scholarly journals An Efficient Approach of Threat Hunting Using Memory Forensics

2020 ◽  
Vol 8 (5) ◽  
pp. 37-45 ◽  
Author(s):  
Danish Javeed ◽  
Muhammad Taimoor Khan ◽  
Ijaz Ahmad ◽  
Tahir Iqbal ◽  
Umar Mohammed Badamasi ◽  
...  
Keyword(s):  
Cyber Attacks ◽  
Main Memory ◽  
Malicious Code ◽  
Efficient Approach ◽  
Memory Forensics ◽  
Major Flaw ◽  
Threat Intelligence ◽  
Research Findings ◽  
Memory Codes

The capacity and occurrence of new cyber-attacks have shattered in recent years. Such measures have very complicated workflows and comprise multiple illegal actors and organizations. Threat hunting demonstrates the process of proactively searching through networks for threats based on zero-day attacks by repeating the hunting process again and again. Unlike threat intelligence, it uses different automated security tools to collect logs in order to provide a pattern for making new intelligence-based tools by following those logs. According to our research findings about “threat hunting tools” there’s a major flaw that the designed tools are limited to the collection of logs. It works completely on logs for generating new patterns avoiding system’s main memory. Codes written directly to memory fail this process to provide proactive hunting. To overcome this major challenge, we are proposing two distinct methods, either by generating malicious code alerts or by binding memory forensics processes with threat hunting tools to make active hunting possible

scholarly journals A Novel Approach to Cyber Hazard Management Intelligence System

2018 ◽  
Vol 7 (2.7) ◽  
pp. 473
Author(s):  
B Bala Bharathi ◽  
E Suresh Babu
Keyword(s):  
Cyber Attacks ◽  
Hazard Management ◽  
Intelligence System ◽  
Novel Approach ◽  
Threat Intelligence ◽  
Cyber Threat ◽  
Cyber Threat Intelligence ◽  
Consistent Information ◽  
A Company ◽  
Physical Address

Detecting and defending against insider and outsider threats seems to be a major challenge for information security system. such that cyber-attacks pose a silent threat for a company with a havoc likely to be in billions, besides slaughtering investor confidence and denting brand image. Long-established and ongoing solutions target mainly to assimilate many known threats in the form of consistent information such as logical & physical address, etc. into detection and blocking techniques. Our proposed solution elongates forward by using Cyber threat intelligence (CTI) which is used to inform decisions timely regarding subject response to the menance or hazard, where the vulnerable systems are identified using honeypot, through integration of logs for detecting network, host intrusions using SIEM technology which would efficiently manage the occurrence of threat by using cyber hazard management to mitigate the cyber threat actions, fortify incident response efforts and enhance your overall security posture.  

Active cyber defence strategies and techniques for banks and financial institutions

2020 ◽  
Vol 27 (3) ◽  
pp. 771-780
Author(s):  
Yorrick Creado ◽  
Vidyavati Ramteke
Keyword(s):  
Financial Institutions ◽  
Holistic Approach ◽  
Cyber Attacks ◽  
Research Approach ◽  
Content Type ◽  
Financial Firms ◽  
Threat Intelligence ◽  
Banking Institutions ◽  
Cyber Space ◽  
Defence Strategies

Purpose With the growing penetration of financial technology, financial firms and banking institutions have seen a rise in the volume of cyber-attacks in recent years. Cyber criminals are using more sophisticated techniques to beat traditional passive defences. The purpose of this paper is to explore, analyse and recommend various active cyber defence strategies and techniques that can be implemented by organizations in financial sector to secure and safeguard their assets and cyber space. Design/methodology/approach This paper adopts a secondary research approach on the various techniques that can be used effectively to adopt active cyber defence strategy. Findings Based on the existing strategies and techniques available and those being currently developed, this paper proposes a holistic approach that can be adopted by banks and financial institutions to secure their cyber space. This involves a combination of active and passive cyber defence techniques and effective threat intelligence. Originality/value The following paper has been checked for plagiarism and is within the acceptable standards for publishing in this journal. Appropriate references have been duly cited, and the formulation of the final recommendation is the original work of the authors.

scholarly journals Cyber Threat Intelligence and its Role in Proactive Incident Response

2017 ◽  
Author(s):  
Husam Hassan Ambusaidi ◽  
Dr. PRAKASH KUMAR UDUPI
Keyword(s):  
Early Detection ◽  
Cyber Security ◽  
Cyber Attacks ◽  
Incident Response ◽  
Cyber Threats ◽  
Threat Intelligence ◽  
Reliable Source ◽  
Cyber Threat ◽  
Cyber Threat Intelligence

Every day organizations are targeted by different and sophisticated cyber attacks. Most of these organizations are unaware that they are targeted and their networks are compromised. To detect the compromised networks the organizations need a reliable source of cyber threats information.  Many cyber security service vendors provide threat intelligence information to allow early detection of the cyber threats. This research will explore different type of cyber threat intelligence and its role in proactive incident response. The research study the threat intelligence features and how the threat feeds collected and then distributed.  The research studies the role of cyber threat intelligence in early detection of the threats.

Analysis of Cyber-Attacks Against the Transportation Sector

2018 ◽  
pp. 1384-1402
Author(s):  
Brett van Niekerk
Keyword(s):  
Information Sharing ◽  
Cyber Security ◽  
Power Grid ◽  
Tourism Industry ◽  
Cyber Attacks ◽  
Transport Infrastructure ◽  
Cyber Defense ◽  
Transportation Sector ◽  
Threat Intelligence ◽  
Security Incidents

For many countries the physical transport infrastructure is critical to the economy, with ports forming a gateway for the majority of trade, and rail and road used to distribute goods. Airlines are crucial to the tourism industry. Whilst the focus of cyber-defense is on financial networks and the power grid, recent incidents illustrate that the transport infrastructure is also susceptible to cyber-attacks. The chapter provides an overview of cyber-security incidents related to the transportation sector, and analyses the reports of the incidents to illustrate the prevalence of threat types and impact. The chapter then discusses some efforts to mitigate the threats in terms of regulations, threat intelligence and information sharing, and awareness training.

scholarly journals Sharing Machine Learning Models as Indicators of Compromise for Cyber Threat Intelligence

2021 ◽  
Vol 1 (1) ◽  
pp. 140-163
Author(s):  
Davy Preuveneers ◽  
Wouter Joosen
Keyword(s):  
Machine Learning ◽  
Cyber Security ◽  
Cyber Attacks ◽  
Learning Models ◽  
Security Threat ◽  
Fine Grained ◽  
Threat Intelligence ◽  
Cyber Threat ◽  
Cyber Threat Intelligence ◽  
Machine Learning Models

Cyber threat intelligence (CTI) sharing is the collaborative effort of sharing information about cyber attacks to help organizations gain a better understanding of threats and proactively defend their systems and networks from cyber attacks. The challenge that we address is the fact that traditional indicators of compromise (IoC) may not always capture the breath or essence of a cyber security threat or attack campaign, possibly leading to false alert fatigue and missed detections with security analysts. To tackle this concern, we designed and evaluated a CTI solution that complements the attribute and tagging based sharing of indicators of compromise with machine learning (ML) models for collaborative threat detection. We implemented our solution on top of MISP, TheHive, and Cortex—three state-of-practice open source CTI sharing and incident response platforms—to incrementally improve the accuracy of these ML models, i.e., reduce the false positives and false negatives with shared counter-evidence, as well as ascertain the robustness of these models against ML attacks. However, the ML models can be attacked as well by adversaries that aim to evade detection. To protect the models and to maintain confidentiality and trust in the shared threat intelligence, we extend our previous research to offer fine-grained access to CP-ABE encrypted machine learning models and related artifacts to authorized parties. Our evaluation demonstrates the practical feasibility of the ML model based threat intelligence sharing, including the ability of accounting for indicators of adversarial ML threats.

Stuxnet-Tool for Zero-Day Attack

2021 ◽  
pp. 652-675
Author(s):  
Anita Patil ◽  
Swapnil Shinde ◽  
Soumi Banerjee
Keyword(s):  
Risk Factors ◽  
Operating System ◽  
False Alarm ◽  
Preventive Measures ◽  
Cyber Attacks ◽  
Malicious Code ◽  
Programmable Logic ◽  
Programmable Logic Controllers ◽  
Logic Controllers

Stuxnet is a malicious code used to exploit multiple unpatched Windows vulnerabilities and infect end devices. It was very sophistically used by attackers to infect computers that are connected to specific models of Programmable Logic Controllers (PLCs) manufactured by Siemens. The stuxnet worm alters the PLCs' programming and raises a false alarm to machines, which leads to an accident. The worm uses zero-day vulnerabilities in the Windows operating system, and because of that, it remains undetected by the antivirus programs. The attacker attempts to breach the vulnerabilities in hardware systems and breaks the infrastructure, which leads to a watering hole attack. Thus, this chapter explores the different possibilities of the stuxnet-based cyber-attacks and their risk factors. The chapter represents an analysis that is performed on the different patterns of attacks, and its preventive measures are also proposed.

Sign in / Sign up

Export Citation Format

Share Document