Threat modeling is of increasing importance to IT security, and it is a complex and resource demanding task. The aim of automating threat modeling is to simplify model creation by using data that are already available. However, the collected data often lack context; this can make the automated models less precise in terms of domain knowledge than those created by an expert human modeler. The lack of domain knowledge in modeling automation can be addressed with ontologies. In this paper, we introduce an ontology framework to improve automatic threat modeling. The framework is developed with conceptual modeling and validated using three different datasets: a small scale utility lab, water utility control network, and university IT environment. The framework produced successful results such as standardizing input sources, removing duplicate name entries, and grouping application software more logically.
Information technology is continuously becoming a more central part of society and together with the increased connectivity and inter-dependency of devices, it is becoming more important to keep systems secure. Most modern enterprises use some form of intrusion detection in order to detect hostile cyber activity that enters the organization. One of the major challenges of intrusion detection in computer networks is to detect types of intrusions that have previously not been encountered. These unknown intrusions are generally detected by methods collectively called anomaly detection. It is nowadays popular to use various artificial intelligence schemes to enhance anomaly detection of network traffic, and many state-of-the-art models reach a detection rate of well over 99%. One such promising algorithm is the Tree Augmented Naive Bayes (TAN) Classifier. However, it is crucial to implement TAN correctly in order to benefit from its full performance. This study implements a TAN classifier for anomaly based intrusion detection of computer network traffic, and displays practical insights on how to maximize its performance. The algorithm is implemented in two data sets with data from simulated cyber attacks: NSL-KDD and UNSW-NB15. We contribute to the field by validating the usefulness of TAN for anomaly detection in computer networks, as well as providing practical insights to new practitioners who want to utilize TAN in intrusion detection systems.
The Internet of things (IoT) products, which have been widely adopted, still pose challenges in the modern cybersecurity landscape. Many IoT devices are resource-constrained and almost constantly online. Furthermore, the security features of these devices are less often of concern, and fewer methods, standards, and guidelines are available for testing them. Although a few approaches are available to assess the security posture of IoT products, the ones in use are mostly based on traditional non-IoT-focused techniques and generally lack the attackers’ perspective. This study provides a four-stage IoT vulnerability research methodology built on top of four key elements: logical attack surface decomposition, compilation of top 100 weaknesses, lightweight risk scoring, and step-by-step penetration testing guidelines. Our proposed methodology is evaluated with multiple IoT products. The results indicate that PatrIoT allows cyber security practitioners without much experience to advance vulnerability research activities quickly and reduces the risk of critical IoT penetration testing steps being overlooked.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.