Cyber threat assessment via attack scenario simulation using an integrated adversary and network modeling approach

Existing research on cyber threat assessment focuses on analyzing the network vulnerabilities and producing possible attack graphs. Cyber attacks in real-world enterprise networks, however, vary significantly due to not only network and system configurations, but also the attacker’s strategies. This work proposes a cyber-based attacker behavior model (ABM) in conjunction with the Cyber Attack Scenario and Network Defense Simulator to model the interaction between the network and the attackers. The ABM leverages a knowledge-based design and factors in the capability, opportunity, intent, preference, and Cyber Attack Kill Chain integration to model various types of attackers. By varying the types of attackers and the network configurations, and simulating their interactions, we present a method to measure the overall network security against cyber attackers under different scenarios. Simulation results based on four attacker types on two network configurations are shown to demonstrate how different attacker behaviors may lead to different ways to penetrate a network, and how a single misconfiguration may impact network security.

Download Full-text

Cyber Threat Ransomware and Marketing to Networked Consumers

Handbook of Research on Innovations in Technology and Marketing for the Connected Consumer - Advances in Marketing, Customer Relationship Management, and E-Services ◽

10.4018/978-1-7998-0131-3.ch008 ◽

2020 ◽

pp. 155-185

Author(s):

Usman Javed Butt ◽

Maysam F. Abbod ◽

Arvind Kumar

Keyword(s):

Critical Infrastructure ◽

Computer Systems ◽

Cyber Attacks ◽

Competitive Market ◽

Cyber Attack ◽

Security Measures ◽

Global Competitiveness ◽

Modern Computer ◽

Water Cleaning ◽

Cyber Threat

Marketing is a process of creating, capturing, and exchanging ‘value' for the mutual benefits of marketers, customers, intermediaries, and other stakeholders. Such a transaction requires trust as it might be facing a range of online cyber risks. Modern cybercrimes have exponentially grown over the last decade. Ransomware is one of the types of malware which is the result of a sophisticated attempt to compromise the modern computer systems. The businesses, governments, and large corporations are investing heavily to combat this cyber threat against their critical infrastructure. New technological shifts help to improve marketing and business productivity and keep the company's global competitiveness in an overflowing competitive market. However, the businesses and the systems involved need security measures to protect integrity and availability which will help avoid any malfunctioning to their operations due to the cyber-attacks. There have been several cyber-attack incidents on several businesses such as healthcare, pharmaceutical, water cleaning, and energy sector.

Download Full-text

Hybrid Network Defense Model Based on Fuzzy Evaluation

The Scientific World JOURNAL ◽

10.1155/2014/178937 ◽

2014 ◽

Vol 2014 ◽

pp. 1-12 ◽

Cited By ~ 1

Author(s):

Ying-Chiang Cho ◽

Jen-Yi Pan

Keyword(s):

Network Security ◽

Test Subject ◽

Cyber Attacks ◽

Hybrid Network ◽

Security Architecture ◽

Fuzzy Evaluation ◽

Distributed Network ◽

Network Defense ◽

Security Technologies ◽

Defense Model

With sustained and rapid developments in the field of information technology, the issue of network security has become increasingly prominent. The theme of this study is network data security, with the test subject being a classified and sensitive network laboratory that belongs to the academic network. The analysis is based on the deficiencies and potential risks of the network’s existing defense technology, characteristics of cyber attacks, and network security technologies. Subsequently, a distributed network security architecture using the technology of an intrusion prevention system is designed and implemented. In this paper, first, the overall design approach is presented. This design is used as the basis to establish a network defense model, an improvement over the traditional single-technology model that addresses the latter’s inadequacies. Next, a distributed network security architecture is implemented, comprising a hybrid firewall, intrusion detection, virtual honeynet projects, and connectivity and interactivity between these three components. Finally, the proposed security system is tested. A statistical analysis of the test results verifies the feasibility and reliability of the proposed architecture. The findings of this study will potentially provide new ideas and stimuli for future designs of network security architecture.

Download Full-text

Hierarchical Multi-Stage Cyber Attack Scenario Modeling Based on G&E Model for Cyber Risk Simulation Analysis

Applied Sciences ◽

10.3390/app10041426 ◽

2020 ◽

Vol 10 (4) ◽

pp. 1426

Author(s):

Myung Kil Ahn ◽

Yong Hyun Kim ◽

Jung-Ryun Lee

Keyword(s):

Large Scale ◽

Simulation Analysis ◽

Cyber Attacks ◽

Cyber Attack ◽

Scenario Modeling ◽

Course Of Action ◽

Multi Stage ◽

Attack Scenario ◽

Analysis System ◽

Large Scale Networks

With the advancement in cyber-defense capabilities, cyber attacks have continued to evolve like living creatures to breach security. Assuming the possibility of various enemy attacks, it is necessary to select an appropriate course of action by proactively analyzing and predicting the consequences of a particular security event. Cyber attacks, especially in large-scale military network environments, have a fatal effect on security; therefore, various experiments and analyses must be conducted to establish the necessary preparations. Herein, we propose a hierarchical multi-stage cyber attack scenario modeling based on the goal and effect (G&E) model and analysis system, which enables expression of various goals of attack and damage effects without being limited to specific type. The proposed method is applicable to large-scale networks and can be utilized in various scenario-based cyber combat experiments.

Download Full-text

The Threat of Cyberattack in East Asia

Nepalese Journal of Management Science and Research ◽

10.53056/njmsr-2016001.11 ◽

2016 ◽

Vol 1 (1) ◽

Author(s):

Choakchai Eaimrittikrai

Keyword(s):

Political Economy ◽

Intellectual Property ◽

East Asia ◽

Intellectual Property Rights ◽

Value Added ◽

Cyber Attacks ◽

The Political ◽

Cyber Attack ◽

Knowledge Based ◽

Future Practice

As businesses rely, in most countries, increasingly on the knowledge-based and value-added components of their offerings to secure suitable demand, the pressure on their internal infrastructure to maintain security has intensified. The range of potential adversaries continues to increase as commercial opportunities from cyber-attacks on their connectivity networks increases in both scope and scale. This paper considers the types of cyber-attacks that are being faced by organizations across East Asia and places these in the context of the political-economy of contemporary intellectual property rights. It is argued that multiplying risks threaten to overwhelm those organizations not prepared to take the issue seriously and to respond to those threats with appropriate rigor. Some implications for future practice are also derived from the analysis. Keywords: Cyber attack, threat, political economy

Download Full-text

Impact of Cyber Threats to Nuclear Facility

International Journal of Computer and Information Technology(2279-0764) ◽

10.24203/ijcit.v9i6.49 ◽

2020 ◽

Vol 9 (6) ◽

Author(s):

Erasto Kayumbe ◽

Lucy Michael

Keyword(s):

Cyber Security ◽

Cyber Attacks ◽

Nuclear Materials ◽

Main Concern ◽

Cyber Attack ◽

Nuclear Facility ◽

Nuclear Facilities ◽

Cyber Threats ◽

Cyber Threat ◽

Threat Mitigation

International community has been traditionally focusing on physical threats to facilities and pass by the threat of a cyber attack on a facility. All the same, due to the growing threat posed by cyber attacks; cyber security is becoming indispensable component of nuclear facilities and it is setting up itself as a main concern for facility operators and national regulators. Consequently, ensuring the security of nuclear facilities is a considerable element, which gears at avoiding theft of nuclear materials and sabotage. For that reason, this paper was set to examine impact of cyber threats to nuclear facility. Specifically, the paper has examined cyber threats, cyber threats to nuclear facility, impact of cyber threats to nuclear facility. It is concluded that cyber threat to nuclear facility is growing despite numerous effort taken to offset the problem. Thus, there is a need either to design or improve available cyber threat mitigation procedure in order to tone down the problem.

Download Full-text

Cyber Attack and Defense Emulation Agents

Applied Sciences ◽

10.3390/app10062140 ◽

2020 ◽

Vol 10 (6) ◽

pp. 2140

Author(s):

Jeong Do Yoo ◽

Eunji Park ◽

Gyungmin Lee ◽

Myung Kil Ahn ◽

Donghwa Kim ◽

...

Keyword(s):

Network Security ◽

Threat Assessment ◽

Cyber Attack ◽

Test Results ◽

It Infrastructure ◽

Penetration Test ◽

Attack Patterns ◽

Manual Tasks ◽

Attack And Defense ◽

Multiple Attack

As the scale of the system and network grows, IT infrastructure becomes more complex and hard to be managed. Many organizations have a serious problem to manage their system and network security. In addition, vulnerabilities of hardware and software are increasing in number rapidly. In such a complex IT environment, security administrators need more practical and automated threat assessment methods to reduce their manual tasks. Adversary emulation based automated assessment is one of the solutions to solve the aforementioned problems because it helps to discover the attack paths and vulnerabilities to be exploited. However, it is still inefficient to perform the adversary emulation because adversary emulation requires well-designed attack scenarios created by security experts. Besides, a manual-based penetration test cannot be frequently performed. To overcome this limitation, we propose an adversary emulation framework composed of the red team and blue team agent. The red team agent carries out automated attacks based on the automatically generated scenarios by the proposed framework. The blue team agent deploys defense measures to react to the red team agent’s attack patterns. To test our framework, we test multiple attack scenarios on remote servers that have various vulnerable software. In the experiment, we show the red team agent can gain an administrator’s privilege from the remote side when the blue team agent’s intervention is not enabled. The blue team agent can successfully block the red team’s incoming attack when enabled. As a result, we show our proposed framework is beneficial to support routine threat assessment from the adversary’s perspective. It will be useful for security administrators to make security defense strategy based on the test results.

Download Full-text

The invisible hole of information on SMB's cybersecurity

Online Journal of Applied Knowledge Management ◽

10.36965/ojakm.2019.7(1)14-26 ◽

2019 ◽

Vol 7 (1) ◽

pp. 14-26

Author(s):

Ruti Gafni ◽

Tal Pavel

Keyword(s):

Mass Communication ◽

Cyber Attacks ◽

Communication Media ◽

Specific Information ◽

Exploratory Research ◽

Cyber Attack ◽

Public Attention ◽

Cyber Threats ◽

Accessible Information ◽

Types Of Information

Small and Medium Businesses (SMB) use Internet and computer-based tools in their daily processes, sometimes without being aware to the cyber threats, or without knowing how to be prepared in case of a cyber-attack, although they are a major target for cyber-attacks. Specific information about cybersecurity needed by SMBs, in order to cope with cyber threats, is not always available or easily accessible. In this study, a vast search of different types of information about SMBs’ cybersecurity was performed, in order to find whether a hole of accessible information exists in this area. This exploratory research covered general mass communication media channels, technological and professional cybersecurity websites, and academic journals, and found that indeed very few studies, articles and news items were published in this matter. Leveraging knowledge and awareness, diminishing the shame for reporting cyber-attacks, and increasing mass communication media interest and public attention, may be activities to cover this “invisible hole”.

Download Full-text

The Structure of Cyber Attacks

International Journal of Information Security and Cybercrime ◽

10.19107/ijisc.2020.01.06 ◽

2020 ◽

Vol 9 (1) ◽

pp. 43-52

Author(s):

Silviu-Elian MITRĂ

Keyword(s):

Mode Of Action ◽

Cyber Attacks ◽

Cyber Attack ◽

Computer Viruses ◽

Unique Mode ◽

External Sources

The objective of this portfolio is to ensure a good understanding of the topic of the complex and unique mode of action of cyber attacks, as well as the study of the ways in which they occur. The content of this portfolio includes from the beginning of computer viruses to the specific modern mechanisms of cyber attack undertaken by cybercriminals in order to cause detriment, but also theft or damage to certain information. Furthermore, this paper also provides essential aspects regarding the protection methods that users must undertake so that they can prevent and at the same time face these dangers specific to our age. In the elaboration of this study, there were used both personal methods, by applying my own knowledge accumulated through the study, and accessing external sources containing information necessary to complete the insufficiently analyzed problems. In essence, the elaboration of this study ensured the coverage of all relevant domains and aspects that are based on the structure and conception of cyber attacks, as well as in the manner provided by their action and manifestation.

Download Full-text

Building a Cybersecurity Culture in the Industrial Control System Environment

International Journal of Information Security and Cybercrime ◽

10.19107/ijisc.2019.01.05 ◽

2019 ◽

Vol 8 (1) ◽

pp. 39-44

Author(s):

Claudia ARAUJO MACEDO ◽

Jos MENTING

Keyword(s):

Control System ◽

Control Systems ◽

Cyber Attacks ◽

Cyber Attack ◽

Industrial Control System ◽

Security Measures ◽

Industrial Control ◽

Industrial Control Systems ◽

System A ◽

Educational Processes

Cybersecurity in industrial control system environments has become a significant concern and is even more relevant in the context of critical infrastructures where control system disruption could have a profound impact on health, safety and the environment. This makes this type of system a major target for malicious activities. Notwithstanding an organization’s interest in protecting its industrial control systems against cyber-attacks, the implementation of security measures, whether technical, organizational or human, still faces resistance and is often seen as a constraint. Using the best technology to protect industrial control systems makes no sense if persons with access do not act attentively and protectively. Technical and human cybersecurity measures are intrinsically linked, and it is essential that all persons with access to these systems are fully aware of the inherent cyber risks. Organizations must also act so that staff receive appropriate training on how to keep systems continuously protected against cyber-attack when carrying out their daily tasks. These educational processes can contribute to building an effective cybersecurity culture fully reflective of management and staff attitudes, so that the availability, integrity and confidentiality of information in industrial control systems can be assured.

Download Full-text

SARCP - Exploiting Cyber-Attack Prediction Through Socially-Aware Recommendation

International Journal of Decision Support System Technology ◽

10.4018/ijdsst.286691 ◽

2022 ◽

Vol 14 (1) ◽

pp. 0-0

Keyword(s):

Social Network ◽

Real World ◽

Cyber Security ◽

Betweenness Centrality ◽

Cyber Attacks ◽

Experimental Results ◽

Cyber Attack ◽

Defence Mechanisms ◽

Network Measure ◽

Recommender Algorithm

In the domain of cyber security, the defence mechanisms of networks has traditionally been placed in a reactionary role. Cyber security professionals are therefore disadvantaged in a cyber-attack situation due to the fact that it is vital that they maneuver such attacks before the network is totally compromised. In this paper, we utilize the Betweenness Centrality network measure (social property) to discover possible cyber-attack paths and then employ computation of similar personality of nodes/users to generate predictions about possible attacks within the network. Our method proposes a social recommender algorithm called socially-aware recommendation of cyber-attack paths (SARCP), as an attack predictor in the cyber security defence domain. In a social network, SARCP exploits and delivers all possible paths which can result in cyber-attacks. Using a real-world dataset and relevant evaluation metrics, experimental results in the paper show that our proposed method is favorable and effective.

Download Full-text