The Cyber Defense Review


1 2 3 4 5 6 7 8 9 10 ... 21

Combining Recurrence Quantification Analysis and Adaptive Clustering to Detect DDoS Attacks

December 9, 2019 — The high number of Distributed Denial of Service (DDoS) attacks executed against a lot of nations has demanded innovative solutions to guarantee reliability and availability of internet services in cyberspace. In this sense, different methods have been used to analyze network traffic for denial of service attacks, such as statistical analysis, data mining, machine learning, and others. However, few of them explore hidden recurrence patterns in nonlinear network traffic and none of them explore it together with Adaptive Clustering. This work proposes a new method, called DDoSbyRQA, which uses the Recurrence Quantification Analysis (RQA) based on the extraction of network traffic dynamic features and combination with an Adaptive Clustering algorithm (A-Kmeans) to detect DDoS attacks. The experiments, which were performed using the Center for Applied Internet Data Analysis (CAIDA) and University of California, Los Angeles (UCLA), databases, have demonstrated the ability of the method in real-time. MORE

The Calculus of Protecting Interstate Competition from Cyberattack

December 9, 2019 — Lethal conflict may be approximated using power law statistics which, on a log-log plot of exceedance probability (EP) versus severity, is characterized by constant slope -q. Values of q1 and allows for the use of Bayesian hypothesis tests based on q to serve as a decision criterion about when to react to threats, leading to a set of parameters that determine whether conflict will escalate and to the conclusion that redundant networks, deterrence, and attack detection stabilize competition against cyber conflict. Examples of the importance of the Bayesian parameters in creating and adapting networks to stabilize competition are provided. MORE

Critical Infrastructure Protection at the Local Level Water and Wastewater Treatment Facilities

December 9, 2019 — The increasing number of Industrial Control System (ICS) vulnerabilities, coupled with continuing revelations about ICS compromises, emphasizes the importance of securing critical infrastructure (CI) against cyber threats[1],[2]. The ability to adversely affect the operation of an ICS through cyberspace is exacerbated by the increasing use of automation and implementation of common routing protocols to communicate with control devices [3]. Local water treatment facilities are particularly vulnerable to this attack vector due to the need to manage key functions with minimal staff. Reacting to specific cyber risks without developing a holistic method for managing risk provides only a modicum of protection. This monograph demonstrates how focusing on risk management as a mitigation strategy – not individual risks – maximizes the security efforts at the local level. MORE

Applied computational social choice theory as a framework for new cyber threats

December 9, 2019 — Social media and “big data” have combined to create a new era of marketing, political campaigning, and hostile propaganda. The tactics, such as microtargeting of ads, have recently received intense public scrutiny. However, little has been publicly said about the tools and techniques of strategy. In this context, Applied Computational Choice (ACSC) refers to a framework for analyzing data, modeling tactics, and planning strategy. Here we describe an ACSC framework derived from the work being done by some of the main actors and apply it to show how a few simple scenarios can be modeled and realistic behaviors predicted, as well as illuminate possible motivations for certain patterns observed in the real world. We introduce the concept of vulnerability assessment applied to voting systems by analyzing the cost of influence operations on simple model voting systems. We believe this framework reflects those being used by a number of different actors with goals and hope that this article helps to provide an overview and introduction to the field. MORE

Predicting enterprise cyber incidents using social network analysis on dark web hacker forums

December 9, 2019 — With the rise in security breaches over the past few years, there has been an increasing need to mine insights from social media platforms to raise alerts of possible attacks in an attempt to defend conflict during competition. We use information from dark web forums by leveraging the reply network structure of user interactions with the goal of predicting enterprise cyberattacks. We use a suite of social network features on top of supervised learning models and validate them using a binary classification problem that attempts to predict whether there would be an attack on any given day for an organization. We conclude from our experiments, which gathered information from 53 forums on the dark web over a span of 12 months and attempted to predict real-world cyberattacks across 2 security incidents, that analyzing the path structure between groups of users is better than merely studying centralities like Pagerank or relying on user-posting statistics in forums. MORE

Cyber Acquisition Policy Changes to Drive Innovation in Response to Accelerating Threats in Cyberspace

December 9, 2019 — The United States of America faces great risk in the cyber domain because our adversaries are growing bolder, increasing in number, improving their capabilities, and doing so rapidly. Meanwhile, the associated technologies are evolving so quickly that progress toward hardening and securing this domain is ephemeral, as systems reach obsolescence in just a few years and revolutionary paradigm shifts, such as cloud computing and ubiquitous mobile devices, can pull the rug out from the best-laid defensive planning by introducing entirely new regimes of operations. Contemplating these facts in the context of Department of Defense (DoD) acquisitions is particularly sobering because many cyber capabilities bought within the traditional acquisition framework may be of limited usefulness by the time that they are delivered to the warfighter. Thus, it is a strategic imperative to improve DoD acquisitions pertaining to cyber capabilities. This paper proposes novel ideas and a framework for addressing these challenges. MORE

United by Necessity: Conditions for Institutional Cooperation against Cybercrime

December 9, 2019 — Cybercrime continues to grow despite ongoing remediation efforts at the state and international level. The ease of access to commit cybercriminal activity beyond one’s borders makes this an international issue. Examining the cooperative schemes utilized in intergovernmental institutions such as the European Union (EU) Agency for Law Enforcement and Cooperation (Europol) illuminates possible conditions that encourage states to cooperate to fight cybercrime. Testing these conditions shows that the preexistence of an institution in a related issue area serves as the strongest driver of cooperation within an international institution against cybercrime. MORE

Feed the Bears, Starve the Trolls Demystifying Russia’s Cybered Information Confrontation Strategy

December 9, 2019 — This paper seeks to establish an explicit connection between Russian strategic information operations theory and the execution of Russian cyber operations. These operations are part of a larger strategic construct in the Russian lexicon known as “information confrontation” – a concept that is deeply embedded in Russian strategic thought and official doctrine. Furthermore, within the information confrontation concept, the Russians posit an essential distinction between technical and psychological effects. Using this distinction, we attempt to introduce analytical clarity to the study of Russian activities in the cyber domain. Specifically, within the technical/psychological distinction, we find that Russian operations that tend toward the latter tend to be less sophisticated and conducted at some level of remove from direct control by the regime, while the former clearly demonstrates what we refer to as “organizational sophistication.” MORE

Beyond the United Nations Group of Governmental Experts: Norms of Responsible Nation-State Behavior in Cyberspace

December 9, 2019 — While the September 2015 meeting between President Xi of China and President Obama of the United States seemed like a tipping point for norms in cyberspace, the United Nations Group of Governmental Experts (UNGGE) has been developing a useful set of norms for responsible conduct among nations in cyberspace for years. Although consensus was difficult to establish along the way, as it almost always is between nations, the Xi–Obama meeting started the process of establishing a broader agreement on a set of norms that was later endorsed by the Group of Seven and Group of 20. The endorsed norms followed previous agreements and focused on information sharing, cooperation, protection, and avoiding malicious activities within a state’s borders, as well as human rights violations. States were to avoid using their territory for attacks against technologies or critical infrastructure, abstain from disrupting supply chain security, and refrain from using cyber means to harm other states. However, the UNGGE norms effort wavered during 2017 when several key countries backed away from the original agreement for a variety of reasons ranging from inability to enforce it to concerns around its effect on future operations. MORE

A Model for Evaluating Fake News

December 9, 2019 — “Fake news” (FN) is slowly being recognized as a security problem that involves multiple academic disciplines; therefore, solving the problem of FN will rely on a cross-discipline approach where behavioral science, linguistics, computer science, mathematics, statistics, and cybersecurity work in concert to rapidly measure and evaluate the level of truth in any article. The proposed model relies on computational linguistics (CL) to identify characteristics between “true news” and FN so that true news content can be quantitatively characterized. Additionally, the pattern spread (PS) of true news differs from FN since FN relies, in part, on bots and trolls to saturate the news space. Finally, provenance will be addressed, not in the traditional way that examines the various sources, but in terms of the historical evaluations of author and publication CL and PS. MORE

1 2 3 4 5 6 7 8 9 10 ... 21