This book provides use case scenarios of machine learning, artificial intelligence, and real-time domains to supplement cyber security operations and proactively predict attacks and preempt cyber incidents. The authors discuss cybersecurity incident planning, starting from a draft response plan, to assigning responsibilities, to use of external experts, to equipping organization teams to address incidents, to preparing communication strategy and cyber insurance. They also discuss classifications and methods to detect cybersecurity incidents, how to organize the incident response team, how to conduct situational awareness, how to contain and eradicate incidents, and how to cleanup and recover. The book shares real-world experiences and knowledge from authors from academia and industry.
Author(s): Akashdeep Bhardwaj, Varun Sapra
Series: EAI/Springer Innovations in Communication and Computing
Publisher: Springer
Year: 2021
Language: English
Pages: 260
City: Singapore
Foreword
Introduction
Security Incidents
CERT and CSIRT
Standards and Guidelines
Cyberattacks
Response Against Cyberattacks
Organization of the Book
Foreword
Chapter 1: By Failing to Prepare, You Are Preparing to Fail
Chapter 2: Design of Block-Chain Polynomial Digests for Secure Message Authentication
Chapter 3: Collaborative Approaches for Security of Cloud and Knowledge Management Systems: Benefits and Risks
Chapter 4: Exploring Potential of Transfer Deep Learning for Malicious Android Applications Detection
Chapter 5: Exploring and Analysing Surface, Deep, Dark Web, and Attacks
Chapter 6: Securing ERP Cyber Systems by Preventing Holistic Industrial Intrusion
Chapter 7: Infrastructure Design to Secure Cloud Environments Against DDoS-Based Attacks
Chapter 8: Classifying Cyberattacks Amid Covid-19 Using Support Vector Machine
Chapter 9: Cybersecurity Incident Response Against Advanced Persistent Threats (APTs)
Chapter 10: IoT Architecture Vulnerabilities and Security Measures
Chapter 11: Authentication Attacks
Acknowledgments
References
Preface
Acknowledgments
About the Book
Contents
Chapter 1: By Failing to Prepare, You Are Preparing to Fail
1.1 Introduction
1.2 Plan & Prepare
1.3 Strategy & Governance
1.4 Departmental Representation
1.5 Interested Parties
1.6 Stakeholder Representation
1.7 Government Stakeholders
1.8 Develop Policy and Procedures
1.9 Team & Resourcing
1.10 IM/IR Skill Requirement
1.11 Outsource Vendors
1.12 IM/IR Training & Awareness
1.13 Incident Drills & Testing
1.13.1 Red Teaming
1.13.2 VAPT
1.14 Conclusion
References
Chapter 2: Design of Block-Chain Polynomial Digests for Secure Message Authentication
2.1 Introduction
2.2 Background
2.3 Motivation
2.4 Analysis of Standard Digest Functions
2.4.1 Merkle–Damgard Construction
2.4.2 MD-5 Digest Function
2.4.3 SHA-160 Digest Function
2.4.4 SHA2-256 Digest Function
2.4.5 SHA3 Digest Function
2.4.6 Contemporary Digest Functions: A Security Analysis
2.5 Polynomial Digest
2.5.1 Design Challenges
2.5.2 Design Principles
2.5.2.1 MD Strengthening
2.5.2.2 Intermediate Hash Generation
2.5.2.3 Polynomial Product: A Contemporary Way to Achieve Avalanche Effect
2.5.2.4 Final Hash Generation
2.5.3 Experimental Analysis
2.5.3.1 Analysis of Collision and Pre-image Resistance (Modifying the Individual Bytes)
2.5.3.2 Analysis of Collision and Pre-image Resistance (Interchanging the Individual Bytes)
2.5.3.3 Analysis of Second Pre-image Resistance
2.5.3.4 Confusion and Diffusion Analysis
2.5.3.5 Analysis of Avalanche Response
2.6 Analysis of Near-Collision Response
2.6.1 Analysis of Input to Output Distribution
2.6.2 Runtime Analysis
2.7 Discussion
2.8 Conclusion
References
Chapter 3: Collaborative Approaches for Security of Cloud and Knowledge Management Systems: Benefits and Risks
3.1 Introduction
3.2 Literature Review
3.3 Knowledge Management and Cloud Computing Benefits and Risks
3.3.1 Benefits and Risk
3.3.2 Risks
3.4 Methods for Security Over Knowledge Management and Cloud Computing
3.4.1 Software Provides Access Control and Identity Management
3.4.2 Passwords
3.4.3 Memory Cards
3.4.4 Smart Cards
3.4.5 Biometrics
3.5 Autonomic Security
3.6 Conclusion and Future Work
References
Chapter 4: Exploring Potential of Transfer Deep Learning for Malicious Android Applications Detection
4.1 Introduction
4.2 Related Works
4.3 Transfer Learning for Android Malware Detection
4.4 Experimental Setup
4.4.1 Deep Learning: Convolutional Neural Network
4.5 Experimental Setup
4.6 Conclusion
References
Chapter 5: Exploring and Analysing Surface, Deep, Dark Web and Attacks
5.1 Introduction
5.2 Search Engines Work
5.2.1 Web Browsers
5.2.2 Invisible Web or Deep Web
5.2.3 What Is Hidden Deep Inside the Web?
5.2.4 Research on Deep Web and Dark Web
5.3 Trending Research
5.4 Distinct Characteristics Between Deep Web and Dark Web
5.5 Benefits of Deep Web
5.6 Deep Web Access Procedure in TOR
5.7 How TOR Works
5.7.1 TOR Offers Anonymity
5.7.2 Measures to be Taken Before Gaining Access to TOR
5.7.3 Attacks Inside the Dark Web
5.8 Conclusion
References
Chapter 6: Securing ERP Cyber Systems by Preventing Holistic Industrial Intrusion
6.1 ERP Systems
6.2 Integrations in ERP
6.3 Challenges in ERP Systems
6.4 Cyber Threats on ERP Systems
6.5 Potential Solutions
6.5.1 Terminology
6.5.2 An Internal and External Application Tier with DMZ
6.5.3 An External Application Tier with Reverse Proxy in DMZ
6.5.4 DMZ Sharing the File System with Application Tier on Internet
6.5.5 Hybrid Setup
6.5.6 Few Precautions
6.6 Conclusion
References
Chapter 7: Infrastructure Design to Secure Cloud Environments Against DDoS-Based Attacks
7.1 Introduction
7.1.1 Distributed Denial of Service Attacks
7.1.2 Types of DDoS Attacks
7.1.2.1 Volumetric DDoS Attacks
7.1.2.2 Application Layer DDoS Attacks
7.1.2.3 Reflection or Protocol DDoS Attacks
7.1.3 DDoS Attack Tools
7.2 Literature Review
7.2.1 DDoS Attack Classification
7.3 Methodology
7.4 Review of Solutions for DDoS Attacks on Clouds
7.4.1 Cyberattack Trends
7.4.2 Cybersecurity Survey
7.4.3 DDoS Mitigation Strategies
7.4.3.1 Volumetric DDoS Attacks
7.4.3.2 Protocol DDoS Attacks
7.4.3.3 Application Layer DDoS Attacks
7.4.3.4 Reflection Attacks
7.4.4 Review of DDoS Mitigation Solutions
7.4.4.1 On-Premise DDoS Mitigation Solutions
7.4.4.2 ISP DDoS Mitigation Solutions
7.4.4.3 Scrubbing Defense DDoS Mitigation Solutions
7.5 Experimental Results
7.5.1 Performance Results: Single-Tier Architecture
7.5.2 Performance Results: Three-Tier Architecture
7.6 Designing and Implementing Architectures
7.6.1 Single-Tier Architecture
7.6.2 Three-Tier Architecture
7.6.2.1 Application Defense Layer
7.6.2.2 Access Layer
7.7 Chapter Conclusion
7.7.1 Conclusion
7.7.2 Suggestions for Future Work
References
Chapter 8: Classifying Cyberattacks Amid Covid-19 Using Support Vector Machine
8.1 Introduction
8.2 Literature Review
8.3 Proposed Method
8.4 Methods
8.5 Results Discussion
8.5.1 Analyzing Results of Cyberattacks Amid Covid-19
8.6 Conclusion
References
Chapter 9: Cybersecurity Incident Response Against Advanced Persistent Threats (APTs)
9.1 Introduction
9.2 Advanced Persistent Threat Kill Chain
9.3 Literature Survey
9.4 APT Mitigation Taxonomy
9.5 Major APT Use Cases
9.6 Conclusion
References
Chapter 10: IoT Architecture Vulnerabilities and Security Measures
10.1 Introduction
10.2 Analysis of Literature
10.3 IoT Architecture and Its Security Issues
10.4 Solutions and Recommendations
10.5 Real Attack on IOT Devices: A Case Study
10.6 Conclusion
References
Published Proceedings
Web References
Chapter 11: Authentication Attacks
11.1 Introduction
11.2 Authentication Process
11.3 Existing Authentication Methods
11.3.1 Static Authentication by a Password
11.3.2 One-Time Password (OTP)
11.3.3 Biometrics
11.4 Execution Guidelines Solutions to Delicate Information Sensitive Information
References
Index
