Biblio

To ensure a ship’s fully operational status in a wide spectrum of missions, as passenger transportation, international trade, and military activities, numerous interdependent systems are essential. Despite the potential critical consequences of misunderstanding or ignoring those interdependencies, there are very few documented approaches to enable their identification, representation, analysis, and use. From the cybersecurity point of view, if an anomaly occurs on one of the interdependent systems, it could eventually impact the whole ship, jeopardizing its mission success. This paper presents a proposal to identify the main dependencies of layers within and between generic ship’s functional blocks. An analysis of one of these layers, the platform systems, is developed to examine a naval cyber-physical system (CPS), the water management for passenger use, and its associated dependencies, from an intrinsic perspective. This analysis generates a three layers graph, on which dependencies are represented as oriented edges. Each abstraction level of the graph represents the physical, digital, and system variables of the examined CPS. The obtained result confirms the interest of graphs for dependencies representation and analysis. It is an operational depiction of the different systems interdependencies, on which can rely a cybersecurity evaluation, like anomaly detection and propagation assessment.

Naval vessels infrastructures are evolving towards increasingly connected and automatic systems. Such accelerated complexity boost to search for more adapted and useful navigation devices may be at odds with cybersecurity, making necessary to develop adapted analysis solutions for experts. This paper introduces a novel process to visualize and analyze naval Cyber-Physical Systems (CPS) using oriented graphs, considering operational constraints, to represent physical and functional connections between multiple components of CPS. Rapid prototyping of interconnected components is implemented in a semi-automatic manner by defining the CPS’s digital and physical systems as nodes, along with system variables as edges, to form three layers of an oriented graph, using the open-source Neo4j software suit. The generated multi-layer graph can be used to support cybersecurity analysis, like attacks simulation, anomaly detection and propagation estimation, applying existing or new algorithms.

This paper considers a multivariate quickest detection problem with false data injection (FDI) attacks in internet of things (IoT) systems. We derive a sequential generalized likelihood ratio test (GLRT) for zero-mean Gaussian FDI attacks. Exploiting the fact that covariance matrices are positive, we propose strategies to detect positive semi-definite matrix additions rather than arbitrary changes in the covariance matrix. The distribution of the GLRT is only known asymptotically whereas quickest detectors deal with short sequences, thereby leading to loss of performance. Therefore, we use a finite-sample correction to reduce the false alarm rate. Further, we provide a numerical approach to estimate the threshold sequences, which are analytically intractable to compute. We also compare the average detection delay of the proposed detector for constant and varying threshold sequences. Simulations showed that the proposed detector outperforms the standard sequential GLRT detector.

Cloud computing has become ubiquitous in the modern world and has offered a number of promising and transformative technological opportunities. However, organizations that use cloud platforms are also concerned about cloud security and new threats that arise due to cloud adoption. Digital forensic investigations (DFI) are undertaken when a security incident (i.e., successful attack) has been identified. Forensics data collection is an integral part of DFIs. This paper presents results from a survey of existing literature on challenges related to forensics data collection in cloud. A taxonomy of major challenges was developed to help organizations understand and thus better prepare for forensics data collection.

Affected by the inherent ideas like "Focus on Function Realization, Despise Security Protection", there are lots of hidden threats in the industrial control system of wind farms (ICS-WF), such as unreasonable IP configuration, failure in virus detection and killing, which are prone to illegal invasion and attack from the cyberspace. Those unexpected unauthorized accesses are quite harmful for the stable operation of the wind farms and regional power grid. Therefore, by investigating the current security situation and needs of ICS-WF, analyzing the characteristics of ICS-WF’s architecture and internal communication, and integrating the ideas of the classified protection of cybersecurity, this paper proposes a new customized cybersecurity strategy for ICS-WF based on the barrel theory. We also introduce an new anomalous intrusion detection technology for ICS-WF, which is developed based on statistical models of wind farm network characteristics. Finally, combined all these work with the network security offense and defense drill in the industrial control safety simulation laboratory of wind farms, this research formulates a three-dimensional comprehensive protection solution for ICS-WF, which significantly improves the cybersecurity level of ICS-WF.

The paper gives an overview of the ICS security and focuses on Control Systems. Use of internet had security challenges which led to the development of ICS which is designed to be dependable and safe. PCS, DCS and SCADA all are subsets of ICS. The paper gives a description of the developments in the ICS security and covers the most interesting work done by researchers. The paper also provides research information about the parameters on which a remotely executed cyber-attack depends.

Intrusion Detection System (IDS) is a system that could detect suspicious activity in a network. Two approaches are known for IDS, namely signature-based and anomaly-based. The anomaly-based detection method was chosen to detect suspicious and abnormal activity for the system that cannot be performed by the signature-based method. In this study, attack testing was carried out using three DoS tools, namely the LOIC, Torshammer, and Xerxes tools, with a test scenario using IDS and without IDS. From the test results that have been carried out, IDS has successfully detected the attacks that were sent, for the delivery of the most consecutive attack packages, namely Torshammer, Xerxes, and LOIC. In the detection of Torshammer attack tools on the target FTP Server, 9421 packages were obtained, for Xerxes tools as many as 10618 packages and LOIC tools as many as 6115 packages. Meanwhile, attacks on the target Web Server for Torshammer tools were 299 packages, for Xerxes tools as many as 530 packages, and for LOIC tools as many as 103 packages. The accuracy of the IDS performance results is 88.66%, the precision is 88.58% and the false positive rate is 63.17%.

We tackle the problem where a server owns a trained Machine Learning (ML) model and a client/user has an unclassified query that he wishes to classify in secure and private fashion using the server’s model. During the process the server learns nothing, while the user learns only his final classification and nothing else. Since several ML classification algorithms, such as deep neural networks, support vector machines-SVM (and hyperplane decisions in general), Logistic Regression, Naïve Bayes, etc., can be expressed in terms of matrix operations, initially we propose novel secure matrix operations as our building blocks. On top of them we build our secure and private ML classification algorithms under strict security and privacy requirements. As our underlying cryptographic primitives are shown to be resilient to quantum computer attacks, our algorithms are also suitable for the post-quantum world. Our theoretical analysis and extensive experimental evaluations show that our secure matrix operations, hence our secure ML algorithms build on top of them as well, outperform the state of the art schemes in terms of computation and communication costs. This makes our algorithms suitable for devices with limited resources that are often found in Industrial IoT (Internet of Things)

At present, machine learning (ML) algorithms are essential components in designing the sophisticated intrusion detection system (IDS). They are building-blocks to enhance cyber threat detection and help in classification at host-level and network-level in a short period. The increasing global connectivity and advancements of network technologies have added unprecedented challenges and opportunities to network security. Malicious attacks impose a huge security threat and warrant scalable solutions to thwart large-scale attacks. These activities encourage researchers to address these imminent threats by analyzing a large volume of the dataset to tackle all possible ranges of attack. In this proposed method, we calculated the fitness value of each feature from the population by using a genetic algorithm (GA) and selected them according to the fitness value. The fitness values are presented in hierarchical order to show the effectiveness of problem decomposition. We implemented Support Vector Machine (SVM) to verify the consistency of the system outcome. The well-known NSL-knowledge discovery in databases (KDD) was used to measure the performance of the system. From the experiments, we achieved a notable classification accuracies using a SVM of the current state of the art intrusion detection.

Ransomware is one of the most serious threats which constitute a significant challenge in the cybersecurity field. The cybercriminals use this attack to encrypts the victim's files or infect the victim's devices to demand ransom in exchange to restore access to these files and devices. The escalating threat of Ransomware to thousands of individuals and companies requires an urgent need for creating a system capable of proactively detecting and preventing ransomware. In this research, a new approach is proposed to detect and classify ransomware based on three machine learning algorithms (Random Forest, Support Vector Machines , and Näive Bayes). The features set was extracted directly from raw byte using static analysis technique of samples to improve the detection speed. To offer the best detection accuracy, CF-NCF (Class Frequency - Non-Class Frequency) has been utilized for generate features vectors. The proposed approach can differentiate between ransomware and goodware files with a detection accuracy of up to 98.33 percent.

Cybersecurity has become an emerging challenge for business information management and critical infrastructure protection in recent years. Artificial Intelligence (AI) has been widely used in different fields, but it is still relatively new in the area of Cyber-Physical Systems (CPS) security. In this paper, we provide an approach based on Machine Learning (ML) to intelligent threat recognition to enable run-time risk assessment for superior situation awareness in CPS security monitoring. With the aim of classifying malicious activity, several machine learning methods, such as k-nearest neighbours (kNN), Naïve Bayes (NB), Support Vector Machine (SVM), Decision Tree (DT) and Random Forest (RF), have been applied and compared using two different publicly available real-world testbeds. The results show that RF allowed for the best classification performance. When used in reference industrial applications, the approach allows security control room operators to get notified of threats only when classification confidence will be above a threshold, hence reducing the stress of security managers and effectively supporting their decisions.

Today's companies are increasingly relying on Internet of Everything (IoE) to modernize their operations. The very complexes characteristics of such system expose their applications and their exchanged data to multiples risks and security breaches that make them targets for cyber attacks. The aim of our work in this paper is to provide an cybersecurity strategy whose objective is to prevent and anticipate threats related to the IoE. An economic approach is used in order to help to take decisions according to the reduction of the risks generated by the non definition of the appropriate levels of security. The considered problem have been resolved by exploiting a combinatorial optimization approach with a practical case of knapsack. We opted for a bi-objective modeling under uncertainty with a constraint of cardinality and a given budget to be respected. To guarantee a robustness of our strategy, we have also considered the criterion of uncertainty by taking into account all the possible threats that can be generated by a cyber attacks over IoE. Our strategy have been implemented and simulated under MATLAB environement and its performance results have been compared to those obtained by NSGA-II metaheuristic. Our proposed cyber security strategy recorded a clear improvment of efficiency according to the optimization of the security level and cost parametrs.

Advanced persistent threats (APT’s) are stealthy threat actors with the skills to gain covert control of the computer network for an extended period of time. They are the highest cyber attack risk factor for large companies and states. A successful attack via an APT can cost millions of dollars, can disrupt civil life and has the capabilities to do physical damage. APT groups are typically state-sponsored and are considered the most effective and skilled cyber attackers. Attacks of APT’s are executed in several stages as pointed out in the Lockheed Martin cyber kill chain (CKC). Each of these APT stages can potentially be identified as patterns in network traffic. Using the "APT-2020" dataset, that compiles the characteristics and stages of an APT, we carried out experiments on the detection of anomalous traffic for all APT stages. We compare several artificial intelligence models, like a stacked auto encoder, a recurrent neural network and a one class state vector machine and show significant improvements on detection in the data exfiltration stage. This dataset is the first to have a data exfiltration stage included to experiment on. According to APT-2020’s authors current models have the biggest challenge specific to this stage. We introduce a method to successfully detect data exfiltration by analyzing the payload of the network traffic flow. This flow based deep packet inspection approach improves detection compared to other state of the art methods.

The paper deals with exponentially growing technology - Internet of Things (IoT) in the field of healthcare. It is spoken about the networked healthcare and medical architecture. The attention is given to the analysis of the international regulations on medical and healthcare cybersecurity. For building a trustworthy healthcare IoT solution, a developed normative hierarchical model of the international cybersecurity standards is provided. For cybersecurity assessment of such systems the case-oriented technique, which includes Advanced Security Assurance Case (ASAC) and an example on a wireless insulin pump of its application are provided.

In recent times, major cybersecurity breaches and cyber fraud had huge negative impact on victim organisations. The biggest impact made on major areas of business activities. Majority of organisations facing cybersecurity adversity and advanced threats suffers from huge financial and reputation loss. The current security technologies, policies and processes are providing necessary capabilities and cybersecurity mechanism to solve cyber threats and risks. However, current solutions are not providing required mechanism for decision making on impact of cybersecurity breaches and fraud. In this paper, we are reporting initial findings and proposing conceptual solution. The paper is aiming to provide a novel model for Cybersecurity Economics and Analysis (CEA). We will contribute to increasing harmonization of European cybersecurity initiatives and reducing fragmented practices of cybersecurity solutions and also helping to reach EU Digital Single Market goal. By introducing Cybersecurity Readiness Level Metrics the project will measure and increase effectiveness of cybersecurity programs, while the cost-benefit framework will help to increase the economic and financial viability, effectiveness and value generation of cybersecurity solutions for organisation's strategic, tactical and operational imperative. The ambition of the research development and innovation (RDI) is to increase and re-establish the trust of the European citizens in European digital environments through practical solutions.

To better inform the public cybersecurity discussion, in January 2011 the Information Technology Industry Council (ITI) developed a comprehensive set of cybersecurity principles for industry and government [1]. ITI's six principles aim to provide a useful and important lens through which any efforts to improve cybersecurity should be viewed.

As the world becomes more dependent on connected cyber-physical systems, the cybersecurity workforce must adapt to meet these growing needs. The authors present the notion of a cyber-resiliency workforce to prepare the next generation of cybersecurity professionals.

Cyber Physical Systems (CPS) are characterized by their ability to integrate the physical and information or cyber worlds. Their deployment in critical infrastructure have demonstrated a potential to transform the world. However, harnessing this potential is limited by their critical nature and the far reaching effects of cyber attacks on human, infrastructure and the environment. An attraction for cyber concerns in CPS rises from the process of sending information from sensors to actuators over the wireless communication medium, thereby widening the attack surface. Traditionally, CPS security has been investigated from the perspective of preventing intruders from gaining access to the system using cryptography and other access control techniques. Most research work have therefore focused on the detection of attacks in CPS. However, in a world of increasing adversaries, it is becoming more difficult to totally prevent CPS from adversarial attacks, hence the need to focus on making CPS resilient. Resilient CPS are designed to withstand disruptions and remain functional despite the operation of adversaries. One of the dominant methodologies explored for building resilient CPS is dependent on machine learning (ML) algorithms. However, rising from recent research in adversarial ML, we posit that ML algorithms for securing CPS must themselves be resilient. This article is therefore aimed at comprehensively surveying the interactions between resilient CPS using ML and resilient ML when applied in CPS. The paper concludes with a number of research trends and promising future research directions. Furthermore, with this article, readers can have a thorough understanding of recent advances on ML-based security and securing ML for CPS and countermeasures, as well as research trends in this active research area.

Protection of an organization's assets and information technology infrastructure is always crucial to any business. Securing and protecting businesses from cybersecurity threats became very challenging during the Covid-19 Pandemic. Organizations suddenly shifted towards remote work to maintain continuity and protecting against new cyber threats became a big concern for most business owners. This research looks into the following areas (i) outlining the shift from In-person to online work risks (ii) determine the cyber-attack type based on the list of 10 most prominent cybersecurity threats during the Covid-19 Pandemic (iii) and design a security policy to securing business continuity.

Distributed denial of service (DDoS) attacks is one of the most evolving threats in the current Internet situation and yet there is no effective mechanism to curb it. In the field of DDoS attacks, as in all other areas of cybersecurity, attackers are increasingly using sophisticated methods. The work in this paper focuses on using Artificial Neural Network to detect various types of DDOS attacks(UDP-Flood, Smurf, HTTP-Flood and SiDDoS). We would be mainly focusing on the network and transport layer DDoS attacks. Additionally, the time and space complexity is also calculated to further improve the efficiency of the model implemented and overcome the limitations found in the research gap. The results obtained from our analysis on the dataset show that our proposed methods can better detect the DDoS attack.

The competency to use mobile devices for work-related tasks gives advantages to the company productiveness and expedites business processes. Thus Bring Your Own Device (BYOD) setting emerge to enable work flexibility and technological compatibility. For management, employees’ productivity is important, but they could not jeopardise the security of information and data stored in the corporate network. Securing data and network becomes more complex tasks as it deals with foreign devices, i.e., devices that do not belong to the organisation. With much research focused on pre-implementation and the technical aspects of mobile device usage, post-implementation advancement is receiving less attention. IS audit as one of the post-implementation mechanisms provides performance evaluation of existing IS assets, business operations and process implementation, thus helping management formulating the best strategies in optimising IS practices. This paper discusses the feasibility of IS audit in assessing mobile device security by exploring the risks and vulnerabilities of mobile devices for organisational IS security as well as the perception of Information system management in mobile device security. By analysing related literature, authors pointed out how the references used in the current IS audit research address the mobile device security. This work serves a significant foundation in the future development in mobile device audit.

Despite the recent introduction of biometric identification technology, Personal Identification Numbers (PIN) are the standard for granting access to restricted areas and for authorizing operations on most systems, including mobile phones, payment devices, smart locks. Unfortunately, PINs have several inherent vulnerabilities and expose users to different types of social engineering attacks. Specifically, the risk of shoulder surfing in PIN-based authentication is especially high for individuals who are blind. In this paper, we introduce a new method for improving the trade-off between security and accessibility in PIN-based authentication systems. Our proposed solution aims at minimizing the threats posed by malicious agents while maintaining a low level of complexity for the user. We present the method and discuss the results of an evaluation study that demonstrates the advantages of our solution compared to state-of-the-art systems.

Autonomous robots are increasingly widespread in our society. These robots need to be safe, reliable, respectful of privacy, not manipulable by external agents, and capable of offering explanations of their behavior in order to be accountable and acceptable in our societies. Companies offering robotic services will need to provide mechanisms to address these issues using High Performance Computing (HPC) facilities, where logs and off-line forensic analysis could be addressed if required, but these solutions are still not available in software development frameworks for robots. The aim of this paper is to discuss the implications and interactions among cybersecurity, safety, and explainability with the goal of making autonomous robots more trustworthy.

The pervasive presence of smart objects in almost every corner of our everyday life urges the security of such embedded systems to be the point of attention. Memory vulnerabilities in the embedded program code, such as buffer overflow, are the entry point for powerful attack paradigms such as Code-Reuse Attacks (CRAs), in which attackers corrupt systems’ execution flow and maliciously alter their behavior. Control-Flow Integrity (CFI) has been proven to be the most promising approach against such kinds of attacks, and in the literature, a wide range of flow monitors are proposed, both hardware-based and software-based. While the formers are hardly applicable as they impose design alteration of underlying hardware modules, on the contrary, software solutions are more flexible and also portable to the existing devices. Real-Time Operating Systems (RTOS) and their key role in application development for embedded systems is the main concern regarding the application of the CFI solutions.This paper discusses the still open challenges and issues regarding the implementation of control-flow integrity policies on operating systems for embedded systems, analyzing the solutions proposed so far in the literature, highlighting possible limits in terms of performance, applicability, and protection coverage, and proposing possible improvement directions.

CyberIR@MIT is a dynamic, interactive ontology-based knowledge system focused on the evolving, diverse & complex interconnections of cyberspace & international relations.