Edgar Toshiro Yano

Towards a Framework to Detect Multi-stage Advanced Persistent Threats Attacks

Detecting and defending against Multi-Stage Advanced Persistent Threats (APT) Attacks is a challenge for mechanisms that are static in its nature and are based on blacklisting and malware signature techniques. Blacklists and malware signatures are designed to detect known attacks. But multi-stage attacks are dynamic, conducted in parallel and use several attack paths and can be conducted in multi-year campaigns, in order to reach the desired effect. In this paper the design principles of a framework are presented that model Multi-Stage Attacks in a way that both describes the attack methods as well as the anticipated effects of attacks. The foundation to model behaviors is by the combination of the Intrusion Kill-Chain attack model and defense patterns (i.e. a hypothesis based approach of known patterns). The implementation of the framework is made by using Apache Hadoop with a logic layer that supports the evaluation of a hypothesis.

GroupSim: A Collaborative Environment for Discrete Event Simulation Software Development for the World Wide Web

The simulation process involves the collaboration of different participants, such as simulation analysts, programmers, statisticians, and users of the simulation software. Many simulation tasks such as modeling, verification, validation, and design for experimentation require the participants to meet. It is understood that these meetings are time-consuming and expensive. This paper proposes a collaborative environment to help with the tasks of discrete event simulation software development using the World Wide Web platform. The environment, named GroupSim, is based on a collaborative computer system and uses the concepts of distributed modeling with automatic program generation and distributed control of experimentation. The authors show some examples to illustrate the use of the environment and discuss some issues related to collaborative environments such as concurrency control, access control, awareness, and performance.

Analyzing Targeted Attacks using Hadoop applied to Forensic Investigation

Conventional intrusion detection and prevention technologies are mostly based to work on traditional methodologies to detect malicious events, while mining on a midsized log data. In recent years, we have seen the evolution of sophisticated targeted attacks performed by well trained adversaries exhibiting multiyear intrusions; therefore existing security toolsets have become insufficient for analysing targeted attacks with necessary speeds and agility. Dealing with such sophisticated attacks requires working with huge volume of multiyear security log data. Big Data technologies, such as Hadoop, enable the analysis of large and unstructured data sources, therefore, in this paper we propose our framework based on Hadoop for dealing with Intrusions performed by Targeted threat adversaries, using concept of Intrusion kill chains which will be helpful for forensics analysis. Keywords-targeted threats ; Hadoop; intrusion kill chain;

Extending RUP to develop fault tolerant software

Software reliability is generally considered a critical requirement in distributed systems such as Web-based systems and real-time embedded systems. Reliability can be obtained using fault tolerance techniques during the software development process. However, most of the software development processes do not provide suitable support for the construction of a software system that needs to meet fault tolerance requirements. The development processes as such RUP were proposed before the recognition of this concern and they still lack appropriate support. RUP (Rational Unified Process) is a well-known software engineering process that provides a disciplined approach to assigning tasks and responsibilities. The paper aims to present an extension to RUP for the development of fault tolerant software. The fault tolerance is embodied in RUP as a knowledge area (discipline) with activities and roles defined according to the architecture of process engineering UMA (Unified Method Architecture). An example was elaborated to clarify and show the feasibility of the proposal.

Towards a Methodology for Cybersecurity Risk Management Using Agents Paradigm

In order to deal with shortcomings of security management systems, this work proposes a methodology based on agents paradigm for cybersecurity risk management. In this approach a system is decomposed in agents that may be used to attain goals established by attackers. Threats to business are achieved by attackers goals in service and deployment agents. To support a proactive behavior, sensors linked to security mechanisms are analyzed accordingly with a model for Situational Awareness(SA)[4].

Using a P2P architecture for voice and radar transportation in critical command and control systems

The Brazilian air traffic service is constituted by a civil and a military organization, which provide tracking (radar), voice and data communication (VHF, UHF and HF) services, through an integrated network. To optimize the management of its air traffic system, Brazil divides the airspace into four independent Regional Centers. In each of these regions, the existing sensors (radars and radios) send information and products to only one of the Regional Centers, forming a star topology. In case of impediment in one Regional Center (eg, electrical failure or terrorist attack), even if the service node is able to send its information, the Regional Center will collapse, since there is no means to process the information generated locally. The solution presented in this article, develops the redundancy of the system through the digitization of audio and radar signals and its subsequent transport using an peer-to-peer network. To validate this proposal, experimental flights were developed. In these flights, aircraft flying over the city of Manaus (in the center of Amazonia) were coordinated by a center installed in Brasilia, which is located about 1000 km away. After these experiments, it was concluded that using this new architecture, we can provide a performance similar to those currently in operation, enabling air traffic systems, as well as those of similar function (eg coordination of civil defense and police ) to be operated with a high degree of reliability, even when they meet a hostile environment.