MANAGEMENT OF ELEARNING PLATFORMS SECURITY
MANAGEMENT OF ELEARNING PLATFORMS SECURITY
Author(s): Ioan-Cosmin Mihai, Laurențiu GiureaSubject(s): Criminology, ICT Information and Communications Technologies, Sociology of Education
Published by: Carol I National Defence University Publishing House
Keywords: cyber-attacks; attack vectors; attack tree; eLearning platforms security;
Summary/Abstract: The existence of many cyber-attacks targeted to online environment, make eLearning platforms security a major concern. To secure an eLearning platform there are three interconnected strategies: prevention (the actions taken before an attack), detection (the action taken during an attack) and response (the action taken after an attack). This paper focuses on detection, providing different strategies to detect if eLearning platform security was compromised: intrusion detection, malware detection and suspicious activities detection. An attack tree is developed to simulate and to observe the impact of cyber-attacks on eLearning platforms. The attack tree lists and develops methods by which an attacker can cause a security incident on platforms. The attack tree is useful to explore certain attack paths in depth and to generate intrusion scenarios on a website. To conduct a cyber-attack to an eLearning platform, each edge to the internal node structure of the attack tree must be traversed. The internal nodes of the attack tree represent the seven stages of the intrusion model Kill Chain, which was defined by researchers from Lockheed Martin. This model consists of seven stages: reconnaissance, weaponization, delivery, exploitation, installation, command and control and action on objectives. The external edges of the tree that connect the leaf nodes, represent optional attack vectors. The results from the simulation attacks are used to presents the management of eLearning platforms security against cyber-attacks. An eLearning platform security is affected when the integrity or availability of the platform’s files are compromised or additional malicious activity has been detected; for example malware infections, redirections to malicious websites or other suspicious activities like phishing or spamming. While there are no solutions to guarantee the security of eLearning platforms, this paper describes the attack vectors and presents various solutions to detect indicators of compromise.
Journal: Conference proceedings of »eLearning and Software for Education« (eLSE)
- Issue Year: 12/2016
- Issue No: 01
- Page Range: 422-427
- Page Count: 6
- Language: English