Abstract
Despite the increasing evolution of the cyber environment, enterprises seem to find it challenging to identify a solution to create an effective defensive posture. As the cyber phenomenon becomes a fundamental part of our society, it is essential to identify adaptive methods to increase the worldwide defensive condition in the most effective manner possible. A decade ago, it was not possible to imagine today’s cyber-threat landscape. Cybercriminals have adapted their methods to circumvent traditional defences and hide undetected on systems for months or even years. There are different reasons for such attacks, and understanding the psychology of attacks are essential. Therefore, enterprise security also needs to be adapted with an intelligence, multi-layered approach to IT security. This paper surveys the latest research on the foundation of Adaptive Enterprise Security (AEC). To this end, it discusses potential security policies and strategies that are easy to develop, are established, and have a major effect on an enterprise’s security practices. These policies and strategies can then efficiently be applied to an enterprise’s cyber policies for the purposes of enhancing security and defence. Moreover, it will take into briefly discuss the need for a thorough understanding of human factors and psychology of attacks. The study also discusses various adaptive security measures that enterprises can adopt to continue with securing their network and cyber environments. To this end, the paper continues to survey and analyse the effectiveness of some of the latest adaptation techniques deployed to secure these network and cyber environments.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Aagedal, J. O., Den Braber, F., Dimitrakos, T., Gran, B. A., Raptis, D., & Stolen, K. (2002). Model-based risk assessment to improve enterprise security. In The 6th International Conference on Enterprise Distributed Object Computing (pp. 51–62).
Anderson, B., & McGrew, D. (2017). OS fingerprinting: New techniques and a study of information gain and obfuscation. Cisco Systems, Inc. arXiv preprint arXiv: 1706.08003.
Apostolaki, M., Zohar, A., & Vanbever, L. (2017). Hijacking bitcoin: Routing attacks on cryptocurrencies. In IEEE Symposium on Security and Privacy (SP) (pp. 375–392).
Bada, M., Creese, S., Goldsmith, M., Mitchell, C., & Phillips, E. (2014). Computer security incident response teams (CSIRTs) an overview. Global Cyber Security Capacity Centre (pp.1–23).
Chen, B., Peng, X., Yu, Y., Nuseibeh, B., & Zhao, W. (2014). Self-adaptation through incremental generative model transformations at runtime. In The 36th International Conference on Software Engineering (pp. 676–687).
Cheswick, W. R., Bellovin, S. M., & Rubin, A. D. (2003). Firewalls and Internet security: Repelling the Wily Hacker (2nd ed.). London: Addison-Wesley Longman Publishing.
Cybenko, G., Jajodia, S., Wellman, M. P., & Liu, P. (2014). Adversarial and uncertain reasoning for adaptive cyber defense: Building the scientific foundation. In International Conference on Information Systems Security (pp. 1–8). Cham: Springer.
DeBruhl, B., & Tague, P. (2014). Keeping up with the jammers: Observe-and-adapt algorithms for studying mutually adaptive opponents. Pervasive and Mobile Computing, 12, 244–257.
De Castro, L. N., & Timmis, J. (2002). Artificial immune systems: A new computational intelligence approach. London: Springer Science & Business Media.
Durumeric, Z., Ma, Z., Springall, D., Barnes, R., Sullivan, N., Bursztein, E., Bailey, M., Halderman, J. A., & Paxson, V. (2017). The security impact of HTTPS interception. In Symposium (NDSS’17) on Network and Distributed Systems (pp.1–14).
Elkhodary, A., & Whittle, J. (2007). A survey of approaches to adaptive application security. In International Workshop on Software Engineering for Adaptive and Self-Managing Systems (p. 16).
ENISA, Symantec Inc., Landitd Ltd. (2009). Good practice guide network security information exchanges (Special Publication (ENISA) – Rev. 1).
Formby, D., Srinivasan, P., Leonard, A., Rogers, J., & Beyah, R. A. (2016). Who’s in control of your control system? Device fingerprinting for cyber-physical systems (NDSS).
Geer, D., Bace, R., Gutmann, P., Metzger, P., Pfleeger, C., Querterman, J., & Scheier, B. (2003). CyberInsecurity: The cost of monopoly-how the dominance of microsoft’s products poses a risk to security. Washington, DC: Computer and Communications Industry Association.
Godin, A. (2017). Using COIN doctrine to improve cyber security policies. Available at: https://www.sans.org/reading-room/whitepapers/policyissues/coin-doctrine-improve-cyber-security-policies-37557. Accessed August 26, 2017.
Greenwald, L. G., & Thomas, T. J. (2007). Toward undetected operating system fingerprinting. In USENIX Workshop on Offensive Technologies (WOOT) (pp. 1–10)
HackerWarehouse. (2017). MiniPwner penetration testing toolbox. Available at: http://hackerwarehouse.com/product/minipwner/. Accessed 28th Aug 2017.
Haley, C., Laney, R., Moffett, J., & Nuseibeh, B. (2008). Security requirements engineering: A framework for representation and analysis. IEEE Transactions on Software Engineering, 34(1), 133–153.
Hosseinpournajarkolaei, A., Jahankhani, H., & Hosseinian-Far, A. (2014). Vulnerability considerations for power line communication’s supervisory control and data acquisition. International Journal of Electronic Security and Digital Forensics, Inderscience, 6(2), 104–114.
Husák, M., Cermák, M., Jirsík, T., & Celeda, P. (2015). Network-based HTTPS client identification using SSL/TLS fingerprinting. In 2015 10th International Conference on Availability, Reliability and Security (ARES) (pp. 389-396).
Jahankhani, H., & Hosseinian-Far, A. (2017). Challenges of cloud forensics. In V. Chang et al. (Eds.), Enterprise security (pp. 1–18). Cham: Springer.
Jahankhani, H., & Hosseinian-Far, A. (2014). Digital forensics education, training, and awareness. In Cyber crime and cyber terrorism investigator’s handbook (Vol. 1, pp. 91–100). Waltham: Elsevier.
Jahankhani, H., Al-Nemrat, A., & Hosseinian-Far, A. (2014). Cyber crime classification and characteristics. In Cyber crime and cyber terrorism investigator’s handbook (Vol. 1, pp.149–164). Massachusetts: Elsevier.
Jajodia, S., Ghosh, A. K., Swarup, V., Wang, C., & Wang, X. S. (2011). Moving target defense: Creating asymmetric uncertainty for cyber threats (Vol. 54). New York: Springer Science & Business Media.
Jajodia, S., Ghosh, A. K., Subrahmanian, V. S., Swarup, V., Wang, C., & Wang, X. S. (2012). Moving target defense II: Application of game theory and adversarial modeling (Vol. 100). New York: Springer Science & Business Media.
Janssen, M., & Kuk, G. (2006). A complex adaptive system perspective of enterprise architecture in electronic government. In The 39th Annual Hawaii International Conference on System Sciences (Vol. 4, pp. 71b–71b).
Jones, M. T. (2015). Artificial intelligence: A systems approach. Massachusetts: Jones & Bartlett Learning.
Kaspersky Lab. (2016). Kaspersky security solutions for enterprise: Securing the enterprise. Available at: http://media.kaspersky.com/pdf/b2b/. Accessed August 15, 2017.
Knowles, W., Prince, D., Hutchison, D., Disso, J. F. P., & Jones, K. (2015). A survey of cyber security management in industrial control systems. International Journal of Critical Infrastructure Protection, 9, 52–80.
Kohno, T., Broido, A., & Claffy, K. C. (2005). Remote physical device fingerprinting. IEEE Transactions on Dependable and Secure Computing, 2(2), 93–108.
Lamsweerde, A. V. (2004). Elaborating security requirements by construction of intentional anti-models. In 26th International Conference on Software Engineering (pp. 148–157).
Lei, C., Zhang, H. Q., Ma, D. H., & Yang, Y. J. (2017). Network moving target defense technique based on self-adaptive end-point hopping. Arabian Journal for Science and Engineering, 42, 1–14.
Lippmann, R., Fried, D., Piwowarski, K., & Streilein, W. (2003). Passive operating system identification from TCP/IP packet headers. In IEEE Workshop on Data Mining for Computer Security (pp. 40–49).
Ludlow, P. (2013). What is a ‘Hacktivist’? NYTimes. Available at: https://opinionator.blogs.nytimes.com/2013/01/13/what-is-a-hacktivist/.
MacDonald, N., & Firstbrook, P. (2014). Designing an adaptive security architecture for protection from advanced attacks. Available at: https://www.gartner.com/doc/2665515/designing-adaptive-security-architecture-protection. Accessed August 14, 2017.
Markmann, C., Darkow, I. L., & von der Gracht, H. (2013). A Delphi-based risk analysis? Identifying and assessing future challenges for supply chain security in a multi-stakeholder environment. Technological Forecasting and Social Change, 80(9), 1815–1833.
McAlaney, J., Thackray, H., & Taylor, A. (2016). The social psychology of cybersecurity. The British Psychological Society, 29, 686–689.
Michie, S., van Stralen, M. M., & West, R. (2003). The behaviour change wheel: A new method for characterising and designing behaviour change interventions. Implementation Science, 6(42).
Moffett, J., & Nuseibeh, A. (2003). A framework for security requirements engineering. Report-University of York, Department of Computer Science YCS (pp. 1–30).
Mowery, K., Bogenreif, D., Yilek, S., & Shacham, H. (2011). Fingerprinting information in javascript implementations. In Proceedings of W2SP (pp.180–193).
Nagurney, A., Daniele, P., & Shukla, S. (2017). A supply chain network game theory model of cybersecurity investments with nonlinear budget constraints. Annals of Operations Research, 248(1–2), 405–427. IGI Global.
NCSC. (2017). The National Cyber Security Centre: A part of GCHQ. Available at: https://www.ncsc.gov.uk/. Accessed August 28, 2017.
Nhlabatsi, A., Nuseibeh, B., & Yu, Y. (2012). Security requirements engineering for evolving software systems: A survey. In K. M. Khan (Ed.), Security-aware systems applications and software development methods (pp. 108–128). Hershey: IGI Global.
PA Consulting Group (PACG). (2015a). Security for industrial control systems – Improve awareness and skills: A good practice guide (PACG Special Publication).
PA Consulting Group (PACG). (2015b). Security for industrial control systems: Improve awareness and skills – A good practice guide (Special Publication (CPNI), Rev. 1).
Pasquale, L., Ghezzi, C., Menghi, C., Tsigkanos, C., & Nuseibeh, B. (2014). Topology aware adaptive security. In The 9th International Symposium on Software Engineering for Adaptive and Self-Managing Systems (pp. 43–48).
Peltier, T. (2016). Information security policies, procedures, and standards: Guidelines for effective information security management. CRC Press.
Salehie, M., Pasquale, L., Omoronyia, I., Ali, R., & Nuseibeh, B. (2012). Requirements-driven adaptive security: Protecting variable assets at runtime. In 20th IEEE International Conference on Requirements Engineering (pp.111–120).
Shu, G., & Lee, D. (2006). Network protocol system fingerprinting – A formal approach. In 25th IEEE International Conference on Computer Communications (pp. 1–12).
Spitzner, I. (2008). Know your enemy: Passive fingerprinting. Available at: https://www.honeynet.org/papers/finger. Accessed August 23, 2017.
Stoneburner, G., Goguen, A., & Feringa, A. (2002). Risk management guide for information technology systems and underlying technical models for information technology security. Pennsylvania: Diane Publishing Company.
Stouffer, K., Pillitteri, V., Lightman, S., Abrams, M., & Hahn, A. (2015). Guide to industrial control systems (ICS) security (Special Publication (NIST SP)-800-82 Rev 2).
Sun, K., & Jajodia, S. (2014). Protecting enterprise networks through attack surface expansion. In ACM Workshop on Cyber Security Analytics, Intelligence and Automation, 2014 (pp. 29–32).
Symantec Inc and Landitd Ltd. (2009). Good practice guide network security information exchanges.
Tague, P. (2017). Inference-based adaptation techniques for next generation jamming and anti-jamming capabilities. Available at: https://www.cylab.cmu.edu/research/projects/2013/inference-based-adaptation-jamming.html. Accessed August 27, 2017.
Tyagi, R., Paul, T., Manoj, B. S., & Thanudas, B. (2015). Packet inspection for unauthorized OS detection in enterprises. IEEE Security & Privacy, 13(4), 60–65.
US-CERT. (2017). Information sharing specifications for cybersecurity. Available at: https://www.us-cert.gov/Information-Sharing-Specifications-Cybersecurity?. Accessed August 24, 2017.
Vectra. (2016). How vectra enables the implementation of an adaptive security architecture. Available at: https://info.vectranetworks.com/hubfs/how-vectra-enables-the-implementation-of-an-adaptive-security-architecture.pdf?t=1487862985000. Accessed August 28, 2017.
Virvilis, N., & Gritzalis, D. (2013). The big four-what we did wrong in advanced persistent threat detection. In 8th International Conference on Availability, Reliability and Security (ARES) (pp. 248–254).
Wang, L., & Wu, D. (2016). Moving target defense against network reconnaissance with software defined networking. In International Conference on Information Security (pp. 203–217).
Wei, W., Suh, K., Wang, B., Gu, Y., Kurose, J., & Towsley, D. (2007). Passive online rogue access point detection using sequential hypothesis testing with TCP ACK-pairs. In 7th ACM SIGCOMM Conference on Internet Measurement (pp. 365–378).
Weise, J. (2008). Designing an adaptive security architecture (pp.1–18). Sun Global Systems Engineering Security Office.
Wilk, J. (1999). Mind, nature and emerging science of change: An introduction to metamorphology. In G. C. Cornelis (Ed.), Metadebates on science (Vol. 24, pp. 71–87). Dordrecht: Springer Netherlands.
Wilkinson, M. (2006). Designing an ‘adaptive’ enterprise architecture. BT Technology Journal, 24(4), 81–92.
Xu, H., & Chapin, S. J. (2009). Address-space layout randomization using code islands. Journal of Computer Security, 17(3), 331–362.
Zalewski, M. (2014). p0f – Passive OS fingerprinting tool. Available at: http://lcamtuf.coredump.cx/p0f3/. Accessed August 16, 2017.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Montasari, R., Hosseinian-Far, A., Hill, R. (2018). Policies, Innovative Self-Adaptive Techniques and Understanding Psychology of Cybersecurity to Counter Adversarial Attacks in Network and Cyber Environments. In: Jahankhani, H. (eds) Cyber Criminology. Advanced Sciences and Technologies for Security Applications. Springer, Cham. https://doi.org/10.1007/978-3-319-97181-0_4
Download citation
DOI: https://doi.org/10.1007/978-3-319-97181-0_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-97180-3
Online ISBN: 978-3-319-97181-0
eBook Packages: Law and CriminologyLaw and Criminology (R0)