Attack Taxonomy for Cyber-Physical System

Cyber-physical systems are the systems that combine the physical world with the world of information processing. CPS involves interaction between heterogeneous components that include electronic chips, software systems, sensors and actuators. It makes the CPS vulnerable to attacks. How to deal with the attacks in CPSs has become a research hotspot. In this paper we have study the Architecture of CPS and various security threats at each layer of the archicture of CPS. We have also developed attack taxonomy for CPS. Keywords: Cyber Physical System, Threat, Attack

Android Malware Detection Techniques in Traditional and Cloud Computing Platforms

In the mobile world, Android is the most popular choice of manufacturers and users alike. Meanwhile, a number of malicious applications abbreviated as malapps or malware have increased explosively. Malware writers make use of existing apps to send malware to users' devices. To check presence of malware, the authors perform malware analysis of apps. In this paper, they provide a comprehensive review on state-of-the-art android malware detection approaches using traditional and cloud computing platforms. The paper also presents attack taxonomy to better understand security threat against Android. Furthermore, it describes various possible attacking features (static and dynamic) and their analysis mechanism. Various security tools have also been discussed. It presents two case studies: one for malware feature extraction and the other for demonstrating the use of machine learning for malware analysis in order to provide a practical insight of malware analysis. The results of malware analysis seem to be promising.

A Review and Case Study on Android Malware: Threat Model, Attacks, Techniques and Tools

As android devices have increased in number in the past few years, the android operating system has started dominating the smartphone market. The vast spread of android across all the devices has made security an important issue as the android users continue to grow exponentially. The security of android platform has become the need of the hour in view of increase in the number of malicious apps and thus several studies have emerged to present the detection approaches. In this paper, we review the android components to propose a threat model that illustrates the possible threats that are present in the android. We also present the attack taxonomy to illustrate the possible attacks at various layers of the android architecture. Experiments demonstrating the feature extraction and classification using machine earning algorithms have also been performed.

E-mail-Based Phishing Attack Taxonomy

The amount of fraud on the Internet is increasing along with the availability and the popularity of the Internet around the world. One of the most common forms of Internet fraud is phishing. Phishing attacks seek to obtain a user’s personal or secret information. The variety of phishing attacks is very broad, and usage of novel, more sophisticated methods complicates its automated filtering. Therefore, it is important to form up-to-date and detailed phishing attack taxonomy, which could be used for both human education purposes as well as phishing attack discrete notation. In this paper, we propose an e-mail-based phishing attack taxonomy, which includes six phases of the attack. Each phase has at least one criterion for the attack categorization. Each category is described, and in some cases the categories have sub-classes to present the full variety of phishing attacks. The proposed taxonomy is compared to similar taxonomies. Our taxonomy outperforms other phishing attack taxonomies in numbers of phases, criteria and distinguished classes. Validation of the proposed taxonomy is achieved by adapting it as a phishing attack notation for an incident management system. Taxonomy usage for phishing attack notation increases the level of description of phishing attacks compared to free-form phishing attack descriptions.