Special Issue "Detecting Attack and Incident Zone System"

A special issue of Information (ISSN 2078-2489). This special issue belongs to the section "Information Systems".

Deadline for manuscript submissions: closed (1 July 2021).

Special Issue Editor

Dr. Christoforos Ntantogian
E-Mail Website
Guest Editor
Department of Informatics, Ionian University, Greece
Interests: intrusion detection; attack analysis and response; mobile and wireless security; software security

Special Issue Information

Dear Colleagues,

A widely known fact is that the cyber threat landscape is constantly changing. Sophisticated malware continuously discovers new paths to bypass ever-increasing security mechanisms; software and hardware vulnerabilities are uncovered almost on a daily basis; and malicious actors are changing their prime targets, attacking new emerging technologies including smart grids, autonomous cars and IoT networks. On the other hand, the defenders, manually or automatically, proactively or reactively, collaboratively or independently, are trying to counteract these cyber security challenges.

In this cybersecurity arms race, offensive security seems to be always at least one step ahead of defensive security. Network invasions go unnoticed for a significant period of time, and even when they are discovered, organizations are not able to pinpoint and isolate the incident zones. Thus, affected areas of an incident remain ambiguous, and responders cannot take accurate countermeasures or conduct triage effectively. Hence, there is a need to drive new research and develop new techniques to facilitate defensive security to restore balance in the cybersecurity arm race.

This Special Issue will focus on attack detection and incident zone systems with the attempt to solicit the latest technologies, solutions, case studies, and prototypes on this topic.

Topics of interest include but are not limited to:

  • Identification of Incident zones
  • Novel methods of attack detection
  • Data driven and artificial intelligence based attack discovery
  • Honeypots
  • Cyber threat incident handling frameworks
  • Kill chain detection in enterprise environments
  • Tools for blue teams and defenders
  • Incident handling for fog and edge computing
  • Attack detection and incident handling for cyber physical systems and IoT networks
  • Educational platforms and cyber ranges for defensive security
  • Incident handling in cloud environments
  • Detecting attacks in industrial control systems
  • Forensics in 5G networks
  • Machine learning for Incident triage and incident zone systems
  • Threat intelligence
  • Visual analytics for forensics and security Applications
  • NFV-based security functions and services
  • Attacks and incident handling in Software Defined Networks
  • Biometrics attack detection
  • Blockchain, auditing and incident management
  • Security issues in cloud computing and E-health
  • GDPR and improving security posture of organizations

Dr. Christoforos Ntantogian
Guest Editor

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All papers will be peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Information is an international peer-reviewed open access monthly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 1400 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Keywords

  • Identification of Incident zones
  • Novel methods of attack detection
  • Data driven and artificial intelligence based attack discovery
  • Honeypots
  • Cyber threat incident handling frameworks
  • Kill chain detection in enterprise environments
  • Tools for blue teams and defenders
  • Incident handling for fog and edge computing
  • Attack detection and incident handling for cyber physical systems and IoT networks
  • Educational platforms and cyber ranges for defensive security
  • Incident handling in cloud environments
  • Detecting attacks in industrial control systems
  • Forensics in 5G networks
  • Machine learning for Incident triage and incident zone systems
  • Threat intelligence
  • Visual analytics for forensics and security applications
  • NFV-based security functions and services
  • Intrusion detection and incident handling in Software Defined Networks
  • Biometrics attack detection
  • Blockchain, auditing and incident management
  • Security issues in cloud computing and E-health
  • GDPR and improving security posture of organizations

Published Papers (6 papers)

Order results
Result details
Select all
Export citation of selected articles as:

Editorial

Jump to: Research

Editorial
Editorial for Special Issue Detecting Attack and Incident Zone System
Information 2021, 12(9), 382; https://0-doi-org.brum.beds.ac.uk/10.3390/info12090382 - 18 Sep 2021
Viewed by 386
Abstract
Attackers who have a strong motivation to succeed in their nefarious goals are often able to breach the security of their targets and cause havoc [...] Full article
(This article belongs to the Special Issue Detecting Attack and Incident Zone System)

Research

Jump to: Editorial

Article
P2ISE: Preserving Project Integrity in CI/CD Based on Secure Elements
Information 2021, 12(9), 357; https://0-doi-org.brum.beds.ac.uk/10.3390/info12090357 - 31 Aug 2021
Cited by 1 | Viewed by 457
Abstract
During the past decade, software development has evolved from a rigid, linear process to a highly automated and flexible one, thanks to the emergence of continuous integration and delivery environments. Nowadays, more and more development teams rely on such environments to build their [...] Read more.
During the past decade, software development has evolved from a rigid, linear process to a highly automated and flexible one, thanks to the emergence of continuous integration and delivery environments. Nowadays, more and more development teams rely on such environments to build their complex projects, as the advantages they offer are numerous. On the security side however, most environments seem to focus on the authentication part, neglecting other critical aspects such as the integrity of the source code and the compiled binaries. To ensure the soundness of a software project, its source code must be secured from malicious modifications. Yet, no method can accurately verify that the integrity of the project’s source code has not been breached. This paper presents P2ISE, a novel integrity preserving tool that provides strong security assertions for developers against attackers. At the heart of P2ISE lies the TPM trusted computing technology which is leveraged to ensure integrity preservation. We have implemented the P2ISE and quantitatively assessed its performance and efficiency. Full article
(This article belongs to the Special Issue Detecting Attack and Incident Zone System)
Show Figures

Figure 1

Article
PocketCTF: A Fully Featured Approach for Hosting Portable Attack and Defense Cybersecurity Exercises
Information 2021, 12(8), 318; https://0-doi-org.brum.beds.ac.uk/10.3390/info12080318 - 08 Aug 2021
Cited by 1 | Viewed by 693
Abstract
Capture the flag (CTF) challenges are broadly used for engaging trainees in the technical aspects of cybersecurity, maintaining hands-on lab exercises, and integrating gamification elements. However, deploying the appropriate digital environment for conducting cybersecurity exercises can be challenging and typically requires a lot [...] Read more.
Capture the flag (CTF) challenges are broadly used for engaging trainees in the technical aspects of cybersecurity, maintaining hands-on lab exercises, and integrating gamification elements. However, deploying the appropriate digital environment for conducting cybersecurity exercises can be challenging and typically requires a lot of effort and system resources by educators. In this paper, we present PocketCTF, an extensible and fully independent CTF platform, open to educators to run realistic virtual labs to host cybersecurity exercises in their classrooms. PocketCTF is based on containerization technologies to minimize the deployment effort and to utilize less system resources. A proof-of-concept implementation demonstrates the feasibility of deploying CTF challenges that allows the trainees to engage not only in offensive security but also in defensive tasks that have to be conducted during cybersecurity incidents. When using PocketCTF, educators can deploy hands-on labs, spending less time on the deployment and without necessarily having the advanced technical background to deploy complex labs and scenarios. Full article
(This article belongs to the Special Issue Detecting Attack and Incident Zone System)
Show Figures

Figure 1

Article
A Comprehensive Survey on Machine Learning Techniques for Android Malware Detection
Information 2021, 12(5), 185; https://0-doi-org.brum.beds.ac.uk/10.3390/info12050185 - 25 Apr 2021
Cited by 4 | Viewed by 1000
Abstract
Year after year, mobile malware attacks grow in both sophistication and diffusion. As the open source Android platform continues to dominate the market, malware writers consider it as their preferred target. Almost strictly, state-of-the-art mobile malware detection solutions in the literature capitalize on [...] Read more.
Year after year, mobile malware attacks grow in both sophistication and diffusion. As the open source Android platform continues to dominate the market, malware writers consider it as their preferred target. Almost strictly, state-of-the-art mobile malware detection solutions in the literature capitalize on machine learning to detect pieces of malware. Nevertheless, our findings clearly indicate that the majority of existing works utilize different metrics and models and employ diverse datasets and classification features stemming from disparate analysis techniques, i.e., static, dynamic, or hybrid. This complicates the cross-comparison of the various proposed detection schemes and may also raise doubts about the derived results. To address this problem, spanning a period of the last seven years, this work attempts to schematize the so far ML-powered malware detection approaches and techniques by organizing them under four axes, namely, the age of the selected dataset, the analysis type used, the employed ML techniques, and the chosen performance metrics. Moreover, based on these axes, we introduce a converging scheme which can guide future Android malware detection techniques and provide a solid baseline to machine learning practices in this field. Full article
(This article belongs to the Special Issue Detecting Attack and Incident Zone System)
Show Figures

Figure 1

Article
Compatibility of a Security Policy for a Cloud-Based Healthcare System with the EU General Data Protection Regulation (GDPR)
Information 2020, 11(12), 586; https://0-doi-org.brum.beds.ac.uk/10.3390/info11120586 - 17 Dec 2020
Cited by 1 | Viewed by 886
Abstract
Currently, there are several challenges that cloud-based healthcare systems around the world are facing. The most important issue is to ensure security and privacy, or in other words, to ensure the confidentiality, integrity, and availability of the data. Although the main provisions for [...] Read more.
Currently, there are several challenges that cloud-based healthcare systems around the world are facing. The most important issue is to ensure security and privacy, or in other words, to ensure the confidentiality, integrity, and availability of the data. Although the main provisions for data security and privacy were present in the former legal framework for the protection of personal data, the General Data Protection Regulation (GDPR) introduces new concepts and new requirements. In this paper, we present the main changes and the key challenges of the GDPR and, at the same time, we present how a cloud-based security policy could be modified in order to be compliant with the GDPR, as well as how cloud environments can assist developers to build secure and GDPR compliant cloud-based healthcare systems. The major concept of this paper is dual-purpose; primarily, to facilitate cloud providers in comprehending the framework of the new GDPR and secondly, to identify security measures and security policy rules, for the protection of sensitive data in a cloud-based healthcare system, following our risk-based security policy methodology that assesses the associated security risks and takes into account different requirements from patients, hospitals, and various other professional and organizational actors. Full article
(This article belongs to the Special Issue Detecting Attack and Incident Zone System)
Show Figures

Figure 1

Article
SDToW: A Slowloris Detecting Tool for WMNs
Information 2020, 11(12), 544; https://0-doi-org.brum.beds.ac.uk/10.3390/info11120544 - 25 Nov 2020
Cited by 2 | Viewed by 592
Abstract
Denial of service (DoS) attacks play a significant role in contemporary cyberspace scenarios. A variety of different DoS attacks pollute networks by exploring various vulnerabilities. A group of DoS called application DoS attacks explore application vulnerabilities. This work presents a tool that detects [...] Read more.
Denial of service (DoS) attacks play a significant role in contemporary cyberspace scenarios. A variety of different DoS attacks pollute networks by exploring various vulnerabilities. A group of DoS called application DoS attacks explore application vulnerabilities. This work presents a tool that detects and blocks an application DoS called Slowloris on wireless mesh networks (WMNs). Our tool, called SDToW, is designed to effectively use the structure of the WMNs to block the Slowloris attack. SDToW uses three different modules to detect and block the attack. Each module has its specific tasks and thus optimizes the overall detection and block efficiency. Our solution blocks the attacker on its first WMN hop, reducing the malicious traffic on the network and avoiding further attacks from the blocked user. The comparison results show that SDToW performs with 66.7% less processing consumption and 89.1% less memory consumption than Snort. Our solution does not limit the number of parallel connections per user. Hence, by avoiding this limitation, SDToW has a lower incidence of false positive errors than Snort. Full article
(This article belongs to the Special Issue Detecting Attack and Incident Zone System)
Show Figures

Figure 1

Back to TopTop