More Like this

1. LINKING EXPLOITS FROM THE DARK WEB TO KNOWN VULNERABILITIES FOR PROACTIVE CYBER THREAT INTELLIGENCE: AN ATTENTION-BASED DEEP STRUCTURED SEMANTIC MODEL1

   Samtani, S ; Chai, Y ; and Chen, H. ( June 2022 , MIS quarterly)

   Black hat hackers use malicious exploits to circumvent security controls and take advantage of system vulnerabilities worldwide, costing the global economy over $450 billion annually. While many organizations are increasingly turning to cyber threat intelligence (CTI) to help prioritize their vulnerabilities, extant CTI processes are often criticized as being reactive to known exploits. One promising data source that can help develop proactive CTI is the vast and ever-evolving Dark Web. In this study, we adopted the computational design science paradigm to design a novel deep learning (DL)-based exploit-vulnerability attention deep structured semantic model (EVA-DSSM) that includes bidirectional processing and attention mechanisms to automatically link exploits from the Dark Web to vulnerabilities. We also devised a novel device vulnerability severity metric (DVSM) that incorporates the exploit post date and vulnerability severity to help cybersecurity professionals with their device prioritization and risk management efforts. We rigorously evaluated the EVA-DSSM against state-of-the-art non-DL and DL-based methods for short text matching on 52,590 exploit-vulnerability linkages across four testbeds: web application, remote, local, and denial of service. Results of these evaluations indicate that the proposed EVA-DSSM achieves precision at 1 scores 20% - 41% higher than non-DL approaches and 4% - 10% higher than DL-based approaches. We demonstrated the EVA-DSSM’s and DVSM’s practical utility with two CTI case studies: openly accessible systems in the top eight U.S. hospitals and over 20,000 Supervisory Control and Data Acquisition (SCADA) systems worldwide. A complementary user evaluation of the case study results indicated that 45 cybersecurity professionals found the EVA-DSSM and DVSM results more useful for exploit-vulnerability linking and risk prioritization activities than those produced by prevailing approaches. Given the rising cost of cyberattacks, the EVA-DSSM and DVSM have important implications for analysts in security operations centers, incident response teams, and cybersecurity vendors. 

   more » « less
2. Linking Exploits from the Dark Web to Known Vulnerabilities for Proactive Cyber Threat Intelligence: An Attention-based Deep Structured Semantic Model

   https://doi.org/10.25300/MISQ/2022/15392  

   Samtani, S ; Chai, Y ; and Chen, H ( June 2022 , MIS quarterly)

   Black hat hackers use malicious exploits to circumvent security controls and take advantage of system vulnerabilities worldwide, costing the global economy over $450 billion annually. While many organizations are increasingly turning to cyber threat intelligence (CTI) to help prioritize their vulnerabilities, extant CTI processes are often criticized as being reactive to known exploits. One promising data source that can help develop proactive CTI is the vast and ever-evolving Dark Web. In this study, we adopted the computational design science paradigm to design a novel deep learning (DL)-based exploit-vulnerability attention deep structured semantic model (EVA-DSSM) that includes bidirectional processing and attention mechanisms to automatically link exploits from the Dark Web to vulnerabilities. We also devised a novel device vulnerability severity metric (DVSM) that incorporates the exploit post date and vulnerability severity to help cybersecurity professionals with their device prioritization and risk management efforts. We rigorously evaluated the EVA-DSSM against state-of-the-art non-DL and DL-based methods for short text matching on 52,590 exploit-vulnerability linkages across four testbeds: web application, remote, local, and denial of service. Results of these evaluations indicate that the proposed EVA-DSSM achieves precision at 1 scores 20%-41% higher than non-DL approaches and 4%-10% higher than DL-based approaches. We demonstrated the EVA-DSSM's and DVSM's practical utility with two CTI case studies: openly accessible systems in the top eight U.S. hospitals and over 20,000 Supervisory Control and Data Acquisition (SCADA) systems worldwide. A complementary user evaluation of the case study results indicated that 45 cybersecurity professionals found the EVA-DSSM and DVSM results more useful for exploit-vulnerability linking and risk prioritization activities than those produced by prevailing approaches. Given the rising cost of cyberattacks, the EVA-DSSM and DVSM have important implications for analysts in security operations centers, incident response teams, and cybersecurity vendors. 

   more » « less
3. A Capstone Project: Designing an IoT Threat Modeling to Prevent Cyber-attacks

   Toutsop, O. ( November 2021 , 2021 Fall ASEE Middle Atlantic Section Meeting)

   The NTT (Nippon Telegraph and Telephone) Data Corporation report found that 80% of U.S. consumers are concerned about their smart home data security. The Internet of Things (IoT) technology brings many benefits to people's homes, and more people across the world are heavily dependent on the technology and its devices. However, many IoT devices are deployed without considering security, increasing the number of attack vectors available to attackers. Numerous Internet of Things devices lacking security features have been compromised by attackers, resulting in many security incidents. Attackers can infiltrate these smart home devices and control the home via turning off the lights, controlling the alarm systems, and unlocking the smart locks, to name a few. Attackers have also been able to access the smart home network, leading to data exfiltration. There are many threats that smart homes face, such as the Man-in-the-Middle (MIM) attacks, data and identity theft, and Denial of Service (DoS) attacks. The hardware vulnerabilities often targeted by attackers are SPI, UART, JTAG, USB, etc. Therefore, to enhance the security of the smart devices used in our daily lives, threat modeling should be implemented early on in developing any given system. This past Spring semester, Morgan State University launched a (senior) capstone project targeting undergraduate (electrical) engineering students who were thus allowed to research with the Cybersecurity Assurance and Policy (CAP) center for four months. The primary purpose of the capstone was to help students further develop both hardware and software skills while researching. For this project, the students mainly focused on the Arduino Mega Board. Some of the expected outcomes for this capstone project include: 1) understanding the physical board components, 2) learning how to attack the board through the STRIDE technique, 3) generating a Data Flow Diagram (DFD) of the system using the Microsoft threat modeling tool, 4) understanding the attack patterns, and 5) generating the threat based on the user's input. To prevent future threats and attacks from taking advantage of systems vulnerabilities, the practice of "threat modeling" is implemented. This method allows the analysis of potential attackers, including their goals and techniques, while also providing solutions and mitigation strategies. Although Threat modeling can be performed throughout the development of a system, implementing it during developmental stages will prevent further problems in the future. Threat Modeling is crucial because it will help identify any potential threat before it propagates in the system. Identifying threats and providing countermeasures will save both time and money while also keeping the consumers safe. As a result, students must grow to understand how essential detecting and preventing attacks are to protect consumer information systems and networks. At the end of this capstone project, students should take away hands-on skills in cyber defense. 

   more » « less
4. Cybersecurity and Local Government

   https://doi.org/10.1002/9781119788317.ch1  

   Norris, Donald F. ; Mateczun, Laura K. ; Forno ; Richard F. ( April 2022 , Wiley (book))

   CYBERSECURITY AND LOCAL GOVERNMENT Learn to secure your local government’s networks with this one-of-a-kind resource In Cybersecurity and Local Government, a distinguished team of researchers delivers an insightful exploration of cybersecurity at the level of local government. The book makes a compelling argument that every local government official, elected or otherwise, must be reasonably knowledgeable about cybersecurity concepts and provide appropriate support for it within their governments. It also lays out a straightforward roadmap to achieving those objectives, from an overview of cybersecurity definitions to descriptions of the most common security challenges faced by local governments. The accomplished authors specifically address the recent surge in ransomware attacks and how they might affect local governments, along with advice as to how to avoid and respond to these threats. They also discuss the cybersecurity law, cybersecurity policies that local government should adopt, the future of cybersecurity, challenges posed by Internet of Things, and much more. Throughout, the authors provide relevant field examples, case studies of actual local governments, and examples of policies to guide readers in their own application of the concepts discussed within. Cybersecurity and Local Government also offers: A thorough introduction to cybersecurity generally, including definitions of key cybersecurity terms and a high-level overview of the subject for non-technologists. A comprehensive exploration of critical information for local elected and top appointed officials, including the typical frequencies and types of cyberattacks. Practical discussions of the current state of local government cybersecurity, with a review of relevant literature from 2000 to 2021. In-depth examinations of operational cybersecurity policies, procedures and practices, with recommended best practices. Perfect for local elected and top appointed officials and staff as well as local citizens, Cybersecurity and Local Government will also earn a place in the libraries of those studying or working in local government with an interest in cybersecurity. 

   more » « less
5. Examination of Cybersecurity Technologies, Practices, Challenges, and Wish List in K-12 School Districts

   Florence Martin, Julie Bacak ( June 2023 , Journal of cybersecurity education research practice)

   With the growth in digital teaching and learning, there has been a sharp rise in the number of cybersecurity attacks on K-12 school networks. This has demonstrated a need for security technologies and cybersecurity education. This study examined security technologies used, effective security practices, challenges, concerns, and wish list of technology leaders in K-12 settings. Data collected from 23 district websites and from interviews with 12 district technology leaders were analyzed. Top security practices included cloud-based technologies, segregated network/V-LAN, two-factor authentication, limiting access, and use of Clever or Class Link. Top challenges included keeping users informed, lack of buy-in from staff and decision-makers, lack of expertise to implement modern best practices, and cost of resources. Top concerns included possible cyberattacks, leaked student data, and lack of user awareness. Finally, their wish list included technology personnel, access to Clever of Class Link, external system diagnostic checks, professional development for staff, and replacing aging infrastructure. The findings have implications for K-12 administrators, technology leaders, and teachers. 

   more » « less