Go home now Header Background Image
Search
Submission Procedure
share: |
Special Issues
Submission Procedure
Aims and Scope
Board of Editors
What's New
 
Follow us
 
Articles by Topics
Articles by Author
Geographical Mashup
List of Topics
 
Printed Publications
 
Volume 26 (2020)
Volume 25 (2019)
Issue 1
Issue 2
Issue 3
Issue 4
Issue 5
Issue 6
Issue 7
Issue 8
Issue 9
Issue 10
Issue 11
Issue 12
Issue 13
Volume 24 (2018)
Volume 23 (2017)
Volume 22 (2016)
Volume 21 (2015)
Volume 20 (2014)
Volume 19 (2013)
Volume 18 (2012)
Volume 17 (2011)
Volume 16 (2010)
Volume 15 (2009)
Volume 14 (2008)
Volume 13 (2007)
Volume 12 (2006)
Volume 11 (2005)
Volume 10 (2004)
Volume 9 (2003)
Volume 8 (2002)
Volume 7 (2001)
Volume 6 (2000)
Volume 5 (1999)
Volume 4 (1998)
Volume 3 (1997)
Volume 2 (1996)
Volume 1 (1995)
Volume 0 (1994)
 
Collection of other papers
Volume 25 / Issue 11

available in:   PDF (37 kB) PS (43 kB)
 
get:  
Similar Docs BibTeX   Write a comment
  
get:  
Links into Future

Cyberattack Detection and Response

J.UCS Special Issue

Jörg Keller
(Faculty of Mathematics and Computer Science, FernUniversität in Hagen, Germany
joerg.keller@fernuni-hagen.de)

Wojciech Mazurczyk
(Warsaw University of Technology, Poland
wmazurcz@elka.pw.edu.pl)

Bela Genge
(University of Medicine, Pharmacy, Sciences and Technology of Targu Mures Romania
bela.genge@umfst.ro)

Lothar Fritsch
(Karlstad University, Sweden
lothar.fritsch@kau.se)

Simon Vrhovec
(University of Maribor, Slovenia
simon.vrhovec@um.si)

Cyberattacks have evolved into a threat for modern society, as they affect both individuals and organizations alike. Attacks can have a multitude of different forms, ranging from denial of service to ransomware, and target government, critical infrastructure, businesses or private environments. As this threat cannot be ignored, it should be detected as early as possible, to prevent damage as much as possible. As attacks often employ multiple stages, that compromise more and more machines and/or remove more and more lines of defense, early detection seems all the more necessary. At the same time, attacks, especially if evolving over many weeks, try to stay undetected and hence employ many measures in order not to raise suspicion, which renders detection a difficult endeavor. When an attack is detected, an appropriate response is necessary, which can be as straightforward and painful as disconnecting the victim from the network, but also can take many other forms, up to o_ensive countermeasures that try to attack the attacker. Both attacks and countermeasures include technical and social means, as it is sometimes easier to find out e.g. the structure of a company network by interviewing careless employees than by performing a cyber reconnaissance.

Page 1394

This special issue targets actual research on the detection of and response to cyberattacks on all levels (e.g., individuals, organizations, ISPs, and critical infrastructure) that addresses technical, social or both aspects (including, e.g., social engineering and spear phishing detection). The call for papers for this special issue was distributed over relevant mailing lists, call-for-paper distribution websites, personal and university websites, and on the homepage of the journal. In addition to submissions of new articles, extended versions of accepted papers from the Central European Cybersecurity Conference CECC 2018 have been invited for submission under the condition of providing at least 50% new content. All submissions were peer-reviewed by experts in the domain.

Based on the reviews and our own judgment, five articles were selected for publication in this special issue. Steffen Wendzel, Florian Link, Daniela Eller and Wojciech Mazurczyk studied network covert channels that enable stealthy communications for malware and data exfiltration, and introduced the concept of countermeasure variation, i.e., a slight modification of a given countermeasure designed to detect covert channels of a specific hiding pattern (a family of similar hiding techniques) in a way that it can also detect covert channels representing other hiding patterns. Tomás Bajtoš, Pavol Sokol, Andrej Gajdoš, Katarína Lučivjanská and Terezia Mézešová analyzed data collected by a telnet honeynet to determine specific attributes of telnet botnets' behavior during initial and secondary infection, and designed a model for profiling threat agents into telnet botnets groups. Samo Tomažič and Igor Bernik developed a novel Cyberattack Response Model to be used by Slovenias nuclear safety regulator and the regulator responsible for the physical protection of nuclear facilities, and nuclear and radioactive materials. Anže Mihelič, Matej Jevšček, Simon Vrhovec and Igor Bernik conducted a case study in a large Central European manufacturing company and observed the targeted employees and IT department staffs response to a phishing campaign. Halima Ibrahim Kure and Shareeful Islam proposed a novel cybersecurity risk management approach integrating cyber threat intelligence information with risk management activities, and demonstrated its applicability in collaboration with a power holding company in Nigeria.

We would like to express our gratitude to Christian Gütl (Managing Editor) and Dana Kaiser (Head of Editorial Team) for allowing us to organize this special issue of the Journal of Universal Computer Science. We also like to thank all reviewers who facilitated the review process, namely Igor Bernik, Luca Caviglione, Michal Choras, Tobias Eggendorfer, Petra Grd, Mordechai Guri, Piroska Haller, Georgios Karopoulos, Stefan Katzenbeisser, Jean-Francois Lalande, Olaf Maennel, Brad Malin, Anze Mihelic, Farnaz Mohammadi, Pal-Stefan Murvay, Gerardo Simari, Kai Simon, Daniel Spiekermann, Damian Weber, Edgar Weippl, Steffen Wendzel, and Christos Xenakis. Last but not least, we like to thank all authors for submitting their work to this special issue.

Page 1395