Information Security Commons^™

Ramping Down Chinese Commercial Cyber Espionage, Emilio Iasiello

Emilio Iasiello

While detractors believe that commercial cyber espionage hasn’t really stopped, recent Chinese efforts show a government trying to get a handle on its large spying apparatus that could include hired and independent contractors acting autonomously in addition to its other resources. While complete cessation may never occur, significant timely reduction demonstrates Beijing’s willingness to work with the United States as a partner and not a pariah, and provides a foundation from which the two governments can move forward on other cyber security areas where incongruity persists.

Blackboard-Based Electronic Warfare System, Jeremy Straub

Jeremy Straub

With internet-connected, SCADA and cyber-physical systems becoming the next battlefield for crime and warfare, technologies for defending and attacking these systems are growing in prevalence. For entities with significant asset collections that are prospectively vulnerable to this type of an attack, autonomous response, retaliation and attack capabilities are necessary to respond to a growing threat from numerous sectors. This paper presents a command and control technique for cyberwarfare based on the Blackboard Architecture. It discusses the utility of this approach and proposes a distributed command system that can run across multiple nodes of various types.

Improving Satellite Security Through Incremental Anomaly Detection On Large, Static Datasets, Connor Hamlet, Matthew Russell, Jeremy Straub, Scott Kerlin

Jeremy Straub

Anomaly detection is a widely used technique to detect system intrusions. Anomaly detection in Intrusion Detection and Prevent Systems (IDPS) works by establishing a baseline of normal behavior and classifying points that are at a farther distance away as outliers. The result is an “anomaly score”, or how much a point is an outlier. Recent work has been performed which has examined use of anomaly detection in data streams [1]. We propose a new incremental anomaly detection algorithm which is up to 57,000x faster than the non-incremental version while slightly sacrificing the accuracy of results. We conclude that our method …

Scada System Security: Accounting For Operator Error And Malicious Intent, Ryan Kilbride, Jeremy Straub, Eunjin Kim

Jeremy Straub

Supervisory control and data acquisition (SCADA) systems are becoming more and more com-monplace in many industries today. Industries are making better use of software and large scale control systems to run efficiently, without the need for large amounts of oversight. Security is a particularly large issue with such systems, however. A human must still be involved to ensure smooth operation in the event of catastrophic system error, or unusual circumstanc-es. Human involvement presents problems: operators could make mistakes, configure the system to operate sub-optimally or take malicious actions. This imple-mentation of SCADA security aims to combat these problems.

Are Cyber Weapons Effective Military Tools?, Emilio Iasiello

Emilio Iasiello

Cyber-attacks are often viewed in academic and military writings as strategic asymmetric weapons, great equalizers with the potential of leveling the battlefield between powerful nations and those less capable. More substantive examples demonstrate that cyber-attacks have been more successful in non-military activities, as they may serve as a clandestine weapon of subterfuge better positioned to incapacitate systems without alerting the victims, veiling the orchestrator’s true identity via proxy groups and plausible deniability. Consequently, this paper provides a counter argument to the idea that cyber tools are instrumental military weapons in modern day warfare; cyber weapons are more effective options during …

Small Satellite Communications Security And Student Learning In The Development Of Ground Station Software, Scott Kerlin, Jeremy Straub, Jacob Huhn, Alexander Lewis

Jeremy Straub

Communications security is gaining importance as small spacecraft include actuator capabilities (i.e., propulsion), payloads which could be misappropriated (i.e., high resolution cameras), and research missions with high value/cost. However, security is limited by capability, interoperability and regulation. Additionally, as the small satellite community becomes more mainstream and diverse, the lack of cheap, limited-to-no configuration, pluggable security modules for small satellites also presents a limit for user adoption of security.

This paper discusses a prospective approach for incorporating robust security into a student-developed ground station created at the University of North Dakota as part of a Computer Science Department senior design …

Hacking Back: Not The Right Solution, Emilio Iasiello

Emilio Iasiello

In cyberspace attackers enjoy an advantage over defenders, which has popularized the concept of “active cyber defense”— offensive actions intended to punish or deter the adversary. This article argues active cyber defense is not a practical course of action to obtain tactical and strategic objectives. Instead, “aggressive cyber defense,” a proactive security solution, is a more appropriate option.

Measuring Privacy Disclosures In Url Query Strings, Andrew G. West, Adam J. Aviv

Andrew G. West

Publicly posted URLs may contain a wealth of information about the identities and activities of the users who share them. URLs often utilize query strings (i.e., key-value pairs appended to the URL path) as a means to pass session parameters and form data. While often benign and necessary to render the web page, query strings sometimes contain tracking mechanisms, user names, email addresses, and other information that users may not wish to publicly reveal. In isolation this is not particularly problematic, but the growth of Web 2.0 platforms such as social networks and micro-blogging means URLs (often copy-pasted from web …

Chatter: Classifying Malware Families Using System Event Ordering, Aziz Mohaisen, Andrew G. West, Allison Mankin, Omar Alrawi

Andrew G. West

Using runtime execution artifacts to identify malware and its associated "family" is an established technique in the security domain. Many papers in the literature rely on explicit features derived from network, file system, or registry interaction. While effective, use of these fine-granularity data points makes these techniques computationally expensive. Moreover, the signatures and heuristics this analysis produces are often circumvented by subsequent malware authors.

To this end we propose CHATTER, a system that is concerned only with the order in which high-level system events take place. Individual events are mapped onto an alphabet and execution traces are captured via terse …

Adam: Automated Detection And Attribution Of Malicious Webpages, Ahmed E. Kosba, Aziz Mohaisen, Andrew G. West, Trevor Tonn, Huy Kang Kim

Andrew G. West

Malicious webpages are a prevalent and severe threat in the Internet security landscape. This fact has motivated numerous static and dynamic techniques to alleviate such threats. Building on this existing literature, this work introduces the design and evaluation of ADAM, a system that uses machine-learning over network metadata derived from the sandboxed execution of webpage content. ADAM aims to detect malicious webpages and identify the nature of those vulnerabilities using a simple set of features. Machine-trained models are not novel in this problem space. Instead, it is the dynamic network artifacts (and their subsequent feature representations) collected during rendering that …

Metadata-Driven Threat Classification Of Network Endpoints Appearing In Malware, Andrew G. West, Aziz Mohaisen

Andrew G. West

Networked machines serving as binary distribution points, C&C channels, or drop sites are a ubiquitous aspect of malware infrastructure. By sandboxing malcode one can extract the network endpoints (i.e., domains and URL paths) contacted during execution. Some endpoints are benign, e.g., connectivity tests. Exclusively malicious destinations, however, can serve as signatures enabling network alarms. Often these behavioral distinctions are drawn by expert analysts, resulting in considerable cost and labeling latency.

Leveraging 28,000 expert-labeled endpoints derived from ~100k malware binaries this paper characterizes those domains/URLs towards prioritizing manual efforts and automatic signature generation. Our analysis focuses on endpoints' static metadata properties …

On The Privacy Concerns Of Url Query Strings, Andrew G. West, Adam J. Aviv

Andrew G. West

URLs often utilize query strings (i.e., key-value pairs appended to the URL path) as a means to pass session parameters and form data. Often times these arguments are not privacy sensitive but are necessary to render the web page. However, query strings may also contain tracking mechanisms, user names, email addresses, and other information that users may not wish to reveal. In isolation such URLs are not particularly problematic, but the growth of Web 2.0 platforms such as social networks and micro-blogging means URLs (often copy-pasted from web browsers) are increasingly being publicly broadcast.

This position paper argues that the …

Is Anti-Virus A Necessary Evil?, Umakant Mishra

Umakant Mishra

While everybody is becoming more and more dependent on computers there are some unscrupulous people who continuously try to misuse the technology and get illegal and illegitimate benefit out of this sophisticated environment. Today the Internet is like a busy street or open market place where you find almost everything you want. As there are some obvious risks when you stand or move in a busy street such as you are likely to be pick pocketed or cheated or even knocked out by a rash driving vehicle. Similar threats loom over the head of a user when he is exposed …

How To Implement Access Rights In An Mis Project, Umakant Mishra

Umakant Mishra

The MIS data is critical to an organization and should be protected from misuse by wrong persons. Although The MIS data is typically meant for the senior managers each MIS report may not be required by every manager. The access to MIS data is determined by the role of an individual in the organization and controlled by the MIS administrator accordingly. The access is generally determined by the following parameters, (a) the type of user (such as staff or manager etc.), (b) the type of data (whether general data or managerial data), (c) level of access (read/ write/ admin access) …

How Do Viruses Attack Anti-Virus Programs, Umakant Mishra

Umakant Mishra

As the anti-viruses run in a trusted kernel level any loophole in the anti-virus program can enable attackers to take full control over the computer system and steal data or do serious damages. Hence the anti-virus engines must be developed with proper security in mind. The ant-virus should be able to any type of specially created executable files, compression packages or documents that are intentionally created to exploit the anti-virus’s weakness.

Viruses are present in almost every system even though there are anti-viruses installed. This is because every anti-virus, however good it may be, leads to some extent of false …

Protecting Anti-Virus Programs From Viral Attacks, Umakant Mishra

Umakant Mishra

During a fight between viruses and anti-viruses it is not always predictable that the anti-virus is going to win. There are many malicious viruses which target to attack and paralyze the anti-viruses. It is necessary for an anti-virus to detect and destroy the malware before its own files are detected and destroyed by the malware. The anti-virus may follow thorough testing and auditing procedures to fix all its bugs before releasing the software in the market. Besides the anti-virus may use all the obfuscation techniques like polymorphism that the viruses generally use to hide their codes. This article also shows …

Getting Ahead Of The Threat: Aviation And Cyber Security, Emilio Iasiello

Emilio Iasiello

No abstract provided.

Cyber Attack: A Dull Tool To Sharpen Foreign Policy, Emilio Iasiello

Emilio Iasiello

This paper examines how cyber attacks, if indeed conducted by nation states, have been unsuccessful in supporting states' foreign policy objectives. By analyzing three prominent case studies, I show that as a result of geopolitical tensions, cyber attacks were implemented to further nation state objectives in support of foreign policy considerations and failed to achieve their respective outcomes despite successful deployment against their intended targets. The three case studies, hypothetical scenarios because attribution has not been confirmed, include: (1) the October 2012 distributed denial of service attacks targeting the U.S. banking sector; (2) the 2012 Stuxnet attack against Iran; and …

Contradictions In Improving Speed Of Virus Scanning, Umakant Mishra

Umakant Mishra

Although everything in computing industry moves faster, the processor, memory speed, memory size, storage space etc. there is no improvement in virus scanning time. Although the processing speed has substantially increased, a typical full scanning is still taking several hours for an average computer. There is a serious need to improve the scanning time.

Contradiction is a stage of problem solving where the nature of the actual problem is clearly explained in terms of at least two parameters, one improving and another worsening. While emphasizing one parameter strengthens the system position emphasizing another parameter weakens the system.

In conventional methods …

Finding And Solving Contradictions Of False Positives In Virus Scanning, Umakant Mishra

Umakant Mishra

False positives are equally dangerous as false negatives. Ideally the false positive rate should remain 0 or very close to 0. Even a slightest increase in false positive rate is considered as undesirable.

Although the specific methods provide very accurate scanning by comparing viruses with their exact signatures, they fail to detect the new and unknown viruses. On the other hand the generic methods can detect even new viruses without using virus signatures. But these methods are more likely to generate false positives. There is a positive correlation between the capability to detect new and unknown viruses and false positive …

Methods Of Repairing Virus Infected Files, A Triz Based Analysis, Umakant Mishra

Umakant Mishra

Some computer viruses damage the host file during infection either partially or fully. These types of viruses are known as “file modifying viruses”. In these cases, the chance of recovery is less, but the anti-virus has to apply various methods with hope. The virus cleaner must know the characteristics of a virus in order to remove that virus. It cannot remove an unknown virus whose methods of infection are not known. If a virus is wrongly detected to be a different virus, then the cleaner will do wrong operations and build a garbage file.

Most viruses are capable of fixing …

Privacy Protection Framework With Defined Policies For Service-Oriented Architecture, David Allison, Miriam A M Capretz, Hany Elyamany, Shuying Wang

Miriam A M Capretz

Service-Oriented Architecture (SOA) is a computer systems design concept which aims to achieve reusability and inte-gration in a distributed environment through the use of autonomous, loosely coupled, interoperable abstractions known as services. In order to interoperate, communication between services is very important due to their autonomous nature. This communication provides services with their functional strengths, but also creates the opportunity for the loss of privacy. In this paper, a Privacy Protection Framework for Service-Oriented Architecture (PPFSOA) is described. In this framework, a Privacy Service (PS) is used in combination with privacy policies to create privacy contracts that out-line what can …