Knowing the unknown: The hunting loop

There are several ways to improve an organization’s cybersecurity protection against intruders. One of the ways is to proactively hunt for threats, i.e., threat hunting. Threat Hunting empowers organizations to detect the presence of intruders in their environment. It identifies and searches the tactics, techniques, and procedures (TTP) of the attackers to find them in the environment. To know what to look for in the collected data and environment, it is required to know and understand the attacker's TTPs. An attacker's TTPs information usually comes from signatures, indicators, and behavior observed in threat intelligence sources. Traditionally, threat hunting involves the analysis of collected logs for Indicator of Compromise (IOCs) through different tools. However, network and security infrastructure devices generate large volumes of logs and can be challenging to analyze thus leaving gaps in the detection process. Similarly, it is very difficult to identify the required IOCs and thus sometimes makes it difficult to hunt the threat which is one of the major drawbacks of the traditional threat hunting processes and frameworks. To address this issue, intelligent automated processes using machine learning can improve the threat hunting process, that will plug those gaps before an attacker can exploit them. This paper aims to propose a machine learning-based threat-hunting model that will be able to fill the gaps in the threat detection process and effectively detect the unknown adversaries by training the machine learning algorithms via extensive datasets of TTPs and normal behavior of the system and target environment. The model is comprised of five main stages. These are Hypotheses Development, Equip, Hunt, Respond and Feedback stages. This threat hunting model is a bit ahead of the traditional models and frameworks by employing machine learning algorithms.

Digital Postal Operator as an Important Element of the National Energy Security System

This article presents a solution that strengthens information security in critical infrastructure entities. Critical infrastructure plays a key role in the functioning of the state and the life of its citizens. Therefore, the protection of critical infrastructure is one of priorities in Poland. The aim of this article is to show that designated postal operators may become an important link in the process of information flow and cybersecurity. Based on their multiple-year experience and expended competences, the operators may provide digital services for entities responsible for the energy security infrastructure. Verification of this goal is necessary, since critical infrastructure is exposed to growing threats, both in the area of energy and other sensitive sectors of the economy. Research results presented in the article were obtained by conducting a CATI survey. The study used the purposeful selection method, which allows to influence the structure of a sample in the context of goals set by the authors. The method solicited key information from experts on postal and energy markets. The results constitute a new approach to the role of the designated postal operator. The authors analysed possibilities to support entities that secure critical infrastructure, including those from the energy sector. It shows that the role of the designated postal operator may significantly change. Taking into account the security of information and cybersecurity, the postal operator could expand its competences, secure infrastructure-related information flow, and thus become a key pillar of the state.

Protection of Critical Infrastructure Facilities as a Component of the National Security

The issue of protecting critical infrastructure as one of the components of national security is analyzed. The following methods were used in the study: bibliographic, dialectical, empirical, and theoretical, comparative, and legal. The essence of the term "critical infrastructure” is explained both according to the opinions of scientists and from the very position of the authors of the article. The importance of proper protection and proper functioning of infrastructure in Ukraine is well founded. It emphasizes the fact that for many years the issue of the importance of protecting critical infrastructure has been almost forgotten and is not relevant to the governing bodies of the state. In addition, this situation applies to many other countries in the world. The current situation shows that there are countries that, despite being among the most prosperous and innovative, did not pay attention to their situation with their own security infrastructure. It is concluded that, based on a comparative analysis of international experience, in addition to exploring the peculiarities of national realities, the article proposed measures to improve the internal state of protection of critical infrastructure.

Identifikasi Keragaman Penyediaan Sarana Prasarana pada Perumahan Peri-Urban Kabupaten Sleman

Title: Diversity Identification of Infrastructure Provision in Peri-Urban Housing Sleman Regency The procurement of housing infrastructure has been regulated through SNI 03-1733-2004. However, in the field, developers have their own considerations and creativity in providing them. The diversity of provision raises the problem of equal public access to infrastructure. This study aims to identify the diversity of housing infrastructure provision in Sleman Regency. The research used deductive-qualitative method. The analysis was carried out through the stages of data grouping, housing type analysis, analysis of infrastructure availability and comparative analysis. The results showed different provision between small-scale and medium-scale housing. Basic infrastructure is the top priority and security infrastructure is the second priority. Variations are found in amenities and health facilities and the least provided are religious and educational facilities.

Comprehensive Examination of Network Intrusion Detection Models on Data Science

The increased requirement of data science in recent times has given rise to the concept of data security, which has become a major issue; thus, the amalgamation of data science methodology with intrusion detection systems as a field of research has acquired a lot of prominence. The level of access to the information system and its visibility to user pursuit was required to operate securely. Intrusion detection has been gaining popularity in the area of data science to incorporate the overall information security infrastructure, where regular operations depend upon shared use of information. The problems are to build an intrusion detection system efficient enough for detecting attacks and to reduce the false positives with a high detection rate. In this paper, the authors analyse various techniques of intrusion detection combined with data science, which will help in understanding the best fit technique under different circumstances.

From keyboard to cloud-base network revamped data lifecycle cybersecurity

This paper review seeks to identify the need for a revamped data life cycle security in the era of pervasive threat from skill cyber criminals at this time of internet of things. The motivation is to fill the knowledge gap by presenting some of the ways of data leakages and the likely protection in the organization. The aim is to present a good practice that encourages data confidentiality, acceptable use policy, knowledge of personnel and physical security policy. The building blocks of information security infrastructure across the entire organization is implemented by Enterprise Security Architecture. Rather than focus on individual functional and non-functional components in an individual application, it focuses on a strategic design for a set of security services that can be leveraged by multiple applications, systems, or business processes.

Energy, Communication, Health, Irrigation and Security Infrastructure and its impact on Household Poverty in Pakistan: A Case Study of District Rajanpur, Punjab

Infrastructure plays a pivotal role in economic development and for reduction of Households Poverty. The present study aims at investigating the effect of various kinds of infrastructure like Energy, Communication, Health, Irrigation, and Security on Households Poverty in one of the most under-developed districts of Pakistan namely Rajanpur. The survey was conducted for this purpose in the rural and urban areas and the researchers were successful to collect primary data from 300 households. The outcome of logistic regression suggests that Infrastructure in its various kinds i.e. Energy, Communication, Health, Irrigation, and Security are found as sources of lower Households Poverty. Moreover, Age, Education, Income, and value of assets tend to reduce Households poverty while Households poverty is increasing due to large family size and in urban areas of District Rajanpur. It is suggested that Government should give special attention to the provision of 5G internet technologies, access to clean drinking water, and disbursal of soft loans for the solar systems for the under-developed districts of Pakistan.

EconLedger: A Proof-of-ENF Consensus Based Lightweight Distributed Ledger for IoVT Networks

The rapid advancement in artificial intelligence (AI) and wide deployment of Internet of Video Things (IoVT) enable situation awareness (SAW). The robustness and security of IoVT systems are essential for a sustainable urban environment. While blockchain technology has shown great potential in enabling trust-free and decentralized security mechanisms, directly embedding cryptocurrency oriented blockchain schemes into resource-constrained Internet of Video Things (IoVT) networks at the edge is not feasible. By leveraging Electrical Network Frequency (ENF) signals extracted from multimedia recordings as region-of-recording proofs, this paper proposes EconLedger, an ENF-based consensus mechanism that enables secure and lightweight distributed ledgers for small-scale IoVT edge networks. The proposed consensus mechanism relies on a novel Proof-of-ENF (PoENF) algorithm where a validator is qualified to generate a new block if and only if a proper ENF-containing multimedia signal proof is produced within the current round. The decentralized database (DDB) is adopted in order to guarantee efficiency and resilience of raw ENF proofs on the off-chain storage. A proof-of-concept prototype is developed and tested in a physical IoVT network environment. The experimental results validated the feasibility of the proposed EconLedger to provide a trust-free and partially decentralized security infrastructure for IoVT edge networks.