Wednesday, May 6, 2020
Academic Writing and Research Skills
Questions: 1) Use your notes to conduct a critical review of literature in the selected papers. 2) What do you understand by referencing and what are its different styles? Answers: 1. Deception and denial as a tool for cyber defense: Day by day as the cyber attack techniques are getting evolved and modernized, the traditional methods for preventing those attacks became inadequate. In the modern cyber attack scenario, the denial and deception are used to prevent the attacks. In the present day scenario this methodology is gaining momentum to secure the organizational networks (Heckman et al., 2015). The deception is used as a proactive cyber security approach to safeguard a particular computer network. As the signature based security mechanisms are failing in preventing and mitigating the modern Zero day attacks. Most of the cyber attackers, work on the assumption, that the visible network infrastructure is real, and the deception technology takes advantage of this assumptions by the attackers. Carefully outlined traps to pull in assailants while they are penetrating the network and in a flash recognize those attacks (Hsu, Marinucci Voas, 2015). Therefore, the intruders find the physical resources inaccessible by compromising the control system of the network. On the other hand, denial is considered as another effective tool to prevent the intrusion attacks. For this, the adversaries create condition like the denial of service. In this kind of situation, the network is flooded with excessive failed access attempts. This cyber attack prevention mechanism is implemented by the combined efforts of denial and deception planners, analysts, security operators (Heckman et al., 2013). The steps in implementing a Deception and Denial plan include the development of cover story which includes the selection of the information that is going to create the honey pots for the attacker. After that, the whole plan is executed by the security operators. Honeypots are intended to be assaulted to empower information gathering about the intruders/hackers practices and methods, and to uncover vulnerable services provided by the network. Honey pots are ordinarily sorted as high interaction and low interaction. Low interaction honey pots copy the services where the level of copying incorporated with the administrations decides the level of interaction with the honey pot by the intruder or attacker (Heckman et al., 2015). High interaction honey pots give a genuine working operating system intended to react intuitively with the attackers. Use of honey pots: Honey pots are genuine machines with false systems, for example, virtualization and system monitoring apparatuses, made to trick intruders into supposing they have compromised a worthless system, lessening the number of intrusion or attacks on a genuine and valuable system. Honey tokens are another deceptive security approach. Honey tokens are made of files such as records containing false data, an email address related with a non-existent individual or fake movement to recognizing eavesdropping in unknown and anonymous communication systems (Almeshekah Spafford, 2014). This honey tokens are not able to prevent the intrusion attacks, but is able to detect the intrusion in the early phases. In the year 2012, the MITRE Corporation performed a cyber-war game to check the effectiveness of the denial and deception tradecraft in securing an organizational cyber space. The cyber war game was intended to test a dynamic organizational network resistance digital security platform being researched and invented in The MITRE Corporation's Innovation Program called Blackjack, and to examine the utility of utilizing denial and deception method to upgrade the security of data in control and command systems (Hsu, Marinucci Voas, 2015). Figure 1: Architecture of CND based defense mechanism (Source: Heckman et al., 2013, pp-74) Blackjack utilized a rules engine to apply policies to each HTTP request coming in the organizational network with a specific end goal to direct the response to client requests called Intellect, which is domain specific language and rules engine developed in Python programming language. According to Bogatinov et al. (2015), the user requests are processed depending upon the proxy configuration and digital certificates of the users. Ant based approach: Another approach for securing the networks is, MTD (Moving target defense). This mechanism is applied to the already defended systems or networks. According to Hsu, Marinucci Voas (2015) this approach uses shuffling of the configurations of network equipments (like routers, switches), remapping of the address space is used to secure the network (Fink et al., 2014). In this way, an IP address targeted by the attackers does not always is assigned to a specific computer/ workstation. In order to implement this kind of security mechanism administrators depends on the ant based cyber defense approach. This approach is a flexible resistance mechanism that removes the chances of intruders ability to depend on prior knowledge, without any significant change in the secured network. 2. Referencing: While writing an academic paper, we refer to the information to another source. This source can be other authors theories, quotes and views in their own reports and journals (Wingate, 2012). Whenever we use those sources, we have to acknowledge those sources in our academic report or journal. Acknowledging the sources in the academic writing is known as referencing. Different styles of referencing: The following table describes different types of referencing styles used by different universities and organization for acknowledging the source of information. Referencing Style Organization Special features Application APA American psychological Association Author name and date used to in text. Social and behavioral sciences, anthropology and psychology. Harvard Harvard University Author name and date used to in text. Business studies, natural and social sciences. Chicago University of Chicago press Have flexible guidelines for the headings. Author, date and note used to in text (Turabian, 2013). Social, biological and physical sciences. IEEE Institute for Electronics Electrical Engineers Name of the journal or report on italics, authors first and last name is used. Electrical engineering studies and Electronics. MLA Modern Languages association of America Author and page number of the report or journal is used to in text. Modern day literature, humanities and other subjects and fields. Vancouver Proposed in a meeting in Vancouver Number for each source is used for in text (Wingate Tribble, 2012). Mostly in Medical sciences and humanities. References Almeshekah, M. H., Spafford, E. H. (2014, September). Planning and integrating deception into computer security defenses. InProceedings of the 2014 workshop on New Security Paradigms Workshop(pp. 127-138). ACM. Bogatinov, D., Bogdanoski, M., Angelevski, S. (2015). AI-Based Cyber Defense for More Secure Cyberspace. Fink, G. A., Haack, J. N., McKinnon, A. D., Fulp, E. W. (2014). Defense on the move: ant-based cyber defense.IEEE Security Privacy,12(2), 36-43. Heckman, K. E., Stech, F. J., Schmoker, B. S., Thomas, R. K. (2015). Denial and Deception in Cyber Defense.Computer,48(4), 36-44. Heckman, K. E., Walsh, M. J., Stech, F. J., O'boyle, T. A., DiCato, S. R., Herber, A. F. (2013). Active cyber defense with denial and deception: A cyber-wargame experiment.Computers Security,37, 72-77. Hsu, D. F., Marinucci, D., Voas, J. M. (2015). Cybersecurity: Toward a Secure and Sustainable Cyber Ecosystem.Computer,48(4), 12-14. Turabian, K. L. (2013).A manual for writers of research papers, theses, and dissertations: Chicago style for students and researchers. University of Chicago Press. Wingate, U. (2012). Using academic literacies and genre-based models for academic writing instruction: A literacyjourney.Journal of English for Academic Purposes,11(1), 26-37. Wingate, U., Tribble, C. (2012). The best of both worlds? Towards an English for Academic Purposes/Academic Literacies writing pedagogy.Studies in Higher Education,37(4), 481-495.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment