Introduction to Cyber Security

Hello friends, I hope you all are doing great. In today's tutorial, I am going to give you a detailed Introduction to Cyber Security. You must have noticed that whenever you are registering on any site or using any online service, you need to tap on "agree" and normally we do that without reading their privacy policy and security agreement. We have also synced our photos and contacts online and these websites keep the user data, they know about us more than we know ourselves. All our data, location, information & search history can be monitored. So in this technological era, we must be aware of our online security so that we don't get hacked. In order to do so, we need to learn Cyber Security. So, let's get started with it:

Introduction to Cyber Security

  • Cyber security is the task of shielding networks and computer systems from cyber theft or attack, related to hardware, software or electronic data.
Recently, a gadget that seemed like a hand watch was introduced and it was used to notify the pulse rate, heartbeat and location to the user. That data is being synced to the websites, whether we book a hotel room, a cab or order a pizza through the apps we constantly and inherently generating the data, this data is being stored in the cloud which is a huge server that can be accessed online. Now for a hacker, it is a golden prospect to obtain the data, with the public IP addresses, access points, constant traffic of repeated data, they can produce malicious software to exploit vulnerabilities. Hackers are becoming smarter and more inventive with their malware. They can bypass a virus scan.

What is meant by Malware?

Malware stands for Malicious Software, It is a program devised to invade and attack the systems outwardly the owner's permission, It is the broad term for comprising of all distinct sorts of warnings to your systems such as spyware, Trojans horses, viruses, worms, rootkits, adware, scare ware. On the contrary, software which causes accidental damage is called a bug. 

Types of Cyber Attacks

  • As you can see in the image below, some enlisted malware existed since the beginning of internet.
  • Let's have a look at them one by one:
1. Phishing
They are the attack which is sent as a link to the user through the email posing a genuine party asking for the data. The users have to click on the link and enter the personal data. Over the years the phishing emails have become more sophisticated and often settle in the section of spam.
2. Password attack
A password attack can be defined as the attacker requests for the password from the user and try to crack it to gather the sensitive data and access the computer system.
3. DDoS
DDoS stands for Distributive Denial of Service, in this process, the attacker transmits a huge amount of data to the network that is making several connection requests unto the network gets trafficked and unable to function.
4. Man In the middle
There are possibilities of this type of attack when user exchanges the data online, your smartphone is connected to the website the MITM attack can obtain the data from the end-users and the entity you are communicating with. For example, a middle man can communicate with you portraying your bank and contact the bank impersonating you. Then would receive the data from both the sides and transfer it to the third parties, which can include sensitive information such as your account number, your credit or debit card number or your IBAN
5. Drive-by Downloads
A program is downloaded by the website by just visiting them through malware on that specific website. It doesn't ask for the permission of the user or to take any action.
6. Malware Advertising (Malvertising)
A malicious code threatens your computer system downloaded when you click on the bogus add.
7. Rogue software
Security software that keeps your system safe.

History of cyber attacks

Not only we as individuals are vulnerable to the attacks but the organizations or companies aren't safe either. For instance a well-known graphic software company, Adobe Photoshop was hacked despite the high-security systems and they had to go through major cyber breaches where all the sensitive data and confidentiality was compromised, eBay, AOL, Ever note were also affected by the cyber breaches. So not only individuals but the bigger organization are spontaneously being attacked by the hackers.

Protection from Cyber attacks

By reading about cyber breaches and threats to the security one must be questioning that is there any mechanisms or protocols that can provide full-proof security to the computer systems? And the answer is "Yes" and that is called cyber security. In the context of information technology, the physical and cyber security comprised of the security, the enterprises used them to protect them against the access of unauthorized companies or data centers. Information security is created to sustain the confidentiality and availability of data in a subset of cyber security. So cyber security can help counter the cyber breaches, identity theft, and aid and risk management. So when an organization has a strong function of network security and an efficient disturbance response plan then it is capable of defending and protecting the data against the attack.

What are we exactly trying to protect?

We protect ourselves against three activities and they are,
  • Unauthorized Modification
  • Unauthorized Access
  • Unauthorized Deletion
These three terminologies are known to CIA TRAID, It is also known as the three main dependencies of security. CIA Triad is responsible for transferring confidentialityintegrity, and availability. The security policies of bigger organizations or smaller companies are based on these three sources. We will find them out respectively.

CONFIDENTIALITY

confidentiality is commensurate to privacy actions engaged to assure confidentiality are created to counter sensitive information from reaching the spies while making certain that the right people can access it. Access must be restricted to those allowed to view the data in question is as regular as well for data to be classified according to the volume and type of destruction that could be done shouldn't slip into the unintended hands. More or less stringed measures can then be implemented to those categories. Sometimes safeguarding data confidentiality may include special training for those privies to such documents, such training would typically include security jeopardies that could threaten this information, training can benefit familiarize authorized people with risk factors and how to shield against them. Further phases of training can include password and password related best practices and information above human communications methods to prevent them from twisting data handling rules with good intentions and potentially unfavorable outcomes.

INTEGRITY

Integrity includes sustaining consistency, efficiency, and trustworthiness over its intact lifecycle. Data must not be changed or altered by third parties and authorized individuals and the actions must be used to ensure this. For example in a data infringement of confidentiality, these measures include file permissions and user access controls accounts. Accounts may be used to prevent false changes and accidental deletion by authorized users becoming an obstacle. Furthermore, some means must be in place to detect any fluctuations in data that might transpire as a result of non-human generated issues, such as, electromagnetic vibrations or silver crash. Some data might involve checksums, even cryptographic checksum for verification of the integrity backup or redundancies must be prepared to reestablish affected data to its correct state.

AVAILABILITY

Availability is best guarded by austere maintaining of all hardware operating best instantly when required and maintaining an accurately functional operating system that is free of software frictions. It is also necessary to keep all the operating system upgrades producing enough transmission bandwidth and preventing the occurrence of bottlenecks are equally significant. Redundancy failover and even high availability clump can lessen severe consequences when hardware issues do occur fast. As an adaptive failure restoration is imperative for the worst-case scenario that the capacity is reliant on the existence of a comprehensive disaster recovery plan shields against data loss or interference in the connection must include. Unpredictable events such as natural disasters and files to prevent data loss from such incidents, a backup copy must be stored in a geographically secluded area, perhaps in a fire-resistant liquid safe place. Extra security equipment or software such as firewalls and proxy servers can secure us against downtimes and unreachable data due to malicious actions, such as a denial of service attacks and network intrusions. So now that we have seen what we are trying to protect, implement when trying to protect ourselves on the other hand, we should also know the ways that we protect ourselves when we are attacked by cyber systems. So the first action that we mitigate any type of intervention is to detect the malware or the cyber threat that is being currently going on in your organization. Next, we have to analyze and evaluate all the affected parties and the file systems that have been compromised and, in the end, we have to repair the whole procedure so that our organization can come back to its whole streaming state without any cyber breaches. So how it is exactly done? This can be done by considering three factors. Vulnerability, Threat and, Risk. So let me explain all of them precisely.

Vulnerability

It can be defined as a known weakness of an asset that can be misused by one or more attackers, in other words, a hidden issue that enables an intervention to be successful. For example, when an employee or a member of an organization is fired and you forget to disable the access of external accounts, change logins and remove their names from the company credit cards, this will jeopardies your business willingly or unwillingly. However, most of the vulnerabilities are exploited by the authorized attackers on a human typing on the other side of the system. Next testing for vulnerabilities is critical to assuring the flow of your systems by knowing exposed points and developing strategies to counter immediately. Here you may have some questions regarding your security vulnerabilities, for instance, Is your data backed-up and stored in a secure off-site location? Is your data is stored in the cloud? How the cloud is shielding my data from its vulnerabilities? What kind of security do you have to determine? Who can access, modify or delete information from within your organization? And the next question can pop up like what kind of antivirus protection is in use? What are the licenses current and are they running as often as needed? Also, do you have a data recovery plan in the event of vulnerability, being exploited? So these are the normal questions one asks when checking their vulnerability.

THREAT

A threat can be described as a newly created disturbance with the potential to harm a system or your whole company. There are three types of threats.
  • National Threats like Earthquakes tornados, hurricanes, tsunami and floods.
  • Unintentional Threat i.e. an employee mistakenly obtaining the sensitive data.
  • Intentional Threats, there are many examples of intentional threats such as Malware, adware, spyware companies are the actions of disgruntled employees. To add up, worm and viruses are characterized as threats because they could potentially cause harm to your organization through exposure to a programmed intervention as opposed to executed by human beings. Although these threats are commonly outside of one's control and difficult to predict before it happens. It is requisite to take legit measures to assess intimidations systematically.
Here are some ways, make sure that your team members are informed with current drifts in cyber security so they can immediately identify new threats. They should attend IT courses and join professional associations so they can benefit from the breaking news feed, conferences, and webinars. You should also conduct a general threat estimation to determine the best approaches and protecting the systems against specific threats along with assessing different types of tech besides, forcing testing includes illustrating real-world threats to discover bollen abilities.

RISK

Risk refers to the potential to the loss and damage when a threat exploits a vulnerability. Examples including financial damage as a result of business agitation, loss of privacy, damage to reputation, legal associations and even the destruction of career or life. Risk can also be defined as the product of threat and vulnerability. You can reduce the potential for risk by engineering and executing a risk management plan, the following are the key aspects for developing your risk management strategy. First, we are required to evaluate risk and circumscribe needs, when engineering and implementing a risk assessment framework, it is crucial to prioritize the most related breaches that need to be discussed. All the frequency may differ in each organization. This level of assessment must be done regularly. Next, we also have to include a stakeholder perspective that includes the business owners as well as employees, consumers, and even merchants. All of these professionals have the potential to negatively impact the organization but they can be an asset in helping to mitigate risks at the same time. Since risk management is the key to cyber security.

Introduction to Artificial Intelligence

Hello friends, I hope you all are doing great. In today's tutorial, I am going to give you a detailed Introduction to Artificial Intelligence. Today I am talking about the origin of Artificial Intelligence, you will learn how it was invented and how it is getting emerged gradually in the field of science and technology. We will also discuss few AI tests and will understand its relation with neural networks. As it's my first post on AI, so I will only cover it's basics in today's lecture but in coming lectures, we will not only discuss its complex concepts but will also design different algorithms to understand its practical approach. So, let's get started with Introduction to Artificial Intelligence:

Introduction to Artificial Intelligence

  • John McCarthy is known as the father of Artificial Intelligence. According to him:

"Artificial Intelligence is the science and engineering of designing intelligent machines, especially intelligent computer programs."

I have been teaching Artificial Intelligence to engineering students for five years and I normally assign them projects at the end of their course and the one, I really enjoyed was "virtual psychiatrist", designed by a group of 5 students. You can tell that robot your symptoms/condition and it will tell you the cure and measures. During it's evaluation, the virtual Psychiatrist asked "What's your problem?" I replied, "I am fine" but still it suggested numerous cures and several therapies. I laughed and told the students that this software will not qualify for the Turing test. Now, you must be thinking, what's a Turing Test, so let's have a look at it:

What is the Turing Test?

In 1950, a great computer scientist, Alan Turning, wrote a research paper and provide a mechanism to determine, whether machines actually think or not. To examine it, he gave an experiment, which is called the Turing Test. Below is the illustration of this experiment followed by the details:
  • As you can see in above figure, we have:
    • as an artificially intelligent software/hardware,
    • as an invigilator,
    •  and B as a human.
  • C is supposed to ask different questions from both the agents i.e. A & B, and determine which one is AI software and which one is human.
  • is supposed to deceive the Human Questioner i.e. C and make it believe that it's a human.
  • If C is failed to detect that which one is an AI software among A & B, then this software will be called as an "intelligent software" because it answered those questions, to which only a human is supposed to answer.
  • This test is called the Turing test.
The 90's kids are very well aware of the software known as ELIZA, which was created by Joseph Weizenbaum (from 1964 to 1966) at MIT Artificial Intelligence Laboratory. This was a psychological software and could give us the therapy, when we would ask for it (I remember being in grade eighth and asking her how to propose a boy, who was my crush back then, poor me) because it was fed by MIT, but if I would ask her the recipe of cookies, she definitely wouldn't tell me.
  • SHAKEY was the first artificial intelligent robot, whose job was to pick the product and then drop it on a specific spot, but again if I ask the recipe of the cookies, it won't tell me. :D
Coming to the era of 1980s, when Garry Kasparov was the world champion in chess and was defeated by a software called DEEP BLUE, this software is designed by IBM and you will be amazed by knowing that it was the first time that a human was defeated in chess by a software. But again if you ask Deep Blue how to make cookies, you know what the answer would be! The reason is that those robots which were created in the past centuries were Rule-based bots or Software, they were given rules, statements and logic but if we ask questions from other domains, they won't be able to answer them, hence although those software were highly intellectual but they don't belong to AI category.

How Human Brain works ?

At an early age or the very beginning, shape of the human brain was different, but as this specie started evolving, it developed the learning capacity, got smarter and intelligent. We have a very complicated connection network (bellow is the image) in our brain which is built by trillions of cells, the smallest cell of the brain is called "Neuron" and it also contains trillions of connections, so if we would able to utilize the processing of brain in software, the would become intelligent too, Artificially Intelligent. For example, if you look closely at the figure above, this is the basic unit of cell where dendrites, which provide connections, then a cell in the center (nucleus) where decisions are being made and then there is an axon cell, which is responsible to give the decision as an output. Same as we make a flowchart where we have inputs, decision-making centers, and we have an output based on that decision. So, if we connect those intelligent unit cells many times, we can design a Neural Network, which is also the hot topic of the research, nowadays. The Neural Network
  • Now, you must have the basic idea of what neurons are, so now, let's have a look at a simple neural network, as shown in below figure:
  • The first layer of the neural network is the input layer.
  • The second layer is the hidden layer.
  • And finally, we have the third layer, the output layer.
Single input of a neural network can be connected to multiple stages.

Examples of AI software

Let's understand neural network with the help of a simple project.
  • Once I have designed a project in MATLAB, where I need to detect Horse in different images.
  • So, I have added a lot of horse pictures in different postures & angles in database.
  • Then using those images, I have trained my software to differentiate between horse and other animals.
  • Finally, once I have completed my horse recognition algorithm, then I tested it with around 100 new images of animals.
  • It has recognized horse in 80 images but was unable to detect in remaining 20 images.
So my point here is, efficiency of an AI software depends on its algorithm. You can achieve 100% results as well as we human get from our brain, we can quite easily recognize the horse in any image. But again, let's say if the image is taken from a distance, then may be you can also get confused. Nowadays, we have so much data, also known as big data, so if we provide such data to our software, then it will be able to learn and hence its intelligence will be increased, so there's a 99 percent chance that it will tell us how to make a COOKIE! :D So, when we reached to neural network or deep learning, our software will behave smartly.
  • I will take you to the software IBM WATSON, which is designed by IBM and this software stood first in America's largest quiz show, Jeopardy, which was being played with the top two champions. A software won $100000mn, whoa!
  • Let’s talk about Alpha Go, this software beaten the champion of that time.
  • It will be an injustice, if we don't talk about Eugene Goostman, he has designed the first-ever software, which depicts a 13-year-old boy and it has qualified the Turing test. Though there are controversies about it, this is the only software that managed to convince 33 invigilators out of hundred that IT’S A HUMAN.

Author's Remarks

IQ Level of a human lies between 70 to 130, but imagine a software having the IQ level of 100,000, then will human intelligence be able to counter it?. In an Interview, the well renowned AI robot Sophia tells the host while countering a question about a bad future with robots that you have been reading too much Elon Musk and watching so many Hollywood movies about the robots but if you are nice to me I am nice to you, treat me as a smart input-output system. But let me tell you, many scientists (especially Elon musk and Stephen hawking) in the world have predicted that AI will take over the human race and that will be catastrophic. The question is how we are preparing ourselves to counter it. Are we writing the death of our generations with our own hands? Or we think that they will live peacefully with us like our friends, neighbors or relatives? Are there any chances that they won't dominate us & will only obey us? Or we need to find a way that technological advancement keeps on progressing but stays under control. So, that was all for today. I hope you have enjoyed today's tutorial. We have discussed the basics of Artificial Intelligence today. In coming lecture, we will cover more complex topics on AI. Till then take care & have fun !!! :)
Syed Zain Nasir

I am Syed Zain Nasir, the founder of <a href=https://www.TheEngineeringProjects.com/>The Engineering Projects</a> (TEP). I am a programmer since 2009 before that I just search things, make small projects and now I am sharing my knowledge through this platform.I also work as a freelancer and did many projects related to programming and electrical circuitry. <a href=https://plus.google.com/+SyedZainNasir/>My Google Profile+</a>

Share
Published by
Syed Zain Nasir