Intelligent detection and recovery from cyberattacks for small and medium-sized enterprises

  1. Miguel Ángel López 1
  2. Juan Manuel Lombardo 1
  3. Mabel López 1
  4. Carmen María Alba 1
  5. Susana Velasco 1
  6. Manuel Alonso Braojos 1
  7. Marta Fuentes-García 1
  1. 1 Fundación I+D del Software Libre (FIDESOL)
Revista:
IJIMAI

ISSN: 1989-1660

Año de publicación: 2020

Volumen: 6

Número: 3

Páginas: 55-62

Tipo: Artículo

DOI: 10.9781/IJIMAI.2020.08.003 DIALNET GOOGLE SCHOLAR lock_openDialnet editor

Otras publicaciones en: IJIMAI

Resumen

Cyberattacks threaten continuously computer security in companies. These attacks evolve everyday, being more and more sophisticated and robust. In addition, they take advantage of security breaches in organizations and companies, both public and private. Small and Medium-sized Enterprises (SME), due to their structure and economic characteristics, are particularly damaged when a cyberattack takes place. Although organizations and companies put lots of efforts in implementing security solutions, they are not always effective. This is specially relevant for SMEs, which do not have enough economic resources to introduce such solutions. Thus, there is a need of providing SMEs with affordable, intelligent security systems with the ability of detecting and recovering from the most detrimental attacks. In this paper, we propose an intelligent cybersecurity platform, which has been designed with the objective of helping SMEs to make their systems and network more secure. The aim of this platform is to provide a solution optimizing detection and recovery from attacks. To do this, we propose the application of proactive security techniques in combination with both Machine Learning (ML) and blockchain. Our proposal is enclosed in the IASEC project, which allows providing security in each of the phases of an attack. Like this, we help SMEs in prevention, avoiding systems and network from being attacked; detection, identifying when there is something potentially harmful for the systems; containment, trying to stop the effects of an attack; and response, helping to recover the systems to a normal state.

Referencias bibliográficas

  • Kapersky, “Cyberthreat real-time map.Statistics”, 2020. Available: https://cybermap.kaspersky.com/stats/
  • J. Salom, “El ciberespacio y el crimen organizado”, Cuadernos de estrategia, no. 149, pp. 129-164, 2011.
  • CCN-CERT, “Ciberamenazas y tendencias 2019”, 2020. Available:https://cutt.ly/JyxichC
  • D. S. Wall, “Dis-organised Crime: Towards a distributed modelo of the organization of cybercrime”, The European Review of Organised Crime, vol. 2, no. 2, pp. 71-90, 2015.
  • L. Joyanes, “Introducción. Estado del arte de la ciberseguridad”, Cuadernos de estrategia, no. 149, pp. 11-46, 2011.
  • Council of the European Union, Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection. 2008.
  • M. S. Gordon, “Economic and National Security Effects of Cyber Attacks Against Small Business Communities”, ProQuest Dissertations Publishing, 2018.
  • S. Kamiya, J.-K. Kang, K. Jungmin, A. Milidonis and R. M. Stulz,”What is the impact of successful cyberattacks on target firms?”, NBER, no. 24409, 2018. DOI:10.3386/w24409.
  • Departamento de Seguridad nacional. Presidencia del gobierno, “Estrategia de seguridad nacional”, 2013. Available: https://cutt.ly/iyxinvl
  • C. M. Arce, “Ciberseguridad y crímenes informáticos: el lado oscuro de la red”, Revista Académica Arjé, vol. 2, no. 2, pp. 14-19, 2019.
  • N. K. Popli and A. Girdhar, “Behavioural Analysis of Recent Ransomwares and Prediction of Future Attacks by Polymorphic and Metamorphic Ransomware”, Computational Intelligence: Theories, Applications and Future Directions - Volume II. Advances in Intelligent Systems and Computing, vol 799, pp. 65–80, 2019. DOI:10.1007/978-981-13-1135-2_6.
  • S. Bhattacharya and C. R. S. Kumar, “Ransomware: The CryptoVirus subverting cloud security”, in 2017 International Conference on Algorithms, Methodology, Models and Applications in Emerging Technologies (ICAMMAET), 2017, pp. 1-6.
  • N. Scaife, H. Carter, P. Traynor and K. R. Butler, “Cryptolock (and drop it): stopping ransomware attacks on user data”, in IEEE 36th international conference on distributed computing systems (ICDCS), 2016, pp. 303–312.
  • M. Antonakakis, R. Perdisci, Y. Nadji, N. Vasiloglou, S. Abu-Nimeh, W. Lee and D. Dagon, “From Throw-Away Traffic to Bots: Detecting the Rise of DGA-Based Malware”, in 21st USENIX Security Symposium, 2012, pp. 491-506.
  • A. O’Dowd, “Major global cyber-attack hits NHS and delays treatment”, BMJ, 2017. DOI:10.1136/bmj.j2357.
  • J. Hernandez-Castro, A. Cartwright and E. Cartwright, “An economic analysis of ransomware and its welfare consequences”, Royal Society Open Science, vol 7, 2020. DOI:10.1098/rsos.190023.
  • M. V. Fontanilla, “Cybercrime pandemic”, Eubios Journal of Asian and International Bioethics, vol. 30, no. 4, pp. 161-165, 2020.
  • Dr. Rajib Subba, “Collective intelligence and international coordination: antidote for the novel biological zero-day exploit #COVID-19”, Security Nexus Perspectives, 2020. Available: https://apcss.org/wpcontent/uploads/2020/04/Security-nexus-subba.pdf
  • D. Kiwia, A. Dehghantanha, K.-K. R.Choo and J. Slaughter, “A cyber kill chain based taxonomy of banking Trojans for evolutionary computational intelligence”, Journal of Computational Science, vol. 27, pp.394–409, 2018.
  • P. Peris-Lopez and H. Martín, “Hardware Trojans against virtual keyboards on e-banking platforms – A proof of concept”, AEU - International Journal of Electronics and Communications, vol. 76, pp.146–151,2 017.
  • N. Tariq, “Impact of cyber-attacks on financial Institutions”, Journal of Internet Banking and Commerce, vol. 23, no. 2, pp 1-11, 2018.
  • V. Chebyshev, F. Sinitsyn, D. Parinov, B. Larin, O. Kupreev, E. Lopatin, “IT threat evolution Q1 2019. Statistics”,2014. Available: https:// securelist.com/it-threat-evolution-q2-2019-statistics/92053/
  • J. Woodbridge, H. S. Anderson, A. Ahuja and D. Grant, “Predicting Domain Generation Algorithms with Long Short-Term Memory Networks”, Applied Sciences, vol.9 no. 20, 2019. DOI:10.3390/app9204205.
  • W. G. J. Halfond, J. Viegas and A. Orso, “A Classification of SQL Injection Attacks and Countermeasures”, in Symposium on Secure Software Engineering (ISSSE 2006), 2006.
  • Akamai Research, “Financial Services - Hostile Takeover Attempts”, State of the internet security, vol 6, no. 1, 2020.
  • M. Jensen, N. Gruschka and N. Luttenberger, “The Impact of Flooding Attacks on Network-based Services” in Third International Conference on Availability, Reliability and Security, Barcelona, 2008, pp. 509-513.
  • B. B. Gupta and O. P. Badve, “Taxonomy of DoS and DDoS attacks and desirable defense mechanism in a Cloud computing environment”, Neural Computing and Applications, vol. 28, no.12, pp. 3655–3682, 2016.
  • McAfee Labs, “Mirai, BrickerBot, Hajime Attack a Common IoT Weakness | McAfee Blogs,” 2017. Available: https://cutt.ly/ UyxiQ9F
  • S. Kamiya, J.-K. Kang, J. Kim, A. Milidonis and R. M. Stulz, “Risk management, firm reputation, and the impact of successful cyberattacks on target firms”. Journal of Financial Economics, 2020. DOI:10.1016/j. jfineco.2019.05.019 2020.
  • M.S. Gordon, “Economic and National Security Effects of Cyber Attacks Against Small Business Communities”, ProQuest Dissertations Publishing, 2018.. Available: https://cutt.ly/WyxiRFu
  • B. Genge, I. Kiss, and P. Haller, “A system dynamics approach for - 61 - Special Issue on Artificial Intelligence and Blockchain assessing the impact of cyber attacks on critical infrastructures”, International Journal of Critical Infrastructure Protection, vol 10, pp. 3–17. 2015. DOI:10.1016/j.ijcip.2015.04.001.
  • M. A. Salitin and A. H. Zolait, “The role of User Entity Behavior Analytics to detect network attacks in real time” in 2018 International Conference on Innovation and Intelligence for Informatics, Computing, and Technologies (3ICT), 2018, pp. 1-5.
  • A. Saravanan and S. S. Bama, “A Review on Cyber Security and the Fifth Generation Cyberattacks,” Orient. J. Comput. Sci. Technol., vol. 12, no. 2, pp. 50–56, 2019.
  • IBM, “Inteligencia artificial para una ciberseguridad más inteligente - España”, 2020. Available: https://www.ibm.com/es-es/security/ artificial-intelligence.
  • INCIBE, “¿Ya tienes tu Plan de Recuperación ante Desastres?,” 2019. Available: https://www.incibe.es/protege-tu-empresa/blog/ tienes-tu-plan-recuperacion-desastres.
  • Centro de estudios EY, “Global Information Security Survey, 9 de cada 10 empresas no cuentan con el presupuesto necesario para protegerse contra los ciberataques,” 2019. Available: https://cutt.ly/YyxoqEY
  • Eleven Paths, “La importancia de la ciberseguridad en las Pymes” 2019. Available: https://empresas.blogthinkbig.com/importanciaciberseguridad-pymes/.
  • J. Mesa, “IoT Dispositivos IoT dentro de la empresa : escenarios de ataque y protección”, Red Seguridad, no.84, pp. 18–19, 2019.
  • Gartner, “Security Information and Event Management (SIEM)”,2020. Available: https://cutt.ly/yyxotmu
  • Gartner, “Magic Quadrant for Security Information and Event Management,” 2020. Available: https://cutt.ly/Zyxoiy8
  • J. Burton, I. Dubrawsky, V. Osipov, C. T. Baumrucker and M. Sweeney, “Introduction to Intrusion Detection Systems” in Guide to secure intrusion detection systems, Elsevier, 2003, pp. 1-38. Available: https:// cutt.ly/ayxooFL
  • A. Boukhamla and J. Coronel, “Cicids2017 dataset: Performance improvements and validation as a robust intrusion detection system testbed”, International Journal of Information and Computer Security, 2018.
  • H. Holm, “Signature based intrusion detection for zero-day attacks: (not) a closed chapter?” in 2014 47th Hawaii International Conference on System Sciences, HICSS, IEEE Computer Society, 2014, pp. 4895-4904, 2014.
  • V. Jyothsna, “A Review of Anomaly based Intrusion Detection Systems”, International Journal of Computer Applications, no.28 , pp.26-35, 2011.
  • N. D. Pantoja, S. A. Donado and K. M. Villalba, “Selección de indicadores para la implementación de un IDS en pymes”, RISTI, no. E27, pp. 777– 786, 2019.
  • J. Waite, “Security Tools for the SMB and SME Segments”, SANS Institute Information Security Reading Room, 2017.
  • O. Elezaj, S. Y. Yayilgan, M. Abomhara, P. Yeng, and J. Ahmed, “Datadriven intrusion detection system for small and medium enterprises,” in IEEE Int. Work. Comput. Aided Model. Des. Commun. Links Networks, CAMAD, pp. 1–7, 2019.
  • N. Vakakis, O. Nikolis, D. Ioannidis, K. Votis, and D. Tzovaras, “Cybersecurity in SMEs: The smart-home/office use case”, 2019 IEEE 24th Int. Work. Comput. Aided Model. Des. Commun. Links Networks, CAMAD, pp. 1–7, 2019.
  • I. Moles, “Ancert: aplicación de técnicas de machine learning a la seguridad”, Repositorio institucional (O2), 2018. Available:http:// hdl.handle.net/10609/88925
  • Irvine, “KDD Cup 1999 Data,” 1999. Available:http://kdd.ics. uci.edu/databases/kddcup99/kddcup99.html.
  • J. M. Rodriguez, “Aplicación de técnicas de Machine Learning a la detección de ataques”, Repositorio institucional (O2), 2018. Available: http://hdl.handle.net/10609/81126
  • J. Dheeraj and S. Gurubharan, “DDoS Mitigation Using Blockchain”, Int. J. Res. Eng. Sci. Manag., vol. 1, no. 10, pp. 622–626, 2018.
  • P. Aaby, “Evaluating Web App Datasets towards Detection of SQL Injection Attacks with Machine Learning Techniques”, 2016. Available: https://cutt.ly/fyxosIm
  • C. R. Raïssi, J. Brissaud, G. Dray, P. Poncelet, M. Roche and M. Teisseire, “Web Analyzing Traffic Challenge: Description and Results”, in The 18th european conference on machine learning and The 11th european conference on principles and practice of knowledge discovery in databases, 2007, pp.47-52.
  • A. Joshi and V. Geetha, “SQL Injection detection using machine learning” in 2014 Int. Conf. Control. Instrumentation, Commun. Comput. Technol. ICCICCT, 2014, pp. 1111-1115.
  • M. Hasan, Z. Balbahaith and M. Tarique, “Detection of SQL Injection Attacks: A Machine Learning Approach” in 2019 Int. Conf. Electr. Comput. Technol. Appl. ICECTA, 2019, pp.1-6.
  • M. A. Mohd Yunus, M. Zainulariff Brohan, N. M. Nawi, E. S. Mat Surin, N. Azwani Md Najib and C. W. Liang, “Review of SQL Injection : Problems and Prevention”, JOIV Int. J. Informatics Vis., vol. 2, no. 3–2, p. 215, 2018.
  • M. Tmiezh, “A Framework for securing web applications against injection attacks using Blockchain technology”, 2018,. Available: http:// scholar.ppu.edu/handle/123456789/935.
  • OSINT, “Feeds from Bambenek Consulting,” 2019. Available:https://osint.bambenekconsulting.com/feeds/.
  • S. Hochreiter and J. Schmidhuber, “Long Short-Term Memory”, Neural Comput., vol. 9, no. 8, pp. 1735–1780, 1997.
  • F. Bisio, S. Saeli, P. Lombardo, D. Bernardi, A. Perotti and D. Massa, “Real-time behavioral DGA detection through machine learning” in Proc. - Int. Carnahan Conf. Secur. Technol., 2017, pp. 1–6.
  • Deloitte, “Pasos a seguir ante un ataque informático”, 2020. Available: https://www2.deloitte.com/es/es/pages/legal/articles/Pasos-aseguir-ante-un-ataque-informatico.html.
  • Deloitte, “Los riesgos ocultos de un ciberataque,” 2020. Available: https://www2.deloitte.com/es/es/pages/governance-riskand-compliance/articles/los-riesgos-ocultos-de-un-ciberataque.html.
  • Red Hat, “Manual de seguridad: Detección de intrusos,” 2005. Available: http://web.mit.edu/rhel-doc/4/RH-DOCS/rhel-sg-es-4/chdetection.html.
  • P. Cichonski, “Computer Security Incident Handling Guide : Recommendations of the National Institute of Standards and Technology”, NIST Spec. Publ., vol. 800–61, p. 79, 2012.
  • Bluegrass Group, “Containment,” 2020. Available: http:// cybersecurityawareness.uk/recover/containment/.
  • Kaspersky, “Incident Response Guide Contents,” 2017. Available:https://cutt.ly/5yxojnV
  • Inforges, “CiberSOC: Gestión y monitorización de la seguridad informática en las empresas - Inforges”, 2019. Available: https:// cutt.ly/ByxovlC
  • Forcepoint, “What is Deception Technology? Deception Technology Defined and Explored” 2019. Available: https://www.forcepoint. com/cyber-edu/deception-technology.
  • K. Kurra, B. Panda, W. N. Li, and Y. Hu, “An agent based approach to perform damage assessment and recovery efficiently after a cyberattack to ensure E-government database security” in Proc. Annu. 2015 48th Hawaii Int. Conf. Syst. Sci., pp. 2272–2279, 2015.
Fuente de los datos: Dialnet