DOCSLIB.ORG

Genetic Algorithm Application in Information Security Systems

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Genetic Algorithm Application in Information Security Systems VILNIUS GEDIMINAS TECHNICAL UNIVERSITY Nikolaj GORANIN GENETIC ALGORITHM APPLICATION IN INFORMATION SECURITY SYSTEMS DOCTORAL DISSERTATION TECHNOLOGICAL SCIENCES, INFORMATICS ENGINEERING (07T) Vilnius 2010 Doctoral dissertation was prepared at Vilnius Gediminas Technical University in 2006–2010. Scientific Supervisor Prof Dr Habil Antanas ČENYS (Vilnius Gediminas Technical University, Technological Sciences, Informatics Engineering – 07T). VGTU leidyklos TECHNIKA 1756-M mokslo literat ūros knyga http://leidykla.vgtu.lt ISBN 978-9955-28-588-5 © VGTU leidykla TECHNIKA, 2010 © Nikolaj Goranin, 2010 [email protected] VILNIAUS GEDIMINO TECHNIKOS UNIVERSITETAS Nikolaj GORANIN GENETINI Ų ALGORITM Ų TAIKYMAS INFORMACIJOS SAUGOS SISTEMOSE DAKTARO DISERTACIJA TECHNOLOGIJOS MOKSLAI, INFORMATIKOS INŽINERIJA (07T) Vilnius 2010 Disertacija rengta 2006–2010 metais Vilniaus Gedimino technikos universitete. Mokslinis vadovas prof. habil. dr. Antanas ČENYS (Vilniaus Gedimino technikos universitetas, technologijos mokslai, informatikos inžinerija – 07T). Abstract Information infrastructure protection against malicious software, such as vi- ruses, Internet worms and botnets is a crucial task that requires development and implementation of both reactive, such as patches, removal tools, antivirus soft- ware updates and proactive, such as countermeasure planning in advance, meas- ures. Success of these measures application highly depends on reaction time and understanding of malware evolution trends respectively. Reaction time should be directly proportional to the risk level posed by malware. Currently risk evalua- tion task is based on expert knowledge and no automatic evaluation systems ex- ist. Existing malware models mainly concentrate on malware epidemic conse- quences modelling, i.e. forecasting the number of infected computers, simulating malware behaviour or economic propagation aspects and are based only on cur- rent malware propagation strategies. Present study presents an innovative genetic algorithm based malware risk level evaluation and malware evolution forecasting model. Genetic algorithm approach was selected taking into consideration its efficiency while solving tasks with large solution space and ability to model the evolution process which is the case for malware, often considered as a form of artificial life, evolution forecasting. The model presented covers the malware feature representation de- scription in the genetic algorithm suitable format, evolution evaluation fitness functions for propagation and survivability strategy evolution forecasting of sev- eral malware types in friendly and hostile environments, algorithm operating conditions and a genetic algorithm based method for decision tree generation, used for malware risk evaluation. Correctness of the proposed fitness evaluation criteria is tested on historical data; malware evolution modelling and risk evaluation experiments are per- formed; conclusions regarding the malware evolution trends are provided. Study also reviews genetic algorithm application in information security systems, provides technical analysis of modern malware types, that are used for evolution modelling, and analyses existing malware models. It is concluded that the proposed model is easily extensible for other mal- ware types and parameters. It can be successfully used for evolution forecasting and risk evaluation of newly appearing malware samples. v Rezium ÷ Apsauga nuo kenksmingo programinio kodo, tokio kaip kompiuteriniai vi- rusai, interneto kirminai ir kenksmingi botnet tinklai, tampa gyvybiškai svarbiu uždaviniu užtikrinant informacin ÷s infrastrukt ūros saug ą ir stabilum ą. Taikomos apsaugos priemon ÷s gali b ūti suskirstytos į reaktyvias, tokias kaip programin ÷s įrangos ir antivirusini ų program ų duomen ų bazi ų atnaujinimai, šalinimo įranki ų kūrimas, ir proaktyvias, tai yra planuojamas iki gr ÷sm ÷s atsiradimo. Apsaugos priemoni ų grupi ų taikymo efektyvumas priklauso nuo reakcijos laiko pirmu, ir kenksmingo programinio kodo evoliucijos tendencij ų supratimo, antru atveju. Reakcijos laikas tur ÷tų b ūti tiesiogiai proporcingas naujai atsiran- dan čio kenksmingo programinio kodo pavojingumo lygiui, kurio įvertinimas šiuo metu pagrinde remiasi ekspertiniais vertinimais. Šiuolaikiniai kenksmingo programinio kodo modeliavimo įrankiai yra skirti epidemiologini ų arba ekono- mini ų pasekmi ų prognozavimui ir kenksmingo programinio kodo elgesio simu- liavimui bei nevertina perspektyvi ų kenksmingo programinio kodo strategijų. Šioje disertacijoje si ūlomas genetiniais algoritmais paremtas kenksmingo programinio kodo rizikos vertinimo ir evoliucijos prognozavimo modelis. Gene- tiniai algoritmai pasirinkti atsižvelgiant į metodo efektyvum ą sprendžiant dauge- lio sri čių, tame tarpe ir informacin ÷s saugos, uždavinius, bei galimyb ę modeliuo- ti evoliucijos proces ą, kuris gali b ūti taikomas ir kenksmingo programinio kodo, dažnai traktuojamo kaip dirbtin ÷s gyvyb ÷s atmaina, evoliucijos modeliavimui. Modelio aprašym ą sudaro kenksmingo programinio kodo atvaizdavimo aprašy- mas, tikslo funkcijos skirting ų parametr ų evoliucijos prognozavimui, algoritmo veikimo parametrai ir genetiniais algoritmais paremtas sprendim ų medži ų, nau- dojam ų rizikos vertinimui, generavimo metodas. Pasi ūlyt ų tinkslo funkcij ų korektiškumas tikrinamas pritaikant istorinius duomenis, atliekami evoliucijos modeliavimo ir rizikos vertinimo eksperimentai, padaromos išvados d ÷l kenksmingo programinio kodo evoliucijos tendecij ų. Disertacijoje taip pat analizuojami genetini ų algoritm ų taikymai informaci- jos saugos sistemose, pateikiama keli ų šiuolaikini ų kenksmingo programinio kodo r ūši ų, kuri ų evoliucija yra modeliuojama, technin ÷ analiz ÷, bei nagrin ÷ja- mos egzistuojan čios kenksmingo programinio kodo modeliavimo priemon÷s. Darbe teigiama, kad pasi ūlytas modelis yra lengvai ple čiamas ir gali b ūti taikomas kenksmingo programinio kodo evoliucijos modeliavimui bei naujai atsirandančių egzempliori ų rizikos vertinimui. vi Notations Abbreviations 2D – two dimensional (geometrics); 3D – three dimensional (geometrics); AES – advanced encryption standard; AI – artificial intelligence; AL – artificial life; ANN – artificial neural networks; C&C – command & control (center); CPU – central processing unit; CS – classifier systems; CVE – common vulnerabilities and exposures; DARPA – The Defense Advanced Research Projects Agency DDoS – distributed denial of service (attack); DES – data encryption standard; DNA – deoxyribonucleic acid; DNS – domain name system; DOS – denial of service; EA – evolutionary algorithm; EEG – electroencephalogram; EER – error rate; vii ENISA – The European Network and Information Security Agency; ES – evolutionary strategies; FDR – Fischer discriminant ratio; FTP – file transfer protocol; FVC – Fingerprint Verification Contest; GA – genetic algorithm; GP – genetic programming; HDD – hard disk drive; HIDS – host-based IDS; HTTP – hypertext transfer protocol; ICIGA – improved cryptography inspired by genetic algorithms; ICMP – Internet control message protocol; ID – intrusion detection; IDC – International Data Corporation; IDS – intrusion detection system; IIS – Internet Information Services; IP – Internet protocol; IPS – intrusion prevention system; IRC – Internet relay chat; IT – information technology; LDA – linear discriminant analysis; LPR – line printer remote; MMS – multimedia messaging service; NIDS – network-based IDS; NIST – National Institute of Standards and Technology; NLFFSR – non-linear function feedback shift register; OS – operating system; P2P – peer-to-peer; R2L – Remote2Local; RCS – The Random Constant Spread; RSA – Rivest, Shamir and Adleman algorithm; SIR – susceptible-infected-recovered; SIS – susceptible-infected-susceptible; SMS – short message service; SMTP – simple mail transfer protocol; SNR – signal-to-noise ratio; TC – termination condition; TCP – transmission control protocol; U2R – User2Root; UDP – user datagram protocol; UTC – coordinated universal time; VEP – visual evoked potential. viii Symbols A – public key; a(t) – proportion of vulnerable machines which have been compromised at the instance t; A’ – private key; aij – adjustable parameter (biometry); ci – greyscale intensity; CPU_LOAD i – average gene’s method load on the infected computer’s CPU during time tj; DDF – measured freaquency for a diagram; DF – measured character’s frequency in the decoded ciphertext; F – fitness function, that evaluates the malware strategy’s efficiency under in terms of survivability; th fi – fitness of the i individual in population of solutions; FSC – fitness function, that evaluates the malware strategy’s efficiency under pressure of countermeasures; k – activity level of malware strategy being evaluated, either in terms of number of ac- tion performed (propagation forecasting) or computer resource usage level (survivability forecasting); K – value based on K(S) function calculations, that evaluated the S strategy’s fitness in sense of propagation speed efficiency; m – relatively primary number (cryptography) or number of points considered (biome- try); Matched – revellance of gene in historical data; N – population size; NCC – number of Command and Control servers, needed for botnet to remain stable in time interval T; pi – probability assigned to the specific gene i, describing its effectiveness probability or probability of the ith individual in population to be selected; ranking – difficulty of intrusion detection; S – malware strategy representing variable;
Load more

Recommended publications
  • A the Hacker
    A The Hacker Madame Curie once said “En science, nous devons nous int´eresser aux choses, non aux personnes [In science, we should be interested in things, not in people].” Things, however, have since changed, and today we have to be interested not just in the facts of computer security and crime, but in the people who perpetrate these acts. Hence this discussion of hackers. Over the centuries, the term “hacker” has referred to various activities. We are familiar with usages such as “a carpenter hacking wood with an ax” and “a butcher hacking meat with a cleaver,” but it seems that the modern, computer-related form of this term originated in the many pranks and practi- cal jokes perpetrated by students at MIT in the 1960s. As an example of the many meanings assigned to this term, see [Schneier 04] which, among much other information, explains why Galileo was a hacker but Aristotle wasn’t. A hack is a person lacking talent or ability, as in a “hack writer.” Hack as a verb is used in contexts such as “hack the media,” “hack your brain,” and “hack your reputation.” Recently, it has also come to mean either a kludge, or the opposite of a kludge, as in a clever or elegant solution to a difficult problem. A hack also means a simple but often inelegant solution or technique. The following tentative definitions are quoted from the jargon file ([jargon 04], edited by Eric S. Raymond): 1. A person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as opposed to most users, who prefer to learn only the minimum necessary.
    [Show full text]
  • PLTW Computer Science Principles
    Computer Science Virtual Learning PLTW Computer Science Principles April 29, 2020 Computer Science Principles Lesson: April 29, 2020 Learning Target: The goal of this lesson is for students to personally invest in maintaining online security and to improve their personal cybersecurity hygiene. Students focus on cybersecurity from the perspectives of the user, the software developer, businesses, the nation, and the citizen. Introduction With current health crisis, now like no other time in history, our nation has a dire need for people – as employees, citizens, and consumers–to practice good hygiene, hand washing, etc. But what does cyber-hygiene that mean? Why is it so important? What are the worst-case consequences of not practicing good cyber-hygiene? Write your thoughts in your notebook and discuss your ideas with your family and friends. Watch this Video: What is Cyber-Hygiene? Practice:Cyber-Ethics Consider the following two scenarios. In each scenario, decide if Rob has behaved unethically. If his action was unethical, explain why and describe what you think the consequences might be. If his action was ethical, describe what additional actions would have crossed the line into unethical behavior. Write your thoughts for each scenario in your notebook. Compare your answers with the links provided Practice:Cyber-Ethics Scenario 1 Rob is sitting next to Tanya, who is entering a password on a website. Rob watches her type and memorizes her password. He uses it once to see if it really was her password and immediately logs out. He never uses it again. Compare your answers here Practice:Cyber-Ethics Scenario 2 Rob is given access to a computing network.
    [Show full text]
  • Anti-Virus Issues, Malicious Software and Internet Attacks for Non-Technical Audiences
    Known Knowns, Known Unknowns and Unknown Unknowns: Anti-virus issues, malicious software and Internet attacks for non-technical audiences By Daniel Bilar Introduction [Heading] The risks associated with the internet have changed significantly. A recent study claims that a typical Microsoft Windows machine is subjected to autonomous infiltration attempts - not just mere pings and probes - from worms and botnets looking for clients once every six minutes.1 Stealth – not exhibitionism or hubris – characterizes this breed of attacks and concomitantly deployed malicious software. Unbeknownst even to experienced human operators, surreptitious attacks are able to insert malicious code deep within the bowels of individual computers and the wider supporting internet communication and control infrastructure such as wireless access points, home routers, and domain name servers.2 In addition to stealth, social engineering via e-mail, Instant 1 Gabor Szappanos, ‘A Day in the Life of An Average User’, Virus Bulletin, January 2009, 10-13, available at http://www.virusbtn.com/. 2 Most users do not bother to change the default passwords on home devices such as routers. Browser vulnerabilities can then be exploited by malicious software to alter the DNS settings of the router, thereby directing any name lookup query to a DNS of the attacker’s choice. This may be used to spoof a bank web site, for instance. See Sid Stamm, Zulfikar Ramzan and Markus Jakobsson, ‘Drive-By Pharming’, Lecture Notes in Computer Science 4861, (Springer, 2007), 495-506 and Hristo Bojinov, Elie Bursztein, Eric Lovett and Dan Boneh, ‘Embedded Management Interfaces: Emerging Massive Insecurity’, Blackhat Technical Briefing, Blackhat USA 2009 (Las Vegas, USA, August 2009), available at http://www.blackhat.com/presentations/bh-usa- 09/BOJINOV/BHUSA09-Bojinov-EmbeddedMgmt-PAPER.pdf.
    [Show full text]
  • Security and Privacy Implications of Third-Party Access to Online Social Networks
    Die approbierte Originalversion dieser Dissertation ist in der Hauptbibliothek der Technischen Universität Wien aufgestellt und zugänglich. http://www.ub.tuwien.ac.at The approved original version of this thesis is available at the main library of the Vienna University of Technology. http://www.ub.tuwien.ac.at/eng Security and Privacy Implications of Third-Party Access to Online Social Networks PhD THESIS submitted in partial fulfillment of the requirements of Doctor of Technical Sciences within the Vienna PhD School of Informatics by Markus Huber, M.Sc. Registration Number 0306665 to the Faculty of Informatics at the Vienna University of Technology Advisor: Privatdoz. Dipl.-Ing. Mag.rer.soc.oec. Dr.techn. Edgar Weippl Second advisor: o.Univ.Prof. Dipl.Ing. Dr. A Min Tjoa External reviewers: Assoc. Prof. Dr. Engin Kirda. Northeastern University, USA. Prof. Dr. Stefan Katzenbeisser. Technische Universität Darmstadt, Germany. Wien, 27.08.2013 (Signature of Author) (Signature of Advisor) Technische Universität Wien A-1040 Wien Karlsplatz 13 Tel. +43-1-58801-0 www.tuwien.ac.at Declaration of Authorship Markus Huber, M.Sc. Burggasse 102/8, AT-1070 Vienna, Austria I hereby declare that I have written this Doctoral Thesis independently, that I have com- pletely specified the utilized sources and resources and that I have definitely marked all parts of the work - including tables, maps and figures - which belong to other works or to the internet, literally or extracted, by referencing the source as borrowed. (Vienna, 27/08/2013) (Signature of Author) i Acknowledgements I am grateful to my supervisor Edgar R. Weippl for his excellent mentoring over the course of my postgraduate studies and for giving me the freedom to pursue my own research ideas.
    [Show full text]
  • Chapter Malware, Vulnerabilities, and Threats
    Chapter Malware, Vulnerabilities, and 9 Threats THE FOLLOWING COMPTIA SECURITY+ EXAM OBJECTIVES ARE COVERED IN THIS CHAPTER: ✓ 3.1 Explain types of malware. ■ Adware ■ Virus ■ Spyware ■ Trojan ■ Rootkits ■ Backdoors ■ Logic bomb ■ Botnets ■ Ransomware ■ Polymorphic malware ■ Armored virus ✓ 3.2 Summarize various types of attacks. ■ Man-in-the-middle ■ DDoS ■ DoS ■ Replay ■ Smurf attack ■ Spoofing ■ Spam ■ Phishing ■ Spim ■ Vishing ■ Spear phishing ■ Xmas attack ■ Pharming ■ Privilege escalation ■ Malicious insider threat ■ DNS poisoning and ARP poisoning ■ Transitive access ■ Client-side attacks ■ Password attacks: Brute force; Dictionary attacks; Hybrid; Birthday attacks; Rainbow tables ■ Typo squatting/URL hijacking ■ Watering hole attack ✓ 3.5 Explain types of application attacks. ■ Cross-site scripting ■ SQL injection ■ LDAP injection ■ XML injection ■ Directory traversal/command injection ■ Buffer overflow ■ Integer overflow ■ Zero-day ■ Cookies and attachments; LSO (Locally Shared Objects); Flash Cookies; Malicious add-ons ■ Session hijacking ■ Header manipulation ■ Arbitrary code execution/remote code execution ✓ 3.7 Given a scenario, use appropriate tools and techniques to discover security threats and vulnerabilities. ■ Interpret results of security assessment tools ■ Tools: Protocol analyzer; Vulnerability scanner; Honeypots; honeynets; Port scanner; Passive vs. active tools; Banner grabbing ■ Risk calculations: Threat vs. likelihood ■ Assessment types: Risk; Threat; Vulnerability ■ Assessment technique: Baseline reporting; Code review; Determine attack surface; Review architecture; Review designs ✓ 4.1 Explain the importance of application security controls and techniques. ■ Cross-site scripting prevention ■ Cross-site Request Forgery (XSRF) prevention ■ Server-side vs. client-side validation As we discussed in Chapter 1, “Measuring and Weighing Risk,” everywhere you turn there are risks; they begin the minute you fi rst turn on a computer and they grow exponen- tially the moment a network card becomes active.
    [Show full text]
  • 1. 9002 2. Adore 3. Agobot 4. Alina 5. Allaple 6. Alureon 7. Andromeda 8
    LISTA DE CÓDIGO MALICIOSO PARA EL EJERCICIO 2 OJO: En algunos casos los nombres hacen referencia al resultado de la ejecución del código malicioso o la aplicación a la que afecta, además de al código malicioso en sí (por ejemplo, hacen referencia a un troyano y a la botnet creada con él o al programa que instala). 1. 9002 44. Bytverify 86. Gaobot 2. Adore 45. Carberp 87. Gapz 3. Agobot 46. ChePro 88. Geinimi 4. Alina 47. Chernobyl 89. Gh0st 5. Allaple 48. Citadel 90. Ghostball 6. Alureon 49. Citifraud 91. Gingermaster 7. Andromeda 50. Clippo 92. Gozi 8. Animal 51. CodeRed 93. Graybird 9. Anna-Kournikova 52. Commwarrior 94. Happy99 11. Arcom 53. Conficker 95. HellRaiser 12. Ardamax 54. Cookies 96. Hikit 13. Asprox 55. Coswid 97. Hiloti 14. Avatar 56. Creeper 98. HOIC 15. Back Orifice 57. Cryptolocker 99. Horst 16. Badtrans 58. Cutwail 100. Hotbar 17. Bagle 59. CyberGate 101. Hupigon 18. Bamital 60. Dalbot 102. Ikee 19. Banbra 61. DarkComet 103. ILoveYou 20. Bandook 62. Darkmegi 104. Imaut 21. BaneChant 63. DaVinci 105. IXESHE 22. Banload 64. Daws 106. JBOSS 23. Barrotes 65. Depyot 107. Joshi 24. Beast 66. Destory 108. Kak 25. Beebone 67. Dexter 109. Karagany 26. Beebus 68. DirDel 110. Kelihos 27. Benjamin 69. DirtJumper 111. Kenzero 28. Bifrose 70. Distrack 112. Klez 29. Bitcoinminer 71. DNSChanger 113. Koobface 30. Blaster 72. Dokstormac 114. Krbanker 31. Blazebot 73. Dozer 115. Krotten 32. Bohmini 74. Droiddream 116. Kuluoz 33. Bohu 75. BlackPOS 117. Laroux 34. Bolgimo 76. Duqu 118. Leap 35. Boran 77.
    [Show full text]
  • Web 2.0 Vulnerabilities
    Web 2.0 Vulnerabilities "A Thesis Presented in Partial Fulfillment of the Requirements for the Degree of Masters of Science in Forensic Computing, John Jay College of Criminal Justice of the City University of New York" Mark Aaron Frankel August 2008 i Abstract The World Wide Web has changed. Internet users no longer read static pages published by webmasters alone. Today, the nature of the Web is that of interaction and collaboration and has been dubbed the Web 2.0 phenomenon by some. Web 2.0 represents a social upgrade to the way that users have come to know the Web. Websites now allow users to add and change content, thereby making a site their own space. Unfortunately, the technology that makes this all possible is vulnerable to attack. The very freedom that defines the Web 2.0 movement flaws it as well. The problem should be fixed in a way that does not hinder the innovation that Web 2.0 allows. This work looks at the problem by examining the vulnerabilities, quantifying the severity of the threat and ultimately offering solutions – both existing and new. ii Introduction There is no short answer to the question “What is Web 2.0?” In its simplest form, it could be described as the interactive and collaborative World Wide Web. Web 2.0 is characterized by a user’s ability to post content on the web. Examples of Web 2.0 services include Wikipedia, YouTube and the various social networking sites, which provide facilities to allow users to upload information - everything from text, graphics, video, etc.
    [Show full text]
  • Infosecurity 2008 Threat Analysis.Pdf
    427_FM.qxd 9/17/07 12:31 PM Page iii Infosecurity 2008 Threat Analysis Your One-Stop Reference Containing the Most Read Topics in the Infosecurity Security Library Protect Your Enterprise from Tomorrow’s Threats Today Botnets Cross Site Scripting Attacks Physical and Logical Security Convergence PCI Compliance Asterisk and VoIP Hacking Social Engineering FOREWORD BY RICHARD FORD INFOSECURITY MAGAZINE BOARD MEMBER 427_FM.qxd 9/17/07 12:31 PM Page iv Elsevier, Inc., the author(s), and any person or firm involved in the writing, editing, or production (collectively “Makers”) of this book (“the Work”) do not guarantee or warrant the results to be obtained from the Work. There is no guarantee of any kind, expressed or implied, regarding the Work or its contents.The Work is sold AS IS and WITHOUT WARRANTY.You may have other legal rights, which vary from state to state. In no event will Makers be liable to you for damages, including any loss of profits, lost savings, or other incidental or consequential damages arising out from the Work or its contents. Because some states do not allow the exclusion or limitation of liability for consequential or incidental damages, the above limitation may not apply to you. You should always use reasonable care, including backup and other appropriate precautions, when working with computers, networks, data, and files. Syngress Media®, Syngress®,“Career Advancement Through Skill Enhancement®,”“Ask the Author UPDATE®,” and “Hack Proofing®,” are registered trademarks of Elsevier, Inc.“Syngress:The Definition of a Serious Security Library”™,“Mission Critical™,” and “The Only Way to Stop a Hacker is to Think Like One™” are trademarks of Elsevier, Inc.
    [Show full text]
  • Optimal Patching in Clustered Epidemics of Malware S
    1 Optimal Patching in Clustered Epidemics of Malware S. Eshghi, MHR. Khouzani, S. Sarkar, S. S. Venkatesh Abstract—Studies on the propagation of malware in mobile of time before major malware outbreaks are witnessed in the networks have revealed that the spread of malware can be wireless domain. highly inhomogeneous across different regions. Heterogeneous The spread of malware can be countered through patch- rates of contact can also be due to diverse platforms, utilization of contact lists by the malware, the clustered nature of the ing [3]: the underlying vulnerability utilized by the worm network, etc. In this paper, a general formal framework is can be fixed by installing security patches that immunize proposed for leveraging such information about heterogeneity the susceptible and potentially remove the malware from to derive optimal patching policies that attain the minimum the infected, hence simultaneously healing and immunizing aggregate cost due to the spread of malware and the surcharge of infective nodes. However, the distribution of these patches patching. Using Pontryagin’s Maximum Principle for a stratified epidemic model, it is analytically proven that in the mean-field burdens the limited resources of the network, and hence, if deterministic regime, optimal patch disseminations are simple not carefully controlled, this can wreak havoc on the system. single-threshold policies that are amenable to implementation In wired networks, the spread of Welchia, a counter-worm to in a distributed manner. Through numerical calculations, the thwart Blaster, created substantial traffic which in turn rapidly behavior of optimal patching policies is investigated in sample destabilized important sections of the Internet.
    [Show full text]
  • Secure Software Development for the World Wide Web
    CERN – European Organization for Nuclear Research GS Department – Administrative Information Services Secure software development for the World Wide Web Derek Mathieson Group Leader Advanced Information Systems CERN – Geneva, Switzerland Agenda Impact of Security Flaws Definitions Types of Attack Techniques / Solutions CERN GS-AIS Why Secure Web Application? CERN GS-AIS Impact of Security Flaws Ping of death Morris worm (1988) – ~6,000 infected computers Santy (2004) – ~40,000 infected computers (in 24 hours) Conficker (2008) – 17,000,000 infected computers CERN GS-AIS US Army Computer Virus Hits U.S. Drone Fleet CERN GS-AIS SONY PlayStation Network CERN GS-AIS SonyPictures.com CERN GS-AIS Bell Canada Date: 2nd February 2014 CERN GS-AIS Source: http://www.databreaches.net Citroën Germany Date: 17th March 2014 CERN GS-AIS Source: http://www.theguardian.com EA Games Date: 19th March 2014 CERN GS-AIS Source: http://news.netcraft.com Top 25 Software Errors Top 25 Most Dangerous Software Errors 2011 (CWE/SANS) 1 SQL Injection 2 OS Command Injection 3 Classic Buffer Overflow 4 Cross-site Scripting 5 Missing Authentication for Critical Function 6 Missing Authorization 7 Use of Hard-coded Credentials 8 Missing Encryption of Sensitive Data 9 Unrestricted Upload of File with Dangerous Type 10 Reliance on Untrusted Inputs in a Security Decision 11 Execution with Unnecessary Privileges 12 Cross-Site Request Forgery (CSRF) Improper Limitation of a Pathname to a Restricted Directory 13 CERN ('Path Traversal') GS-AIS 14 Download of Code Without Integrity Check Definitions Identification Authentication Authorisation Session Management CERN GS-AIS Identification / Authentication How Can You Prove Who You Are? – Biometric Passport – Photo ID – Fingerprint – Username / Password CERN GS-AIS Definitions Entity – A User, another computer system component Identification – Providing credential such that a system can recognise the entity and distinguish it from other entities.
    [Show full text]
  • Cyber-Attacks and the Exploitable Imperfections of International Law
    Cyber-Attacks and the Exploitable Imperfections of International Law Cyber-Attacks and the Exploitable Imperfections of International Law By Yaroslav Radziwill LEIDEN | BOSTON Library of Congress Cataloging-in-Publication Data Radziwill, Yaroslav, author. Cyber-attacks and the exploitable imperfection of international law / by Yaroslav Radziwill. pages cm Based on author’s thesis (doctoral — University of Warwick, 2014) issued under title: Cyber-attacks and international law : imperfections of a stagnant legal regime. Includes bibliographical references and index. ISBN 978-90-04-29833-0 (hardback : alk. paper) — ISBN 978-90-04-29830-9 (e-book) 1. Information warfare (International law) 2. Cyberspace operations (Military science) I. Title. KZ6718.R33 2015 341.6’3—dc23 2015023019 This publication has been typeset in the multilingual “Brill” typeface. With over 5,100 characters covering Latin, ipa, Greek, and Cyrillic, this typeface is especially suitable for use in the humanities. For more information, please see brill.com/brill-typeface. isbn 978-90-04-29833-0 (hardback) isbn 978-90-04-29830-9 (e-book) Copyright 2015 by Koninklijke Brill nv, Leiden, The Netherlands. Koninklijke Brill NV incorporates the imprints Brill, Brill Hes & De Graaf, Brill Nijhoff, Brill Rodopi and Hotei Publishing. All rights reserved. No part of this publication may be reproduced, translated, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without prior written permission from the publisher. Authorization to photocopy items for internal or personal use is granted by Koninklijke Brill nv provided that the appropriate fees are paid directly to The Copyright Clearance Center, 222 Rosewood Drive, Suite 910, Danvers, ma 01923, usa.
    [Show full text]
  • 5G/SOC: SOC Generations -HP ESP Security Intelligence and Operations Consulting Services
    Business white paper 5G/SOC: SOC Generations HP ESP Security Intelligence and Operations Consulting Services Business white paper | HP ESP Security Intelligence and Operations Consulting Services Table of contents 3 Executive summary 4 Naming convention for security operations centers 5 First-generation SOC: 1975-1995 5 Nuisance programs and minimally impacting malicious code era 6 Second-generation SOC: 1996-2001 6 Malware outbreak and intrusion detection era 7 Third-generation SOC: 2002-2006 7 Botnets, cybercrime, intrusion prevention, and compliance era 8 Fourth-generation SOC: 2007-2012 8 Cyberwar, Hacktivism, APT, and exfiltration detection era 9 The 5G/SOC: 2013-? 9 Analytics and big data, intelligence-driven methodology, information sharing, human adversary approach 12 Conclusion 12 Industry leading SOC technologies by HP Enterprise Security 12 Expert services to mature your SOC Business white paper | HP ESP Security Intelligence and Operations Consulting Services Since the inception of the Internet, there have been many advances and evolutions in security operations centers (SOC). The industry is currently defining the fifth generation, or 5G/SOC. This paper walks you through the generations of SOCs, their characteristics and goals, and what the future of security operations holds. Executive summary Security operations centers exist to monitor and protect the IT assets of an organization through standardized and repeatable processes. The first formal security operations centers existed in military and government entities where the first functional TCP/IP networks were installed and concepts of intelligence, risk management, and operations were well understood. As commercial and private entities became progressively more connected and IT dependent, the exploitation, and (necessary defense) of this infrastructure quickly emerged.
    [Show full text]