检索结果-内蒙古大学图书馆

16th European Conference on cyber Warfare and security, ECCWS 2017

作者： Duvenage, Petrus Sithole, Thenjiwe Von Solms, Sebastian Academy of Computer Science and Software Engineering University of Johannesburg South Africa Centre for Cyber Security University of Johannesburg South Africa

ISBN: (纸本)9781911218432

For those connecting the dots, major cyber breaches continue to affirm the necessity of having cyber counterintelligence (CCI) at the core of a proactive cybersecurity approach. While practitioners and executives engaging highend adversaries in the 'real world' are progressively warming up to the opportunities CCI presents, the mentioning of 'theory' is likely to evoke a cool response. Theory is typically regarded as abstract thinking that has little bearing on, or use in, 'real world' cybersecurity trenches. Theory may even be deemed to be the opposite of practice. This is of course not the case-theory is highly relevant to practice and practice ought to inform theory. In the words of Lewin (as cited by Greenwald 2012): "There is nothing so practical as a good theory." Especially for a field as complex as CCI, effective practice presupposes a sound theoretical foundation. The price for poor CCI theory will ultimately be paid through more costly failures and damaging breaches. Theoretical constructs are thus clearly not 'nice to have' academic 'toys'. These constructs, which include frameworks and models, condition our thinking and our approach to practice. In addition to its application to practice, theory should of course also be at the heart of academic disciplines and fields. Herein lies the challenge-as an emerging multidisciplinary academic field, CCI is in its infancy. Given CCI's incipient status, one of the priority agenda items ought to be a conceptual framework that (albeit tentatively) delineates and provides a coherent view of the research object-i.e. CCI. This conceptual framework can furthermore systemise existing knowledge and provide a scaffold for further research. Equally important, it can be an instrument to explain to diverse audiences what CCI is and how it works. Clearly then, a conceptual framework for CCI is theory that really matters. This paper's primary aim is to advance the outlines of such a conceptual Framework for CCI (FCCI). Our FCCI

关键词： cybersecurity

来源：评论

学校读者我要写书评

暂无评论

Cultivating a cyber counterintelligence maturity model 16

Cultivating a cyber counterintelligence maturity model

引用

16th European Conference on cyber Warfare and security, ECCWS 2017

作者： Jaquire, Victor Von Solms, Sebastiaan Academy of Computer Science and Software Engineering University of Johannesburg South Africa Centre for Cyber Security University of Johannesburg South Africa

ISBN: (纸本)9781911218432

Just as the utilisation of cyberspace became more mainstream, intricate and advanced during the past decade, so did the intricacy and advancement of threats mature-paralleling the conveniences and essentials that cyberspace provide. It is now vigorously recognised that traditional approaches to cyber defence have become deficient [Heckman et al, 2012]. The respected solutions that we loyally hanged on to throughout the decades, trusting them to defend our environments are no longer sufficient. Unyielding breaches and cyber-attacks are relentlessly intensifying and becoming the order of the day [PWC, 2015]. Farchi [2016] argues that "Staying vulnerable while waiting for a security patch from your software vendor is an anachronistic method that won't survive this new world". This notion corresponds with Bodmer [2012] who stresses that "Just as intelligence organisations are tracking the activities of terrorist cells trying to stop them before they take action, going after the malicious attackers before they are able to commit attacks is the desired approach". This article flows from, and builds on previous discussions and publications with regard to the concept of a maturity model for cyber counterintelligence (CCI). It aims to also resonate with and add to previous publications and maturing debates through the proposition of cultivating and implementing such model. It explores the notion of a CCI maturity model and argues that cybersecurity can be intensified-and will be more effective when incorporating a dedicated focus on defensive, offensive, passive and active measures in a multi-disciplinary and integrated CCI approach. The article provides a brief look at the benefits that the implementation of such a model hold for both government and the private sector. It deliberates on the need for cyber counterintelligence (CCI) practices in conjunction with traditional defensive and/or offensive cyber measures within both government and the private sector (business). It

关键词： cybersecurity

来源：评论

学校读者我要写书评

暂无评论

Measurement and Analysis of the Reviews in Airbnb

Measurement and Analysis of the Reviews in Airbnb

引用

IFIP Networking Conference

作者： Qian Zhou Yang Chen Chuanhao Ma Fei Li Yu Xiao Xin Wang Xiaoming Fu Engineering Research Center of Cyber Security Auditing and Monitoring Ministry of Education China Department of Communications and Networking Aalto University Finland Institute of Computer Science University of Goettingen Germany

ISBN: (纸本)9781538662809;9783903176089

Airbnb, a recently emerged online lodging service that allows house and apartment dwellers to lease out their premises to short-term renters like tourists, is reconstructing the value chain of the traditional hotel industry. It works as a platform that connects hosts and travelers and facilities their interaction and exchange. Studying this service could shed light on understanding the emerging sharing economy from a user-centric perspective. In this work, we collect the profiles of 43.8 million Airbnb users, and analyze the reviews they published online. We model the interactions between Airbnb users using a review graph, and study their mobility patterns by investigating their reviews. To the best of our knowledge, our work is the first measurement study of massive Airbnb users on a global scale, and it provides insights of their activities in both cyberspace and the physical world.

关键词： Correlation Atmospheric modeling Economic indicators Sentiment analysis Sociology computer science

来源：评论

学校读者我要写书评

暂无评论

A game-theoretic analysis of shard-based permissionless blockchains

arXiv

引用

arXiv 2018年

作者： Manshaei, Mohammad Hossein Jadliwala, Murtuza Maiti, Anindya Fooladgar, Mahdi Department of Electrical and Computer Engineering Isfahan University of Technology Iran Department of Computer Science University of Texas San Antonio United States Institute for Cyber Security University of Texas San Antonio United States

Low transaction throughput and poor scalability are significant issues in public blockchain consensus protocols such as Bitcoins. Recent research efforts in this direction have proposed shard-based consensus protocols where the key idea is to split the transactions among multiple committees (or shards), which then process these shards or set of transactions in parallel. Such a parallel processing of disjoint sets of transactions or shards by multiple committees significantly improves the overall scalability and transaction throughout of the system. However, one significant research gap is a lack of understanding of the strategic behavior of rational processors within committees in such shard-based consensus protocols. Such an understanding is critical for designing appropriate incentives that will foster cooperation within committees and prevent free-riding. In this paper, we address this research gap by analyzing the behavior of processors using a game-theoretic model, where each processor aims at maximizing its reward at a minimum cost of participating in the protocol. We first analyze the Nash equilibria in an Nplayer static game model of the sharding protocol. We show that depending on the reward sharing approach employed, processors can potentially increase their payoff by unilaterally behaving in a defective fashion, thus resulting in a social dilemma. In order to overcome this social dilemma, we propose a novel incentive-compatible reward sharing mechanism to promote cooperation among processors. Our numerical results show that achieving a majority of cooperating processors (required to ensure a healthy state of the blockchain network) is easier to achieve with the proposed incentive-compatible reward sharing mechanism than with other reward sharing mechanisms. Copyright © 2018, The Authors. All rights reserved.

关键词： Blockchain

来源：评论

学校读者我要写书评

暂无评论

Finding global optima in nonconvex stochastic semide finite optimization with variance reduction

arXiv

引用

arXiv 2018年

作者： Zeng, Jinshan Ma, Ke Yao, Yuan School of Computer Information Engineering Jiangxi Normal University Department of Mathematics Hong Kong University of Science and Technology State Key Laboratory of Information Security Institute of Information Engineering Chinese Academy of Sciences School of Cyber Security University of Chinese Academy of Sciences

There is a recent surge of interest in nonconvex reformulations via low-rank factorization for stochastic convex semide finite optimization problem in the purpose of efficiency and scalability. Compared with the original convex formulations, the nonconvex ones typically involve much fewer variables, allowing them to scale to scenarios with millions of variables. However, it opens a new challenge that under what conditions the nonconvex stochastic algorithms may find the global optima effectively despite their empirical success in applications. In this paper, we provide an answer that a stochastic gradient descent method with variance reduction, can be adapted to solve the nonconvex reformulation of the original convex problem, with a global linear convergence, i.e., converging to a global optimum exponentially fast, at a proper initial choice in the restricted strongly convex case. Experimental studies on both simulation and real-world applications on ordinal embedding are provided to show the effectiveness of the proposed algorithms. Copyright © 2018, The Authors. All rights reserved.

关键词： Stochastic systems

来源：评论

学校读者我要写书评

暂无评论

A cyber kill chain based taxonomy of banking trojans for evolutionary computational intelligence

arXiv

引用

arXiv 2018年

作者： Kiwia, Dennis Dehghantanha, Ali Choo, Kim-Kwang Raymond Slaughter, Jim Department of Computer Science School of Computing Science and Engineering University of Salford United Kingdom Department of Information Systems and Cyber Security University of Texas at San Antonio San AntonioTX78249 United States

Malware such as banking Trojans are popular with financially-motivated cybercriminals. Detection of banking Trojans remains a challenging task, due to the constant evolution of techniques used to obfuscate and circumvent existing detection and security solutions. Having a malware taxonomy can facilitate the design of mitigation strategies such as those based on evolutionary computational intelligence. Specifically, in this paper, we propose a cyber kill chain based taxonomy of banking Trojans features. This threat intelligence based taxonomy providing a stage-by-stage operational understanding of a cyber-attack, can be highly beneficial to security practitioners and the design of evolutionary computational intelligence on Trojans detection and mitigation strategy. The proposed taxonomy is validated by using a real-world dataset of 127 banking Trojans collected from December 2014 to January 2016 by a major UK-based financial organisation. Copyright © 2018, The Authors. All rights reserved.

关键词： Taxonomies

来源：评论

学校读者我要写书评

暂无评论

Towards Privacy-preserving Incentive for Mobile Crowdsensing Under An Untrusted Platform

Towards Privacy-preserving Incentive for Mobile Crowdsensing...

引用

IEEE Annual Joint Conference: INFOCOM, IEEE computer and Communications Societies

作者： Zhibo Wang Jingxin Li Jiahui Hu Ju Ren Zhetao Li Yanjun Li State Key Laboratory for Novel Software Technology Nanjing University P. R. China Key Laboratory of Aerospace Information Security and Trusted Computing Ministry of Education School of Cyber Science and Engineering Wuhan University P. R. China School of Information Science and Engineering Central South University P. R. China Key Laboratory of Intelligent Computing & Information Processing of Ministry of Education College of Information Engineering Xiangtan University P. R. China School of Computer Science and Technology Zhejiang University of Technology P. R. China

Reverse auction-based incentive mechanisms have been commonly proposed to stimulate mobile users to participate in crowdsensing, where users submit bids to the platform to compete for tasks. Recent works pointed out that bid is a private information which can reveal sensitive information of users (e.g., location privacy), and proposed bid-preserving mechanisms with differential privacy against inference attack. However, all these mechanisms rely on a trusted platform, and would fail in bid protection completely when the platform is untrusted (e.g., honest-but-curious). In this paper, we focus on the bid protection problem in mobile crowdsensing with an untrusted platform, and propose a novel privacy-preserving incentive mechanism to protect users' true bids against the honest-but-curious platform while minimizing the social cost of winner selection. To this end, instead of uploading the true bid to the platform, a differentially private bid obfuscation function is designed with the exponential mechanism, which helps each user to obfuscate bids locally and submit obfuscated task-bid pairs to the platform. The winner selection problem with the obfuscated task-bid pairs is formulated as an integer linear programming problem and proved to be NP-hard. We consider the optimization problem at two different scenarios, and propose a solution based on Hungarian method for single measurement and a greedy solution for multiple measurements, respectively. The proposed incentive mechanism is proved to satisfy ε-differential privacy, individual rationality and γ-truthfulness. The extensive experiments on a real-world data set demonstrate the effectiveness of the proposed mechanism against the untrusted platform.

关键词： Task analysis Privacy Differential privacy Sensors Mobile handsets Cryptography Integer linear programming

来源：评论

学校读者我要写书评

暂无评论

Modeling attack process of advanced persistent threat using network evolution

Modeling attack process of advanced persistent threat using ...

引用

作者： Niu, Weina Zhang, Xiaosong Yang, Guowu Chen, Ruidong Wang, Dong School of Computer Science and Engineering University of Electronic Science and Technology of China Chengdu China Center for Cyber Security University of Electronic Science and Technology of China Chengdu China

Advanced Persistent Threat (APT) is one of the most serious network attacks that occurred in cyberspace due to sophisticated techniques and deep concealment. Modeling APT attack process can facilitate APT analysis, detection, and prediction. However, current techniques focus on modeling known attacks, which neither reflect APT attack dynamically nor take human factors into considerations. In order to overcome this limitation, we propose a Targeted Complex Attack Network (TCAN) model for APT attack process based on dynamic attack graph and network evolution. Compared with current models, our model addresses human factors by conducting a two-layer network structure. Meanwhile, we present a stochastic model based on states change in the target network to specify nodes involved in the procedure of this APT. Besides, our model adopts time domain to expand the traditional attack graph into dynamic attack network. Our model is featured by flexibility, which is proven through changing the related parameters. In addition, we propose dynamic evolution rules based on complex network theory and characteristics of the actual attack scenarios. Finally, we elaborate a procedure to add nodes by a matrix operation. The simulation results show that our model can model the process of attack effectively. Copyright © 2017 The Institute of Electronics, Information and Communication Engineers.

关键词： Time domain analysis

来源：评论

学校读者我要写书评

暂无评论

AClog: Attack Chain Construction Based on Log Correlation

AClog: Attack Chain Construction Based on Log Correlation

引用

IEEE Global Communications Conference

作者： Teng Li Jianfeng Ma Qingqi Pei Yulong Shen Chi Lin Siqi Ma Mohammad S. Obaidat School of Cyber Engineering Xidian University Shaanxi China Shaanxi Key Laboratory of BlockChain and Security Computing Xidian University Shaanxi China School of Computer Science Xidian University Shaanxi China School of Software Technology Dalian University of Technology Dalian China Commonwealth Scientific and Industrial Research Organisation Sydney Australia College of Computing and Informatics University of Sharjah UAE University of Jordan Jordan Nazarbayev University Kazakhstan University of Science and Technology Beijing China

ISBN: (数字)9781728109626

ISBN: (纸本)9781728109633

Before the final attack happens, clandestine attackers conduct sequenced stages for being stealthy and elusive. These attacks can leave clues in several different log files. However existing approaches can only detect the anomalies using single type of log and fail to reveal all of the attack steps through log integration and correlation. Such methods can hardly detect the relationships among events and prevent the attack in advance. Additionally, traditional machine learning or data mining in log analysis has a high overhead in computing which is impractically applied in a real product or system. To address these problems, we present AClog, a multiple log correlated analysis system to construct the attack chain. Inspired by penetration testing and social network analysis, we transfer the attack provenance as an event relationship discover problem. We use different logs to form the steps of the system and regard them as the event sequences before the attack. Then, we leverage Fast Linear SVM and Longest Common Subsequences to find out the regular steps before the attack. Finally, we spot the corresponding log sequences to identify the pre-attack steps proactively. We apply our approach in the attack prediction of a cloud computing platform and a university network. The results show that the proposed method can effectively and precisely construct the attack steps and identify the corresponding syslogs.

关键词： Correlation Clustering algorithms Support vector machines Windows

来源：评论

学校读者我要写书评

暂无评论

Improving the accuracy of automated facial age estimation to aid CSEM investigations

引用

Digital Investigation 2019年 28卷 S142-S142页

作者： Felix Anda David Lillis Aikaterini Kanta Brett Becker Elias Bou-Harb Nhien An Le Khac Mark Scanlon Forensics and Security Research Group University College Dublin Ireland Cyber Threat Intelligence Laboratory College of Engineering and Computer Science Florida Atlantic University USA

来源：评论

学校读者我要写书评

暂无评论

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案：

请选择收藏分类：

通借通还

建议与咨询 留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案： 新增检索档案 确定 取消

请选择收藏分类： 新增自定义分类 确定 取消

通借通还

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

请选择保存的检索档案：

请选择收藏分类：