Designing and Evaluating an Automatic Forensic Model for Fast Response of Cross-border E-commerce Security Incidents

The rapid development of cross-border e-commerce over the past decade has accelerated the integration of the global economy. At the same time, cross-border e-commerce has increased the prevalence of cybercrime, and the future success of e-commerce depends on enhanced online privacy and security. However, investigating security incidents is time- and cost-intensive as identifying telltale anomalies and the source of attacks requires the use of multiple forensic tools and technologies and security domain knowledge. Prompt responses to cyber-attacks are important to reduce damage and loss and to improve the security of cross-border e-commerce. This article proposes a digital forensic model for first incident responders to identify suspicious system behaviors. A prototype system is developed and evaluated by incident response handlers. The model and system are proven to help reduce time and effort in investigating cyberattacks. The proposed model is expected to enhance security incident handling efficiency for cross-border e-commerce.

Designing and Evaluating an Automatic Forensic Model for Fast Response of Cross-Border E-Commerce Security Incidents

The rapid development of cross-border e-commerce over the past decade has accelerated the integration of the global economy. At the same time, cross-border e-commerce has increased the prevalence of cybercrime, and the future success of e-commerce depends on enhanced online privacy and security. However, investigating security incidents is time- and cost-intensive as identifying telltale anomalies and the source of attacks requires the use of multiple forensic tools and technologies and security domain knowledge. Prompt responses to cyber-attacks are important to reduce damage and loss and to improve the security of cross-border e-commerce. This article proposes a digital forensic model for first incident responders to identify suspicious system behaviors. A prototype system is developed and evaluated by incident response handlers. The model and system are proven to help reduce time and effort in investigating cyberattacks. The proposed model is expected to enhance security incident handling efficiency for cross-border e-commerce.

Age and Gender Impact on Password Hygiene

Password hygiene plays an essential part in securing systems protected with single-factor authentication. A significant fraction of security incidents happen due to weak or reused passwords. The reasons behind differences in security vulnerable behaviour between various user groups remains an active research topic. The paper aims to identify the impact of age and gender on password strength using a large password dataset. We recovered previously hashed passwords of 102,120 users from a leaked customer database of a car-sharing company. Although the measured effect size was small, males significantly had stronger passwords than females for all age groups. Males aged 26–45 were also significantly different from all other groups, and password complexity decreased with age for both genders equally. Overall, very weak password hygiene was observed, 72% of users based their password on a word or used a simple sequence of digits, and passwords of over 39% of users were found in word lists of previous leaks.

Achieving a Security Culture

A security culture can be a competitive advantage when employees uphold strong values for the protection of information and exhibit behavior that is in compliance with policies, thereby introducing minimal incidents and breaches. The security culture in an organization might, though, not be similar among departments, job levels, or even generation groups. It can pose a risk when it is not conducive to the protection of information and when security incidents and breaches occur due to employee error or negligence. This chapter aims to give organizations an overview of the concept of security culture, the factors that could influence it, an approach to assess the security culture, and to prioritize and tailor interventions for high-risk areas. The outcome of the security culture assessment can be used as input to define security awareness, training, and education programs aiding employees to exhibit behavior that is in compliance with security policies.

EXPERIMENTAL EVALUATION OF THE DETECTION OF ANOMALIES IN A COMPUTER NETWORK

В статье рассматривается оптимизированный подход к контролю инцидентов информационной безопасности компьютерной сети и обнаружению аномалий. Обоснована необходимость использования алгоритма «усечения» полного множества факторов нарушения политики информационной безопасности. The article considers an optimized approach to monitoring computer network information security incidents and detecting anomalies. The necessity of using the algorithm of «truncation» of the full set of factors of violation of the information security policy is justified.

Human Factors in Cybersecurity

Technological solutions in the mobile and digital era are becoming more helpful in informing the population, educational systems, monitoring, tracking the individuals, working, and spending time from home. On the other hand, the valuable information within such systems is posed to the risk of breaches at the individual and organizational level. As a result, cyber threats are constantly evolving. Many security incidents and data breaches are associated with the human factor. Respectively, this work highlights the importance of human factors in cybersecurity. Firstly, this article gives a brief overview of the topic and its significance. Then we present the most common risks in the cybersecurity field and their impacts. The third part emphasizes the role of human factors in security and elaborates on the behavioral approaches. Our conclusions are drawn in the last detail. To further our research, we plan to investigate behavioral science theories on understanding the influence of human factors in cybersecurity.

Detection of illicit cryptomining using network metadata

Illicit cryptocurrency mining has become one of the prevalent methods for monetization of computer security incidents. In this attack, victims’ computing resources are abused to mine cryptocurrency for the benefit of attackers. The most popular illicitly mined digital coin is Monero as it provides strong anonymity and is efficiently mined on CPUs.Illicit mining crucially relies on communication between compromised systems and remote mining pools using the de facto standard protocol Stratum. While prior research primarily focused on endpoint-based detection of in-browser mining, in this paper, we address network-based detection of cryptomining malware in general. We propose XMR-Ray, a machine learning detector using novel features based on reconstructing the Stratum protocol from raw NetFlow records. Our detector is trained offline using only mining traffic and does not require privacy-sensitive normal network traffic, which facilitates its adoption and integration.In our experiments, XMR-Ray attained 98.94% detection rate at 0.05% false alarm rate, outperforming the closest competitor. Our evaluation furthermore demonstrates that it reliably detects previously unseen mining pools, is robust against common obfuscation techniques such as encryption and proxies, and is applicable to mining in the browser or by compiled binaries. Finally, by deploying our detector in a large university network, we show its effectiveness in protecting real-world systems.

Raising Awareness about Cloud Security in Industry through a Board Game

Today, many products and solutions are provided on the cloud; however, the amount and financial losses due to cloud security incidents illustrate the critical need to do more to protect cloud assets adequately. A gap lies in transferring what cloud and security standards recommend and require to industry practitioners working in the front line. It is of paramount importance to raise awareness about cloud security of these industrial practitioners. Under the guidance of design science paradigm, we introduce a serious game to help participants understand the inherent risks, understand the different roles, and encourage proactive defensive thinking in defending cloud assets. In our game, we designed and implemented an automated evaluator as a novel element. We invite the players to build defense plans and attack plans for which the evaluator calculates success likelihoods. The primary target group is industry practitioners, whereas people with limited background knowledge about cloud security can also participate in and benefit from the game. We design the game and organize several trial runs in an industrial setting. Observations of the trial runs and collected feedback indicate that the game ideas and logic are useful and provide help in raising awareness of cloud security in industry. Our preliminary results share insight into the design of the serious game and are discussed in this paper.

Safety Protection Technology of Power Monitoring System Based on Feature Extraction Algorithm

The network security protection technology of power monitoring systems is of great significance. Aiming at the power network monitoring and protection technology problem, the paper proposes an active monitoring and protection strategy based on a feature extraction algorithm. The algorithm can calculate the transfer degree of security incidents based on evidence theory. First, the paper obtains a specific state transition diagram based on the security topology of a generalized random power communication network. Then, we analyze the relationship between power system information security and engineering security based on the system’s operating results and feature extraction algorithms. The experimental results demonstrate the rapid effectiveness of this method.