Understanding Cybersecurity Management in Decentralized Finance: Challenges, Strategies, and Trends (理解去中心化金融中的網絡安全管理:挑戰、策略與趨勢)
Kaur, Gurdip, Habibi Lashkari, Arash, Sharafaldin, Iman
相關主題
商品描述
This book discusses understand cybersecurity management in decentralized finance (DeFi). It commences with introducing fundamentals of DeFi and cybersecurity to readers. It emphasizes on the importance of cybersecurity for decentralized finance by illustrating recent cyber breaches, attacks, and financial losses. The book delves into understanding cyber threats and adversaries who can exploit those threats. It advances with cybersecurity threat, vulnerability, and risk management in DeFi. The book helps readers understand cyber threat landscape comprising different threat categories for that can exploit different types of vulnerabilities identified in DeFi. It puts forward prominent threat modelling strategies by focusing on attackers, assets, and software.
The book includes the popular blockchains that support DeFi include Ethereum, Binance Smart Chain, Solana, Cardano, Avalanche, Polygon, among others. With so much monetary value associated with all these technologies, the perpetrators are always lured to breach security by exploiting the vulnerabilities that exist in these technologies. For simplicity and clarity, all vulnerabilities are classified into different categories: arithmetic bugs, re-Entrancy attack, race conditions, exception handling, using a weak random generator, timestamp dependency, transaction-ordering dependence and front running, vulnerable libraries, wrong initial assumptions, denial of service, flash loan attacks, and vampire
Since decentralized finance infrastructures are the worst affected by cyber-attacks, it is imperative to understand various security issues in different components of DeFi infrastructures and proposes measures to secure all components of DeFi infrastructures. It brings the detailed cybersecurity policies and strategies that can be used to secure financial institutions. Finally, the book provides recommendations to secure DeFi infrastructures from cyber-attacks.
商品描述(中文翻譯)
本書探討了去中心化金融(DeFi)中的網路安全管理。首先向讀者介紹DeFi和網路安全的基本概念。它強調了網路安全對去中心化金融的重要性,並通過舉例最近的網路違規、攻擊和財務損失來說明這一點。本書深入了解網路威脅及其可能利用這些威脅的對手。接著探討了DeFi中的網路安全威脅、漏洞和風險管理。本書幫助讀者理解網路威脅的全景,包括不同的威脅類別,這些威脅可以利用DeFi中識別出的不同類型的漏洞。它提出了以攻擊者、資產和軟體為重點的顯著威脅建模策略。
本書涵蓋了支持DeFi的熱門區塊鏈,包括Ethereum、Binance Smart Chain、Solana、Cardano、Avalanche、Polygon等。由於這些技術涉及大量的貨幣價值,犯罪者總是被誘使通過利用這些技術中存在的漏洞來突破安全。為了簡化和清晰起見,所有漏洞被分類為不同的類別:算術錯誤、重入攻擊、競爭條件、例外處理、使用弱隨機生成器、時間戳依賴、交易排序依賴和前置執行、脆弱的庫、錯誤的初始假設、拒絕服務、閃電貸款攻擊和吸血鬼攻擊。
由於去中心化金融基礎設施最容易受到網路攻擊,因此了解DeFi基礎設施中不同組件的各種安全問題至關重要,並提出保護所有DeFi基礎設施組件的措施。本書提供了詳細的網路安全政策和策略,可用於保護金融機構。最後,本書提供了建議,以保護DeFi基礎設施免受網路攻擊。
作者簡介
Dr. Gurdip Kaur is a CISSP, and CompTIA certified Cybersecurity Analyst (CySA+) experienced in detecting and analyzing malicious network traffic, FinTech risk management, and network attack traffic classification. She led multiple cybersecurity teams to generate three publicly available cybersecurity datasets for Android malware analysis, DNS over HTTPS (DoH) attack mitigation, and darknet traffic detection. She is an active contributor to cybersecurity blogs and articles as part of the cybersecurity awareness program. Dr. Gurdip is the first author of the book titled "Understanding Cybersecurity Management in FinTech" published by Springer in 2021. She has published several book chapters and research papers in reputed journals. She was awarded two gold medals in Bachelor of Technology and a silver medal for the research project on high interaction honeypots by NDRF, India. Her research project on malware reverse engineering was selected among the top 10 projects in theNational Student Project Contest in 2015. She is strongly inclined towards cybersecurity, malware analysis, vulnerability management, incident reporting, SIEM solutions, and SOC design.
Dr. Arash Habibi Lashkari is a Canada Research Chair (CRC) in Cybersecurity. He is senior member of the IEEE and an Associate Professor in Cybersecurity at York University (Canada). Prior to this, he was an Associate Professor at the Faculty of Computer Science, University of New Brunswick (Canada), and the Research Coordinator of the Canadian Institute for Cybersecurity (CIC). His research focuses on cyber threat modeling and detection, malware analysis, big data security, internet traffic analysis, and cybersecurity dataset generation.
Arash Lashkari has over 22 years of teaching experience, spanning several international universities, and was responsible for designing the first cybersecurity Capture the Flag (CTF) competition for post-secondary students in Canada. He has been the recipient of 15 awards at international computer security competitions - including three gold awards - and was recognized as one of Canada's Top 150 Researchers for 2017. In 2020, Dr. Lashkari was recognized with the University of New Brunswick's prestigious Teaching Innovation Award for his personally-created teaching methodology, the Think-Que-Cussion Method.
He is the author of ten published books and more than 110 academic articles on a variety of cybersecurity-related topics and the co-author of the national award-winning article series, "Understanding Canadian Cybersecurity Laws", which was recently recognized with a Gold Medal at the 2020 Canadian Online Publishing Awards.
Iman Sharafaldin is Application & Cloud Security Lead at Forward Securiy Inc in Vancouver, Canada. Passionate about all things code, Iman has more than 8 years of cybersecurity and software related experience. He is also a PhD candidate in computer science at the University of New Brunswick, Canada, with more than 1000 citations on his cybersecurity related publications.
Ziba Habibi Lashkari is an Assistant Professor of Finance in the Department of Organization Engineering, Business Administration, and Statistics, the Technical University of Madrid, Spain. She had been participating in the project of "Análisis de Modelos en Dinámica de poblaciones Estructuradas en Valoración de Derivados Financieros" financed by the Spanish Ministry of Economy. She has more than 15 years of academic and industry experience in financial management. Her research focuses on asset pricing, risk Management, cybersecurity risk in digital financial and data science in fintech.
作者簡介(中文翻譯)
Dr. Gurdip Kaur 是一位擁有 CISSP 和 CompTIA 認證的網路安全分析師 (CySA+),在檢測和分析惡意網路流量、金融科技風險管理以及網路攻擊流量分類方面擁有豐富經驗。她領導多個網路安全團隊,生成了三個公開可用的網路安全數據集,分別用於 Android 惡意軟體分析、DNS over HTTPS (DoH) 攻擊緩解和暗網流量檢測。作為網路安全意識計畫的一部分,她積極貢獻於網路安全博客和文章。Dr. Gurdip 是於 2021 年由 Springer 出版的書籍《Understanding Cybersecurity Management in FinTech》的第一作者。她在多本知名期刊上發表了幾個書章和研究論文。她在技術學士學位中獲得兩枚金牌,並因高互動蜜罐的研究項目獲得印度 NDRF 的銀牌。她的惡意軟體逆向工程研究項目在 2015 年的全國學生項目比賽中被選為前十名項目。她對網路安全、惡意軟體分析、漏洞管理、事件報告、SIEM 解決方案和 SOC 設計有著強烈的興趣。
Dr. Arash Habibi Lashkari 是加拿大網路安全研究主席 (CRC)。他是 IEEE 的高級會員,並擔任加拿大約克大學的網路安全副教授。在此之前,他曾是加拿大新不倫瑞克大學計算機科學系的副教授,以及加拿大網路安全研究所 (CIC) 的研究協調員。他的研究重點在於網路威脅建模與檢測、惡意軟體分析、大數據安全、網際網路流量分析以及網路安全數據集的生成。
Arash Lashkari 擁有超過 22 年的教學經驗,涵蓋多所國際大學,並負責設計加拿大首個針對大專學生的網路安全 Capture the Flag (CTF) 比賽。他在國際計算機安全競賽中獲得了 15 項獎項,包括三項金獎,並於 2017 年被評選為加拿大前 150 位研究人員之一。2020 年,Dr. Lashkari 因其個人創建的教學方法 Think-Que-Cussion Method 獲得新不倫瑞克大學的教學創新獎。
他是十本已出版書籍的作者,並在各種網路安全相關主題上發表了超過 110 篇學術文章,還是全國獲獎文章系列《Understanding Canadian Cybersecurity Laws》的共同作者,該系列最近在 2020 年加拿大線上出版獎中獲得金獎。
Iman Sharafaldin 是位於加拿大溫哥華的 Forward Security Inc 的應用與雲安全負責人。Iman 對所有與程式碼相關的事物充滿熱情,擁有超過 8 年的網路安全和軟體相關經驗。他同時也是加拿大新不倫瑞克大學計算機科學的博士候選人,其網路安全相關出版物的引用次數超過 1000 次。
Ziba Habibi Lashkari 是西班牙馬德里技術大學組織工程、商業管理與統計系的金融助理教授。她曾參與由西班牙經濟部資助的「Análisis de Modelos en Dinámica de poblaciones Estructuradas en Valoración de Derivados Financieros」項目。她在金融管理方面擁有超過 15 年的學術和行業經驗。她的研究重點在於資產定價、風險管理、數位金融中的網路安全風險以及金融科技中的數據科學。
