cyberattacks and cyberterrorism. Additionally, it examines malicious actors, types of malware, hackers and cyber security strategies. The document emphasizes the importance of cyber security and provides tips for protecting against cyberattacks.
This document provides guidelines for organizations to prevent and respond to ransomware attacks. It recommends joining an information sharing organization and engaging with CISA to receive critical threat information and services. The document includes best practices for ransomware prevention, such as regularly backing up data offline, maintaining system images, patching software, securing remote access, and conducting phishing awareness training. It also provides tips to address infection vectors like internet-facing vulnerabilities, phishing emails, and precursor malware infections.
Protect Your IT Infrastructure from Zero-Day Attacks and New VulnerabilitiesSymantec
Protecting a business’s IT infrastructure is complex. Take, for example, a retailer operating a standard multi-tier infrastructure with both customer and partner portals. The infrastructure typically employs a mix of databases, in-house applications, third-party applications and web services, running in a heterogeneous OS environment and is constantly changing as technology advances and new business applications are added.
To ensure a base level of security and compliance, IT installs antivirus and uses a complex series of static network zones to protect the infrastructure.
This approach makes it difficult and slow to deploy new business applications and only provides protection from a casual attacker. The architecture becomes more complex as more applications and business services are introduced. Increasing IT infrastructure complexity also exacerbates existing challenges in protecting the environment from zero-day threats and from malicious actors eager to take advantage of newly discovered vulnerabilities.
Distribution Industry: What is Ransomware and How Does it Work?The TNS Group
Ransomware is a form of malware that essentially holds your system and files for ransom. When you’re hit with ransomware you have no access whatsoever to your data. It’s locked down but you still have the ability to access the ransom message from the cybercriminals. The message demands payment immediately, sometimes within 24 hours. It also includes what kind of payment which is sometimes an untraceable currency like Bitcoin.
This document discusses ransomware attacks and how to protect against them. It notes that ransomware attacks are increasingly common, with 79% of UK businesses reporting an attack in 2021. It describes the typical attack journey ransomware takes to infiltrate a network, highlighting how attackers target privileged admin credentials to access and encrypt important systems and backups. The document recommends implementing privileged access management (PAM) solutions to protect admin accounts and automate access, which can prevent attacks by restricting installs/changes and separating people from credentials. PAM provides security, auditability, and control while empowering users. The presentation promotes the Osirium Fast Protect PAM product.
Survey of apt and other attacks with reliable security schemes in manetijctet
This document summarizes security threats and challenges in mobile ad hoc networks (MANETs). It discusses advanced persistent threats (APTs) which aim to stealthily infiltrate networks to steal data. APTs use techniques like spear phishing and malware to infect systems. Malware types discussed include viruses, worms, trojans, and bots. The document also outlines requirements for securing MANETs against APTs, such as protecting devices and browsers from exploitation. Finally, it analyzes security issues in routing for MANETs and categorizes common routing protocols.
Fundamentals of information systems security ( pdf drive ) chapter 1newbie2019
This document discusses the growth of the internet and increased connectivity of devices beyond just computers. It notes that as internet usage has increased, issues of privacy, data security, and protecting sensitive information have become more important for both personal and business use. The document provides an overview of common security concepts and terms to help understand how to prevent cyberattacks and secure sensitive data. It also includes a table summarizing several high-profile data breaches between 2013-2015 at companies like Target, Anthem, and Sony Pictures that compromised personal and financial information for millions of customers.
The Next Generation Cognitive Security Operations Center: Network Flow Forens...Konstantinos Demertzis
A Security Operations Center (SOC) can be defined as an organized and highly skilled team that uses advanced computer forensics tools to prevent, detect and respond to cybersecurity incidents of an organization. The fundamental aspects of an effective SOC is related to the ability to examine and analyze the vast number of data flows and to correlate several other types of events from a cybersecurity perception. The supervision and categorization of network flow is an essential process not only for the scheduling, management, and regulation of the network’s services, but also for attacks identification and for the consequent forensics’ investigations. A serious potential disadvantage of the traditional software solutions used today for computer network monitoring, and specifically for the instances of effective categorization of the encrypted or obfuscated network flow, which enforces the rebuilding of messages packets in sophisticated underlying protocols, is the requirements of computational resources. In addition, an additional significant inability of these software packages is they create high false positive rates because they are deprived of accurate predicting mechanisms.
For all the reasons above, in most cases, the traditional software fails completely to recognize unidentified vulnerabilities and zero-day exploitations. This paper proposes a novel intelligence driven Network Flow Forensics Framework (NF3) which uses low utilization of computing power and resources, for the Next Generation Cognitive Computing SOC (NGC2SOC) that rely solely on advanced fully automated intelligence methods. It is an effective and accurate Ensemble Machine Learning forensics tool to Network Traffic Analysis, Demystification of Malware Traffic and Encrypted Traffic Identification.
Healthcare IT Security Threats & Ways to Defend ThemCheapSSLsecurity
Encryption is required under HIPAA to protect electronic personal healthcare information being transferred or stored. SSL encryption protects data in motion by encrypting connections between computers but other vulnerabilities need addressing. Healthcare organizations should educate employees, secure wireless networks, vet third parties, and limit potential network damage from breaches through measures like network segregation.
Intrusion detection and anomaly detection system using sequential pattern miningeSAT Journals
Abstract
Nowadays the security methods from password protected access up to firewalls which are used to secure the data as well as the networks from attackers. Several times these types of security methods are not enough to protect data. We can consider the use of Intrusion Detection Systems (IDS) is the one way to secure the data on critical systems. Most of the research work is going on the effectiveness and exactness of the intrusion detection, but these attempts are for the detection of the intrusions at the operating system and network level only. It is unable to detect the unexpected behavior of systems due to malicious transactions in databases. The method used for spotting any interferes on the information in the form of database known as database intrusion detection. It relies on enlisting the execution of a transaction. After that, if the recognized pattern is aside from those regular patterns actual is considered as an intrusion. But the identified problem with this process is that the accuracy algorithm which is used may not identify entire patterns. This type of challenges can affect in two ways. 1) Missing of the database with regular patterns. 2) The detection process neglects some new patterns. Therefore we proposed sequential data mining method by using new Modified Apriori Algorithm. The algorithm upturns the accurateness and rate of pattern detection by the process. The Apriori algorithm with modifications is used in the proposed model.
Keywords — Anomaly Detection, Modified Apriori Algorithm, Misuse detection, Sequential Pattern Mining
NETWORK INTRUSION DETECTION AND NODE RECOVERY USING DYNAMIC PATH ROUTINGNishanth Gandhidoss
This document describes a project report submitted for the degree of Bachelor of Technology in Information Technology. The report focuses on network intrusion detection and node recovery using dynamic path routing. It was submitted by three students - Nishanth G., Sudharshan N., and Surya Krishnan R. - to Sri Venkateswara College of Engineering in partial fulfillment of their degree requirements. The document includes sections on acknowledgements, abstract, contents, introduction, literature survey, system design, network topology, network intrusion detection and prevention, node recovery, source anonymity, dynamic path routing, results and discussions, and conclusions. It aims to address privacy and security issues in networks through techniques like encryption, evidence collection, risk assessment
This document discusses challenges in information assurance and authentication. It introduces common web authentication methods like SAML and Shibboleth that enable single sign-on across domains using federated identity. SAML allows sharing of authentication and authorization data in XML format. Shibboleth is an open source single sign-on system that uses SAML and allows identity federations. OpenID is also discussed as a decentralized authentication standard used by many websites. The document compares and contrasts these different authentication methods.
Antivirus software uses techniques like malware signatures, system monitoring, and machine learning to detect and remove viruses, malware, and other threats from computers. Key types include boot sector viruses, web scripting viruses, browser hijackers, and macro viruses. Popular antivirus programs provide multiple layers of protection through features like encryption, data backup, password security, and firewalls. 360 Total Security is an antivirus program that employs engines from Bitdefender and Avira to detect threats through heuristics and cloud-based scanning. It protects against risks like ransomware and unauthorized webcam access.
Network security is a dynamic art, with dangers appearing as fast as black hats can exploit vulnerabilities. While there are basic “golden rules” which can make life difficult for the bad guys, it remains a challenge to keep networks secure. John Chambers, Executive Chairman of Cisco, famously said “there are two types of companies: those that have been hacked, and those who don’t know they have been hacked”. The question for most organizations isn’t if they’re going to be breached, but how quickly they can isolate and mitigate the threat. In this paper, we’ll examine best practices for effective cybersecurity – from both a proactive (access hardening) and reactive (threat isolation and mitigation) perspective. We’ll address how network automation can help minimize cyberattacks by closing vulnerability gaps and how it can improve incident response times in the event of a cyberthreat. Finally, we’ll lay a vision for continuous network security, to explore how machine-to-machine automation may deliver an auto-securing and self-healing network.
Go to www.esgjrconsultinginc.com
Toward Continuous Cybersecurity With Network AutomationKen Flott
Network security is a dynamic art, with dangers appearing as
fast as black hats can exploit vulnerabilities. While there are
basic “golden rules” which can make life difficult for the bad
guys, it remains a challenge to keep networks secure. John
Chambers, Executive Chairman of Cisco, famously said “there
are two types of companies: those that have been hacked, and
those who don’t know they have been hacked”. The question
for most organizations isn’t if they’re going to be breached, but
how quickly they can isolate and mitigate the threat.
In this paper, we’ll examine best practices for effective
cybersecurity – from both a proactive (access hardening)
and reactive (threat isolation and mitigation) perspective.
We’ll address how network automation can help minimize
cyberattacks by closing vulnerability gaps and how it can
improve incident response times in the event of a cyberthreat.
Finally, we’ll lay a vision for continuous network security, to
explore how machine-to-machine automation may deliver an
auto-securing and self-healing network.
IRJET- Zombie - Venomous File: Analysis using Legitimate Signature for Securi...IRJET Journal
The document discusses a proposed method for detecting viruses and malware that evade existing antivirus software. It uses a combination of analyzing files with VirusTotal's database of known threats and applying natural language processing techniques like suffix trees and TF-IDF to identify malicious patterns in files. An evaluation shows the proposed method can detect viruses that existing antivirus and VirusTotal miss, achieving a 97% accuracy rate in testing.
Cybersecurity Interview Questions and Answers.pdfJazmine Brown
Cyber security professionals are in high demand, and those willing to learn new skills to enter the area will have plenty of opportunities. Our goal is to present you with the most comprehensive selection of cybersecurity interview questions available.
Kudler Fine Foods IT Security Report And Presentation –...Lana Sorrels
The document discusses network security for a small accounting firm. It proposes implementing a network with firewall protection, wireless access points, antivirus software, and user training. A vulnerability assessment is recommended to identify security risks before deploying the network. The network design aims to protect client financial data from theft or loss while enabling file sharing and internet access for employees.
Cyber security involves implementing layers of security and protection against digital attacks across computers, devices, systems, and networks. Organizations use frameworks to detect and identify threats, protect assets, and recover from attacks. There are various types of cyber security threats including cybercrime, cyberterrorism, and cyberattacks. Performing risk assessments is important to understand potential security risks and impacts. Assessments involve identifying risks, analyzing likelihood and impacts, developing controls, documenting processes, and ongoing monitoring. Common security risks include viruses/malware, phishing, ransomware, and denial of service attacks. Organizations should use various security testing methods like audits, penetration testing, and vulnerability scanning to regularly evaluate security weaknesses.
This document summarizes a research paper on developing a honey pot intrusion detection system. The paper introduces cyber warfare as a growing threat and the need for effective network security. It then describes designing and implementing a honey pot IDS to detect potential threats on a host system by emulating network services and monitoring connections. The IDS would use event correlation, log analysis, alerting and policy enforcement. The document provides background on intrusions, IDS testing methodology, and reasons why only creating secure systems is not enough to prevent all intrusions.
Cyber Warfare is the current single greatest emerging threat to National Security. Network security has become an essential component of any computer network. As computer networks and systems become ever more fundamental to modern society, concerns about security has become increasingly important. There are a multitude of different applications open source and proprietary available for the protection +-system administrator, to decide on the most suitable format for their purpose requires knowledge of the available safety measures, their features and how they affect the quality of service, as well as the kind of data they will be allowing through un flagged. A majority of methods currently used to ensure the quality of a networks service are signature based. From this information, and details on the specifics of popular applications and their implementation methods, we have carried through the ideas, incorporating our own opinions, to formulate suggestions on how this could be done on a general level. The main objective was to design and develop an Intrusion Detection System. While the minor objectives were to; Design a port scanner to determine potential threats and mitigation techniques to withstand these attacks. Implement the system on a host and Run and test the designed IDS. In this project we set out to develop a Honey Pot IDS System. It would make it easy to listen on a range of ports and emulate a network protocol to track and identify any individuals trying to connect to your system. This IDS will use the following design approaches: Event correlation, Log analysis, Alerting, and policy enforcement. Intrusion Detection Systems (IDSs) attempt to identify unauthorized use, misuse, and abuse of computer systems. In response to the growth in the use and development of IDSs, we have developed a methodology for testing IDSs. The methodology consists of techniques from the field of software testing which we have adapted for the specific purpose of testing IDSs. In this paper, we identify a set of general IDS performance objectives which is the basis for the methodology. We present the details of the methodology, including strategies for test-case selection and specific testing procedures. We include quantitative results from testing experiments on the Network Security Monitor (NSM), an IDS developed at UC Davis. We present an overview of the software platform that we have used to create user-simulation scripts for testing experiments. The platform consists of the UNIX tool expect and enhancements that we have developed, including mechanisms for concurrent scripts and a record-and-replay feature. We also provide background information on intrusions and IDSs to motivate our work.
This document discusses securing healthcare networks against cyber attacks. It proposes using intrusion detection systems to continuously monitor networks, firewalls to ensure endpoint devices comply with security policies, and biometrics for identity-based network access control. This would help protect patient privacy by safeguarding electronic health records and enhancing the security of hospital networks. The growing adoption of electronic records and devices in healthcare has increased risks of attacks that could intercept patient data or take over entire hospital networks. Strong network security measures are needed to address these risks.
This document discusses controls for protecting critical information infrastructure from cyberattacks. It begins by examining vulnerabilities in critical information infrastructure that cyberthreats exploit to launch attacks, such as software vulnerabilities, personnel vulnerabilities, and network protocol vulnerabilities. It then analyzes various cyberthreats like malware, distributed denial of service attacks, cyberwarfare, and social engineering that target these vulnerabilities. The document proposes implementing a system of preventive, detective, and corrective security controls based on general systems theory to address the vulnerabilities. Finally, it presents a model for securing critical information infrastructure that is currently insecure.
A Presentation On Basic Network Security And Viruses For College Level. Basics on Networking, Network Security, Virus, Spyware, Vulnerability, Hacking And Indian Laws To Prevent Hacking
Looking to understand how hackers and other attackers use cyber technology to attack your network and your executives? This slide set provides an overview and details the anatomy of a cyber attack, and the strategies you can use to manage and mitigate risk.
Johnson County Community College Cyber Security: A Brief Overview for Programmers by David Chaponniere discusses cyber security threats facing programmers as more devices connect to the internet. It outlines common attacks like phishing, use of vulnerable components, and cross-site scripting. The document recommends programmers prevent attacks through continuous education on latest threats, keeping code updated, testing for security flaws, and restricting access to sensitive code. With billions more devices expected to connect by 2020, protecting user privacy and data from attacks will be vital for technology to safely enhance daily life.
Contending Malware Threat using Hybrid Security ModelIRJET Journal
The document proposes a hybrid security model to combat malware threats across different types of IT systems. It analyzes positive and negative security models and their advantages and disadvantages. A hybrid model is proposed that uses a combination of whitelisting, blacklisting, firewalls, antivirus software and other tools depending on the system type. For example, corporate systems would use application whitelisting to only allow approved enterprise apps, while home systems rely more on antivirus and firewalls for flexibility. The goal is to provide effective security tailored to each system's environment and business needs.
Type of Security Threats and its Preventionijsrd.com
Security is a branch of computer technology known as information security as applied to computers and networks. The objective of online security includes protection of information and property from theft, corruption, or threats attack, while allowing the information and property to remain accessible and productive to its intended users. The term online system security means the collective processes and mechanisms by which sensitive and valuable information and services are protected from publication, tampering or collapse by unauthorized activities or untrustworthy individuals and unplanned events respectively. The basic aim of this article is to Prevention against unauthorized security Attack and Threats.
Basic Home Computer Network And Computer Network Security...Jennifer Letterman
The document discusses computer network security planning and risks for home networks. It notes that careful planning is important for robust security, and a security plan should consider a wide range of risks and vulnerabilities to develop a strategy to reduce exposure. Key security risks for home networks include what needs protection and common vulnerabilities like hacking, malware, and insecure network architecture/design. The document also lists vulnerabilities like weak passwords and outlines ways to identify and address vulnerabilities through scanning and auditing.
Network security involves implementing multiple layers of defenses to protect a network from threats. It includes technologies like firewalls, antivirus software, and intrusion detection systems to manage access and detect malware and exploits. As networks increasingly face hacking threats, strong network security tools are essential for organizations to protect their systems, data, and reputation. Network security strategies aim to authorize only legitimate users while blocking malicious actors from harming the network.
Similar to Designing Security Assessment of Client Server System using Attack Tree Modeling (20)
‘Six Sigma Technique’ A Journey Through its Implementationijtsrd
The manufacturing industries all over the world are facing tough challenges for growth, development and sustainability in today’s competitive environment. They have to achieve apex position by adapting with the global competitive environment by delivering goods and services at low cost, prime quality and better price to increase wealth and consumer satisfaction. Cost Management ensures profit, growth and sustainability of the business with implementation of Continuous Improvement Technique like Six Sigma. This leads to optimize Business performance. The method drives for customer satisfaction, low variation, reduction in waste and cycle time resulting into a competitive advantage over other industries which did not implement it. The main objective of this paper ‘Six Sigma Technique A Journey Through Its Implementation’ is to conceptualize the effectiveness of Six Sigma Technique through the journey of its implementation. Aditi Sunilkumar Ghosalkar "‘Six Sigma Technique’: A Journey Through its Implementation" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-8 | Issue-1 , February 2024, URL: https://www.ijtsrd.com/papers/ijtsrd64546.pdf Paper Url: https://www.ijtsrd.com/other-scientific-research-area/other/64546/‘six-sigma-technique’-a-journey-through-its-implementation/aditi-sunilkumar-ghosalkar
Edge Computing in Space Enhancing Data Processing and Communication for Space...ijtsrd
Edge computing, a paradigm that involves processing data closer to its source, has gained significant attention for its potential to revolutionize data processing and communication in space missions. With the increasing complexity and data volume generated by modern space missions, traditional centralized computing approaches face challenges related to latency, bandwidth, and security. Edge computing in space, involving on board processing and analysis of data, offers promising solutions to these challenges. This paper explores the concept of edge computing in space, its benefits, applications, and future prospects in enhancing space missions. Manish Verma "Edge Computing in Space: Enhancing Data Processing and Communication for Space Missions" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-8 | Issue-1 , February 2024, URL: https://www.ijtsrd.com/papers/ijtsrd64541.pdf Paper Url: https://www.ijtsrd.com/computer-science/artificial-intelligence/64541/edge-computing-in-space-enhancing-data-processing-and-communication-for-space-missions/manish-verma
Dynamics of Communal Politics in 21st Century India Challenges and Prospectsijtsrd
Communal politics in India has evolved through centuries, weaving a complex tapestry shaped by historical legacies, colonial influences, and contemporary socio political transformations. This research comprehensively examines the dynamics of communal politics in 21st century India, emphasizing its historical roots, socio political dynamics, economic implications, challenges, and prospects for mitigation. The historical perspective unravels the intricate interplay of religious identities and power dynamics from ancient civilizations to the impact of colonial rule, providing insights into the evolution of communalism. The socio political dynamics section delves into the contemporary manifestations, exploring the roles of identity politics, socio economic disparities, and globalization. The economic implications section highlights how communal politics intersects with economic issues, perpetuating disparities and influencing resource allocation. Challenges posed by communal politics are scrutinized, revealing multifaceted issues ranging from social fragmentation to threats against democratic values. The prospects for mitigation present a multifaceted approach, incorporating policy interventions, community engagement, and educational initiatives. The paper conducts a comparative analysis with international examples, identifying common patterns such as identity politics and economic disparities. It also examines unique challenges, emphasizing Indias diverse religious landscape, historical legacy, and secular framework. Lessons for effective strategies are drawn from international experiences, offering insights into inclusive policies, interfaith dialogue, media regulation, and global cooperation. By scrutinizing historical epochs, contemporary dynamics, economic implications, and international comparisons, this research provides a comprehensive understanding of communal politics in India. The proposed strategies for mitigation underscore the importance of a holistic approach to foster social harmony, inclusivity, and democratic values. Rose Hossain "Dynamics of Communal Politics in 21st Century India: Challenges and Prospects" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-8 | Issue-1 , February 2024, URL: https://www.ijtsrd.com/papers/ijtsrd64528.pdf Paper Url: https://www.ijtsrd.com/humanities-and-the-arts/history/64528/dynamics-of-communal-politics-in-21st-century-india-challenges-and-prospects/rose-hossain
Assess Perspective and Knowledge of Healthcare Providers Towards Elehealth in...ijtsrd
Background and Objective Telehealth has become a well known tool for the delivery of health care in Saudi Arabia, and the perspective and knowledge of healthcare providers are influential in the implementation, adoption and advancement of the method. This systematic review was conducted to examine the current literature base regarding telehealth and the related healthcare professional perspective and knowledge in the Kingdom of Saudi Arabia. Materials and Methods This systematic review was conducted by searching 7 databases including, MEDLINE, CINHAL, Web of Science, Scopus, PubMed, PsycINFO, and ProQuest Central. Studies on healthcare practitioners telehealth knowledge and perspectives published in English in Saudi Arabia from 2000 to 2023 were included. Boland directed this comprehensive review. The researchers examined each connected study using the AXIS tool, which evaluates cross sectional systematic reviews. Narrative synthesis was used to summarise and convey the data. Results Out of 1840 search results, 10 studies were included. Positive outlook and limited knowledge among providers were seen across trials. Healthcare professionals like telehealth for its ability to improve quality, access, and delivery, save time and money, and be successful. Age, gender, occupation, and work experience also affect health workers knowledge. In Saudi Arabia, healthcare professionals face inadequate expert assistance, patient privacy, internet connection concerns, lack of training courses, lack of telehealth understanding, and high costs while performing telemedicine. Conclusions Healthcare practitioners telehealth perceptions and knowledge were examined in this systematic study. Its collection of concerned experts different personal attitudes and expertise would help enhance telehealths implementation in Saudi Arabia, develop its healthcare delivery alternative, and eliminate frequent problems. Badriah Mousa I Mulayhi | Dr. Jomin George | Judy Jenkins "Assess Perspective and Knowledge of Healthcare Providers Towards Elehealth in Saudi Arabia: A Systematic Review" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-8 | Issue-1 , February 2024, URL: https://www.ijtsrd.com/papers/ijtsrd64535.pdf Paper Url: https://www.ijtsrd.com/medicine/other/64535/assess-perspective-and-knowledge-of-healthcare-providers-towards-elehealth-in-saudi-arabia-a-systematic-review/badriah-mousa-i-mulayhi
The Impact of Digital Media on the Decentralization of Power and the Erosion ...ijtsrd
The impact of digital media on the distribution of power and the weakening of traditional gatekeepers has gained considerable attention in recent years. The adoption of digital technologies and the internet has resulted in declining influence and power for traditional gatekeepers such as publishing houses and news organizations. Simultaneously, digital media has facilitated the emergence of new voices and players in the media industry. Digital medias impact on power decentralization and gatekeeper erosion is visible in several ways. One significant aspect is the democratization of information, which enables anyone with an internet connection to publish and share content globally, leading to citizen journalism and bypassing traditional gatekeepers. Another aspect is the disruption of conventional media industry business models, as traditional organizations struggle to adjust to the decrease in advertising revenue and the rise of digital platforms. Alternative business models, such as subscription models and crowdfunding, have become more prevalent, leading to the emergence of new players. Overall, the impact of digital media on the distribution of power and the weakening of traditional gatekeepers has brought about significant changes in the media landscape and the way information is shared. Further research is required to fully comprehend the implications of these changes and their impact on society. Dr. Kusum Lata "The Impact of Digital Media on the Decentralization of Power and the Erosion of Traditional Gatekeepers" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-8 | Issue-1 , February 2024, URL: https://www.ijtsrd.com/papers/ijtsrd64544.pdf Paper Url: https://www.ijtsrd.com/humanities-and-the-arts/political-science/64544/the-impact-of-digital-media-on-the-decentralization-of-power-and-the-erosion-of-traditional-gatekeepers/dr-kusum-lata
Online Voices, Offline Impact Ambedkars Ideals and Socio Political Inclusion ...ijtsrd
This research investigates the nexus between online discussions on Dr. B.R. Ambedkars ideals and their impact on social inclusion among college students in Gurugram, Haryana. Surveying 240 students from 12 government colleges, findings indicate that 65 actively engage in online discussions, with 80 demonstrating moderate to high awareness of Ambedkars ideals. Statistically significant correlations reveal that higher online engagement correlates with increased awareness p 0.05 and perceived social inclusion. Variations across colleges and a notable effect of college type on perceived social inclusion highlight the influence of contextual factors. Furthermore, the intersectional analysis underscores nuanced differences based on gender, caste, and socio economic status. Dr. Kusum Lata "Online Voices, Offline Impact: Ambedkar's Ideals and Socio-Political Inclusion - A Study of Gurugram District" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-8 | Issue-1 , February 2024, URL: https://www.ijtsrd.com/papers/ijtsrd64543.pdf Paper Url: https://www.ijtsrd.com/humanities-and-the-arts/political-science/64543/online-voices-offline-impact-ambedkars-ideals-and-sociopolitical-inclusion--a-study-of-gurugram-district/dr-kusum-lata
Problems and Challenges of Agro Entreprenurship A Studyijtsrd
Noting calls for contextualizing Agro entrepreneurs problems and challenges of the agro entrepreneurs and for greater attention to the Role of entrepreneurs in agro entrepreneurship research, we conduct a systematic literature review of extent research in agriculture entrepreneurship to overcome the study objectives of complications of agro entrepreneurs through various factors, Development of agriculture products is a key factor for the overall economic growth of agro entrepreneurs Agro Entrepreneurs produces firsthand large scale employment, utilizes the labor and natural resources, This research outlines the problems of Weather and Soil Erosions, Market price fluctuation, stimulates labor cost problems, reduces concentration of Price volatility, Dependency on Intermediaries, induces Limited Bargaining Power, and Storage and Transportation Costs. This paper mainly devoted to highlight Problems and challenges faced for the sustainable of Agro Entrepreneurs in India. Vinay Prasad B "Problems and Challenges of Agro Entreprenurship - A Study" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-8 | Issue-1 , February 2024, URL: https://www.ijtsrd.com/papers/ijtsrd64540.pdf Paper Url: https://www.ijtsrd.com/other-scientific-research-area/other/64540/problems-and-challenges-of-agro-entreprenurship--a-study/vinay-prasad-b
Comparative Analysis of Total Corporate Disclosure of Selected IT Companies o...ijtsrd
Disclosure is a process through which a business enterprise communicates with external parties. A corporate disclosure is communication of financial and non financial information of the activities of a business enterprise to the interested entities. Corporate disclosure is done through publishing annual reports. So corporate disclosure through annual reports plays a vital role in the life of all the companies and provides valuable information to investors. The basic objectives of corporate disclosure is to give a true and fair view of companies to the parties related either directly or indirectly like owner, government, creditors, shareholders etc. in the companies act, provisions have been made about mandatory and voluntary disclosure. The IT sector in India is rapidly growing, the trend to invest in the IT sector is rising and employment opportunities in IT sectors are also increasing. Therefore the IT sector is expected to have fair, full and adequate disclosure of all information. Unfair and incomplete disclosure may adversely affect the entire economy. A research study on disclosure practices of IT companies could play an important role in this regard. Hence, the present research study has been done to study and review comparative analysis of total corporate disclosure of selected IT companies of India and to put forward overall findings and suggestions with a view to increase disclosure score of these companies. The researcher hopes that the present research study will be helpful to all selected Companies for improving level of corporate disclosure through annual reports as well as the government, creditors, investors, all business organizations and upcoming researcher for comparative analyses of level of corporate disclosure with special reference to selected IT companies. Dr. Vaibhavi D. Thaker "Comparative Analysis of Total Corporate Disclosure of Selected IT Companies of India" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-8 | Issue-1 , February 2024, URL: https://www.ijtsrd.com/papers/ijtsrd64539.pdf Paper Url: https://www.ijtsrd.com/other-scientific-research-area/other/64539/comparative-analysis-of-total-corporate-disclosure-of-selected-it-companies-of-india/dr-vaibhavi-d-thaker
The Impact of Educational Background and Professional Training on Human Right...ijtsrd
This study investigated the impact of educational background and professional training on human rights awareness among secondary school teachers in the Marathwada region of Maharashtra, India. The key findings reveal that higher levels of education, particularly a master’s degree, and fields of study related to education, humanities, or social sciences are associated with greater human rights awareness among teachers. Additionally, both pre service teacher training and in service professional development programs focused on human rights education significantly enhance teacher’s knowledge, skills, and competencies in promoting human rights principles in their classrooms. Baig Ameer Bee Mirza Abdul Aziz | Dr. Syed Azaz Ali Amjad Ali "The Impact of Educational Background and Professional Training on Human Rights Awareness among Secondary School Teachers" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-8 | Issue-1 , February 2024, URL: https://www.ijtsrd.com/papers/ijtsrd64529.pdf Paper Url: https://www.ijtsrd.com/humanities-and-the-arts/education/64529/the-impact-of-educational-background-and-professional-training-on-human-rights-awareness-among-secondary-school-teachers/baig-ameer-bee-mirza-abdul-aziz
A Study on the Effective Teaching Learning Process in English Curriculum at t...ijtsrd
“One Language sets you in a corridor for life. Two languages open every door along the way” Frank Smith English as a foreign language or as a second language has been ruling in India since the period of Lord Macaulay. But the question is how much we teach or learn English properly in our culture. Is there any scope to use English as a language rather than a subject How much we learn or teach English without any interference of mother language specially in the classroom teaching learning scenario in West Bengal By considering all these issues the researcher has attempted in this article to focus on the effective teaching learning process comparing to other traditional strategies in the field of English curriculum at the secondary level to investigate whether they fulfill the present teaching learning requirements or not by examining the validity of the present curriculum of English. The purpose of this study is to focus on the effectiveness of the systematic, scientific, sequential and logical transaction of the course between the teachers and the learners in the perspective of the 5Es programme that is engage, explore, explain, extend and evaluate. Sanchali Mondal | Santinath Sarkar "A Study on the Effective Teaching Learning Process in English Curriculum at the Secondary Level of West Bengal" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-8 | Issue-1 , February 2024, URL: https://www.ijtsrd.com/papers/ijtsrd62412.pdf Paper Url: https://www.ijtsrd.com/humanities-and-the-arts/education/62412/a-study-on-the-effective-teaching-learning-process-in-english-curriculum-at-the-secondary-level-of-west-bengal/sanchali-mondal
The Role of Mentoring and Its Influence on the Effectiveness of the Teaching ...ijtsrd
This paper reports on a study which was conducted to investigate the role of mentoring and its influence on the effectiveness of the teaching of Physics in secondary schools in the South West Region of Cameroon. The study adopted the convergent parallel mixed methods design, focusing on respondents in secondary schools in the South West Region of Cameroon. Both quantitative and qualitative data were collected, analysed separately, and the results were compared to see if the findings confirm or disconfirm each other. The quantitative analysis found that majority of the respondents 72 of Physics teachers affirmed that they had more experienced colleagues as mentors to help build their confidence, improve their teaching, and help them improve their effectiveness and efficiency in guiding learners’ achievements. Only 28 of the respondents disagreed with these statements. With majority respondents 72 agreeing with the statements, it implies that in most secondary schools, experienced Physics teachers act as mentors to build teachers’ confidence in teaching and improving students’ learning. The interview qualitative data analysis summarized how secondary school Principals use meetings with mentors and mentees to promote mentorship in the school milieu. This has helped strengthen teachers’ classroom practices in secondary schools in the South West Region of Cameroon. With the results confirming each other, the study recommends that mentoring should focus on helping teachers employ social interactions and instructional practices feedback and clarity in teaching that have direct measurable impact on students’ learning achievements. Andrew Ngeim Sumba | Frederick Ebot Ashu | Peter Agborbechem Tambi "The Role of Mentoring and Its Influence on the Effectiveness of the Teaching of Physics in Secondary Schools in the South West Region of Cameroon" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-8 | Issue-1 , February 2024, URL: https://www.ijtsrd.com/papers/ijtsrd64524.pdf Paper Url: https://www.ijtsrd.com/management/management-development/64524/the-role-of-mentoring-and-its-influence-on-the-effectiveness-of-the-teaching-of-physics-in-secondary-schools-in-the-south-west-region-of-cameroon/andrew-ngeim-sumba
Design Simulation and Hardware Construction of an Arduino Microcontroller Bas...ijtsrd
This study primarily focuses on the design of a high side buck converter using an Arduino microcontroller. The converter is specifically intended for use in DC DC applications, particularly in standalone solar PV systems where the PV output voltage exceeds the load or battery voltage. To evaluate the performance of the converter, simulation experiments are conducted using Proteus Software. These simulations provide insights into the input and output voltages, currents, powers, and efficiency under different state of charge SoC conditions of a 12V,70Ah rechargeable lead acid battery. Additionally, the hardware design of the converter is implemented, and practical data is collected through operation, monitoring, and recording. By comparing the simulation results with the practical results, the efficiency and performance of the designed converter are assessed. The findings indicate that while the buck converter is suitable for practical use in standalone PV systems, its efficiency is compromised due to a lower output current. Chan Myae Aung | Dr. Ei Mon "Design Simulation and Hardware Construction of an Arduino-Microcontroller Based DC-DC High-Side Buck Converter for Standalone PV System" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-8 | Issue-1 , February 2024, URL: https://www.ijtsrd.com/papers/ijtsrd64518.pdf Paper Url: https://www.ijtsrd.com/engineering/mechanical-engineering/64518/design-simulation-and-hardware-construction-of-an-arduinomicrocontroller-based-dcdc-highside-buck-converter-for-standalone-pv-system/chan-myae-aung
Sustainable Energy by Paul A. Adekunte | Matthew N. O. Sadiku | Janet O. Sadikuijtsrd
Energy becomes sustainable if it meets the needs of the present without compromising the ability of future generations to meet their own needs. Some of the definitions of sustainable energy include the considerations of environmental aspects such as greenhouse gas emissions, social, and economic aspects such as energy poverty. Generally far more sustainable than fossil fuel are renewable energy sources such as wind, hydroelectric power, solar, and geothermal energy sources. Worthy of note is that some renewable energy projects, like the clearing of forests to produce biofuels, can cause severe environmental damage. The sustainability of nuclear power which is a low carbon source is highly debated because of concerns about radioactive waste, nuclear proliferation, and accidents. The switching from coal to natural gas has environmental benefits, including a lower climate impact, but could lead to delay in switching to more sustainable options. “Carbon capture and storage” can be built into power plants to remove the carbon dioxide CO2 emissions, but this technology is expensive and has rarely been implemented. Leading non renewable energy sources around the world is fossil fuels, coal, petroleum, and natural gas. Nuclear energy is usually considered another non renewable energy source, although nuclear energy itself is a renewable energy source, but the material used in nuclear power plants is not. The paper addresses the issue of sustainable energy, its attendant benefits to the future generation, and humanity in general. Paul A. Adekunte | Matthew N. O. Sadiku | Janet O. Sadiku "Sustainable Energy" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-8 | Issue-1 , February 2024, URL: https://www.ijtsrd.com/papers/ijtsrd64534.pdf Paper Url: https://www.ijtsrd.com/engineering/electrical-engineering/64534/sustainable-energy/paul-a-adekunte
Concepts for Sudan Survey Act Implementations Executive Regulations and Stand...ijtsrd
This paper aims to outline the executive regulations, survey standards, and specifications required for the implementation of the Sudan Survey Act, and for regulating and organizing all surveying work activities in Sudan. The act has been discussed for more than 5 years. The Land Survey Act was initiated by the Sudan Survey Authority and all official legislations were headed by the Sudan Ministry of Justice till it was issued in 2022. The paper presents conceptual guidelines to be used for the Survey Act implementation and to regulate the survey work practice, standardizing the field surveys, processing, quality control, procedures, and the processes related to survey work carried out by the stakeholders and relevant authorities in Sudan. The conceptual guidelines are meant to improve the quality and harmonization of geospatial data and to aid decision making processes as well as geospatial information systems. The established comprehensive executive regulations will govern and regulate the implementation of the Sudan Survey Geomatics Act in all surveying and mapping practices undertaken by the Sudan Survey Authority SSA and state local survey departments for public or private sector organizations. The targeted standards and specifications include the reference frame, projection, coordinate systems, and the guidelines and specifications that must be followed in the field of survey work, processes, and mapping products. In the last few decades, there has been a growing awareness of the importance of geomatics activities and measurements on the Earths surface in space and time, together with observing and mapping the changes. In such cases, data must be captured promptly, standardized, and obtained with more accuracy and specified in much detail. The paper will also highlight the current situation in Sudan, the degree to which survey standards are used, the problems encountered, and the errors that arise from not using the standards and survey specifications. Kamal A. A. Sami "Concepts for Sudan Survey Act Implementations - Executive Regulations and Standards" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-8 | Issue-1 , February 2024, URL: https://www.ijtsrd.com/papers/ijtsrd63484.pdf Paper Url: https://www.ijtsrd.com/engineering/civil-engineering/63484/concepts-for-sudan-survey-act-implementations--executive-regulations-and-standards/kamal-a-a-sami
Towards the Implementation of the Sudan Interpolated Geoid Model Khartoum Sta...ijtsrd
The discussions between ellipsoid and geoid have invoked many researchers during the recent decades, especially during the GNSS technology era, which had witnessed a great deal of development but still geoid undulation requires more investigations. To figure out a solution for Sudans local geoid, this research has tried to intake the possibility of determining the geoid model by following two approaches, gravimetric and geometrical geoid model determination, by making use of GNSS leveling benchmarks at Khartoum state. The Benchmarks are well distributed in the study area, in which, the horizontal coordinates and the height above the ellipsoid have been observed by GNSS while orthometric heights were carried out using precise leveling. The Global Geopotential Model GGM represented in EGM2008 has been exploited to figure out the geoid undulation at the benchmarks in the study area. This is followed by a fitting process, that has been done to suit the geoid undulation data which has been computed using GNSS leveling data and geoid undulation inspired by the EGM2008. Two geoid surfaces were created after the fitting process to ensure that they are identical and both of them could be counted for getting the same geoid undulation with an acceptable accuracy. In this respect, statistical operation played an important role in ensuring the consistency and integrity of the model by applying cross validation techniques splitting the data into training and testing datasets for building the geoid model and testing its eligibility. The geometrical solution for geoid undulation computation has been utilized by applying straightforward equations that facilitate the calculation of the geoid undulation directly through applying statistical techniques for the GNSS leveling data of the study area to get the common equation parameters values that could be utilized to calculate geoid undulation of any position in the study area within the claimed accuracy. Both systems were checked and proved eligible to be used within the study area with acceptable accuracy which may contribute to solving the geoid undulation problem in the Khartoum area, and be further generalized to determine the geoid model over the entire country, and this could be considered in the future, for regional and continental geoid model. Ahmed M. A. Mohammed. | Kamal A. A. Sami "Towards the Implementation of the Sudan Interpolated Geoid Model (Khartoum State Case Study)" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-8 | Issue-1 , February 2024, URL: https://www.ijtsrd.com/papers/ijtsrd63483.pdf Paper Url: https://www.ijtsrd.com/engineering/civil-engineering/63483/towards-the-implementation-of-the-sudan-interpolated-geoid-model-khartoum-state-case-study/ahmed-m-a-mohammed
Activating Geospatial Information for Sudans Sustainable Investment Mapijtsrd
Sudan is witnessing an acceleration in the processes of development and transformation in the performance of government institutions to raise the productivity and investment efficiency of the government sector. The development plans and investment opportunities have focused on achieving national goals in various sectors. This paper aims to illuminate the path to the future and provide geospatial data and information to develop the investment climate and environment for all sized businesses, and to bridge the development gap between the Sudan states. The Sudan Survey Authority SSA is the main advisor to the Sudan Government in conducting surveying, mappings, designing, and developing systems related to geospatial data and information. In recent years, SSA made a strategic partnership with the Ministry of Investment to activate Geospatial Information for Sudans Sustainable Investment and in particular, for the preparation and implementation of the Sudan investment map, based on the directives and objectives of the Ministry of Investment MI in Sudan. This paper comes within the framework of activating the efforts of the Ministry of Investment to develop technical investment services by applying techniques adopted by the Ministry and its strategic partners for advancing investment processes in the country. Kamal A. A. Sami "Activating Geospatial Information for Sudan's Sustainable Investment Map" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-8 | Issue-1 , February 2024, URL: https://www.ijtsrd.com/papers/ijtsrd63482.pdf Paper Url: https://www.ijtsrd.com/engineering/information-technology/63482/activating-geospatial-information-for-sudans-sustainable-investment-map/kamal-a-a-sami
Educational Unity Embracing Diversity for a Stronger Societyijtsrd
In a rapidly changing global landscape, the importance of education as a unifying force cannot be overstated. This paper explores the crucial role of educational unity in fostering a stronger and more inclusive society through the embrace of diversity. By examining the benefits of diverse learning environments, the paper aims to highlight the positive impact on societal strength. The discussion encompasses various dimensions, from curriculum design to classroom dynamics, and emphasizes the need for educational institutions to become catalysts for unity in diversity. It highlights the need for a paradigm shift in educational policies, curricula, and pedagogical approaches to ensure that they are reflective of the diverse fabric of society. This paper also addresses the challenges associated with implementing inclusive educational practices and offers practical strategies for overcoming barriers. It advocates for collaborative efforts between educational institutions, policymakers, and communities to create a supportive ecosystem that promotes diversity and unity. Mr. Amit Adhikari | Madhumita Teli | Gopal Adhikari "Educational Unity: Embracing Diversity for a Stronger Society" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-8 | Issue-1 , February 2024, URL: https://www.ijtsrd.com/papers/ijtsrd64525.pdf Paper Url: https://www.ijtsrd.com/humanities-and-the-arts/education/64525/educational-unity-embracing-diversity-for-a-stronger-society/mr-amit-adhikari
Integration of Indian Indigenous Knowledge System in Management Prospects and...ijtsrd
The diversity of indigenous knowledge systems in India is vast and can vary significantly between different communities and regions. Preserving and respecting these knowledge systems is crucial for maintaining cultural heritage, promoting sustainable practices, and fostering cross cultural understanding. In this paper, an overview of the prospects and challenges associated with incorporating Indian indigenous knowledge into management is explored. It is found that IIKS helps in management in many areas like sustainable development, tourism, food security, natural resource management, cultural preservation and innovation, etc. However, IIKS integration with management faces some challenges in the form of a lack of documentation, cultural sensitivity, language barriers legal framework, etc. Savita Lathwal "Integration of Indian Indigenous Knowledge System in Management: Prospects and Challenges" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-8 | Issue-1 , February 2024, URL: https://www.ijtsrd.com/papers/ijtsrd63500.pdf Paper Url: https://www.ijtsrd.com/management/accounting-and-finance/63500/integration-of-indian-indigenous-knowledge-system-in-management-prospects-and-challenges/savita-lathwal
DeepMask Transforming Face Mask Identification for Better Pandemic Control in...ijtsrd
The COVID 19 pandemic has highlighted the crucial need of preventive measures, with widespread use of face masks being a key method for slowing the viruss spread. This research investigates face mask identification using deep learning as a technological solution to be reducing the risk of coronavirus transmission. The proposed method uses state of the art convolutional neural networks CNNs and transfer learning to automatically recognize persons who are not wearing masks in a variety of circumstances. We discuss how this strategy improves public health and safety by providing an efficient manner of enforcing mask wearing standards. The report also discusses the obstacles, ethical concerns, and prospective applications of face mask detection systems in the ongoing fight against the pandemic. Dilip Kumar Sharma | Aaditya Yadav "DeepMask: Transforming Face Mask Identification for Better Pandemic Control in the COVID-19 Era" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-8 | Issue-1 , February 2024, URL: https://www.ijtsrd.com/papers/ijtsrd64522.pdf Paper Url: https://www.ijtsrd.com/engineering/electronics-and-communication-engineering/64522/deepmask-transforming-face-mask-identification-for-better-pandemic-control-in-the-covid19-era/dilip-kumar-sharma
Streamlining Data Collection eCRF Design and Machine Learningijtsrd
Efficient and accurate data collection is paramount in clinical trials, and the design of Electronic Case Report Forms eCRFs plays a pivotal role in streamlining this process. This paper explores the integration of machine learning techniques in the design and implementation of eCRFs to enhance data collection efficiency. We delve into the synergies between eCRF design principles and machine learning algorithms, aiming to optimize data quality, reduce errors, and expedite the overall data collection process. The application of machine learning in eCRF design brings forth innovative approaches to data validation, anomaly detection, and real time adaptability. This paper discusses the benefits, challenges, and future prospects of leveraging machine learning in eCRF design for streamlined and advanced data collection in clinical trials. Dhanalakshmi D | Vijaya Lakshmi Kannareddy "Streamlining Data Collection: eCRF Design and Machine Learning" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-8 | Issue-1 , February 2024, URL: https://www.ijtsrd.com/papers/ijtsrd63515.pdf Paper Url: https://www.ijtsrd.com/biological-science/biotechnology/63515/streamlining-data-collection-ecrf-design-and-machine-learning/dhanalakshmi-d
Temple of Asclepius in Thrace. Excavation resultsKrassimira Luka
The temple and the sanctuary around were dedicated to Asklepios Zmidrenus. This name has been known since 1875 when an inscription dedicated to him was discovered in Rome. The inscription is dated in 227 AD and was left by soldiers originating from the city of Philippopolis (modern Plovdiv).
Walmart Business+ and Spark Good for Nonprofits.pdfTechSoup
"Learn about all the ways Walmart supports nonprofit organizations.
You will hear from Liz Willett, the Head of Nonprofits, and hear about what Walmart is doing to help nonprofits, including Walmart Business and Spark Good. Walmart Business+ is a new offer for nonprofits that offers discounts and also streamlines nonprofits order and expense tracking, saving time and money.
The webinar may also give some examples on how nonprofits can best leverage Walmart Business+.
The event will cover the following::
Walmart Business + (https://business.walmart.com/plus) is a new shopping experience for nonprofits, schools, and local business customers that connects an exclusive online shopping experience to stores. Benefits include free delivery and shipping, a 'Spend Analytics” feature, special discounts, deals and tax-exempt shopping.
Special TechSoup offer for a free 180 days membership, and up to $150 in discounts on eligible orders.
Spark Good (walmart.com/sparkgood) is a charitable platform that enables nonprofits to receive donations directly from customers and associates.
Answers about how you can do more with Walmart!"
This presentation was provided by Rebecca Benner, Ph.D., of the American Society of Anesthesiologists, for the second session of NISO's 2024 Training Series "DEIA in the Scholarly Landscape." Session Two: 'Expanding Pathways to Publishing Careers,' was held June 13, 2024.
Leveraging Generative AI to Drive Nonprofit InnovationTechSoup
In this webinar, participants learned how to utilize Generative AI to streamline operations and elevate member engagement. Amazon Web Service experts provided a customer specific use cases and dived into low/no-code tools that are quick and easy to deploy through Amazon Web Service (AWS.)
Gender and Mental Health - Counselling and Family Therapy Applications and In...PsychoTech Services
A proprietary approach developed by bringing together the best of learning theories from Psychology, design principles from the world of visualization, and pedagogical methods from over a decade of training experience, that enables you to: Learn better, faster!
The chapter Lifelines of National Economy in Class 10 Geography focuses on the various modes of transportation and communication that play a vital role in the economic development of a country. These lifelines are crucial for the movement of goods, services, and people, thereby connecting different regions and promoting economic activities.
Beyond Degrees - Empowering the Workforce in the Context of Skills-First.pptxEduSkills OECD
Iván Bornacelly, Policy Analyst at the OECD Centre for Skills, OECD, presents at the webinar 'Tackling job market gaps with a skills-first approach' on 12 June 2024
2. International Journal of Trend in Scientific Research and Development (IJTSRD) @ www.ijtsrd.com eISSN: 2456-6470
@ IJTSRD | Unique Paper ID – IJTSRD26727 | Volume – 3 | Issue – 5 | July - August 2019 Page 1629
III. ATTACKERS AND VULUNERABILITIES
To plan and implement a good security strategy, first be
aware of some of the issues which determined, motivated
attackers exploit to compromise systems. But before
detailing theseissues,theterminologyused whenidentifying
an attacker must be defined (Virus,worms Trojans,Spyware,
Backdoors and so on) [7].
A. Virus
A virus is a computer program that can spread across
computers and networks by making copies of itself, usually
without the user’s knowledge. Viruses can have harmful
effects. These can range from displaying irritating messages
to stealing data or giving other users control over your
computer. A virus program has to be run before it can infect
your computer. They can attach themselves to other
programs or hide in code that is run automaticallywhenyou
open certain types of file. Sometimes they can exploit
security flaws in your computer’s operating system to run
and to spread them automatically. Viruses used to play
pranks or stop your computer working, but now they
compromise security in more insidious ways [7].
B. Worms
A worm is a program that propagates across a network by
exploiting security awes of machines in thenetwork.Thekey
difference between a worm and a virus is that a worm is
autonomous. That is, the spread of active worms does not
need any human interaction. As a result, active worms can
spread in as fast as a few minutes. The propagation of active
worms enables one to control millions of hosts by launching
DDoS attacks, accessing confidential information, and
destroying or corrupting valuable data [7].
C. Spyware
Spyware is software that enables advertisers to gather
information about a computer user’s habits. Spyware
programs are not viruses but they can have undesirable
effects. You can get spyware on your computer when you
visit certain websites. The spyware then runs on the
computer, tracking your activity and reports it to others,
such as advertisers. Spyware also uses memory and
processing capacity, and can slow or crash the computer [7].
D. Trojans
A Trojan horse, or Trojan, is a non-self-replicating type of
malware which appears to perform a desirable function but
instead facilitates unauthorized access to the user’s
computer system. Trojans do not attempt to inject
themselves into other files like a computer virus. Trojan
horses may steal information, or harm their host computer
systems. Trojans may use drive-by downloads or install via
online games or internet-driven applications in order to
reach target computers. The term is derived from theTrojan
Horse story in Greek mythology because Trojan horses
employ a formof “social engineering,”presentingthemselves
as harmless, useful gifts, in order to persuade victims to
install them on their computers [7].
E. Backdoors
A backdoor is an unusual way which an attacker can useit to
get into the system. Normal users use login boxes and
password protected ways to use the system. Even system
administrator may add some securityfeaturestothissystem
to make it more protect, but the attacker can easily use
installed backdoor to get into system without any password
or authenticating. Most of attackers like to protect their
backdoor on victim system. They do not like that some
another attacker use the samevulnerabilitytogetintovictim
system and change theirconfigurations. Although thesystem
could be in a company and somebody else use that for
working, but attacker is the owner of system and can install
any application or use stored infractions which is exists on
that system.
Sometimes attacker makes a very secure backdoor even
much safer than normal way to get into system. A normal
user may use only one password for using the system but a
backdoor may needs many authentications or SSH layer to
let attacker use the system. Usually it is hardertogetintothe
victim system from installed backdoor in compare with
normal logging in [7].
IV. CLIENT-SERVER NETWORK
Generally, a client-server system is composed of several
components as shown in Fig. 1. These components closely
reflect the various services such as a client downloads
confidential information from the server, update and then
store theses information to the server. Additionally, a
component is usually implemented as a client-server
application that employs a request-reply protocol. Client-
server architecture facilitates secure access for multiple
authorized users. These applications may be provided by
different vendors [8].
Fig.1 Client-Server network system
V. ATTACK TREE
An attack tree is a conceptual tree that represents possible
attacks on a system. Developing the tree provides a
systematic methodology to enumerate possible attacks on a
given system, and captures interdependencies between
these attacks. In this methodology, attacks are depicted as a
tree structure where the root represents the goal of the
attack, and the children nodes represent means to achieve
this goal. The tree may be represented either graphically or
in textual form.
In an attack tree, a node represents an attack that succeeds
when the node's direct children are true. Specially, node's
children form preconditions for the attack to happen. These
preconditions (children) are combined using two logical
operators: OR and AND. When combined with an OR
operator, an attack succeeds if any of the preconditions is
true. When combined with an AND operator, an attack
succeeds if all of the preconditions are true ([1], [4], [6]).
3. International Journal of Trend in Scientific Research and Development (IJTSRD) @ www.ijtsrd.com eISSN: 2456-6470
@ IJTSRD | Unique Paper ID – IJTSRD26727 | Volume – 3 | Issue – 5 | July - August 2019 Page 1630
VI. MODELING THE ATTACK TREE FOR PROPOSED
NETWORK
Each tree has a root note that represents the attacker’s goal,
and the leaf nodes represent different paths to theroot,each
child node represents the steps an attacker can take.
Modeling the attack tree involves associating a logical AND
and a logical OR with each node ([1], [4]). In essence, a node
of an attack tree can be decomposed into an AND or an OR
node. An AND node or an OR node decomposition can be
represented in graphical or textual formats. Both the AND
and the OR decomposition can be represented in graphical
or textual format as shown in (Fig. 2 and Fig. 3).
There are possible 128 scenarios help the user how to
prepare and prevent their confidentialinformationinClient-
Server against form attackers according to(Fig.2 andFig.3).
[GS11, GS21, GS31, GS41, GS51, GS61], [GS11, GS21, GS31,
GS41, GS51, GS62], [GS11, GS21, GS31, GS41, GS52, GS61],
[GS11, GS21, GS31, GS41, GS52, GS62], [GS11, GS21, GS31,
GS42, GS51, GS61], [GS11, GS21, GS31, GS42, GS51, GS62],
[GS11, GS21, GS31, GS42, GS52, GS61], [GS11, GS21, GS31,
GS42, GS52, GS62], [GS11, GS21, GS32, GS41, GS51, GS61],
[GS11, GS21, GS32, GS41, GS51, GS62], [GS11, GS21, GS32,
GS41, GS52, GS61], [GS11, GS21, GS32, GS41, GS51, GS62],
[GS11, GS21, GS32, GS42, GS51, GS61], [GS11, GS21, GS32,
GS42, GS51, GS62], [GS11, GS21, GS32, GS42, GS52, GS61],
[GS11, GS21, GS32, GS42, GS52, GS62], [GS11, GS21, GS331,
GS332, GS41, GS51, GS61], [GS11, GS21,GS331, GS332,GS41,
GS51, GS62], [GS11, GS21, GS331, GS332, GS41, GS52,GS61],
[GS11, GS21, GS331, GS332, GS41, GS52, GS62], [GS11,GS21,
GS331, GS332, GS42, GS51, GS61], [GS11, GS21, GS331,
GS332, GS42, GS51, GS62], [GS11, GS21,GS331, GS332,GS42,
GS52, GS61], [GS11, GS21, GS331, GS332, GS42, GS52,GS62],
[GS11, GS22, GS31, GS41, GS51, GS61], [GS11, GS21, GS31,
GS41, GS51, GS62], [GS11, GS22, GS31, GS41, GS52, GS61],
[GS11, GS21, GS31, GS41, GS52, GS62], [GS11, GS22, GS31,
GS42, GS51, GS61], [GS11, GS21, GS31, GS42, GS51, GS62],
[GS11, GS22, GS31, GS42, GS52, GS61], [GS11, GS21, GS31,
GS42, GS52, GS62], [GS11, GS22, GS32, GS41, GS51, GS61],
[GS11, GS21, GS32, GS41, GS51, GS62], [GS11, GS22, GS32,
GS41, GS52, GS61], [GS11, GS21, GS32, GS41, GS51, GS62],
[GS11, GS22, GS32, GS42, GS51, GS61], [GS11, GS21, GS32,
GS42, GS51, GS62], [GS11, GS22, GS32, GS42, GS52, GS61],
[GS11, GS21, GS32, GS42, GS52, GS62], [GS11, GS22, GS331,
GS332, GS41, GS51, GS61], [GS11, GS21,GS331, GS332,GS41,
GS51, GS62], [GS11, GS22, GS331, GS332, GS41, GS52,GS61],
[GS11, GS21, GS331, GS332, GS41, GS52, GS62], [GS11,GS22,
GS331, GS332, GS42, GS51, GS61], [GS11, GS21, GS331,
GS332, GS42, GS51, GS62], [GS11, GS22,GS331, GS332,GS42,
GS52, GS61], [GS11, GS21, GS331, GS332, GS42, GS52,GS62],
[GS121, GS122, GS21, GS31, GS41, GS51, GS61], [GS121,
GS122, GS21, GS31, GS41, GS51,GS62], [GS121, GS122,GS21,
GS31, GS41, GS52, GS61], [GS121, GS122, GS21, GS31, GS41,
GS52, GS62], [GS121, GS122, GS21, GS31, GS42, GS51,GS61],
[GS121, GS122, GS21, GS31, GS42, GS51, GS62], [GS121,
GS122, GS21, GS31, GS42, GS52,GS61], [GS121, GS122,GS21,
GS31, GS42, GS52, GS62], [GS121, GS122, GS21, GS32, GS41,
GS51, GS61], [GS121, GS122, GS21, GS32, GS41, GS51,GS62],
[GS121, GS1221, GS21, GS32, GS41, GS52, GS61], [GS121,
GS122, GS21, GS32, GS41, GS51,GS62], [GS121, GS122,GS21,
GS32, GS42, GS51, GS61], [GS121, GS122, GS21, GS32, GS42,
GS51, GS62], [GS121, GS122, GS21, GS32, GS42, GS52,GS61],
[GS121, GS122, GS21, GS32, GS42, GS52, GS62], [GS121,
GS122, GS21, GS331, GS332, GS41, GS51, GS61], [GS121,
GS122, GS21, GS331, GS332, GS41, GS51, GS62], [GS121,
GS122, GS21, GS331, GS332, GS41, GS52, GS61], [GS121,
GS122, GS21, GS331, GS332, GS41, GS52, GS62], [GS121,
GS122, GS21, GS331, GS332, GS42, GS51, GS61], [GS121,
GS122, GS21, GS331, GS332, GS42, GS51, GS62], [GS121,
GS122, GS21, GS331, GS332, GS42, GS52, GS61], [GS121,
GS122, GS21, GS331, GS332, GS42, GS52, GS62], [GS121,
GS122, GS22, GS31, GS41, GS51, GS61],[GS121, GS122,GS21,
GS31, GS41, GS51, GS62], [GS121, GS122, GS22, GS31, GS41,
GS52, GS61], [GS121, GS122, GS21, GS31, GS41, GS52,GS62],
[GS121, GS122, GS22, GS31, GS42, GS51, GS61], [GS121,
GS122, GS21, GS31, GS42, GS51, GS62],[GS121, GS122,GS22,
GS31, GS42, GS52, GS61], [GS121, GS122, GS21, GS31, GS42,
GS52, GS62], [GS121, GS122, GS22, GS32, GS41, GS51,GS61],
[GS121, GS122, GS21, GS32, GS41, GS51, GS62], [GS121,
GS122, GS22, GS32, GS41, GS52, GS61], [GS121, GS122,GS21,
GS32, GS41, GS51, GS62], [GS121, GS122, GS22, GS32, GS42,
GS51, GS61], [GS121, GS122, GS21, GS32, GS42, GS51,
GS62],[GS121, GS122, GS22, GS32, GS42, GS52, GS61],
[GS121, GS122, GS21, GS32, GS42, GS52, GS62], [GS121,
GS122, GS22, GS331, GS332, GS41, GS51, GS61], [GS121,
GS122, GS21, GS331, GS332, GS41, GS51, GS62], [GS121,
GS122, GS22, GS331, GS332, GS41, GS52, GS61], [GS121,
GS122, GS21, GS331, GS332, GS41, GS52, GS62], [GS121,
GS122, GS22, GS331, GS332, GS42, GS51, GS61], [GS121,
GS122, GS21, GS331, GS332, GS42, GS51, GS62], [GS121,
GS122, GS22, GS331, GS332, GS42, GS52, GS61], [GS121,
GS122, GS21, GS331, GS332, GS42, GS52, GS62],
[GC1, GC2, GC31, GC41, GC5, GC6, GC71], [GC1, GC2, GC31,
GC41, GC5, GC6, GC72], [GC1, GC2, GC31, GC42, GC5, GC6,
GC71], [GC1, GC2, GC31, GC42, GC5, GC6, GC72], [GC1, GC2,
GC31, GC431, GC432, GC5, GC6, GC71], [GC1, GC2, GC31,
GC431, GC432, GC5, GC6, GC72], [GC1,GC2, GC32,GC41,GC5,
GC6, GC71], [GC1, GC2, GC31, GC41, GC5, GC6, GC72], [GC1,
GC2, GC32, GC42, GC5, GC6, GC71], [GC1, GC2, GC31, GC42,
GC5, GC6, GC72], [GC1, GC2, GC32, GC431, GC432, GC5, GC6,
GC71], [GC1, GC2, GC31, GC431, GC432, GC5, GC6, GC72],
[GC1, GC2, GC33, GC41, GC5, GC6, GC71], [GC1, GC2, GC31,
GC41, GC5, GC6, GC72], [GC1, GC2, GC33, GC42, GC5, GC6,
GC71], [GC1, GC2, GC31, GC42, GC5, GC6, GC72], [GC1, GC2,
GC33, GC431, GC432, GC5, GC6, GC71], [GC1, GC2, GC31,
GC431, GC432, GC5, GC6, GC72], [GC1,GC2, GC34,GC41,GC5,
GC6, GC71], [GC1, GC2, GC31, GC41, GC5, GC6, GC72], [GC1,
GC2, GC34, GC42, GC5, GC6, GC71], [GC1, GC2, GC31, GC42,
GC5, GC6, GC72], [GC1, GC2, GC34, GC431, GC432, GC5, GC6,
GC71], [GC1, GC2, GC31, GC431, GC432, GC5, GC6, GC72]
[GN11, GN12, GN21, GN31, GN41], [GN11, GN12, GN21,
GN31, GN421, GN422], [GN11, GN12, GN21, GN32, GN41],
[GN11, GN12, GN21, GN32, GN421, GN422], [GN11, GN12,
GN22, GN31, GN41], [GN11, GN12, GN21, GN31, GN421,
GN422], [GN11, GN12, GN22, GN32, GN41], [GN11, GN12,
GN21, GN32, GN421, GN422]
A. Attacker goals
As a first step in developing the attack tree, we need to
specify attacker goals. The main goal is to break and access
confidential information in server, which isthendivided into
the following sub-goals:
Compromise Client
Compromise Server
Compromise Network
4. International Journal of Trend in Scientific Research and Development (IJTSRD) @ www.ijtsrd.com eISSN: 2456-6470
@ IJTSRD | Unique Paper ID – IJTSRD26727 | Volume – 3 | Issue – 5 | July - August 2019 Page 1631
An attacker most likely would target the visible components
of the system; namely the client(s), the server(s) or the
network.
The identified attacker goals arefurtherelaborated resulting
in the attack tree shown in Figure 1. The tree comprises 128
attacks where some are technical and some are not. For
instance, performing man-in-the-middle attack requires
technical knowledge, while social engineeringdoesnot. This
demonstrates the flexibility of attack trees in representing
different types of attacks. In some respect, the confidential
information in Client-Server system is the main assets ofthe
system. Technically, security means ensuring their
confidentiality, integrity, and availability. These three key
principles of informationsecurityareimplicitlyembedded in
the proposed attack tree. For instance, compromising the
network may result from either eavesdropping traffic,
modifying or injecting traffic, or making the network
unavailable. These network attackscorrespondtobreaching
confidentiality, integrity, and availability respectively.
In this system, clients are probably the most visible parts of
the system. They also play the key role of viewing, entering
and modifying information. Also, as more clients download
the confidential information in Server, and then update
information and upload/store to Server. Sometimes clients
forget to delete the updated information in their computers.
Therefore, they are expected to be attacked the most. As
listed in the attack tree, some attacks can be as simple as
shoulder surfing. Consideringalltheattacks,compromisinga
server is probably the most serious attack. Damages to the
system may include exposing, altering and/or destroying
confidential information. From an attacker viewpoint,
however, it is probably the most rewarding attack. In
particular, gaining a remote accessgrantsacomplete control
of the entire system. Compromising the network is yet
another attractive goal. Two factors are helping in this
regard. One is the vulnerability of wireless technologies. The
second is share data among clients’ machines. Both factors
give an attacker more chances to attempt eavesdropping,
modifying or injecting confidentialinformation([2],[3], [6]).
B. Protecting Confidential Information
Viruses infect and damage unsuspecting computers, so it is
vital to take preventive steps. To avoid virus infection,
needed to do following:
Develop a virus protection plan
Identify the entry points for virus
Specify responsibilities and authority
Describe the installation and use of antivirus tools
Install antivirus and data integrity software
Scan ,update and upgrade automatically
Backup your data regularly
Consider every disk, program and email attachmentasa
threat
Use caution when download files from the internet
Be aware of virus hoaxes
Educate users
C. Attack Tree Refinement
As shown in the flow chart of Fig. 4, an attack tree can be
refined from the root node compromise as a combination of
manual extensions and pattern applications. Manual
extensions depend greatly on the security expertise of the
person developing the attack tree. Pattern application also
depends on such expertise, but to a lesser extent. Some of
this security expertise is built into an attack pattern library.
Henceforth, we assume such a library already exists.
A good attack pattern library provides a setof attackprofiles
that are rich enough to characterize the attacks that may
take place on a broad range of enterprise architectures.
Refining a particular enterprise’s attack tree involves first
finding those attack profiles that are consistent with the
enterprise architecture. The developer searches the attack
patterns of consistent attack profiles for a refinement of an
attack path contained in the enterprise attack tree. Once
found, the developer can appropriatelyinstantiate and apply
the attack pattern to extend the enterprise attack tree. This
process of pattern application intermixed with manual
extension continues until the attack tree is sufficiently
refined.
Fig.4 Attack tree refinement process
VII. CONCLUSION
Every business company needs assurance that their
confidential dataandinformationareprotected fromcurrent
and future attacks. Additionally, the promising benefits of
adopting the client-server systems will be greatly affected
should their security is compromised. A tool like attack tree
can prove effective in enumeratingsuch attacks(technicalor
non-technical). It can be used to account for different types
of attacks that threaten complex systems such client-server
systems. Early attacks analysis would help in planning for
countermeasures, and would greatly reduce the impacts of
these attacks.
References
[1] Amenaza Technologies Limited, Creating Secure
Systems through Attack Tree Modeling, 10 June 2003
[2] Andrew P. Moore, Robert J. Ellison,Richard C. Linger,
Attack Modeling for Information Security and
Survivability, March 2001
[3] Arpan Roy,Dong Seong Kim,Cyber Security Analysis
using Attack Countermeasure Trees.
[4] BRUCE SCHNIER, Attack Tree, 8 October 1999
[5] Eric J. Byres, The Use of Attack Trees in Assessing
Vulnerabilities in SCADA Systems, Group for Advanced
Information Technology, British Columbia Institute of
Technology.
[6] Schneier, B., Attack Trees: Modeling Security Threats,
Dr.Dobb’s Journal, December 1999.
[7] http://en.wikipedia.org/wiki/Computer_virus
[8] http://www.functionx.com/networking/Lesson06.htm
5. International Journal of Trend in Scientific Research and Development (IJTSRD) @ www.ijtsrd.com eISSN: 2456-6470
@ IJTSRD | Unique Paper ID – IJTSRD26727 | Volume – 3 | Issue – 5 | July - August 2019 Page 1632
GOAL: (G0) Gain Confidential Information in Client-Server
OR GS0.Compromise Server
OR GS1.Grain remote access
GS11.Use default user name/password
AND GS12.Use exploit
GS121.Find open port
GS122.Identify working exploit
OR GS2.Gain local access
GS21.Gain physical access
GS22.Obtain administrator username/password
OR GS3.Make Server slow or unavailable
GS31.Flood with traffic
GS32.Flood with requeset
AND GS33.Destroy or steal server
GS331.Gain physical access
GS332.Use suitable tool
OR GS4.Determine Server’s Firewall access control
GS41.Search for specific default listing ports
GS42.Scan ports broadly for any listening ports
OR GS5.Identifing Server’s OS and type
GS51.Scan OS services banners for OS characteristic information
GS52.Probe TCP/IP stack for OS characteristic information
OR GS6.Exploit store’s server vulnerabilities
GS61.Acces confidential information in database directly
GS62.Access confidential information in database breaking the
password OR GC0.Compromise Client
OR GC1.Shoulder surfing
OR GC2.Use unattended logged-on client
OR GC3.Obtain administrator username/password
GC31.Social engineering
GC32.Network interception
GC33.Key-logging
GC34.Phishing emails
OR GC4.Infect with malware
GC41.Deliver malware through Email. attachment
GC42.Lure into visiting a malicious website
AND GC43.Run infected programs
GC431.Gain local access
GC432.Obtain valid username/password
OR GC5.Steal Client if portable
OR GC6.Destroy Client
OR GC7.Exploit Client vulnerabilities
GC71.Access share confidential resource directly
GC72.Share access confidential resource from privileged account
OR GN0.Compromise Network
AND GN1.Eaverdrop traffic
GN11.Capture packets
GN12.Decode traffic
OR GN2.Modify or inject traffic
GN21.Perform man-in-middle attack
GN22.Perform replay attack
OR GN3.Make network unavailable
GN31.Cut network cables
GN32.Destroy wireless access points
OR GN4.Get network address
GN41.Directly access via Ethernet
OR GN42.Access via wireless channel
GN421.Directly access by open channel
GN422. Break WEP password using BruceForce Technique
Fig. 2 Textual description for Client-Server attack tree
6. International Journal of Trend in Scientific Research and Development (IJTSRD) @ www.ijtsrd.com eISSN: 2456-6470
@ IJTSRD | Unique Paper ID – IJTSRD26727 | Volume – 3 | Issue – 5 | July - August 2019 Page 1633
Fig.3 Graphical representation of an attack tree described in Fig.2