Cybersecurity Snapshot: Google, Twitter, and Other Online Databases

  • Authors

    • Bharat S Rawal PENN STATE ABINGTON
    • Gabrielle Eberhardt PENN STATE ABINGTON
    • Jaein Lee PENN STATE ABINGTON
    2016-05-22
    https://doi.org/10.14419/jacst.v5i1.6181
  • Cyber-Attack, Availability, Vulnerability, Mandelbug, Heisenbug.
  • Abstract

    Every day, millions of attacks are carried out on the networks and computer systems. In recent years, these numbers have increased dramatically. All it requires is one success for a hacker to gain unauthorized access and data, but for administrators, it is a constant battle to protect what is rightfully theirs. In this paper, we look into how these attacks have increased, what the studies of various databases and reports say on how and what types of data are being breached, who is breaching them, and how they are breaching the systems. Also, we propose various unconventional ways to prevent these attacks from happening in the future. Furthermore, this paper lists the top 26 bug-fix times reported in the Google Security Research Project (GSRP). This article brings to light reoccurring cyber threats, challenges associated with these threats, and emerging trends in the domain of cyber security.

  • References

    1. [1] O. H. Alhazmi and Y. K. Malaiya. Quantitative vulnerability assessment of systems software. In Proceedings of the IEEE Reliability and Maintainability Symposium (RAMS’05), pages 615–620, Alexandria, VA, USA, 2005

      [2] M. R. Lyu. Introduction. In M. R. Lyu, editor, Handbook of Software Reliability Engineering, chapter 1, pages 3–22. McGraw-Hill, 1996.

      [3] Ozment, Andy. "Improving vulnerability discovery models." Proceedings of the 2007 ACM workshop on Quality of protection. ACM, 2007.

      [4] Computer Science and Telecommunications Board. Computers at Risk: Safe Computing In the Information Age. National Academy Press, Washington, DC, 2001.

      [5] https://www.fireeye.com/cyber-map/threat-map.html accessed on 28 Nov 2015

      [6] Taylor, Robert W., Eric J. Fritsch, and John Liederbach. Digital crime and digital terrorism. Prentice Hall Press, 2014.

      [7] http://www.lyncmigration.com/news/215/10/28/8268137.html accessed on 28 Nov 2015

      [8] Weber S, Karger PA and Partaker A (2005) A software flaw taxonomy: Aiming tools at security. Software Engineering for Secure Systems (SESS’05).

      [9] Prakash, Atul, and Rudrapatna Shyamasundar, eds. Information Systems Security: 10th International Conference, ICISS 2014, Hyderabad, India, December 16-20, 2014. Proceedings. Vol. 8880. Springer, 2014.

      [10] Howard, M, LeBlanc, D and Viega, J (2005) 19 Deadly Sins of Software Security. Emeryville, C A: McGraw-Hill/Osborne.

      [11] Weber S, Karger PA, and Partaker A (2005) software flaw taxonomy: Aiming tools at security. Software Engineering for Secure Systems (SESS’05).

      [12] Dowd, M, McDonald, J and Schuh, J (2006) the Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities. Boston, MA: Addison Wesley Professional

      [13] Landwehr CE, Bull AR, McDermott JP and Choi WS (1994) A taxonomy of computer program security flaws. ACM Computer Surveys 26(3):211–254.

      [14] ISO 7498:1984 Open Systems Interconnection - Basic Reference Model.

      [15] Du, W, Mathur, AP (1998) Categorization of Software Errors that led to Security Breaches, In Proceeding of the 21st National Information Systems Security Conference (NISSC'98), Crystal City, VA.

      [16] Meunier, Pascal. "Classes of vulnerabilities and attacks." Wiley Handbook of Science and Technology for Homeland Security (2008).

      [17] S. Wagner, “Defect classification and defect types revisited,†in Proceedings of the 2008 workshop on Defects in large software systems. ACM, 2008, pp. 39–40.

      [18] R. Chillarege, I. S. Bhandari, J. K. Chaar, M. J. Halliday, D. S. Moebus, B. K. Ray, and M.-Y. Wong, “Orthogonal defect classification-a concept for in-process measurements,†Software Engineering, IEEE Transactions on, vol. 18, no. 11, pp. 943–956, 1992.

      [19] R. Chillarege and K. A. Bassin, “Software Triggers as a Function of Time - ODC on Field Faults,†in Dependable Computing and Fault-Tolerant Systems, vol. 10. IEEE Computer Society, 1995.

      [20] R. Chillarege and K. Ram Prasad, “Test and development process retrospective-a case study using ODC triggers,†in Dependable Systems and Networks (DSN), 2002. Proceedings. International Conference on. IEEE, 2002, pp. 669–678.

      [21] M. Butcher, H. Munro, and T. Kratschmer, “Improving software testing via ODC: Three case studies,†IBM Systems Journal, vol. 41, no. 1, pp. 31–44, 2002.

      [22] A. Dubey, “Towards adopting ODC in automation application development projects,†in Proceedings of the 5th India Software Engineering Conference. ACM, 2012, pp. 153–156.

      [23] http://www.experian.com/assets/data- breach/brochures/2014-ponemon-2nd-annual-preparedness.pdf

      [24] https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf

      [25] http://www.symantec.com/security_response/publications/threatreport.jsp

      [26] http://www.statisticbrain.com/Twitter-statistics/accessed January 02, 2016.

      [27] G. W. Bush. A national strategy to secure cyberspace, the office of the president. 2003.

      [28] President’s Information Technology Advisory Committee, Cyber Security: A crisis of prioritization, 2005.

      [29] The National Strategy for Homeland Security, http://www.dhs.gov/interweb/assetlibrary/nat-strat-hls.pdf, 2002.

      [30] Madan, Bharat B., and et al. "A method for modeling and quantifying the security attributes of intrusion tolerant systems." Performance Evaluation 56.1 (2004): 167-186.

      [31] Papp, Dorottya, Zhendong Ma, and Levente Buttyan. "Embedded systems security: Threats, vulnerabilities, and attack taxonomy." In Privacy, Security and Trust (PST), 2015 13th Annual Conference on, pp. 145-152. IEEE, 2015.)

      [32] Wang, Wenye, and Zhuo Lu. "Cyber security in the Smart Grid: Survey and challenges." Computer Networks 57, no. 5 (2013): 1344-1371

      [33] http://www.privacyrights.org/data-breach accessed on 01/03/2016

      [34] Issues - google-security-research - Google Security Research https://code.google.com/p/google-security research/issues/list? Can=1&num=100 (accessed March 10, 2016).

      [35] Twitter Statistics – Statistic Brain, http://www.statisticbrain.com/twitter-statistics/ (accessed March 10, 2016). Twitter Statistics – Statistic Brain, http://www.statisticbrain.com/twitter-statistics/accessed March 10, 2016.

      [36] Yang, Chao, Robert Harkreader, Jialong Zhang, Seungwon Shin, and Guofei Gu. "Analyzing spammers' social networks for fun and profit: a case study of the cybercriminal ecosystem on twitter." In Proceedings of the 21st international conference on World Wide Web, pp. 71-80. ACM, 2012.

      [37] Twitter vulnerability allows cyber criminals to spread spam. http://www.one.com/en/web-hosting-news/

      [38] Website/twitter-vulnerability-allows-/ twitter-based Botnet Command Channel.

      http://asert.arbornetworks.com/2009/08/twitter-based-botnet-command-channel/

      [39] Twitter accounts spreading malicious code. http: //www.net- security.org/malware_news.php? id=1554

      [40] KOOBFACE: Inside a Crimeware Network. http: //www.infowar-monitor.net/reports/iwm-koobface.pdf

      [41] G. Stringhini, S. Barbara, C. Kruegel, and G. Vigna. Detecting Spammers on Social Networks. In Annual Computer Security Applications Conference, 2010.

      [42] C. Yang, R. Harkreader, and G. Gu. Die Free or Live Hard? Empirical Evaluation and New Design for Fighting Evolving Twitter Spammers. In Proceedings of the 14th International Symposium on Recent Advances in Intrusion Detection (RAID’11), 2011

      [43] https://www.fireeye.com/cyber-map/threat-map.html accessed on 28 Nov 2015

      [44] http://map.norsecorp.com accessed on Jan 05, 2015.

      [45] Kalutarage, Harsha K., Siraj A. Shaikh, Indika P. Wickramasinghe, Qin Zhou, and Anne E. James. "Detecting stealthy attacks: Efficient monitoring of suspicious activities on computer networks." Computers & Electrical Engineering 47 (2015): 327-344.

      [46] Singh, Shailendra, and Sanjay Silakari. "A survey of cyber-attack detection systems." International Journal of Computer Science and Network Security 9, no. 5 (2009): 1-10.

      [47] Bharat S. Rawal, Songjie Liang, Alae Loukili, Qiang Duan. (2016). Anticipatory Cyber Security Research: An Ultimate Technique for the First-Move Advantage.TEM Journal, 5(1), 3-14.

      [48] Ralston, Patricia AS, James H. Graham, and Jefferey L. Hieb. "Cyber security risk assessment for SCADA and DCS networks." ISA transactions 46.4 (2007): 583-594.

      [49] Grottke, Michael, Allen P. Nikora, and Kishor S. Trivedi. "An empirical investigation of fault types in space mission system software." In Dependable Systems and Networks (DSN), 2010 IEEE/IFIP International Conference on, pp. 447-456. IEEE, 2010.

      [50] M. Grottke and K. S. Trivedi, Software faults, software aging and software rejuvenation, Journal of the Reliability Engineering Association of Japan 27(7):425–438, 2005.

      [51] M. Grottke and K. S. Trivedi, A classification of software faults, in Supplemental Proc. Sixteenth International Symposium on Software Reliability Engineering, 2005, pp. 4.19-4.20.

      [52] M. Grottke and K. S. Trivedi, fighting bugs: Remove, retry, replicate, and rejuvenate, IEEE Computer 40(2): 107–109, 2007.

      [53] J. Gray, Why do computers stop and what can be done a``bout it? in Proc. Fifth Symposium on Reliability in Distributed Systems,1986, pp. 3–12.

      [54] A. Avižienis, J.-C. Laprie, B. Randell, and C. Landwehr. Basic concepts and taxonomy of dependable and secure computing, IEEE Transactions on Dependable and Secure Computing 1(1):11–33, 2004.

      [55] Bharat S. Rawal, Songjie Liang, Shiva Gautam, Harsha K. Kalutarage, and Pandi Vijayakum. “Nth Order Binary Encoding with Split-protocol†Not published.

      [56] Bharat S. Rawal, Ramesh K. Karne, and Alexander L. Wijesinha. "Splitting HTTP requests on two servers." In Communication Systems and Networks (COMSNETS), 2011 Third International Conference on, pp. 1-8. IEEE, 2011.

  • Downloads

  • How to Cite

    S Rawal, B., Eberhardt, G., & Lee, J. (2016). Cybersecurity Snapshot: Google, Twitter, and Other Online Databases. Journal of Advanced Computer Science & Technology (JACST), 5(1), 14-22. https://doi.org/10.14419/jacst.v5i1.6181

    Received date: 2016-05-01

    Accepted date: 2016-05-02

    Published date: 2016-05-22