Related papers: Modeling Network Security: Case Study of Email Sys…
Models are centrally important in many scientific fields. A model is a representation of a selected part of the world, which is the model s target system. Here, a system consists of a software portion as a component among many others.…
Trust is an absolute necessity for digital communications; but is often viewed as an implicit singular entity. The use of the internet as the primary vehicle for information exchange has made accountability and verifiability of system code…
Behavior modeling and software architecture specification are attracting more attention in software engineering. Describing both of them in integrated models yields numerous advantages for coping with complexity since the models are…
Email tracking allows email senders to collect fine-grained behavior and location data on email recipients, who are uniquely identifiable via their email address. Such tracking invades user privacy in that email tracking techniques gather…
Threat modeling has been successfully applied to model technical threats within information systems. However, a lack of methods focusing on non-technical assets and their representation can be observed in theory and practice. Following the…
A formal cyber reasoning framework for automating the threat hunting process is described. The new cyber reasoning methodology introduces an operational semantics that operates over three subspaces -- knowledge, hypothesis, and action -- to…
Cyber threat intelligence is the provision of evidence-based knowledge about existing or emerging threats. Benefits from threat intelligence include increased situational awareness, efficiency in security operations, and improved…
As more business activities are being automated and an increasing number of computers are being used to store vital and sensitive information the need for secure computer systems becomes more apparent. These systems can be achieved only…
Data modeling is a process of developing a model to design and develop a data system that supports an organization s various business processes. A conceptual data model represents a technology-independent specification of structure of data…
Modeling of work systems occurs for all sorts of reasons. Requirements need to be expressed. A pre-existing situation may need to be charted and analyzed. Early design decisions may be captured using architecture principles. Detailed design…
Although system administrators are frequently urged to protect the machines in their network, the fact remains that the decision to protect is far from universal. To better understand this decision, we formulate a decision-theoretic model…
Companies and network operators perform risk assessment to inform policy-making, guide infrastructure investments or to comply with security standards such as ISO 27001. Due to the size and complexity of these networks, risk assessment…
Efforts have been recently made to construct ontologies for network security. The proposed ontologies are related to specific aspects of network security. Therefore, it is necessary to identify the specific aspects covered by existing…
Deep learning is increasingly used as a building block of security systems. Unfortunately, neural networks are hard to interpret and typically opaque to the practitioner. The machine learning community has started to address this problem by…
This paper proposes a novel visual model for web applications security monitoring. Although an automated intrusion detection system can shield a web application from common attacks, it usually cannot detect more complicated break-ins. So, a…
The idea of applying machine learning(ML) to solve problems in security domains is almost 3 decades old. As information and communications grow more ubiquitous and more data become available, many security risks arise as well as appetite to…
To improve cyber threat analysis practices in cybersecurity, I present a plan to build a formal ontological representation of state actors in cyberspace and of cyber operations. I argue that modelling these phenomena via ontologies allows…
Cyber criminality activities are changing and becoming more and more professional. With the growth of financial flows through the Internet and the Information System (IS), new kinds of thread arise involving complex scenarios spread within…
This paper presents solutions for distribution, access and use of resources in information security systems. The solutions comprise the authors' experience in development and implementation of systems for information security in the…
Cybersecurity is one of the most pressing technological challenges of our time and requires measures from all sectors of society. A key measure is automated security response, which enables automated mitigation and recovery from cyber…