Biblio

Cyber attacks keep states, companies and individuals at bay, draining precious resources including time, money, and reputation. Attackers thereby seem to have a first mover advantage leading to a dynamic defender attacker game. Automated approaches taking advantage of Cyber Threat Intelligence on past attacks bear the potential to empower security professionals and hence increase cyber security. Consistently, there has been a lot of research on automated approaches in cyber risk management including works on predictive attack algorithms and threat hunting. Combining data on countermeasures from “MITRE Detection, Denial, and Disruption Framework Empowering Network Defense” and adversarial data from “MITRE Adversarial Tactics, Techniques and Common Knowledge” this work aims at developing methods that enable highly precise and efficient automatic incident response. We introduce Attack Incident Responder, a methodology working with simple heuristics to find the most efficient sets of counter-measures for hypothesized attacks. By doing so, the work contributes to narrowing the attackers first mover advantage. Experimental results are promising high average precisions in predicting effiective defenses when using the methodology. In addition, we compare the proposed defense measures against a static set of defensive techniques offering robust security against observed attacks. Furthermore, we combine the approach of automated incidence response to an approach for threat hunting enabling full automation of security operation centers. By this means, we define a threshold in the precision of attack hypothesis generation that must be met for predictive defense algorithms to outperform the baseline. The calculated threshold can be used to evaluate attack hypothesis generation algorithms. The presented methodology for automated incident response may be a valuable support for information security professionals. Last, the work elaborates on the combination of static base defense with adaptive incidence response for generating a bio-inspired artificial immune system for computerized networks.

An approach to substantiating the choice of a discipline for the maintenance of a redundant computer system, with the possible use of node resources saved after failures, is considered. The choice is aimed at improving the reliability and profitability of the system, taking into account the operational costs of restoring nodes. Models of reliability of systems with service disciplines are proposed, providing both the possibility of immediate recovery of nodes after failures, and allowing degradation of the system when using node resources stored after failures in it. The models take into account the conditions of the admissibility or inadmissibility of the loss of information accumulated during the operation of the system. The operating costs are determined, taking into account the costs of restoring nodes for the system maintenance disciplines under consideration

Under the new situation of China's new infrastructure and digital transformation and upgrading, large IT companies such as the United States occupy the market of key information infrastructure components in important fields such as power and energy in China, which makes the risk of key information infrastructure in China's power enterprises become more and more prominent. In the power Internet of Things environment where everything is connected, the back doors and loopholes of basic software and hardware caused by the supply chain risks of key information infrastructure have broken through the foundation of power cyber-security and information security defense, and the security risk management of power key information infrastructure cyber-security has become urgent. Therefore, this paper studies the construction of the cyber-security management framework of key information infrastructure suitable for electric power enterprises, and defines the security risk assessment norms of each link of equipment access to the network. Implement the national cyber-security requirements, promote the cyber-security risk controllable assessment service of key information infrastructure, improve the security protection level of power grid information system from the source, and promote the construction and improvement of the network and information security system of power industry.

This paper proposes a cybersecurity maturity model to assess the capabilities of medical organizations to identify their level of maturity, prioritizing privacy and personal data protection. There are problems such as data breaches, the lack of security measures in health information, and the poor capacity of organizations to handle cybersecurity threats that generate concern in the health sector as they seek to mitigate risks in cyberspace. The proposal, based upon C2M2 (Cybersecurity Capability Maturity Model), incorporates practices and controls which allow organizations to identify security gaps generated through cyberattacks on sensitive health patient data. This model seeks to integrate the best practices related to privacy and protection of personal data in the Peruvian legal framework through the Administrative Directive No. 294-MINSA and the personal data protection Act No. 29733. The model consists of 3 evaluation phases. 1. Assessment planning; 2. Execution of the evaluation; 3. Implementation of improvements. The model was validated and tested in a public sector medical organization in Lima, Peru. The preliminary results showed that the organization is at Level 1 with 14% of compliance with established controls, 34% in risk, threat and vulnerability management practices and 19% in supply chain management. These the 3 highest percentages of the 10 evaluated domains.

Critical infrastructure is a key area in cybersecurity. In the U.S., it was front and center in 1997 with the report from the President’s Commission on Critical Infrastructure Protection (PCCIP), and now affects countries worldwide. Critical Infrastructure Protection must address all types of cybersecurity threats - insider threat, ransomware, supply chain risk management issues, and so on. Unsurprisingly, in the past 25 years, the risks and incidents have increased rather than decreased and appear in the news daily. As an important component of critical infrastructure protection, secure supply chain risk management must be integrated into development projects. Both areas have important implications for security requirements engineering.

Being a part of today’s technical world, we are connected through a vast network. More we are addicted to these modernization techniques we need security. There must be reliability in a network security system so that it is capable of doing perfect monitoring of the whole network of an organization so that any unauthorized users or intruders wouldn’t be able to halt our security breaches. Firewalls are there for securing our internal network from unauthorized outsiders but still some time possibility of attacks is there as according to a survey 60% of attacks were internal to the network. So, the internal system needs the same higher level of security just like external. So, understanding the value of security measures with accuracy, efficiency, and speed we got to focus on implementing and comparing an improved intrusion detection system. A comprehensive literature review has been done and found that some feature selection techniques with standard scaling combined with Machine Learning Techniques can give better results over normal existing ML Techniques. In this survey paper with the help of the Uni-variate Feature selection method, the selection of 14 essential features out of 41 is performed which are used in comparative analysis. We implemented and compared both binary class classification and multi-class classification-based Intrusion Detection Systems (IDS) for two Supervised Machine Learning Techniques Support Vector Machine and Classification and Regression Techniques.

The major aim of the study is to predict the type of crime that is going to happen based on the crime hotspot detected for the given crime data with engineered spatial features. crime dataset is filtered to have the following 2 crime categories: crime against society, crime against person. Crime hotspots are detected by using the Novel Hierarchical density based Spatial Clustering of Application with Noise (HDBSCAN) Algorithm with the number of clusters optimized using silhouette score. The sample data consists of 501 crime incidents. Future types of crime for the given location are predicted by using the Support Vector Machine (SVM) and Convolutional Neural Network (CNN) algorithms (N=5). The accuracy of crime prediction using Support Vector Machine classification algorithm is 94.01% and Convolutional Neural Network algorithm is 79.98% with the significance p-value of 0.033. The Support Vector Machine algorithm is significantly better in accuracy for prediction of type of crime than Convolutional Neural Network (CNN).

Cyber-attacks against Industrial Control Systems (ICS) can lead to catastrophic events which can be prevented by the use of security measures such as the Intrusion Prevention Systems (IPS). In this work we experimentally demonstrate how to exploit the configuration vulnerabilities of SNORT one of the most adopted IPSs to significantly degrade the effectiveness of the IPS and consequently allowing successful cyber-attacks. We illustrate how to design a batch script able to retrieve and modify the configuration files of SNORT in order to disable its ability to detect and block Denial of Service (DoS) and ARP poisoning-based Man-In-The-Middle (MITM) attacks against a Programmable Logic Controller (PLC) in an ICS network. Experimental tests performed on a water distribution testbed show that, despite the presence of IPS, the DoS and ARP spoofed packets reach the destination causing respectively the disconnection of the PLC from the ICS network and the modification of packets payload.

Nowadays, the number of new websites in Thailand has been increasing every year. However, there is a lack of security on some of those websites which causes negative effects and damage. This has also resulted in numerous violations. As a result, these violations cause delays in the situation analysis. Additionally, the cost of effective and well-established digital forensics tools is still expensive. Therefore, this paper has presented the idea of using freeware digital forensics tools to test their performances and compare them with the standards of the digital forensics process. The results of the paper suggest that the tested tools have significant differences in functions and process. WEFA Web Forensics tool is the most effective tool as it supports 3 standards up to 8 out of 10 processes, followed by Browser History View which supports 7 processes, Browser History Spy and Browser Forensic Web Tool respectively, supports 5 processes. The Internet history Browser supports 4 processes as compared to the basic process of the standardization related to forensics.

The model called CSAI-4-CPS is proposed to characterize the use of Artificial Intelligence in Cybersecurity applied to the context of CPS - Cyber-Physical Systems. The model aims to establish a methodology being able to self-adapt using shared machine learning models, without incurring the loss of data privacy. The model will be implemented in a generic framework, to assess accuracy across different datasets, taking advantage of the federated learning and machine learning approach. The proposed solution can facilitate the construction of new AI cybersecurity tools and systems for CPS, enabling a better assessment and increasing the level of security/robustness of these systems more efficiently.

Although 6LoWPAN has brought about a revolutionary leap in networking for Low-power Lossy Networks, challenges still exist, including security concerns that are yet to answer. The most common type of attack on 6LoWPANs is the network layer, especially routing attacks, since the very members of a 6LoWPAN network have to carry out packet forwarding for the whole network. According to the initial purpose of IoT, these nodes are expected to be resource-deficient electronic devices with an utterly stochastic time pattern of attachment or detachment from a network. This issue makes preserving their authenticity or identifying their malignity hard, if not impossible. Since 6LoWPAN is a successor and a hybrid of previously developed wireless technologies, it is inherently prone to cyber-attacks shared with its predecessors, especially Wireless Sensor Networks (WSNs) and WPANs. On the other hand, multiple attacks have been uniquely developed for 6LoWPANs due to the unique design of the network layer protocol of 6LoWPANs known as RPL. While there exist publications about attacks on 6LoWPANs, a comprehensive survey exclusively on RPL-specific attacks is felt missing to bold the discrimination between the RPL-specific and non-specific attacks. Hence, the urge behind this paper is to gather all known attacks unique to RPL in a single volume.

Distributed wind is an electric energy resource segment with strong potential to be deployed in many applications, but special consideration of resilience and cybersecurity is needed to address the unique conditions associated with distributed wind. Distributed wind is a strong candidate to help meet renewable energy and carbon-free energy goals. However, care must be taken as more systems are installed to ensure that the systems are reliable, resilient, and secure. The physical and communications requirements for distributed wind mean that there are unique cybersecurity considerations, but there is little to no existing guidance on best practices for cybersecurity risk management for distributed wind systems specifically. This research develops an architecture for managing cyber risks associated with distributed wind systems through resilience functions. The architecture takes into account the configurations, challenges, and standards for distributed wind to create a risk-focused perspective that considers threats, vulnerabilities, and consequences. We show how the resilience functions of identification, preparation, detection, adaptation, and recovery can mitigate cyber threats. We discuss common distributed wind architectures and interconnections to larger power systems. Because cybersecurity cannot exist independently, the cyber-resilience architecture must consider the system holistically. Finally, we discuss risk assessment recommendations with special emphasis on what sets distributed wind systems apart from other distributed energy resources (DER).

Recent technological advancements have proliferated the use of small embedded devices for collecting, processing, and transferring the security-critical information. The Internet of Things (IoT) has enabled remote access and control of these network-connected devices. Consequently, an attacker can exploit security vulnerabilities and compromise these devices. In this context, the secure boot becomes a useful security mechanism to verify the integrity and authenticity of the software state of the devices. However, the current secure boot schemes focus on detecting the presence of potential malware on the device but not on disinfecting and restoring the software to a benign state. This manuscript presents CARE - the first secure boot framework that provides malicious code modification attack detection, resilience, and onboard recovery mechanism for the compromised devices. The framework uses a prototype hybrid CARE: Code Authentication and Resilience Engine to verify the integrity and authenticity of the software and restore it to a benign state. It uses Physical Memory Protection (PMP) and other security enchaining techniques of RISC-V processor to provide resilience from modern attacks. The state-of-the-art comparison and performance analysis results indicate that the proposed secure boot framework provides promising resilience and recovery mechanism with very little (8%) performance and resource overhead.

We propose Cleann, the first end-to-end framework that enables online mitigation of Trojans for embedded Deep Neural Network (DNN) applications. A Trojan attack works by injecting a backdoor in the DNN while training; during inference, the Trojan can be activated by the specific backdoor trigger. What differentiates Cleann from the prior work is its lightweight methodology which recovers the ground-truth class of Trojan samples without the need for labeled data, model retraining, or prior assumptions on the trigger or the attack. We leverage dictionary learning and sparse approximation to characterize the statistical behavior of benign data and identify Trojan triggers. Cleann is devised based on algorithm/hardware co-design and is equipped with specialized hardware to enable efficient real-time execution on resource-constrained embedded platforms. Proof of concept evaluations on Cleann for the state-of-the-art Neural Trojan attacks on visual benchmarks demonstrate its competitive advantage in terms of attack resiliency and execution overhead.

Currently, the increasing complexity of DDoS attacks makes it difficult for modern security systems to track them. Machine learning techniques are increasingly being used in such systems as they are well established. However, a new problem arose: the creation of informative datasets. Generative adversarial networks can help create large, high-quality datasets for machine learning training. The article discusses the issue of using generative adversarial networks to generate new patterns of network attacks for the purpose of their further use in training.

Although the Pixel-Value Differencing (PVD) steganography can avoid being detected by the RS steganalysis, the histogram of the pixel-value differences poses an abnormal distribution. Based on this hiding characteristic, this paper proposes a PVD steganalysis based on chi-Square statistics. The degrees of freedom were adopted to be tested for obtaining various detection accuracies (ACs). Experimental results demonstrate the detection accuracies are all above 80%. When the degrees of freedom are set as 10 while the accuracy is the best (AC = 83%). It means that the proposed Chi-Square based method is an efficient detection for PVD steganography.

Existing search-based coverless text steganography algorithms according to the characteristics of the text, do not need to modify the carrier, and have good resistance to detection, but they rely on a large text data set and have a limited hiding capacity. For this reason, this paper proposes a coverless steganography method based on the source XML file organization of the OOXML documents from a new perspective. It analyzes the organization of OOXML documents, and uses the differences of organization to construct the mapping between documents and secret information, so as to realize the coverless information hiding. To achieve the efficiency of information hiding, a compound tree model is designed and introduced to construct the OOXML document category library. Compared with the existing coverless information hiding methods, the text set size that this method relies on is significantly reduced, and the flexibility of the mapping is higher under the similar hiding capacity.

JavaScript is a client-side scripting language that is widely used in web applications. It is dynamic, loosely-typed and prototype-based with first-class functions. The dynamic nature of JavaScript makes it powerful and highly flexible in almost every way. However, this flexibility may result in what is known as code smells. Code smells are characteristics in the source code of a program that usually correspond to a deeper problem. They can lead to a variety of comprehension and maintenance issues and they may impact fault- and change-proneness of the application in the future. We present TAJSlint, an automated code smell detection tool for JavaScript programs that is based on static analysis. TAJSlint includes a set of 14 code smells, 9 of which are collected from various sources and 5 new smells we propose. We conduct an empirical evaluation of TAJSlint on a number of JavaScript projects and show that TAJSlint achieves an overall precision of 98% with a small number of false positives. We also study the prevalence of code smells in these projects.

Internet of Things (IoT) is becoming an emerging paradigm to provide pervasive connectivity where “anything“ can be connected “anywhere” at “anytime” via massive deployment of physical objects like sensors, controllers, and actuators. However, the open nature of wireless communications and the energy constraint of the IoT devices impose strong security concerns. In this context, traditional cryptographic techniques may not be suitable in such a resource-constrained network. To address this problem, an effective security solution that ensures a trade-off between security effectiveness and energy efficiency is required. In this paper, we exploit cooperative transmission between sensor nodes in IoT for e-Health application, as a promising technique to enhance the physical layer security of wireless communications in terms of secrecy capacity while considering the resource-impoverished devices. Specifically, we propose a dynamic and cooperative virtual multiple-input and multiple-output (MIMO) configuration approach based on game theory to preserve the confidentiality of the transmitted messages with high energy savings. For this purpose, we model the physical layer security cooperation problem as a non-transferable coalition formation game. The set of cooperative devices form a virtual dynamically-configured MIMO network that is able to securely and efficiently transmit data to the destination. Simulation results show that the proposed game-based virtual MIMO configuration approach can improve the average secrecy capacity per device as well as the network lifetime compared to non-cooperative transmission.

One of the most dangerous threats on the internet nowadays is phishing attacks. This type of attack can lead to data breaches, and with it to image and financial loss in a company. The most common technique to exploit this type of attack is by sending emails to the target users to trick them to send their credentials to the attacker servers. If the user clicks on the link from the email, then good detection is needed to protect the user credentials. Many papers presented Computer Vision as a good detection technique, but we will explain why this solution can generate lots of false positives in some important environments. This paper focuses on challenges of the Computer Vision detection technique and proposes a combination of multiple techniques together with Computer Vision technique in order to solve the challenges we have shown. We also will present a methodology to detect phishing attacks that will work with the proposed combination techniques.

As the mobile Internet is developing rapidly, people who use cell phones to access the Internet dominate, and the mobile Internet has changed the development environment of online public opinion and made online public opinion events spread more widely. In the online environment, any kind of public issues may become a trigger for the generation of public opinion and thus need to be controlled for network supervision. The method in this paper can identify entities from the event texts obtained from mobile Today's Headlines, People's Daily, etc., and informatize security of public opinion in event instances, thus strengthening network supervision and control in mobile, and providing sufficient support for national security event management. In this paper, we present a SW-BiLSTM-CRF model, as well as a model combining the RoBERTa pre-trained model with the classical neural network BiLSTM model. Our experiments show that this approach provided achieves quite good results on Chinese emergency corpus, with accuracy and F1 values of 87.21% and 78.78%, respectively.

The rise of artificial intelligence plays an important role in social progress and economic development, which is a hot topic in the Internet industry. In the past few years, the Chinese government has vigorously increased policy support to promote the golden age of artificial intelligence. However, with the rapid development of artificial intelligence, the copyright protection and intellectual property legislation of artificial intelligence products have brought some challenges.

STAMP (System Theoretic Accident Model and Processes) is one of the theories that has been attracting attention as a new safety analysis method for complex systems. CAST (Causal Analysis using System Theory) is a causal analysis method based on STAMP theory. The authors investigated an information security incident case, “AIST (National Institute of Advanced Industrial Science and Technology) report on unauthorized access to information systems,” and attempted accident analysis using CAST. We investigated whether CAST could be applied to the cyber security analysis. Since CAST is a safety accident analysis technique, this study was the first to apply CAST to cyber security incidents. Its effectiveness was confirmed from the viewpoint of the following three research questions. Q1:Features of CAST as an accident analysis method Q2:Applicability and impact on security accident analysis Q3:Understanding cyber security incidents with a five-layer model.

Game theory is a branch of modern mathematics, which is a mathematical method to study how decision-makers should make decisions in order to strive for the maximum interests in the process of competition. In this paper, from the perspective of offensive and defensive confrontation, using game theory for reference, we build a dynamic evaluation model of information system security risk based on static game model. By using heisani transformation, the uncertainty of strategic risk of offensive and defensive sides is transformed into the uncertainty of each other's type. The security risk of pure defense strategy and mixed defense strategy is analyzed quantitatively, On this basis, an information security risk assessment algorithm based on static game model is designed.

Industrial Control Systems (ICS) are complex systems made up of many components with different tasks. For a safe and secure operation, each device needs to carry out its tasks correctly. To monitor a system and ensure the correct behavior of systems, anomaly detection is used.Models of expected behavior often rely only on cyber or physical features for anomaly detection. We propose an anomaly detection system that combines both types of features to create a dynamic fingerprint of an ICS. We present how a cyber-physical anomaly detection using sound on the physical layer can be designed, and which challenges need to be overcome for a successful implementation. We perform an initial evaluation for identifying actions of a 3D printer.