AutoProfile: Towards Automated Profile Generation for Memory Analysis

Despite a considerable number of approaches that have been proposed to protect computer systems, cyber-criminal activities are on the rise and forensic analysis of compromised machines and seized devices is becoming essential in computer security. This article focuses on memory forensics, a branch of digital forensics that extract artifacts from the volatile memory. In particular, this article looks at a key ingredient required by memory forensics frameworks: a precise model of the OS kernel under analysis, also known as profile . By using the information stored in the profile, memory forensics tools are able to bridge the semantic gap and interpret raw bytes to extract evidences from a memory dump. A big problem with profile-based solutions is that custom profiles must be created for each and every system under analysis. This is especially problematic for Linux systems, because profiles are not generic : they are strictly tied to a specific kernel version and to the configuration used to build the kernel. Failing to create a valid profile means that an analyst cannot unleash the true power of memory forensics and is limited to primitive carving strategies. For this reason, in this article we present a novel approach that combines source code and binary analysis techniques to automatically generate a profile from a memory dump, without relying on any non-public information. Our experiments show that this is a viable solution and that profiles reconstructed by our framework can be used to run many plugins, which are essential for a successful forensics investigation.

Malware Classification Using Machine Learning and Image Processing

Malware is routinely used for illegal reasons, and new malware variants are discovered every day. Computer vision in computer security is one of the most significant disciplines of research today, and it has witnessed tremendous growth in the preceding decade due to its efficacy. We employed research in machine-learning and deep-learning technology such as Logistic Regression, ANN, CNN, transfer learning on CNN, and LSTM to arrive at our conclusions. We have published analysis-based results from a range of categorization models in the literature. InceptionV3 was trained using a transfer learning technique, which yielded reasonable results when compared with other methods such as LSTM. On the test dataset, the transferring learning technique was about 98.76 percent accurate, while on the train dataset, it was around 99.6 percent accurate. Keywords: Malware, illegal activity, Deep learning, Network Security,

A Survey on Malware detection using ML

This Malware detection is a field of computer security that deals with the study and prevention of malicious software. It is not the only way to defend a company against a cyber- attack. In order to be effective, companies should analyse their risk and identify the vulnerabilities. In this paper, we will examine different techniques used to detect computer malware and malicious websites as well as future directives in this area of study and also, we will discuss the growth in computer malware and how traditional methods of detection are being replaced by innovative techniques like behavioural-based model and Signature-based model. Future directives involve developing better security products in order to fight against cyber fraud which is on a rise in recent years especially in Asia Pacific region. With this increase in cyber frauds and other malicious activities, traditional methods are not enough to block computers from it as this method has many drawbacks. In order to tackle these issues, researchers have been developing new techniques such as heuristic analysis, static & dynamic analysis which can detect more than 90% of malware samples without any false positives or negatives. Keywords: Behaviour-based approach, Dynamic analysis, Heuristic, Malware, Ransomware, Signature-based model, Static analysis, Vulnerability.

Auditor Evaluation and Reporting on Cybersecurity Risks

Tremendous improvements in information networking capabilities have brought with them increased security risks resulting from the deterioration of the ability of a physical layer of computer security to protect an organization's information system. As a result, audit committees have had to deal with new security issues as well as the need to understand the cyber perpetrator and ensure the proper training of employees to consider cybersecurity risks. Standard setters including the Institute of Internal Auditors and the American Institute of Certified Public Accountants have issued guidance about lines of defense and reporting on an entity's cybersecurity risk management program and controls, respectively. Each of these topics is considered along with how cybersecurity guidance from COBIT, the National Institute of Standards and Technology, and the Center for Internet Security can be mapped into five cyber infrastructure domains to provide an approach to evaluate a system of cybersecurity.

A Cybersecurity Skills Framework

This chapter traces the evolution of cybersecurity skills requirements and development over the past 40 years, from the early days of computer security (Compusec) to the present day. The development of cybersecurity skills is traced from an initial focus upon national security and confidentiality through to the current recognition as business driver. The main part of the chapter concentrates on the development of a specific skills framework from the Institute of Information Security Professionals. Originally conceived in 2006 and initially used for purposes of membership accreditation, the IISP Skills Framework has since been used extensively by commerce, industry, government and academia in the UK and more widely. Version 2 of the framework was published in 2016, and the chapter discussion outlines both the original structure and the notable changes in the later release. These developments collectively illustrate the ongoing recognition of cybersecurity skills, as well as the evolution of the skills themselves.

User Acceptance of Password Manager Software: Evidence from Australian Microbusinesses

While text passwords are still a pervasive authentication tool, their inadequacies are well recognized. Such poorly chosen and weak passwords are the main reasons behind security breaches. Multiple authentication techniques such as biometric, token-based, and knowledge-based authentication have been developed to overcome data leaks. However, acceptance of these authenticating techniques is complicated, and users find them hard to use. Microbusinesses, defined as having less than two employees, usually have very limited resources including budget, information security expertise and updated computer systems to fulfil the security requirements. Many microbusiness owners use the same information technology as they would in home but for more sophisticated commercial reasons. An effective and easy way for microbusinesses to add an extra protection layer to their systems and passwords is through the use of password managers. This paper examines the useability and ease of use of the password manager software. We extended the Technology Acceptance Model (TAM) and tested the mediating role of self-efficacy on TAM's relationship with computer security usage. A sample of 420 microbusiness owners was taken to test the relationships among the variables through an online web-based survey. The results confirmed that self-efficacy plays a vital role in the user acceptance of password managers and reported its mediating role between perceived ease of use, perceived usefulness, and computer security usage.

Bots in Public Arenas of Social Networks

In the study of social bots, one of the important trends is the transition from a technology-centered understanding of bots as a threat to information and computer security to a broader, socially-focused understanding of bots as a new tool of informational influence used by various social actors in online social networks. This transition is of value to modern sociology. As one such actor, the authors consider a group of civic activists who use bot-technology to construct and solve the problem of defrauded equity holders. The novelty of the article lies in the interpretation of this group’s activities in the context of the concept of public arenas. The botnet “Deceived equity holders of LenSpecStroy” was detected thanks to the author’s complex methodology that combined the method of frequency analysis of messages, profiling of bot accounts, including static and behavioral analysis of user profiles, statistical analysis of texts, analysis of the botnet’s structural organization, analysis of the content of its publications, and analysis of bursts of network publication activity. Analyzing these bursts of publication activity and the content of botnet publications showed how bot-technologies aided in implementing effective techniques aimed at constructing and maintaining the social problem of defrauded equity holders: expanding the capacity of the public arena, realizing (creating) dramaturgical novelty and emotional richness in discussing the problem, taking into account the organizational specifics of the public arena, directing interest in the problem towards other (related and equally important) public arenas (media, legislative and executive power, political parties).

Appending Security Theories to Projects in Upper-Division CS Courses

Software systems have been under continued attacks by malicious entities, and in some cases, the consequences have been catastrophic. To tackle this pervasive problem, the academic world has significantly increased the offering of computer security-related courses during the past decade. In fact, offering these courses has become a standard part of the curriculum for many computing disciplines. While many proposals suggest adding this appealing topic into the nonsecurity CS courses, many faculties do not entirely support the idea for a convincing reason. They rightfully claim that each one of these courses is already packed with concepts and materials developed toward that course, leaving not much room for other topics. In this study, we show how exposing students to security concepts can be incorporated into upper-division CS courses without increasing the normally required efforts needed by students as well as the instructor. We show how to develop a project of this nature that can be appended to an already existing course project. We have successfully employed our proposed approach in two of our core CS courses and present them in this paper as case studies.

Bad Tools Hurt: Lessons for teaching computer security skills to undergraduates

Understanding why developers continue to misuse security tools is critical to designing safer software, yet the underlying reasons developers fail to write secure code are not well understood. In order to better understand how to teach these skills, we conducted two comparatively large-scale usability studies with undergraduate CS students to assess factors that affect success rates in securing web applications against cross-site request forgery (CSRF) attacks. First, we examined the impact of providing students with example code and/or a testing tool. Next, we examined the impact of working in pairs. We found that access to relevant secure code samples gave significant benefit to security outcomes. However, access to the tool alone had no significant effect on security outcomes, and surprisingly, the same held true for the tool and example code combined. These results confirm the importance of quality example code and demonstrate the potential danger of using security tools in the classroom that have not been validated for usability. No individual differences predicted one’s ability to complete the task. We also found that working in pairs had a significant positive effect on security outcomes. These results provide useful directions for teaching computer security programming skills to undergraduate students.