Cyber Threat Intelligence and Analytics

Permanent URI for this collection

Browse

Recent Submissions

Now showing 1 - 5 of 10
  • Item
    Detecting Cyber Security Vulnerabilities through Reactive Programming
    ( 2019-01-08) Moholth, Ole Christian ; Juric, Radmila ; McClenaghan, Karoline Moholth
    We propose a software architectural model, which uses reactive programming for collecting and filtering live tweets and interpreting their potential correlation to software vulnerabilities and exploits. We aim to investigate if we could discover the existence of exploits for disclosed vulnerabilities in Twitter data streams. Reactive programming is used for performing filtering and querying of tweet to find potential exploits. The result of processing Twitter data streams with reactive programming could be broadcasted, by pointing towards potential exploits, which might create a cyber-attack. They can also be entered as a new entry into existing overt or open source intelligence repositories.
  • Item
    Insight from a Docker Container Introspection
    ( 2019-01-08) Watts, Thomas ; Benton, Ryan ; Glisson, William ; Shropshire, Jordan
    Large-scale adoption of virtual containers has stimulated concerns by practitioners and academics about the viability of data acquisition and reliability due to the decreasing window to gather relevant data points. These concerns prompted the idea that introspection tools, which are able to acquire data from a system as it is running, can be utilized as both an early warning system to protect that system and as a data capture system that collects data that would be valuable from a digital forensic perspective. An exploratory case study was conducted utilizing a Docker engine and Prometheus as the introspection tool. The research contribution of this research is two-fold. First, it provides empirical support for the idea that introspection tools can be utilized to ascertain differences between pristine and infected containers. Second, it provides the ground work for future research conducting an analysis of large-scale containerized applications in a virtual cloud.
  • Item
    A Social Network Analysis (SNA) Study On Data Breach Concerns Over Social Media
    ( 2019-01-08) Vemprala, Naga ; Dietrich, Glenn
    In the current era of digital devices, the concerns over data privacy and security breaches are rampant. Understanding these concerns by analyzing the messages posted on the social media from linguistic perspective has been a challenge that is increasing in complexity as the number of social media sites increase and the volume of data increases. We investigate the diffusion characteristics of the information attributed to data breach messages, first based on the literary aspects of the message and second, we build a social network of the users who are directly involved in spreading the messages. We found that the messages that involve the technicalities, threat and severity related security characteristics spread fast. Contrary to conventional news channels related posts on social media that capture wide attention, breach information diffusion follows a different pattern. The messages are widely shared across the tech-savvy groups and people involved in security-related studies. Analyzing the messages in both linguistic and visual perspective through social networks, researchers can extract grounded insights into these research questions.
  • Item
    Investigating 3D Printer Residual Data
    ( 2019-01-08) Miller, Daniel ; Gatlin, Jacob ; Glisson, William ; Yampolskiy, Mark ; McDonald, Jeffrey
    The continued adoption of Additive Manufacturing (AM) technologies is raising concerns in the security, forensics, and intelligence gathering communities. These concerns range from identifying and mitigating compromised devices, to theft of intellectual property, to sabotage, to the production of prohibited objects. Previous research has provided insight into the retrieval of configuration information maintained on the devices, but this work shows that the devices can additionally maintain information about the print process. Comparisons between before and after images taken from an AM device reveal details about the device’s activities, including printed designs, menu interactions, and the print history. Patterns in the storage of that information also may be useful for reducing the amount of data that needs to be examined during an investigation. These results provide a foundation for future investigations regarding the tools and processes suitable for examining these devices.
  • Item
    Cross-Site Scripting (XSS) Detection Integrating Evidences in Multiple Stages
    ( 2019-01-08) Zhang, Jingchi ; Jou, Yu-Tsern ; Li, Xiangyang
    As Cross-Site Scripting (XSS) remains one of the top web security risks, people keep exploring ways to detect such attacks efficiently. So far, existing solutions only focus on the payload in a web request or a response, a single stage of a web transaction. This work proposes a new approach that integrates evidences from both a web request and its response in order to better characterize XSS attacks and separate them from normal web transactions. We first collect complete payloads of XSS and normal web transactions from two databases and extract features from them using the Word2vec technique. Next, we train two Gaussian mixture models (GMM) with these features, one for XSS transaction and one for normal web transactions. These two models can generate two probability scores for a new web transaction, which indicate how similar this web transaction is to XSS and normal traffics respectively. Finally, we put together these two GMM models in classification by combining these two probabilities to further improve detection accuracy.