Efficient change control and configuration management is imperative for addressing the emerging security threats in cloud infrastructure. These threats majorly exploit misconfiguration ...vulnerabilities e.g. excessive permissions, disabled logging features and publicly accessible cloud storage buckets. Traditional security tools and mechanisms are unable to effectively and continuously track changes in cloud infrastructure owing to transience and unpredictability of cloud events. Therefore, novel tools that are proactive, agile and continuous are imperative. This article proposes CSBAuditor, a novel cloud security system that continuously monitors cloud infrastructure, to detect malicious activities and unauthorized changes. CSBAuditor leverages two concepts: state transition analysis and reconciler pattern to overcome the aforementioned security issues. Furthermore, security metrics are used to compute severity scores for detected vulnerabilities using a novel scoring system: Cloud Security Scoring System. CSBAuditor has been evaluated using various strategies including security chaos engineering (fault injection) strategies on Amazon Web Services and Google Cloud Platform. CSBAuditor effectively detects misconfigurations in real-time with a detection rate of over 98%. Also, the performance overhead is within acceptable limits.
Using appropriate antipredatory responses is crucial for survival. While slowing down reduces the chances of being detected from distant predators, fleeing away is advantageous in front of an ...approaching predator. Whether appropriate responses depend on experience with moving objects is still an open question. To clarify whether adopting appropriate fleeing or freezing responses requires previous experience, we investigated responses of chicks naive to movement. When exposed to the moving cues mimicking an approaching predator (a rapidly expanding, looming stimulus), chicks displayed a fast escape response. In contrast, when presented with a distal threat (a small stimulus sweeping overhead) they decreased their speed, a maneuver useful to avoid detection. The fast expansion of the stimulus toward the subject, rather than its size per se or change in luminance, triggered the escape response. These results show that young animals, in the absence of previous experience, can use motion cues to select the appropriate responses to different threats. The adaptive needs of young preys are thus matched by spontaneous defensive mechanisms that do not require learning.
Insider threats are malicious acts that can be carried out by an authorized employee within an organization. Insider threats represent a major cybersecurity challenge for private and public ...organizations, as an insider attack can cause extensive damage to organization assets much more than external attacks. Most existing approaches in the field of insider threat focused on detecting general insider attack scenarios. However, insider attacks can be carried out in different ways, and the most dangerous one is a data leakage attack that can be executed by a malicious insider before his/her leaving an organization. This paper proposes a machine learning-based model for detecting such serious insider threat incidents. The proposed model addresses the possible bias of detection results that can occur due to an inappropriate encoding process by employing the feature scaling and one-hot encoding techniques. Furthermore, the imbalance issue of the utilized dataset is also addressed utilizing the synthetic minority oversampling technique (SMOTE). Well known machine learning algorithms are employed to detect the most accurate classifier that can detect data leakage events executed by malicious insiders during the sensitive period before they leave an organization. We provide a proof of concept for our model by applying it on CMU-CERT Insider Threat Dataset and comparing its performance with the ground truth. The experimental results show that our model detects insider data leakage events with an AUC-ROC value of 0.99, outperforming the existing approaches that are validated on the same dataset. The proposed model provides effective methods to address possible bias and class imbalance issues for the aim of devising an effective insider data leakage detection system.
Due to the increasing security needs, X-ray devices have started to be used more and more in security systems. Dual-energy X-ray devices are preferred to conventional ones since they enable Effective ...Atomic Number (Zeff) estimation that cannot be provided by traditional devices, which use density-based segmentation. In this paper, pure material samples are used to obtain system characteristics. Linear mass attenuation coefficients (μ) of the materials can be calculated by using two leveled images, and these coefficients provide information about the Zeff of substances. After that, they can be classified as organic and inorganic via the effective atomic number method and explicitly identified. As well as this, organic explosives can be detected thanks to this simple and effective approach.
With the rapidly evolving technological landscape, the huge development of the Internet of Things, and the embracing of digital transformation, the world is witnessing an explosion in data generation ...and a rapid evolution of new applications that lead to new, wider, and more sophisticated threats that are complex and hard to be detected. Advanced persistence threats use continuous, clandestine, and sophisticated techniques to gain access to a system and remain hidden for a prolonged period of time, with potentially destructive consequences. Those stealthy attacks are often not detectable by advanced intrusion detection systems (e.g., LightBasin attack was detected in 2022 and has been active since 2016). Indeed, threat actors are able to quickly and intelligently alter their tactics to avoid being detected by security defense lines (e.g., prevention and detection mechanisms). In response to these evolving threats, organizations need to adopt new proactive defense approaches. Threat hunting is a proactive security line exercised to uncover stealthy attacks, malicious activities, and suspicious entities that could circumvent standard detection mechanisms. Additionally, threat hunting is an iterative approach to generate and revise threat hypotheses endeavoring to provide early attack detection in a proactive way. The proactiveness consists of testing and validating the initial hypothesis using various manual and automated tools/techniques with the objective of confirming/refuting the existence of an attack. This survey studies the threat hunting concept and provides a comprehensive review of the existing solutions for Enterprise networks. In particular, we provide a threat hunting taxonomy based on the used technique and a sub-classification based on the detailed approach. Furthermore, we discuss the existing standardization efforts. Finally, we provide a qualitative discussion on current advances and identify various research gaps and challenges that may be considered by the research community to design concrete and efficient threat hunting solutions.
Attention orienting towards a gazed-at location is fundamental to social attention. Whether gaze cues can interact with emotional expressions other than those signalling environmental threat to ...modulate this gaze cueing, and whether this integration changes over time, remains unclear. With four experiments we demonstrate that, when perceived motion inherent to dynamic displays is controlled for, gaze cueing is enhanced by both fearful and happy faces compared to neutral faces. This enhancement is seen with stimulus-onset asynchronies ranging from 200-700 ms. Thus, gaze cueing can be reliably modulated by positive expressions, albeit to a smaller degree than fearful ones, and this gaze-emotion integration impacts behaviour as early as 200 ms post-cue onset.
Dark Net Marketplaces (DNMs), online selling platforms on the dark web, constitute a major component of the underground economy. Due to the anonymity and increasing accessibility of these platforms, ...they are rich sources of cyber threats such as hacking tools, data breaches, and personal account information. As the number of products offered on DNMs increases, researchers have begun to develop automated machine learning-based threat identification approaches. A major challenge in adopting such an approach is that the task typically requires manually labeled training data, which is expensive and impractical. We propose a novel semi-supervised labeling technique for leveraging unlabeled data based on the lexical and structural characteristics of DNMs using transductive learning. Empirical results show that the proposed approach leads to an approximately 3-5% increase in classification performance measured by F
1
-score, while increasing both precision and recall. To further improve the identification performance, we adopt Long Short-Term Memory (LSTM) as a deep learning structure on top of the proposed labeling method. The results are evaluated against a large collection of 79K product listings obtained from the most popular DNMs. Our method outperforms the state-of-the-art methods in threat identification and is considered as an important step toward lowering the human supervision cost in realizing automated threat detection within cyber threat intelligence organizations.
Maritime ships and ports have become increasingly digital and intelligent. While intelligent maritime transportation systems bring convenience to the maritime industry, ship operation and management ...are also confronted with network risks. The Internet of Things (IoT) installed in the shipborne network collects and monitors the environmental data of the whole ship. It uses the collected data to make decisions to control the ship. The threat of Local Area Network (LAN) of IoT in ships has become an emerging issue. The DNS rebinding attack is a typical attack, which can bypass firewalls and seriously threaten the marine network in security and privacy of the local IoT. DNS rebinding attacks are difficult to model and detect, due to their sophisticated characteristics. In this work, we define threat models of DNS rebinding attacks and propose an effective method for the detection of and the defense against these attacks. First, we define threat models for DNS rebinding attacks. We employ a Markov chain to model the process of DNS rebinding attacks. With the threat modeling, the attack behaviors are clearly characterized and the most relevant attributes are thus extracted. Second, we propose an effective method for the detection of DNS rebinding attacks in the marine transportation system. The detection method includes the initialization method and the verification method, which manages and verifies access permission of equipment information and the service interface of the IoT in the shipborn network. Finally, we simulate the DNS rebinding attacks on the marine IoT. We analyze and test the security and the performance of the initialization method and the verification method in the simulated environment. The extensive experimental results demonstrate that the IoT in marine networks is vulnerable to DNS rebinding. Our method is effective and efficient to detect and defend against DNS rebinding attacks. It thus secures security and privacy in the local IoT on shipboard.
Software Defined Networking (SDN) is rapidly emerging as a new paradigm for managing and controlling the operation of networks ranging from the data center to the core, enterprise, and home. The ...logical centralization of network intelligence presents exciting challenges and opportunities to enhance security in such networks, including new ways to prevent, detect, and react to threats, as well as innovative security services and applications that are built upon SDN capabilities. In this paper, we undertake a comprehensive survey of recent works that apply SDN to security, and identify promising future directions that can be addressed by such research.
Cybersecurity attacks are increasing in sophistication and intensity and are known to have a disruptive effect on organizations and society. This reprint contains a range of papers that address ...various issues relating to the problem, and insights are provided into how cybersecurity awareness can be increased and how organizations can be made less vulnerable to attacks. The solutions put forward will help staff to utilize technology better and devise methodological approaches that when operationalized, help defend the organization’s networks and computer systems from cyber-attacks.