Computer security Books

Book SynopsisThis new volume, Information Security Management Systems: A Novel Framework and Software as a Tool for Compliance with Information Security Standard, looks at information security management system standards, risk management associated with information security, and information security awareness within an organization. The authors aim to improve the overall ability of organizations to participate, forecast, and actively assess their information security circumstances. It is important to note that securing and keeping information from parties who do not have authorization to access such information is an extremely important issue. To address this issue, it is essential for an organization to implement an ISMS standard such as ISO 27001 to address the issue comprehensively. The authors of this new volume have constructed a novel security framework (ISF) and subsequently used this framework to develop software called Integrated Solution Modeling (ISM), a semi-automated system that will greatly help organizations comply with ISO 27001 faster and cheaper than other existing methods. In addition, ISM does not only help organizations to assess their information security compliance with ISO 27001, but it can also be used as a monitoring tool, helping organizations monitor the security statuses of their information resources as well as monitor potential threats. ISM is developed to provide solutions to solve obstacles, difficulties, and expected challenges associated with literacy and governance of ISO 27001. It also functions to assess the RISC level of organizations towards compliance with ISO 27001.The information provide here will act as blueprints for managing information security within business organizations. It will allow users to compare and benchmark their own processes and practices against these results shown and come up with new, critical insights to aid them in information security standard (ISO 27001) adoption. Table of ContentsLiterature Review. Methodology. Integrated Solution Framework. Software Development. Testing the Software: RISC Investigation and SP/SQ Measurement. Conclusions and Recommendations.

Read more less

Book SynopsisA must-have resource for anyone looking to establish, implement and maintain an ISMS. Ideal for information security managers, auditors, consultants and organisations preparing for ISO 27001 certification, this book will help readers understand the requirements of an ISMS (information security management system) based on ISO 27001. Similarly, for anyone involved in internal or external audits, the book includes the definitive requirements that auditors must address when certifying organisations to ISO 27001. The book covers: Implementation guidance - what needs to be considered to fulfil the requirements of the controls from ISO/IEC 27001, Annex A. This guidance is aligned with ISO/IEC 27002, which gives advice on implementing the controls; Auditing guidance - what should be checked, and how, when examining the ISO/IEC 27001 controls to ensure that the implementation covers the ISMS control requirements. The implementation guidance gives clear descriptions covering what needs to be considered to achieve compliance against the requirements, with examples given throughout. The auditing guidance covers what evidence an auditor should look for in order to satisfy themselves that the requirement has been met. Useful for internal auditors and consultants, the auditing guidance will also be useful for information security managers and lead implementers as a means of confirming that their implementation and evidence to support it will be sufficient to pass an audit. This guide is intended to be used by those involved in: Designing, implementing and/or maintaining an ISMS; Preparing for ISMS audits and assessments; or Undertaking both internal and third-party ISMS audits and assessments About the author Bridget Kenyon (CISSP) is global CISO for Thales eSecurity. Her experience in information security started in 2000 with a role in network vulnerabilities at DERA, following which she has been a PCI Qualified Security Assessor, information security officer for Warwick University and head of information security for UCL, and has held a variety of roles in consultancy and academia. Bridget has been contributing to international standards since 2006, when she first joined BSI Panel 1, coordinating development of information security management system standards; she is currently editor for ISO/IEC 27014. Bridget has also co-authored three textbooks on information security. She strongly believes that "information security is fundamental to reliable business operations, not a nice-to-have". In 2018, she was named one of the top 25 women in tech by UK publication PCR.

Read more less

Book SynopsisCybersecurity is the practice of protecting systems, networks and programs from digital attacks. These attacks are usually aimed at accessing, changing or destroying sensitive information, extorting money from users or interrupting normal business processes.This new edition will provide valuable information on the cyber environment and threats that businesses may encounter. Such is the scale and variety of cyber threats, it is essential to recognise issues such as gaps in the workforce and the skills required to combat them. The guide also addresses the social and financial impacts of cyber breaches and the development of cyber protection for the future.Offering understanding and advice the book covers topics such as the following, all from key speakers and industry experts:TrainingTechnology trendsNew theoriesCurrent approachesTactical risk managementStories of human errors and their resultsManaging Cybersecurity Risk is an essential read for all businesses, whether large or small.With a Foreword by Don Randall, former head of Security and CISO, the Bank of England, contributors include Vijay Rathour, Grant Thornton and Digital Forensics Group, Nick Wilding, General Manager of Cyber Resilience at Axelos, IASME Consortium Ltd, CyberCare UK, DLA Piper, CYBERAWARE and more.

Read more less

Book SynopsisAttribution - tracing those responsible for a cyber attack - is of primary importance when classifying it as a criminal act, an act of war, or an act of terrorism. Three assumptions dominate current thinking: attribution is a technical problem; it is unsolvable; and it is unique. Approaching attribution as a problem forces us to consider it either as solved or unsolved. Yet attribution is far more nuanced, and is best approached as a process in constant flux, driven by judicial and political pressures. In the criminal context, courts must assess the guilt of criminals, mainly based on technical evidence. In the national security context, decision-makers must analyse unreliable and mainly non-technical information in order to identify an enemy of the state. Attribution in both contexts is political: in criminal cases, laws reflect society's prevailing norms and power; in national security cases, attribution reflects a state's will to maintain, increase or assert its power. However, both processes differ on many levels. The constraints, which reflect common aspects of many other political issues, constitute the structure of the book: the need for judgement calls, the role of private companies, the standards of evidence, the role of time, and the plausible deniability of attacks.Trade ReviewWho did it? This is one of the hardest questions of any investigation. It gets even harder in high-profile computer network breaches. Clement Guitton's book is an invaluable guide to attributing cyber attacks. 'Inside the Enemy's Computer' adds much-needed attention to detail, historical depth, and conceptual clarity. -- Thomas Rid, Professor in War Studies, King's College London, and author of 'Cyber War Will Not Take Place'If you believe attribution in cyberspace is a technical problem, that it cannot be solved, and that it is unlike anything in the physical world, then you must read this illuminating book. Dr Guitton shows that attribution is really the evolving product of a political process -- as it should be. -- Richard Bejtlich, Chief Security Strategist, FireEye'Inside the Enemy's Computer' is a much-needed statement on the difficulties, and possibilities, of attributing cyber actions. Guitton provides a workable framework for moving forward on the issue, for both malicious criminal attacks as well as national security-related intrusions. -- Brandon Valeriano, Reader in International Relations, Cardiff University, and author of 'Cyber War versus Cyber Realities'

Read more less

Book Synopsis2020 Foreword Indie Award Winner (Gold) in the "Science & Technology" Category"Chilling, eye-opening, and timely, Cyber Privacy makes a strong case for the urgent need to reform the laws and policies that protect our personal data. If your reaction to that statement is to shrug your shoulders, think again. As April Falcon Doss expertly explains, data tracking is a real problem that affects every single one of us on a daily basis." —General Michael V. Hayden, USAF, Ret., former Director of CIA and NSA and former Principal Deputy Director of National Intelligence You're being tracked. Amazon, Google, Facebook, governments. No matter who we are or where we go, someone is collecting our data: to profile us, target us, assess us; to predict our behavior and analyze our attitudes; to influence the things we do and buy—even to impact our vote. If this makes you uneasy, it should. We live in an era of unprecedented data aggregation, and it's never been more difficult to navigate the trade-offs between individual privacy, personal convenience, national security, and corporate profits. Technology is evolving quickly, while laws and policies are changing slowly. You shouldn't have to be a privacy expert to understand what happens to your data. April Falcon Doss, a privacy expert and former NSA and Senate lawyer, has seen this imbalance in action. She wants to empower individuals and see policy catch up. In Cyber Privacy, Doss demystifies the digital footprints we leave in our daily lives and reveals how our data is being used—sometimes against us—by the private sector, the government, and even our employers and schools. She explains the trends in data science, technology, and the law that impact our everyday privacy. She tackles big questions: how data aggregation undermines personal autonomy, how to measure what privacy is worth, and how society can benefit from big data while managing its risks and being clear-eyed about its cost. It's high time to rethink notions of privacy and what, if anything, limits the power of those who are constantly watching, listening, and learning about us. This book is for readers who want answers to three questions: Who has your data? Why should you care? And most important, what can you do about it?Trade Review"In Cyber Privacy, April Falcon Doss has written the most sweeping, revealing, and understandable book about privacy and our digital lives . . . A must-read if you want to understand how both businesses and governments know so much about you and how our society needs to adapt to preserve an individual's sense of identity." —Glenn Gerstell, senior advisor, Center for Strategic and International Studies, and former general counsel, National Security Agency "We all have serious—but too often vague—concerns that every day computer usage poses a dire threat to our personal and financial well-being, as well the nation's security. In her new book Cyber Privacy, April Falcon Doss—the nation's leading expert on this subject—not only tells why that is so, but in a clear and engaging way arms us with strategies to protect ourselves, our loved ones, and the nation itself from life-threatening assaults on our privacy." —Michael Greenberger, professor, University of Maryland Carey Law School and director of the Center for Health and Homeland Security, University of Maryland "From big tech companies, retailers, advertising companies, through to the police and intelligence agencies of the US and beyond, this is an absolutely critical read for anyone who wants to understand the complex, and often unintuitive, consequences of living in our increasingly data-driven world." —Matt Tait, independent cybersecurity expert, formerly at GCHQ and Google Project Zero, and former senior cybersecurity fellow at the Robert Strauss Center for International Security and Law at the University of Texas at Austin "A brilliantly written tour de force on privacy in the 21st century. Combining decades of experience on all sides of the privacy debate, Doss combines incisive analysis of disruptive technologies, underlying economics, and increasingly complex legal overlays to deliver an essential primer on the fraught privacy landscape." —Chris Inglis, deputy director, NSA, 2006–2014 "At a time when most internet users do not understand the complex concoction of algorithms, engagement, microtargeting, and personal data profiles that curate the information they see, April Falcon Doss uses her multi-sector experience to make privacy accessible to all. Anyone who cares about maintaining a grip on their personal information—or at least being informed about what's happening with it—should read this book." —Nina Jankowicz, author of How to Lose the Information War "Without losing sight of the substantial benefits that are achieved through collecting and analyzing personal information on a massive scale, Doss exposes the unregulated practices of the large data collectors—including Apple, Amazon, Facebook, and Google—then examines the regulated practices of the Intelligence Community and the constraints—good and bad—on law enforcement activities . . . This book makes the case that we seriously need to re-examine what we are doing, and it provides useful guidance on where and how we can start to make meaningful changes that will benefit most everyone." —David C. Shonka, former acting general counsel, Federal Trade Commission, and privacy partner at Redgrave LLP "April Falcon Doss has provided a vital contribution to our understanding of privacy and cybersecurity. Cyber Privacy provides laymen and experts alike with a rich understanding of the laws and technology that shape our ability to control who accesses our personal information and what they do with it." —Jeff Kosseff, author, The Twenty-Six Words That Created the Internet "Whether you are a technology user, a compliance or privacy officer, or a practicing lawyer, this book will help in understanding the complex intersections of technology, the internet economy, the role of the state, and the uses of personally identifiable information and metadata . . . An essential guidebook." —Rick Ledgett, former deputy director, NSA "April Falcon Doss thoughtfully, expertly and critically informs and navigates the reader across an amazing number of privacy invasion scenarios to an extent not seen in previous publications . . . Novice and expert readers alike will profit from this important book." —William H. Murphy, Jr., former judge and prominent civil rights attorney "April Falcon Doss has spent a career at the National Security Agency, Senate intelligence committee, and in private practice influencing the decisions that shape technology, cybersecurity, and data privacy. In this book, Doss turns twenty years of perspective and experience into a Cyber Privacy road map to guide those looking to understand how data came to rule our world and where we go from here." —Susan Hennessey, author of Unmaking the PresidencyTable of ContentsContents Introduction: Mapping the Privacy Landscape Section I: What Kinds of Data Are We Talking About, and What Kind of Privacy Do We Mean? Chapter 1: Categories of Data, and How It’s Collected Chapter 2: A Buzzsaw of Buzzwords: How Cloud Computing, Algorithms, and Analytics Are Impacting Data TodayChapter 3: The Privacy Prism: A Single Term with Many Dimensions Chapter 4: What’s It to You? Understanding What Privacy Is Worth Section II: If You’re Not Paying for the Product, You Are the ProductChapter 5: The Big 4: Apple, Google, Facebook, AmazonChapter 6: When Your Data Goes to Someone You Didn’t ExpectChapter 7: Minority Report: The Algorithms Making Predictions About Your Current Mental Health, Your Future Medical Conditions, and the Likelihood That You’ll Commit a Crime Chapter 8: Differentiating the Real from the False Section III: Power Play: How Personal Data Exacerbates the Imbalances in Everyday Life Chapter 9: It’s 11 PM. Do You Know Where Your Employees Are? Chapter 10: Data-Driven Privacy Disorder? How Data Collection and Algorithms Are Being Used in Education, and What That Means for Our Kids Chapter 11: When Your Data Is You: Facial Recognition, Biometric Technology, and Public HealthChapter 12: Underpaid Data Labor: AI Training, Digital Piecework, and the Survey EconomyChapter 13: The Stalker in Your Phone Section IV: Who’s Your Big Brother?Chapter 14: The US Intelligence Community Post-WWII: Just Because You’re Paranoid Doesn’t Mean They’re Not Watching You Chapter 15: Where Do You Draw the Line? Data Collection in the US Intelligence Community Post-9/11Chapter 16: Mass Surveillance and Bulk Interception: A Distinction with a DifferenceChapter 17: Community Policing: All Surveillance Is LocalChapter 18: Government Surveillance in a Time of Trump: Why We Still Need It, How to Control It, and How to Protect Ourselves Against It Section V: Global Rules in a Connected World: How Other Countries Handle Data Chapter 19: A Brief European (De-)Tour, or Is Being Forgotten Really a Right? Chapter 20: Total(itarian) Surveillance: How the Other Half Lives Section VI: Pandora’s Box: Data’s Dangers, and Finding Hope at the Bottom of the Box Chapter 21: Quantum Policy, or How a New Approach to Law and Policy Could Give Cyber Privacy a Fighting Chance Conclusion: Making Sure That Human Beings Still Pass the Turing Test NotesAcknowledgmentsAbout the AuthorIndex

Read more less

Book SynopsisToday, we live our lives—and conduct our business—online. Our data is in the cloud and in our pockets on our smartphones, shuttled over public Wi-Fi and company networks. To keep it safe, we rely on passwords and encryption and private servers, IT departments and best practices. But as you read this, there is a 70 percent chance that your data is compromised . . . you just don’t know it yet. Cybersecurity attacks have increased exponentially, but because they’re stealthy and often invisible, many underplay, ignore, or simply don’t realize the danger. By the time they discover a breach, most individuals and businesses have been compromised for over three years. Instead of waiting until a problem surfaces, avoiding a data disaster means acting now to prevent one. In Cyber Crisis, Eric Cole gives readers a clear-eyed picture of the information war raging in cyberspace. Drawing on 30 years of experience—as a professional hacker for the CIA, as the Obama administration’s cybersecurity commissioner, and as a consultant to clients around the globe from Bill Gates to Lockheed Martin and McAfee—Cole offers practical, actionable advice that even those with little technical background can implement, including steps to take on a daily, weekly, and monthly basis to protect their businesses and themselves. No matter who you are or where you work, cybersecurity should be a top priority. The information infrastructure we rely on in every sector of our lives—in healthcare and finance, for governments and private citizens—is both critical and vulnerable, and sooner or later, you or your company will be a target. This book is your guide to understanding the threat and putting together a proactive plan to minimize exposure and damage, and ensure the security of your business, your family, and your future.Trade Review“Strong cybersecurity is essential for every individual and business in this time of elevated threats. In Cyber Crisis, Dr. Cole provides cutting-edge, real-world advice on how to protect your business and your family from today’s persistent cyber threats.”—Andrew McCabe, #1 New York Times bestselling author of The Threat and former deputy FBI director“The more I work with high-profile individuals, I realize the impact that cybersecurity can have on their lives. Anyone and everyone has to pay attention to cybersecurity and there is no one better than Dr. Cole.”—Tim Storey, life coach for Oprah“Eric Cole is my ‘go to’ authority on cybersecurity. Not only is he an expert, he’s an expert explainer, which is invaluable to both businesses and the media. Cyber Crisis does a top notch job of explaining cybersecurity in a way that anyone can understand. If you want your company or your audience to stay ahead of the hacks, call Eric and read his book. I recommend him without reservation.” —Joel Roberts, former host for KABC Radio, Los Angeles “An easy read and unbelievably informative and eye opening. Whether you are a parent, business owner, CEO, CFO, governmental official, or an everyday hardworking individual that uses a smartphone or computer, you will learn something and not regret reading this book . . .There is a reason that many of the most powerful and affluent people of the world have Eric's personal cell phone number.” —Peter Clark, NYPD Lieutenant Commander-Detective Squad (Retired) “Cybersecurity is one of the top threats facing any business or organization. In Cyber Crisis, Dr. Cole emphasizes and concisely articulates the importance to every executive of prioritizing this critical threat . . . This book is an essential read for every executive in any industry.”—Jim Finkelstein, Rear Admiral for the US Navy (Retired)“Cybersecurity is frequently at the forefront of strategy and investment planning and so often the leadership responsible for securing sensitive data has only a superficial understanding of the elements of true cybersecurity. Dr. Cole addresses this problem head-on in his new book, Cyber Crisis. This book, unlike any I have seen in my career, presents critical issues in a concise and easy to follow manner that most anyone can understand. This is truly required reading for all executives and leaders.”—Marshall Manley, former President and CEO of City Investing Company and chairman of Home Insurance Company“From hospital executives to practitioners to third-party payers, the responsibility for data security is pervasive. Cyber Crisis by Dr. Cole plain and simply equips leaders with a working knowledge of cybersecurity and guides them concisely on how to prepare for and manage security threats. This book simplifies a challenging and crucial topic for our industry. It should be a staple read in the medical and associated industries.”—Paul M. Zimmerman, MD, founder of Automated Healthcare Solutions and chairman of Gensco Pharma"A brilliant presentation of a complex topic in a methodical, consumable format that enables nontechnical leadership to rapidly grasp and prepare for cyber threats. This book will be the gold standard for preparing senior leadership to manage this exploding threat.”—William Costlow, president of Performance Marketing“Cybersecurity is one of the top threats facing any business. In Cyber Crisis, Dr. Cole emphasizes the importance of not ignoring this critical threat and making it a top priority. Dr. Cole does a great job of taking a very complex topic and making it easy to understand for any business. This book is a must-read for any executive in any business vertical.”—Amit Yoran, chairman and CEO of Tenable and former CEO of RSA“Dr. Cole’s brilliant book emphasizes the importance of personal and institutional focus on this critical threat and making it a top priority at work and at home . . . You will find Cyber Crisis to be a reader-friendly primer on every aspect of cyber threats and should be considered a must-read for any business vertical.”—Edward “Sonny” Masso, Rear Admiral for the US Navy (Retired)—Flagship ConnectionTable of ContentsContents Introduction The Current RealityChapter 1 We Are All TargetsChapter 2 We Live in CyberspaceChapter 3 The Hackers Are HereChapter 4 Mobile WeaknessesChapter 5 Your Life, Hanging in the CloudChapter 6 They’re in Your BusinessChapter 7 National Infrastructure AttackChapter 8 Cyberspace: A Place with No BordersChapter 9 Surviving the Cyber CrisisEpilogue Ten Lessons to RememberAbout the AuthorIndex

Read more less

Book Synopsis.- Artificial Intelligence & Security..- Hacking Mobile Biometrics with the Photograph of a Fingerprint..- Multi-tool Approach for Advanced Quantum Key Distribution Network Modeling..- Deep Learning Methods for Intrusion Detection Systems on the CSE-CIC-IDS2018 Dataset: A Review..- CTIMiner: Cyber Threat Intelligence Mining Using Adaptive Multi-Task Adversarial Active Learning..- Multimedia Forensics. .- Toward Forensic-Friendly AI: Integrating Blockchain with Federated Learning to Enhance AI Trustworthiness..- The Hidden Realms of Router Apps: Forensic Analysis of TP-Link Tether and ASUS Router..- ENF Match with Masking: a new method for searching with sparse signal..- Lightweight Multi-Tier IDS for UAV Networks: Enhancing UAV Zero-Day Attack Detection with Honeypot Threat Intelligence..- Intrusion Detection..- Reducing False Positives in Intrusion Detection System Alerts: A Novel Aggregation and Correlation Model..- APTChaser: Cyber Threat Attribution via Attack Technique Modeling..- What Do We Know About the Psychology of Insider Threats?..- A Digital Profiling Triage Model for Industrial Espionage..- Intrusion and Fraud Detection..- Uncovering Fraudulent Patterns in USDT Transactions on the TRON Blockchain with EDA and Machine Learning..- Sky-Eye: Detect Multi-Stage Cyber Attacks at the Bigger Picture..- ATKHunter: Towards Automated Attack Detection by Behavior Pattern Learning..- Large Language Models, Advances in Security and Forensics..- Investigating the Effectiveness of Bayesian Spam Filters in Detecting LLM-modified Spam Mails..- SecureSem: Sensitive Text Classification based on Semantic Feature Optimization..- The Hidden Dangers of Publicly Accessible LLMs: A Case Study on Gab AI..- Advances in Security and Forensics..- Biologically Sustainable Cyber-Physical Spaces: a Systematic Literature Review..- Detecting Criminal Networks via Non-Content Communication Data Analysis Techniques from the TRACY Project.

Read more less

Book SynopsisPrivacy-Enhancing Technologies and Legal Compliance: A Framework for Supporting PET Selection Based on GDPR Principles.- Prink: ks-Anonymization for Streaming Data in Apache Flink.- Stop watching me! Moving from data protection to privacy preservation in crowd monitoring.- Cross-Jurisdictional Compliance with Privacy Laws: How Websites Adapt Consent Notices to Regional Regulations. Network and Communication Security: On the Feasibility of Fingerprinting Collaborative Robot Network Traffic.- Domainator: Detecting and Identifying DNS-Tunneling Malware Using Metadata Sequences.- Mitigation of PFCP Attacks in 5G Networks: Dynamic Defense through Moving Target Defense and Honeynets.- Striking Back At Cobalt: Using Network Traffic Metadata To Detect Cobalt Strike Masquerading Command and Control Channels.- Towards Deterministic DDS Communication for Secure Service-Oriented Software-Defined Vehicles.- TSA-WF: Exploring the Effectiveness of Time Series Analysis for Website Fingerprinting.- Generalized Encrypted Traffic Classification Using Inter-Flow Signals. IoT and Embedded Systems Securit: SHIELD: Scalable and Holistic Evaluation Framework for ML-Based 5G Jamming Detection.- AARC-FE: Electrical Assembly Authentication with Random Convolution Kernels and Fuzzy Extractors.- In Specs we Trust? Conformance-Analysis of Implementation to Specifications in Node-RED and Associated Security Risks.- Scrambling Compiler: Automated and Unified Countermeasure for Profiled and Non-Profiled Side Channel Attacks.- Leaky Batteries: A Novel Set of Side-Channel Attacks on Electric Vehicles. Machine Learning and Privacy: DP-TLDM: Differentially Private Tabular Latent Diffusion Model.- Share Secrets for Privacy. Confidential Forecasting with Vertical Federated Learning.- Gradient Inversion of Federated Diffusion Models.- Privacy-Preserving Encoding and Scaling of Tabular Data in Horizontal Federated Learning Systems.- BTDT: Membership Inference Attacks against Large Language Models.

Read more less

Book SynopsisUsable Security and Awareness: QRisk: Think Before You Scan QR codes.- Evaluating Argon2 Adoption and Effectiveness in Real-World Software.- AdvisoryHub: Design and Evaluation of a Cross-Platform Security Advisory System for Cyber Situational Awareness.- Service-aware password risk meter – Helping users to choose suitable passwords in services. System Security: TEE-Assisted Recovery and Upgrades for Long-Running BFT Services.- Fast and Efficient Secure L1 Caches for SMT.- FatPTE - Expanding Page Table Entries for Security.- CHERI UNCHAINED: Generic Instruction and Register Control for CHERI Capabilities.- Exploring speculation barriers for RISC-V selective speculation.- Do we still need canaries in the coal mine? Measuring shadow stack effectiveness in countering stack smashing. Supply Chain Security, Malware and Forensics: SoK: Towards Reproducibility for Software Packages in Scripting Language Ecosystems.- Clustering Malware at Scale: A First Full-Benchmark Study.- Advances in Automotive Digital Forensics: Recent Trends and Future Directions.- Exploring the Susceptibility to Fraud of Monetary Incentive Mechanisms for Strengthening FOSS Projects. Machine Learning and Security: Multi-Agent Simulation and Reinforcement Learning to Optimize Moving Target Defense.- LeaX: Class-Focused Explanations for Locating Leakage in Learning-based Profiling Attacks.- Large Language Models are Unreliable for Cyber Threat Intelligence.- Augmented Tabular Adversarial Evasion Attacks with Constraint Satisfaction Guarantees.- TTP Classification with Minimal Labeled Data: A Retrieval-Based Few-Shot Learning Approach.- C2 Beaconing Detection via AI-based Time-Series Analysis.- Fooling Rate and Perceptual Similarity: A Study on the Effectiveness and Quality of DCGAN-based Adversarial Attacks.

Read more less

Book SynopsisFirst International Workshop on Artificial Intelligence, Cyber and Cyber-Physical Security (AI&CCPS 2025): Profiling Electric Vehicles via Early Charging Voltage Patterns.- ARCeR: an Agentic RAG for the Automated Definition of Cyber Ranges.- Edge Virtual Fence for Smart Airport Physical Security: A Case Study.- Evaluating Explanation Quality in X-IDS Using Feature Alignment Metrics.- A Multi-Dataset Evaluation of Models for Automated Vulnerability Repair.- Adversarial Robustness of Machine Learning-based Access Control.- Towards Robust Artificial Intelligence: Self-Supervised Learning Approach for Out-of-Distribution Detection. Eighth International Symposium for Industrial Control System & SCADA Cyber Security Research (ICS-CSR 2025): Performance Evaluation of Quantum-Resistant Algorithms on Industrial Embedded Systems.- TADFICS: A Threat-Aware Digital Forensics Data Model for ICS.- A Robust Hybrid Framework Combining Deductive Temporal Logic and Machine Learning for Fault and Cyber-Attack Detection in the Tennessee Eastman Process.- KIDS: Intrusion Detection for Industrial Control Systems. First Workshop on Sustainable Security and Awareness For nExt Generation infRastructures (SAFER 2025): Effects of the Cyber Resilience Act (CRA) on Industrial Equipment Manufacturing Companies.- Dynamic Access Policies for Energy Cost Management of Microservices.- Are Trees Really Green? A Detection Approach of IoT Malware Attacks.- Towards A Capability Model of Kubernetes Runtime Security Enforcement Mechanisms. Fourth Workshop on Cybersecurity in Industry 4.0 (SecIndustry 2025): A Method for Explainable Anomaly detection in Substation Networks through Deep Learning.- Safety and Cybersecurity under Emerging EU Legislations for Industry: A Use-case Driven Perspective.- An Explainable Method for Malware Detection through Convolutional Neural Networks.- Securing the Additive Manufacturing Process Chain.

Read more less

Book Synopsis6th Workshop on Recent Advances in Cyber Situational Awareness and Data-Centric Approaches (CSA 2025): SC4OSINT: A Story Clustering Approach to Optimize OSINT Analysis.- Benign User Activities that Trigger False Positives in Intrusion Detection Systems: An Expert Survey.- Enhancing Cyber Situational Awareness with AI: A Novel Pipeline Approach for Threat Intelligence Analysis and Enrichment.- Ontology-Based Model for Federated Systems Using JC3IEDM Taxonomies.- Large Language Models for Cyber Threat Intelligence: Extracting MITRE With LLMs.- Enhancing Cyber Situation Awareness: Visualizing Advanced Persistent Threats as Complex Systems.- Quantum Security Mechanisms for Defense Applications.- Risk-Aware Adaptive Cyber Deception Guided by Large Language Models.- Reducing Information Overload: Because Even Security Experts Need to Blink. First International Workshop on Responsible Data Governance, Privacy, and Digital Transformation (RDGPT 2025): Behavior-Based Detection of Instagram Addiction Using Machine Learning: Accuracy and Privacy Implications.- Mitigating Bias in Recruitment: A Practical Approach to CV De-identification Considering Privacy Sensitive Information.- SynthGuard: Redefining Synthetic Data Generation with a Scalable and Privacy-Preserving Workflow Framework.- Designing a Framework to Tackle the Multifaceted Intricacies of Insider Threats.- 22nd International Workshop on Trust, Privacy and Security in the Digital Society (TrustBus 2025): Evaluating Turnstile as a Privacy-Conscious Alternative to reCAPTCHA.- Hiding in Plain Sight: Query Obfuscation via Random Multilingual Searches.- A Time Series Analysis of Malware Uploads to Programming Language Ecosystems.- A Role Taxonomy in Security-Safety Incident Response.- Promoting Privacy Compliant Data Management in Digital Marketplaces: A Privacy-Aware Data Classification and Taxonomy Reference Model.- Dynamic Transmission Scheduling Method for High-Concurrent Zero Trust Access Control.- An Empirical Measurement of Cookie Banners Potential Legal Violations in EU vs US Websites.- Large-scale security analysis of hardware wallets.

Read more less

Book Synopsis18th International Workshop on Digital Forensics (WSDF 2025): Forensic Insights into Windows 11’s Capability Access Manager Artifacts.- Reconstructing File Versions and Timestamps: Challenges and Guidelines in Network Forensics.- Measuring the effectiveness of keyword lists in digital forensics.- Money on My Mind: Forensic Investigation of Venmo Payment App.- Forensic Analysis of AI Systems - A Replika ”AI Companion” Example.- An AI-Based Network Forensic Readiness Framework for Resource-Constrained Environments.- Mapping the Research Landscape - An Exploratory Analysis of AI Applications in Digital Forensics.- The impact of anti-forensic techniques on data-driven digital forensics: anomaly detection case study. 14th International Workshop on Cyber Crime (IWCC 2025): Generating Deepfakes with Stable Diffusion, ControlNet, and LoRA.- Towards Creating a Darknet Image Database.- Hello, won’t you tell me your name?: Investigating Anonymity Abuse in IPFS.- Countering Financial Cyber Crime: New Method for Subsequent Steps Analysis in Large Complex Graphs of Financial Transactions.- From Sign-Up to Multi-Million Revenues: A Deep Dive into Vendors on Darknet Marketplaces. 9th International Workshop on Cyber Use of Information Hiding (CUING 2025): Contextual Coherence Evaluation of Perfectly Secure Steganography in Text Documents.- Robust Hashing meets Inpainting.- Describing Steganography Hiding Methods by Combining Pre-Existing Methodology.- Calyptography: Secure Secret Storage Inspired by Cryptography and Steganography.- An Independent Secure Authentication System against False Positive/Negative attacks in SVD Based Watermarking: Design and Implementation.- Entropy-Aware Secret Data Embedding for Network Storage Channels.- ReWaP: Reversible Watermarking and Paillier Encryption Approach for Privacy-Preserving Smart Meter.

Read more less

Book SynopsisFirst International Workshop on Cybersecurity and Privacy Risk Assessments (CPRA 2025): Securing the Road Ahead: Supporting Decision Making in Automotive Cybersecurity Risk Treatment.- A Data-Driven Approach for Cyber Security Assessments of SMEs.- A Viewpoint-based Model of Data Protection Impact Assessments.- Cybersecurity Vulnerability Prioritisation via Risk Assessment. Second International Workshop on Emerging Digital Identities (EDId 2025): Attestation of Electronic Identification Schemes based on Secure Channels through Security Microcontrollers.- A High-Level-of-Assurance EUDI Wallet with a Remote WSCD Supporting Biometrics and Passkeys.- Pseudonymity for Personal Data Stores: Pseudonymous WebIDs and Decentralized Identifiers.- Identity and Access Management for Dataspaces using the European Business Wallet and eIDAS-based Credentials.- Guardians of the Registry: Certificate Transparency for Relying Party Authorization in eIDAS 2.- Authentication Inconsistencies Across Online Services: A Multi-Scenario Security Analysis. Second International Workshop on Security and Privacy Enhancing Technologies for Multimodal Data (SPETViD 2025): A Review of Deep Packet Inspection for Network Security: From Traditional Techniques to Machine Learning Integration.- Building Realistic Ground Truth Datasets of Personal Identification Information for Entity Matching.- A Quantum-Safe Hybrid Cryptographic Framework for Multimedia Application. 6th International Workshop on Graph-based Approaches for CyberSecurity (GRASEC 2025): Privacy-Preserving Knowledge Graph Sharing in Peer-to-Peer Decentralized Federated Learning for Connected Autonomous Vehicles.- Leveraging Graph Neural Networks for Attack Detection in IoT Systems.- Hyperparameter Optimization in Neuro-Symbolic Unsupervised Graph Learning. 5th International Workshop on Behavioral Authentication for System Security (BASS 2025): Behavior-Based Anomaly Detection in Access and Usage Control for Smart Home Environments.- Unmasking Model Behavior: How LLMs reason on Vulnerability Detection.- Leveraging Knowledge Graphs and LLMs for Structured Generation of Misinformation.

Read more less

Book Synopsis5th International Workshop on Advances on Privacy Preserving Technologies and Solutions (IWAPS 2025): FL-AdvGNN: A Federated Privacy-Preserving Framework of Adversarial Graph Neural Networks.- Digital twin technology for sustainable shipping: establishing cyber-security challenges and opportunities.- Red vs. Blue Team Training Scenarios for 5G/6G Networks.- LLM-Enhanced Intrusion Detection for Containerized Applications: A Two-tier Strategy for SDN and Kubernetes Environments.- A Cyber-Resilient DICE Architecture for Resource-Constrained Devices.- NullJack: An open approach for undetectable ethernet port scanning.- Group Signatures for Secure and Reliable Industrial Data Collaboration.- Real-time digital ecosystems: Integrating Virtual Personas and Digital Twins through Microservices.- Behind Enemy Lines: Strengthening Android Malware Detection with Adversarial Training. 6th Workshop on Security, Privacy, and Identity Management in the Cloud (SECPID 2025): Novel approximations of elementary functions in zero-knowledge proofs.- Relaxing the Single Point of Failure in Quantum Key Distribution Networks: an Overview of Multi-Path Approaches.- b4M: Holistic Benchmarking for MPC.- A Cloud-based Multifactor Authentication Scheme Using Post-Quantum Cryptography and Trusted Execution Environments. First International Workshop on Secure, Trustworthy, and Robust AI (STRAI 2025): Data Poisoning in FL: Clipping Malicious Updates.- Supporting Human-Robot Collaboration and Safety with the Proposed Explainable Neuro-symbolic Reasoning.- Towards a Metric to Assess Neural Network Resilience Against Adversarial Samples.- Evaluating Fine-Tuned LLMs for AI Text Detection. 5th International Workshop on Security and Privacy in Intelligent Infrastructures (SP2I 2025): Side-Channel Analysis of OpenVINO-based Neural Network Models.- Optimizing IoT Attack Detection in Edge AI: A Comparison of Lightweight Machine Learning and Feature Reduction Techniques.- Zero-Knowledge Proof-of-Location Protocols for Vehicle Subsidies and Taxation Compliance.- Integrating Quantum Key Distribution into Academic Network: Practical Challenges and Solutions.- Kerberos-Authenticated Classical Channel for Quantum Key Distribution: A Symmetric-Key Approach to Quantum-Safe Authentication.

Read more less

Book Synopsis5th Workshop on Education, Training and Awareness in Cybersecurity (ETACS 2025): WalkthroughCyber: Teaching Cyber-Awareness in Montessori Middle Schools.- An Exploratory Study on Teaching Software Supply Chain Security Concepts to High School Students.- Challenges in adapting an industrial training course for academia – a cybersecurity risk management course case study.- Psychological and Behavioral aspects and system dynam-ics: insights from exercises using a cyber range.- Cybersecurity Micro-credentials and Career Path Design: the Digital4Security Good Practices.- On Demand Cybersecurity Sandboxes Through Kubernetes.- Enhancing Cybersecurity Curriculum Development Through European Cybersecurity Framework and Transformer Models. 5th International Workshop on Security Testing and Monitoring (STAM 2025): Evaluating Large Language Models for Vulnerability Detection Under Realistic Conditions.- LLMs in Security Testing and Monitoring: An Initial Study.- A decentralized PUF-based scheme for Remote Attestation.- Evaluating DAVS Approach for Docker Images Static Analysis.- SAM-CyFra: A System for the Automated Management of Cybersecurity Frameworks.- An Intelligent Network Fuzzer with an Application in DICOM Protocol Testing.- Detection of Adversarial Examples by Adversarial Training: a Study on the Suitability of FGSM for Hardening NIDS Against Problem-Space Attacks.- NERO Training Methodology and Initial Results. 8th International Workshop on Emerging Network Security (ENS 2025): Proposition of IT platform for combating wildfires with Decision Support System.- Steganographic Channels in Body Area Networks.- SHAP Insights Into Domain Adaptation in Netflow-based Network Intrusion Detection powered by Deep Learning.- Real-world Identity and Access Management scenarios simulations in the SILVANUS Project.- 5G-Pentest-UE: A Penetration Testing Framework for Identifying 5G System Vulnerabilities.

Read more less

Book SynopsisEthics: Ethical Principles for the Production of Offcial Statistics Using Machine Learning and Artificial Intelligence Techniques.- Identifying AI Challenges in Research Practices through Research Ethics Reviews.- Interpretability and the Measurement of Ethical Foundations in Artificial Intelligence.- The Mediating Effect of Job Crafting in the Relationship between Organizational Commitment and Organizational Citizenship Behavior and its Ethical Implications.- On the Current (Im)possibility of Achieving Public Value through the EU Digital Strategy: An Ethics Method to Seek a ”Collectual” Equilibrium.- Inclusive Governance of Artificial Intelligence: Towards an Ethical Framework for Neurodivergence.- How AI is Reshaping Creativity: DeepSeek vs ChatGPT Plus in LEGO® SERIOUS PLAY®.- Sovereignty, Surveillance, and the Cloud: Geopolitical and Ethical Issues of Global Cloud Computing. Society: The use of social media and artificial intelligence to radicalize young people in jihadist terrorism Using AI for Research and Educational Support: Enhancing the Design of Computer-Based Evaluations.- Towards a Gender-inclusive Tech Landscape in Portugal: Women4Digital’s Insights on Gender and Digital Transformation.- Integrating Ethics and Gender Equality in Artificial Intelligence Education: A Study of Higher Education in Portugal.- Gender and Emerging Digital Technologies in Education.- Impact of Gender Bias in the Output of AI Language models on Heavy Users. Education: Students’ Perception of the Integration of GenAI in Academic Paper Assignment Preparation.- Comparative Analysis of Instructor and AI Assessments: Objectivity, Biases, and Impact on Academic Grading.- AI Ethics in Higher Education: A Review of Ethical Challenges.- Just Hallucinations? The Problem of AI Literacy with a New Digital Divide.- Ethical Aspects of Distributed Extended Reality Training.- Corporate Financial Statement Analysis in Education 4.0.- Challenging AI as Critical Thinking.- AI Ethics in Higher Education Content Creation.- GenAI and Proportionality: European and Portuguese ethical-legal framework.- Rethinking Educational Assessment in the Age of Artificial Intelligence. Systems: Evaluating the Role of Chatbots in Higher Education Based on Students’ Experiences.- Parental Memory and Digital Traces of School Closures during the COVID-19 Pandemic : What Is Remembered, What Fades, and What Is Left Behind.- "There are so many" - Harms of Smart Homes.- Digital Identity and Control: How AI Replicas Challenge Performance Rights.- Through the Educators’ Lens: University Teachers’ Perceptions of AI Integration in Higher Education.- Ethical Issues in the Use of Generative AI Chatbots for Therapeutic Purposes.- A Case Against the Feasibility of AI Consciousness (AIC).- Some problems in the ethical impact assessment of emerging technologies and socio-technical visions: case CityVerse.- Security and Ethics in the Use of Computing Technologies and the Internet.- Social Risks of Brain Machine Interface Usage: Questionnaire Survey for People with and without Disabilities.- Symbolic Aspects of Online Privacy Protection Behaviour: From a Social Communication Perspective.- Operational Archives and the Right to Be Forgotten.- Smart Doorbells in a Surveillance Society.- User Engagement and Barriers in the Standardization Processes of Digital ID Architectures.- Systematic review on AI Ethics in privacy for V2X Communication.- Beyond Regulation and Moderation: A Forster-Inspired Framework for Machine Evolution.- The Epistemic Politics of Biometric Border Control.- Quizly: Transforming Quiz Experiences with Multi Modal Inputs for Differently Abled Users. Security: Comprehensive Approaches to Personal Data Protection Amid Evolving Cyber Threats.- Deepfake Manipulation and Ethical Dilemmas: A Comprehensive Risk Assessment.- Digital Agriculture Under Threat: Cybersecurity Challenges and Policy Gaps.- Cybersecurity 2030: The Synergy between Machine Learning and Generative AI.- Artificial Intelligence and Ethical Responsibility: The Impact of Algorithmic Decisions on Cybersecurity.- Cybersecurity Best Practices: A Comprehensive Guide.- Enhancing Health Information Access via ChatGPT and the E-Citizens Portal.

Read more less

Book SynopsisThe book, in addition to the cyber threats and technology, processes cyber security from many sides as a social phenomenon and how the implementation of the cyber security strategy is carried out.The book gives a profound idea of the most spoken phenomenon of this time. The book is suitable for a wide-ranging audience from graduate to professionals/practitioners and researchers. Relevant disciplines for the book are Telecommunications / Network security, Applied mathematics / Data analysis, Mobile systems / Security, Engineering / Security of critical infrastructure and Military science / Security.Trade Review“This wonderfully documented text explores the mechanics and methods of digital security and the steps necessary to ensure privacy. … For the professional who is mathematically literate, the book is a must-read. The reference sections that follow each chapter rival that of any PhD thesis ever written. It is magnificent in its scholarship.” (James Van Speybroeck, Computing Reviews, October, 2015)Table of ContentsPart I Cyber World Today.- 1 Phenomenon in the Cyber World.- 2 Cyber World as a Social System.- 3 Citizens in Cyber World – Despatches from the Virtual "Clinic".- 4 Powers and Fundamental Rights in Cyber Security.- Part II: Cyber Security Threats, Legality and Strategy.- 1 Coder, Hacker, Soldier, Spy.- 2 Cyber Warfare.- 3 Deception in the Cyber-World.- 4 Legal Framework of Cyber Security.- 5 Finnish Cyber Security Strategy and Implementation.- Part III Cyber Security Technology.- 1 Clustering-Based Protocol Classification via Dimensionality Reduction.- 2 Timing and Side Channel Attacks.- 3 Knowledge Discovery from Network Logs.- 4 Trusted Computing and DRM.- Part IV Cyber Security and Automation.-1 Cyber Security and Protection of ICS Systems: An Australian Example.- 2 Towards Dependable Automation.- 3 Specialized Honeypots for SCADA Systems.

Read more less

Book SynopsisTabletop exercises are a common way to test disaster recovery and business continuity plans, but they can also be some of the most dry and boring meetings any professional can attend. Following a set script with no variation can cause folks to lose interest and question the value of such exercises, even when they are required for compliance frameworks such as SOC2.What is a security professional to do? Simpleintroduce variability by adding dice!Gamification isn't a new idea, but applying some principles of gamification to a traditional tabletop exercise can breathe new life into a potentially monotonous activity. This book covers how to build a gamified tabletop exercise from the ground up, and provides example exercises you can build upon for your own needs. Not only will participation improve, but you will have reusable exercises to work with as each walk-through can produce different results, helping to cover multiple outcomes when testing your recovery capabilities. By providing examples and a methodical approach on how to build gamification into a traditional tabletop, the goal is to provide a new perspective on tabletop exercises that should be more engaging for all participants, and thus more beneficial for everyone involved. Avoid the monotony and start practicing with realistic consequences for decisions with dice rolls!What You Will LearnPlan, build, and execute tabletop exercises with participantsUnderstand and explaingamification benefits and how to add it to traditional tabletop exercisesUnderstandwhy and how to introduce such concepts to a traditional tabletop exerciseGet up to speed on the purpose of tabletop exercises as well as how to improve participation and retention of exercise participantsCompile tips and tricks to help when encountering unexpected issues during tabletop exercises, from unexpected decisions to difficult participantsKnow tools and techniques, such as using mind maps, tohelpplan and build gamified tabletop exercisesWho This Book Is ForGRC or security professionals who would are responsible for executing a tabletop exercise or otherwise tasked with annual testing of the company disaster recovery/business continuity plans. Even participants who are looking for alternatives to traditional happy path tabletops may be interested.

Read more less

Book SynopsisChapter 1: IAM, Securing Identities in the Digitalization Era.- Chapter 2: PAM, Protecting Privileged Accounts and Access Management.- Chapter 3: IAM and PAM risks, impacts, and challenges.- Chapter 4: IAM and PAM tools and frameworks.

Read more less

Book SynopsisChapter 1: Introduction.- Chapter 2: Legal requirements in ISO/IEC 42001:2023.- Chapter 3: Security.- Chapter 4: Privacy.- Chapter 5: Explainability and Transparency.- Chapter 6: Fairness.- Chapter 7: Conclusion.

Read more less

Book SynopsisCyber System.- Cyber-Physical Systems: A New Frontier.- Security.- Misleading Learners: Co-opting Your Spam Filter.- Survey of Machine Learning Methods for Database Security.- Identifying Threats Using Graph-based Anomaly Detection.- On the Performance of Online Learning Methods for Detecting Malicious Executables.- Efficient Mining and Detection of Sequential Intrusion Patterns for Network Intrusion Detection Systems.- A Non-Intrusive Approach to Enhance Legacy Embedded Control Systems with Cyber Protection Features.- Image Encryption and Chaotic Cellular Neural Network.- Privacy.- From Data Privacy to Location Privacy.- Privacy Preserving Nearest Neighbor Search.- Reliability.- High-Confidence Compositional Reliability Assessment of SOA-Based Systems Using Machine Learning Techniques.- Model, Properties, and Applications of Context-Aware Web Services.Trade ReviewFrom the reviews: "This is a useful book on machine learning for cyber security applications. It will be helpful to researchers and graduate students who are looking for an introduction to a specific topic in the field. All of the topics covered are well researched. The book consists of 12 chapters, grouped into four parts." (Imad H. Elhajj, ACM Computing Reviews, October, 2009)Table of ContentsCyber System.- Cyber-Physical Systems: A New Frontier.- Security.- Misleading Learners: Co-opting Your Spam Filter.- Survey of Machine Learning Methods for Database Security.- Identifying Threats Using Graph-based Anomaly Detection.- On the Performance of Online Learning Methods for Detecting Malicious Executables.- Efficient Mining and Detection of Sequential Intrusion Patterns for Network Intrusion Detection Systems.- A Non-Intrusive Approach to Enhance Legacy Embedded Control Systems with Cyber Protection Features.- Image Encryption and Chaotic Cellular Neural Network.- Privacy.- From Data Privacy to Location Privacy.- Privacy Preserving Nearest Neighbor Search.- Reliability.- High-Confidence Compositional Reliability Assessment of SOA-Based Systems Using Machine Learning Techniques.- Model, Properties, and Applications of Context-Aware Web Services.

Read more less

Book SynopsisThe inside story of the largest digital piracy sting to date.Trade Review"A super-charged, electrifying story. CRACK99 reads like a bestselling thriller!" -- Brad Thor, #1 New York Times bestselling author of Code of Conduct "A gripping and sobering account of the hemorrhage of high-end American computer programs into the Chinese internet black market...A riveting story." -- Dennis Blair, former director of national intelligence and co-chairman, Intellectual Property Commission "A rollicking true tale of high-level undercover cyber espionage in which Hall puts every bit of his extensive experience and investigative skills into catching a cyber-pirate. His stories of teaming with Homeland Security agents to double-cross a Chinese cyber criminal are, in a word, sensational." -- Retired FBI Special Agent Robert K. Wittman, author of Priceless: How I Went Undercover to Rescue the World's Stolen Treasures

Read more less

Book SynopsisThe inside story of the largest digital piracy sting to date.Trade Review"A crackling good tale, well-told in Hall's confiding, thoughtful, and humorous tone." -- Eloise Kinney - Booklist "A quirky tale of international pursuit through a legal labyrinth with unsettling implications regarding proliferation of ominous technologies." -- Kirkus Reviews "A super-charged, electrifying story. CRACK99 reads like a bestselling thriller!" -- Brad Thor, #1 New York Times bestselling author of Code of Conduct "A gripping and sobering account of the hemorrhage of high-end American computer programs into the Chinese internet black market...A riveting story." -- Dennis Blair, former director of national intelligence and co-chairman, Intellectual Property Commission "A rollicking true tale of high-level undercover cyber espionage in which Hall puts every bit of his extensive experience and investigative skills into catching a cyber-pirate. His stories of teaming with Homeland Security agents to double-cross a Chinese cyber criminal are, in a word, sensational." -- Retired FBI Special Agent Robert K. Wittman, author of Priceless: How I Went Undercover to Rescue the World's Stolen Treasures

Read more less

Book SynopsisThis book provides an understanding of governance and its relevance to information security. It gives readers a clear, step-by-step approach to developing a sound security strategy aligned with their business objectives in order to ensure a predictable level of functionality and assurance.Table of ContentsINTRODUCTION. CHAPTER 1: GOVERNANCE OVERVIEW. 1.1 What Is It? 1.2 Back to Basics. 1.3 Origins of Governance. 1.4 Governance Definition. 1.5 Information Security Governance. 1.6 Six Outcomes of Effective Security Governance. 1.7 Defining Information, Data, Knowledge. 1.8 Value of Information. CHAPTER 2: WHY GOVERNANCE? 2.1 Benefits of Good Governance. 2.1.1 Aligning Security with Business Objectives. 2.1.2 Providing the structure and framework to optimize allocations of limited resources. 2.1.3 Providing assurance that critical decisions are not based on faulty information. 2.1.4 Ensuring accountability for safeguarding critical assets. 2.1.5 Increasing trust of customers and stakeholders. 2.1.6 Increasing the company’s worth. 2.1.7 Reducing liability for information inaccuracy or lack of due care in protection. 2.1.8 Increasing predictability and reducing uncertainty of business operations. 2.2 A Management Problem. CHAPTER 3: LEGAL AND REGULATORY REQUIREMENTS. 3.1 Security Governance and Regulation. CHAPTER 4: ROLES & RESPONSIBILITIES. 4.1 The Board of Directors. 4.2 Executive Management. 4.3 Security Steering Committee. 4.4 The CISCO. CHAPTER: STRATEGIC METRICS. 5.1 Governance Objectives. 5.1.1 Strategic Direction. 5.1.2 Ensuring Objectives are Achieved. 5.1.3. Risks Managed Appropriately. 5.1.4 Verifying Resources are Used Responsibly. CHAPTER 6: INFORMATION SECURITY OUTCOMES. 6.1 Defining Outcomes. 6.1.1 Strategic alignment. 6.1.2 Risk Management. 6.1.3 Business process assurance / convergence. 6.1.4 Value delivery. 6.1.5 Resource management. 6.1.6 Performance measurement. CHAPTER 7: SECURITY GOVERNANCE OBJECTIVES. 7.1 Security Architecture. 7.1.1 Managing Complexity. 7.1.2 Providing a Framework & Road Map. 7.1.3 Simplicity & Clarity through Layering & Modularisation. 7.1.4 Business Focus beyond the Technical Domain. 7.1.5 Objectives of Information Security Architectures. 7.1.6 SABSA Framework for Security Service Management. 7.1.7 SABSA Development Process. 7.1.8 SABSA Lifecycle. 7.1.9 SABSA Attributes. 7.2 COBIT. 7.3 Capability Maturity Model. 7.4 ISO/IEC 27001/ 27002. 7.4.1 ISO 27001. 7.4.2 ISO 27002. 7.5 Other Approaches. 7.5.1 National Cybersecurity Task Force. CHAPTER 8: RISK MANAGEMENT OBJECTIVES. Risk Management Responsibilities. Managing Risk Appropriately. 8.1 Determining Risk Management Objectives. 8.1.1 Recovery Time Objectives. CHAPTER 9: CURRENT STATE. 9.1 Current State of Security. 9.2 Current State of Risk Management. 9.3 Gap Analysis - Unmitigated Risk. 9.3.1 SABSA. 9.3.2 CMM. CHAPTER 10: DEVELOPING A SECURITY STRATEGY. 10.1 Failures of Strategy. 10.2 Attributes of A Good Security Strategy. 10.3 Strategy Resources. 10.3.1 Utilizing Architecture for Strategy Development. 10.3.2 Using Cobit for Strategy Development. 10.3.3 Using CMM for Strategy Development. 10.4 STRATEGY CONSTRAINTS. 10.4.1 Contextual constraints. 10.4.2 Operational constraints. CHAPTER 11: SAMPLE STRATEGY DEVELOPMENT. 11.1 The Process. CHAPTER 12: IMPLEMENTING STRATEGY. Action Plan Intermediate Goals. Action Plan Metrics. Re-engineering. Inadequate Performance. 12.1 Elements Of Strategy. 12.1.1 Policy Development. Attributes of Good Policies. Sample Policy Development. Other Policies. 12.1.2 Standards. Attributes of Good Standards. Sample Standards. Classifications. Standard Statement. CHAPTER 13: SECURITY PROGRAM DEVELOPMENT METRICS. 13.1 Information Security Program Development Metrics. 13.2 Program Development Operational Metrics. CHAPTER 14: INFORMATION SECURITY MANAGEMENT METRICS. 14.1 Management Metrics. 14.2 Security Management Decision Support Metrics. 14.4 CISO Decisions. 14.2.1 Strategic alignment. 14.2.2 Risk Management. 14.2.3 Metrics for Risk Management. 14.2.4 Assurance Process Integration. 14.2.5 Value Delivery. 14.2.6 Resource Management. 14.2.7 Performance Measurement. 14.7 Information Security Operational Metrics. 14.3.1 IT and Information Security Management. 14.3.2 Compliance Metrics. CHAPTER 15: INCIDENT MANAGEMENT AND RESPONSE METRICS. 15.1 Incident Management Decision Support Metrics. Conclusion. Appendix A. SABSA Business Attributes & Metrics. Appendix B. Cultural Worldviews. Heirarchists. Egalitarians. Individualists. Fatalists.

Read more less

Book SynopsisDiscover the process of e-discovery and put good practices in place. Electronic information involved in a lawsuit requires a completely different process for management and archiving than paper information.Table of ContentsIntroduction 1 Who Should Read This Book? 1 About This Book 2 What You’re Not to Read 2 Foolish Assumptions 2 How This Book Is Organized 3 Part I: Examining e-Discovery and ESI Essentials 3 Part II: Guidelines for e-Discovery and Professional Competence 3 Part III: Identifying, Preserving, and Collecting ESI 4 Part IV: Processing, Protecting, and Producing ESI 4 Part V: Getting Litigation Ready 4 Part VI: Strategizing for e-Discovery Success 5 Part VII: The Part of Tens 5 Glossary 5 Icons Used in This Book 5 Where to Go from Here 6 Part I: Examining e-Discovery and ESI Essentials 7 Chapter 1: Knowing Why e-Discovery Is a Burning Issue 9 Getting Thrust into the Biggest Change in the Litigation 10 New rules put electronic documents under a microscope 11 New rules and case law expand professional responsibilities 12 Distinguishing Electronic Documents from Paper Documents 14 ESI has more volume 15 ESI is more complex 15 ESI is more fragile 16 ESI is harder to delete 17 ESI is more software and hardware dependent 18 Viewing the Litigation Process from 1,000 Feet 18 Examining e-Discovery Processes 20 Creating and retaining electronic records 20 Identifying, preserving, and collecting data relevant to a legal matter 21 Processing and filtering to remove the excess 22 Reviewing and analyzing for privilege 22 Producing what’s required 23 Clawing back what sneaked out 23 Presenting at trial 24 Chapter 2: Taking a Close Look at Electronically Stored Information (ESI) 25 Spotting the ESI in the Game Plan 26 Viewing the Life of Electronic Information 27 Accounting for age 27 Tracking the rise and fall of an e-mail 29 Understanding Zubulake I 30 Taking the two-tier test 34 Preserving the Digital Landscape 36 Facing Sticker Shock: What ESI Costs 37 Estimating hard and hidden costs 39 Looking at the costs of being surprised by a request 40 Chapter 3: Building e-Discovery Best Practices into Your Company 43 Setting Up a Reasonable Defensive Strategy 44 Heeding judicial advice 45 Keeping ESI intact and in-reach 46 Braking for Litigation Holds 48 Insuring a stronghold 48 Getting others to buy-in 49 Holding on tight to your ESI 50 Putting Best Practices into Place 51 Forming Response Teams 54 Putting Project Management into Practice 55 Tackling the triple constraints 56 Managing the critical path 57 Maintaining Ethical Conduct and Credibility 57 Part II: Guidelines for e-Discovery and Professional Competence 59 Chapter 4: The Playbook: Federal Rules and Advisory Guidelines 61 Knowing the Rules You Must Play By 62 Deciphering the FRCP 63 FRCP 1 63 FRCP 16 63 FRCP 26 65 FRCP 33 and 34 66 Applying the Rules to Criminal Cases 66 F.R. Crim. P. Rule 41 71 F. R. Crim. P. Rule 16 71 F. R. Crim. P. Rule 17 and 17.1 71 Learning about Admissibility 71 Lessening the Need for Judicial Intervention by Cooperation 73 Limiting e-Discovery 74 Finding Out About Sanctions 75 Rulings on Metadata 77 Getting Guidance but Not Authority from Sedona Think Tanks 79 Collecting the Wisdom of the Chief Justices and National Law Conference 79 Minding the e-Discovery Reference Model 80 Following the Federal Rules Advisory Committee 81 Chapter 5: Judging Professional Competence and Conduct 83 Making Sure Your Attorney Gives a Diligent Effort 84 Looking at what constitutes a diligent effort 84 Searching for evidence 85 Producing ESI 86 Providing a certification 86 Avoiding Being Sanctioned 87 FRCP sanctions 87 Inherent power sanctions 89 Knowing the Risks Introduced by Legal Counsel 91 Acting bad: Attorney e-discovery misconduct 91 Relying on the American Bar Association and state rules of professional conduct 93 Learning from Those Who Gambled Their Cases and Lost 94 Policing e-Discovery in Criminal Cases 96 Part III: Identifying, Preserving, and Collecting ESI 99 Chapter 6: Identifying Potentially Relevant ESI 101 Calling an e-Discovery Team into Action 102 Clarifying the Scope of e-Discovery 104 Reducing the Burden with the Proportionality Principle 107 Proportionality of scale 107 Negotiating with proportionality 108 Mapping the Information Architecture 108 Creating a data map 108 Overlooking ESI 111 Describing data retention policies and procedures 112 Proving the reasonable accessibility of ESI sources 113 Taking Lessons from the Mythical Member 113 Chapter 7: Complying with ESI Preservation and a Litigation Hold 115 Distinguishing Duty to Preserve from Preservation 116 Following The Sedona Conference 116 The Sedona Conference WG1 guidelines 117 Seeing the rules in the WG1 decision tree 119 Recognizing a Litigation Hold Order and Obligation 119 Knowing what triggers a litigation hold 120 Knowing when to issue a litigation hold 120 Knowing when a hold delay makes you eligible for sanctions 122 Accounting for downsizing and departing employees 122 Throwing a Wrench into Digital Recycling 123 Suspending destructive processes 123 Where do you put a terabyte? 124 Implementing the Litigation Hold 125 Documenting that custodians are in compliance 127 Rounding up what needs to be collected 127 Judging whether a forensics-level preservation is needed 130 Chapter 8: Managing e-Discovery Conferences and Protocols 133 Complying with the Meet-and-Confer Session 133 Preparing for the Meet-and-Confer Session 136 Preservation of evidence 136 Form of production 137 Privileged or protected ESI 138 Any other issues regarding ESI 139 Agreeing on a Timetable 139 Selecting a Rule 30(b)(6) Witness 140 Finding Out You and the Opposing Party May Have Mutual Interests 141 Part IV: Processing, Protecting, and Producing ESI 143 Chapter 9: Processing, Filtering, and Reviewing ESI 145 Planning, Tagging, and Bagging 146 Taking a finely tuned approach 147 Finding exactly what you need 147 Stop and identify yourself 149 Two wrongs and a right 150 Learning through Trial and Error 151 Doing Early Case Assessment 152 Vetting vendors 153 Breaking Out the ESI 154 Crafting the Hunt 156 Deciding on filters 156 Keyword or phrase searching 157 Deduping 157 Concept searching 158 Heeding the Grimm roadmap 158 Sampling to Validate 159 Testing the validity of the search 159 Documenting sampling efforts 160 Doing the Review 161 Choosing a review platform 161 How to perform a review 163 Chapter 10: Protecting Privilege, Privacy, and Work Product 165 Facing the Rising Tide of Electronic Information 166 Respecting the Rules of the e-Discovery Game 166 Targeting relevant information 167 Seeing where relevance and privilege intersect 168 Managing e-discovery of confidential information 170 Listening to the Masters 172 Getting or Avoiding a Waiver 172 Asserting a claim 173 Preparing a privilege log 173 Responding to ESI disclosure 175 Applying FRE 502 to disclosure 175 Leveling the Playing Field through Agreement 177 Checking out the types of agreements 177 Shoring up your agreements by court order 178 Chapter 11: Producing and Releasing Responsive ESI 181 Producing Data Sets 182 Packing bytes 183 Staging production 184 Being alert to native production motions 185 Redacting prior to disclosure 187 Providing Detailed Documentation 190 Showing an Unbroken Chain of Custody 192 Keeping Metadata Intact 193 Part V: Getting Litigation Ready 199 Chapter 12: Dealing with Evidentiary Issues and Challenges 201 Looking at the Roles of the Judge and Jury 202 Qualifying an Expert 202 Getting Through the Five Hurdles of Admissibility 204 Admitting Relevant ESI 204 Authenticating ESI 205 Self-authenticating ESI 206 Following the chain of custody 206 Authenticating specific types of ESI 207 Analyzing the Hearsay Rule 208 Providing the Best Evidence 210 Probing the Value of the ESI 210 Chapter 13: Bringing In Special Forces: Computer Forensics 211 Powering Up Computer Forensics 212 Knowing when to hire an expert 212 Knowing what to expect from an expert 214 Judging an expert like judges do 214 Doing a Scientific Forensic Search 215 Testing, Sampling, and Refining Searches for ESI 216 Applying C-Forensics to e-Discovery 218 Following procedure 219 Preparing for an investigation 220 Acquiring and preserving the image 222 Authenticating with hash 223 Recovering deleted ESI 224 Analyzing to broaden or limit 225 Expressing in Boolean 226 Producing and documenting in detail 228 Reinforcing E-Discovery 229 Fighting against forensic fishing attempts 229 Fighting with forensics on your team 230 Defending In-Depth 231 Part VI: Strategizing for e-Discovery Success 233 Chapter 14: Managing and Archiving Business Records 235 Ratcheting Up IT’s Role in Prelitigation 236 Laying the cornerstone of ERM 236 Pitching your tent before the storm 237 Telling Documents and Business Records Apart 238 Designing a Defensible ERM Program 240 Designing by committee 240 Starting with the basics 240 Getting management on board with your ERM program 242 Crafting a risk-reducing policy 244 Punching up your e-mail policy 245 Building an ERM Program 246 Kicking the keep-it-all habit 248 Doing what you say you are 248 Getting an A+ in Compliance 249 Chapter 15: Viewing e-Discovery Law from the Bench 251 Examining Unsettled and Unsettling Issues 252 Applying a reasonableness standard 252 Forcing cooperation 253 Looking at what’s reasonably accessible 254 Determining who committed misconduct 254 Exploring the Role of the Judge 258 Actively participating 258 Scheduling conferences 259 Appointing experts 259 Determining the scope of costs 262 Chapter 16: e-Discovery for Large-Scale and Complex Litigation 263 Preparing for Complex Litigation 263 Ensuring quality control 265 Getting a project management process in place 266 Proving the merits of a case by using ESI 266 Educating the Court about Your ESI 267 Using summary judgment and other tools 268 Employing an identification system 268 Form of production 269 Creating document depositories 269 Avoiding Judicial Resolution 270 Determining the Scope of Accessibility 271 Doing a good-cause inquiry 272 Cost-shifting 273 Getting Help 274 Partnering with vendors or service providers 274 Selecting experts or consulting companies 274 Chapter 17: e-Discovery for Small Cases 277 Defining Small Cases that Can Benefit from e-Discovery 278 Theft of proprietary data and breaches of contract 278 Marital matters 278 Defamation and Internet defamation 279 Characterizing Small Matters 280 Keeping ESI out of evidence 280 Shared characteristics with large cases 281 Unique characteristics and dynamics 282 Proceeding in Small Cases 283 Curbing e-Discovery with Proportionality 286 Sleuthing Personal Correspondence and Files 286 Part VII: The Part of Tens 289 Chapter 18: Ten Most Important e-Discovery Rules 291 FRCP 26(b)(2)(B) Specific Limitations on ESI 291 FRCP 26(b)(5)(B) Protecting Trial-Preparation Materials and Clawback 292 FRCP 26(a)(1)(C) Time for Pretrial Disclosures; Objections 293 FRCP 26(f) Conference of the Parties; Planning for Discovery 294 FRCP 26(g) Signing Disclosures and Discovery Requests, Responses, and Objections 294 FRCP 30(b)(6) Designation of a Witness 295 FRCP 34(b) Form of Production 296 FRCP 37(e) Safe Harbor from Sanctions for Loss of ESI 297 Federal Rules of Evidence 502(b) Inadvertent Disclosure 298 Federal Rule of Evidence 901 Requirement of Authentication or Identification 298 Chapter 19: Ten Ways to Keep an Edge on Your e-Discovery Expertise 301 The Sedona Conference and Working Group Series 302 Discovery Resources 303 Law Technology News 303 Electronic Discovery Law 304 E-Discovery Team Blog 304 LexisNexis Applied Discovery Online Law Library 305 American Bar Association Journal 305 Legal Technology’s Electronic Data Discovery 306 Supreme Court of the United States 306 Cornell Law School Legal Information Institute and Wex 307 Chapter 20: Ten e-Discovery Cases with Really Good Lessons 309 Zubulake v. UBS Warburg, 2003–2005; Employment Discrimination 309 Qualcomm v. Broadcom, 2008; Patent Dispute 310 Victor Stanley, Inc. v. Creative Pipe, Inc., 2008; Copyright Infringement 311 Doe v. Norwalk Community College, 2007; the Safe Harbor of FRCP Rule 37(e) 312 United States v. O’keefe, 2008; Criminal Case Involving e-discovery 313 Lorraine v. Markel American Insurance Co., 2007; Insurance Dispute 314 Mancia v. Mayflower Textile Services Co., et al., 2008; the Duty of Cooperate and FRCP Rule 26(g) 315 Mikron Industries Inc. v. Hurd Windows & Doors Inc., 2008; Duty to Confer 316 Gross Construction Associates, Inc., v. American Mfrs. Mutual Ins Co., 2009; Keyword Searches 317 Gutman v. Klein, 2008; Termination Sanction and Spoliation 318 Glossary 321 Index 333

Read more less

Book SynopsisThe official, Guidance Software-approved book on the newest EnCE exam! The EnCE exam tests that computer forensic analysts and examiners have thoroughly mastered computer investigation methodologies, as well as the use of Guidance Software''s EnCase Forensic 7. The only official Guidance-endorsed study guide on the topic, this book prepares you for the exam with extensive coverage of all exam topics, real-world scenarios, hands-on exercises, up-to-date legal information, and sample evidence files, flashcards, and more. Guides readers through preparation for the newest EnCase Certified Examiner (EnCE) exam Prepares candidates for both Phase 1 and Phase 2 of the exam, as well as for practical use of the certification Covers identifying and searching hardware and files systems, handling evidence on the scene, and acquiring digital evidence using EnCase Forensic 7 Includes hands-on exercises, practice questions, and up-to-date legal informTable of ContentsIntroduction xxi Assessment Test xxvii Chapter 1 Computer Hardware 1 Computer Hardware Components 2 The Boot Process 14 Partitions 20 File Systems 25 Summary 27 Exam Essentials 27 Review Questions 28 Chapter 2 File Systems 33 FAT Basics 34 The Physical Layout of FAT 36 Viewing Directory Entries Using EnCase 52 The Function of FAT 58 NTFS Basics 73 CD File Systems 77 exFAT 79 Summary 83 Exam Essentials 84 Review Questions 85 Chapter 3 First Response 89 Planning and Preparation 90 The Physical Location 91 Personnel 91 Computer Systems 92 What to Take with You Before You Leave 94 Search Authority 97 Handling Evidence at the Scene 98 Securing the Scene 98 Recording and Photographing the Scene 99 Seizing Computer Evidence 99 Bagging and Tagging 110 Summary 113 Exam Essentials 113 Review Questions 115 Chapter 4 Acquiring Digital Evidence 119 Creating EnCase Forensic Boot Disks 121 Booting a Computer Using the EnCase Boot Disk 124 Seeing Invisible HPA and DCO Data 125 Other Reasons for Using a DOS Boot 126 Steps for Using a DOS Boot 126 Drive-to-Drive DOS Acquisition 128 Steps for Drive-to-Drive DOS Acquisition 128 Supplemental Information About Drive-to-Drive DOS Acquisition 132 Network Acquisitions 135 Reasons to Use Network Acquisitions 135 Understanding Network Cables 136 Preparing an EnCase Network Boot Disk 137 Preparing an EnCase Network Boot CD 138 Steps for Network Acquisition 138 FastBloc/Tableau Acquisitions 151 Available FastBloc Models 151 FastBloc 2 Features 152 Steps for Tableau (FastBloc) Acquisition 154 FastBloc SE Acquisitions 163 About FastBloc SE 163 Steps for FastBloc SE Acquisitions 164 LinEn Acquisitions 168 Mounting a File System as Read-Only 168 Updating a Linux Boot CD with the Latest Version of LinEn 169 Running LinEn 171 Steps for LinEn Acquisition 173 Enterprise and FIM Acquisitions 176 EnCase Portable 180 Helpful Hints 188 Summary 189 Exam Essentials 192 Review Questions 194 Chapter 5 EnCase Concepts 199 EnCase Evidence File Format 200 CRC, MD5, and SHA-1 201 Evidence File Components and Function 202 New Evidence File Format 206 Evidence File Verification 207 Hashing Disks and Volumes 215 EnCase Case Files 217 EnCase Backup Utility 220 EnCase Configuration Files 227 Evidence Cache Folder 231 Summary 233 Exam Essentials 235 Review Questions 236 Chapter 6 EnCase Environment 241 Home Screen 242 EnCase Layout 246 Creating a Case 249 Tree Pane Navigation 255 Table Pane Navigation 266 Table View 266 Gallery View 275 Timeline View 277 Disk View 280 View Pane Navigation 284 Text View 284 Hex View 287 Picture View 288 Report View 289 Doc View 289 Transcript View 290 File Extents View 291 Permissions View 291 Decode View 292 Field View 294 Lock Option 294 Dixon Box 294 Navigation Data (GPS) 295 Find Feature 297 Other Views and Tools 298 Conditions and Filters 298 EnScript 299 Text Styles 299 Adjusting Panes 300 Other Views 306 Global Views and Settings 306 EnCase Options 310 Summary 318 Exam Essentials 320 Review Questions 321 Chapter 7 Understanding, Searching For, and Bookmarking Data 325 Understanding Data 327 Binary Numbers 327 Hexadecimal 333 Characters 336 ASCII 337 Unicode 338 EnCase Evidence Processor 340 Searching for Data 352 Creating Keywords 353 GREP Keywords 364 Starting a Search 373 Viewing Search Hits and Bookmarking Your Findings 376 Bookmarking 377 Summary 426 Exam Essentials 428 Review Questions 430 Chapter 8 File Signature Analysis and Hash Analysis 435 File Signature Analysis 436 Understanding Application Binding 437 Creating a New File Signature 438 Conducting a File Signature Analysis 442 Hash Analysis 449 MD5 Hash 449 Hash Sets and Hash Libraries 449 Hash Analysis 462 Summary 466 Exam Essentials 468 Review Questions 469 Chapter 9 Windows Operating System Artifacts 473 Dates and Times 475 Time Zones 475 Windows 64-Bit Time Stamp 476 Adjusting for Time Zone Offsets 481 Recycle Bin 487 Details of Recycle Bin Operation 488 The INFO2 File 488 Determining the Owner of Files in the Recycle Bin 493 Files Restored or Deleted from the Recycle Bin 494 Using an EnCase Evidence Processor to Determine the Status of Recycle Bin Files 496 Recycle Bin Bypass 498 Windows Vista/Windows 7 Recycle Bin 500 Link Files 504 Changing the Properties of a Shortcut 504 Forensic Importance of Link Files 505 Using the Link File Parser 509 Windows Folders 511 Recent Folder 515 Desktop Folder 516 My Documents/Documents 518 Send To Folder 518 Temp Folder 519 Favorites Folder 520 Windows Vista Low Folders 521 Cookies Folder 523 History Folder 526 Temporary Internet Files 532 Swap File 535 Hibernation File 536 Print Spooling 537 Legacy Operating System Artifacts 543 Windows Volume Shadow Copy 544 Windows Event Logs 549 Kinds of Information Available in Event Logs 549 Determining Levels of Auditing 552 Windows Vista/7 Event Logs 554 Using the Windows Event Log Parser 555 For More Information 558 Summary 559 Exam Essentials 564 Review Questions 566 Chapter 10 Advanced EnCase 571 Locating and Mounting Partitions 573 Mounting Files 588 Registry 595 Registry History 595 Registry Organization and Terminology 596 Using EnCase to Mount and View the Registry 601 Registry Research Techniques 605 EnScript and Filters 608 Running EnScripts 609 Filters and Conditions 611 Email 614 Base64 Encoding 619 EnCase Decryption Suite 622 Virtual File System (VFS) 629 Restoration 633 Physical Disk Emulator (PDE) 636 Putting It All Together 641 Summary 645 Exam Essentials 648 Review Questions 649 Appendix A Answers to Review Questions 653 Chapter 1: Computer Hardware 654 Chapter 2: File Systems 655 Chapter 3: First Response 657 Chapter 4: Acquiring Digital Evidence 658 Chapter 5: EnCase Concepts 659 Chapter 6: EnCase Environment 661 Chapter 7: Understanding, Searching For, and Bookmarking Data 662 Chapter 8: File Signature Analysis and Hash Analysis 663 Chapter 9: Windows Operating System Artifacts 664 Chapter 10: Advanced EnCase 665 Appendix B Creating Paperless Reports 667 Exporting the Web Page Report 669 Creating Your Container Report 671 Bookmarks and Hyperlinks 675 Burning the Report to CD or DVD 678 Appendix C About the Additional Study Tools 681 Additional Study Tools 682 Sybex Test Engine 682 Electronic Flashcards 682 PDF of Glossary of Terms 682 Adobe Reader 682 Additional Author Files 683 System Requirements 683 Using the Study Tools 683 Troubleshooting 683 Customer Care 684 Index 685

Read more less

Book SynopsisThe United States has poured over a billion dollars into a network of interagency intelligence centers called fusion centers. These centers were ostensibly set up to prevent terrorism, but politicians, the press, and policy advocates have criticized them for failing on this account. So why do these security systems persist? Pacifying the Homeland travels inside the secret world of intelligence fusion, looks beyond the apparent failure of fusion centers, and reveals a broader shift away from mass incarceration and toward a more surveillance- and police-intensive system of social regulation. Provided with unprecedented access to domestic intelligence centers, Brendan McQuade uncovers how the institutionalization of intelligence fusion enables decarceration without fully addressing the underlying social problems at the root of mass incarceration. The result is a startling analysis that contributes to the debates on surveillance, mass incarceration, and policing and challenges readers to see surveillance, policing, mass incarceration, and the security state in an entirely new light.Trade Review"Through comprehensive research, McQuade offers a substantial contribution to studies in policing, surveillance, historical sociology, and social justice. . . . As the book makes clear, “mass supervision, an outgrowth and extension of mass incarceration, helps maintain the stark—and starkly racialized—inequalities that characterize the United States." Understanding intelligence fusion and mass supervision is necessary to challenge such conditions, an effort Pacifying the Homeland contributes to greatly." * Journal of Criminal Justice Education *"Pacifying the Homeland is part of a wave of much needed critical policing studies that at once echo an earlier era in the study of radical criminology, while also heralding the arrival of a new interventionist, unapologetic structural analysis of policing." * Punishment & Society *"This is a vitally important book." * Religious Studies Review *Table of ContentsAcknowledgments Prologue: Policing Camden’s crisis 1. Connecting the dots beyond counterterrorism and seeing past organizational failure 2. The rise and present demise of the workfare-carceral state 3. The institutionalization of intelligence fusion 4. Policing decarceration 5. Beyond cointelpro 6. Pacifying poverty Conclusion: The Camden model and the Chicago challenge Appendix: Research and the World of Official Secrets Notes Works Cited Index

Read more less

Book SynopsisThe security world is changing as the advent of modern Web 2.0 sites and rich Internet applications has given rise to a generation of hacking techniques. This book offers information on hacks that attempt to exploit technical flaws. It explains how to assess attacks against technologies in Internet applications and social networking sites.

Read more less

Book SynopsisAuthor Gaurav Raje shows cloud solution architects and software developers with AWS experience how to build highly secure systems on AWS without increasing overhead.

Read more less

Book Synopsis

Read more less

Book SynopsisWindows security concepts and technologies for IT beginners IT security can be a complex topic, especially for those new to the field of IT.Table of ContentsIntroduction. Chapter 1 Understanding Core Security Principles. Chapter 2 Understanding Malware and Social Engineering. Chapter 3 Understanding User Authentication. Chapter 4 Securing Access with Permissions. Chapter 5 Using Audit Policies and Network Auditing. Chapter 6 Protecting Clients and Servers. Chapter 7 Protecting a Network. Chapter 8 Understanding Wireless Security. Chapter 9 Understanding Physical Security. Chapter 10 Enforcing Confidentiality with Encryption. Chapter 11 Understanding Certificates and a PKI. Chapter 12 Understanding Internet Explorer Security. Appendix A Answers to Review Questions. Appendix B Microsoft's Certification Program. Index.

Read more less

Book SynopsisDefending your web applications against hackers and attackers The top-selling book Web Application Hacker''s Handbook showed how attackers and hackers identify and attack vulnerable live web applications. This new Web Application Defender''s Cookbook is the perfect counterpoint to that book: it shows you how to defend. Authored by a highly credentialed defensive security expert, this new book details defensive security methods and can be used as courseware for training network security personnel, web server administrators, and security consultants. Each recipe shows you a way to detect and defend against malicious behavior and provides working code examples for the ModSecurity web application firewall module. Topics include identifying vulnerabilities, setting hacker traps, defending different access points, enforcing application flows, and much more. Provides practical tactics for detecting web attacks and malicious behavior anTrade ReviewFor those that want to ensure their web sites are as secure as possible, their developers should certainly implement the delicious recipes in Web Application Defender's Cookbook. (RSA Conference, Jan 2013)Table of ContentsForeword xix Introduction xxiii I Preparing the Battle Space 1 1 Application Fortification 7 Recipe 1-1: Real-time Application Profiling 7 Recipe 1-2: Preventing Data Manipulation with Cryptographic Hash Tokens 15 Recipe 1-3: Installing the OWASP ModSecurity Core Rule Set (CRS) 19 Recipe 1-4: Integrating Intrusion Detection System Signatures 33 Recipe 1-5: Using Bayesian Attack Payload Detection 38 Recipe 1-6: Enable Full HTTP Audit Logging 48 Recipe 1-7: Logging Only Relevant Transactions 52 Recipe 1-8: Ignoring Requests for Static Content 53 Recipe 1-9: Obscuring Sensitive Data in Logs 54 Recipe 1-10: Sending Alerts to a Central Log Host Using Syslog 58 Recipe 1-11: Using the ModSecurity AuditConsole 60 2 Vulnerability Identification and Remediation 67 Recipe 2-1: Passive Vulnerability Identification 70 Recipe 2-2: Active Vulnerability Identification 79 Recipe 2-3: Manual Scan Result Conversion 88 Recipe 2-4: Automated Scan Result Conversion 92 Recipe 2-5: Real-time Resource Assessments and Virtual Patching 99 3 Poisoned Pawns (Hacker Traps) 115 Recipe 3-1: Adding Honeypot Ports 116 Recipe 3-2: Adding Fake robots.txt Disallow Entries 118 Recipe 3-3: Adding Fake HTML Comments 123 Recipe 3-4: Adding Fake Hidden Form Fields 128 Recipe 3-5: Adding Fake Cookies 131 II Asymmetric Warfare 137 4 Reputation and Third-Party Correlation 139 Recipe 4-1: Analyzing the Client’s Geographic Location Data 141 Recipe 4-2: Identifying Suspicious Open Proxy Usage?@147 Recipe 4-3: Utilizing Real-time Blacklist Lookups (RBL) 150 Recipe 4-4: Running Your Own RBL 157 Recipe 4-5: Detecting Malicious Links 160 5 Request Data Analysis 171 Recipe 5-1: Request Body Access 172 Recipe 5-2: Identifying Malformed Request Bodies 178 Recipe 5-3: Normalizing Unicode 182 Recipe 5-4: Identifying Use of Multiple Encodings 186 Recipe 5-5: Identifying Encoding Anomalies 189 Recipe 5-6: Detecting Request Method Anomalies 193 Recipe 5-7: Detecting Invalid URI Data 197 Recipe 5-8: Detecting Request Header Anomalies 200 Recipe 5-9: Detecting Additional Parameters 209 Recipe 5-10: Detecting Missing Parameters 212 Recipe 5-11: Detecting Duplicate Parameter Names 214 Recipe 5-12: Detecting Parameter Payload Size Anomalies 216 Recipe 5-13: Detecting Parameter Character Class Anomalies 219 6 Response Data Analysis 223 Recipe 6-1: Detecting Response Header Anomalies 224 Recipe 6-2: Detecting Response Header Information Leakages 234 Recipe 6-3: Response Body Access 238 Recipe 6-4: Detecting Page Title Changes 240 Recipe 6-5: Detecting Page Size Deviations 243 Recipe 6-6: Detecting Dynamic Content Changes 246 Recipe 6-7: Detecting Source Code Leakages 249 Recipe 6-8: Detecting Technical Data Leakages 253 Recipe 6-9: Detecting Abnormal Response Time Intervals 256 Recipe 6-10: Detecting Sensitive User Data Leakages 259 Recipe 6-11: Detecting Trojan, Backdoor, and Webshell Access Attempts 262 7 Defending Authentication 265 Recipe 7-1: Detecting the Submission of Common/Default Usernames 266 Recipe 7-2: Detecting the Submission of Multiple Usernames 269 Recipe 7-3: Detecting Failed Authentication Attempts 272 Recipe 7-4: Detecting a High Rate of Authentication Attempts 274 Recipe 7-5: Normalizing Authentication Failure Details 280 Recipe 7-6: Enforcing Password Complexity 283 Recipe 7-7: Correlating Usernames with SessionIDs 286 8 Defending Session State 291 Recipe 8-1: Detecting Invalid Cookies 291 Recipe 8-2: Detecting Cookie Tampering 297 Recipe 8-3: Enforcing Session Timeouts 302 Recipe 8-4: Detecting Client Source Location Changes During Session Lifetime 307 Recipe 8-5: Detecting Browser Fingerprint Changes During Sessions 314 9 Preventing Application Attacks 323 Recipe 9-1: Blocking Non-ASCII Characters 323 Recipe 9-2: Preventing Path-Traversal Attacks 327 Recipe 9-3: Preventing Forceful Browsing Attacks 330 Recipe 9-4: Preventing SQL Injection Attacks 332 Recipe 9-5: Preventing Remote File Inclusion (RFI) Attacks 336 Recipe 9-6: Preventing OS Commanding Attacks 340 Recipe 9-7: Preventing HTTP Request Smuggling Attacks 342 Recipe 9-8: Preventing HTTP Response Splitting Attacks 345 Recipe 9-9: Preventing XML Attacks 347 10 Preventing Client Attacks 353 Recipe 10-1: Implementing Content Security Policy (CSP) 353 Recipe 10-2: Preventing Cross-Site Scripting (XSS) Attacks 362 Recipe 10-3: Preventing Cross-Site Request Forgery (CSRF) Attacks 371 Recipe 10-4: Preventing UI Redressing (Clickjacking) Attacks 377 Recipe 10-5: Detecting Banking Trojan (Man-in-the-Browser) Attacks 381 11 Defending File Uploads 387 Recipe 11-1: Detecting Large File Sizes 387 Recipe 11-2: Detecting a Large Number of Files 389 Recipe 11-3: Inspecting File Attachments for Malware 390 12 Enforcing Access Rate and Application Flows 395 Recipe 12-1: Detecting High Application Access Rates 395 Recipe 12-2: Detecting Request/Response Delay Attacks 405 Recipe 12-3: Identifying Inter-Request Time Delay Anomalies 411 Recipe 12-4: Identifying Request Flow Anomalies 413 Recipe 12-5: Identifying a Significant Increase in Resource Usage 414 III Tactical Response 419 13 Passive Response Actions 421 Recipe 13-1: Tracking Anomaly Scores 421 Recipe 13-2: Trap and Trace Audit Logging 427 Recipe 13-3: Issuing E-mail Alerts 428 Recipe 13-4: Data Sharing with Request Header Tagging 436 14 Active Response Actions 441 Recipe 14-1: Using Redirection to Error Pages 442 Recipe 14-2: Dropping Connections 445 Recipe 14-3: Blocking the Client Source Address 447 Recipe 14-4: Restricting Geolocation Access Through Defense Condition (DefCon) Level Changes 452 Recipe 14-5: Forcing Transaction Delays 455 Recipe 14-6: Spoofing Successful Attacks 462 Recipe 14-7: Proxying Traffic to Honeypots 468 Recipe 14-8: Forcing an Application Logout 471 Recipe 14-9: Temporarily Locking Account Access 476 15 Intrusive Response Actions 479 Recipe 15-1: JavaScript Cookie Testing 479 Recipe 15-2: Validating Users with CAPTCHA Testing 481 Recipe 15-3: Hooking Malicious Clients with BeEF 485 Index 495

Read more less

Book SynopsisEstablishes the foundations of Cloud computing, building a diverse understanding of the technologies behind Cloud computing. This book begins with an introduction to Cloud computing, presenting fundamental concepts such as analysing Cloud definitions, Cloud evolution, Cloud services, Cloud deployment types, and highlights the main challenges.Table of ContentsPreface ixReferences xii1 Introduction 11.1 Overview 11.2 Cloud definition 21.3 Cloud evolution 31.4 Cloud services 51.5 Cloud deployment types 61.6 Main challenges of Clouds 71.7 Summary 101.8 Exercises 10References 11Part One Cloud management 132 Cloud structure 152.1 Introduction 152.2 Infrastructure components 152.3 Cloud Layers 172.4 Cloud relations 232.5 Cloud dynamics 272.6 Data types 272.7 Summary 302.8 Exercises 30References 303 Fundamentals of Cloud management 313.1 Introduction 313.2 Clouds management services 323.3 Virtual control center 373.4 Prerequisite input-data for the management services 373.5 Management of user requirements 403.6 Summary 463.7 Exercises 47References 474 Cloud properties 494.1 Introduction 494.2 Adaptability property 504.3 Resilience property 514.4 Scalability property 524.5 Availability property 534.6 Reliability property 534.7 Security and privacy property 544.8 Business model 554.9 Summary 564.10 Exercises 57References 575 Automated management services 595.1 Introduction 595.2 Virtual layer self-managed services 605.3 Virtual services interdependency 655.4 Application layer self-managed services 675.5 Application services interdependency 705.6 Security and privacy by design 715.7 Multi-tier application deployment in the Cloud 735.8 Main challenges and requirements 795.9 Summary 825.10 Exercises 82References 83Part Two Clouds security fundamentals 856 Background 876.1 Topics flow 876.2 Trusted Computing 896.3 Summary 97References 977 Challenges for establishing trust in Clouds 997.1 Introduction 997.2 Effects of Cloud dynamism on trust relationships 1007.3 Challenges 1037.4 Summary 1057.5 Exercises 105References 1058 Establishing trust in Clouds 1078.1 Introduction 1078.2 Organization requirements 1078.3 Framework requirements 1088.4 Device properties 1118.5 Framework architecture 1128.6 Required software agents 1168.7 Framework workflow 1198.8 Discussion and analysis 1258.9 Summary 1268.10 Exercises 127References 1279 Clouds chains of trust 1299.1 Introduction 1299.2 Software agents revision 1309.3 Roots of and chains of trust definition 1309.4 Intra-layer chains of trust 1329.5 Trust across layers 1409.6 Summary 1439.7 Exercises 143References 14310 Provenance in Clouds 14510.1 Introduction 14510.2 Motivating scenarios 14810.3 Log records management and requirements 15010.4 Framework domain architecture 15510.5 Framework software agents 15710.6 Framework workflow 16010.7 Threat analysis 17110.8 Discussion and future directions 17310.9 Exercises 175References 17511 Insiders 17711.1 Introduction 17711.2 Insiders definition 17811.3 Conceptual models 18211.4 Summary 18511.5 Exercises 185References 186Part Three Practical examples 18712 Real life examples 18912.1 Open Stack 18912.2 Amazon web services 19512.3 Component architecture 19712.4 Prototype 20312.5 Summary 209Reference 20913 Case study 21113.1 Scenario 21113.2 Home healthcare architecture in the Cloud 21213.3 Insiders analysis for home healthcare 21213.4 Cloud threats 220References 226

Read more less

Book SynopsisThis book provides an overview of vehicular networks, fromtraffic engineering to human factors. The book addresses theunique design requirements for security and privacy preservationfor vehicular communications to increase road safety.Table of ContentsList of Figures xi List of Tables xv Acronyms xvii Preface xix 1 INTRODUCTION 1 1.1 Background 1 1.2 DSRC AND VANET 2 1.2.1 DSRC 2 1.2.2 VANET 3 1.2.3 Characteristics of VANET 6 1.3 Security and Privacy Threats 7 1.4 Security and Privacy Requirements 8 1.5 Challenges and Prospects 9 1.5.1 Conditional Privacy Preservation in VANETs 9 1.5.2 Authentication with Efficient Revocation in VANETs 10 1.6 Standardization and Related Activities 11 1.7 Security Primitives 13 1.8 Outline of the Book 17 References 17 2 GSIS: GROUP SIGNATURE AND ID-BASED SIGNATURE-BASED SECURE AND PRIVACY-PRESERVING PROTOCOL 21 2.1 Introduction 21 2.2 Preliminaries and Background 23 2.2.1 Group Signature 23 2.2.2 Bilinear Pairing and ID-Based Cryptography 23 2.2.3 Threat Model 23 2.2.4 Desired Requirements 24 2.3 Proposed Secure and Privacy-Preserving Protocol 25 2.3.1 Problem Formulation 25 2.3.2 System Setup 27 2.3.3 Security Protocol between OBUs 29 2.3.4 Security Protocol between RSUs and OBUs 38 2.4 Performance Evaluation 41 2.4.1 Impact of Traffic Load 43 2.4.2 Impact of Cryptographic Signature Verification Delay 43 2.4.3 Membership Revocation and Tracing Efficiency 45 2.5 Concluding Remarks 47 References 47 3 ECPP: EFFICIENT CONDITIONAL PRIVACY PRESERVATION PROTOCOL 51 3.1 Introduction 51 3.2 System Model and Problem Formulation 52 3.2.1 System Model 52 3.2.2 Design Objectives 54 3.3 Proposed ECPP Protocol 55 3.3.1 System Initialization 55 3.3.2 OBU Short-Time Anonymous Key Generation 56 3.3.3 OBU Safety Message Sending 62 3.3.4 OBU Fast Tracking Algorithm 63 3.4 Analysis on Conditional Privacy Preservation 64 3.5 Performance Analysis 66 3.5.1 OBU Storage Overhead 66 3.5.2 OBU Computation Overhead on Verification 66 3.5.3 TA Computation Complexity on OBU Tracking 68 3.6 Concluding Remarks 69 References 69 4 PSEUDONYM-CHANGING STRATEGY FOR LOCATION PRIVACY 71 4.1 Introduction 71 4.2 Problem Definition 73 4.2.1 Network Model 73 4.2.2 Threat Model 74 4.2.3 Location Privacy Requirements 75 4.3 Proposed PCS Strategy for Location Privacy 75 4.3.1 KPSD Model for PCS Strategy 75 4.3.2 Anonymity Set Analysis for Achieved Location Privacy 79 4.3.3 Feasibility Analysis of PCS Strategy 85 4.4 Performance Evaluation 86 4.5 Concluding Remarks 89 References 89 5 RSU-AIDED MESSAGE AUTHENTICATION 91 5.1 Introduction 91 5.2 System Model and Preliminaries 93 5.2.1 System Model 93 5.2.2 Assumption 93 5.2.3 Problem Statement 94 5.2.4 Security Objectives 95 5.3 Proposed RSU-Aided Message Authentication Scheme 96 5.3.1 Overview 96 5.3.2 Mutual Authentication and Key Agreement between RSUs and Vehicles 96 5.3.3 Hash Aggregation 98 5.3.4 Verification 99 5.3.5 Privacy Enhancement 100 5.4 Performance Evaluation 101 5.4.1 Message Loss Ratio 102 5.4.2 Message Delay 102 5.4.3 Communication Overhead 104 5.5 Security Analysis 105 5.6 Concluding Remarks 106 References 107 6 TESLA-BASED BROADCAST AUTHENTICATION 109 6.1 Introduction 109 6.2 Timed Efficient and Secure Vehicular Communication Scheme 110 6.2.1 Preliminaries 110 6.2.2 System Formulation 112 6.2.3 Proposed TSVC Scheme 113 6.2.4 Enhanced TSVC with Nonrepudiation 118 6.2.5 Discussion 123 6.3 Security Analysis 129 6.4 Performance Evaluation 129 6.4.1 Impact of Vehicle Moving Speed 131 6.4.2 Impact of Vehicle Density 132 6.5 Concluding Remarks 134 References 134 7 DISTRIBUTED COOPERATIVE MESSAGE AUTHENTICATION 137 7.1 Introduction 137 7.2 Problem Formulation 138 7.2.1 Network Model 138 7.2.2 Security Model 139 7.3 Basic Cooperative Authentication Scheme 140 7.4 Secure Cooperative Authentication Scheme 141 7.4.1 Evidence and Token for Fairness 142 7.4.2 Authentication Proof 145 7.4.3 Flows of Proposed Scheme 146 7.5 Security Analysis 147 7.5.1 Linkability Attack 147 7.5.2 Free-Riding Attack without Authentication Efforts 147 7.5.3 Free-Riding Attack with Fake Authentication Efforts 148 7.6 Performance Evaluation 148 7.6.1 Simulation Settings 148 7.6.2 Simulation Results 149 7.7 Concluding Remarks 150 References 151 8 CONTEXT-AWARE COOPERATIVE AUTHENTICATION 153 8.1 Introduction 153 8.2 Message Trustworthiness in VANETs 156 8.3 System Model and Design Goal 159 8.3.1 Network Model 159 8.3.2 Attack Model 159 8.3.3 Design Goals 160 8.4 Preliminaries 160 8.4.1 Pairing Technique 160 8.4.2 Aggregate Signature and Batch Verification 160 8.5 Proposed AEMAT Scheme 161 8.5.1 System Setup 161 8.5.2 Registration 162 8.5.3 SER Generation and Broadcasting 162 8.5.4 SER Opportunistic Forwarding 162 8.5.5 SER Aggregated Authentication 163 8.5.6 SER Aggregated Trustworthiness 165 8.6 Security Discussion 168 8.6.1 Collusion Attacks 168 8.6.2 Privacy Protection of Witnesses 168 8.7 Performance Evaluation 169 8.7.1 Transmission Cost 169 8.7.2 Computational Cost 169 8.8 Concluding Remarks 170 References 170 9 FAST HANDOVER AUTHENTICATION BASED ON MOBILITY PREDICTION 173 9.1 Introduction 173 9.2 Vehicular Network Architecture 175 9.3 Proposed Fast Handover Authentication Scheme Based on Mobility Prediction 176 9.3.1 Multilayer Perceptron Classifier 176 9.3.2 Proposed Authentication Scheme 178 9.4 Security Analysis 183 9.4.1 Replay Attack 183 9.4.2 Forward Secrecy 183 9.5 Performance Evaluation 184 9.6 Concluding Remarks 185 References 186 Index 187

Read more less

Book SynopsisMaster Wireshark to solve real-world security problems If you don't already use Wireshark for a wide range of information security tasks, you will after this book. Mature and powerful, Wireshark is commonly used to find root cause of challenging network issues. This book extends that power to information security professionals, complete with a downloadable, virtual lab environment. Wireshark for Security Professionals covers both offensive and defensive concepts that can be applied to essentially any InfoSec role. Whether into network security, malware analysis, intrusion detection, or penetration testing, this book demonstrates Wireshark through relevant and useful examples. Master Wireshark through both lab scenarios and exercises. Early in the book, a virtual lab environment is provided for the purpose of getting hands-on experience with Wireshark. Wireshark is combined with two popular platforms: Kali, the security-focused Linux distribution, aTable of ContentsIntroduction xiii Chapter 1 Introducing Wireshark 1 What Is Wireshark? 2 A Best Time to Use Wireshark? 2 Avoiding Being Overwhelmed 3 The Wireshark User Interface 3 Packet List Pane 5 Packet Details Pane 6 Packet Bytes Pane 8 Filters 9 Capture Filters 9 Display Filters 13 Summary 17 Exercises 18 Chapter 2 Setting Up the Lab 19 Kali Linux 20 Virtualization 22 Basic Terminology and Concepts 23 Benefits of Virtualization 23 Virtual Box 24 Installing VirtualBox 24 Installing the VirtualBox Extension Pack 31 Creating a Kali Linux Virtual Machine 33 Installing Kali Linux 40 The W4SP Lab 46 Requirements 46 A Few Words about Docker 47 What Is GitHub? 48 Creating the Lab User 49 Installing the W4SP Lab on the Kali Virtual Machine 50 Setting Up the W4SP Lab 53 The Lab Network 54 Summary 55 Exercises 56 Chapter 3 The Fundamentals 57 Networking 58 OSI Layers 58 Networking between Virtual Machines 61 Security 63 The Security Triad 63 Intrusion Detection and Prevention Systems 63 False Positives and False Negatives 64 Malware 64 Spoofing and Poisoning 66 Packet and Protocol Analysis 66 A Protocol Analysis Story 67 Ports and Protocols 71 Summary 73 Exercises 74 Chapter 4 Capturing Packets 75 Sniffing 76 Promiscuous Mode 76 Starting the First Capture 78 TShark 82 Dealing with the Network 86 Local Machine 87 Sniffing Localhost 88 Sniffing on Virtual Machine Interfaces 92 Sniffing with Hubs 96 SPAN Ports 98 Network Taps 101 Transparent Linux Bridges 103 Wireless Networks 105 Loading and Saving Capture Files 108 File Formats 108 Ring Buffers and Multiple Files 111 Recent Capture Files 116 Dissectors 118 W4SP Lab: Managing Nonstandard HTTP Traffic 118 Filtering SMB Filenames 120 Packet Colorization 123 Viewing Someone Else’s Captures 126 Summary 127 Exercises 128 Chapter 5 Diagnosing Attacks 129 Attack Type: Man-in-the-Middle 130 Why MitM Attacks Are Effective 130 How MitM Attacks Get Done: ARP 131 W4SP Lab: Performing an ARP MitM Attack 133 W4SP Lab: Performing a DNS MitM Attack 141 How to Prevent MitM Attacks 147 Attack Type: Denial of Service 148 Why DoS Attacks Are Effective 149 How DoS Attacks Get Done 150 How to Prevent DoS Attacks 155 Attack Type: Advanced Persistent Threat 156 Why APT Attacks Are Effective 156 How APT Attacks Get Done 157 Example APT Traffic in Wireshark 157 How to Prevent APT Attacks 161 Summary 162 Exercises 162 Chapter 6 Offensive Wireshark 163 Attack Methodology 163 Reconnaissance Using Wireshark 165 Evading IPS/IDS 168 Session Splicing and Fragmentation 168 Playing to the Host, Not the IDS 169 Covering Tracks and Placing Backdoors 169 Exploitation 170 Setting Up the W4SP Lab with Metasploitable 171 Launching Metasploit Console 171 VSFTP Exploit 172 Debugging with Wireshark 173 Shell in Wireshark 175 TCP Stream Showing a Bind Shell 176 TCP Stream Showing a Reverse Shell 183 Starting ELK 188 Remote Capture over SSH 190 Summary 191 Exercises 192 Chapter 7 Decrypting TLS, Capturing USB, Keyloggers, and Network Graphing 193 Decrypting SSL/TLS 193 Decrypting SSL/TLS Using Private Keys 195 Decrypting SSL/TLS Using Session Keys 199 USB and Wireshark 202 Capturing USB Traffic on Linux 203 Capturing USB Traffic on Windows 206 TShark Keylogger 208 Graphing the Network 212 Lua with Graphviz Library 213 Summary 218 Exercises 219 Chapter 8 Scripting with Lua 221 Why Lua? 222 Scripting Basics 223 Variables 225 Functions and Blocks 226 Loops 228 Conditionals 230 Setup 230 Checking for Lua Support 231 Lua Initialization 232 Windows Setup 233 Linux Setup 233 Tools 234 Hello World with TShark 236 Counting Packets Script 237 ARP Cache Script 241 Creating Dissectors for Wireshark 244 Dissector Types 245 Why a Dissector Is Needed 245 Experiment 253 Extending Wireshark 255 Packet Direction Script 255 Marking Suspicious Script 257 Snooping SMB File Transfers 260 Summary 262 Index 265

Read more less

Book SynopsisIncorporate offense and defense for a more effective network security strategy Network Attacks and Exploitation provides a clear, comprehensive roadmap for developing a complete offensive and defensive strategy to engage in or thwart hacking and computer espionage. Written by an expert in both government and corporate vulnerability and security operations, this guide helps you understand the principles of the space and look beyond the individual technologies of the moment to develop durable comprehensive solutions. Numerous real-world examples illustrate the offensive and defensive concepts at work, including Conficker, Stuxnet, the Target compromise, and more. You will find clear guidance toward strategy, tools, and implementation, with practical advice on blocking systematic computer espionage and the theft of information from governments, companies, and individuals. Assaults and manipulation of computer networks are rampant around the world. One of the biggeTable of ContentsIntroduction xvii Chapter 1 Computer Network Exploitation 1 Operations 4 Operational Objectives 5 Strategic Collection 6 Directed Collection 7 Non-Kinetic Computer Network Attack (CNA) 7 Strategic Access 9 Positional Access 9 CNE Revisited 11 A Framework for Computer Network Exploitation 11 First Principles 12 Principles 12 Themes 14 Summary 15 Chapter 2 The Attacker 17 Principle of Humanity 17 Life Cycle of an Operation 18 Stage 1: Targeting 19 Stage 2: Initial Access 22 Stage 3: Persistence 24 Stage 4: Expansion 25 Stage 5: Exfiltration 26 Stage 6: Detection 26 Principle of Access 27 Inbound Access 27 Outbound Access 29 Bidirectional Access 35 No Outside Access 35 Access Summary 36 Principle of Economy 37 Time 37 Targeting Capabilities 37 Exploitation Expertise 38 Networking Expertise 38 Software Development Expertise 39 Operational Expertise 40 Operational Analysis Expertise 40 Technical Resources 41 Economy Summary 41 Attacker Structure 41 Summary 43 Chapter 3 The Defender 45 Principle of Humanity 45 Humanity and Network Layout 46 Humanity and Security Policy 47 Principle of Access 48 The Defensive Life Cycle 49 Principle of Economy 51 The Helpful Defender 53 Summary 54 Chapter 4 Asymmetries 55 False Asymmetries 56 Advantage Attacker 59 Motivation 60 Initiative 61 Focus 62 Effect of Failure 62 Knowledge of Technology 64 Analysis of Opponent 64 Tailored Software 65 Rate of Change 66 Advantage Defender 67 Network Awareness 68 Network Posture 68 Advantage Indeterminate 69 Time 69 Efficiency 70 Summary 71 Chapter 5 Attacker Frictions 73 Mistakes 74 Complexity 74 Flawed Attack Tools 75 Upgrades and Updates 77 Other Attackers 78 The Security Community 80 Bad Luck 81 Summary 81 Chapter 6 Defender Frictions 83 Mistakes 83 Flawed Software 84 Inertia 86 The Security Community 87 Complexity 89 Users 91 Bad Luck 92 Summary 92 Chapter 7 Offensive Strategy 93 Principle 1: Knowledge 95 Measuring Knowledge 96 Principle 2: Awareness 97 Measuring Awareness 98 Principle 3: Innovation 98 Measuring Innovation 99 Defensive Innovation 100 Principle 4: Precaution 101 Measuring Precaution 103 Principle 5: Operational Security 105 Minimizing Exposure 106 Minimizing Recognition 107 Controlling Reaction 108 Measuring Operational Security 109 Principle 6: Program Security 110 Attacker Liabilities 110 Program Security Costs 112 Measuring Program Security 120 Crafting an Offensive Strategy 121 Modular Frameworks 124 A Note on Tactical Decisions 126 Summary 127 Chapter 8 Defensive Strategy 129 Failed Tactics 130 Antivirus and Signature-Based Detection 130 Password Policies 132 User Training 134 Crafting a Defensive Strategy 135 Cloud-Based Security 143 Summary 145 Chapter 9 Offensive Case Studies 147 Stuxnet 148 Access 148 Economy 149 Humanity 149 Knowledge 149 Awareness 149 Precaution 150 Innovation 151 Operational Security 151 Program Security 153 Stuxnet Summary 154 Flame 154 Gauss 157 Dragonfly 159 Red October 160 APT 1 162 Axiom 164 Summary 165 Epilogue 167 Appendix Attack Tools 169 Antivirus Defeats 169 Audio/Webcam Recording 170 Backdoor 170 Bootkit 171 Collection Tools 171 Exploits 171 Fuzzer 172 Hardware-based Trojan 172 Implant 173 Keystroke Logger 173 Network Capture 173 Network Survey 173 Network Tunnel 174 Password Dumpers and Crackers 174 Packer 175 Persistence Mechanism 175 Polymorphic Code Generator 177 Rootkit 178 Screen Scraper 178 System Survey 178 Vulnerability Scanner 178 References 179 Bibliography 189 Index 193

Read more less

Book SynopsisThis book describes the current and most probable future wireless security solutions. The focus is on the technical discussion of existing systems and new trends like Internet of Things (IoT).Table of ContentsAbout the Author xii Preface xiii Acknowledgements xv Abbreviations xvi 1 Introduction 1 1.1 Introduction 1 1.2 Wireless Security 2 1.2.1 Background and Advances 2 1.2.2 Statistics 2 1.2.3 Wireless Threats 4 1.2.4 M2M Environment 9 1.3 Standardization 10 1.3.1 The Open Mobile Alliance (OMA) 10 1.3.2 The International Organization for Standardization (ISO) 12 1.3.3 The International Telecommunications Union (ITU) 14 1.3.4 The European Telecommunications Standards Institute (ETSI) 14 1.3.5 The Institute of Electrical and Electronics Engineers (IEEE) 15 1.3.6 The Internet Engineering Task Force (IETF) 16 1.3.7 The 3rd Generation Partnership Project (3GPP) 16 1.3.8 The 3rd Generation Partnership Project 2 (3GPP2) 25 1.3.9 The GlobalPlatform 25 1.3.10 The SIMalliance 26 1.3.11 The Smartcard Alliance 27 1.3.12 The GSM Association (GSMA) 27 1.3.13 The National Institute of Standards and Technology (NIST) 28 1.3.14 The National Highway Transportation and Safety Administration (NHTSA) 28 1.3.15 Other Standardization and Industry Forums 28 1.3.16 The EMV Company (EMVCo) 29 1.3.17 The Personal Computer/Smartcard (PC/SC) 29 1.3.18 The Health Insurance Portability and Accountability Act (HIPAA) 29 1.3.19 The Common Criteria (CC) 29 1.3.20 The Evaluation Assurance Level (EAL) 30 1.3.21 The Federal Information Processing Standards (FIPS) 31 1.3.22 Biometric Standards 31 1.3.23 Other Related Entities 32 1.4 Wireless Security Principles 32 1.4.1 General 32 1.4.2 Regulation 33 1.4.3 Security Architectures 33 1.4.4 Algorithms and Security Principles 33 1.5 Focus and Contents of the Book 36 References 38 2 Security of Wireless Systems 42 2.1 Overview 42 2.1.1 Overall Security Considerations in the Mobile Environment 42 2.1.2 Developing Security Threats 43 2.1.3 RF Interferences and Safety 45 2.2 Effects of Broadband Mobile Data 46 2.2.1 Background 46 2.2.2 The Role of Networks 47 2.2.3 The Role of Apps 50 2.2.4 UE Application Development 52 2.2.5 Developers 55 2.2.6 The Role of the SIM/UICC 56 2.2.7 Challenges of Legislation 57 2.2.8 Updating Standards 58 2.2.9 3GPP System Evolution 58 2.3 GSM 59 2.3.1 The SIM 60 2.3.2 Authentication and Authorization 62 2.3.3 Encryption of the Radio Interface 63 2.3.4 Encryption of IMSI 65 2.3.5 Other GSM Security Aspects 65 2.4 UMTS/HSPA 66 2.4.1 Principles of 3G Security 66 2.4.2 Key Utilization 68 2.4.3 3G Security Procedures 69 2.5 Long Term Evolution 71 2.5.1 Protection and Security Principles 71 2.5.2 X.509 Certificates and Public Key Infrastructure (PKI) 71 2.5.3 IPsec and Internet Key Exchange (IKE) for LTE Transport Security 72 2.5.4 Traffic Filtering 73 2.5.5 LTE Radio Interface Security 74 2.5.6 Authentication and Authorization 78 2.5.7 LTE/SAE Service Security – Case Examples 79 2.5.8 Multimedia Broadcast and Multicast Service (MBMS) and enhanced MBMS (eMBMS) 83 2.6 Security Aspects of Other Networks 91 2.6.1 CDMA (IS‐95) 91 2.6.2 CDMA2000 93 2.6.3 Broadcast Systems 94 2.6.4 Satellite Systems 94 2.6.5 Terrestrial Trunked Radio (TETRA) 95 2.6.6 Wireless Local Area Network (WLAN) 96 2.7 Interoperability 102 2.7.1 Simultaneous Support for LTE/SAE and 2G/3G 102 2.7.2 VoLTE 105 2.7.3 CS Fallback 105 2.7.4 Inter‐operator Security Aspects 106 2.7.5 Wi‐Fi Networks and Offload 106 2.7.6 Femtocell Architecture 108 References 109 3 Internet of Things 112 3.1 Overview 112 3.2 Foundation 113 3.2.1 Definitions 113 3.2.2 Security Considerations of IoT 115 3.2.3 The Role of IoT 115 3.2.4 IoT Environment 117 3.2.5 IoT Market 120 3.2.6 Connectivity 121 3.2.7 Regulation 122 3.2.8 Security Risks 123 3.2.9 Cloud 128 3.2.10 Cellular Connectivity 129 3.2.11 WLAN 133 3.2.12 Low‐Range Systems 133 3.3 Development of IoT 140 3.3.1 GSMA Connected Living 140 3.3.2 The GlobalPlatform 141 3.3.3 Other Industry Forums 141 3.4 Technical Description of IoT 142 3.4.1 General 142 3.4.2 Secure Communication Channels and Interfaces 143 3.4.3 Provisioning and Key Derivation 144 3.4.4 Use Cases 144 References 148 4 Smartcards and Secure Elements 150 4.1 Overview 150 4.2 Role of Smartcards and SEs 151 4.3 Contact Cards 153 4.3.1 ISO/IEC 7816‐1 154 4.3.2 ISO/IEC 7816‐2 155 4.3.3 ISO/IEC 7816‐3 155 4.3.4 ISO/IEC 7816‐4 157 4.3.5 ISO/IEC 7816‐5 157 4.3.6 ISO/IEC 7816‐6 157 4.3.7 ISO/IEC 7816‐7 157 4.3.8 ISO/IEC 7816‐8 157 4.3.9 ISO/IEC 7816‐9 158 4.3.10 ISO/IEC 7816‐10 158 4.3.11 ISO/IEC 7816‐11 158 4.3.12 ISO/IEC 7816‐12 158 4.3.13 ISO/IEC 7816‐13 158 4.3.14 ISO/IEC 7816‐15 158 4.4 The SIM/UICC 159 4.4.1 Terminology 159 4.4.2 Principle 159 4.4.3 Key Standards 160 4.4.4 Form Factors 161 4.5 Contents of the SIM 164 4.5.1 UICC Building Blocks 164 4.5.2 The SIM Application Toolkit (SAT) 167 4.5.3 Contents of the UICC 168 4.6 Embedded SEs 168 4.6.1 Principle 168 4.6.2 M2M Subscription Management 169 4.6.3 Personalization 172 4.6.4 M2M SIM Types 173 4.7 Other Card Types 174 4.7.1 Access Cards 174 4.7.2 External SD Cards 175 4.8 Contactless Cards 175 4.8.1 ISO/IEC Standards 175 4.8.2 NFC 176 4.9 Electromechanical Characteristics of Smartcards 178 4.9.1 HW Blocks 178 4.9.2 Memory 178 4.9.3 Environmental Classes 179 4.10 Smartcard SW 181 4.10.1 File Structure 181 4.10.2 Card Commands 183 4.10.3 Java Card 184 4.11 UICC Communications 184 4.11.1 Card Communications 184 4.11.2 Remote File Management 185 References 186 5 Wireless Payment and Access Systems 188 5.1 Overview 188 5.2 Wireless Connectivity as a Base for Payment and Access 188 5.2.1 Barcodes 189 5.2.2 RFID 191 5.2.3 NFC 192 5.2.4 Secure Element 196 5.2.5 Tokenization 198 5.3 E‐commerce 200 5.3.1 EMV 200 5.3.2 Google Wallet 200 5.3.3 Visa 201 5.3.4 American Express 201 5.3.5 Square 201 5.3.6 Other Bank Initiatives 201 5.3.7 Apple Pay 201 5.3.8 Samsung Pay 202 5.3.9 MCX 202 5.3.10 Comparison of Wallet Solutions 202 5.4 Transport 203 5.4.1 MiFare 204 5.4.2 CiPurse 204 5.4.3 Calypso 204 5.4.4 FeliCa 205 5.5 Other Secure Systems 205 5.5.1 Mobile ID 205 5.5.2 Personal Identity Verification 205 5.5.3 Access Systems 206 References 206 6 Wireless Security Platforms and Functionality 208 6.1 Overview 208 6.2 Forming the Base 208 6.2.1 Secure Service Platforms 209 6.2.2 SEs 209 6.3 Remote Subscription Management 210 6.3.1 SIM as a Basis for OTA 210 6.3.2 TSM 212 6.3.3 TEE 213 6.3.4 HCE and the Cloud 216 6.3.5 Comparison 219 6.4 Tokenization 219 6.4.1 PAN Protection 219 6.4.2 HCE and Tokenization 221 6.5 Other Solutions 221 6.5.1 Identity Solutions 221 6.5.2 Multi‐operator Environment 222 References 222 7 Mobile Subscription Management 223 7.1 Overview 223 7.2 Subscription Management 223 7.2.1 Development 223 7.2.2 Benefits and Challenges of Subscription Management 225 7.3 OTA Platforms 226 7.3.1 General 226 7.3.2 Provisioning Procedure 227 7.3.3 SMS‐based SIM OTA 227 7.3.4 HTTPS‐based SIM OTA 230 7.3.5 Commercial Examples of SIM OTA Solutions 231 7.4 Evolved Subscription Management 232 7.4.1 GlobalPlatform 233 7.4.2 SIMalliance 233 7.4.3 OMA 233 7.4.4 GSMA 235 References 240 8 Security Risks in the Wireless Environment 242 8.1 Overview 242 8.2 Wireless Attack Types 243 8.2.1 Cyber‐attacks 243 8.2.2 Radio Jammers and RF Attacks 244 8.2.3 Attacks against SEs 245 8.2.4 IP Breaches 245 8.2.5 UICC Module 246 8.3 Security Flaws on Mobile Networks 247 8.3.1 Potential Security Weaknesses of GSM 247 8.3.2 Potential Security Weaknesses of 3G 254 8.4 Protection Methods 254 8.4.1 LTE Security 254 8.4.2 Network Attack Types in LTE/SAE 255 8.4.3 Preparation for the Attacks 256 8.5 Errors in Equipment Manufacturing 259 8.5.1 Equipment Ordering 259 8.5.2 Early Testing 260 8.6 Self‐Organizing Network Techniques for Test and Measurement 264 8.6.1 Principle 264 8.6.2 Self‐configuration 265 8.6.3 Self‐optimizing 266 8.6.4 Self‐healing 266 8.6.5 Technical Issues and Impact on Network Planning 266 8.6.6 Effects on Network Installation, Commissioning and Optimization 267 8.6.7 SON and Security 268 References 268 9 Monitoring and Protection Techniques 270 9.1 Overview 270 9.2 Personal Devices 271 9.2.1 Wi‐Fi Connectivity 271 9.2.2 Firewalls 271 9.3 IP Core Protection Techniques 272 9.3.1 General Principles 272 9.3.2 LTE Packet Core Protection 272 9.3.3 Protection against Roaming Threats 275 9.4 HW Fault and Performance Monitoring 276 9.4.1 Network Monitoring 277 9.4.2 Protection against DoS/DDoS 277 9.4.3 Memory Wearing 277 9.5 Security Analysis 278 9.5.1 Post‐processing 278 9.5.2 Real‐time Security Analysis 278 9.6 Virus Protection 279 9.7 Legal Interception 281 9.8 Personal Safety and Privacy 283 9.8.1 CMAS 283 9.8.2 Location Privacy 285 9.8.3 Bio‐effects 286 References 287 10 Future of Wireless Solutions and Security 288 10.1 Overview 288 10.2 IoT as a Driving Force 288 10.3 Evolution of 4G 289 10.4 Development of Devices 291 10.4.1 Security Aspects of Smartcards 291 10.4.2 Mobile Device Considerations 291 10.4.3 IoT Device Considerations 292 10.4.4 Sensor Networks and Big Data 293 10.5 5G Mobile Communications 294 10.5.1 Standardization 294 10.5.2 Concept 295 10.5.3 Industry and Investigation Initiatives 297 10.5.4 Role of 5G in IoT 297 References 297 Index 299

Read more less

Book SynopsisAn advanced Domain Name System (DNS) security resource that explores the operation of DNS, its vulnerabilities, basic security approaches, and mitigation strategies DNS Security Management offers an overall role-based security approach and discusses the various threats to the Domain Name Systems (DNS).Table of ContentsPreface xiii Acknowledgments xvii 1 INTRODUCTION 1 Why Attack DNS? 1 Network Disruption 2 DNS as a Backdoor 2 DNS Basic Operation 3 Basic DNS Data Sources and Flows 4 DNS Trust Model 5 DNS Administrator Scope 6 Security Context and Overview 7 Cybersecurity Framework Overview 7 Framework Implementation 9 What’s Next 15 2 INTRODUCTION TO THE DOMAIN NAME SYSTEM (DNS) 17 DNS Overview – Domains and Resolution 17 Domain Hierarchy 18 Name Resolution 18 Zones and Domains 23 Dissemination of Zone Information 25 Additional Zones 26 Resolver Configuration 27 Summary 29 3 DNS PROTOCOL AND MESSAGES 31 DNS Message Format 31 Encoding of Domain Names 31 Name Compression 32 Internationalized Domain Names 34 DNS Message Format 35 DNS Update Messages 43 The DNS Resolution Process Revisited 48 DNS Resolution Privacy Extension 55 Summary 56 4 DNS VULNERABILITIES 57 Introduction 57 DNS Data Security 57 DNS Information Trust Model 59 DNS Information Sources 60 DNS Risks 61 DNS Infrastructure Risks and Attacks 62 DNS Service Availability 62 Hardware/OS Attacks 63 DNS Service Denial 63 Pseudorandom Subdomain Attacks 67 Cache Poisoning Style Attacks 67 Authoritative Poisoning 71 Resolver Redirection Attacks 73 Broader Attacks that Leverage DNS 74 Network Reconnaissance 75 DNS Rebinding Attack 77 Reflector Style Attacks 78 Data Exfiltration 79 Advanced Persistent Threats 81 Summary 83 5 DNS TRUST SECTORS 85 Introduction 85 Cybersecurity Framework Items 87 Identify 87 Protect 87 Detect 88 DNS Trust Sectors 88 External DNS Trust Sector 91 Basic Server Configuration 93 DNS Hosting of External Zones 97 External DNS Diversity 97 Extranet DNS Trust Sector 98 Recursive DNS Trust Sector 99 Tiered Caching Servers 100 Basic Server Configuration 101 Internal Authoritative DNS Servers 103 Basic Server Configuration 105 Additional DNS Deployment Variants 108 Internal Delegation DNS Master/Slave Servers 109 Multi-Tiered Authoritative Configurations 109 Hybrid Authoritative/Caching DNS Servers 111 Stealth Slave DNS Servers 111 Internal Root Servers 111 Deploying DNS Servers with Anycast Addresses 113 Other Deployment Considerations 118 High Availability 118 Multiple Vendors 118 Sizing and Scalability 118 Load Balancers 119 Lab Deployment 119 Putting It All Together 119 6 SECURITY FOUNDATION 121 Introduction 121 Hardware/Asset Related Framework Items 122 Identify: Asset Management 122 Identify: Business Environment 123 Identify: Risk Assessment 124 Protect: Access Control 126 Protect: Data Security 127 Protect: Information Protection 129 Protect: Maintenance 130 Detect: Anomalies and Events 131 Detect: Security Continuous Monitoring 131 Respond: Analysis 132 Respond: Mitigation 132 Recover: Recovery Planning 133 Recover: Improvements 133 DNS Server Hardware Controls 134 DNS Server Hardening 134 Additional DNS Server Controls 136 Summary 137 7 SERVICE DENIAL ATTACKS 139 Introduction 139 Denial of Service Attacks 139 Pseudorandom Subdomain Attacks 141 Reflector Style Attacks 143 Detecting Service Denial Attacks 144 Denial of Service Protection 145 DoS/DDoS Mitigation 145 Bogus Queries Mitigation 147 PRSD Attack Mitigation 148 Reflector Mitigation 148 Summary 151 8 CACHE POISONING DEFENSES 153 Introduction 153 Attack Forms 154 Packet Interception or Spoofing 154 ID Guessing or Query Prediction 155 Name Chaining 155 The Kaminsky DNS Vulnerability 156 Cache Poisoning Detection 159 Cache Poisoning Defense Mechanisms 160 UDP Port Randomization 160 Query Name Case Randomization 161 DNS Security Extensions 161 Last Mile Protection 167 9 SECURING AUTHORITATIVE DNS DATA 169 Introduction 169 Attack Forms 170 Resolution Data at Rest 170 Domain Registries 170 DNS Hosting Providers 171 DNS Data in Motion 172 Attack Detection 172 Authoritative Data 172 Domain Registry 173 Domain Hosting 173 Falsified Resolution 173 Defense Mechanisms 174 Defending DNS Data at Rest 174 Defending Resolution Data in Motion with DNSSEC 176 Summary 186 10 ATTACKER EXPLOITATION OF DNS 187 Introduction 187 Network Reconnaissance 187 Data Exfiltration 188 Detecting Nefarious use of DNS 189 Detecting Network Reconnaissance 189 DNS Tunneling Detection 190 Mitigation of Illicit DNS Use 193 Network Reconnaissance Mitigation 193 Mitigation of DNS Tunneling 193 11 MALWARE AND APTS 195 Introduction 195 Malware Proliferation Techniques 196 Phishing 196 Spear Phishing 196 Downloads 196 File Sharing 197 Email Attachments 197 Watering Hole Attack 197 Replication 197 Implantation 197 Malware Examples 198 Malware Use of DNS 198 DNS Fluxing 198 Dynamic Domain Generation 202 Detecting Malware 202 Detecting Malware Using DNS Data 203 Mitigating Malware Using DNS 206 Malware Extrication 206 DNS Firewall 207 Summary 210 12 DNS SECURITY STRATEGY 213 Major DNS Threats and Mitigation Approaches 214 Common Controls 214 Disaster Defense 214 Defenses Against Human Error 220 DNS Role-Specific Defenses 220 Stub Resolvers 220 Forwarder DNS Servers 221 Recursive Servers 221 Authoritative Servers 222 Broader Security Strategy 222 Identify Function 223 Protect Function 224 Detect Function 225 Respond Function 226 Recover Function 227 13 DNS APPLICATIONS TO IMPROVE NETWORK SECURITY 229 Safer Web Browsing 230 DNS-Based Authentication of Named Entities (DANE) 230 Email Security 232 Email and DNS 233 DNS Block Listing 237 Sender Policy Framework (SPF) 238 Domain Keys Identified Mail (DKIM) 242 Domain-Based Message Authentication, Reporting, and Conformance (DMARC) 245 Securing Automated Information Exchanges 246 Dynamic DNS Update Uniqueness Validation 246 Storing Security-Related Information 247 Other Security Oriented DNS Resource Record Types 247 Summary 251 14 DNS SECURITY EVOLUTION 253 Appendix A: Cybersecurity Framework Core DNS Example 257 Appendix B: DNS Resource Record Types 285 Bibliography 291 Index 299

Read more less

Book SynopsisIntroduces readers to the field of cyber modeling and simulation and examines current developments in the US and internationally This book provides an overview of cyber modeling and simulation (M&S) developments. Using scenarios, courses of action (COAs), and current M&S and simulation environments, the author presents the overall information assurance process, incorporating the people, policies, processes, and technologies currently available in the field. The author ties up the various threads that currently compose cyber M&S into a coherent view of what is measurable, simulative, and usable in order to evaluate systems for assured operation. An Introduction to Cyber Modeling and Simulation provides the reader with examples of tools and technologies currently available for performing cyber modeling and simulation. It examines how decision-making processes may benefit from M&S in cyber defense. It also examines example emulators, simulators and their potential combination. The bookTable of Contents1 Brief Review of Cyber Incidents 1 1.1 Cyber’s Emergence as an Issue 3 1.2 Estonia and Georgia – Militarization of Cyber 4 1.3 Conclusions 6 2 Cyber Security – An Introduction to Assessment and Maturity Frameworks 9 2.1 Assessment Frameworks 9 2.2 NIST 800 Risk Framework 9 2.2.1 Maturity Models 12 2.2.2 Use Cases/Scenarios 13 2.3 Cyber Insurance Approaches 14 2.3.1 An Introduction to Loss Estimate and Rate Evaluation for Cyber 17 2.4 Conclusions 17 2.5 Future Work 18 2.6 Questions 18 3 Introduction to Cyber Modeling and Simulation (M&S) 19 3.1 One Approach to the Science of Cyber Security 19 3.2 Cyber Mission System Development Framework 21 3.3 Cyber Risk Bow‐Tie: Likelihood to Consequence Model 21 3.4 Semantic Network Model of Cyberattack 22 3.5 Taxonomy of Cyber M&S 24 3.6 Cyber Security as a Linear System – Model Example 25 3.7 Conclusions 26 3.8 Questions 27 4 Technical and Operational Scenarios 29 4.1 Scenario Development 30 4.1.1 Technical Scenarios and Critical Security Controls (CSCs) 31 4.1.2 ARMOUR Operational Scenarios (Canada) 32 4.2 Cyber System Description for M&S 34 4.2.1 State Diagram Models/Scenarios of Cyberattacks 34 4.2.2 McCumber Model 35 4.2.3 Military Activity and Cyber Effects (MACE) Taxonomy 36 4.2.4 Cyber Operational Architecture Training System (COATS) Scenarios 37 4.3 Modeling and Simulation Hierarchy – Strategic Decision Making and Procurement Risk Evaluation 39 4.4 Conclusions 42 4.5 Questions 43 5 Cyber Standards for Modeling and Simulation 45 5.1 Cyber Modeling and Simulation Standards Background 46 5.2 An Introduction to Cyber Standards for Modeling and Simulation 47 5.2.1 MITRE’s (MITRE) Cyber Threat Information Standards 47 5.2.2 Cyber Operational Architecture Training System 49 5.2.3 Levels of Conceptual Interoperability 50 5.3 Standards Overview – Cyber vs. Simulation 51 5.3.1 Simulation Interoperability Standards Organization (SISO) Standards 52 5.3.2 Cyber Standards 54 5.4 Conclusions 56 5.5 Questions 57 6 Cyber Course of Action (COA) Strategies 59 6.1 Cyber Course of Action (COA) Background 59 6.1.1 Effects‐Based Cyber‐COA Optimization Technology and Experiments (EBCOTE) Project 59 6.1.2 Crown Jewels Analysis 60 6.1.3 Cyber Mission Impact Assessment (CMIA) Tool 61 6.1.4 Analyzing Mission Impacts of Cyber Actions 63 6.2 Cyber Defense Measurables – Decision Support System (DSS) Evaluation Criteria 64 6.2.1 Visual Analytics 65 6.2.2 Managing Cyber Events 67 6.2.3 DSS COA and VV&A 68 6.3 Cyber Situational Awareness (SA) 68 6.3.1 Active and Passive Situational Awareness for Cyber 69 6.3.2 Cyber System Monitoring and Example Approaches 69 6.4 Cyber COAs and Decision Types 70 6.5 Conclusions 71 6.6 Further Considerations 72 6.7 Questions 72 7 Cyber Computer‐Assisted Exercise (CAX) and Situational Awareness (SA) via Cyber M&S 75 7.1 Training Type and Current Cyber Capabilities 77 7.2 Situational Awareness (SA) Background and Measures 78 7.3 Operational Cyber Domain and Training Considerations 79 7.4 Cyber Combined Arms Exercise (CAX) Environment Architecture 81 7.4.1 CAX Environment Architecture with Cyber Layer 82 7.4.2 Cyber Injections into Traditional CAX – Leveraging Constructive Simulation 84 7.4.3 Cyber CAX – Individual and Group Training 85 7.5 Conclusions 86 7.6 Future Work 87 7.7 Questions 87 8 Cyber Model‐Based Evaluation Background 89 8.1 Emulators,Simulators, and Verification/Validation for Cyber System Description 89 8.2 Modeling Background 90 8.2.1 Cyber Simulators 91 8.2.2 Cyber Emulators 93 8.2.3 Emulator/Simulator Combinations for Cyber Systems 94 8.2.4 Verification, Validation, and Accreditation (VV&A) 96 8.3 Conclusions 99 8.4 Questions 100 9 Cyber Modeling and Simulation and System Risk Analysis 101 9.1 Background on Cyber System Risk Analysis 101 9.2 Introduction to using Modeling and Simulation for System Risk Analysis with Cyber Effects 104 9.3 General Business Enterprise Description Model 105 9.3.1 Translate Data to Knowledge 107 9.3.2 Understand the Enterprise 114 9.3.3 Sampling and Cyber Attack Rate Estimation 114 9.3.4 Finding Unknown Knowns – Success in Finding Improvised Explosive Device Example 116 9.4 Cyber Exploit Estimation 116 9.4.1 Enterprise Failure Estimation due to Cyber Effects 118 9.5 Countermeasures and Work Package Construction 120 9.6 Conclusions and Future Work 122 9.7 Questions 124 10 Cyber Modeling & Simulation (M&S) for Test and Evaluation (T&E) 125 10.1 Background 125 10.2 Cyber Range Interoperability Standards (CRIS) 126 10.3 Cyber Range Event Process and Logical Range 127 10.4 Live,Virtual, and Constructive (LVC) for Cyber 130 10.4.1 Role of LVC in Capability Development 132 10.4.2 Use of LVC Simulations in Cyber Range Events 133 10.5 Applying the Logical Range Construct to System under Test (SUT) Interaction 134 10.6 Conclusions 135 10.7 Questions 136 11 Developing Model‐Based Cyber Modeling and Simulation Frameworks 137 11.1 Background 137 11.2 Model‐ Based Systems Engineering (MBSE) and System of Systems Description (Data Centric) 137 11.3 Knowledge‐ Based Systems Engineering (KBSE) for Cyber Simulation 138 11.3.1 DHS and SysML Modeling for Buildings (CEPHEID VARIABLE) 139 11.3.2 The Cyber Security Modeling Language (CySeMoL) 140 11.3.3 Cyber Attack Modeling and Impact Assessment Component (CAMIAC) 140 11.4 Architecture‐ Based Cyber System Optimization Framework 141 11.5 Conclusions 141 11.6 Questions 142 12 Appendix: Cyber M&S Supporting Data, Tools, and Techniques 143 12.1 Cyber Modeling Considerations 143 12.1.1 Factors to Consider for Cyber Modeling 143 12.1.2 Lessons Learned from Physical Security 144 12.1.3 Cyber Threat Data Providers 146 12.1.4 Critical Security Controls (CSCs) 147 12.1.5 Situational Awareness Measures 147 12.2 Cyber Training Systems 148 12.2.1 Scalable Network Defense Trainer (NDT) 153 12.2.2 SELEX ES NetComm Simulation Environment (NCSE) 153 12.2.3 Example Cyber Tool Companies 154 12.3 Cyber‐ Related Patents and Applications 154 12.4 Conclusions 160 Bibliography 161 Index 175

Read more less

Book SynopsisMACHINE LEARNING TECHNIQUES AND ANALYTICS FOR CLOUD SECURITY This book covers new methods, surveys, case studies, and policy with almost all machine learning techniques and analytics for cloud security solutions The aim of Machine Learning Techniques and Analytics for Cloud Security is to integrate machine learning approaches to meet various analytical issues in cloud security. Cloud security with ML has long-standing challenges that require methodological and theoretical handling. The conventional cryptography approach is less applied in resource-constrained devices. To solve these issues, the machine learning approach may be effectively used in providing security to the vast growing cloud environment. Machine learning algorithms can also be used to meet various cloud security issues, such as effective intrusion detection systems, zero-knowledge authentication systems, measures for passive attacks, protocols design, privacy system designs, applications, and many more. The book also coTable of ContentsContents Preface Part I: Conceptual Aspects on Cloud and Applications of Machine Learning 1 1 Hybrid Cloud: A New Paradigm in Cloud Computing 3 Moumita Deb and Abantika Choudhury 1.1 Introduction 3 1.2 Hybrid Cloud 5 1.2.1 Architecture 6 1.2.2 Why Hybrid Cloud is Required? 6 1.2.3 Business and Hybrid Cloud 7 1.2.4 Things to Remember When Deploying Hybrid Cloud 8 1.3 Comparison Among Different Hybrid Cloud Providers 9 1.3.1 Cloud Storage and Backup Benefits 11 1.3.2 Pros and Cons of Different Service Providers 11 1.3.2.1 AWS Outpost 12 1.3.2.2 Microsoft Azure Stack 12 1.3.2.3 Google Cloud Anthos 12 1.3.3 Review on Storage of the Providers 13 1.3.3.1 AWS Outpost Storage 13 1.3.3.2 Google Cloud Anthos Storage 13 1.3.4 Pricing 15 1.4 Hybrid Cloud in Education 15 1.5 Significance of Hybrid Cloud Post-Pandemic 15 1.6 Security in Hybrid Cloud 16 1.6.1 Role of Human Error in Cloud Security 18 1.6.2 Handling Security Challenges 18 1.7 Use of AI in Hybrid Cloud 19 1.8 Future Research Direction 21 1.9 Conclusion 22 References 22 xix v 2 Recognition of Differentially Expressed Glycan Structure of H1N1 Virus Using Unsupervised Learning Framework 25 Shillpi Mishrra 2.1 Introduction 25 2.2 Proposed Methodology 27 2.3 Result 28 2.3.1 Description of Datasets 29 2.3.2 Analysis of Result 29 2.3.3 Validation of Results 31 2.3.3.1 T-Test (Statistical Validation) 31 2.3.3.2 Statistical Validation 33 2.3.4 Glycan Cloud 37 2.4 Conclusions and Future Work 38 References 39 3 Selection of Certain Cancer Mediating Genes Using a Hybrid Model Logistic Regression Supported by Principal Component Analysis (PC-LR) 41 Subir Hazra, Alia Nikhat Khurshid and Akriti 3.1 Introduction 41 3.2 Related Methods 44 3.3 Methodology 46 3.3.1 Description 47 3.3.2 Flowchart 49 3.3.3 Algorithm 49 3.3.4 Interpretation of the Algorithm 50 3.3.5 Illustration 50 3.4 Result 51 3.4.1 Description of the Dataset 51 3.4.2 Result Analysis 51 3.4.3 Result Set Validation 52 3.5 Application in Cloud Domain 56 3.6 Conclusion 58 References 59 Part II: Cloud Security Systems Using Machine Learning Techniques 61 4 Cost-Effective Voice-Controlled Real-Time Smart Informative Interface Design With Google Assistance Technology 63 Soumen Santra, Partha Mukherjee and Arpan Deyasi 4.1 Introduction 64 4.2 Home Automation System 65 4.2.1 Sensors 65 4.2.2 Protocols 66 4.2.3 Technologies 66 4.2.4 Advantages 67 4.2.5 Disadvantages 67 4.3 Literature Review 67 4.4 Role of Sensors and Microcontrollers in Smart Home Design 68 4.5 Motivation of the Project 70 4.6 Smart Informative and Command Accepting Interface 70 4.7 Data Flow Diagram 71 4.8 Components of Informative Interface 72 4.9 Results 73 4.9.1 Circuit Design 73 4.9.2 LDR Data 76 4.9.3 API Data 76 4.10 Conclusion 78 4.11 Future Scope 78 References 78 5 Symmetric Key and Artificial Neural Network With Mealy Machine: A Neoteric Model of Cryptosystem for Cloud Security 81 Anirban Bhowmik, Sunil Karforma and Joydeep Dey 5.1 Introduction 81 5.2 Literature Review 85 5.3 The Problem 86 5.4 Objectives and Contributions 86 5.5 Methodology 87 5.6 Results and Discussions 91 5.6.1 Statistical Analysis 93 5.6.2 Randomness Test of Key 94 5.6.3 Key Sensitivity Analysis 95 5.6.4 Security Analysis 96 5.6.5 Dataset Used on ANN 96 5.6.6 Comparisons 98 5.7 Conclusions 99 References 99 6 An Efficient Intrusion Detection System on Various Datasets Using Machine Learning Techniques 103 Debraj Chatterjee 6.1 Introduction 103 6.2 Motivation and Justification of the Proposed Work 104 6.3 Terminology Related to IDS 105 6.3.1 Network 105 6.3.2 Network Traffic 105 6.3.3 Intrusion 106 6.3.4 Intrusion Detection System 106 6.3.4.1 Various Types of IDS 108 6.3.4.2 Working Methodology of IDS 108 6.3.4.3 Characteristics of IDS 109 6.3.4.4 Advantages of IDS 110 6.3.4.5 Disadvantages of IDS 111 6.3.5 Intrusion Prevention System (IPS) 111 6.3.5.1 Network-Based Intrusion Prevention System (NIPS) 111 6.3.5.2 Wireless Intrusion Prevention System (WIPS) 112 6.3.5.3 Network Behavior Analysis (NBA) 112 6.3.5.4 Host-Based Intrusion Prevention System (HIPS) 112 6.3.6 Comparison of IPS With IDS/Relation Between IDS and IPS 112 6.3.7 Different Methods of Evasion in Networks 113 6.4 Intrusion Attacks on Cloud Environment 114 6.5 Comparative Studies 116 6.6 Proposed Methodology 121 6.7 Result 122 6.8 Conclusion and Future Scope 125 References 126 7 You Are Known by Your Mood: A Text-Based Sentiment Analysis for Cloud Security 129 Abhijit Roy and Parthajit Roy 7.1 Introduction 129 7.2 Literature Review 131 7.3 Essential Prerequisites 133 7.3.1 Security Aspects 133 7.3.2 Machine Learning Tools 135 7.3.2.1 Naïve Bayes Classifier 135 7.3.2.2 Artificial Neural Network 136 7.4 Proposed Model 136 7.5 Experimental Setup 138 7.6 Results and Discussions 139 7.7 Application in Cloud Security 142 7.7.1 Ask an Intelligent Security Question 142 7.7.2 Homomorphic Data Storage 142 7.7.3 Information Diffusion 144 7.8 Conclusion and Future Scope 144 References 145 8 The State-of-the-Art in Zero-Knowledge Authentication Proof for Cloud 149 Priyanka Ghosh 8.1 Introduction 149 8.2 Attacks and Countermeasures 153 8.2.1 Malware and Ransomware Breaches 154 8.2.2 Prevention of Distributing Denial of Service 154 8.2.3 Threat Detection 154 8.3 Zero-Knowledge Proof 154 8.4 Machine Learning for Cloud Computing 156 8.4.1 Types of Learning Algorithms 156 8.4.1.1 Supervised Learning 156 8.4.1.2 Supervised Learning Approach 156 8.4.1.3 Unsupervised Learning 157 8.4.2 Application on Machine Learning for Cloud Computing 157 8.4.2.1 Image Recognition 157 8.4.2.2 Speech Recognition 157 8.4.2.3 Medical Diagnosis 158 8.4.2.4 Learning Associations 158 8.4.2.5 Classification 158 8.4.2.6 Prediction 158 8.4.2.7 Extraction 158 8.4.2.8 Regression 158 8.4.2.9 Financial Services 159 8.5 Zero-Knowledge Proof: Details 159 8.5.1 Comparative Study 159 8.5.1.1 Fiat-Shamir ZKP Protocol 159 8.5.2 Diffie-Hellman Key Exchange Algorithm 161 8.5.2.1 Discrete Logarithm Attack 161 8.5.2.2 Man-in-the-Middle Attack 162 8.5.3 ZKP Version 1 162 8.5.4 ZKP Version 2 162 8.5.5 Analysis 164 8.5.6 Cloud Security Architecture 166 8.5.7 Existing Cloud Computing Architectures 167 8.5.8 Issues With Current Clouds 167 8.6 Conclusion 168 References 169 9 A Robust Approach for Effective Spam Detection Using Supervised Learning Techniques 171 Amartya Chakraborty, Suvendu Chattaraj, Sangita Karmakar and Shillpi Mishrra 9.1 Introduction 171 9.2 Literature Review 173 9.3 Motivation 174 9.4 System Overview 175 9.5 Data Description 176 9.6 Data Processing 176 9.7 Feature Extraction 178 9.8 Learning Techniques Used 179 9.8.1 Support Vector Machine 179 9.8.2 k-Nearest Neighbors 180 9.8.3 Decision Tree 180 9.8.4 Convolutional Neural Network 180 9.9 Experimental Setup 182 9.10 Evaluation Metrics 183 9.11 Experimental Results 185 9.11.1 Observations in Comparison With State-of-the-Art 187 9.12 Application in Cloud Architecture 188 9.13 Conclusion 189 References 190 10 An Intelligent System for Securing Network From Intrusion Detection and Prevention of Phishing Attack Using Machine Learning Approaches 193 Sumit Banik, Sagar Banik and Anupam Mukherjee 10.1 Introduction 193 10.1.1 Types of Phishing 195 10.1.1.1 Spear Phishing 195 10.1.1.2 Whaling 195 10.1.1.3 Catphishing and Catfishing 195 10.1.1.4 Clone Phishing 196 10.1.1.5 Voice Phishing 196 10.1.2 Techniques of Phishing 196 10.1.2.1 Link Manipulation 196 10.1.2.2 Filter Evasion 196 10.1.2.3 Website Forgery 196 10.1.2.4 Covert Redirect 197 10.2 Literature Review 197 10.3 Materials and Methods 199 10.3.1 Dataset and Attributes 199 10.3.2 Proposed Methodology 199 10.3.2.1 Logistic Regression 202 10.3.2.2 Naïve Bayes 202 10.3.2.3 Support Vector Machine 203 10.3.2.4 Voting Classification 203 10.4 Result Analysis 204 10.4.1 Analysis of Different Parameters for ML Models 204 10.4.2 Predictive Outcome Analysis in Phishing URLs Dataset 205 10.4.3 Analysis of Performance Metrics 206 10.4.4 Statistical Analysis of Results 210 ‌0.4.4. 1 ANOVA: Two-Factor Without Replication 210 10.4.4.2 ANOVA: Single Factor 210 10.5 Conclusion 210 References 211 Part III: Cloud Security Analysis Using Machine Learning Techniques 213 11 Cloud Security Using Honeypot Network and Blockchain: A Review 215 Smarta Sangui * and Swarup Kr Ghosh 11.1 Introduction 215 11.2 Cloud Computing Overview 216 11.2.1 Types of Cloud Computing Services 216 11.2.1.1 Software as a Service 216 11.2.1.2 Infrastructure as a Service 218 11.2.1.3 Platform as a Service 218 11.2.2 Deployment Models of Cloud Computing 218 11.2.2.1 Public Cloud 218 11.2.2.2 Private Cloud 218 11.2.2.3 Community Cloud 219 11.2.2.4 Hybrid Cloud 219 11.2.3 Security Concerns in Cloud Computing 219 11.2.3.1 Data Breaches 219 11.2.3.2 Insufficient Change Control and Misconfiguration 219 11.2.3.3 Lack of Strategy and Security Architecture 220 11.2.3.4 Insufficient Identity, Credential, Access, and Key Management 220 11.2.3.5 Account Hijacking 220 11.2.3.6 Insider Threat 220 11.2.3.7 Insecure Interfaces and APIs 220 11.2.3.8 Weak Control Plane 221 11.3 Honeypot System 221 11.3.1 VM (Virtual Machine) as Honeypot in the Cloud 221 11.3.2 Attack Sensing and Analyzing Framework 222 11.3.3 A Fuzzy Technique Against Fingerprinting Attacks 223 11.3.4 Detecting and Classifying Malicious Access 224 11.3.5 A Bayesian Defense Model for Deceptive Attack 224 11.3.6 Strategic Game Model for DDoS Attacks in Smart Grid 226 11.4 Blockchain 227 11.4.1 Blockchain-Based Encrypted Cloud Storage 228 11.4.2 Cloud-Assisted EHR Sharing via Consortium Blockchain 229 11.4.3 Blockchain-Secured Cloud Storage 230 11.4.4 Blockchain and Edge Computing–Based Security Architecture 230 11.4.5 Data Provenance Architecture in Cloud Ecosystem Using Blockchain 231 11.6 Comparative Analysis 233 11.7 Conclusion 233 References 234 12 Machine Learning–Based Security in Cloud Database—A Survey 239 Utsav Vora, Jayleena Mahato, Hrishav Dasgupta, Anand Kumar and Swarup Kr Ghosh 12.1 Introduction 239 12.2 Security Threats and Attacks 241 12.3 Dataset Description 244 12.3.1 NSL-KDD Dataset 244 12.3.2 UNSW-NB15 Dataset 244 12.4 Machine Learning for Cloud Security 245 12.4.1 Supervised Learning Techniques 245 12.4.1.1 Support Vector Machine 245 12.4.1.2 Artificial Neural Network 247 12.4.1.3 Deep Learning 249 12.4.1.4 Random Forest 250 12.4.2 Unsupervised Learning Techniques 251 12.4.2.1 K-Means Clustering 252 12.4.2.2 Fuzzy C-Means Clustering 253 12.4.2.3 Expectation-Maximization Clustering 253 12.4.2.4 Cuckoo Search With Particle Swarm Optimization (PSO) 254 12.4.3 Hybrid Learning Techniques 256 12.4.3.1 HIDCC: Hybrid Intrusion Detection Approach in Cloud Computing 256 12.4.3.2 Clustering-Based Hybrid Model in Deep Learning Framework 257 12.4.3.3 K-Nearest Neighbor–Based Fuzzy C-Means Mechanism 258 12.4.3.4 K-Means Clustering Using Support Vector Machine 260 12.4.3.5 K-Nearest Neighbor–Based Artificial Neural Network Mechanism 260 12.4.3.6 Artificial Neural Network Fused With Support Vector Machine 261 12.4.3.7 Particle Swarm Optimization–Based Probabilistic Neural Network 261 12.5 Comparative Analysis 262 12.6 Conclusion 264 References 267 13 Machine Learning Adversarial Attacks: A Survey Beyond 271 Chandni Magoo and Puneet Garg 13.1 Introduction 271 13.2 Adversarial Learning 272 13.2.1 Concept 272 13.3 Taxonomy of Adversarial Attacks 273 13.3.1 Attacks Based on Knowledge 273 13.3.1.1 Black Box Attack (Transferable Attack) 273 13.3.1.2 White Box Attack 274 13.3.2 Attacks Based on Goals 275 13.3.2.1 Target Attacks 275 13.3.2.2 Non-Target Attacks 275 13.3.3 Attacks Based on Strategies 275 13.3.3.1 Poisoning Attacks 275 13.3.3.2 Evasion Attacks 276 13.3.4 Textual-Based Attacks (NLP) 276 13.3.4.1 Character Level Attacks 276 13.3.4.2 Word-Level Attacks 276 13.3.4.3 Sentence-Level Attacks 276 13.4 Review of Adversarial Attack Methods 276 13.4.1 L-bfgs 277 13.4.2 Feedforward Derivation Attack (Jacobian Attack) 277 13.4.3 Fast Gradient Sign Method 278 13.4.4 Methods of Different Text-Based Adversarial Attacks 278 13.4.5 Adversarial Attacks Methods Based on Language Models 284 13.4.6 Adversarial Attacks on Recommender Systems 284 13.4.6.1 Random Attack 284 13.4.6.2 Average Attack 286 13.4.6.3 Bandwagon Attack 286 13.4.6.4 Reverse Bandwagon Attack 286 13.5 Adversarial Attacks on Cloud-Based Platforms 287 13.6 Conclusion 288 References 288 14 Protocols for Cloud Security 293 Weijing You and Bo Chen 14.1 Introduction 293 14.2 System and Adversarial Model 295 14.2.1 System Model 295 14.2.2 Adversarial Model 295 14.3 Protocols for Data Protection in Secure Cloud Computing 296 14.3.1 Homomorphic Encryption 297 14.3.2 Searchable Encryption 298 14.3.3 Attribute-Based Encryption 299 14.3.4 Secure Multi-Party Computation 300 14.4 Protocols for Data Protection in Secure Cloud Storage 301 14.4.1 Proofs of Encryption 301 14.4.2 Secure Message-Locked Encryption 303 14.4.3 Proofs of Storage 303 14.4.4 Proofs of Ownership 305 14.4.5 Proofs of Reliability 306 14.5 Protocols for Secure Cloud Systems 309 14.6 Protocols for Cloud Security in the Future 309 14.7 Conclusion 310 References 311 Part IV: Case Studies Focused on Cloud Security 313 15 A Study on Google Cloud Platform (GCP) and Its Security 315 Agniswar Roy, Abhik Banerjee and Navneet Bhardwaj 15.1 Introduction 315 15.1.1 Google Cloud Platform Current Market Holding 316 15.1.1.1 The Forrester Wave 317 15.1.1.2 Gartner Magic Quadrant 317 15.1.2 Google Cloud Platform Work Distribution 317 15.1.2.1 SaaS 318 15.1.2.2 PaaS 318 15.1.2.3 IaaS 318 15.1.2.4 On-Premise 318 15.2 Google Cloud Platform’s Security Features Basic Overview 318 15.2.1 Physical Premises Security 319 15.2.2 Hardware Security 319 15.2.3 Inter-Service Security 319 15.2.4 Data Security 320 15.2.5 Internet Security 320 15.2.6 In-Software Security 320 15.2.7 End User Access Security 321 15.3 Google Cloud Platform’s Architecture 321 15.3.1 Geographic Zone 321 15.3.2 Resource Management 322 15.3.2.1 Iam 322 15.3.2.2 Roles 323 15.3.2.3 Billing 323 15.4 Key Security Features 324 15.4.1 Iap 324 15.4.2 Compliance 325 15.4.3 Policy Analyzer 326 15.4.4 Security Command Center 326 15.4.4.1 Standard Tier 326 15.4.4.2 Premium Tier 326 15.4.5 Data Loss Protection 329 15.4.6 Key Management 329 15.4.7 Secret Manager 330 15.4.8 Monitoring 330 15.5 Key Application Features 330 15.5.1 Stackdriver (Currently Operations) 330 15.5.1.1 Profiler 330 15.5.1.2 Cloud Debugger 330 15.5.1.3 Trace 331 15.5.2 Network 331 15.5.3 Virtual Machine Specifications 332 15.5.4 Preemptible VMs 332 15.6 Computation in Google Cloud Platform 332 15.6.1 Compute Engine 332 15.6.2 App Engine 333 15.6.3 Container Engine 333 15.6.4 Cloud Functions 333 15.7 Storage in Google Cloud Platform 333 15.8 Network in Google Cloud Platform 334 15.9 Data in Google Cloud Platform 334 15.10 Machine Learning in Google Cloud Platform 335 15.11 Conclusion 335 References 337 16 Case Study of Azure and Azure Security Practices 339 Navneet Bhardwaj, Abhik Banerjee and Agniswar Roy 16.1 Introduction 339 16.1.1 Azure Current Market Holding 340 16.1.2 The Forrester Wave 340 16.1.3 Gartner Magic Quadrant 340 16.2 Microsoft Azure—The Security Infrastructure 341 16.2.1 Azure Security Features and Tools 341 16.2.2 Network Security 342 16.3 Data Encryption 342 16.3.1 Data Encryption at Rest 342 16.3.2 Data Encryption at Transit 342 16.3.3 Asset and Inventory Management 343 16.3.4 Azure Marketplace 343 16.4 Azure Cloud Security Architecture 344 16.4.1 Working 344 16.4.2 Design Principles 344 16.4.2.1 Alignment of Security Policies 344 16.4.2.2 Building a Comprehensive Strategy 345 16.4.2.3 Simplicity Driven 345 16.4.2.4 Leveraging Native Controls 345 16.4.2.5 Identification-Based Authentication 345 16.4.2.6 Accountability 345 16.4.2.7 Embracing Automation 345 16.4.2.8 Stress on Information Protection 345 16.4.2.9 Continuous Evaluation 346 16.4.2.10 Skilled Workforce 346 16.5 Azure Architecture 346 16.5.1 Components 346 16.5.1.1 Azure Api Gateway 346 16.5.1.2 Azure Functions 346 16.5.2 Services 347 16.5.2.1 Azure Virtual Machine 347 16.5.2.2 Blob Storage 347 16.5.2.3 Azure Virtual Network 348 16.5.2.4 Content Delivery Network 348 16.5.2.5 Azure SQL Database 349 16.6 Features of Azure 350 16.6.1 Key Features 350 16.6.1.1 Data Resiliency 350 16.6.1.2 Data Security 350 16.6.1.3 BCDR Integration 350 16.6.1.4 Storage Management 351 16.6.1.5 Single Pane View 351 16.7 Common Azure Security Features 351 16.7.1 Security Center 351 16.7.2 Key Vault 351 16.7.3 Azure Active Directory 352 16.7.3.1 Application Management 352 16.7.3.2 Conditional Access 352 16.7.3.3 Device Identity Management 352 ​16.7.3. 4 Identity Protection 353 16.7.3.5 Azure Sentinel 353 16.7.3.6 Privileged Identity Management 354 16.7.3.7 Multifactor Authentication 354 16.7.3.8 Single Sign On 354 16.8 Conclusion 355 References 355 17 Nutanix Hybrid Cloud From Security Perspective 357 Abhik Banerjee, Agniswar Roy, Amar Kalvikatte and Navneet Bhardwaj 17.1 Introduction 357 17.2 Growth of Nutanix 358 17.2.1 Gartner Magic Quadrant 358 17.2.2 The Forrester Wave 358 17.2.3 Consumer Acquisition 359 17.2.4 Revenue 359 17.3 Introductory Concepts 361 17.3.1 Plane Concepts 361 17.3.1.1 Control Plane 361 17.3.1.2 Data Plane 361 17.3.2 Security Technical Implementation Guides 362 17.3.3 SaltStack and SCMA 362 17.4 Nutanix Hybrid Cloud 362 17.4.1 Prism 362 17.4.1.1 Prism Element 363 17.4.1.2 Prism Central 364 17.4.2 Acropolis 365 17.4.2.1 Distributed Storage Fabric 365 17.4.2.2 Ahv 367 17.5 Reinforcing AHV and Controller VM 367 17.6 Disaster Management and Recovery 368 17.6.1 Protection Domains and Consistent Groups 368 17.6.2 Nutanix DSF Replication of OpLog 369 17.6.3 DSF Snapshots and VmQueisced Snapshot Service 370 17.6.4 Nutanix Cerebro 370 17.7 Security and Policy Management on Nutanix Hybrid Cloud 371 17.7.1 Authentication on Nutanix 372 17.7.2 Nutanix Data Encryption 372 17.7.3 Security Policy Management 373 17.7.3.1 Enforcing a Policy 374 17.7.3.2 Priority of a Policy 374 17.7.3.3 Automated Enforcement 374 17.8 Network Security and Log Management 374 17.8.1 Segmented and Unsegmented Network 375 17.9 Conclusion 376 References 376 Part V: Policy Aspects 379 18 A Data Science Approach Based on User Interactions to Generate Access Control Policies for Large Collections of Documents 381 Jedidiah Yanez-Sierra, Arturo Diaz-Perez and Victor Sosa-Sosa 18.1 Introduction 381 18.2 Related Work 383 18.3 Network Science Theory 384 18.4 Approach to Spread Policies Using Networks Science 387 18.4.1 Finding the Most Relevant Spreaders 388 18.4.1.1 Weighting Users 389 18.4.1.2 Selecting the Top � Spreaders 390 18.4.2 Assign and Spread the Access Control Policies 390 18.4.2.1 Access Control Policies 391 18.4.2.2 Horizontal Spreading 391 18.4.2.3 Vertical Spreading (Bottom-Up) 392 18.4.2.4 Policies Refinement 395 18.4.3 Structural Complexity Analysis of CP-ABE Policies 395 18.4.3.1 Assessing the WSC for ABE Policies 396 18.4.3.2 Assessing the Policies Generated in the Spreading Process 397 18.4.4 Effectiveness Analysis 398 18.4.4.1 Evaluation Metrics 399 18.4.4.2 Adjusting the Interaction Graph to Assess Policy Effectiveness 400 18.4.4.3 Method to Complement the User Interactions (Synthetic Edges Generation) 400 18.4.5 Measuring Policy Effectiveness in the User Interaction Graph 403 18.4.5.1 Simple Node-Based Strategy 403 18.4.5.2 Weighted Node-Based Strategy 404 18.5 Evaluation 405 18.5.1 Dataset Description 405 18.5.2 Results of the Complexity Evaluation 406 18.5.3 Effectiveness Results From the Real Edges 407 18.5.4 Effectiveness Results Using Real and Synthetic Edges 408 18.5.4.1 Results of the Effectiveness Metrics for the Enhanced G + Graph 410 18.6 Conclusions 413 References 414 19 AI, ML, & Robotics in iSchools: An Academic Analysis for an Intelligent Societal Systems 417 P. K. Paul 19.1 Introduction 417 19.2 Objective 419 19.3 Methodology 420 19.3.1 iSchools, Technologies, and Artificial Intelligence, ML, and Robotics 420 19.4 Artificial Intelligence, ML, and Robotics: An Overview 427 19.5 Artificial Intelligence, ML, and Robotics as an Academic Program: A Case on iSchools—North American Region 428 19.6 Suggestions 431 19.7 Motivation and Future Works 435 19.8 Conclusion 435 References 436 Index 439

Read more less

Book SynopsisTHE WILEY 5G REF Explore cutting-edge subjects in 5G privacy and security In The Wiley 5G REF: Security, a team of distinguished researchers delivers an insightful collection of articles selected from the online-only The Wiley 5G Reference. The editors introduce the security landscape of 5G, including the significant security and privacy risks associated with 5G networks. They also discuss different security solutions for various segments of the 5G network, like the radio, edge, access, and core networks. The book explores the security threats associated with key network softwarization technologies, like SDN, NFV, NS, and MEC, as well as those that come with new 5G and IoT services. There is also a detailed discussion on the privacy of 5G networks. The included articles are written by leading international experts in security and privacy for telecommunication networks. They offer learning opportunities for everyone from graduate-level students toTable of ContentsForeword List of Contributors 1. 5G Mobile Networks Security Landscape and Major Risks 2. SDMN Security 3. 5G Security – Complex Challenges 4. Physical-Layer Security for 5G and Beyond 5. Security for Handover and D2D Communication in 5G HetNets 6. Authentication and Access Control for 5G 7. 5G-Core Network Security 8. MEC and Cloud Security 9. Security in Network Slicing 10. VNF Placement and Sharing in NFV-Based Cellular Networks 11. Security Monitoring and Management in 5G 12. Security for Vertical Industries 13. Introduction to IoT Security 14. Privacy in the 5G World: The GDPR in a Datafied Society 15. Structural Safety Assessment of 5G Network Infrastructures Index

Read more less

Book SynopsisAI AND MACHINE LEARNING FOR NETWORK AND SECURITY MANAGEMENT Extensive Resource for Understanding Key Tasks of Network and Security Management AI and Machine Learning for Network and Security Management covers a range of key topics of network automation for network and security management, including resource allocation and scheduling, network planning and routing, encrypted traffic classification, anomaly detection, and security operations. In addition, the authors introduce their large-scale intelligent network management and operation system and elaborate on how the aforementioned areas can be integrated into this system, plus how the network service can benefit. Sample ideas covered in this thought-provoking work include: How cognitive means, e.g., knowledge transfer, can help with network and security management How different advanced AI and machine learning techniques can be useful and helpful to facilitate network automation <Table of ContentsAuthor Biographies xiii Preface xv Acknowledgments xvii Acronyms xix 1 Introduction 1 1.1 Introduction 1 1.2 Organization of the Book 3 1.3 Conclusion 6 References 6 2 When Network and Security Management Meets AI and Machine Learning 9 2.1 Introduction 9 2.2 Architecture of Machine Learning-Empowered Network and Security Management 10 2.3 Supervised Learning 12 2.3.1 Classification 12 2.3.2 Regression 15 2.4 Semisupervised and Unsupervised Learning 15 2.4.1 Clustering 17 2.4.2 Dimension Reduction 17 2.4.3 Semisupervised Learning 18 2.5 Reinforcement Learning 18 2.5.1 Policy-Based 21 2.5.2 Value-Based 22 2.6 Industry Products on Network and Security Management 24 2.6.1 Network Management 24 2.6.1.1 Cisco DNA Center 24 2.6.1.2 Sophie 25 2.6.1.3 Juniper EX4400 Switch 25 2.6.1.4 Juniper SRX Series Services Gateway 25 2.6.1.5 H3C SeerAnalyzer 26 2.6.2 Security Management 27 2.6.2.1 SIEM, IBM QRadar Advisor with Watson 27 2.6.2.2 FortiSandbox 27 2.6.2.3 FortiSIEM 28 2.6.2.4 FortiEDR 28 2.6.2.5 FortiClient 29 2.6.2.6 H3C SecCenter CSAP 29 2.7 Standards on Network and Security Management 29 2.7.1 Network Management 29 2.7.1.1 Cognitive Network Management 30 2.7.1.2 End-to-End 5G and Beyond 30 2.7.1.3 Software-Defined Radio Access Network 32 2.7.1.4 Architectural Framework for ML in Future Networks 32 2.7.2 Security Management 33 2.7.2.1 Securing AI 33 2.8 Projects on Network and Security Management 34 2.8.1 Poseidon 34 2.8.2 NetworkML 35 2.8.3 Credential-Digger 36 2.8.4 Adversarial Robustness Toolbox 37 2.9 Proof-of-Concepts on Network and Security Management 38 2.9.1 Classification 38 2.9.1.1 Phishing URL Classification 38 2.9.1.2 Intrusion Detection 39 2.9.2 Active Learning 39 2.9.3 Concept Drift Detection 40 2.10 Conclusion 41 References 42 3 Learning Network Intents for Autonomous Network Management 49 3.1 Introduction 49 3.2 Motivation 52 3.3 The Hierarchical Representation and Learning Framework for Intention Symbols Inference 53 3.3.1 Symbolic Semantic Learning (SSL) 53 3.3.1.1 Connectivity Intention 55 3.3.1.2 Deadlock Free Intention 56 3.3.1.3 Performance Intention 57 3.3.1.4 Discussion 57 3.3.2 Symbolic Structure Inferring (SSI) 57 3.4 Experiments 59 3.4.1 Datasets 59 3.4.2 Experiments on Symbolic Semantic Learning 60 3.4.3 Experiments on Symbolic Structure Inferring 62 3.4.4 Experiments on Symbolic Structure Transferring 64 3.5 Conclusion 66 References 66 4 Virtual Network Embedding via Hierarchical Reinforcement Learning 69 4.1 Introduction 69 4.2 Motivation 70 4.3 Preliminaries and Notations 72 4.3.1 Virtual Network Embedding 72 4.3.1.1 Substrate Network and Virtual Network 72 4.3.1.2 The VNE Problem 72 4.3.1.3 Evaluation Metrics 73 4.3.2 Reinforcement Learning 74 4.3.3 Hierarchical Reinforcement Learning 75 4.4 The Framework of VNE-HRL 75 4.4.1 Overview 75 4.4.2 The High-level Agent 77 4.4.2.1 State Encoder for HEA 77 4.4.2.2 Estimated Long-term Cumulative Reward 78 4.4.2.3 Short-term High-level Reward 78 4.4.3 The Low-level Agent 78 4.4.3.1 State Encoder for LEA 79 4.4.3.2 Estimated Long-term Cumulative Reward 79 4.4.3.3 Short-term Low-level Reward 80 4.4.4 The Training Method 80 4.5 Case Study 80 4.5.1 Experiment Setup 80 4.5.2 Comparison Methods 81 4.5.3 Evaluation Results 81 4.5.3.1 Performance Over Time 81 4.5.3.2 Performance of Various VNRs with Diverse Resource Requirements 82 4.6 Related Work 84 4.6.1 Traditional Methods 84 4.6.2 ML-based Algorithms 84 4.7 Conclusion 85 References 85 5 Concept Drift Detection for Network Traffic Classification 91 5.1 Related Concepts of Machine Learning in Data Stream Processing 91 5.1.1 Assumptions and Limitations 91 5.1.1.1 Availability of Learning Examples 91 5.1.1.2 Availability of the Model 92 5.1.1.3 Concept to be Learned 92 5.1.2 Concept Drift and Its Solution 92 5.2 Using an Active Approach to Solve Concept Drift in the Intrusion Detection Field 94 5.2.1 Application Background 94 5.2.2 System Workflow 95 5.3 Concept Drift Detector Based on CVAE 96 5.3.1 CVAE-based Drift Indicator 96 5.3.2 Drift Analyzer 97 5.3.3 The Performance of CVAE-based Concept Drift Detector 98 5.3.3.1 Comparison Drift Detectors 99 5.3.3.2 Experiment Settings 99 5.4 Deployment and Experiment in Real Networks 101 5.4.1 Data Collection and Feature Extraction 101 5.4.2 Data Analysis and Parameter Setting 103 5.4.3 Result Analysis 103 5.5 Future Research Challenges and Open Issues 105 5.5.1 Adaptive Threshold m 105 5.5.2 Computational Cost of Drift Detectors 105 5.5.3 Active Learning 105 5.6 Conclusion 105 References 106 6 Online Encrypted Traffic Classification Based on Lightweight Neural Networks 109 6.1 Introduction 109 6.2 Motivation 109 6.3 Preliminaries 110 6.3.1 Problem Definition 110 6.3.2 Packet Interaction 111 6.4 The Proposed Lightweight Model 111 6.4.1 Preprocessing 112 6.4.2 Feature Extraction 112 6.4.2.1 Embedding 112 6.4.2.2 Attention Encoder 113 6.4.2.3 Fully Connected Layer 115 6.5 Case Study 115 6.5.1 Evaluation Metrics 115 6.5.2 Baselines 116 6.5.3 Datasets 117 6.5.4 Evaluation on Datasets 118 6.5.4.1 Evaluation on Dataset A 118 6.5.4.2 Evaluation on Dataset B 120 6.6 Related Work 121 6.6.1 Encrypted Traffic Classification 122 6.6.2 Packet-Based Methods 122 6.6.3 Flow-Based Methods 122 6.6.3.1 Traditional Machine Learning-Based Methods 123 6.6.3.2 Deep Learning-Based Methods 124 6.7 Conclusion 124 References 125 7 Context-Aware Learning for Robust Anomaly Detection 129 7.1 Introduction 129 7.2 Pronouns 133 7.3 The Proposed Method – AllRobust 135 7.3.1 Problem Statement 135 7.3.2 Log Parsing 135 7.3.3 Log Vectorization 138 7.3.4 Anomaly Detection 142 7.3.4.1 Implementation of SSL 143 7.4 Experiments 145 7.4.1 Datasets 145 7.4.1.1 HDFS Dataset 145 7.4.1.2 BGL Dataset 146 7.4.1.3 Thunderbird Dataset 146 7.4.2 Model Evaluation Indicators 147 7.4.3 Supervised Deep Learning-based Log Anomaly Detection on Imbalanced Log Data 148 7.4.3.1 Data Preprocessing 148 7.4.3.2 Hyperparameters and Environmental Settings 149 7.4.3.3 Training on Multiclass Imbalanced Log Data 149 7.4.3.4 Training on Binary Imbalanced Log Data 150 7.4.4 Semisupervised Deep Learning-based Log Anomaly Detection on Imbalanced Log Data 152 7.4.4.1 The Methods of Enhancing Log Data 152 7.4.4.2 Anomaly Detection with a Single Log 153 7.4.4.3 Anomaly Detection with a Log-based Sequence 156 7.5 Discussion 157 7.6 Conclusion 158 References 159 8 Anomaly Classification with Unknown, Imbalanced and Few Labeled Log Data 165 8.1 Introduction 165 8.2 Examples 167 8.2.1 The Feature Extraction of Log Analysis 167 8.2.1.1 Statistical Feature Extraction 168 8.2.1.2 Semantic Feature Extraction 170 8.2.2 Few-Shot Problem 170 8.3 Methodology 172 8.3.1 Data Preprocessing 172 8.3.1.1 Log Parsing 172 8.3.1.2 Log Enhancement 173 8.3.1.3 Log Vectorization 174 8.3.2 The Architecture of OpenLog 174 8.3.2.1 Encoder Module 174 8.3.2.2 Prototypical Module 177 8.3.2.3 Relation Module 178 8.3.3 Training Procedure 179 8.3.4 Objective Function 180 8.4 Experimental Results and Analysis 180 8.4.1 Experimental Design 181 8.4.1.1 Baseline 181 8.4.1.2 Evaluation Metrics 181 8.4.2 Datasets 183 8.4.2.1 Data Processing 184 8.4.3 Experiments on the Unknown Class Data 185 8.4.4 Experiments on the Imbalanced Data 188 8.4.5 Experiments on the Few-shot Data 188 8.5 Discussion 190 8.6 Conclusion 191 References 192 9 Zero Trust Networks 199 9.1 Introduction to Zero-Trust Networks 199 9.1.1 Background 199 9.1.2 Zero-Trust Networks 200 9.2 Zero-Trust Network Solutions 201 9.2.1 Zero-Trust Networks Based on Access Proxy 201 9.2.2 Zero Trust Networks Based on SDP 203 9.2.3 Zero-Trust Networks Based on Micro-Segmentation 204 9.3 Machine Learning Powered Zero Trust Networks 206 9.3.1 Information Fusion 208 9.3.2 Decision Making 210 9.4 Conclusion 212 References 212 10 Intelligent Network Management and Operation Systems 215 10.1 Introduction 215 10.2 Traditional Operation and Maintenance Systems 215 10.2.1 Development of Operation and Maintenance Systems 215 10.2.1.1 Manual Operation and Maintenance 216 10.2.1.2 Tool-Based Operation and Maintenance 216 10.2.1.3 Platform Operation and Maintenance 217 10.2.1.4 DevOps 217 10.2.1.5 AIOps 218 10.2.2 Open-Source Operation and Maintenance Systems 218 10.2.2.1 Nagios 219 10.2.2.2 Zabbix 221 10.2.2.3 Prometheus 223 10.2.3 Summary 224 10.3 Security Operation and Maintenance 225 10.3.1 Introduction 225 10.3.2 Open-Source Security Tools 226 10.3.2.1 Access Control 226 10.3.2.2 Security Audit and Intrusion Detection 227 10.3.2.3 Penetration Testing 227 10.3.2.4 Vulnerability Scanning 231 10.3.2.5 CI/CD Security 234 10.3.2.6 Deception 234 10.3.2.7 Data Security 234 10.3.3 Summary 237 10.4 AIOps 238 10.4.1 Introduction 238 10.4.2 Open-Source AIOps and Algorithms 239 10.4.2.1 Research Progress of Anomaly Detection 239 10.4.2.2 Metis 242 10.4.2.3 UAVStack 244 10.4.2.4 Skyline 244 10.4.3 Summary 247 10.5 Machine Learning-Based Network Security Monitoring and Management Systems 248 10.5.1 Architecture 248 10.5.2 Physical Facility Layer 248 10.5.3 Virtual Resource Layer 249 10.5.4 Orchestrate Layer 250 10.5.5 Policy Layer 250 10.5.6 Semantic Description Layer 251 10.5.7 Application Layer 251 10.5.8 Center for Intelligent Analytics of Big Data 251 10.5.9 Programmable Measurement and Auditing 252 10.5.10 Overall Process 252 10.5.11 Summary 253 10.6 Conclusion 253 References 254 11 Conclusions, and Research Challenges and Open Issues 257 11.1 Conclusions 257 11.2 Research Challenges and Open Issues 258 11.2.1 Autonomous Networks 258 11.2.2 Reinforcement Learning Powered Solutions 259 11.2.3 Traffic Classification 259 11.2.4 Anomaly Detection 260 11.2.5 Zero-Trust Networks 261 References 262 Index 263

Read more less

Book SynopsisDr Jessica Barker is an award-winning global leader in cyber security and a popular keynote speaker. She is co-founder and co-CEO of Cygenta, where she influences cyber security awareness, behaviour and culture in organizations around the world. Jessica Barker has been named one of the top 20 most influential women in cyber security in the UK and is the Chair of ClubCISO. She is based in London, UK.Trade Review"Whether you're an aspiring professional planning a career in cybersecurity or a board member needing to secure your organization, this book offers a goldmine of insights. Its accessible language and actionable advice make it a valuable resource for anyone." -- Mikko Hypponen, technology speaker and authorTable of Contents Chapter - 00: Introduction; Section - ONE: Why Cyber Security?; Chapter - 01: What cyber security is; Chapter - 02: Why it is important; Section - TWO: The technical side of cyber security; Chapter - 03: Technical vulnerabilities Section - THREE: The human side of cyber security; Chapter - 04: Why people are so important in cyber security; Chapter - 05: Social engineering; Chapter - 06: Attacks that utilize social engineering; Section - FOUR: The physical side of cyber security; Chapter - 07: Why physical space matters in cyber security; Chapter - 08: Attacks on the individual; Chapter - 09: Attacks on organizations; Chapter - 10: Nation state cyber security - Geopolitics; Section - FIVE: The future of cyber security and what it means for your career; Chapter - 11: Cyber security in different industries; Chapter - 12: Cyber security at the board level; Chapter - 13: The variety of cyber security careers; Chapter - 14: Pursuing a cyber security career

Read more less