Biblio

Internal attacks are one of the biggest cybersecurity issues to companies and businesses. Despite the implemented perimeter security systems, the risk of adversely affecting the security and privacy of the organization’s information remains very high. Actually, the detection of such a threat is known to be a very complicated problem, presenting many challenges to the research community. In this paper, we investigate the effectiveness and usefulness of using Autoencoder and Variational Autoencoder deep learning algorithms to automatically defend against insider threats, without human intervention. The performance evaluation of the proposed models is done on the public CERT dataset (CERT r4.2) that contains both benign and malicious activities generated from 1000 simulated users. The comparison results with other models show that the Variational Autoencoder neural network provides the best overall performance with a higher detection accuracy and a reasonable false positive rate.

Professional training is essential for organizations to successfully defend their assets against cyber-attacks. Successful detection and prevention of security incidents demands that personnel is not just aware about the potential threats, but its security expertise goes far beyond the necessary background knowledge. To fill-in the gap for competent security professionals, platforms offering realistic training environments and scenarios are designed that are referred to as cyber-ranges. Multiple cyber-ranges listed under a common platform can simulate more complex environments, referred as cyber-range federations. Security education approaches often implement gamification mechanics to increase trainees’ engagement and maximize the outcome of the training process. Scoring is an integral part of a gamification scheme, allowing both the trainee and the trainer to monitor the former’s performance and progress. In this article, a novel scoring model is presented that is designed to be agnostic with respect to the source of information: either a CR or a variety of different CRs being part of a federated environment.

Cyber-security training has evolved into an imperative need, aiming to provide cyber-security professionals with the knowledge and skills required to confront cyber-attacks that are increasing in number and sophistication. Training activities are typically associated with evaluation means, aimed to assess the extent to which the trainee has acquired the knowledge and skills whose development is targeted by the training programme, while cyber-security awareness and skill level evaluation means may be used to support additional security-related aspects of organizations. In this paper, we review trainee performance assessment metrics in cyber-security training, aiming to assist designers of cyber-security training activities to identify the most prominent trainee performance assessment means for their training programmes, while additional research directions involving cyber-security training evaluation metrics are also identified.

The rapid increase in the use of IoT devices brings many benefits to the digital society, ranging from improved efficiency to higher productivity. However, the limited resources and the open nature of these devices make them vulnerable to various cyber threats. A single compromised device can have an impact on the whole network and lead to major security and physical damages. This paper explores the potential of using network profiling and machine learning to secure IoT against cyber attacks. The proposed anomaly-based intrusion detection solution dynamically and actively profiles and monitors all networked devices for the detection of IoT device tampering attempts as well as suspicious network transactions. Any deviation from the defined profile is considered to be an attack and is subject to further analysis. Raw traffic is also passed on to the machine learning classifier for examination and identification of potential attacks. Performance assessment of the proposed methodology is conducted on the Cyber-Trust testbed using normal and malicious network traffic. The experimental results show that the proposed anomaly detection system delivers promising results with an overall accuracy of 98.35% and 0.98% of false-positive alarms.

In modern internet-scale computing, interaction between a large number of parties that are not known a-priori is predominant, with each party functioning both as a provider and consumer of services and information. In such an environment, traditional access control mechanisms face considerable limitations, since granting appropriate authorizations to each distinct party is infeasible both due to the high number of grantees and the dynamic nature of interactions. Trust management has emerged as a solution to this issue, offering aids towards the automated verification of actions against security policies. In this paper, we present a trust- and risk-based approach to security, which considers status, behavior and associated risk aspects in the trust computation process, while additionally it captures user-to-user trust relationships which are propagated to the device level, through user-to-device ownership links.

This paper considers the use of novel technologies for mitigating attacks that aim at compromising intrusion detection systems (IDSs). Solutions based on collaborative intrusion detection networks (CIDNs) could increase the resilience against such attacks as they allow IDS nodes to gain knowledge from each other by sharing information. However, despite the vast research in this area, trust management issues still pose significant challenges and recent works investigate whether these could be addressed by relying on blockchain and related distributed ledger technologies. Towards that direction, the paper proposes the use of a trust-based blockchain in CIDNs, referred to as trust-chain, to protect the integrity of the information shared among the CIDN peers, enhance their accountability, and secure their collaboration by thwarting insider attacks. A consensus protocol is proposed for CIDNs, which is a combination of a proof-of-stake and proof-of-work protocols, to enable collaborative IDS nodes to maintain a reliable and tampered-resistant trust-chain.

The technological evolution brought by the Internet of things (IoT) comes with new forms of cyber-attacks exploiting the complexity and heterogeneity of IoT networks, as well as, the existence of many vulnerabilities in IoT devices. The detection of compromised devices, as well as the collection and preservation of evidence regarding alleged malicious behavior in IoT networks, emerge as areas of high priority. This paper presents a blockchain-based solution, which is designed for the smart home domain, dealing with the collection and preservation of digital forensic evidence. The system utilizes a private forensic evidence database, where the captured evidence is stored, along with a permissioned blockchain that allows providing security services like integrity, authentication, and non-repudiation, so that the evidence can be used in a court of law. The blockchain stores evidences' metadata, which are critical for providing the aforementioned services, and interacts via smart contracts with the different entities involved in an investigation process, including Internet service providers, law enforcement agencies and prosecutors. A high-level architecture of the blockchain-based solution is presented that allows tackling the unique challenges posed by the need for digitally handling forensic evidence collected from IoT networks.