Recently, well-known and established South African organisations have experienced cyberattacks. South African Bank Risk Information Centre (SABRIC) confirmed in October 2019 that the industry had been hit by a wave of Distributed Denial of Service (DDoS) attacks targeting multiple banks. This happened shortly after the website of City of Johannesburg (CoJ) succumb to a ransomware attack. These attacks are a wakeup call for South African organisations and underline the essential need for suitable detection mechanisms to prevent cyberattacks. The detection of cyberattacks relies not only on understanding existing attacks but also being able to identify emerging threats. The continuous and strategic collection of relevant and valuable cybersecurity data sets can offer insight into ongoing threats or cyberattacks, while also assisting with the combatting of cybercrime. Although various third-party providers, such as Shodan and Have I Been Pwned (HIBP), exist and do provide access to cybersecurity data sets, these providers have little to no presence in South Africa (SA). Most of the available cybersecurity data sets are heavily slanted towards the United States and the identified trends might not be relevant to the South African context. Therefore, this paper introduces the Lost Packet warehousing Service, a technological solution that will function as the primary source for cybersecurity data collection within South Africa. The Lost Packet Warehousing Service will allow for the continuous but passive collection of cybersecurity data sets. Examples of such data sets could include network telescope, honeypot and NetFlow collectors. Data analysis and processing techniques are then applied to the collected cybersecurity data sets to identify, infer, detect and predict emerging trends and cyberattacks. Also discussed in this paper is the steps taken to maintain the security and privacy of the collected cybersecurity sets. The paper concludes by discussing the various benefits offered by the Lost Packet Warehousing Service.
Reference:
Burke, I.D., Motlhabi, M.B., Netshiya, R. & Pieterse, H. 2021. Lost packet warehousing service. http://hdl.handle.net/10204/12036 .
Burke, I. D., Motlhabi, M. B., Netshiya, R., & Pieterse, H. (2021). Lost packet warehousing service. http://hdl.handle.net/10204/12036
Burke, Ivan D, Michael B Motlhabi, Rofhiwa Netshiya, and Heloise Pieterse. "Lost packet warehousing service." Proceedings of the 16th International Conference on Cyber Warfare and Security, Tennessee Tech University and Oak Ridge National Laboratory, Cooksville, Tennessee, USA, 25-26 February 2021 (2021): http://hdl.handle.net/10204/12036
Proceedings of the 16th International Conference on Cyber Warfare and Security, Tennessee Tech University and Oak Ridge National Laboratory, Cooksville, Tennessee, USA, 25-26 February 2021