Implementing Enterprise Cyber Security with Open-Source Software and Standard Architecture: Volume II

Cyber security is one of the most critical problems faced by enterprises, government organizations, education institutes, small and medium scale businesses, and medical institutions today. Creating a cyber security posture through proper cyber security architecture, deployment of cyber defense tools, and building a security operation center are critical for all such organizations given the preponderance of cyber threats. However, cyber defense tools are expensive, and many small and medium-scale business houses cannot procure these tools within their budgets. Even those business houses that manage to procure them cannot use them effectively because of the lack of human resources and the knowledge of the standard enterprise security architecture. In 2020, the C3i Center at the Indian Institute of Technology Kanpur developed a professional certification course where IT professionals from various organizations go through rigorous six-month long training in cyber defense. During their training, groups within the cohort collaborate on team projects to develop cybersecurity solutions for problems such as malware analysis, threat intelligence collection, endpoint detection and protection, network intrusion detection, developing security incidents, event management systems, etc. All these projects leverage open-source tools, and code from various sources, and hence can be also constructed by others if the recipe to construct such tools is known. It is therefore beneficial if we put these recipes out in the form of book chapters such that small and medium scale businesses can create these tools based on open-source components, easily following the content of the chapters. In 2021, we published the first volume of this series based on the projects done by cohort 1 of the course. This volume, second in the series has new recipes and tool development expertise based on the projects done by cohort 3 of this training program. This volume consists of nine chapters that describe experience and know-how of projects in malware analysis, web application security, intrusion detection system, and honeypot in sufficient detail so they can be recreated by anyone looking to develop home grown solutions to defend themselves from cyber-attacks.

PART ONE:Web Application Security 1. OWASP G0rking – Exploiting the Hidden Aspects of Google's Search Capabilities Vishal Soni and Neelakshi Sahni 2. OSS Known Vulnerability Scanner – Helping Software Developers Detect Third Party Dependency Vulnerabilities in Real Time Om Mishra and Ria Sarkar PART TWO: Malware Analysis 3. Detecting Malware using Machine Learning Partha Majumdar, Shyava Tripathi, Balaji Annamalai, Senthil Jagadeesan, and Ranveer Khedar 4. New Age Attack Vectors – JPEG Images Machine Learning Based Solution for the Detection of Malicious JPEG Images Shankar Kashamshetty and Kunal Chawla 5. Live Monitoring of Malware Attacks on Cloud using a Windows Agent-Based Solution 6. Malware Too Needs Attention Sheetal A. Suvarna PART THREE: IDS 7. Implementation of Intrusion Detection System and Deception Technologies using Open-Source Tools for Small Business Purushartha Srivastava and Kalpesh Seludkar 8. Attack Vector Analysis with New Benchmark Ashish Ranjan Yadav and Rohit Negi 9. Stealpot Honeypot Network Amardeep, Om Prakash Mishra and Sanjeev Kumar Sumbria

Anand Handa is a senior research engineer with the C3i Center at the Indian Institute of Technology Kanpur. His research interests are in the intersection of machine learning and cybersecurity. His role at C3i involves working on projects having malware analysis, memory forensics and intrusion detection systems as a significant component. Rohit Negi is the lead engineer and chief security architect of the C3i Center – a center for cybersecurity and cyber defense of critical infrastructures at the Indian Institute of Technology Kanpur. His research is in the field of cybersecurity of cyber-physical systems. S. Venkatesan is an Associate Professor at the Department of Information Technology at the Indian Institute of Information Technology Allahabad (IIITA). He heads IIITA’s C3iHub IoT Security Lab and is a member of the Network Security and Cryptography (NSC) Group. He has authored several research papers published in reputed journals and presented at conferences. His research interests include network security, cloud computing, social network privacy, mobile agent security, applied cryptography, and blockchain. Sandeep K. Shukla is a professor of Computer Science and Engineering with the Indian Institute of Technology. He is an IEEE Fellow, ACM distinguished scientist, and subject matter expert in Cybersecurity of cyber-physical systems and blockchain technology. He is a recipient of various prestigious honours, and he serves as a joint coordinator for the C3I Centre and the National Blockchain Project at IIT Kanpur, India.