The objective of this paper is to give a comprehensive introduction to applied cryptography with an engineer or computer scientist in mind. The emphasis is on the knowledge needed to create practical systems which supports integrity, confidentiality, or authenticity. Topics covered includes an introduction to the concepts in cryptography, attacks against cryptographic systems, key use and handling, random bit generation, encryption modes, and message authentication codes. Recommendations on algorithms and further reading is given in the end of the paper. This paper should make the reader able to build, understand and evaluate system descriptions and designs based on the cryptographic components described in the paper.

[서평]「Applied Cryptography」

Purpose – Since its introduction in 2006, messages posted to the microblogging system Twitter have provided a rich dataset for researchers, leading to the publication of over a thousand academic papers. This paper aims to identify this published work and to classify it in order to understand Twitter based research.Design/methodology/approach – Firstly the papers on Twitter were identified. Secondly, following a review of the literature, a classification of the dimensions of microblogging research was established. Thirdly, papers were qualitatively classified using open coded content analysis, based on the paper's title and abstract, in order to analyze method, subject, and approach.Findings – The majority of published work relating to Twitter concentrates on aspects of the messages sent and details of the users. A variety of methodological approaches is used across a range of identified domains.Research limitations/implications – This work reviewed the abstracts of all papers available via database search...

/pdf/what-do-people-study-when-they-study-twitter-classifying-4j1bckqno7.pdf

What do people study when they study Twitter? Classifying Twitter related academic papers

Analysis of modern IS security development approaches: towards the next generation of social and adaptable ISS methods

Social media bots (automated accounts) attacks are organized crimes that pose potential threats to public opinion, democracy, public health, stock market and other disciplines. While researchers are building many models to detect social media bot accounts, attackers, on the other hand, evolve their bots to evade detection. This everlasting cat and mouse game makes this field vibrant and demands continuous development. To guide and enhance future solutions, this work provides an overview of social media bots attacks, current detection methods and challenges in this area. To the best of our knowledge, this paper is the first systematic review based on a predefined search strategy, which includes literature concerned about social media bots detection methods, published between 2010 and 2019. The results of this review include a refined taxonomy of detection methods, a highlight of the techniques used to detect bots in social media and a comparison between current detection methods. Some of the gaps identified by this work are: the literature mostly focus on Twitter platform only and rarely use methods other than supervised machine learning, most of the public datasets are not accurate or large enough, integrated systems and real-time detection are required, and efforts to spread awareness are needed to arm legitimate users with knowledge.

Detection of Bots in Social Media: A Systematic Review

The use of covert-channel methods to bypass security policies has increased considerably in the recent years. Malicious users neutralize security restriction by encapsulating protocols like peer-to-peer, chat or http proxy into other allowed protocols like Domain Name Server DNS or HTTP. This paper illustrates a machine learning approach to detect one particular covert-channel technique: DNS tunneling.

DNS tunneling detection through statistical fingerprints of protocol messages and machine learning

The Command and Control communication of a botnet is evolving into sophisticated covert communication. Techniques as encryption, steganography, and recently the use of social network websites as a proxy, impede conventional detection of botnet communication. In this paper we propose detection of covert communication by passive host-external analysis of causal relationships between traffic flows and prior traffic or user activity. Identifying the direct causes of traffic flows, allows for real-time bot detection with a low exposure to malware, and offline forensic analysis of traffic. The proposed causal analysis of traffic is experimentally evaluated by a self-developed tool called CITRIC with various types of real Command and Control traffic.

Detection of Covert Botnet Command and Control Channels by Causal Analysis of Traffic Flows

A new generation of botnets abuses popular social media like Twitter, Facebook, and Youtube as Command and Control channel This challenges the detection of Command and Control traffic, because traditional IDS approaches, based on statistical flow anomalies, protocol anomalies, payload signatures, and server blacklists, do not work in this case In this paper we introduce a new detection mechanism that measures the causal relationship between network traffic and human activity, like mouse clicks or keyboard strokes Communication with social media that is not assignably caused by human activity, is classified as anomalous We explore both theoretically and experimentally this detection mechanism by a case study, with Twittercom as a Command and Control channel, and demonstrate successful real time detection of botnet Command and Control traffic

Towards detection of botnet communication through social media by monitoring user activity

Refereed paper: IT security in Dutch practice

Malicious botnets threaten the Internet by DDoS-attacks, spam, information theft and other criminal activities. They are using increasingly sophisticated techniques to hide the Command and Control traffic. Many existing detection techniques can be defeated by encryption, tunneling in popular protocols, delays, and flow perturbation. We introduce a new DNS-based detection approach, that detects botnet collusion by anomalies in the degree distribution of visited domains, without any assumption about message content and statistical properties of the traffic. The proposed technique is difficult to evade, without major changes in the bot Command and Control Infrastructure or reduced utility. We evaluate evasion possibilities, derive a theoretical model of the detector performance and test the detector with a combination of captured Internet traffic and simulated botnet-traffic.

Detection of botnet collusion by degree distribution of domains

Many organisations use risk analysis to analyse the vulnerability of their information technology. However, the majority of existing risk analysis methods and tools cannot deal adequately with the variable complex of measures against Internet threats, depending on Internet services rather than installed equipment or information systems. This paper describes a structured approach of a limited risk analysis on an Internet connection, in order to assess the threats which will be encountered if the organisation decides to connect to the Internet, and to determine which measures are necessary to protect against the relevant threats. This is useful in both the design phase for selecting a suitable set of security measures, as well as the testing phase to audit the adequacy of a chosen set of measures.

/pdf/risk-analysis-on-internet-connection-4f5njoxobf.pdf

Marcel E. M. Spruit

Papers

Detection of Covert Botnet Command and Control Channels by Causal Analysis of Traffic Flows

Towards detection of botnet communication through social media by monitoring user activity

Refereed paper: IT security in Dutch practice

Detection of botnet collusion by degree distribution of domains

Risk analysis on Internet connection