Showing items 1 - 6 of 6

Major security incidents since 2014: an African perspective

  • Authors: Van Heerden, Renier , Von Solms, Sune , Vorster, Johannes
  • Date: 2018
  • Language: English
  • Type: text , article
  • Identifier: http://hdl.handle.net/10962/68291 , vital:29234 , https://ieeexplore.ieee.org/abstract/document/8417326/
  • Description: Publisher version , The integration of technology in the modern society provides many benefits, but with increased connectivity comes increased risk where governments, businesses and individuals are vulnerable to a variety of cyber-attacks. Many of the large information security attacks of the last decade can be seen as an attack on 'foreign” systems or individuals when viewed from an African perspective, with no direct impact on an individual in Africa. However, information security experts in Africa states that although some of these attacks might not have had a direct impact of the African individual, but never the less should not be ignored as it does indirectly influence the African individual. The experts state that even if the individuals or businesses are not directly influenced by an attack, it should not be ignored as similar attacks might influence them in the future. They emphasise that these attacks should improve their cybersecurity awareness and behaviour, in order to prevent similar attacks from impacting them.
  • Full Text: false
  • Date Issued: 2018

The pattern-richness of graphical passwords

  • Authors: Vorster, Johannes , Van Heerden, Renier , Irwin, Barry V W
  • Date: 2016
  • Language: English
  • Type: text , article
  • Identifier: http://hdl.handle.net/10962/68322 , vital:29238 , https://doi.org/10.1109/ISSA.2016.7802931
  • Description: Publisher version , Conventional (text-based) passwords have shown patterns such as variations on the username, or known passwords such as “password”, “admin” or “12345”. Patterns may similarly be detected in the use of Graphical passwords (GPs). The most significant such pattern - reported by many researchers - is hotspot clustering. This paper qualitatively analyses more than 200 graphical passwords for patterns other than the classically reported hotspots. The qualitative analysis finds that a significant percentage of passwords fall into a small set of patterns; patterns that can be used to form attack models against GPs. In counter action, these patterns can also be used to educate users so that future password selection is more secure. It is the hope that the outcome from this research will lead to improved behaviour and an enhancement in graphical password security.
  • Full Text: false
  • Date Issued: 2016

Human perception of the measurement of a network attack taxonomy in near real-time

  • Authors: Van Heerden, Renier , Malan, Mercia M , Mouton, Francois , Irwin, Barry V W
  • Date: 2014
  • Subjects: To be catalogued
  • Language: English
  • Type: text , article
  • Identifier: http://hdl.handle.net/10962/429924 , vital:72652 , https://doi.org/10.1007/978-3-662-44208-1_23
  • Description: This paper investigates how the measurement of a network attack taxonomy can be related to human perception. Network attacks do not have a time limitation, but the earlier its detected, the more damage can be prevented and the more preventative actions can be taken. This paper evaluate how elements of network attacks can be measured in near real-time(60 seconds). The taxonomy we use was developed by van Heerden et al (2012) with over 100 classes. These classes present the attack and defenders point of view. The degree to which each class can be quantified or measured is determined by investigating the accuracy of various assessment methods. We classify each class as either defined, high, low or not quantifiable. For example, it may not be possible to determine the instigator of an attack (Aggressor), but only that the attack has been launched by a Hacker (Actor). Some classes can only be quantified with a low confidence or not at all in a sort (near real-time) time. The IP address of an attack can easily be faked thus reducing the confidence in the information obtained from it, and thus determining the origin of an attack with a low confidence. This determination itself is subjective. All the evaluations of the classes in this paper is subjective, but due to the very basic grouping (High, Low or Not Quantifiable) a subjective value can be used. The complexity of the taxonomy can be significantly reduced if classes with only a high perceptive accuracy is used.
  • Full Text:
  • Date Issued: 2014

Developing a virtualised testbed environment in preparation for testing of network based attacks

  • Authors: Van Heerden, Renier , Pieterse, Heloise , Burke, Ivan , Irwin, Barry V W
  • Date: 2013
  • Subjects: To be catalogued
  • Language: English
  • Type: text , article
  • Identifier: http://hdl.handle.net/10962/429648 , vital:72629 , 10.1109/ICASTech.2013.6707509
  • Description: Computer network attacks are difficult to simulate due to the damage they may cause to live networks and the complexity required simulating a useful network. We constructed a virtualised network within a vSphereESXi environment which is able to simulate: thirty workstations, ten servers, three distinct network segments and the accompanying network traffic. The VSphere environment provided added benefits, such as the ability to pause, restart and snapshot virtual computers. These abilities enabled the authors to reset the simulation environment before each test and mitigated against the damage that an attack potentially inflicts on the test network. Without simulated network traffic, the virtualised network was too sterile. This resulted in any network event being a simple task to detect, making network traffic simulation a requirement for an event detection test bed. Five main kinds of traffic were simulated: Web browsing, File transfer, e-mail, version control and Intranet File traffic. The simulated traffic volumes were pseudo randomised to represent differing temporal patterns. By building a virtualised network with simulated traffic we were able to test IDS' and other network attack detection sensors in a much more realistic environment before moving it to a live network. The goal of this paper is to present a virtualised testbedenvironmentin which network attacks can safely be tested.
  • Full Text:
  • Date Issued: 2013

Classifying network attack scenarios using an ontology

  • Authors: Van Heerden, Renier , Irwin, Barry V W , Burke, I D
  • Date: 2012
  • Language: English
  • Type: Conference paper
  • Identifier: vital:6606 , http://hdl.handle.net/10962/d1009326
  • Description: This paper presents a methodology using network attack ontology to classify computer-based attacks. Computer network attacks differ in motivation, execution and end result. Because attacks are diverse, no standard classification exists. If an attack could be classified, it could be mitigated accordingly. A taxonomy of computer network attacks forms the basis of the ontology. Most published taxonomies present an attack from either the attacker's or defender's point of view. This taxonomy presents both views. The main taxonomy classes are: Actor, Actor Location, Aggressor, Attack Goal, Attack Mechanism, Attack Scenario, Automation Level, Effects, Motivation, Phase, Scope and Target. The "Actor" class is the entity executing the attack. The "Actor Location" class is the Actor‟s country of origin. The "Aggressor" class is the group instigating an attack. The "Attack Goal" class specifies the attacker‟s goal. The "Attack Mechanism" class defines the attack methodology. The "Automation Level" class indicates the level of human interaction. The "Effects" class describes the consequences of an attack. The "Motivation" class specifies incentives for an attack. The "Scope" class describes the size and utility of the target. The "Target" class is the physical device or entity targeted by an attack. The "Vulnerability" class describes a target vulnerability used by the attacker. The "Phase" class represents an attack model that subdivides an attack into different phases. The ontology was developed using an "Attack Scenario" class, which draws from other classes and can be used to characterize and classify computer network attacks. An "Attack Scenario" consists of phases, has a scope and is attributed to an actor and aggressor which have a goal. The "Attack Scenario" thus represents different classes of attacks. High profile computer network attacks such as Stuxnet and the Estonia attacks can now be been classified through the “Attack Scenario” class.
  • Full Text:
  • Date Issued: 2012

Mapping the most significant computer hacking events to a temporal computer attack model

  • Authors: Van Heerden, Renier , Pieterse, Heloise , Irwin, Barry V W
  • Date: 2012
  • Subjects: To be catalogued
  • Language: English
  • Type: text , article
  • Identifier: http://hdl.handle.net/10962/429950 , vital:72654 , https://doi.org/10.1007/978-3-642-33332-3_21
  • Description: This paper presents eight of the most significant computer hacking events (also known as computer attacks). These events were selected because of their unique impact, methodology, or other properties. A temporal computer attack model is presented that can be used to model computer based attacks. This model consists of the following stages: Target Identification, Reconnaissance, Attack, and Post-Attack Recon-naissance stages. The Attack stage is separated into: Ramp-up, Dam-age and Residue. This paper demonstrates how our eight significant hacking events are mapped to the temporal computer attack model. The temporal computer attack model becomes a valuable asset in the protection of critical infrastructure by being able to detect similar attacks earlier.
  • Full Text:
  • Date Issued: 2012
  • 1
  • Disclaimer
  • Privacy
  • Copyright
  • Contact