Erinevus lehekülje "ITC8112" redaktsioonide vahel
| 32. rida: | 32. rida: | ||
| • Implementation of a proof of concept tool for collaborative intrusion detection system   | • Implementation of a proof of concept tool for collaborative intrusion detection system   | ||
| + | |||
| • Data correlation on the data colected from two or three different honeypots (maybe SCADA honeypots). | • Data correlation on the data colected from two or three different honeypots (maybe SCADA honeypots). | ||
| + | |||
| • Correlation among different digital evidences (USB, different harddrives, etc.) | • Correlation among different digital evidences (USB, different harddrives, etc.) | ||
| + | |||
| • Supporting intrusion detection systems by the information obtained from open cyber threat intelligence   | • Supporting intrusion detection systems by the information obtained from open cyber threat intelligence   | ||
| databases | databases | ||
| + | |||
| • Cyber attacks to log management systems | • Cyber attacks to log management systems | ||
| + | |||
| • Derivation of security requirements from the business process flow | • Derivation of security requirements from the business process flow | ||
| + | |||
| • Preparation of a survey that evaluates the cyber security understanding of high level managers of an organization | • Preparation of a survey that evaluates the cyber security understanding of high level managers of an organization | ||
| + | |||
| • Preparation of a survey that evaluates the awareness level of normal users | • Preparation of a survey that evaluates the awareness level of normal users | ||
| + | |||
| • Identification of major information flows described in national cyber security strategies | • Identification of major information flows described in national cyber security strategies | ||
| 64. rida: | 72. rida: | ||
| • Romain Bourgue, Joshua Budd, Jachym Homola, and Michal Wlasenko, Dariusz Kulawik Detect, Share, Protect Solutions for Improving Threat Data Exchange among CERTs, 2013, ENISA | • Romain Bourgue, Joshua Budd, Jachym Homola, and Michal Wlasenko, Dariusz Kulawik Detect, Share, Protect Solutions for Improving Threat Data Exchange among CERTs, 2013, ENISA | ||
| − | • Cristin Goodwin, J. Paul Nicholas, A Framework for Cybersecurity Information Sharing and Risk Reduction, 2015, Microsoft | + | • Cristin Goodwin, J. Paul Nicholas, A Framework for Cybersecurity Information Sharing and Risk Reduction, 2015, Microsoft   | 
| '''Week 5:''' Advanced persistent threats | '''Week 5:''' Advanced persistent threats | ||
Redaktsioon: 10. veebruar 2016, kell 09:11
Special Course in Cyber Security / 2015-2016 Spring Term
Instructor: Hayretdin Bahsi, hayretdin.bahsi@ttu.ee
Time: Odd weeks, Wednesday, 17:45-20:15
Location: ICT-312
Course Objectives: Main objective is to present and discuss some of the technical research topics recently emerged due to the new technical and strategic dimensions of cyber security.
Learning Outcomes: After successful completion of the course, students will have solid understanding about the discussed security concepts and their links with the strategic concepts. They will find opportunity to enhance their practical skills by hands-on homeworks. Their research capabilities will be improved by conducting an implementation project or preparing a short literature survey paper.
Textbook: No specific textbook is required. Appropriate documents and papers are listed below.
Grading: Grading is mainly based on the success of students in the term project. Homework assignments that include some hands-on studies will be delivered.
A tentative distribution of grading items are given as follows: • Attendance: 15% • Homework Assignments: 25% • Term Project (Report/Paper+Presentations): 60%
The final grade will be converted to "pass" if it exceeds 60 (out of 100) otherwise it will be "fail".
Homework assignments will be delivered on weeks 3 and 11. They will include hands-on studies about the utilization of security scanning and attack graph generation tools.
Students may follow one of the two paths for the term project. First path is to conduct an implementation project that requires to integrate existing security tools or to develop a new tool in order to solve a technical problem. The other path is to prepare a short literature survey about a topic. Surveys should include the analysis of at least 5 papers. Students can choose their project or paper topics by themselves but their choices are subject to approval by instructor. They can also select their topics from a list given below. Each student is requested to present the project findings or literature survey to the class.
The following list includes technical and organizational/strategic topics. During the topic selection stage, students may discuss the details of the topic with the instructor.
Possible project topics
• Implementation of a proof of concept tool for collaborative intrusion detection system
• Data correlation on the data colected from two or three different honeypots (maybe SCADA honeypots).
• Correlation among different digital evidences (USB, different harddrives, etc.)
• Supporting intrusion detection systems by the information obtained from open cyber threat intelligence databases
• Cyber attacks to log management systems
• Derivation of security requirements from the business process flow
• Preparation of a survey that evaluates the cyber security understanding of high level managers of an organization
• Preparation of a survey that evaluates the awareness level of normal users
• Identification of major information flows described in national cyber security strategies
Possible literature survey topics
• Cyber security graduate programs in Europe • Security in internet of things • Security problems in Industrial Revolution 4.0 • Cyber exercises and serious cyber games • Security operation center models • Industrial control security testbeds • Cyber security problems in supply chain management
Syllabus:
Classes will take place in two-week period. Reading resources for each week are given below.
Week 1: Definitions of key terms and some background information
Week 3: Cyber threat intelligence and information sharing
• Jon Friedman, Mark Bouchard, Definite Guide for Cyber Threat Intelligence, 2015, iSightPartners
• Romain Bourgue, Joshua Budd, Jachym Homola, and Michal Wlasenko, Dariusz Kulawik Detect, Share, Protect Solutions for Improving Threat Data Exchange among CERTs, 2013, ENISA
• Cristin Goodwin, J. Paul Nicholas, A Framework for Cybersecurity Information Sharing and Risk Reduction, 2015, Microsoft
Week 5: Advanced persistent threats
• Hutchins, Eric M., Michael J. Cloppert, and Rohan M. Amin. "Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains." Leading Issues in Information Warfare & Security Research 1 (2011): 80.
• Sood, Aditya K., and Richard J. Enbody. "Targeted cyberattacks: a superset of advanced persistent threats." IEEE security & privacy 1 (2013): 54-61.
• APT1 Exposing One of China’s Cyber Espionage Units, 2013, MANDIANT.
Week 7: Cyber security situational awareness and continuous monitoring
• Jakobson, Gabriel. "Mission cyber security situation assessment using impact dependency graphs." Information Fusion (FUSION), 2011 Proceedings of the 14th International Conference on. IEEE, 2011.
• Natarajan, Arun, et al. NSDMiner: Automated discovery of network service dependencies. IEEE, 2012.
• Mell, Peter, et al. "CAESARS Framework new Extension: An Enterprise Continuous Monitoring Technical Reference Model (Second Draft)." (2012).
Week 9: Deception in cyber defence
• Almeshekah, Mohammed H., and Eugene H. Spafford. "Planning and integrating deception into computer security defenses." Proceedings of the 2014 workshop on New Security Paradigms Workshop. ACM, 2014.
• Virvilis, Nikos, Oscar Serrano Serrano, and Bart Vanautgaerden. "Changing the game: The art of deceiving sophisticated attackers." Cyber Conflict (CyCon 2014), 2014 6th International Conference On. IEEE, 2014.
Week 11: Attack graphs
• Ou, Xinming, Sudhakar Govindavajhala, and Andrew W. Appel. "MulVAL: A Logic-based Network Security Analyzer." USENIX security. 2005.
• Singhal, Anoop, and Xinming Ou. Security risk analysis of enterprise networks using probabilistic attack graphs. US Department of Commerce, National Institute of Standards and Technology, 2011.
• Cheng, Pengsu, et al. "Aggregating CVSS base scores for semantics-rich network security metrics." Reliable Distributed Systems (SRDS), 2012 IEEE 31st Symposium on. IEEE, 2012.
Week 13: Cyber security of industrial control systems (ICSs)
• CSSP, DHS. "Recommended Proctice: Improving Industrial Control Systems Cybersecurity with Defense-In-Depth Strategies." US-CERT Defense In Depth (October 2009) (2009).
• Robinson, Michael. "The SCADA threat landscape." Proceedings of the 1st International Symposium on ICS & SCADA Cyber Security Research 2013. BCS, 2013.
• Edmonds, Janica, Mauricio Papa, and Sujeet Shenoi. "Security analysis of multilayer SCADA protocols." Critical Infrastructure Protection. Springer US, 2008. 205-221.
Week 15: Presentations