J. Cybersecur. Priv., Volume 3, Issue 1 (March 2023) – 7 articles

Session-replay bots are believed to be the latest and most sophisticated generation of web bots, and they are also very difficult to defend against. Combating session-replay bots is particularly challenging in online domains that are repeatedly visited by the same genuine human user(s) in the same or similar ways—such as news, banking or gaming sites. In such domains, it is difficult to determine whether two look-alike sessions are produced by the same human user or if these sessions are just bot-generated session replays. Unfortunately, to date, only a handful of research studies have looked at the problem of session-replay bots, with many related questions still waiting to be addressed. The main contributions of this paper are two-fold: (1) We introduce and provide to the public a novel real-world mouse dynamics dataset named ReMouse. The ReMouse dataset is collected in a guided environment, and, unlike other publicly available mouse dynamics datasets, it contains repeat sessions generated by the same human user(s). As such, the ReMouse dataset is the first of its kind and is of particular relevance for studies on the development of effective defenses against session-replay bots. (2) Our own analysis of ReMouse dataset using statistical and advanced ML-based methods (including deep and unsupervised neural learning) shows that two different human users cannot generate the same or similar-looking sessions when performing the same or a similar online task; furthermore, even the (repeat) sessions generated by the same human user are sufficiently distinguishable from one another. Full article

The security of IoT-based digital solutions is a critical concern in the adoption of Industry 4.0 technologies. These solutions are increasingly being used to support the interoperability of critical infrastructure, such as in the water and energy sectors, and their security is essential to ensure the continued reliability and integrity of these systems. However, as our research demonstrates, many digital solutions still lack basic security mechanisms and are vulnerable to attacks that can compromise their functionality. In this paper, we examine the security risks associated with IoT-based digital solutions for critical infrastructure in the water sector, and refer to a set of good practices for ensuring their security. In particular, we analyze the risks associated with digital solutions not directly connected with the IT system of a water utility. We show that they can still be leveraged by attackers to trick operators into making wrong operational decisions. Full article

Knowledge of possible cyber threats as well as awareness of appropriate security measures plays a crucial role in the ability of individuals to not only discriminate between an innocuous versus a dangerous cyber event, but more importantly to initiate appropriate cybersecurity behaviors. The purpose of this study was to construct a Cybersecurity Awareness INventory (CAIN) to be used as an instrument to assess users’ cybersecurity knowledge by providing a proficiency score that could be correlated with cyber security behaviors. A scale consisting of 46 items was derived from ISO/IEC 27032. The questionnaire was administered to a sample of college students (N = 277). Based on cybersecurity behaviors reported to the research team by the college’s IT department, each participant was divided into three groups according to the risk reports they received in the past nine months (no risk, low risk, and medium risk). The ANOVA results showed a statistically significant difference in CAIN scores between those in the no risk and medium-risk groups; as expected, CAIN scores were lower in the medium-risk group. The CAIN has the potential to be a useful assessment tool for cyber training programs as well as future studies investigating individuals’ vulnerability to cyberthreats. Full article

Homomorphic encryption enables secure cloud computing over the complete data lifecycle. As so-called in-use encryption methodology, it allows using encrypted data for, e.g., data analysis—in contrast to classic encryption methods. In-use encryption enables new ways of value creation and an extensive use of cloud computing for manufacturing companies. However, homomorphic encryption is not widely implemented in practice yet. This is mainly since homomorphic encryption has higher computation times and is limited regarding its calculation operations. Nevertheless, for some use cases, the security requirements are a lot stricter than, e.g., timeliness requirements. Thus, homomorphic encryption might be beneficial. This paper, therefore, analyzes the potential of homomorphic encryption for cloud computing in manufacturing. First, the potential and limitations for both classic and homomorphic encryption are presented on the basis of a literature review. Second, to validate the limitations, simulations are executed, comparing the computation time and data transfer of classic and homomorphic encryption. The results show that homomorphic encryption is a tradeoff of security, time, and cost, which highly depends on the use case. Therefore, third, manufacturing use cases are identified; the two use cases of predictive maintenance and contract manufacturing are presented in detail, demonstrating how homomorphic encryption can be beneficial. Full article

Instilling good privacy practices to developers and users appears to be a difficult and daunting task. The World Wide Web encompasses a panspermia of different technologies, commercial and open source apis, evolving security standards and protocols that can be deployed towards the implementation of complex, powerful, web applications. At the same time, the proliferation of applications and services on all types of devices has also increased the attack surface for privacy threats. In this paper, we present the Privacy Flag Observatory, a platform which is one of the main tools produced by the Privacy Flag eu funded research project. The goal of this initiative is to raise awareness among European citizens of the potential privacy threats that beset the software and services they trust and use every day, including websites and smartphone applications. The Privacy Flag Observatory is one of the components that contributed to a large extent, to the success of the project’s goals. It is a real-time security and privacy threat monitoring platform whose aim is to collect, archive, analyze and present security and privacy-related information to the broader public as well as experts. Although the platform relies on crowdsourcing information gathering strategies and interacts with several other components installed on users’ devices or remote servers and databases, in this paper, we focus on the observatory platform referring only cursorily to other components such as the mobile phone add-on. Full article

Banking malware are malicious programs that attempt to steal confidential information, such as banking authentication credentials, from users. Zeus is one of the most widespread banking malware variants ever discovered. Since the Zeus source code was leaked, many other variants of Zeus have emerged, and tools such as anti-malware programs exist that can detect Zeus; however, these have limitations. Anti-malware programs need to be regularly updated to recognise Zeus, and the signatures or patterns can only be made available when the malware has been seen. This limits the capability of these anti-malware products because they are unable to detect unseen malware variants, and furthermore, malicious users are developing malware that seeks to evade signature-based anti-malware programs. In this paper, a methodology is proposed for detecting Zeus malware network traffic flows by using machine learning (ML) binary classification algorithms. This research explores and compares several ML algorithms to determine the algorithm best suited for this problem and then uses these algorithms to conduct further experiments to determine the minimum number of features that could be used for detecting the Zeus malware. This research also explores the suitability of these features when used to detect both older and newer versions of Zeus as well as when used to detect additional variants of the Zeus malware. This will help researchers understand which network flow features could be used for detecting Zeus and whether these features will work across multiple versions and variants of the Zeus malware. Full article