5 research outputs found

    Forecasting cyber threats & pertinent alleviation technologies

    Get PDF
    Traditionally, cyber-attack detection relies on reactive techniques, where pattern-matching algorithms help human experts to scan system logs and network traffic for known virus signatures. Recent research has introduced effective Machine Learning (ML) models for cyber-attack detection. However, approaches that can forecast attacks likely to happen in the long term are also desirable, as this gives defenders more time to develop defensive actions and tools. Today, long-term predictions of attack waves are based on the subjective perceptiveness of human experts, susceptible to bias. This work introduces a novel ML-based approach that leverages unstructured big data to forecast the trend of cyber-attacks, years in advance. To this end, we develop a framework that utilises a monthly dataset of major cyber incidents in 36 countries over the past 11 years, with new features extracted from big data sources, namely news, government advisories, research literature, and tweets. Our framework not only forecasts attack trends automatically, but also generates a threat cycle that drills down into five key phases that constitute the life cycle of 42 known cyber threats. Our research advances to the next level, by predicting the disparity between cyber-attack trends and the trend of the relevant alleviation technologies. These predictive analyses inform investment decisions in cyber security technologies and provide a fundamental basis for strategic choices by national defence agencies. Here, we expand our dataset with records for the trend of 98 alleviation technologies. Using our expanded dataset, we construct a graph that elucidates the interplay between cyber threats and pertinent alleviation technologies. To forecast the graph, we propose a Bayesian adaptation of a Graph Neural Network (GNN) model. Furthermore, we generate future data projections for the next three years, including the gap between the trend of cyber-attacks and the associated technologies. Consequently, we introduce the concept of "alleviation technologies cycle", delineating the key phases in the life cycle of 98 technologies. To bolster the transparency of our model, we incorporate explainability features, fostering a clear and informed decision-making process

    A visual analytics framework for explainable malware detection in Edge computing networks

    Get PDF
    The emergence of new technologies for the fifth/sixth generation (5G/6G) wireless networks has led to the development of new services, resulting in an increase in malicious activities and cyber-attacks targeting various network layers. Edge computing, a crucial technology enabler for 6G, is expected to facilitate traffic optimisation and support new ultra- low latency services. By integrating computing power from supercomputing servers into devices at the network edge in a distributed manner, edge computing can provide consistent quality-of-service, even in remote areas, which will drive the growth of associated applications. However, the complex environment created by edge computing also poses challenges for detecting malware. Therefore, this paper proposes a novel approach to malware detection using explainability via visualization and a multi-labelling technique. An object detection algorithm is used to identify malware families within the dataset which is created by emphasizing key regions. Using features from different malware categories in an image, this model displays a thorough malware recipe. Our experiments using real malware data demonstrate that identifying malware by its visible characteristics can significantly improve the interpretability of the detection process, enhancing transparency and trustworthiness

    A holistic and proactive approach to forecasting cyber threats

    Get PDF
    Traditionally, cyber-attack detection relies on reactive, assistive techniques, where pattern-matching algorithms help human experts to scan system logs and network traffic for known virus or malware signatures. Recent research has introduced effective Machine Learning (ML) models for cyber-attack detection, promising to automate the task of detecting, tracking and blocking malware and intruders. Much less effort has been devoted to cyber-attack prediction, especially beyond the short-term time scale of hours and days. Approaches that can forecast attacks likely to happen in the longer term are desirable, as this gives defenders more time to develop and share defensive actions and tools. Today, long-term predictions of attack waves are mostly based on the subjective perceptiveness of experienced human experts, which can be impaired by the scarcity of cyber-security expertise. This paper introduces a novel ML-based approach that leverages unstructured big data and logs to forecast the trend of cyber-attacks at a large scale, years in advance. To this end, we put forward a framework that utilises a monthly dataset of major cyber incidents in 36 countries over the past 11 years, with new features extracted from three major categories of big data sources, namely the scientific research literature, news, blogs, and tweets. Our framework not only identifies future attack trends in an automated fashion, but also generates a threat cycle that drills down into five key phases that constitute the life cycle of all 42 known cyber threats

    Forecasting cyber threats and pertinent mitigation technologies

    Get PDF
    Geopolitical instability is exacerbating the risk of catastrophic cyber-attacks striking where defences are weak. Nev- ertheless, cyber-attack trend forecasting predominantly relies on human expertise, which is susceptible to subjectivity and potential bias. As a solution, we have recently presented a novel study that harnesses machine learning for long-term cyber-attack forecast- ing. Building upon this groundwork, our research advances to the next level, by predicting the disparity between cyber-attack trends and the trend of the relevant alleviation technologies. Our predictive analysis aims to offer strategic insights for the decision of investment in cyber security technologies. It also provides a sound foundation for the strategic decisions of national defence agencies. To achieve this objective, we have expanded our dataset, which now encompasses records spanning 42 distinct cyber-attack types and various related features, alongside data concerning the trends of 98 pertinent technologies, dating back to 2011. The dataset features were meticulously curated from diverse sources, including news articles, blogs, government advisories, as well as from platforms such as Elsevier, Twitter, and Python APIs. With our comprehensive dataset in place, we construct a graph that elucidates the intricate interplay between cyber threats and the development of pertinent alleviation technologies. To forecast the graph, we introduce a novel Bayesian adaptation of a recently proposed graph neural network model, which effectively captures and predicts these trends. We further demonstrate the efficacy of our proposed features in this context. Furthermore, our study extends its horizon by generating future data projections for the next three years, encompassing forecasts for the evolving graph, including predictions of the gap between cyber-attack trends and the trend of the associated technologies. As a consequential outcome of our forecasting efforts, we introduce the concept of “alleviation technologies cycle”, delineating the key phases in the life cycle of 98 technologies. These findings serve as a foundational resource, offering valuable guidance for future investment and strategic defence decisions within the realm of cyber security related technologies

    Architecture-based dynamic evolution runtime environment (ADERE) for service-based systems

    No full text
    Continuous availability and flexible customization are key requirements in most of today\u27s SaaS multi-Tenant sys-Tems. In these systems, shutting down and restarting for an up-date comes with a high risk and increased cost. Providing a runtime evolution-centric environment would help in providing highly available systems. However, it is crucial that this solution ensures the system conformance to its architectural constraints, when the runtime evolution occurs, in addition to appropriate state handling. The solution must also consider a system with multiple tenants allowing independent customization for each tenant application, without affecting participating tenants. In this paper, we present an architecture-Aware runtime environ-ment (ADERE) for dynamic SaaS evolution. It builds on the advantages of existing approaches and aims at providing a mid-dleware layer amenable to highly available and highly customi-zable systems. ADERE comes with a light API that is easy to use within applications code
    corecore