Nowadays there are many DNS (Domain Name Service) firewall solutions to prevent users to access malicious domains. These can provide real time protection and block illegitimate communications. Mostly of these solutions are based on known malicious domains lists that are being constantly updated. However, in this way, it is only possible to block malicious communications for known malicious domains, leaving out many others that are malicious but have not yet been updated in the block lists. This work intends to provide a DNS dataset for the scientific community in order to improve the detection of malicious DNS requests on the fly based on the result of ML (Machine Learning) algorithms. For this purpose, a dataset will be created based on real DNS logs. The data will be enriched using OSINT (Open Source Intelligence) sources. The exploratory analysis and data preparations steps will be carried and the final dataset will be submitted to different ML algorithms to accurately and timely classify if a domain request is malicious or not providing a valuable register to the scientific community that can be applied in firewall systems in order to increase the security analysis and performance.
Nowadays, we live in a world all connected to the network. If we all want to have access to all equipment anywhere, the first focus should be on security. Unfortunately it is not. There are several hacked systems and with this, many data are exposed. It is necessary to protect. Machine Learning mechanisms integrated in an Intrusion Detection System are the key to considerably increasing security. If in 2021, are estimated more than 12 million attacks only by DDoS, designing a system capable of protecting several agents against them and learning from their own actions (being rewarded when it makes a correct decision, but penalized when it makes a mistake) is the way forward.
In this work we propose an experimental study regarding the detection of phishing emails. The goal is to study and create a system capable of automatically classifying emails as being phishing or not by considering their content. To this end, we will explore the use of Named Entity Recognition and Sentiment Analysis to create a dataset and analyze it using machine learning classification algorithms.
The Internet of Things (IoT) demands for Low-Power and Wide-Area Networks (LPWAN) since connected devices need battery-efficient and long-range communications. Due to its low-cost and high availability (regional/city level scale), these types of networks have been widely used in several critical IoT applications, such as Smart Metering, Smart Grids, Smart Buildings, Intelligent Transportation Systems (ITS), SCADA Systems, etc. By using Low Power Wide Area Networks (LPWAN) technologies, communications are less dependent on common and existing infrastructure, such as WiFi, enabling IoT devices to operate on small and inexpensive batteries (up to 10 years), and be easily deployed within a wide area, typically more than 2 km in urban zones. In this study, a state-of-the-art review is put forward focusing the most prominent results that have been found. Finally, a threat model for a generic IoT application that will be explored in the context of critical IoT applications. Results have shown that this type of technology contains several security flaws, which can lead to irreversible harm to the systems.
In this project, we intend to evaluate and understand the biggest difficulties and challenges in the implementation of a security standard, such as ISO/IEC 27001, in a group with so many differences in the various companies. The method used in this project is the case-study that has successive stages of collecting, analysing and interpreting the methods information, for the purpose of the investigation and the intensive study. At the end, a tool must be proposed to estimate the effort required to deploy the standard.
The health area is not only betting on the development of better health treatments, but they are also betting on becoming more digital, since the creation of teleconsultations, correct and more effective diagnoses, use of virtual reality tools, virtual health assistants, medical devices with intelligence artificial, electronic health records on blockchain, development of wearables for continuous and improved monitoring and patient autonomy. The COVID-19 pandemic accelerated the process of digital transformation in the health sector. Digital transformation thus becomes a “survival” tactic and strategy in the short and long term. However, the adoption of new technologies or even the improvement of the technologies used are still vulnerable to modern threats.
Implantable medical devices are used for critical functions like diagnosis, prevention, control, treatment or life-enhancing patients with chronic diseases, through diagnosing and/or monitoring for better care and quality of patients' lives. Communication between medical devices and healthcare professionals is of utmost importance to treat health data and critical functions without the need for patient surgery. Increasingly, the development, implementation and use of security mechanisms that can provide the availability of information, the integrity of medical devices and the confidentiality of data are needed. Alteration of data, theft, improper access to this information, or even denial of service in a healthcare system can lead to the death of patients on devices such as these essential to life. This paper mainly contribution is a research on implantable medical device vulnerabilities and attack mitigation strategies.
Autonomous driving is becoming a reality and cars are getting connected with everything (traffic lights, roads, bicycles, other cars, people, infrastructure, etc) being Vehicle-to-Everything (V2X) communications a critical factor in the success of autonomous cars. This work aims to study the main security mechanisms and explore the main vulnerabilities of V2X communication standards in a specific application context regarding future Intelligent Transportation Systems (ITS). A prior study will be the basis for the proposal of an attack model that will be later tested and evaluated using a simulation framework.
Given the world's current state regarding the pandemic virus COVID-19, researchers and developers created technological solutions to help fight various virus-related issues. Google/Apple Exposure Notification (GAEN) is one of the solutions designed to help in contact tracing with the usage of Bluetooth. This paper presents a taxonomy for classifying GAEN related attacks and thus provide a better understanding of the problem. The classification criteria were selected to highlight the common features and the level of resources needed for such attacks and if they are a viable implementation for a common attacker.
A penetration test is a subclass of ethical hacking, which comprises a set of methods and procedures that aim at testing/protecting an organization’s security. Enumeration is one of the phases of a penetration test, defined as a process which establishes an active connection to the target hosts to discover potential vulnerabilities in the system, and the same can be used for further exploitation of the system. One of the most popular network mappers in the infosec world is Nmap, is utilized to scan local and remote open ports, as well as hosts and network information. In this research paper is used a target machine (Metasploitable 2) which is an intentionally vulnerable Ubuntu Linux virtual machine that is designed for testing common vulnerabilities. Kali Linux is the interface of using RustScan and Nmap tool. It is discussed how fast is scanning a target operating system with RustScan comparative to Nmap and if RustScan can be a opcion for the enumeration phase.
A device called "CyberPI", based on a Raspberry Pi 4, that automates many penetration testing tools to collect and parse security-related information from all machines connected to a network. We explore the Raspberry Pi's unique capabilities in terms of portability and autonomy to decrease or even eliminate human needs in a pentester environment. Currently, while many devices are being used in research as exploitation toolkits, the current state of automation of the processes associated with reconnaissance, enumeration and information parsing leaves much to be desired. While this proposal describes the "CyberPI" device, it can also be used as a guideline for future research.
Over the past few years, companies are investing in digital security as there is an increasing demand from consumers and companies that require these services. Norms and laws are created to prevent failures that exposed the data of users and companies. Security teams utilize vulnerability scanners to bring to light security vulnerabilities in their computer systems, networks, applications, and procedures. There are plenty of vulnerability scanning tools available, each offering a unique combination of capabilities. In this paper we will analyze and compare the best tools, open-source and paid.