characteristics of cyber attacks and its countermeasures
TRANSCRIPT
Characteristics Of Cyber Attacks And Its
CountermeasuresBy
Venkat MeruvaSouthern University and A & M
College
2
Introduction
Importance of Cyber Security
Different Types of Cyber Attacks
Counter Measures
Conclusion
Future Work
References
Outline
3
◦Cyber security involves protecting the information and systems where we rely on every day.
◦Many aspects of our lives rely on the Internet and computers, there are follows:
i. Communications (e-mail, cell phones, texting).
ii. Transportation (traffic control signals, car engine systems, airplane navigation).
iii. Government (birth/death records, social security, licensing, tax records).
iv. Finance (bank accounts, loans, electronic paychecks).
v. Medicine (equipment, medical records) and
vi. Education (virtual classrooms, online report cards, research).
Cyber Security
4
◦Today, the necessity of strong Cyber Security measures is self evident. An Increase in number
of cyberattacks is causing increasing damage to companies, governments and individuals.
◦The increasing of cyber attacks includes targeting phishing scams, data theft, and other online attacks .
◦The average unprotected computer connected to the Internet can be compromised in moments.
◦Thousands of infected web pages are being discovering every day.
◦Organizations need to respond to this increased threat by adopting strict Cyber Security measures.
◦Hence there is a need to understanding of cyber-attacks and its classification, so that one can take
measures against such attacks.
Importance of Cyber Security
Ref : http://Cyber Security .alabama.gov/Documents/security/WhyCyber Security isImportant.pdf
5
◦The following are the different types of Cyber Attacks:
Denial of Service (DDoS) attack
Web Based Malvertising Attack
Man in the Middle Attack
Malware Attack
Phishing Attack
Types of Cyber-Attacks
6
◦ A Denial-of-service Attack (DoS attack) is a cyber attack
where the attacker tries to make a network unavailable by
temporarily disrupting host which is connected to
the internet.
◦ This involves the attacker using multiple computers to send
the traffic that will overload the system.
◦ In many instances, a person may not even realize that the
computer has been hijacked to the DDoS attack.
Denial of Service Attack
Ref: Survey on Various Cyber Attacks and Their Classification International Journal of Network Security,
7
◦ Malvertising is the use of online advertising to
spread malware.
◦ Cyber attackers upload infected display ads to different
sites using an ad network. These ads are then distributed
to sites that match certain keywords and search criteria.
◦ Once a user clicks on one of these ads, some type of
malware will be downloaded. Any website or web
publisher can be subjected to Malvertising and many don’t
even know they’ve been compromised.
Ref: A Survey of Cyber Attack Detection Systems IJCSNS International Journal of Computer Science and Network Security, VOL.9 No.5, May 2009
Web Based Malvertising Attack
8
oA man-in-the-middle attack (mitm) is an attack where the
attacker secretly alters the communication between two parties
who believe they are directly communicating with each other.
◦ Normally, a MITM gains access through a non-encrypted
wireless access point (WAP)
◦ Then, the attacker will access to all of the information being
transferred between both parties.
Man in the Middle Attack
Ref : http://ieeexplore.ieee.org/document/7442758/
9
◦Malware is a term used to refer to a varieties of computer viruses,
worms, Trojan horses, ransomware, spyware, adware, scareware,
and other malicious programs.
◦Malware is most often introduced to a system through email
attachments, software downloads or operating system
vulnerabilities.
Ref: A Survey of Cyber Attack Detection Systems IJCSNS International Journal of Computer Science and Network Security, VOL.9 No.5, May 2009
Malware Attacks
Malware by Categories
10
◦Phishing attacks are sent via email and ask
users to click on a link and enter their personal
data.
◦Phishing emails have gotten much more
sophisticated in recent years.
◦Phishing emails often fall into the same
category as spam, but are more harmful than
just a simple ad.
A Survey of Cyber Attack Detection Systems IJCSNS International Journal of Computer Science and Network Security, VOL.9 No.5, May 2009
Phishing Attack
11
◦Phishing is the attempt to obtain sensitive information such as
◦Username◦ password◦Social Security Number ◦credit card details..etc..
Phishing Attacks Contd. .
12
Countermeasures
◦The best way to prevent an additional breach is to keep your system as secure as possible
with regular software updates, online security monitoring
◦Strong anti-virus and anti-spyware software on all systems with Internet connectivity
◦A Kolmogorov Complexity based detection algorithm can quickly identify such attacks.
◦Cumulative Sum (CUSUM) sequential change point detection algorithm.
Ref: https://sites.google.com/a/pccare.vn/it/security-pages/dos-attacks-and-countermeasures
Denial of Service
Ref : https://people.cs.pitt.edu/~mehmud/docs/abliz11-TR-11-178.pdf
13
Web Based Malvertising Attacks
◦The best way to prevent falling victim to Malvertising is to use common sense.
◦Any ad that promises riches, free computers is probably too good to be true,
and therefore could be hiding malware.
◦ As always, up-to-date software and operating systems are your best first line
of defense.
14
Web Based Malvertising Contd..
The following are the techniques and the algorithms are used to avoid the Web
Based Malvertising attacks.
◦Extended sleep is one of the most common evasion techniques.
◦Domain generating algorithm (DGA).
◦Pseudorandom number generating algorithm.
◦Time packing algorithms.
https://www.sans.org/reading-room/whitepapers/forensics/detecting-malware-sandbox-evasion-techniques-36667
15
Man in the Middle Attack
◦The best way to prevent the Man in the Middle attack is to only use encrypted wireless
access points that use WPA security or greater.
◦If you need to connect to a website, make sure it uses an HTTPS connection or, for
better security, consider investing in a Virtual Private Network HTTPS uses certificates
that verify the identity of the servers you’re connecting to using a third-party company
such as VeriSign.
◦ The Diffie-Hellman key exchange is vulnerable to a man-in-the-
middle attack.
http://ieeexplore.ieee.org/document/7442758/
16
Malware Attack
◦The best way to prevent malware is to avoid clicking on links or downloading attachments from
unknown senders.
◦This is also done by updated firewalls which prevent the transfer of large data files over the
network in a hope to weed out attachments that may contain malware.
◦ It’s also important to make sure your computer’s operating system (e.g. Windows, Mac OS X,
Linux) uses the most up-to-date security updates.
◦Software programmers update programs frequently to address any holes or weak points. It’s
important to install these updates as well to decrease your own system’s weaknesses.
17
Malware Attack Contd ..
https://www.researchgate.net/profile/Aditya_Mathur2/publication/229008321_A_survey_of_malware_detection_techniques/links/543153450cf29bbc1278860d.pdf
• A Finite State Automata (FSA).
• DP matching Algorithm .
• Longest Common Subsequence
(LCS) algorithm.
18
Phishing Attack
◦Verifying any requests from institutions that arrive via email over the phone.
◦ If the email itself has a phone number, don’t call that number, but rather one you find
independently online or within documentation you’ve received from that company.
◦Apriori algorithm
◦Hybrid Feature Selection algorithm.
◦Multi-class Classification based on Association Rule(MCAR) and Classification based on
Association (CBA) to detect the phishing websites.
◦Link guard algorithm to avoid phishing attacks.
http://www.ijcaonline.org/research/volume139/number1/suganya-2016-ijca-909084.pdf
19
Attacks Vs Countermeasures Attacks Countermeasures
Denial of Service Attacks Kolmogorov Complexity Algorithm cumulative sum sequential change point detection Algorithm
Web Based Malvertising Attacks Domain generating algorithm (DGA) Algorithm
Time packing Algorithm
Man in the Middle Attacks The Diffie-Hellman key Algorithm
Malware Attacks A Finite State Automata (FSA) Algorithm
Longest Common Subsequence (LCS) Algorithm
Phishing Attacks Apriori Algorithm,
File matching Algorithm
Conclusion
◦Cyber security is one of the most urgent issues of the day.
◦Computer networks have always been the target of criminals, and it is likely that the danger of
cyber security attacks will only increase in the future as these networks expand.
◦But there are sensible precautions that organizations can take to minimize losses from those
who seek to do harm.
◦With the right level of preparation and specialist external assistance, it is possible to control
damages, and recover from a cyber breach and its consequence.
20
21
Future Work
◦ In this presentation , we have discussed only the 5 major types of attacks and its
countermeasures .
◦We are planning to include more attacks and countermeasures.
◦We also planning to study in depth about the countermeasures algorithms.
22
References o Survey on Various Cyber Attacks and Their Classification International Journal of
Network Security, Vol.15, No.5, PP.390-396, Sept. 2013 ◦ A Survey of Cyber Attack Detection Systems IJCSNS International Journal of
Computer Science and Network Security, VOL.9 No.5, May 2009 ◦ A survey of Cyber Attack Detection Strategies International Journal of Security
and Its Applications Vol.8, No.1 (2014), pp.247-256 ck Detection Strategies ◦http://www.afitc-event.com/cyberattacks-in-the-u-s/◦http://quickbooks.intuit.com/r/technology-and-security/8-types-of-cyber-attacks-
your-business-needs-to-avoid/◦https://en.wikipedia.org/wiki/List_of_cyber-attacks◦http://www.cnbc.com/2014/12/19/top-5-cyber-security-risks-for-2015.html◦ A Review on Phishing Attacks and Various Anti Phishing International Journal of Computer
Applications (0975 – 8887) Volume 139 – No.1, April 2016 ◦ A survey of Distributed Denial of Service attack
23
Thank You Q & A