Antonio Colella scite author profile

2012

The vast development of Information and Communication Technologies and the innovations applied in the field of governance and management push the researchers to change their perspectives in finding new security paradigms. The major effort regards the capability to identify some appropriate tools that have the characteristic of better fit with the "object" to protect in the real world.One of main aspect that can ensure the success in this operation is the correct integration and harmonization of the human factor with all remaining factors of a security system. This paper discusses why the CIA (Confidentiality, Integrity and Availability) paradigm is no more valid and able to perform its effect in a post-modern world, and why Cloud and Pervasive Computing requires a new approach in which the user become the main actor of the entire security system.

Digital Profiling: A Computer Forensics Approach

Colombini¹,

Colella²

2011

Abstract. Nowadays investigations have become more difficult than in the past. It is already clear that, in modern crime scene, a vast amount of evidence are in the electronic or digital form and that the computer system or network have a paramount role in researching of indicators and evidence. The correct analysis of log file and the data saved in the system memory, in this new scenario, are crucial for understanding the criminal actions. Moreover, in order to transform these new elements in evidence, it is important, as well, do not lose sight of the goal of the investigative process and namely identify the perpetrator, even in the cases in which the association of the criminal and of the computer, where crime has been committed, is difficult. This paper, under this prospective, aims to recognize an alternative investigation approach to traditional criminal profiling. Starting from digital evidence left on the computer system, this research suggests an analytic methodology useful to draw a compatible user digital profile in conjunctions to the evidence left on the system.

Amplification DDoS Attacks: Emerging Threats and Defense Strategies

Colella¹,

2014

Part 2: 4th International Workshop on Security and Cognitive Informatics for Homeland Defense (SeCIHD 2014)International audienceThere are too many servers on the Internet that have already been used, or that are vulnerable and can potentially be used to launch DDoS attacks. Even though awareness increases and organizations begin to lock down those systems, there are plenty of other protocols that can be exploited to be used instead of them. One example is the Simple Network Management Protocol (SNMP), which is a common UDP protocol used for network management. Several types of network devices actually come with SNMP ”on” by default. A request sent to an SNMP server returns a response that is larger than the query that came in.The main aim of this paper is to investigate on the increasing prevalence and destructive power of amplification-based distributed denial of service (DDoS) attacks in order to present a solution based on a profiling methodology. The paper encompass three aspects: amplification DDoS attacks and main port used, the profiling methodology as a mean of identifying the threat and shape it. Finally, a proposal solution is given by considering both strategic and technical aspects

Cyber Threats Monitoring: Experimental Analysis of Malware Behavior in Cyberspace

Colella²,

Mattiucci³

et al. 2013

Abstract. Cyberspace is a borderless new universe in which all actors, including States, share information and communications technologies, now indispensable to the modern lifestyle. Starting from the beginning of the 21st century, the ability to leverage the cyberspace has become the most important source of power. Due to the proliferation of ICT systems into all aspects of life, the importance of information for political matters has increased awfully. State and non-State actors can use this power to achieve objectives into cyberspace and physical world. Low cost and high potential impact make cyber-power attractive to all actors. In fact, cyber threats have grown exponentially with the proliferation of the cyberspace infrastructures. Consequently, cyberspace has become a war-fighting domain with the potential to destroy or make useless logical, physical, technical, and virtual infrastructure, damaging in fact critical National capabilities.This scenario forces all national institutions to a review of their defense strategies, because of the difficulties to identify the actors of a cyber-attack. It then becomes necessary to gain a broader view of the problem to acquire more detailed information, useful to identify such sources of cyber-attacks. This new point of view can be achieved by using the analytical method developed by the authors and applied to data streams flowing across the cyberspace. In this way we can collect, detect, isolate and analyze the behavior of those malware that are acting as cyber weapons, through the implementation of an honeypot-based system such as the one presented in this paper.

Network Profiling: Content Analysis of Users Behavior in Digital Communication Channel

Colella²,

Mattiucci³

et al. 2012

Part 2: WorkshopInternational audienceIn this paper, we focus on a method of analysis of data in a digital communication channel, using the Digital Profiling technique. We believe, in fact, that the massive use of cloud computing and pervasive technology compels us to improve the results of investigative analysis, in case of cyber-crime, reducing the times of job and maximizing the outcome. The method suggested highlights relationships between flowing data in a digital communication channel and the behavioral models of a possible intruder that threaten that communication. We have chosen to use the two typical approaches adopted in literature: the Top-down to confirm the facts and the Bottom-up to to construct the hypotheses