This document discusses using a Bayesian Belief Network (BBN) to analyze malware risk on a university campus network. It begins by introducing the campus network monitoring tools and SIR epidemiological model used to model malware propagation. It then provides background on BBN principles, including defining nodes, conditional probabilities, and using the network to compute joint probabilities. The document proposes applying a BBN to assess malware prevalence risk by relating threat, vulnerability, and cost impact on network assets. It aims to provide understandable risk assessments to inform decision making.
Classification of Malware Attacks Using Machine Learning In Decision TreeCSCJournals
Predicting cyberattacks using machine learning has become imperative since cyberattacks have increased exponentially due to the stealthy and sophisticated nature of adversaries. To have situational awareness and achieve defence in depth, using machine learning for threat prediction has become a prerequisite for cyber threat intelligence gathering. Some approaches to mitigating malware attacks include the use of spam filters, firewalls, and IDS/IPS configurations to detect attacks. However, threat actors are deploying adversarial machine learning techniques to exploit vulnerabilities. This paper explores the viability of using machine learning methods to predict malware attacks and build a classifier to automatically detect and label an event as “Has Detection or No Detection”. The purpose is to predict the probability of malware penetration and the extent of manipulation on the network nodes for cyber threat intelligence. To demonstrate the applicability of our work, we use a decision tree (DT) algorithms to learn dataset for evaluation. The dataset was from Microsoft Malware threat prediction website Kaggle. We identify probably cyberattacks on smart grid, use attack scenarios to determine penetrations and manipulations. The results show that ML methods can be applied in smart grid cyber supply chain environment to detect cyberattacks and predict future trends.
Vulnerability Analysis of 802.11 Authentications and Encryption Protocols: CV...AM Publications
This paper analysis vulnerability of known attacks on WLAN cipher suite, authentication mechanisms and credentials using common vulnerability scoring system (CVSS).
Invesitigation of Malware and Forensic Tools on Internet IJECEIAES
Malware is an application that is harmful to your forensic information. Basically, malware analyses is the process of analysing the behaviours of malicious code and then create signatures to detect and defend against it.Malware, such as Trojan horse, Worms and Spyware severely threatens the forensic security. This research observed that although malware and its variants may vary a lot from content signatures, they share some behaviour features at a higher level which are more precise in revealing the real intent of malware. This paper investigates the various techniques of malware behaviour extraction and analysis. In addition, we discuss the implications of malware analysis tools for malware detection based on various techniques.
The FireEye Advanced Threat Report is based on research and trend analysis conducted by the FireEye Malware Intelligence Labs providing insights to the most current threat landscapes.
Secure intrusion detection and countermeasure selection in virtual system usi...eSAT Publishing House
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology
An Empirical Study on the Security Measurements of Websites of Jordanian Publ...CSCJournals
Most of the Jordanian universities’ inquiries systems, i.e. educational, financial, administrative, and research systems are accessible through their campus networks. As such, they are vulnerable to security breaches that may compromise confidential information and expose the universities to losses and other risks. At Jordanian universities, security is critical to the physical network, computer operating systems, and application programs and each area has its own set of security issues and risks. This paper presents a comparative study on the security systems at the Jordanian universities from the viewpoint of prevention and intrusion detection. Robustness testing techniques are used to assess the security and robustness of the universities’ online services. In this paper, the analysis concentrates on the distribution of vulnerability categories and identifies the mistakes that lead to a severe type of vulnerability. The distribution of vulnerabilities can be used to avoid security flaws and mistakes.
Classification of Malware Attacks Using Machine Learning In Decision TreeCSCJournals
Predicting cyberattacks using machine learning has become imperative since cyberattacks have increased exponentially due to the stealthy and sophisticated nature of adversaries. To have situational awareness and achieve defence in depth, using machine learning for threat prediction has become a prerequisite for cyber threat intelligence gathering. Some approaches to mitigating malware attacks include the use of spam filters, firewalls, and IDS/IPS configurations to detect attacks. However, threat actors are deploying adversarial machine learning techniques to exploit vulnerabilities. This paper explores the viability of using machine learning methods to predict malware attacks and build a classifier to automatically detect and label an event as “Has Detection or No Detection”. The purpose is to predict the probability of malware penetration and the extent of manipulation on the network nodes for cyber threat intelligence. To demonstrate the applicability of our work, we use a decision tree (DT) algorithms to learn dataset for evaluation. The dataset was from Microsoft Malware threat prediction website Kaggle. We identify probably cyberattacks on smart grid, use attack scenarios to determine penetrations and manipulations. The results show that ML methods can be applied in smart grid cyber supply chain environment to detect cyberattacks and predict future trends.
Vulnerability Analysis of 802.11 Authentications and Encryption Protocols: CV...AM Publications
This paper analysis vulnerability of known attacks on WLAN cipher suite, authentication mechanisms and credentials using common vulnerability scoring system (CVSS).
Invesitigation of Malware and Forensic Tools on Internet IJECEIAES
Malware is an application that is harmful to your forensic information. Basically, malware analyses is the process of analysing the behaviours of malicious code and then create signatures to detect and defend against it.Malware, such as Trojan horse, Worms and Spyware severely threatens the forensic security. This research observed that although malware and its variants may vary a lot from content signatures, they share some behaviour features at a higher level which are more precise in revealing the real intent of malware. This paper investigates the various techniques of malware behaviour extraction and analysis. In addition, we discuss the implications of malware analysis tools for malware detection based on various techniques.
The FireEye Advanced Threat Report is based on research and trend analysis conducted by the FireEye Malware Intelligence Labs providing insights to the most current threat landscapes.
Secure intrusion detection and countermeasure selection in virtual system usi...eSAT Publishing House
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology
An Empirical Study on the Security Measurements of Websites of Jordanian Publ...CSCJournals
Most of the Jordanian universities’ inquiries systems, i.e. educational, financial, administrative, and research systems are accessible through their campus networks. As such, they are vulnerable to security breaches that may compromise confidential information and expose the universities to losses and other risks. At Jordanian universities, security is critical to the physical network, computer operating systems, and application programs and each area has its own set of security issues and risks. This paper presents a comparative study on the security systems at the Jordanian universities from the viewpoint of prevention and intrusion detection. Robustness testing techniques are used to assess the security and robustness of the universities’ online services. In this paper, the analysis concentrates on the distribution of vulnerability categories and identifies the mistakes that lead to a severe type of vulnerability. The distribution of vulnerabilities can be used to avoid security flaws and mistakes.
A Behavior Based Intrusion Detection System Using Machine Learning AlgorithmsCSCJournals
Humans are consistently referred to as the weakest link in information security. Human factors such as individual differences, cognitive abilities and personality traits can impact on behavior and play a significant role in information security. The purpose of this study is to identify, describe and classify the human factors affecting Information Security and develop a model to reduce the risk of insider misuse and assess the use and performance of the best-suited artificial intelligence techniques in detection of misuse. More specifically, this study provides a comprehensive view of the human related information security risks and threats, classification study of the human related threats in information security, a methodology developed to reduce the risk of human related threats by detecting insider misuse by a behavior-based intrusion detection system using machine learning algorithms, and the comparison of the numerical experiments for analysis of this approach. Specifically, by using the machine learning algorithm with the best learning performance, the detection rates of the attack types defined in the organized five dimensional human threats taxonomy were determined. Lastly, the possible human factors affecting information security as linked to the detection rates were sorted upon the evaluation of the taxonomy.
A SURVEY ON MALWARE DETECTION AND ANALYSIS TOOLSIJNSA Journal
The huge amounts of data and information that need to be analyzed for possible malicious intent are one of the big and significant challenges that the Web faces today. Malicious software, also referred to as malware developed by attackers, is polymorphic and metamorphic in nature which can modify the code as it spreads. In addition, the diversity and volume of their variants severely undermine the effectiveness of traditional defenses that typically use signature-based techniques and are unable to detect malicious executables previously unknown. Malware family variants share typical patterns of behavior that indicate their origin and purpose. The behavioral trends observed either statically or dynamically can be manipulated by using machine learning techniques to identify and classify unknown malware into their established families. This survey paper gives an overview of the malware detection and analysis techniques and tools.
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise21CT Inc.
In this security insight brief, 21CT researchers look at the malicious network behaviors that concern organizations the most, and how to use security analytics to find them before damage is done. Understanding these 12 indicators of compromise are critical to identifying a network breach.
Optimised malware detection in digital forensicsIJNSA Journal
On the Internet, malware is one of the most serious threats to system security. Most complex issues and
problems on any systems are caused by malware and spam. Networks and systems can be accessed and
compromised by malware known as botnets, which compromise other systems through a coordinated
attack. Such malware uses anti-forensic techniques to avoid detection and investigation. To prevent systems
from the malicious activity of this malware, a new framework is required that aims to develop an optimised
technique for malware detection. Hence, this paper demonstrates new approaches to perform malware
analysis in forensic investigations and discusses how such a framework may be developed.
With the development and rapid growth in IT infrastructure, malicious code attacks are considered as the
main threat to cybersecurity. Malicious JavaScript’s which are intentionally crafted by the attackers inside the web page
over the web as an emerging security issue affecting millions of users. In past few years, a number of studies have been
conducted based on machine learning for detection of malicious JavaScript code attacks has demonstrated a poor
detection accuracy and increased performance overheads. In this paper, an effective interceptor approach for detection of
multivariate and novel malicious JavaScript’s based on deep learning is proposed and evaluated. Hybrid feature set based
on static and dynamic analysis were used. The dataset which was used in this study consists of 32,000 benign webpages
and 12,900 malicious pages. The experimental results show that this approach was able to detect 99.01% of new malicious
code variants.
International Journal of Computer Science and Information Security,IJCSIS ISSN 1947-5500, Pittsburgh, PA, USA
Email: ijcsiseditor@gmail.com
http://sites.google.com/site/ijcsis/
https://google.academia.edu/JournalofComputerScience
https://www.linkedin.com/in/ijcsis-research-publications-8b916516/
http://www.researcherid.com/rid/E-1319-2016
A comprehensive study on classification of passive intrusion and extrusion de...csandit
Cyber criminals compromise Integrity, Availability and Confidentiality of network resources in
cyber space and cause remote class intrusions such as U2R, R2L, DoS and probe/scan system
attacks .To handle these intrusions, Cyber Security uses three audit and monitoring systems
namely Intrusion Prevention Systems (IPS), Intrusion Detection Systems (IDS). Intrusion
Detection System (IDS) monitors only inbound traffic which is insufficient to prevent botnet
systems. A system to monitor outbound traffic is named as Extrusion Detection System (EDS).
Therefore a hybrid system should be designed to handle both inbound and outbound traffic.
Due to the increased false alarms preventive systems do not suite to an organizational network.
The goal of this paper is to devise a taxonomy for cyber security and study the existing methods
of Intrusion and Extrusion Detection systems based on three primary characteristics. The
metrics used to evaluate IDS and EDS are also presented.
Vulnerabilities detection using attack recognition technique in multi-factor ...TELKOMNIKA JOURNAL
Authentication is one of the essentials components of information security. It has become one of the most basic security requirements for network communication. Today, there is a necessity for a strong level of authentication to guarantee a significant level of security is being conveyed to the application. As such, it expedites challenging issues on security and efficiency. Security issues such as privacy and data integrity emerge because of the absence of control and authority. In addition, the bigger issue for multi-factor authentication is on the high execution time that leads to overall performance degradation. Most of existing studies related to multi-factor authentication schemes does not detect weaknesses based on user behavior. Most recent research does not look at the efficiency of the system by focusing only on improving the security aspect of authentication. Hence, this research proposes a new multi-factor authentication scheme that can withstand attacks, based on user behavior and maintaining optimum efficiency. Experiments have been conducted to evaluate this scheme. The results of the experiment show that the processing time of the proposed scheme is lower than the processing time of other schemes. This is particularly important after additional security features have been added to the scheme.
Review of Intrusion and Anomaly Detection Techniques IJMER
Intrusion detection is the act of detecting actions that attempt to compromise the
confidentiality, integrity or availability of a resource. With the tremendous growth of network-based
services and sensitive information on networks, network security is getting more and more importance
than ever. Intrusion poses a serious security threat in a huge network environment. The increasing use of
internet has dramatically added to the growing number of threats that inhabit within it. Intrusion
detection does not, in general, include prevention of intrusions. Now a days Network intrusion detection
systems have become a standard component in the area of security infrastructure. This review paper tries
to discusses various techniques which are already being used for intrusion detection.
An Improved Method for Preventing Data Leakage in an OrganizationIJERA Editor
Data is one of the most important assets an organisation has since it denes each organisations unique- ness.It
includes data on members and prospects, their inter- ests and purchases, your events, speakers, your content,
social media, press, your staff, budget, strategic plan, and much more. As organizations open their doors to
employees, part- ners, customers and suppliers to provide deeper access to sensitive information, the risk
sassociated with business increase. Now, more than ever, within creasing threats of cyber terrorism, cor- porate
governance issues, fraud, and identity theft, the need for securing corporate information has become paramount.
Informa- tion theft is not just about external hackers and unauthorized external users stealing your data, it is also
about managing internal employees and even contractors who may be working within your organization for
short periods of time. Adding to the challenge of securing information is the increasing push for corporate
governance and adherence to legislative or regulatory requirements. Failure to comply and provide privacy,
audit and internal controls could result in penalties ranging from large nes to jail terms. Non-compliance can
result in not only potential implications for executives, but also possible threats to the viability of a corporation.
Insiders too represent a sign cant risk to data security. The task of detecting malicious insiders is very
challenging as the methods of deception become more and more sophisticated. There are various solutions
present to avoid data leakage. Data leakage detection, prevention (DLPM) and monitoring solutions became an
inherent component of the organizations security suite.DLP solutions monitors sensitive data when at rest, in
motion, or in use and enforce the organizational data protection policy.These solutions focus mainly on the data
and its sensitivity level, and on preventing it from reaching an unauthorized person. They ignore the fact that an
insider is gradually exposed to more and more sensitive data,to which she is authorized to access. Such data
may cause great damage to the organization when leaked or misused. Data can be leaked via emails, instant
messaging, le transfer etc. This research is focusing on email data leakage monitoring, detection and
prevention. It is proposed to be carried out in two phases: leakage detection through mining and prevention
through encryption of email content.
COMPARISON OF MALWARE CLASSIFICATION METHODS USING CONVOLUTIONAL NEURAL NETWO...IJNSA Journal
Malicious software is constantly being developed and improved, so detection and classification of malwareis an ever-evolving problem. Since traditional malware detection techniques fail to detect new/unknown malware, machine learning algorithms have been used to overcome this disadvantage. We present a Convolutional Neural Network (CNN) for malware type classification based on the API (Application Program Interface) calls. This research uses a database of 7107 instances of API call streams and 8 different malware types:Adware, Backdoor, Downloader, Dropper, Spyware, Trojan, Virus,Worm. We used a 1-Dimensional CNN by mapping API calls as categorical and term frequency-inverse document frequency (TF-IDF) vectors and compared the results to other classification techniques.The proposed 1-D CNN outperformed other classification techniques with 91% overall accuracy for both categorical and TF-IDF vectors.
NETWORK INTRUSION DETECTION AND COUNTERMEASURE SELECTION IN VIRTUAL NETWORK (...ijsptm
Intrusion in a network or a system is a problem today as the trend of successful network attacks continue to
rise. Intruders can explore vulnerabilities of a network system to gain access in order to deploy some virus
or malware such as Denial of Service (DOS) attack. In this work, a frequency-based Intrusion Detection
System (IDS) is proposed to detect DOS attack. The frequency data is extracted from the time-series data
created by the traffic flow using Discrete Fourier Transform (DFT). An algorithm is developed for
anomaly-based intrusion detection with fewer false alarms which further detect known and unknown attack
signature in a network. The frequency of the traffic data of the virus or malware would be inconsistent with
the frequency of the legitimate traffic data. A Centralized Traffic Analyzer Intrusion Detection System
called CTA-IDS is introduced to further detect inside attackers in a network. The strategy is effective in
detecting abnormal content in the traffic data during information passing from one node to another and
also detects known attack signature and unknown attack. This approach is tested by running the artificial
network intrusion data in simulated networks using the Network Simulator2 (NS2) software.
Learn the unique capabilities of using indicators to deal with the security breaches and attacks in the security information and event management space. Detect and enrich the indicators using ManageEngine Log360.
Why cyber-criminals target Healthcare - Panda Security Panda Security
The healthcare industry is very technologically advanced but it also has huge security flaws, making it an easy target for cyber-criminals. If we add this to the immense amount of highly sensitive information that is managed by hospitals, pharmacies and health insurance providers, plus the high price that it could be sold for on the black market where a medical history is much more valuable than a credit card, we are able to understand how this was the most attacked industry last year.
More details:
http://www.pandasecurity.com/mediacenter/panda-security/panda-security-dissects-cyber-pandemic/
Requirement Based Intrusion Detection in Addition to Prevention Via Advanced ...journal ijrtem
An intrusion detection system (IDS) is designed to monitor all inbound and outbound network
activity and identify any suspicious patterns that may indicate a network or system attack from someone
attempting to break into or compromise a system. IDS is considered to be a passive-monitoring system, since the
main function of an IDS product is to warn you of suspicious activity taking place − not prevent them. An IDS
essentially reviews your network traffic and data and will identify probes, attacks, exploits and other
vulnerabilities. IDSs can respond to the suspicious event in one of several ways, which includes displaying an
alert, logging the event or even paging an administrator. In some cases, the IDS may be prompted to reconfigure
the network to reduce the effects of the suspicious intrusion. The proposed protocol called Password Guessing
Resistant Protocol (PGRP), helps in preventing such attacks and provides a pleasant login experience for
legitimate users. PGRP limits the number of login attempts for unknown users. In additional we propose an attack
detector for cloud spoofing that utilizes MAC (Media access Control) and RSS (Received Signal strength) analysis.
Next, we describe how we integrated our attack detector into a real-time indoor localization system, which is also
capable of localizing the positions of the attackers
http://inarocket.com
Learn BEM fundamentals as fast as possible. What is BEM (Block, element, modifier), BEM syntax, how it works with a real example, etc.
Content personalisation is becoming more prevalent. A site, it's content and/or it's products, change dynamically according to the specific needs of the user. SEO needs to ensure we do not fall behind of this trend.
A Behavior Based Intrusion Detection System Using Machine Learning AlgorithmsCSCJournals
Humans are consistently referred to as the weakest link in information security. Human factors such as individual differences, cognitive abilities and personality traits can impact on behavior and play a significant role in information security. The purpose of this study is to identify, describe and classify the human factors affecting Information Security and develop a model to reduce the risk of insider misuse and assess the use and performance of the best-suited artificial intelligence techniques in detection of misuse. More specifically, this study provides a comprehensive view of the human related information security risks and threats, classification study of the human related threats in information security, a methodology developed to reduce the risk of human related threats by detecting insider misuse by a behavior-based intrusion detection system using machine learning algorithms, and the comparison of the numerical experiments for analysis of this approach. Specifically, by using the machine learning algorithm with the best learning performance, the detection rates of the attack types defined in the organized five dimensional human threats taxonomy were determined. Lastly, the possible human factors affecting information security as linked to the detection rates were sorted upon the evaluation of the taxonomy.
A SURVEY ON MALWARE DETECTION AND ANALYSIS TOOLSIJNSA Journal
The huge amounts of data and information that need to be analyzed for possible malicious intent are one of the big and significant challenges that the Web faces today. Malicious software, also referred to as malware developed by attackers, is polymorphic and metamorphic in nature which can modify the code as it spreads. In addition, the diversity and volume of their variants severely undermine the effectiveness of traditional defenses that typically use signature-based techniques and are unable to detect malicious executables previously unknown. Malware family variants share typical patterns of behavior that indicate their origin and purpose. The behavioral trends observed either statically or dynamically can be manipulated by using machine learning techniques to identify and classify unknown malware into their established families. This survey paper gives an overview of the malware detection and analysis techniques and tools.
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise21CT Inc.
In this security insight brief, 21CT researchers look at the malicious network behaviors that concern organizations the most, and how to use security analytics to find them before damage is done. Understanding these 12 indicators of compromise are critical to identifying a network breach.
Optimised malware detection in digital forensicsIJNSA Journal
On the Internet, malware is one of the most serious threats to system security. Most complex issues and
problems on any systems are caused by malware and spam. Networks and systems can be accessed and
compromised by malware known as botnets, which compromise other systems through a coordinated
attack. Such malware uses anti-forensic techniques to avoid detection and investigation. To prevent systems
from the malicious activity of this malware, a new framework is required that aims to develop an optimised
technique for malware detection. Hence, this paper demonstrates new approaches to perform malware
analysis in forensic investigations and discusses how such a framework may be developed.
With the development and rapid growth in IT infrastructure, malicious code attacks are considered as the
main threat to cybersecurity. Malicious JavaScript’s which are intentionally crafted by the attackers inside the web page
over the web as an emerging security issue affecting millions of users. In past few years, a number of studies have been
conducted based on machine learning for detection of malicious JavaScript code attacks has demonstrated a poor
detection accuracy and increased performance overheads. In this paper, an effective interceptor approach for detection of
multivariate and novel malicious JavaScript’s based on deep learning is proposed and evaluated. Hybrid feature set based
on static and dynamic analysis were used. The dataset which was used in this study consists of 32,000 benign webpages
and 12,900 malicious pages. The experimental results show that this approach was able to detect 99.01% of new malicious
code variants.
International Journal of Computer Science and Information Security,IJCSIS ISSN 1947-5500, Pittsburgh, PA, USA
Email: ijcsiseditor@gmail.com
http://sites.google.com/site/ijcsis/
https://google.academia.edu/JournalofComputerScience
https://www.linkedin.com/in/ijcsis-research-publications-8b916516/
http://www.researcherid.com/rid/E-1319-2016
A comprehensive study on classification of passive intrusion and extrusion de...csandit
Cyber criminals compromise Integrity, Availability and Confidentiality of network resources in
cyber space and cause remote class intrusions such as U2R, R2L, DoS and probe/scan system
attacks .To handle these intrusions, Cyber Security uses three audit and monitoring systems
namely Intrusion Prevention Systems (IPS), Intrusion Detection Systems (IDS). Intrusion
Detection System (IDS) monitors only inbound traffic which is insufficient to prevent botnet
systems. A system to monitor outbound traffic is named as Extrusion Detection System (EDS).
Therefore a hybrid system should be designed to handle both inbound and outbound traffic.
Due to the increased false alarms preventive systems do not suite to an organizational network.
The goal of this paper is to devise a taxonomy for cyber security and study the existing methods
of Intrusion and Extrusion Detection systems based on three primary characteristics. The
metrics used to evaluate IDS and EDS are also presented.
Vulnerabilities detection using attack recognition technique in multi-factor ...TELKOMNIKA JOURNAL
Authentication is one of the essentials components of information security. It has become one of the most basic security requirements for network communication. Today, there is a necessity for a strong level of authentication to guarantee a significant level of security is being conveyed to the application. As such, it expedites challenging issues on security and efficiency. Security issues such as privacy and data integrity emerge because of the absence of control and authority. In addition, the bigger issue for multi-factor authentication is on the high execution time that leads to overall performance degradation. Most of existing studies related to multi-factor authentication schemes does not detect weaknesses based on user behavior. Most recent research does not look at the efficiency of the system by focusing only on improving the security aspect of authentication. Hence, this research proposes a new multi-factor authentication scheme that can withstand attacks, based on user behavior and maintaining optimum efficiency. Experiments have been conducted to evaluate this scheme. The results of the experiment show that the processing time of the proposed scheme is lower than the processing time of other schemes. This is particularly important after additional security features have been added to the scheme.
Review of Intrusion and Anomaly Detection Techniques IJMER
Intrusion detection is the act of detecting actions that attempt to compromise the
confidentiality, integrity or availability of a resource. With the tremendous growth of network-based
services and sensitive information on networks, network security is getting more and more importance
than ever. Intrusion poses a serious security threat in a huge network environment. The increasing use of
internet has dramatically added to the growing number of threats that inhabit within it. Intrusion
detection does not, in general, include prevention of intrusions. Now a days Network intrusion detection
systems have become a standard component in the area of security infrastructure. This review paper tries
to discusses various techniques which are already being used for intrusion detection.
An Improved Method for Preventing Data Leakage in an OrganizationIJERA Editor
Data is one of the most important assets an organisation has since it denes each organisations unique- ness.It
includes data on members and prospects, their inter- ests and purchases, your events, speakers, your content,
social media, press, your staff, budget, strategic plan, and much more. As organizations open their doors to
employees, part- ners, customers and suppliers to provide deeper access to sensitive information, the risk
sassociated with business increase. Now, more than ever, within creasing threats of cyber terrorism, cor- porate
governance issues, fraud, and identity theft, the need for securing corporate information has become paramount.
Informa- tion theft is not just about external hackers and unauthorized external users stealing your data, it is also
about managing internal employees and even contractors who may be working within your organization for
short periods of time. Adding to the challenge of securing information is the increasing push for corporate
governance and adherence to legislative or regulatory requirements. Failure to comply and provide privacy,
audit and internal controls could result in penalties ranging from large nes to jail terms. Non-compliance can
result in not only potential implications for executives, but also possible threats to the viability of a corporation.
Insiders too represent a sign cant risk to data security. The task of detecting malicious insiders is very
challenging as the methods of deception become more and more sophisticated. There are various solutions
present to avoid data leakage. Data leakage detection, prevention (DLPM) and monitoring solutions became an
inherent component of the organizations security suite.DLP solutions monitors sensitive data when at rest, in
motion, or in use and enforce the organizational data protection policy.These solutions focus mainly on the data
and its sensitivity level, and on preventing it from reaching an unauthorized person. They ignore the fact that an
insider is gradually exposed to more and more sensitive data,to which she is authorized to access. Such data
may cause great damage to the organization when leaked or misused. Data can be leaked via emails, instant
messaging, le transfer etc. This research is focusing on email data leakage monitoring, detection and
prevention. It is proposed to be carried out in two phases: leakage detection through mining and prevention
through encryption of email content.
COMPARISON OF MALWARE CLASSIFICATION METHODS USING CONVOLUTIONAL NEURAL NETWO...IJNSA Journal
Malicious software is constantly being developed and improved, so detection and classification of malwareis an ever-evolving problem. Since traditional malware detection techniques fail to detect new/unknown malware, machine learning algorithms have been used to overcome this disadvantage. We present a Convolutional Neural Network (CNN) for malware type classification based on the API (Application Program Interface) calls. This research uses a database of 7107 instances of API call streams and 8 different malware types:Adware, Backdoor, Downloader, Dropper, Spyware, Trojan, Virus,Worm. We used a 1-Dimensional CNN by mapping API calls as categorical and term frequency-inverse document frequency (TF-IDF) vectors and compared the results to other classification techniques.The proposed 1-D CNN outperformed other classification techniques with 91% overall accuracy for both categorical and TF-IDF vectors.
NETWORK INTRUSION DETECTION AND COUNTERMEASURE SELECTION IN VIRTUAL NETWORK (...ijsptm
Intrusion in a network or a system is a problem today as the trend of successful network attacks continue to
rise. Intruders can explore vulnerabilities of a network system to gain access in order to deploy some virus
or malware such as Denial of Service (DOS) attack. In this work, a frequency-based Intrusion Detection
System (IDS) is proposed to detect DOS attack. The frequency data is extracted from the time-series data
created by the traffic flow using Discrete Fourier Transform (DFT). An algorithm is developed for
anomaly-based intrusion detection with fewer false alarms which further detect known and unknown attack
signature in a network. The frequency of the traffic data of the virus or malware would be inconsistent with
the frequency of the legitimate traffic data. A Centralized Traffic Analyzer Intrusion Detection System
called CTA-IDS is introduced to further detect inside attackers in a network. The strategy is effective in
detecting abnormal content in the traffic data during information passing from one node to another and
also detects known attack signature and unknown attack. This approach is tested by running the artificial
network intrusion data in simulated networks using the Network Simulator2 (NS2) software.
Learn the unique capabilities of using indicators to deal with the security breaches and attacks in the security information and event management space. Detect and enrich the indicators using ManageEngine Log360.
Why cyber-criminals target Healthcare - Panda Security Panda Security
The healthcare industry is very technologically advanced but it also has huge security flaws, making it an easy target for cyber-criminals. If we add this to the immense amount of highly sensitive information that is managed by hospitals, pharmacies and health insurance providers, plus the high price that it could be sold for on the black market where a medical history is much more valuable than a credit card, we are able to understand how this was the most attacked industry last year.
More details:
http://www.pandasecurity.com/mediacenter/panda-security/panda-security-dissects-cyber-pandemic/
Requirement Based Intrusion Detection in Addition to Prevention Via Advanced ...journal ijrtem
An intrusion detection system (IDS) is designed to monitor all inbound and outbound network
activity and identify any suspicious patterns that may indicate a network or system attack from someone
attempting to break into or compromise a system. IDS is considered to be a passive-monitoring system, since the
main function of an IDS product is to warn you of suspicious activity taking place − not prevent them. An IDS
essentially reviews your network traffic and data and will identify probes, attacks, exploits and other
vulnerabilities. IDSs can respond to the suspicious event in one of several ways, which includes displaying an
alert, logging the event or even paging an administrator. In some cases, the IDS may be prompted to reconfigure
the network to reduce the effects of the suspicious intrusion. The proposed protocol called Password Guessing
Resistant Protocol (PGRP), helps in preventing such attacks and provides a pleasant login experience for
legitimate users. PGRP limits the number of login attempts for unknown users. In additional we propose an attack
detector for cloud spoofing that utilizes MAC (Media access Control) and RSS (Received Signal strength) analysis.
Next, we describe how we integrated our attack detector into a real-time indoor localization system, which is also
capable of localizing the positions of the attackers
http://inarocket.com
Learn BEM fundamentals as fast as possible. What is BEM (Block, element, modifier), BEM syntax, how it works with a real example, etc.
Content personalisation is becoming more prevalent. A site, it's content and/or it's products, change dynamically according to the specific needs of the user. SEO needs to ensure we do not fall behind of this trend.
Succession “Losers”: What Happens to Executives Passed Over for the CEO Job?
By David F. Larcker, Stephen A. Miles, and Brian Tayan
Stanford Closer Look Series
Overview:
Shareholders pay considerable attention to the choice of executive selected as the new CEO whenever a change in leadership takes place. However, without an inside look at the leading candidates to assume the CEO role, it is difficult for shareholders to tell whether the board has made the correct choice. In this Closer Look, we examine CEO succession events among the largest 100 companies over a ten-year period to determine what happens to the executives who were not selected (i.e., the “succession losers”) and how they perform relative to those who were selected (the “succession winners”).
We ask:
• Are the executives selected for the CEO role really better than those passed over?
• What are the implications for understanding the labor market for executive talent?
• Are differences in performance due to operating conditions or quality of available talent?
• Are boards better at identifying CEO talent than other research generally suggests?
How to Build a Dynamic Social Media PlanPost Planner
Stop guessing and wasting your time on networks and strategies that don’t work!
Join Rebekah Radice and Katie Lance to learn how to optimize your social networks, the best kept secrets for hot content, top time management tools, and much more!
Watch the replay here: bit.ly/socialmedia-plan
Each technological age has been marked by a shift in how the industrial platform enables companies to rethink their business processes and create wealth. In the talk I argue that we are limiting our view of what this next industrial/digital age can offer because of how we read, measure and through that perceive the world (how we cherry pick data). Companies are locked in metrics and quantitative measures, data that can fit into a spreadsheet. And by that they see the digital transformation merely as an efficiency tool to the fossil fuel age. But we need to stretch further…
AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...IJNSA Journal
End users are increasingly vulnerable to attacks directed at web browsers which make the most of popularity of today’s web services. While organizations deploy several layers of security to protect their systems and data against unauthorised access, surveys reveal that a large fraction of end users do not utilize and/or are not familiar with any security tools. End users’ hesitation and unfamiliarity with security products contribute vastly to the number of online DDoS attacks, malware and Spam distribution. This work on progress paper proposes a design focused on the notion of increased participation of internet service providers in protecting end users. The proposed design takes advantage of three different detection tools to identify the maliciousness of a website content and alerts users through utilising Internet Content Adaptation Protocol (ICAP) by an In-Browser cross-platform messaging system. The system also incorporates the users’ online behaviour analysis to minimize the scanning intervals of malicious websites database by client honeypots. Findings from our proof of concept design and other research indicate that such a design can provide a reliable hybrid detection mechanism while introducing low delay time into user browsing experience.
Safeguarding the Digital Realm Understanding CyberAttacks and Their Vital Cou...cyberprosocial
With the digital world becoming an essential aspect of our connected environment, there is always a risk of cyberattacks. The phrase "CyberAttacks" refers to a broad category of malevolent actions directed towards computer networks
ONTOLOGY-BASED MODEL FOR SECURITY ASSESSMENT: PREDICTING CYBERATTACKS THROUGH...IJNSA Journal
The prediction of attacks is essential for the prevention of potential risk. Therefore, risk forecasting contributes a lot to the optimization of the information security budget. This article focuses on the ontology and stages of a cyberattack. It introduces the main representatives of the attacking side and describes their motivation.
Information Securityfind an article online discussing defense-in-d.pdfforladies
Information Security
find an article online discussing defense-in-depth. List your source and provide a paragraph
summary of what the article stated.
Solution
Abstract
The exponential growth of the Internet interconnections has led to a significant growth of cyber
attack incidents often with disastrous and grievous consequences. Malware is the primary choice
of weapon to carry out malicious intents in the cyberspace, either by exploitation into existing
vulnerabilities or utilization of unique characteristics of emerging technologies. The
development of more innovative and effective malware defense mechanisms has been regarded
as an urgent requirement in the cybersecurity community. To assist in achieving this goal, we
first present an overview of the most exploited vulnerabilities in existing hardware, software, and
network layers. This is followed by critiques of existing state-of-the-art mitigation techniques as
why they do or don\'t work. We then discuss new attack patterns in emerging technologies such
as social media, cloud computing, smartphone technology, and critical infrastructure. Finally, we
describe our speculative observations on future research directions.
A multi-layered approach to cyber security utilising machine learning and advanced analytics is
essential to defend against sophisticated multi-stage attacks including:
Insider Threats | Advanced Human Attacks | Supply Chain Infection | Ransomware |
Compromised User Accounts | Data Loss
Prepare for a cyber security incident or attack and how to adequately manage the aftermath with
an organised approach to Incident Response – coordinating resources, people, information,
technology and complying with regulations.
INSIDER THREATS
Insider threat can originate from employees, contractors, third party services or anyone with
access rights to your network, corporate data or business premises.
The challenge is to identify attacks and understand how they develop in real-time by analysing
and correlating the subtle signs of compromise that an insider makes when they infiltrate the
network.
Traditional security measures are no longer sufficient to combat insider threat. A more
sophisticated, intelligence-based approach is required. Cyberseer uses machine-learning
technology to form a behavioural baseline for every user to determine normal activity and spot
new, previously unidentified threat behaviours. The move to a more proactive approach towards
security will enable companies to take action to thwart developing situations escalating into
exfiltrated information or damaging incidents.
ADVANCED HUMAN ATTACKS
Advanced threats use a set of stealthy and continuous processes to target an organisation, which
is often orchestrated for business or political motives by individuals (or groups). The “advanced”
process signifies sophisticated techniques using malware to exploit vulnerabilities in
organisations systems. They are considered persistent because an external command and control
system .
Network Threat Characterization in Multiple Intrusion Perspectives using Data...IJNSA Journal
For effective security incidence response on the network, a reputable approach must be in place at both protected and unprotected region of the network. This is because compromise in the demilitarized zone could be precursor to threat inside the network. The improved complexity of attacks in present times and vulnerability of system are motivations for this work. Past and present approaches to intrusion detection and prevention have neglected victim and attacker properties despite the fact that for intrusion to occur, an overt act by an attacker and a manifestation, observable by the intended victim, which results from that act are required. Therefore, this paper presents a threat characterization model for attacks from the victim and the attacker perspective of intrusion using data mining technique. The data mining technique combines Frequent Temporal Sequence Association Mining and Fuzzy Logic. Apriori Association Mining algorithm was used to mine temporal rule patterns from alert sequences while Fuzzy Control System was used to rate exploits. The results of the experiment show that accurate threat characterization in multiple intrusion perspectives could be actualized using Fuzzy Association Mining. Also, the results proved that sequence of exploits could be used to rate threat and are motivated by victim properties and attacker objectives.
Safeguarding the Digital Realm: Understanding CyberAttacks and Their Vital Co...cyberprosocial
With the digital world becoming an essential aspect of our connected environment, there is always a risk of cyberattacks. The phrase “CyberAttacks” refers to a broad category of malevolent actions directed towards computer networks, systems, and data. As technology develops, cybercriminals’ strategies also advance with it.
A predictive framework for cyber security analytics using attack graphsIJCNCJournal
Security metrics serve as a powerful tool for organizations to understand the effectiveness of protecting computer networks. However majority of these measurement techniques don’t adequately help corporations to make informed risk management decisions. In this paper we present a stochastic security framework for obtaining quantitative measures of security by taking into account the dynamic attributes associated with vulnerabilities that can change over time. Our model is novel as existing research in attack graph analysis do not consider the temporal aspects associated with the vulnerabilities, such as the availability of exploits and patches which can affect the overall network security based on how the vulnerabilities are interconnected and leveraged to compromise the system. In order to have a more realistic representation of how the security state of the network would vary over time, a nonhomogeneous model is developed which incorporates a time dependent covariate, namely the vulnerability age. The daily transition-probability matrices are estimated using Frei's Vulnerability Lifecycle model. We also leverage the trusted CVSS metric domain to analyze how the total exploitability and impact measures evolve over a time period for a given network.
Optimised Malware Detection in Digital Forensics IJNSA Journal
On the Internet, malware is one of the most serious threats to system security. Most complex issues and problems on any systems are caused by malware and spam. Networks and systems can be accessed and compromised by malware known as botnets, which compromise other systems through a coordinated attack. Such malware uses anti-forensic techniques to avoid detection and investigation. To prevent systems from the malicious activity of this malware, a new framework is required that aims to develop an optimised technique for malware detection. Hence, this paper demonstrates new approaches to perform malware analysis in forensic investigations and discusses how such a framework may be developed.
Modification data attack inside computer systems: A critical reviewCSITiaesprime
This paper is a review of types of modification data attack based on computer systems and it explores the vulnerabilities and mitigations. Altering information is a kind of cyber-attack during which intruders interfere, catch, alter, take, or erase critical data on the personal computers (PCs) and applications through using network exploit or by running malicious executable codes on victim's system. One of the most difficult and trendy areas in information security is to protect the sensitive information and secure devices from any kind of threats. Latest advancements in information technology in the field of information security reveal huge amount of budget funded for and spent on developing and addressing security threats to mitigate them. This helps in a variety of settings such as military, business, science, and entertainment. Considering all concerns, the security issues almost always come at first as the most critical concerns in the modern time. As a matter of fact, there is no ultimate security solution; although recent developments in security analysis are finding daily vulnerabilities, there are many motivations to spend billions of dollars to ensure there are vulnerabilities waiting for any kind of breach or exploit to penetrate into the systems and networks and achieve particular interests. In terms of modifying data and information, from old-fashioned attacks to recent cyber ones, all of the attacks are using the same signature: either controlling data streams to easily breach system protections or using non-control-data attack approaches. Both methods can damage applications which work on decision-making data, user input data, configuration data, or user identity data to a large extent. In this review paper, we have tried to express trends of vulnerabilities in the network protocols’ applications.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Epistemic Interaction - tuning interfaces to provide information for AI support
Malware Risk Analysis on the Campus Network with Bayesian Belief Network
1. International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.4, July 2013
DOI : 10.5121/ijnsa.2013.5409 115
Malware Risk Analysis on the Campus Network
with Bayesian Belief Network
Aliyu Mohammed, Haitham A. Jamil, Sulaiman Mohd Nor, Muhammad Nadzir
Marsono
Department of Microelectronic and Computer Engineering
Universiti Teknologi Malaysia
Faculty of Electrical Engineering,
Skudai, 81310, Johor Malaysia
maliyyu@fkegraduate.utm.my, sulaiman@fke.utm.my, nadzir@fke.utm.my
haithamjamil@gmail.com
ABSTRACT
A security network management system is for providing clear guidelines on risk evaluation and assessment
for enterprise networks. The threat and risk assessment is conducted to safeguard enterprise network
services to maintain system confidentiality, integrity, and availability through effective control strategies.
In this paper, based on our previous work in analyzing integrated information security management and
malware propagation on the campus network through mathematical modelling, we proposed Bayesian
Belief Network with inference level indicator to enable the decision maker to understand and provide
appropriate mitigation decisions on the risks posed. We experimentally placed monitoring sensors on the
campus network that gives the threat alert priority levels and magnitude on the vulnerable information
assets. These methods will give a direction on the belief inferred due to malware prevalence on the
information security assets for better understanding.
KEYWORDS
Network security; malware propagation modelling; Bayesian Belief Network; risk and threats
1. INTRODUCTION
Most available malicious software (adware and spyware) affect users’ productivity, compromise
their privacy, and modify (damage) system assets. We determine relations between the infection
distribution and also the status of the infected system to estimate the general effect on the
enterprise network. The methodology presented within this paper determines and discusses the
following concepts: (i) Infections and probability types of occurrences triggered by malware. (ii)
Risk computation with uncertainty compensation of infection and recovery models based on
Bayesian Belief Network. The risk evaluation is based on the relationships among the most
critical assets, and threats that are likely to those assets and their vulnerability impacts. This
findings can then be applied for mitigation and control countermeasures for the organizations
infrastructural assets being at risk[1].
The prevalence of malware propagation on the Internet and the campus network in general has
caused the loss of data and vital information. Experts in information security agree that data
breaches are one of the inherent costs of doing business online[2]. Organizations must take
necessary steps to safeguard customer information and provide proper risk management processes
that could be carried out should a data breach occur. The recent data breach report indicates that
the Federal Trade Commission (FTC - US) brought suit against hospitality giant Wyndham
Worldwide in late June 2012 for allegedly exposing 619,000 consumer payment account numbers
2. International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.4, July 2013
116
to a domain in Russia. This is despite the FTC claims on the defendants’ failure to maintain
reasonable security allowing intruders to obtain unauthorized access. This results in $10.6 million
fraudulent charges dating back to 2008 according to court documents. The FTC reported that
identity theft and other scams cost Americans $1.52 billion in 2011. This is despite all efforts to
combat such theft, it is still on the rise[2].
Bayesian Belief Network provides the understanding to enable the containment of malware
propagation based on the risk posed by the malware threat. The BBN has both the quantitative
and qualitative abilities to effectively measure the prevalence of the malware risk factor on the
vulnerable assets. The BBN inference support system is a tool that correlates and give causal
relationships that exist between risk factors and risk key indicators with their associated
operational attributes [3].
The paramount question that is always being asked is how do we effectively understand the
magnitude of malware propagation and prevalence on the network assets? How do we present an
understandable risk assessment to the decision maker for easy decision? To answer these
questions we have to look at the inner operations of BBN and the enterprise risk assessment and
evaluation with a view to understand the effects of malware prevalence on network assets.
Risk assessment handles the evaluation of the current risk factor status that is based on the
probability and also the consequence of occurrence. It suggests that when the Bayesian Network
model is built, it allows the organization to have the understanding of various choices in the
network structure. This network probability updating will not only continuously cuts down on the
data uncertainty, it offers the enterprise the risk scenario with real-time and up-to-date
analysis[4].The composite risk probability concept for the generation of attack data, as well as
connected risk assessment approach utilizing a homogeneity method for fast evaluation of large
systems needs to be considered[5]. A technique for lifecycle information security risk assessment
which provides helpful guidance just before beginning a risk assessment process is desirable. At
the moment, within our knowledge, research regarding how to utilize Bayesian Belief Network
(BBN) inference using both available data and evidence based information on malware
prevalence on the network infrastructure is very limited. However, there is an increasing curiosity
about how we can apply Bayesian Network (BNs) using both data plus some evidence
information to understand the magnitude of malware propagation prevalence and damages to
network infrastructure[6].A good example of decision analysis of statistical distribution denial-of-
service (DoS) flooding attacks was presented by Li et.al[7].
The remainder of this paper is structured as follows. Section II describes briefly the mathematical
modelling and tools for the malware propagation capture and analysis. The section also describes
the basic principles of Bayesian Belief Network (BBN). This includes the probabilistic
conditional inferences and decision analysis on risk due to threats and vulnerability issues.
Section III discusses the implementation of Bayesian Belief Network and its application towards
the prevalence of malware on the network. This is to assess risk as a factor of threat, vulnerability
and cost impact on the enterprise assets; based on the malware propagation prevalence on the
campus network. Finally, some concluding remarks for future works is made in section IV.
3. International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.4, July 2013
117
2.MODELLING OF MALWARE PROPAGATION AND
STATISTICAL CAPTURE TOOLS
2.1 Identifying Threats to Information Assets
The question to ask when conducting a risk analysis on how to prevent information theft is,
“What can happen to our information?” The answers are long but broadly classified to include the
following: (i) Virus infecting server that stores the data and tries to corrupt the files (ii) Trojan
horse copying sensitive and personally identifying information to be transmitted to an attacker’s
FTP site. (iii) Staff leaving a backdoor in an application to steal or destroy information, (iv)
Employee can lose a laptop with vital information; (v) Denial of Service (DoS) attacks can affect
key database and applications. Enterprises must protect the privacy of information regardless of
where or how it is stored. Figure 1 shows a typical scenario for a campus network on how
sensors are placed with other articulated control measures and mitigation strategies. We are
interested to know in this typical scenario, how malware propagates through a campus network.
With appropriate mathematical SIR (susceptible, infectious and recovered) epidemiological
model parameter analysis will allow for observing the propagation trend as explained in the next
section.
Figure1. Tools for statistical data collection on the campus network
2.2 Modelling of Malware Propagation on the campus network
The simplest SIR model that was described by Kermack and Mckendrick in 1927[8] is regarded
as the most famous mathematical model for the spread of infectious disease. The population is
grouped into three: susceptible (S), infected (I), and recovered (R). A susceptible host (S) is a host
in which the operating system, applications and anti-virus are not updated and thus is vulnerable
to attacks. With the right code triggered, a susceptible host can be changed to be in the infected
state easily. This happens when the user (host) visits a malicious web site, when a malware is
transferred to the rest via a thumb drive or re-infected via the network (including mail
attachment). An infected host (I) will remain in this state until the host is cleaned. The
prerequisite for the host to be cleaned is that the signature must be available and the host scanned
and cleaned of the malware. This will move the host from the infected state to the recovered state.
The recovery state (R) takes place when the host has now recovered and is cleaned from the
particular malware type. The recovery is through the use of end-user antivirus, updates and patch
management. At this stage it is assumed that the host is immune from this malware. However, the
host is still considered susceptible from other malware especially zero-day malware. The SIR
model is easily written using ordinary differential equation which implies a deterministic model
4. International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.4, July 2013
118
with continuous time. The SIR model for spread of disease was considered and based on the
background of the virulent new strains. The population is assumed fixed during the epidemic in
the SIR model. Based on this, the modelling is to first identify the independent and dependent
variables, where the independent variable is time t to be measured in days or weeks. Further
modelling works that consider the two-factor model is discussed in[9-11] while the handling of
removal rate with effects of quarantine is discussed in [12,13].
The parameters used for the SIR modelling are described as: Sn (t) is the number of susceptible
hosts at time t, In (t) is the number of infected hosts at time t, Rn (t) is the number of recovered
hosts at time t, β is the average number of adequate contacts (i.e. Contacts sufficient for infection)
of host per unit time. Thus, β is also known as the infection rate, r is the recovery rate, t is the unit
time and N is the total number of host on the network with n as the infinitesimal increase in the
total population of hosts[14,15]. Thus, the SIR model ordinary differential equations are:
1N
S
dt
dS nn
−= (1)
When rationalized with n changes to (i) susceptible, thus
dt
N
S
dS
i
i
−= , and the susceptible increases from i to i+1
iii dSSS −=+1
Also the infectious hosts are differentiated with respect to Sn/N1
( ) 1
1
11
N
SN
r
N
S
d
dIn nn
N
S n
−
−= (2)
Rationalizing from n==i, and i+1==n
i
i
i
ii
i
i
N
S
d
N
SN
r
N
S
dI
−
−−= 22
Where dIII ii +=+1
1
1
N
SN
rIn
dt
dRn n−
−= (3)
dt
N
SN
rIdR
i
ii
i
−
−=
where iii dRRR +=+1
2.3 The Bayesian Belief Network Principles
The essence of the Bayesian approach is to provide a mathematical rule explaining how it should
change existing beliefs in the light of new evidence. In other words, it allows scientists to
combine new data with their existing knowledge or expertise.
Mathematically, the Bayes' rule states
5. International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.4, July 2013
119
.arg
*
likelihoodinalm
priorLikelihood
Posterior
⋅
= ; ( ) ( ) ( )
( )eP
rRPrReP
erRP
==
==
|
| (4)
Where ( )erRP |= denotes the probability that random variable R with value r given the
evidence e. The factor in the denominator is just a normalizing constant that ensures that the
posterior adds up to 1. These can be computed by summing up the numerator over all possible
values of R; meaning that:
( ) ( ) ( ) ( ) ( )rRPrRerPsumeRPeRPeP ==⋅=+=+== |..,1,0 (5)
This procedure in equation (5) is termed as the marginal likelihood (as we have marginalized out
over R) and provides the prior probability of the evidence. Thus, the concept of the child, parent,
consequence and the conditionality’s are as depicted through the deduction and abduction process
as in [16] and discussed further in [16,17].
Bayesian Belief Network inference System is a theory that complements reasoning under
uncertainty by delivering a coherent framework to create a decision in compliance while using
preferences from the decision manager [18]. Decision theories provided an axiomatic reason for
preferences and represented graphically by decision trees and influence diagrams. The influence
diagram includes probabilistic dependencies between variables, such as the Bayesian Belief
Network. However, influence diagrams contain decision nodes that provide choices and value
nodes that provide utility measures.
A Bayesian network consists of a graphical structure that encodes domain variables, were the
qualitative and quantitative relationships between them provides for the encoding probabilities
over the given variable[19]. According to Heckerman [20],a Bayesian network can be considered
as a set of variables X that relates to network structure S that tries to encode a set of conditional
independence factors about the variables in X, and a set of P being a local probability
distributions associated with each set of the variable. Conditional independencies in S encodes
that there are no arcs that relate them. In a given structure S, the joint probability distribution for
X can be depicted by the equation:-
( ) ( )∏−
=
n
i
ii paxpxp
1
| (6)
These local probability distributions P corresponds to the terms of the products indicated in
equation 6 above. This show the pair of (S, P) are the joint distribution of p(x).
These Bayesian Network can be defined as follows: -
( )PSBN ,= ( ) }{ ijiij paXXXXXS ∈∈= ,|, ; ( ){ }XXpaXpP iii ∈= || (7)
The quantitative aspect of Bayesian Belief networks enables for accommodating subjective
judgments (expert opinions) as well as probabilities that are based on objective data[21]. In
general, we use the Bayesian network typically to compute all probabilities of interest since a
Bayesian network for X determines a joint probability distribution for X. For example, P (f | a, b,
c, d, e), is the probability of f following the observations of the other variables (a, b, c, d, e), and
can be computed as follows:
( ) ( )
( )edcbaP
fedcbaP
edcbafP
,,,,
,,,,,
,,,,| = ( )
( )∑
=
'
,,,,,
,,,,,
'
f
edcbafP
fedcbaP (8)
6. International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.4, July 2013
120
2.3.1 Modelling Process in Bayesian Network
Figure2. Modelling parameter with Bayesian Network.
Figure2 shows concise principles of Bayesian network. It indicates the relations that exist
between two variables X1 and X2. The two variables are in binary structure whose values ranges
from 0 (false) or 1 (true). The causality response that exists between each node is represented
through a conditional probability table (CPT). The table brings out the relationship between the
parent node X1 and the child node X2 with an arrow that shows their relationship.
Given the value of the variable X1=1 on the parent node, the conditional probability effect of the
child node P(X2/X1) is determined through the CPT. Based on the marginalization process
outlined by authors in[22], the probability of P(X2=1) can be derived and computed from the
equation 9 as:
∑ ∑
∑
= =
=
=
== 1
0
1
0
112
1
0
112
2
1 2
1
)(*)/(
)(*)/1(
)1(
X X
X
XPXXP
XPXXP
XP (9)
In this case the causal relations between risk events can be defined with Bayesian network with
only two or more nodes. This includes the two nodes of Figure 2 as minimum units. The
conditional probability of the target node will be improved based on additional observation on the
information from the parent or the child nodes. Further details on Bayesian network modelling
can be found in [22][3].
2.4 Effects of Connectivity and control countermeasures
The malware propagation ability can be understood through the factor of connectivity and control
as it relates to cause effect consequences. The connectivity is the measure of rate of propagation
of the malware on the network that results in determining the risk due to the threats posed on the
network. In order to understand and appreciate the cause effect due to connectivity and control
measures, we employ the Bayesian Network modelling tool GeNIe. This is indicated with the
cause (trigger), the risk event (effect) and the consequence (resulting factor). The magnitude is
checked through the control measure as in Figure 3.
7. International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.4, July 2013
121
Figure 3. E-mail connectivity through cause effect factor
The issue of control is a measure of effectiveness of the available countermeasure that can be
applied to reduce the impact before it happens. While mitigation process takes place after the
consequence in order to proffer for possible remedy. The cause, effect, and consequence depicted
in the Figure 3 through the use of the rate of propagation parameter considered in the modeling
section. The mitigation helps to finding remedy for the aftermath effect.
3.Implementation using Bayesian Belief Network System to Model
Malware Risk
The Bayesian Belief Network is effective and has adequate technique for modelling, measuring
and to a certain extent managing the characteristics of malware propagation risk on the network
environment. This is with a view to protect the campus information assets. This is achieved
through the use of prior knowledge of the causal risk factors and the possible probabilistic
reasoning concept of the systems. In a nut shell, the Bayesian Belief analysis is to allow for
improving the prior determined factors values in the effect of any additional information obtained
about the variables in the network. This is for building the conditional probability table (CPT),
when such similar information’s are not available; the tables could be built based on opinion
results. The assets risk models might be readily developed utilizing a graphical Bayes internet
editor like the GeNIe application program [23].
Let’s look at a situation when a Trojan malware propagates through a network of nodes. A model
developed with the basic SIR model based on the typical epidemic modelling is considered and
applied. The epidemic models generally explain the rapid outbreak that occurs in the network
environment for a period of less than one year. While it becomes endemic if the scenario persist
and extend to a longer period. The present situation is that we based our study on situation that
the propagation malware attack in the analysis is a single class type. The experimental modelling
simulation of worm propagation based on the SIR model is discussed in the next section.
3.1 Worm Propagation based on SIR Model Simulation
The three worm propagation parameters S, I, and R derived from equations (1), (2) and (3) were
coded with MATLAB simulation. The parameters were based the experimental data obtained
8. International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.4, July 2013
122
from Snort sensors placed on the campus network. The Experiment was for a period of seven
days. The propagation rate parameter β and r are infection rate and removal rate respectively were
determined through the generated data from the sensor and simulated. The same parameters were
simulated using the Netlogo system software to provide for similarity understanding as shown in
Figures 4 (a) and (b). The initial condition for the parameters is as follows: - 1=∆t
; 7:1=t ; 50=iS ; 0=iI ; 0=iR ; 100=N ; 2.0;50 == r . While the initial values are
based on the campus network segment with N number of hosts, time t is for seven days. The
infection rate and removal rate are conceptualized for the purpose of simulation based on the
population considered during the experiment. Further details on the campus network worm
propagation modelling can be found in [24].
(a)
(b)
Figure4. (a) Mathematical and (b) Simulation Model Parameters
The Figures 4(a, b) above shows the typical worm spread observed for a period of some days on
the campus network environment. The Snort sensor was used on the various campus network
segments, which includes the colleges, academic areas, and the administrative environment. The
results are analyzed to see the effect as it applies to the topological trend of the network. The
characteristics for the worms are based on the propagation effect for a period of seven days in
Figure 4(a), and that of (b) is for a time tick scenario. The parameters of the model was used and
9. International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.4, July 2013
123
translated into the parameters in the Netlogo software. This is through observing the trend of the
propagation parameters in comparison to what was obtain from the Matlab simulation. The
propagation characteristics of the parameters applied with Netlogo provides a similarity trend that
indicates consistency in the shape of the three varying factors SIR. The propagation parameters
(infection rate, removal rate, magnitude, and impact) will be translated and rationalized into
fitting it with the Bayesian network for inference. Thus risk as a result of the threat posed by the
malware will be determined and presented for easier understanding and to allow for providing
mitigation strategies.
3.1.1 Malware alert from monitoring sensor
The monitoring sensor snort IDS was configured for a period of time on the campus
network segment during the experimental phase. The malware alert recorded shows the
class types of worm variants that are infecting hosts on the network. The trend was
observed and a typical malware labelled as ET Trojan TinyPE will be used in this study to
understand the likely risk it will pose based on the rate of infection and impact on the assets.
(a)
(b)
Figure5 (a, b). ET Trojan TinyPE Worm Propagation (1:2008576:3)
3.2 Probability Factor Analysis with BBN
In order to estimate the risk posed by this particular worm, we will start by looking at risk and its
dependencies. As we know, risk is a function of threat, vulnerability and cost. In this case, the
10. International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.4, July 2013
124
threat will be caused by this worm. We then consider factors that influence the threat (i) the
severity level of the worm and (ii) the rate by which the worm is propagating in the network.
Vulnerability is a measure of the degree of exploits that is available to the threats. The causes are
as mentioned, unpatched system, antivirus with non updated signatures etc. Costs in this case will
be the degree of loss incurred after the exploits has taken place.
Thus the initial equation of risk,
Risk = f (threat, vulnerability, cost), becomes
Risk = f (severity level, rate of propagation, vulnerability, cost)
A host can only be infected if it is vulnerable. The degree of vulnerability together with the rate of
worm propagation will generate the rate by which the hosts will be infected. Thus the above
equation can be simplified to be
Risk = f (severity level, rate of infected hosts, cost)
The rate can be number of hosts infected per minute, hour or day. This rate will depend on how
fast we want to update our BBN model.
Based on this, in the BBN model the CPT factors that will be used in the calculation of the risk
are:
(1) Severity level
(2) Rate of infected hosts
(3) Cost
Next, we will determine the parameter ratings that will be used for each of the factor mentioned
above. We will use a simple BBN model to illustrate this idea. Also in the illustration, the BBN
Model is used for the effects of a single worm. In reality we will have to consider the joint effects
of multiple malware. This will be discussed in some other paper.
Severity level:
The severity level of a particular malware will be based on the severity level assignment given by
Snort. Snort assigns a seventy level of I, II, Ill and IV, I being the most severe and IV the least.
We assign a probability of 0.4 to I, 0.3 to II, 0.2 to III and 0.1 to IV to reflect the degree of
severity.
Rate of infected hosts:
Rate of host infected is obtained from the propagation parameter of Trojan malware captured for
the period of seven days as shown from the graph in the paper. Figure 5b, indicates that the total
host population on the segment is = 15000, while the infected host for one day is = 5000.
Therefore rate of infected host = 5000/ 15000 = 0.33 for that particular day. This is updated for
following days.
Cost:
To simply the discussion, the cost impact rating for a particular segment is either 0 or 1. 0 implies
the segment does not have important and critical assets whilst 1 is the reverse. We can assign a
more fine grain level, e.g. network segment with critical servers would be assigned the highest
value, segment with admin group a second level until the lowest least critical segment.
Using the above, we now proceed to develop the BBN risk model and study few scenarios. These
scenarios include the extreme case of all metrics in the above factors having the highest values
11. International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.4, July 2013
125
where we expect the risk generated to be the highest to all low where the risk will be the lowest
and in between.
The following is the BBN model with the CPT and the resulting risks.
Figure 6a. BBN Malware Propagation Risk Analysis (highest risk)[23].
Figure 6b. BBN Malware Propagation Risk Analysis (lowest risk)
Figure 6c. BBN Malware Propagation Risk Analysis (lowest risk)
12. International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.4, July 2013
126
Figure 6d. The CPT with an evidence set at high severity level
3.3 Analysis and discussion
The results of the experiments presented in Figure5 (a, b) is the propagation characteristics of the
malware variants as alerted by the monitoring snort sensor on the network. The threats posed by
the malware are being determined based on the infection rate, severity, impact and the rate of the
false positive factor. This is the criteria used for the calculation of the risk and threat rating
factor. The use of Bayesian network with probabilities can be analyzed through the parameters
that are critical to the risk factor for the particular vulnerable asset. The worm propagation
parameter determines the level of threat; the vulnerability factors are based on the available
control to the network infrastructural assets. Although, the result only considers a single type of
malware and host IP with varying propagation rate on a particular network segment using BN. In
future, we will consider multiple malware variants on various network segments on the campus
network and use the result to determine the aggregated risk and threat rating in order to present a
concise output on a dashboard. The work will be on the applications of the BN approach together
with other decision support techniques to present an easily understandable output for the decision
maker and security management team to view and provide for effective control and mitigation
strategies. This specifically will be based on campus network infrastructural information security
assets.
4. CONCLUSION
The understanding of threat analysis methods provides effective ways of differentiating between
what are actual and perceived risk on the network. Therefore, risk evaluation is a kind of
challengeable task and is undoubtedly a long term issue to enable for the running of robust
campus networks infrastructure. The evaluation result goes a long way in helping the
management to improve on the levels of information security system of the organization. Clear
understanding of malware and virus and their associated propagation mechanism structure that
forms the attacks channels is a critical part in recognizing how effectively protecting against the
overall threats and risks on the campus network environment. The security network management
system based on Bayesian Belief system provides a clear understanding ability to inform for
management policy implementation and pave way for a better decision making. We provided
through analysis the ability to have a comparable concept of malware prevalence and impact
through Bayesian Belief Network inference systems. The inference engines overall importance in
13. International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.4, July 2013
127
measuring and understanding of threats and information security risk management as a view point
of enterprise and academic computing environment. These consequences provide the enabling
ground for effective control and mitigation strategies to be in place. With this concept, it can
provide for understanding whether organizational security investments paid off or not through a
measure based on belief network inference decision[25]. As an on-going research activity, it is
expected that we will extend the inference analysis and decision support system with the campus
network assets assessment results through a comprehensive network security framework. The
framework will aim at providing an enabling ground for effective control and safeguards of the
infrastructural assets on the network.
REFERENCES
[1] O. Oriola, A. B. Adeyemo, and O. Osunade, "Network Threat Characterization in Multiple
Intrusion Perspectives using Data Mining Technique," International Journal of Network Security &
Its Applications (IJNSA), vol. Vol.4, No.6, 2012.
[2] K. Liyakasa, "Cracking the Code on cyber crimes," www.detinationCRM.com 2012.
[3] N. Fenton and M. Neil, "The use of Bayes and causal modelling in decision making, uncertainty
and risk " 2011.
[4] P. Weber, G.Medina-Oliva, C.Simon, and B.Iung, "Overview on Bayesian networks applications
for dependability,risk analysis and maintenance areas," Elsevier -Engineering Applications of
Artificial Intelligence, 2012.
[5] S. Kondakci, "A Composite Network Security Assessment," The Fourth International Conference
on Information Assurance and Security,IEEE, 2008.
[6] R. Bernard, "Information Lifecycle Security Risk Assessment: A tool for closing security gaps,"
Science Direct- Computers and Security, 2007.
[7] M. Li. and C. Chi., "Decision analysis of statistically detecting distributed denial-of-service
flooding attacks," International Journal of Information Technology & Decision Making, vol. Vol. 2,
No. 3, 2003.
[8] W. O. Kermack and A.G.Mckendrick, "Contributions of Mathematical Theory to epidemics,,"
proceeding of the Royal Society of London, vol. vol.141, pp. 94 - 122, 1933.
[9] C. Shin-Ming, A. Weng-Chon, C. Pin-Yu, and C. Kwang-Cheng, "On Modeling Malware
Propagation in Generalized Social Networks," Communications Letters, IEEE, vol. 15, pp. 25-27,
2011.
[10] J. Wang, C. Xia, and Q. Liu, "A novel Model for the Internet Worm Propagation," IEEE, 2010.
[11] S. Fei, L. Zhaowen, and M. Yan, "Modeling and Analysis of Internet worm propagation," Scince
Direct, vol. 17(4), pp. 63-68, 2010.
[12] Y. Yao, H. Guo, G. Yu, and F.-x. Gao, "Discrete-Time Simulation Method for Worm Propagation
Model with Pulse Quarantine Strategy," Procedia Engineering, vol. 15, pp. 4162-4167, // 2011.
[13] C. C. Zou, W. Gong, and C. Towsley, "Worm Propagation Modelling and Analysis under Dynamic
Quarantine Defense," ACM, 2003.
[14] M. G. Roberts and J.A.P.Heesterbeek, "Mathematical Models in Epidemology," In mathematical
models, in Encyclopedia of ilfe Support System ( EOLSS), 2003.
14. International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.4, July 2013
128
[15] Y. Wang, J. Li, K. Meng, C. Lin, and X. Cheng, "Modeling and security analysis of enterprise
network using attack–defense stochastic game Petri nets," Security and Communication Networks,
Published online in Wiley Library, 2012.
[16] A. Josang, "Conditional Reasoning with Subjective Logic," Journal of Multiple-Valued Logic and
Soft Computing vol. 15(1), pp. pp. 5-38, 2008
[17] R. C. Stalnaker, "A theory of Conditionals," 1970.
[18] G. Yap, A. Tan, and H. Pang, "Explaining Inferences in Bayesian Networks," 2007.
[19] J. Pearl, " Probabilistic reasoning in intelligent systems " Morgan Kaufmann, San Mateo, CA, ,
1988.
[20] D. Heckerman, "Bayesian Networks for Data Mining," Data Mining and Knowledge Discovery,
1997.
[21] A. Janjic, Z. Stajic, and I. Radovic, "A Practical Inference Engine for Risk Assessment of Power
Systems based on Hybrid Fuzzy Influence Diagrams," Latest Advances in Information Science,
Circuits and Systems, 2011.
[22] S. Russell and P. Norvig, Eds., Artificial intelligence: A modern approach. Prentice Hall, 1995.
[23] Decision Systems Laboratory, University of Pittsburgh, and N. B. f. Avenue, "GeNIe," 2007.
[24] A. Mohammed, S. M. Nor, and M. N. Marsono, "Network Worm Propagation Model Based on a
Campus Network Topology," in Internet of Things (iThings/CPSCom), 2011 International
Conference on and 4th International Conference on Cyber, Physical and Social Computing, 2011,
pp. 653-659.
[25] T. K. Tsiakis and G. D. Pekos, "Analysing and determining Return on Investment for Information
Security," International Conference on Applied Economics – ICOAE, 2008.