PDF Artificial Intelligence and Security Challenges in Emerging Networks Advances in Computational Intelligence and Robotics 1St Edition Ryma Abassi Editor Ebook Full Chapter

Artificial Intelligence and Security
Challenges in Emerging Networks

Advances in Computational Intelligence
and Robotics 1st Edition Ryma Abassi
(Editor)
Visit to download the full and correct content document:
https://textbookfull.com/product/artificial-intelligence-and-security-challenges-in-emer
ging-networks-advances-in-computational-intelligence-and-robotics-1st-edition-ryma-
abassi-editor/
More products digital (pdf, epub, mobi) instant
download maybe you interests ...
Artificial Intelligence and Robotics Huimin Lu
https://textbookfull.com/product/artificial-intelligence-and-
robotics-huimin-lu/
Artificial Intelligence and Robotics 1st Edition Huimin

Lu
https://textbookfull.com/product/artificial-intelligence-and-
robotics-1st-edition-huimin-lu/
AI and Big Datas Potential for Disruptive Innovation

Advances in Computational Intelligence and Robotics 1st
Edition Moses Strydom
https://textbookfull.com/product/ai-and-big-datas-potential-for-
disruptive-innovation-advances-in-computational-intelligence-and-
robotics-1st-edition-moses-strydom/
Advances in Artificial Intelligence, Software and

Systems Engineering Tareq Z. Ahram
https://textbookfull.com/product/advances-in-artificial-
intelligence-software-and-systems-engineering-tareq-z-ahram/
Advances in Computational Intelligence Proceedings of
Second International Conference on Computational
Intelligence 2018 Sudip Kumar Sahana
https://textbookfull.com/product/advances-in-computational-
intelligence-proceedings-of-second-international-conference-on-
computational-intelligence-2018-sudip-kumar-sahana/
AI IA 2016 Advances in Artificial Intelligence XVth

International Conference of the Italian Association for
Artificial Intelligence Genova Italy November 29
December 1 2016 Proceedings 1st Edition Giovanni Adorni
https://textbookfull.com/product/ai-ia-2016-advances-in-
artificial-intelligence-xvth-international-conference-of-the-
italian-association-for-artificial-intelligence-genova-italy-
november-29-december-1-2016-proceedings-1st-edition-gio/
Artificial Intelligence Safety and Security Roman V.

Yampolskiy (Editor)
https://textbookfull.com/product/artificial-intelligence-safety-
and-security-roman-v-yampolskiy-editor/
Advances in Computational Intelligence 17th Mexican

International Conference on Artificial Intelligence
MICAI 2018 Guadalajara Mexico October 22 27 2018
Proceedings Part II Ildar Batyrshin
https://textbookfull.com/product/advances-in-computational-
intelligence-17th-mexican-international-conference-on-artificial-
intelligence-micai-2018-guadalajara-mexico-
october-22-27-2018-proceedings-part-ii-ildar-batyrshin/
Computational Intelligence Applications in Business

Intelligence and Big Data Analytics 1st Edition Vijayan
Sugumaran
https://textbookfull.com/product/computational-intelligence-
applications-in-business-intelligence-and-big-data-analytics-1st-
edition-vijayan-sugumaran/
Artificial Intelligence and
Security Challenges in
Emerging Networks
Ryma Abassi
University of Carthage, Tunisia
A volume in the Advances in

Computational Intelligence and
Robotics (ACIR) Book Series
Published in the United States of America by
IGI Global
Engineering Science Reference (an imprint of IGI Global)
701 E. Chocolate Avenue
Hershey PA, USA 17033
Tel: 717-533-8845
Fax: 717-533-8661
E-mail: cust@igi-global.com
Web site: http://www.igi-global.com
Copyright © 2019 by IGI Global. All rights reserved. No part of this publication may be
reproduced, stored or distributed in any form or by any means, electronic or mechanical, including
photocopying, without written permission from the publisher.
Product or company names used in this set are for identification purposes only. Inclusion of the
names of the products or companies does not indicate a claim of ownership by IGI Global of the
trademark or registered trademark.
Library of Congress Cataloging-in-Publication Data
Names: Abassi, Ryma, 1980- editor.

Title: Artificial intelligence and security challenges in emerging networks /
Ryma Abassi, editor.
Description: Hershey, PA : Engineering Science Reference, [2019] | Includes
bibliographical references and index.
Identifiers: LCCN 2018027791| ISBN 9781522573531 (hardcover) | ISBN
9781522573548 (ebook)
Subjects: LCSH: Computer networks--Security measures. | Internet--Security
measures. | Malware (Computer software) | Artificial intelligence.
Classification: LCC TK5105.59 .A78 2019 | DDC 006.3--dc23 LC record available at https://lccn.
loc.gov/2018027791
This book is published in the IGI Global book series Advances in Computational Intelligence and
Robotics (ACIR) (ISSN: 2327-0411; eISSN: 2327-042X)
British Cataloguing in Publication Data

A Cataloguing in Publication record for this book is available from the British Library.
All work contributed to this book is new, previously-unpublished material.

The views expressed in this book are those of the authors, but not necessarily of the publisher.
For electronic access to this publication, please contact: eresources@igi-global.com.

Advances in Computational
Intelligence and Robotics
(ACIR) Book Series
ISSN:2327-0411
EISSN:2327-042X
Editor-in-Chief: Ivan Giannoccaro, University of Salento, Italy

Mission
While intelligence is traditionally a term applied to humans and human cognition,
technology has progressed in such a way to allow for the development of intelligent
systems able to simulate many human traits. With this new era of simulated and
artificial intelligence, much research is needed in order to continue to advance
the field and also to evaluate the ethical and societal concerns of the existence of
artificial life and machine learning.
The Advances in Computational Intelligence and Robotics (ACIR) Book
Series encourages scholarly discourse on all topics pertaining to evolutionary
computing, artificial life, computational intelligence, machine learning, and robotics.
ACIR presents the latest research being conducted on diverse topics in intelligence
technologies with the goal of advancing knowledge and applications in this rapidly
evolving field.
Coverage
• Heuristics IGI Global is currently accepting
• Adaptive and Complex Systems manuscripts for publication within this
• Robotics series. To submit a proposal for a volume in
• Neural Networks this series, please contact our Acquisition
• Computer Vision Editors at Acquisitions@igi-global.com or
• Fuzzy systems visit: http://www.igi-global.com/publish/.
• Artificial life
• Brain Simulation
• Automated Reasoning
• Agent technologies
The Advances in Computational Intelligence and Robotics (ACIR) Book Series (ISSN 2327-0411) is published by
IGI Global, 701 E. Chocolate Avenue, Hershey, PA 17033-1240, USA, www.igi-global.com. This series is composed of
titles available for purchase individually; each title is edited to be contextually exclusive from any other title within the
series. For pricing and ordering information please visit http://www.igi-global.com/book-series/advances-computational-
intelligence-robotics/73674. Postmaster: Send all address changes to above address. Copyright © 2019 IGI Global. All rights,
including translation in other languages reserved by the publisher. No part of this series may be reproduced or used in any
form or by any means – graphics, electronic, or mechanical, including photocopying, recording, taping, or information and
retrieval systems – without written permission from the publisher, except for non commercial, educational use, including
classroom teaching purposes. The views expressed in this series are those of the authors, but not necessarily of IGI Global.
Titles in this Series
For a list of additional titles in this series, please visit:
http://www.igi-global.com/book-series/advances-computational-intelligence-robotics
Advanced Metaheuristic Methods in Big Data Retrieval and Analytics

Hadj Ahmed Bouarara (Dr. Moulay Tahar University of Saïda, Algeria) Reda Mohamed
Hamou (Dr. Moulay Tahar University of Saïda, Algeria) and Amine Rahmani (Dr. Moulay
Tahar University of Saïda Algeria)
Engineering Science Reference • ©2019 • 320pp • H/C (ISBN: 9781522573388) • US
$205.00
Nature-Inspired Algorithms for Big Data Frameworks

Hema Banati (Dyal Singh College, India) Shikha Mehta (Jaypee Institute of Information
Technology, India) and Parmeet Kaur (Jaypee Institute of Information Technology, India)
$225.00
Novel Design and Applications of Robotics Technologies

Dan Zhang (York University, Canada) and Bin Wei (York University, Canada)
$205.00
Optoelectronics in Machine Vision-Based Theories and Applications

Moises Rivas-Lopez (Universidad Autónoma de Baja California, Mexico) Oleg Sergiyenko
(Universidad Autónoma de Baja California, Mexico) Wendy Flores-Fuentes (Universidad
Autónoma de Baja California, Mexico) and Julio Cesar Rodríguez-Quiñonez (Universidad
Autónoma de Baja California, Mexico)
$225.00
For an entire list of titles in this series, please visit:

http://www.igi-global.com/book-series/advances-computational-intelligence-robotics
701 East Chocolate Avenue, Hershey, PA 17033, USA

Tel: 717-533-8845 x100 • Fax: 717-533-8661
E-Mail: cust@igi-global.com • www.igi-global.com
Editorial Advisory Board
Faten Ayachi, University of Carthage, Tunisia
Aida Ben Chehida, University of Carthage, Tunisia
Ons Chikhaoui, University of Carthage, Tunisia
Rim Hadded, University of Carthage, Tunisia
Balkis Hamdene, University of Carthage, Tunisia
Imen Jemili, University of Carthage, Tunisia
Nadia Kammoun, University of Carthage, Tunisia
Amira Kchaou, University of Carthage, Tunisia
Muhammad Ubale Kiru, Universiti Sains Malaysia, Malaysia
Yassine Maleh, University Hassan I, Morocco
Guru Roja R., Thiagarajar College of Engineering, India
Table of Contents
Preface.................................................................................................................xiii
Acknowledgment................................................................................................ xvi
Chapter 1
The Age of Ransomware: Understanding Ransomware and Its .
Countermeasures.....................................................................................................1
Aman B. Jantan, Universiti Sains Malaysia, Malaysia
Chapter 2
A Review of Security Mechanisms for Multi-Agent Systems: Security
Challenges in Multi-Agent Systems......................................................................38
Antonio Muñoz, University of Málaga, Spain
Chapter 3
Attack Detection in Cloud Networks Based on Artificial Intelligence
Approaches...........................................................................................................63
Zuleyha Yiner, Siirt University, Turkey
Nurefsan Sertbas, Istanbul University – Cerrahpaşa, Turkey
Safak Durukan-Odabasi, Istanbul University – Cerrahpaşa, Turkey
Derya Yiltas-Kaplan, Istanbul University – Cerrahpaşa, Turkey
Chapter 4
Network Manipulation Using Network Scanning in SDN....................................85
Thangavel M., Thiagarajar College of Engineering, India
Pavithra V., Thiagarajar College of Engineering, India

Chapter 5
The Usage Analysis of Machine Learning Methods for Intrusion Detection in
Software-Defined Networks................................................................................124
Chapter 6
Toward Formal Verification of SDN Access-Control Misconfigurations...........146
Amina Saadaoui, University of Carthage, Tunisia
Chapter 7
A Review of Dynamic Verification of Security and Dependability .
Properties............................................................................................................162
Jamal Toutouh, University of Málaga, Spain
Francisco Jaime, University of Málaga, Spain
Chapter 8
A Formal Ticket-Based Authentication Scheme for VANETs...........................188
Ons Chikhaoui, SUPCOM, Tunisia
Aida Ben Chehida, SUPCOM, Tunisia
Ryma Abassi, SUPCOM, Tunisia
Sihem Guemara El Fatmi, SUPCOM, Tunisia
Chapter 9
Toward a Security Scheme for an Intelligent Transport System.........................221
Amira Kchaou, SUPCOM, Tunisia
Chapter 10
Security Policies a Formal Environment for a Test Cases Generation...............237
Compilation of References............................................................................... 265
About the Contributors.................................................................................... 287
Index................................................................................................................... 292
Detailed Table of Contents
Preface.................................................................................................................xiii
Acknowledgment................................................................................................ xvi
Chapter 1
The Age of Ransomware: Understanding Ransomware and Its .
Countermeasures.....................................................................................................1
Aman B. Jantan, Universiti Sains Malaysia, Malaysia
This chapter focuses on the world’s most frightening cybersecurity threat known
as ransomware. Experts popularly describe ransomware as scareware that makes
data and resources on a victims’ computers inaccessible and forces the victims to
pay a ransom with bitcoins or through other means by frightening and intimidating
them. Ransomware these days needs no introduction. The perpetrators behind
ransomware have done more than enough damage to critical infrastructures and
collected billions of dollars from victims across the world and are still collecting. As
such, this research aims at uncovering the underlying mysteries behind the sudden
growth and popularity of ransomware through the in-depth study of literature and
efforts made by experts globally in understanding ransomware and how to fight and
stop it. Moreover, the research seeks to bring together the collective professionals’
views and recommendations on how to set up strategic defense in-depth for fighting
against ransomware.
Chapter 2
A Review of Security Mechanisms for Multi-Agent Systems: Security
Challenges in Multi-Agent Systems......................................................................38
This chapter reviews current technologies used to build secure agents. A wide
spectrum of mechanisms to provide security to agent-based systems is provided,
giving an overview with the main agent-based systems and agent-oriented tools.

An evaluation of security mechanisms is done that identifies security weaknesses.

This review covers from the initial approaches to the more recent mechanisms. This
analysis draws attention to the fact that these systems have traditionally neglected
the need of a secure underlying infrastructure.
Chapter 3
Attack Detection in Cloud Networks Based on Artificial Intelligence
Approaches...........................................................................................................63
Zuleyha Yiner, Siirt University, Turkey
Nurefsan Sertbas, Istanbul University – Cerrahpaşa, Turkey
Safak Durukan-Odabasi, Istanbul University – Cerrahpaşa, Turkey
Cloud computing that aims to provide convenient, on-demand, network access to

shared software and hardware resources has security as the greatest challenge. Data
security is the main security concern followed by intrusion detection and prevention
in cloud infrastructure. In this chapter, general information about cloud computing
and its security issues are discussed. In order to prevent or avoid many attacks, a
number of machine learning algorithms approaches are proposed. However, these
approaches do not provide efficient results for identifying unknown types of attacks.
Deep learning enables to learning features that are more complex, and thanks to the
collection of big data as a training data, deep learning achieves more successful results.
Many deep learning algorithms are proposed for attack detection. Deep networks
architecture is divided into two categories, and descriptions for each architecture and
its related attack detection studies are discussed in the following section of chapter.
Chapter 4
Network Manipulation Using Network Scanning in SDN....................................85
Thangavel M., Thiagarajar College of Engineering, India
Pavithra V., Thiagarajar College of Engineering, India
Network scanning commonly implies the use of the computer network to collect
information about the target systems. This type of scanning is performed by hackers
for attacking the target and also by the system administrators for assessment of
security and maintaining the system. Network scanning mainly analyzes the UDP
and TCP network services that are running on the target, the operating system that
is used by the target, and the security systems that are placed between the user
and targeted hosts. Network scanning includes both the network port scanning and
vulnerability scanning. Network manipulation is an effort that is made by the user
to modify the network or structure of a network and thus using online network tools
to achieve the target. Software-defined networking is a term that comprises several
network technologies with the aim of making it adapt the features of flexibility. Key

terms for SDN implementation include separation of functionality, virtualization

in the network, and configuring programmatically. This chapter explores network
manipulation using network scanning in SDN.
Chapter 5
The Usage Analysis of Machine Learning Methods for Intrusion Detection in
Software-Defined Networks................................................................................124
This chapter focuses on the process of the machine learning with considering the
architecture of software-defined networks (SDNs) and their security mechanisms.
In general, machine learning has been studied widely in traditional network
problems, but recently there have been a limited number of studies in the literature
that connect SDN security and machine learning approaches. The main reason of
this situation is that the structure of SDN has emerged newly and become different
from the traditional networks. These structural variances are also summarized and
compared in this chapter. After the main properties of the network architectures,
several intrusion detection studies on SDN are introduced and analyzed according
to their advantages and disadvantages. Upon this schedule, this chapter also aims to
be the first organized guide that presents the referenced studies on the SDN security
and artificial intelligence together.
Chapter 6
Toward Formal Verification of SDN Access-Control Misconfigurations...........146
Amina Saadaoui, University of Carthage, Tunisia
Software-defined networking (SDN) allows centralizing and simplifying network

management control. It brings a significant flexibility and visibility to networking,
but at the same time creates new security challenges. The promise of SDN is the
ability to allow networks to keep pace with the speed of change. It allows frequent
modifications to the network configuration. However, these changes may introduce
misconfigurations by writing inconsistent rules for single flow table or within a
multiple open flow switches that need multiple FlowTables to be maintained at
the same time. Misconfigurations can arise also between firewalls and FlowTables
in OpenFlow-based networks. Problems arising from these misconfigurations
are common and have dramatic consequences for networks operations. To avoid
such scenarios, mechanisms to prevent these anomalies and inconsistencies are of
paramount importance. To address these challenges, the authors present a new method
that allows the automatic identification of inter and inter Flowtables anomalies. They
also use the Firewall to bring out real misconfigurations.

Chapter 7
A Review of Dynamic Verification of Security and Dependability .
Properties............................................................................................................162
Jamal Toutouh, University of Málaga, Spain
Francisco Jaime, University of Málaga, Spain
This chapter reviews the notions of security and dependability properties from the
perspective of software engineering, providing the reader with a technical background
on dynamic verification and runtime monitoring techniques. The chapter covers
the technical background on security and dependability properties with system
verification through dynamic verification or monitoring. The authors initially provide
a short overview of the security and dependability properties themselves. Once
definitions of security and dependability properties are introduced, they present a
critical analysis of current research on dynamic verification by presenting general
purpose and security oriented dynamic verification approaches.
Chapter 8
A Formal Ticket-Based Authentication Scheme for VANETs...........................188
Ons Chikhaoui, SUPCOM, Tunisia
Aida Ben Chehida, SUPCOM, Tunisia
Vehicular ad hoc networks (VANETs) enable vehicles to exchange safety-related

messages in order to raise drivers’ awareness about surrounding traffic and roads
conditions. Nevertheless, since these messages have a crucial effect on people’s
lives and as we cannot disregard the probability of attackers intending to subvert
the proper operation of these networks, stringent security support should be applied
on these messages before they can be relied on. Authenticating these messages
before considering them is one of the key security requirements since it enables the
receiver to make sure of the received message’s integrity and the genuineness of
its originator. This chapter presents a conditional privacy-preserving authentication
scheme for VANETs.
Chapter 9
Toward a Security Scheme for an Intelligent Transport System.........................221
Amira Kchaou, SUPCOM, Tunisia
Vehicular ad-hoc networks (VANETs) allow communication among vehicles using

some fixed equipment on roads called roads side units. Vehicular communications are

used for sharing different kinds of information between vehicles and RSUs in order
to improve road safety and provide travelers comfort using exchanged messages.
However, falsified or modified messages can be transmitted that affect the performance
of the whole network and cause bad situations in roads. To mitigate this problem,
trust management can be used in VANET and can be distributive for ensuring safe
and secure communication between vehicles. Trust is a security concept that has
attracted the interest of many researchers and used to build confident relations
among vehicles. Hence, the authors propose a secured clustering mechanism for
messages exchange in VANET in order to organize vehicles into clusters based on
vehicles velocity, then CH computes the credibility of message using the reputation
of vehicles and the miner controls the vehicle’s behavior for verifying the correctness
of the message.
Chapter 10
Security Policies a Formal Environment for a Test Cases Generation...............237
Specifying a security policy (SP) is a challenging task in the development of

secure communication systems since it is the bedrock of any security strategy.
Paradoxically, this specification is error prone and can lead to an inadequate SP
regarding the security needs. Therefore, it seems necessary to define an environment
allowing one to “trust” the implemented SP. A testing task aims verifying whether
an implementation is conforming to its specification. Test is generally achieved
by generating and executing test cases. Some automated testing tools can be used
from which model checkers. In fact, given a system modeling and a test objective,
the model checker can generate a counterexample from which test cases can be
deduced. The main proposition of this chapter is then a formal environment for SP
test cases generation based on a system modeling, a SP specification (test purpose),
and the use of a model checker. Once generated, these test cases must be improved
in order to quantify their effectiveness to detect SP flaws. This is made through the
generation of mutants.
Compilation of References............................................................................... 265
About the Contributors.................................................................................... 287
Index................................................................................................................... 292
xiii
Preface
The recent rise of emerging networking technologies such as social networks, content
centric networks, IoT networks, etc. have attracted lots of attention from academia
as well as industry. In fact, the attractiveness of such networks leads to the increase
of security risks in particularly privacy and security threats. According to Gartner
(2018), within 2017, leading global companies have seen sales and revenue impacts
as high as $300 million due to malware-based cyberattacks.
Besides, recent years have seen a dramatic increase in applications of artificial
intelligence (AI), machine learning, and data mining to security and privacy problems.
In fact, cybersecurity products are increasingly incorporating AI in order to detect
new malwares reducing by the fact, the amount of time needed for threat detection
and incident response. Without this help, organizations can waste as much as $1.3
million per year responding to “inaccurate and erroneous intelligence” or “chasing
erroneous alerts” (American Institute of Aeronautics and Astronautics, 2018).
Besides, AI can be used by attackers: “We’re still in the early days of the attackers
using artificial intelligence themselves, but that day is going to come,” warns Nicole
Eagan, CEO of cybersecurity firm Darktrace. “And I think once that switch is flipped
on, there’s going to be no turning back, so we are very concerned about the use of
AI by the attackers in many ways because they could try to use AI to blend into the
background of these networks.” (CNBC 2018)
The purpose of this book is to study the relation between artificial intelligence
and cybersecurity and thus by highlighting research challenges and open issues
using AI for cybersecurity purposes and/or cybersecurity attacks.
Preface
ORGANIZATION OF THE BOOK
The book is organized into 10 chapters. A brief description of each of the chapters
follows:
Chapter 1 deals with ransomwares and uncovers the underlying mysteries behind the
growth of such malware. More precisely, authors brought together the professionals’
views and recommendation on how to set up a defense in depth against ransomware.
Chapter 2 reviews current technologies used to build secure multi agent systems.
An evaluation of security mechanisms is also done in order to identify their main
weaknesses.
Chapter 3 considers attack detection in cloud networks based on artificial
intelligence approaches. In fact, a review of some machine learning algorithms used
for attack detection is first presented. However, due to the lack of efficiency of such
algorithms, deep learning algorithms are then reviewed.
Chapter 4 deals with network manipulation using network scanning in
Software-defined Networks (SDN). In fact, network scanning is used by attackers
and administrators in order to assess the security of a given system and to collect
information about it. Hence, this chapter explains thoroughly the possible attacks
in SDN and defensive measures the organization needs to implement to avoid such
attacks.
Chapter 5 focuses on the use of machine learning methods for intrusion detection
in software-defined networks and proposes a guide referencing studies on both the
SDN security and artificial intelligence.
Chapter 6 proposes a formal verification of software-defined networks access
control misconfigurations. In fact, although software-defined networks centralize
and simply network management, they may create security challenges, too. This
may be the case due to misconfigurations. Hence, authors presented a new method
allowing to automatically identify inter and intra Flowtables anomalies and used
firewalls to bring out real misconfigurations.
Chapter 7 reviews dynamic verification of security and dependability properties
and more precisely abductive reasoning for generating explanations. A critical
analysis of current research on dynamic verification is also presented.
Chapter 8 introduces a formal ticket-based authentication scheme for Vehicular
Adhoc NETworks (VANETs) preserving privacy. In fact, such network enables
smart vehicles to exchange safely related messages to raise drives’ awareness about
surrounding traffic.
Chapter 9 presents a security scheme for intelligent transport systems. In fact,
the performances of such systems may be affected due to messages falsification and/
or modification and cause accidents, jam, etc. Hence, a secured mechanism base
on clustering and trust is proposed in order to evaluate the credibility of a received
message and increase the confidence of each vehicle on others.
xiv
Preface
Chapter 10 proposes a formal environment for Security Policies (SP) testing

based on test cases and mutants generation. In fact, specifying a SP is the bedrock of
any security strategy but can be inadequate regarding to the security needs leading
by the fact to vulnerabilities. Hence, testing the SP before its real implementation
seems to be necessary.
Ryma Abassi
REFERENCES
American Institute of Aeronautics and Astronautics. (2018). Artificial Intelligence

for Cybersecurity. Retrieved 16 October 2018, from http://www.aiaa.org/protocolAI/
CNBC. (2018). Weaponized drones. Machines that attack on their own. ‘That day is
going to come’. Retrieved from https://www.cnbc.com/2018/07/20/ai-cyberattacks-
artificial-intelligence-threatens-cybersecurity.html
Gartner. (2018). Cybersecurity Q&A: The New World of Cyber. Retrieved from https://
www.gartner.com/smarterwithgartner/cybersecurity-qa-the-new-world-of-cyber/
xv
xvi
Acknowledgment
The editor would like to acknowledge the help of all the people involved in this
project and, more specifically, to the authors, reviewers and editorial board that
took part in the review process. Without their support, this book would not have
become a reality.
Hence, I would like to thank each one of the authors for their contributions to this
book, their time and expertise.
Moreover, I wish to acknowledge the valuable contributions of the reviewers regarding

the improvement of quality, coherence, and content presentation of chapters. Some
of the authors also served as referees; I highly appreciate their double task.
Finally, I am very thankful to the team of IGI Global for accepting this book proposal
and giving me the opportunity to work on this book project. Particularly, I am
thankful to Amanda Fanton (Assistant Development Editor), Courtney Tychinski
(Special Projects Coordinator), and Jan Travers (Director of Intellectual Property
and Contracts).
Ryma Abassi
1
Chapter 1
The Age of Ransomware:
Understanding Ransomware
and Its Countermeasures.
Muhammad Ubale Kiru

Universiti Sains Malaysia, Malaysia
Aman B. Jantan
Universiti Sains Malaysia, Malaysia
ABSTRACT
This chapter focuses on the world’s most frightening cybersecurity threat known
as ransomware. Experts popularly describe ransomware as scareware that makes
data and resources on a victims’ computers inaccessible and forces the victims to
pay a ransom with bitcoins or through other means by frightening and intimidating
them. Ransomware these days needs no introduction. The perpetrators behind
ransomware have done more than enough damage to critical infrastructures and
collected billions of dollars from victims across the world and are still collecting. As
such, this research aims at uncovering the underlying mysteries behind the sudden
growth and popularity of ransomware through the in-depth study of literature and
efforts made by experts globally in understanding ransomware and how to fight and
stop it. Moreover, the research seeks to bring together the collective professionals’
views and recommendations on how to set up strategic defense in-depth for fighting
against ransomware.
DOI: 10.4018/978-1-5225-7353-1.ch001
Copyright © 2019, IGI Global. Copying or distributing in print or electronic forms without written permission of IGI Global is prohibited.
The Age of Ransomware
INTRODUCTION
Ransomware is popularly described as a type of malware that makes a file on

a victim’s computer or device inaccessible and then demands the victim to pay
ransom mostly in the form of bitcoin or other means of payment to regain access
to the hijacked system (Micro, 2017). However, Liska and Gallo (2017) describe
ransomware as a new type of extortion, hence describe it as a criminal practice for
obtaining something especially money or its equivalence from an individual or
institution through coercion or threats. Hackers and people with malicious intent
are responsible for spreading ransomware. However, we know from experience that
employees also contribute to the spread due to human error and or ignorance caused
by lack of awareness (Fimin, 2017). Some of the conventional methods of spreading
ransomware include exploiting system’s known or unknown vulnerabilities or by
visiting compromised sites or deep webs.
Studies suggest that the sudden rise of ransomware attacks recently is a signal
that ransomware has come back with full force in both complexity, impact and size
(Downs, Taylor, & Whiting, 2017). The year 2017 was the year history will never
forget as per as internet security breach is concerned. It was the year in which the
world saw some of the most dangerous attacks in the history including WannaCry
pandemic, Petya, NotPetya, Cerber, Cryptomix, Locky, CrySis and many others.
The aforementioned ransomware attacks were massive global ransomware attacks
that mostly affect Windows operating systems that were unpatched or unsecured.
More importantly, the WannaCry attack became prominent following the leaked
exploit kits which were stolen from the United States NSA by the infamous group
known as ‘Shadow brokers’ which opens pandora’s box for other variants of
ransomware to be created and eventually affected thousands of devices across the
globe. (Barracuda, 2017). These events led different social media observers and
professionals in various domains to name 2017 as the year of ransomware (Cabaj,
Gregorczyk, & Mazurczyk, 2017).
The damages erupted by ransomware did not catch much attention until recently
when hundreds of companies and security agencies across the world have begun to
cry out (Brodsky, 2017). So far, the popular variant known as WannaCry had rapidly
spread to around 200,000 to 300,000 machines in over 150 countries across the globe
since its first appearance (Yaqoob et al., 2017); making it the world’s largest attack
in history if measured in terms of wide coverage, complexity and impact. Earlier
in 2016, the FBI reported that over $206 million was paid to ransomware criminals
in the first quarter of 2016. In another report by the United States Department
of Justice, there are over 4000 ransomware attack reports per day, and that every
month new variant of ransomware is being produced, which makes it more likely to
increase with 100% by Q4 of 2018 (Harpur, 2017). Perhaps, the emergence of IoT
2
devices has also contributed as well as accelerate the wide spread of ransomware
and the modern security challenges we are facing today (Yaqoob et al., 2017). The
vast availability of devices on the internet has open access to all perpetrators who
have malicious intent to start ransomware campaign at a massive scale.
The question many people keep asking is why is ransomware prevalent and
unbeatable in every part of the world? The reason is that antivirus and anti-malware
are no longer capable of detecting ransomware because modern ransomware use
polymorphism and machine learning to avoid being detected. Secondly, the advent
of Ransomware as a Service and the Exploit kits as a service in black markets make
it even more difficult to deal with the situation. With RaaS, anyone including script
kiddies can lay their hands on ransomware codes and reproduce their own. According
to MacAfee Lab (2017), the writers of ‘Cerber’ (one of the most dangerous ransomware
family) release a new variant of ransomware every 8 days on average, selling with
bonuses and offers of 20% discount (Ashford, 2015; Singh, 2017).
Having said that, the objectives of this research include identifying new trends
in ransomware attacks, the root causes of the attack, methods of the attack, mode
of operation, attack vectors, and to identify popular suggestions given by experts
on how ransomware attacks can be dealt with professionally using the simplest,
cost-effective and most successful techniques for mitigating ransomware attacks.
Other objectives include identifying the most suitable approach for ransomware
mitigation as well as exposing and uncovering the mystery of ransomware to the
users so that they become aware of how to recover in the aftermath of the attack.
To break down these information, the sections are arranged as follow: Introductory
section gives an overview on the focus of the entire research, a literature review
section which comprises of ransomeware timeline, types of ransomware, mode
of operation and other relevant information about ransomware. The methodology
section comprises of detailed information on the techniques used in conducting the
study. Other sections include ransomware management techiques section which
explores the various preventive and detective techniques. And finally, the recovery
and incidence response techniques.
METHODOLOGY
This section discusses the research design, area of study and method for data
collection and information gathering. The researchers choose to adopt a state-of-
the-art research review method, as it allows the researcher to analyze and summarize
previous and emerging trends in a given field of study. The aim is to have a critical
look at the existing literature and draw conclusions Dochy (2006). To achieve
that, a survey must be conducted. As defined by McBurney (1994), survey means
3
accessing public opinion or individual characteristics using primary or secondary

sources of information. In this case, the subject of this study is ransomware. At the
time this chapter was written, not much have been written about ransomware until
recently. Hence, it was necessary to explore all boundaries without limit. Data was
collected and analyzed, and conclusions were drawn from the analyzed data. The
information collated for this research were sourced from contemporary works of
research including journal articles, webinars, online interviews, online tutorials,
security reports, bulletins, interagency intelligence reports, news articles, magazine
articles, commentaries from ransomware experts in different domains and disciplines.
REVIEW OF LITERATURE
A recap of the previous years’ data has shown a disturbing concern about how
ransomware attacks have significantly increased from the last five years. If we trace
the impact and growth from 1990 to 2006, ransomware cases were in fact insignificant
to be recorded. Soon, however, the scale turns the other way round. In a report by
Symantec (2017), they highlight that ransomware landscape increased these years
dramatically with the appearance of the two variants of self-propagating ransomware
threats namely WannaCry and Petya. The two threats have caused what Symantec
called a “global panic”. As many have seen on the news and other media outlets
(O’Brien, 2017), ransomware damage costs were estimated to have exceeded $5
billion in 2017, and according to Microsoft (2017), it had risen from $325 million
in the year 2015 (Morgan, 2017). Before these massive attacks, ransomware was not
seen as a threat of any serious concern, as it was merely a malicious scam campaign.
Until in 2016 when ransomware programmers started offering ransomware variants as
a service with the advent of exploit kits and its wide availability in the black market.
According to a report by Symantec (2017), one in every 131 emails contained a
malicious link or attachment that could infect a device with a variant of ransomware.
Within a short period, security agencies and private companies like Symantec and
Kaspersky had blocked and intercepted over 22 million attempted ransomware
attacks worldwide (Mort, 2017), and 57% of the victims were individuals while
43% were organisations. The report adds that 59% of the ransomware infections
were delivered via email phishing with malicious attachments or compromised
URLs embedded within the emails (Cyber_Intelligence_Team, 2017). We must
undoubtedly accept the fact that the year 2017 had seen what many will call the ‘fall
of security infrastructure’. So far we must say that modern technologies have failed
woefully and proved insufficient and inefficient in the fight against ransomware
(Downs, Cook, Wright, & Kent, 2017).
4
Figure 1. Ransomware timeline
Ransomware Timeline and History
The majority of computer scientists around the world assert that ransomware might
have originated from Russia and was limited to Russians until in early 2012 when
several reports proved its presence in other parts of the world including Asia and
North America (Micro, 2017). The sudden growth of ransomware was triggered
by the tons of malware variants that are produced because of the stolen exploit kits
from the NSA arsenal which allow reusability, hence reinventing new variants of
ransomware become easy. (See figure 1 for ransomware timeline)
The early discovered ransomware was known as AIDS. It was first discovered in
1989. It was not spread using the famous phishing attacks, instead, its writer Joseph
Popp used ordinary floppy disk and sent the malware via postal service to a gathering
of world health organisation conference held in London. This early ransomware
was characterised with encrypting system directory by replacing AUTOEXEC.
BAT on the infected machine (Liska & Gallo, 2017) making the system unstable.
Later after infecting the system, a message displayed demanding $189 ransom
which is to be sent via a Post office Box number in exchange for the decryption key
(NoMoreRansomware, 2017b).
After a long disappearance of ransomware, it was reported that extortion
ransomware emerged in 2005. Most extortion ransomware at that time were mere
apps that posed as fake spyware removal tools such as SypSheriff. Others posed as
performance enhancement tools and registry cleaners. Their major targeted machines
were Windows and IOS Computers. The hackers’ trick was an exaggeration of
serious issues on the machine. Next, they asked if the user wants their problem fixed
for $30 to $90 (Savage, Coogan, & Lau, 2015). Somewhere in May 2005, a new
variant of crypto ransomware that encrypts and demands ransom surfaced known as
Trojan.GPcoder. It used a custom-encryption method which was considered weak
5
and easily breakable. Perhaps it was not successful due to the failure of the hackers
to make it more effective. Therefore they kept on modifying the version for a long
period (Hampton & Baig, 2015; Savage et al., 2015).
By the quarter of 2006, more sophisticated ransomware variants had emerged
and started to use more complex and rigid RSA encryption algorithms. Reported
cases from Moscow revealed that a variant of ransomware called TROJ_CRYZIP.A
was discovered. This variant was characterised by certain activities whereby data
is copied into specific password-protected archive files (Micro, 2017); therein the
original files are deleted along the line; leaving a password key saved in a text file
for unzipping the files. Other ransomware variants were reported in that period
including TROJ.RANSOM.A, Krotten, and Cryzip (NoMoreRansomware, 2017b).
Furthermore, several ransomware occurrences continued to be the topic of discussion,
even in early 2008 to late 2009 when a new threat emerged. Here, the hackers were said
to have switched from using malicious software to using fake Antivirus programs that
appeared legitimate to the users. The fake programs were used to perform a virus scan
on the system after they claimed to have detected a large number of security threats
that needed immediate action. Thus, users were asked to pay money amounting $40
to $100 to fix their faked threats (Savage et al., 2015). Nevertheless, this technique
did not last much longer; as many users decided to ignore the recommendations and
chose to address the problem using other available means.
The first locker ransomware surfaced in the last quarter of 2009 and later became
prevalent from 2011 to 2012. During that period, attackers no longer use fake
antivirus or fake luring-application-software to attack their targets. For the first
time, perpetrators were able to hijack systems remotely and locked it up. This time,
worm-like ransomware equipped with remote-locking-capability started spoofing
the Windows Product Activation notice emerged (NoMoreRansomware, 2017b). A
report by TrendMicro suggested that these new variants of ransomware known as
TROJ_RANSOM.QOWA and Trojan.Randsom.C have compromised many systems,
and both were capable of popping messages that compelled the users to dial a
premium-rate phone number and paid some amount of money through electronic cash
voucher before the victim’s machines is released (Micro, 2017; Savage et al., 2015).
More reports suggested that hackers had continued to be inventive; hence,
introduced a new variant of ransomware known as Reveton. This variant began
to impersonate law enforcement agencies including the police. The victims were
befooled into thinking that they had broken the law by simply visiting a prohibited
site or by downloading a copyrighted item or by visiting a pornographic environment.
Hence, the hackers used a lot of social engineering techniques in carrying out these
attacks as it had to do with convincing and deceiving the victims. It is vital to note
that, Reveton ransomware was the first of its kind to introduce different payment
6
methods for victims. A study by TrendMicro shows that victims were asked to pay
the ransom through Ukash, PaySafeCard, and MoneyPak (Micro, 2017).
As technology grows, new types of ransomware known as crypto-ransomware and
cryptoLocker also emerged in Q4 of 2013. These new variants were considered as the
best generation of ransomware since the disappearance of fake antivirus ransomware
and were also rated as quite profitable. Previously, ransomware was considered
inefficient due to unstandardized use of weak infrastructure. This latest ransomware
changed the scales of ransom, thereby, collected an unimaginable sum of $300 from
each victim, and before the end of the year had earned more than $3 million for its
creator. According to Symantec, between 2013 to 2014, there was a massive increase
of 250% in the new crypto ransomware. The newcomer infected more than 250,000
systems within two months (Lord, 2017). This time the hackers successfully used more
complex encryption algorithms such as RSA 2048 which requires two-way encryption
and decryption key (AES+RSA encryptions) (Micro, 2017). In fact, the year 2013 was
indeed the beginning of the present-day sophisticated ransomware attacks.
The rise of crypto-ransomware led to the reinvention of even more sophisticated
and well-enhanced ransomware in 2015 through 2016. For the first-time hackers
started designing exploit kits which were used for creating other series of ransomware
variants. Typically, crypto-ransomware does not affect the functionality of the targeted
system, it, however, encrypt crucial files to force users into paying the ransom
(Kaspersky, 2016a). Thus, the emergence of cryptocurrency in 2009 and its widespread
in 2015 has open door for modern ransomware writers to remain untraceable on the
web. Popular ransomware in that period comprised of Teslacrypt, CTB-Locker and
Cryptowall which earned over $18,000,000 from its victims according to an FBI
report (FBI, 2015). A new variant called Locky came and overshadowed Teslacrypt
and CTB-Locker and became one of the most used and most popular ransomware
variants of all times (Fortinet, 2017). It had collected over 1 Billion USD before the
end of the year. CryptXXX earned 77 million USD, while its counterpart Cerber
collected over 54 million USD (Crowe, 2016; Korolov, 2017).
New breeds of ransomware were born in 2017; ransomware has become first
on the list of every organisation; be it private or public sector, and it continued
to dominate and grew exponentially throughout the year. This spike according to
several security experts is because of the emergence of the two new breeds namely
WannaCry 2.0 and Petya. The former emerged due to a leak of an NSA exploit kit
(Known as EternalBlue) responsible by a group of hackers who identified themselves
as Shadow brokers. WannaCry or WannaCrypt has a worm-like feature and a self-
propagating capability which gives it the ability to spread itself rapidly and widely
across the network without any user interaction which makes it invincible and abruptly
challenging to stop (Perekalin, 2017b). Petya according to popular assessment is
nothing new, it was the handy work of the same exploit kit used by Shadow brokers.
7
Although, the two variants shared specific properties in common viz: Petya also
adapted self-propagation technique, it incorporated other SMB network spreading
methods, and it used public key based64 encoded algorithm alongside Salsa20 which
makes it extremely difficult to decrypt (O’Brien, 2017). Petya was primarily designed
to target organisations in Ukraine, but it later spread to other regions including the
US, Russia, France, Germany and few others.
Types of Ransomware
The types of ransomware vary according to different scholarly opinions. The most
prominent and popular types of ransomware can be classified as (1) Locker or Lock
Screen Ransomware and (2) Crypto or encryption ransomware (Brunau, 2017;
Harpur, 2017; Rubens, 2017a; Shinde, Veeken, Schooten, & Berg, 2016).
Locker Ransomware
As the name implies, locker ransomware is a variant of ransomware which overtakes

the system or device and eventually denied access to the user lest ransomware is
paid. In most scenarios, the infected system is left with limited resources to use for
interacting with the hacker(s). In few cases, personal files are not tampered with,
while in some cases files may be stolen.
Crypto Ransomware
This type of ransomware encrypts and deletes the personal files and folders in the
affected machine. Even though not all types of files are encrypted, specific variants
of ransomware trace certain types of file formats such as .doc, .xsl, .xml, .zip, .pdf,
.js and encrypt them only (F-Secure, n.d.). Traditional crypto ransomware, on the
other hand, encrypts the entire directory.
Ransomware Variants
Since the emergence of ransomware, new variants of ransomware are being released
every day. Perhaps it is important to note that, types of ransomware should not
be mistaken with variants of ransomware, the variants are the distinctive types of
ransomware family which possess unique features and patterns of operate. In tracing
the different variants of ransomware family, one might say they are infinite. The earlier
variant of ransomware was said to have emerged in 1989 in the form of a Trojan.
Since then, hundreds of ransomware variants have been produced annually, coming
in different forms, pattern and structure. Various assessments by security agencies
8
Figure 2. Ransomware families (Symantec ISTR Report 2017)

Source: Symantec, 2017
show that a massive increase in ransomware production was seen in the Q4 of 2015
through 2017 (Crowe, 2017; National Cybersecurity and Communications Integration
Center, 2016) especially with the advent of Ransomware as a Service (See Figure
2). As mentioned earlier, RaaS gives unskilled hackers the tools to manufacture any
variant they desire. Thus, New Jersey Cybersecurity and Communications Integration
Cell (NJCCIC) reports that it has profiled 197 ransomware variants since the second
quarter of 2015 (NJ Cybersecurity & Communication Integration Cell, 2018).
The following are some of the popular variants of ransomware as profiled by
NJCCIC (see Table 1).
Table 1. Popular ransomware variants, attack vectors and dates
Alias Attack Vector

1. Cerber Spam campaign, RIG Exploit kit, Magnitude Exploit kit
2. WannaCry Phishing campaign, EternalBlue
3. Jaff Spam campaign
4. Sage Spam Campaign. Botnet, RIG exploit kit
5. GlobeImposter Spam campaign
6. Locky Spam, Neutrino exploit kit, Nuclear exploit kit
7. Mamba Targeted attack, network compromise
8. CryptoXXX Angler exploit kit
9. CryptoWall Spam campaign, Angler, Nuclear, magnitude exploit kit, Malvertising
Source: New Jersey Cybersecurity and Communications Integration Cell (NJCCIC), 2017
9
Ransomware Modus Operandi
Studies indicate that several variants of ransomware have their unique Modus operandi
(Method of operation). Several experts describe (Fruhlinger, 2017; Sarah, 2017) how
ransomware works in many academic works. However, for easy comprehension, we
decided to follow an approach which is described by Liska and Gallo (2016) Figure
3 illustrates how ransomware works in reality.
Deployment: Phase 1
In the deployment phase, a payload is deployed on the targeted machine in form of

a malware or legitimate file with malware embedded within. This phase cannot be
achieved except one or two of the following actors is put in place (Liska & Gallo,
2017): (1) Drive-by download – Here, a piece of malicious code is embedded
within the codes of a comprised site and is downloaded onto the system without
the user’s authorisation. (2) Phishing - This is one of the popular methods for
ransomware campaign. Through this means, legitimate emails are sent to users
with malicious attachments or compromised links. With a single click, the system
becomes infected. (3) Exploiting system’s vulnerability - This includes conducting
a reconnaissance of the target network or system and exploiting the vulnerability
Figure 3. Stages of Compromise (Liska A. and Gallo T. (2017)

Source: Ransomware: Defending Against Digital Extortion- by Liska A. and Gallo T. (2017)
10
found. (4) Malvertisement- here, malicious codes are embedded within legitimate
advertisement websites to be used for luring victims (Savage et al., 2015).
Installation: Phase 2
In this phase, as soon as the malicious malware is delivered to the target, the
impacting process also begins. Usually, the infection is being propagated using a
method called DDM (Download Dropper Method). In this method, a small piece of
the file is dropped which is designed to evade detection. After impact, it establishes
a connection between the infected system and a server in a remote location known as
Command-and-control server where the main malware and instructions are stored.
(Liska & Gallo, 2017).
Communication and Exchange Phase: Phase 3
In this phase, communication is established between target and a remote server

called C&C server. The C&C server acts as the commanding officer-in-charge of
operations. It ensures that smooth communication channel between the target and
server is established. Meanwhile, the payload begins to request for instructions on
how to carry further action. The instructions include identifying the types of files
that are to be encrypted, which encryption algorithm they should use, and whether
they should continue to spread at the beginning of the process or not. More so, a
synchronisation process often takes place in some ransomware variants, where the
malware report back significant information such as system information, domain
names, IP addresses, operating system banners, information about installed antivirus,
and so on (Liska & Gallo, 2017; Sophos, 2017).
Destruction: Phase 4
In this phase, all malicious files that will carry out the operations in the form of
encryption and deletion are put in place; the targeted files are also identified. The
encryption keys have also been supplied to the malcode. Now encryption or deletion
will begin. In most cases the malcode will encrypt files with extension such as .doc,
.jpg, .gif, .pdf, .xsl, .xml, .zip, .exe and many more (Mattias, Frick, Sjostrom, &
Jarpe, 2016).
Extortion: Phase 5
In this phase, however, it is expected that the hackers have eradicated all backed up
files, encryption of sensitive files have also taken place. The next is to generate a
11
notification on the victim’s screen informing them that they have been compromised.
The different variants of ransomware have their unique ways of displaying their
demand messages. However, in this notification, the victim is informed on how to
pay the ransom for the release of the system which is now paid using bitcoin. If
the first allotted time expires, the ransom is doubled (Comtact, 2017; Klein, 2017;
Liska & Gallo, 2017).
Ransomware Infection Vectors
Attack vectors are basically the transmission channels through which a machine is
being infected by a particular attack or another (Zimba, Wang, & Chen, 2017). All
types of attacks come with their different and unique campaign strategies. Our case
study here is ransomware. There are various attack vectors which are peculiar to
ransomware. Perhaps the majority of experts believe that the most commonly used
attack vector for ransomware attacks is known as phishing attack (Brodsky, 2017;
Mehmood, 2016; Zimba et al., 2017), and according to a study by Barracuda networks
(Goodall, 2017), 90% of anonymous emails received in the last two years are email
phishing. Although, among the newly discovered ransomware variants, exploit kits
are now used in the last few months for carrying the attacks. Malvertising has also
become very handy these days, as many have fallen victims of this method (Paul
Zindell, 2017; Rubens, 2017b). Experts have also identified other types of attack
vectors, and they comprise of the following:
1. Smishing: This is a technique used by hackers to deceive victim into navigating

to a site and providing their personal information. This attack is mostly carried
on Android and IOS based mobile devices (Vanderburg, 2016).
2. Vishing: This is an automated voicemail attack that lures the victim into calling
a premium phone number. The caller in the other end usually impersonates a
customer representative of a fake company, who directs the victim into installing
the malware on their machine (Vanderburg, 2016).
3. Drive-By Download: This method allows the victim to download malware
on their machine from a legitimate website that is compromised by malicious
codes (Lawn, 2016; Vanderburg, 2016).
4. Network Propagation: This is an instance whereby worm-like ransomware
is spread across a given network and affected all the vulnerable machines on
the network (Vanderburg, 2016).
5. Freeware Trojans: Hackers sometimes share bad software with bad codes
on the internet with free value and access, to trap unsuspecting individuals.
These kinds of software are available for free to download Use of such could
open backdoors and eventually lead to a massive attack.
12
6. Flash Player: FP is a small program that is provided by the software giant

Adobe Systems. It is intended to support multimedia files on the internet.
Several reports came in explaining how some group of hackers used fake FP to
coordinate attacks (AdobeForum, 2017; Collins, 2017). Adobe system confirms
that victims were diverted from legitimate websites of Adobe to compromised
ones where they get the fake software downloaded on their systems (Symantec,
2017).
7. Messaging Apps: Hackers embed malicious JavaScript in messages conveyed
through Facebook Messenger containing images in Scalable Graphics File
(SVG) format. With a click, the image directs the victim to a spoofed YouTube
site and deceive the victim into installing a codec file (Rubens, 2017b) which
eventually compromised the system.
Indicators of Compromise (IOC)
In every instance of a ransomware attack, attackers always leave a trail. Those trails
are what experts refer to as indicators or sign of compromise. Rigorous study and
assessment of some selected compromised machines have provided hints on the
indicators that prove a machine has been compromised. According to a SANS’s
periodic white paper some of the early indicators of compromise are obvious to the
user while some are not obvious enough. When a machine gets infected by a variant
of ransomware, system files extensions begin to change; bulk file renames occurs,
explicit ransom notice appears boldly on display screen. While in other cases, possible
denial of services also occurs (Majd, 2017). Similarly, Cisco Systems further describes
that when the machine is compromised specific behavioural indicators begin to show
themselves. Some of these indicators include disappearance of wallpaper background,
document file establishing network communication, files being modified in the system
directory, VBA Macro uses CallByName, artifact flagged by antivirus engines, a
submitted document caused a crash dump file to be created, heavy traffic created by
unknown programs, occurrence of DNS traffic, unknown processes running unknown
activities, system eventually slowing down and many more (CISCO, 2017). Ericka
Chickowski, a columnist at Dark Reading News, while reporting on the indicators
states that other critical signs include unusual outbound network traffic, anomalies in
privileged user account activity, geographical irregularities, other log-in red flags,
swells in Database read Volume, HTML response sizes, large numbers of requests for
the same file, mismatched port-application traffic, suspicious registry or system file
changes, DNS request anomalies, unexpected patching of systems, bundles of data in
the wrong places, web traffic with unhuman behavior etcetera (Chickowski, 2013).
Some of the indicators above can easily be traceable on the system, whereas others
can only be identified with the help of some tools.
13
Another random document with
no related content on Scribd:
The cramming processes which are resorted to in order to force
children at fixed times from the lower to the higher grades of public
schools, and more especially from grammar to normal or high
schools, is a fruitful source of evil in this direction. It is not always so
much hard study as it is the badly-arranged and too numerous
subjects of study that make the strain. I have spoken of this in
another connection as follows:42 “Our children are too largely in the
hands of those educationalists to whom Clouston refers,43 who go on
the theory that there is an unlimited capacity in every individual brain
for education to any extent and in any direction. Children varying in
age and original capacity, in previous preparation, and in home-
surroundings are forced into the same moulds and grooves. The
slow must keep pace with the fleet, the frail with the sturdy, the
children of toil and deprivation with the sons and daughters of wealth
and luxury. A child is always liable to suffer from mental overwork
when the effort is made to force its education beyond its receptive
powers. Education is not individualized enough. The mind of the
child is often confused by a multitude of ill-assorted studies.
Recreation is neglected and unhealthy emulation is too much
cultivated. In many communities admissions to various grades of
public schools are regulated entirely by the averages obtained at
examinations, instead of on the general record of the pupils in
connection with proper but not too severe examinations. In
consequence often, after the campaign of overwork and confusion
called an examination, we see children developing serious
disturbances of health or even organic disease—paroxysmal fever,
loss of appetite, headache or neckache, disturbed sleep, temporary
albuminuria, chorea, hysteria, and hystero-epilepsy.”
42 “Toner Lecture on Mental Overwork and Premature Disease among Public and
Professional Men.” delivered March 19, 1884, Washington, Smithsonian Inst.,
January, 1885.
43 Clinical Lectures on Mental Diseases.
The term students' hysteria has been applied to the neuromimetic

disorders from which medical students frequently suffer during their
attendance upon lectures. Some years since, when engaged in
examining students upon the lectures upon the practice of medicine
delivered by Professor DaCosta, I saw many illustrations of this
affection, some of which were very amusing. In a paper on hysteria
which received the prize at the Physical Society of Guy's Hospital, P.
Horrocks44 writes that during the fortnight following the death of the
late Napoleon, Sir James Paget was consulted for stone in the
bladder by no less than four gentlemen who had nothing the matter
with them. “How many students,” says Horrocks, “are there, of one
year's standing or more, who have not imagined and really became
convinced that they were suffering from some disease, generally a
fatal disease?” In such cases we have a combination of true
psychical influence with overwork and the unhygienic surroundings
for which our medical colleges are notorious.
44 Med. and Surg. Reporter, vol. xxxvii., Nov. 24, 1877.
It has been my personal experience that comparatively few cases of

hysteria occur among female medical students. Not long since a
thesis was presented at graduation by a woman medical student45
on the curative effects of professional training in neurasthenic and
hysterical women. In this she shows that there are certain relations
of mind over body which enable it to modify bodily conditions and
ward off disease when other remedies appear almost powerless.
She illustrates the therapeutic power of mental impressions and
occupations by two cases in which a judicious and careful course of
study acted to cure severe nervous and uterine troubles. One of
these women, who had suffered with neurasthenia and general
debility, severe nervous headaches, and other symptoms, was able
during her last year at college to attend fifteen lectures a week,
besides clinics, prepare for examination on five subjects, and was
seldom troubled with even headache. She afterward was employed
in hospital work, and could walk five miles a day without discomfort.
That women medical students know when and how to take care of
themselves during the menstrual period, and that they can, if they
see fit, cease work or lighten their labors at that time, would partly
account for their escaping from nervous break-down.
45 “The Therapeutic Value of Mental Occupation,” by Hannah M. Thompson, M.D.,
Medical and Surgical Reporter, November, 1883.
That any form of irritation in a patient predisposed to hysteria may

act as an exciting cause in this affection has led Laségue to apply
the term peripheral hysteria to certain cases. One of his cases was a
girl fourteen years old, who, having suffered for a few hours with her
eyes because of some sand thrown into one of them by a playmate,
awoke the next morning with a spasm of the eyelid on that side,
which rendered it impossible for her to open that eye; and it
remained closed during four months. He considered that the irritation
produced by the sand was not the immediate cause of the spasm,
but that its long duration was an hysterical phenomenon. The patient
afterward became the subject of hysterical manifestations. In another
complete hysterical aphonia came on after a slight bronchitis.
Another, after an attack of indigestion, refused to touch either food or
drink for twenty-four hours, and later was troubled with regurgitation
from constriction of the pharynx or œsophagus which lasted for
some weeks.
Anæmia and chlorosis are frequent exciting causes of hysteria in

children, particularly in girls.
Disorders of menstruation play a prominent part as exciting causes

of special hysterical manifestations. The period of the establishment
of the menstrual function is one that is particularly fertile in the
production of hysteria, much more so than acquired disorders of
menstruation occurring later. Menorrhagia, dysmenorrhœa, and
certain local utero-vaginal disorders may act upon those predisposed
to hysteria as exciting causes. These conditions themselves are, on
the other hand, sometimes caused by nervous, hysterical states in
the individual.
With reference to the very common assertions that continence on the

one hand, and sexual over-indulgence on the other, are the most
prolific causes of hysteria, the true stand to take is that neither of
these positions is philosophically correct; for, as Briquet has shown,
nuns on the one hand and prostitutes on the other are frequent
victims of this protean disorder.
As affirmed by Jolly, sexual over-irritation, particularly that induced

by onanism, more frequently causes hysteria than sexual abstinence
or deprivation.
The occurrence of hysteria and hysterical choreas among pregnant

women has long been recognized. Scanzoni, quoted by Jolly,46
states that of 217 patients whom he had treated, 165, or 76 per cent.
had been puerperal, and that of the latter not less than 65 per cent.
had borne children more than three times. Cases of grave hysteria or
hystero-epilepsy have been aggravated by pregnancy and have led
to premature labor.
46 Op. cit.
Chrobak attacks the etiological problem of hysteria by referring its

causation to movable kidneys! He observed 19 such patients in
Vienna, 16 being in Oppolzer's clinic.47 Three times no subjective
symptoms accompanied the anomaly; eight times the trouble could
be referred either to the dislocation of the kidneys or to disease of
the same; and eight times the evidence of hysteria was
unmistakable. Among the latter eight cases neither vaginal, uterine,
nor ovarian conditions were recognized. He concludes that there is a
direct nervous connection between the kidneys and the genital
organs, and between both and hysteria.
47 Medizinische-Chirurgische Rundschan, quoted by Boston Medical and Surgical
Journal, 1870, lxxxiii. 430-432.
In brief, the truth is that frequent or severe local irritation in any part
of the body in an individual of the hysterical diathesis may act as the
exciting cause of an hysterical paroxysm or of special hysterical
manifestations. Irritation or disease of the uterus or ovaries may
result in hysteria, as may the bite of a dog, a tumor of the brain, a
polypus in the nose, a phymosis, an irritated clitoris, a gastric ulcer, a
stenosis of the larynx, a foreign body in the eye, a toe-nail ulcer, or a
movable kidney.
Whatever tends to exhaust the nervous system will also cause

hysteria, but only in those who have some inherited predisposition to
the disorder. C. Handfield Jones48 mentions heatstroke and severe
physical labor as such causes. One of the sequelæ of heatstroke
enumerated by Sir R. Martin, and quoted by Jones, is a distressing
hysterical state of the nervous system, with an absence of self-
control in laughing and crying, the paroxysm being followed by great
prostration of nervous power.
48 Op. cit.
The effect of imitation in the production of hysteria has been known

in all ages. Most of the epidemics and endemics of nervous
disorders which have from time to time prevailed in various parts of
the world have either been hysterical in character or have had in
them a large element of hysteria. While it is impossible in a practical
work to devote much space to this branch of the subject, a
discussion of hysteria in its etiological relations would be imperfect
without some reference to these outbreaks. In ancient times, in the
Middle Ages, and within comparatively recent periods extraordinary
epidemics have occurred. No country within the range of medical
observation has been entirely free from them. Communities civilized
and semi-civilized, Christian and Mohammedan, Protestant and
Catholic, have had a fair share of the visitations. Some of them
constitute epochs in history, and, as Hecker,49 their greatest
historian, has remarked, their study affords a deep insight into the
work of the human mind in certain states of society. “They are,” he
says, “a portion of history, and will never return in the way in which
they are recorded; but they expose a vulnerable part of man—the
instinct of imitation—and are therefore very nearly connected with
human life in the aggregate.”
49 The Epidemics of the Middle Ages, from the German of J. F. C. Hecker, M.D.,
Professor at the Frederick William University at Berlin, etc., translated by B. G.
Babington, M.D., F. R. S., etc.; 3d ed., London, 1859.
Some authors under hysteria, others under catalepsy, others under
ecstasy, still others under chorea, have discussed these epidemics—
a fact which serves to emphasize the truth that while these affections
have points of difference, they have also an easily-traced bond of
union. They are but variations of the same discordant tune. Briquet
in an admirable manner sketches their history from the age of
Pausanias and Plutarch to the time of Mesmer. Of American writers,
James J. Levick50 of Philadelphia has furnished one of the most
valuable contributions to this subject.
50 “An Historical Sketch of the Dance of St. Vitus, with Notices of some Kindred
Disorders,” Med. and Surg. Reporter, vol. vii., Dec. 21 and 28, 1861, p. 276, and Jan.
4 and 11, 1862, p. 322.
In the year 1237 a hundred children or more were suddenly seized

with the dancing mania at Erfurt; another outbreak occurred at
Utrecht in 1278.
As early as the year 1374 large assemblages of men and women

were seen at Aix-la-Chapelle affected with a “dancing mania.” They
formed circles and danced for hours in wild delirium. Attacks of
insensibility, of convulsions, and of ecstasy occurred. The disease
spread from Germany to the Netherlands. In a few months it broke
out in Cologne, and about the same time at Metz. “Peasants,” we are
told, “left their ploughs, mechanics their workshops, housewives their
domestic duties, to join the wild revelry, and this rich commercial city
became the scene of the most ruinous disorder.”
The festival of St. John the Baptist was one celebrated in strange
wild ways in these early days. Fanatical rites, often cruel and
senseless, were performed on these occasions. Hecker supposes
that the wild revels of St. John's Day in 1374 may have had
something to do with the outbreak of the frightful dancing mania
soon after this celebration. It at least brought to a crisis a malady
which had been long impending.
The Flagellants afford another illustration of an early religio-nervous

craze. Self-flagellation was indulged in for generations before the
fourteenth century, but it then became epidemic. A brotherhood of
Flagellants was formed; they marched in processions carrying
scourges, with which they violently lashed and scourged themselves.
As late as 1843, Flagellant processions, but without the whips and
scourging, were continued in Lisbon on Good Friday.
Strasburg was visited by the dancing plague in 1418. Those afflicted

were conducted to the chapel of St. Vitus, where priests attempted to
relieve them by religious ceremonies. The name St. Vitus's dance,
still so common as a synonym for chorea, has come down to us
because of the alleged wonderful doings of this saint in behalf of
those affected during some of the dancing epidemics. Both Hecker
and Madden51 give interesting details of the personal history of St.
Vitus, who was a Sicilian, born in the time of Diocletian, and even in
childhood is said to have worked great miracles, and was delivered
from many sufferings and torments. He died about the year 303. His
body was moved to Apulia, afterward to St. Denys in France, and still
later to the abbey of Corvey in Saxony. A legend was invented that
St. Vitus, just before he bent his neck to the sword, prayed to God
that he might protect from the dancing mania all those who should
solemnize the day of his commemoration and fast upon its eve.
51 Phantasmata; or, Illusions and Fanaticisms, etc., by R. R. Madden, F. R. S.,
London, 1857.
Another strange disorder called tarantismus derived its name from

the fact that it was supposed to be caused by the bite of the
tarantula, a ground-spider common in Apulia, Italy. According to
Hecker, the word tarantula is the same as terrantola, a name given
by the Italians to a poisonous lizard of extraordinary endowments.
The fear of the insect was so general that its bite was much oftener
imagined than actually received. The disorder was probably in
existence long before the fifteenth century, although the first account
of it, that of Nicholas Perotti, refers to its occurrence in this century.
Many symptoms followed the bite or supposed bite: the individuals
became melancholy, stupefied, lost their senses, and, above all,
were irresistibly impelled to dance until exhausted and almost
lifeless. It was believed that the results of the bite could be cured, or
at least much benefited, by dancing to a certain kind of music.
Tarantism was at its height in the seventeenth century. To this day, in
some parts of Italy, dances called tarantellas are performed with
intricate figures to marked time.
Abyssinia was visited by a dancing mania called the tigretier, which,

according to Hecker, resembled the original mania of the St. John
dancers. It exhibited a similar ecstasy. Those affected with it were
cured by dancing to the music of trumpeters, drummers, fifers, etc.
Levick says that the dancing mania of the fifteenth century is still
kept in popular remembrance in some places by an annual festival,
especially at Echtermarch, a small town in Luxembourg, where a
jumping procession occurs annually on Whit Tuesday. In the year
1812, 12,678 dancers were in the procession.
The Anabaptists, a religious sect of the sixteenth century, exhibited

many of the wild and grotesque phenomena of hysteria or hystero-
epilepsy.
The French Calvinists or Camisards, who appeared near the close of

the seventeenth century, were also the subjects of ecstasy and of
peculiar fits of trembling. These trembleurs experienced convulsive
shocks in the head, the shoulders, the legs, and the arms, and were
sometimes thrown violently down.
About 1731 and later great crowds frequented the tomb of Deacon
François de Paris, an advocate of the doctrines of Jansenius. It was
reported that miracles were performed at his tomb: the sick were
brought there, and often were seized with convulsions and pains,
through which they were healed. The subjects of these attacks are
sometimes spoken of as the Jansenist Convulsionnaires. The tomb
was in the cemetery of St. Médard, and hence those who visited the
place were also termed the Convulsionnaires of St. Médard. This
disorder increased, multiplied, and disseminated, lasting with more
or less intensity for fifty-nine years. Great immorality prevailed in the
secret meetings of the believers.
Hecker gives some remarkable instances of the effect of sympathy
or imitation exhibited on a smaller scale than in the epidemics of the
Middle Ages. One is of a series of cases of fits in a Lancashire
factory, the first one brought on by a girl putting a mouse into the
bosom of another. In Charité Hospital in Berlin in 1801 a patient fell
into strong convulsions, and immediately afterward six other patients
were affected in the same way; by degrees eight more were
attacked. At Redruth, England, a man cried out in a chapel, “What
shall I do to be saved?” Others followed his example, and shortly
after suffered most excruciating bodily pain. The occurrence soon
became public; hundreds came, and many of them were affected in
the same way. The affection spread from town to town. Four
thousand people were said in a short time to be affected with this
malady, which included convulsions.
Hecker in the edition of his work referred to has also a treatise on

child pilgrimages.52 These pilgrimages, like the dancing mania,
occurred in the Middle Ages. The greatest was the boy crusade in
the year 1212. The passion to repossess the Holy Land then had its
grip on Catholic Europe. The first impulse to the child pilgrimages
was given by a shepherd-boy, who had revelations and ecstatic
seizures, and held himself to be an ambassador of the Lord. Soon
thirty thousand souls came to partake of his revelations; new child-
prophets and miracle-workers arose; the children of rich and poor
flocked together from all quarters; parents were unable to restrain
them, and some even began to urge them. A host of boys, armed
and unarmed, assembled at Vendôme, and started for Jerusalem
with a boy-prophet at their head. They got to Marseilles, and
embarked on seven large ships. Two ships were wrecked, and not a
soul was saved. The other five ships reached Bougia and
Alexandria, and the young crusaders were all sold as slaves to the
Saracens. In Germany child-prophets arose, especially in the Rhine
countries and far eastward. An army of them gathered together,
crossed the Alps, and reached Genoa. They were soon scattered;
many perished; many were retained as servants in foreign lands;
some reached Rome. A second child's pilgrimage occurred twenty-
five years later. It was confined to the city of Erfurt. One thousand
children wandered, dancing and leaping, to Armstadt, and were
brought back in carts. Another child's pilgrimage from Halle, in
Suabia, to Mount St. Michel in Normandy, occurred in 1458.
52 Translated by Robert H. Cooke, M. R. C. S.
In the convent of Yvertet in the territory of Liège, in 1550, the

inmates were seized with a leaping and jumping malady. The
disorder began with a single individual, and was soon propagated.
Sometimes the convulsive disorders of early days, especially those

occurring in convents, were associated with the strange delusion that
the subjects of them were changed into lower animals. Various
names have been given to disorders of this kind, such as
lycanthropia or wolf madness, zoomania or animal madness, etc.
Burton in the Anatomy of Melancholy gives an interesting summary
of these disorders, which are also discussed by Levick.
In 1760 a religious sect known as the Jumpers prevailed in Great

Britain. They were affected with religious frenzy, and jumped
continuously for hours. Other jumping epidemics have appeared at
different times, both in Great Britain and in this country.
The New England witchcraft episode is of historical interest in

connection with this subject of epidemic hysteria. This excitement
occurred during the latter part of the seventeenth century. Adults and
children were its subjects. The Rev. Cotton Mather records many
cases, some of which illustrate almost every phase of hysteria.
Individuals who were seized with attacks, which would now be
regarded as hysterical or hystero-epileptic, were supposed to have
become possessed through the machinations of others. Those who
were supposed to be possessed were tried, condemned, and
executed in great numbers. Many accused themselves of converse
with the devil. The epidemic spread with such rapidity, and so many
were executed, that finally the good sense of the people came to the
rescue.
The nervous epidemics, nearly all religious, which have occurred in
this country have usually been during the pioneer periods, and have
therefore appeared at different eras as one part of the country after
another has been developed. Kentucky, Tennessee, Virginia, and
neighboring States were visited time and again. Even to-day we
occasionally hear of outbreaks of this kind in remote or primitive
localities, whether it be in the far South-west or in the woods of
Maine.
David W. Yandell53 has published a valuable paper on “Epidemic

Convulsions,” the larger part of the materials of which were collected
by his father for a medical history of Kentucky. From this it would
appear the convulsions were first noticed in the revivals from 1735 to
1742. Many instances are related of fainting, falling, trance,
numbness, outcries, and spasms. The epidemic of Kentucky spread
widely, reappeared for years, and involved a district from Ohio to the
mountains of Tennessee, and even to the old settlements in the
Carolinas. Wonderful displays took place at the camp-meetings. At
one of these, where twenty thousand people were present, sobs,
shrieks, and shouts were heard; sudden spasms seized upon scores
and dashed them to the ground. Preachers went around in ecstasy,
singing, shouting, and shaking hands. Sometimes a little boy or girl
would be seen passionately exhorting the multitude, reminding one
of the part taken by the children in the epidemics of the Middle Ages.
A sense of pins and needles was complained of by many; others felt
a numbness and lost all control of their muscles. Some subjects
were cataleptic; others were overcome with general convulsions.
53 Brain, vol. iv., Oct., 1881, p. 339 et seq.
The term jerks was properly applied to one of the forms of

convulsion. Sometimes the jerking affected a single limb or part. The
Rev. Richard McNemar has given a graphic description of this
jerking exercise in a History of the Kentucky Revival. The head
would fly backward and forward or from side to side; the subject was
dashed to the ground, or would bounce from place to place like a
football, or hop around with head, limbs, and trunk twitching and
jolting in every direction. Curiously, few were hurt. Interesting
descriptions of the jerks can be found in various American
autobiographical and historical religious works. In such books as the
Autobiography of Peter Cartwright, a Western Methodist, for
instance, striking accounts of some of the phases of these epidemics
are to be found. Lorenzo Dow in his Journal, published in
Philadelphia in 1815, has also recorded them.
Hysterical laughter was a grotesque manifestation often witnessed.

The holy laugh began to be a part of religious worship. Dancing,
barking, and otherwise acting like dogs, were still other
manifestations. It is remarkable that, according to Yandell, no
instance is recorded in which permanent insanity resulted from these
terrible excitements.
The absurd and extraordinary exhibitions witnessed among the

Shakers belong to the same category, and have been well described
by Hammond and others.
In a History of the Revival in Ireland in 1859, by the Rev. William

Gibson, instances of excitement that fairly rivalled those which
occurred in our Western States are given. Cases of ecstasy are
described.
The religious sect known as the Salvation Army, which has in very
recent years excited so much attention, curiosity, and comment both
in America and England, has much in common with the Jumpers, the
Jerkers, and the Convulsionnaires. The frenzied excitement at their
meetings, with their tambourine-playing, dancing, shouting, and
improvising are simply the same phases of religio-hysterical disorder,
modified by differences in the age and environment.
In 1878, in the district of Tolmezo, Italy, an epidemic of hysteria

which recalls the epidemics of the Middle Ages occurred. It has been
described by M. Léon Colin.54 It was reported to the prefect of
Undine that for three months some forty females living in the
commune of Verzeguis had been attacked by religious mania. “From
the report it appears that the first was in the person of a woman
named Marguerite Vidusson, who had been the subject of simple
hysteria for about eight years. In January, 1878, she began to suffer
from convulsive attacks, accompanied by cries and lamentations.
She was regarded as the subject of demoniacal possession, and on
the first Sunday in May was publicly exorcised. Her affection,
however, increased in severity; the attacks were more frequent and
more intense, and were especially provoked by the sound of the
church-bells and by the sight of priests. Seven months later three
other hysterical girls became subject to convulsive and clamorous
attacks. Here, again, an attempt was made to get rid of the
supposed demon. A solemn mass was said in the presence of the
sufferers, but was followed only by a fresh outbreak. At the time of
the visit of the delegates eighteen were suffering, aged from sixteen
to twenty-six years, except three, whose ages were respectively
forty-five, fifty-five, and sixty-three years. Similar symptoms had also
appeared in a young soldier on leave in the village.” During the
attacks the patients talked of the demon which possessed them,
stated the date on which they were seized by it, and the names of
the persons who were possessed before them. Some boasted of
being prophetesses and clairvoyants and of having the gift of
tongues. In all, the sound of church-bells caused attacks, and
religious ceremonies appeared not only to aggravate the disease in
the sufferers, but also to cause its extension to those not previously
attacked. M. Colin points out that the soil is particularly favorable for
the development of an epidemic of this nature. The people of
Verzeguis are backward in education and most superstitious.
Functional nervous diseases are common among them. The
inhabitants of the village are largely cut off from intercourse with the
adjacent country in consequence of comparative inaccessibility and
the frequent interruption of communications by storms and floods.
Craniometric observations on twelve of the inhabitants seemed to
show that the brachycephalic form of skull predominated, and that
the development of the cranium was slightly below the average. The
epidemic proved extremely obstinate.
54 Annales d'Hygiène, quoted in Lancet, Oct. 16, 1880.
In Norway and New Caledonia similar hysterical outbreaks have
been observed in recent times.
An endemic of hysteria from imitation occurred in Philadelphia in

1880. Some of the cases fell under my own observation. A brief
account of them is given by Mitchell in his Lectures. The outbreak
occurred in a Church Home for Children, to which Dr. S. S. Stryker
was physician. The Home contained ninety-five girls and six boys; all
of them were well nourished and in good condition. The epidemic
began by a girl having slight convulsive twitchings of the extremities,
with a little numbness. Attacks returned daily; respiration became
loud and crowing. She soon had all the phenomena of convulsive
hysteria. Many of her comrades began to imitate her bark. Soon
another girl of ten was attacked with harsh, gasping breathing, with
crowing, speechlessness, clutching at her throat, and the whole
series of phenomena exhibited by the first girl attacked. Nine or ten
others were affected in like manner, and many of the remaining
children had similar symptoms in a slight degree. At first convulsions
occurred irregularly; after a while they appeared every evening; later,
both morning and evening. The presence of visitors would excite
them. Many interesting hysterical phases occurred among the
children. One night some of them took to walking about on their
hands and knees; others described visions. The girls often spoke of
being surrounded by wild beasts, and one child would adopt the
fiction which another related in her hearing. The cases were
scattered about in different hospitals, and made good recoveries in
from one to two months.
The Jumpers or Jumping Frenchmen of Maine and Northern New

Hampshire were described by Beard in 1880.55 They presented
nervous phenomena in some phases allied to hysteria. In June,
1880, Beard visited Moosehead Lake and experimented with some
of them. Whatever order was given them was at once obeyed. One
of the Jumpers, who was sitting in a chair with a knife in his hand,
was told to throw it, and he threw it quickly so that it struck in a beam
opposite; at the same time he repeated the order to throw it with a
cry of alarm. They were tried with Latin and Greek quotations, and
repeated or echoed the sound as it came to them. They could not
help repeating any word or sound that came from the person that
ordered them. Any sudden or unexpected noise, as the report of a
gun, the slamming of a door, etc., would cause them to exhibit some
phenomena. It was dangerous to startle them where they could
injure themselves, or if they had an axe, knife, or other weapon in
their hands. Since the time of Beard's observation accounts of their
doings have now and then found their way into newspapers. One
recent account tells of one of these peculiar people jumping from a
raft into the Penobscot River on an order to jump.
55 Journal of Nervous and Mental Diseases, vol. vii., 1880, p. 487.
Hammond56 has described under the name Miryachit an affection

which seems to be essentially the same disorder as that of which the
Jumpers are the victims. He quotes from a report of a journey from
the Pacific Ocean through Asia to Europe by Lieutenant B. H.
Buckingham and Ensigns Geo. C. Foulk and Walter McLean of the
United States Navy, an account of this disease. The party made their
first observations on this affection while on the Ussuri River in
Siberia. The captain of the general staff approached the steward of
the boat suddenly, and without any apparent reason or remark
clapped his hand before his face; instantly the steward clapped his
hand in the same manner, put on an angry look, and passed on.
When the captain slapped the paddle-box suddenly, the steward
instantly gave it a similar thump. Some of the passengers imitated
pigs grunting or called out absurd names, etc.; the poor steward
would be compelled to echo them all. The United States naval
officers were informed that the affection was not uncommon in
Siberia, and that it was commonest about Yakutsk, where the winter
cold is extreme. Both sexes were subject to it, but men much less
than women. It was known to Russians by the name of Miryachit.
56 New York Med. Journ., Feb. 16, 1884.
In both these classes of cases a suggestion of some kind was

required, and then the act took place independently of the will.
“There is another analogous condition known by the Germans as
Schlaftrunkenheit, and to English and American neurologists as
somnolentia or sleep-drunkenness. In this state an individual on
being suddenly awakened commits some incongruous act of
violence, ofttimes a murder. Sometimes this appears to be a dream,
but in others no such cause could be discovered.” Curious instances
are mentioned by Hammond of this disorder.
The phenomena of automatism at command in hypnotized subjects

have much similarity to the phenomena of these affections, and the
same explanation to a certain extent will answer for both.
Paget57 has ably discussed the subject of neuromimesis in general,

and Mitchell58 devotes two lectures to its consideration. As already
stated when discussing the synonyms of hysteria, the mistake must
not be made of supposing all cases of hysteria to be instances of
neuromimesis; but, as Mitchell remarks, the hysterical state,
however produced, is a fruitful source of mimicry of disease in its
every form, from the mildest of pains up to the most complete and
carefully-devised frauds. “Its sensitiveness and mobility, its timidity
and emotionalness, its greed of attention, of sympathy, and of power
in all shapes, supply both motive and help, so that while we must be
careful not to see mimicry in every hysteric symptom, we must in
people of this temperament be more than usually watchful for this
form of trouble, and at least reasonably suspicious of every peculiar
or unusual phenomenon.”
57 Op. cit.
58 Op. cit.
SYMPTOMATOLOGY.—At the outset of the discussion of the

symptomatology of hysteria, hysterical cases should be divided into
four classes—viz. (1) Cases in which the symptoms are involuntary;
(2) cases in which the symptoms are artificially induced and become
involuntary; (3) cases in which the symptoms are acted or simulated,
but in which the patient, because of impaired mental power, is
irresistibly impelled to their performance; (4) cases in which the
symptoms are purely acts of deception which are under the control
of the patient.
Keeping in mind these different classes, we will always be able to

link to the phenomena of hysteria the psychical element which is
present in all genuine cases of this disorder. To comprehend the
existence of the psychical element in the first class, in which the
manifestations are absolutely involuntary, may offer difficulties. In
these cases, at a period more or less recent or remote, psychical
stimuli may have acted to produce the hysterical phenomena, and,
once produced, these have been repeated and intensified by habit,
and continue independently both of volition and consciousness. The
experiments of Dercum and Parker show how hysterical symptoms
may be artificially induced and may get beyond the patient's control.
The difference between induced and simulated manifestations must
always be clearly borne in mind. To induce a set of phenomena a
certain mechanism must be set in action, and this, through rational,
explicable processes, leads to certain results. The psychical element
enters here both positively and negatively—positively, in the
determination to produce a certain train of events; negatively, in the
condition of mental concentration or abstraction which is a part of the
procedure. In the third class of cases acting or simulation is
dependent upon the irresistible inclinations of the patient. This may
seem to some an uncertain and even dangerous ground to take. I
am convinced, however, after observing many hysterical cases, that
acts clearly purposive, so far as the particular performance is
concerned, are sometimes the result of a general unstable mental
condition. Some at least of these patients are as irresistibly impelled
to swallow blood and vomit, to scream and gesticulate, etc., as is the
monomaniac to commit arson, to ravish, or to kill. In the fourth class,
the cases of pure, unmitigated, uncontrollable deception, the
psychical element is very evident, although some may question
whether such cases should be ranged under the banner of hysteria,
where it is both convenient and customary to place them.
The symptoms of hysteria may develop in any order or after any

fashion. The graver hysterical phenomena, such as convulsions,
paralysis, and anæsthesia, often seem to come on suddenly, but
usually this suddenness of onset is apparent rather than real. Minor
hysterical symptoms, such as general nervous irritability, pains,
aches, and discomforts, and mental peculiarities, have usually been
present for a long time. These minor evidences of the hysterical
constitution are sometimes the only phenomena ever presented.
Todd59 has described an expression of countenance which he

designates as the facies hysterica. The characteristics of this
expression are a remarkable depth and prominent fulness, with more
or less thickness, of the upper lip, and a peculiar drooping of the
upper eyelids. It would be absurd to assert that all hysterical patients
presented this cast of countenance, but an appearance which
approaches closely to this description is presented in a fair
percentage of cases. It has seemed to me that male hysterics were
more likely to have this peculiar facies than hysterical females.
59 Reynolds's System of Medicine, vol. ii. p. 656.
The psychical peculiarities or mental disorders of hysteria form a

large and important part of its phenomena. We have to deal not only
with peculiar and diverse psychical manifestations, but to one form of
mental disorder it is clinically convenient and correct to apply the
designation hysterical insanity.
In the mildest cases of ordinary hysteria conditions of mental

irritability and mobility are sometimes the only striking features.
“Patients,” says Jolly,60 “are timid, easily overcome by any
unexpected occurrence, sentimental, and sensitive. Every trifle
annoys and upsets them; and there is this peculiarity—that a more
recent stimulus may often effect a diversion in an exactly opposite
direction.”
60 Op. cit.
As bearing upon the question of the mental state in hysteria, the

confessions obtained by Mitchell from several patients are of great
interest. One patient, who had learned to notice and dwell upon any
little symptom, vomited daily and aroused much sympathy. She took
little or no food. Spasms came on, and she confessed that every
new symptom caused new anxiety, and that somehow she rather
liked it all. She gradually lost all her symptoms except vomiting, and
overcame this by desperate efforts. Another patient confessed to
having played a game upon her doctor for a long time by pretending
she took no food. She would get out of bed at night, but remain there
all day; she filled up a vessel with water to make others believe she
passed large quantities of urine, etc. Another patient, a girl of
nineteen, who came on a litter from a Western State, after a time
regained her feet. In her confession she stated that what she lacked
was courage. She believed that she would have overcome her
difficulties if any one had told her that nothing was the matter. “In
looking back over the year with the light of the present,” she says, “I
can only say that I believe that there was really nothing the matter
with me; only it seemed to me as if there was, and because of these
sensations I carried on a sort of starvation process physical and
mental.”
The older and some of the more recent classifications of insanity

recognize hysterical insanity as a distinct form of mental disease.
Morel and Skae, however, in their etiological classifications, and
Hammond, Spitzka, Mann, and Clouston in their recently-published
works, give it a “local habitation and a name.” Krafft-Ebing not only
recognizes hysterical insanity as a distinct form of mental disease,
but, after the German fashion, subdivides it quite minutely, as
follows: First, transitory forms: a. with fright; b. hystero-epileptic
deliria; c. ecstatic visionary forms; d. moria-like conditions. Second,
chronic forms: a. hystero-melancholia; b. hystero-mania; c.
degenerative states with hysterical basis.
Spitzka61 speaks of chronic hysterical insanity as an intensification of

the hysterical character, to which “a silly mendacity is frequently
added, and develops pari passu with advancing deterioration.” At the
State Hospital for the Insane at Norristown and at the department for
the insane of the Philadelphia Hospital cases of chronic hysterical
insanity have come under my observation. Hammond under
hysterical mania includes several different and somewhat distinct
mental disorders.
61 Insanity, its Classification, Diagnosis, and Treatment, by E. C. Spitzka, M.D., New
York, 1883.
With regard to the occurrence of hysterical manifestations amongst

patients suffering from some well-recognized non-hysterical forms of
insanity, a tour through any large asylum will afford abundant
evidence. Cases of tremor closely simulating cerebro-spinal
sclerosis have been observed frequently among the insane.
Paralysis, contracture, hysterical joints, hysterical neuralgias,
convulsions, and cataleptoid phenomena are among other hysterical
manifestations which have fallen under personal observation among
the insane of various classes.
A remarkable case of hysterical motor paralysis was observed at the

State Hospital for the Insane at Norristown. This patient was an
intelligent single woman about thirty-five years of age, of good family,
well educated; she had been a teacher and writer, and became
insane through family and business troubles. When only eight years
of age she was paralyzed for two years and a half, and had had at
times during her life, before becoming insane, attacks of partial or
complete unconsciousness. Prior to coming under observation she
had been an inmate of an English private asylum. She was sick on
shipboard coming to this country, and on her arrival was in a state of
delirium and insomnia, with attacks of loss of sight. Four months
later she developed mania with suicidal inclinations. Just before the
development of this maniacal condition her lower limbs became
comparatively helpless, and soon after she entirely lost their use. I
found her in this condition, and examination showed no change in
knee-jerk, electrical reactions, nutrition, nor genito-urinary conditions,
which led me to diagnosticate the absence of any organic spinal
trouble. The case was pronounced one of hysterical paralysis, and it
was prophesied that she would eventually completely recover,
probably suddenly. For one year her paralysis remained, her mental
condition varying very greatly during this time—sometimes in a

PDF Artificial Intelligence and Security Challenges in Emerging Networks Advances in Computational Intelligence and Robotics 1St Edition Ryma Abassi Editor Ebook Full Chapter

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

PDF Artificial Intelligence and Security Challenges in Emerging Networks Advances in Computational Intelligence and Robotics 1St Edition Ryma Abassi Editor Ebook Full Chapter

Uploaded by

Copyright:

Available Formats

Artificial Intelligence and Security

Challenges in Emerging Networks

Artificial Intelligence and Robotics Huimin Lu

Artificial Intelligence and Robotics 1st Edition Huimin

AI and Big Datas Potential for Disruptive Innovation

Advances in Artificial Intelligence, Software and

AI IA 2016 Advances in Artificial Intelligence XVth

Artificial Intelligence Safety and Security Roman V.

Advances in Computational Intelligence 17th Mexican

Computational Intelligence Applications in Business

A volume in the Advances in

Library of Congress Cataloging-in-Publication Data

Names: Abassi, Ryma, 1980- editor.

British Cataloguing in Publication Data

All work contributed to this book is new, previously-unpublished material.

For electronic access to this publication, please contact: eresources@igi-global.com.

Editor-in-Chief: Ivan Giannoccaro, University of Salento, Italy

Advanced Metaheuristic Methods in Big Data Retrieval and Analytics

Nature-Inspired Algorithms for Big Data Frameworks

Novel Design and Applications of Robotics Technologies

Optoelectronics in Machine Vision-Based Theories and Applications

For an entire list of titles in this series, please visit:

701 East Chocolate Avenue, Hershey, PA 17033, USA

Compilation of References............................................................................... 265

About the Contributors.................................................................................... 287

An evaluation of security mechanisms is done that identifies security weaknesses.

Cloud computing that aims to provide convenient, on-demand, network access to

terms for SDN implementation include separation of functionality, virtualization

Software-defined networking (SDN) allows centralizing and simplifying network

Vehicular ad hoc networks (VANETs) enable vehicles to exchange safety-related

Vehicular ad-hoc networks (VANETs) allow communication among vehicles using

Specifying a security policy (SP) is a challenging task in the development of

Compilation of References............................................................................... 265

About the Contributors.................................................................................... 287

ORGANIZATION OF THE BOOK

Chapter 10 proposes a formal environment for Security Policies (SP) testing

American Institute of Aeronautics and Astronautics. (2018). Artificial Intelligence

Moreover, I wish to acknowledge the valuable contributions of the reviewers regarding

Muhammad Ubale Kiru

Ransomware is popularly described as a type of malware that makes a file on

accessing public opinion or individual characteristics using primary or secondary

Figure 1. Ransomware timeline

Ransomware Timeline and History

As the name implies, locker ransomware is a variant of ransomware which overtakes

Figure 2. Ransomware families (Symantec ISTR Report 2017)

Table 1. Popular ransomware variants, attack vectors and dates

Alias Attack Vector

Ransomware Modus Operandi

In the deployment phase, a payload is deployed on the targeted machine in form of

Figure 3. Stages of Compromise (Liska A. and Gallo T. (2017)

Communication and Exchange Phase: Phase 3

In this phase, communication is established between target and a remote server

Ransomware Infection Vectors

1. Smishing: This is a technique used by hackers to deceive victim into navigating

6. Flash Player: FP is a small program that is provided by the software giant

Indicators of Compromise (IOC)

43 Clinical Lectures on Mental Diseases.

The term students' hysteria has been applied to the neuromimetic

It has been my personal experience that comparatively few cases of

That any form of irritation in a patient predisposed to hysteria may

Anæmia and chlorosis are frequent exciting causes of hysteria in

Disorders of menstruation play a prominent part as exciting causes

With reference to the very common assertions that continence on the