AppCon: Mitigating evasion attacks to ML cyber detectors

Adversarial attacks represent a critical issue that prevents the reliable integration of machine learning methods into cyber defense systems. Past work has shown that even proficient detectors are highly affected just by small perturbations to malicious samples, and that existing countermeasures are immature. We address this problem by presenting AppCon, an original approach to harden intrusion detectors against adversarial evasion attacks. Our proposal leverages the integration of ensemble learning to realistic network environments, by combining layers of detectors devoted to monitor the behavior of the applications employed by the organization. Our proposal is validated through extensive experiments performed in heterogeneous network settings simulating botnet detection scenarios, and consider detectors based on distinct machine-and deep-learning algorithms. The results demonstrate the effectiveness of AppCon in mitigating the dangerous threat of adversarial attacks in over 75% of the considered evasion attempts, while not being affected by the limitations of existing countermeasures, such as performance degradation in non-adversarial settings. For these reasons, our proposal represents a valuable contribution to the development of more secure cyber defense platforms

Cyber Law and Espionage Law as Communicating Vessels

Professor Lubin\u27s contribution is Cyber Law and Espionage Law as Communicating Vessels, pp. 203-225. Existing legal literature would have us assume that espionage operations and “below-the-threshold” cyber operations are doctrinally distinct. Whereas one is subject to the scant, amorphous, and under-developed legal framework of espionage law, the other is subject to an emerging, ever-evolving body of legal rules, known cumulatively as cyber law. This dichotomy, however, is erroneous and misleading. In practice, espionage and cyber law function as communicating vessels, and so are better conceived as two elements of a complex system, Information Warfare (IW). This paper therefore first draws attention to the similarities between the practices – the fact that the actors, technologies, and targets are interchangeable, as are the knee-jerk legal reactions of the international community. In light of the convergence between peacetime Low-Intensity Cyber Operations (LICOs) and peacetime Espionage Operations (EOs) the two should be subjected to a single regulatory framework, one which recognizes the role intelligence plays in our public world order and which adopts a contextual and consequential method of inquiry. The paper proceeds in the following order: Part 2 provides a descriptive account of the unique symbiotic relationship between espionage and cyber law, and further explains the reasons for this dynamic. Part 3 places the discussion surrounding this relationship within the broader discourse on IW, making the claim that the convergence between EOs and LICOs, as described in Part 2, could further be explained by an even larger convergence across all the various elements of the informational environment. Parts 2 and 3 then serve as the backdrop for Part 4, which details the attempt of the drafters of the Tallinn Manual 2.0 to compartmentalize espionage law and cyber law, and the deficits of their approach. The paper concludes by proposing an alternative holistic understanding of espionage law, grounded in general principles of law, which is more practically transferable to the cyber realmhttps://www.repository.law.indiana.edu/facbooks/1220/thumbnail.jp

Aplikace principu náležité péče v kybernetickém prostoru

The due diligence principle is a well-established general principle of international law. The adequacy of its use proved in many special regimes of international law, especially in international environmental law. Cyberspace is another regime where the application of the due diligence principle is desirable. An adequate application of the due diligence principle might mitigate the problem of attribution of cyber operations and help in denying safe havens of non-state actors, who conduct malicious operations in cyberspace. The adequacy of the application of the due diligence principle in cyberspace is further indicated by the results of discussions in international fora and by the emerging trend of support of the application in official declarations of States on the application of international law in cyberspace. The thesis further suggests how the due diligence principle should be applied by introducing three elements that trigger the due diligence obligation and three possible adjustments to them. It also identifies the essence of some controversial aspects of the application of the due diligence principle and introduces cyber- specific considerations for the determination of breaches of the due diligence obligation and evaluation of lawfulness of responses to the breach, which consist of acts of retorsion...Princip náležité péče je ustálený obecný princip mezinárodního práva. Jeho použití se osvědčilo v mnoha zvláštních režimech mezinárodního práva, zvláště v mezinárodním právu životního prostředí. Kybernetický prostor je dalším režimem, kde se aplikace principu náležité péče zdá žádoucí. Vhodná aplikace principu náležité péče by mohla zmírnit problém přičitatelnosti kybernetických operací a také pomoci v odstraňování bezpečných přístavů nestátních aktérů provádějících škodlivé kybernetické operace. Vhodnost použití principu náležité péče je dále možno dovozovat z výsledků diskuzí na půdě mezinárodních organizací a nastupujícího trendu podpory aplikace principu v oficiálních prohlášeních států ohledně aplikace mezinárodního práva v kybernetickém prostoru. Tato diplomové práce dále navrhuje, jak by měl být princip náležité péče aplikován. Uvádí tři prvky, které dávají vzniknout povinnosti náležité péče a tři možné přizpůsobující prvky k nim. Práce také představuje podstatu některých sporných aspektů aplikace principu náležité péče a upozorňuje na okolnosti specifické pro kybernetický prostor, které je třeba brát v potaz při určování porušování povinnosti náležité péče a vyhodnocování oprávněnosti reakcí na takové porušení. Práce také vysvětluje, proč princip prevence, který je součástí náležité péče v...Katedra mezinárodního právaDepartment of Public International LawFaculty of LawPrávnická fakult

The Diffusion of Cyber Forces: Military Innovation and the Dynamic Implementation of Cyber Force Structure

What explains the variation in implementation dynamics for cyber forces across militaries? In other words, as cyber forces emerge in states across the international system, why do some militaries undertake wide-ranging implementation efforts with few alterations to cyber force structure, while implementation in other militaries is characterized by a drawn-out, incremental process entailing several changes in cyber force structure? Militaries have been building cyber capabilities since the late 1980s; however, formalized military cyber organizations for these capabilities have only recently emerged. These cyber forces—active-duty military organizations that possess the capability and authority to direct and control computer network operations (CNOs) for strategic ends—have received little attention from scholars. Despite the potential impacts cyber forces might hold for international security dynamics, there exists no comprehensive overview of cyber forces and no analysis on the various ways they have been implemented across militaries. Moreover, current explanations drawn from the diffusion of military innovations remain incomplete in explaining the ways in which cyber force structure change over the course of the implementation process. In this dissertation, I examine the diffusion and implementation of cyber forces and advance a theory of organizational size to account for the varying implementation dynamics across militaries. My dissertation makes two important contributions to the growing literature on cyber conflict. First, I offer a novel typology for categorizing cyber forces and the respective force structures. By classifying cyber forces according to organizational model and scale of command, I identify nine distinct cyber force structures: Subordinated Branch, Subordinated Service, Subordinated Joint, Sub-Unified Branch, Sub-Unified Service, Sub-Unified Joint, Unified Branch, Unified Service, and Unified Joint. The second contribution is empirical: I create the first comprehensive database to catalogue the diffusion of cyber forces and evolution of cyber force structures across state—the Dataset on Cyber Force Structures. This dissertation also makes three broader contributions to the study of the diffusion of military innovations. First, I show how organizational characteristics mitigate diffusion pressures by constraining or enabling innovation and implementation. This dissertation moves past debates that portray militaries as either change-resistant or innovation-seeking organizations by providing a more nuanced claim: organizational characteristics—such as size—can predispose militaries to pursue certain types of changes while creating resistance to others. As such, this dissertation sheds important light on the ways in which the military organizational factors can shape the agency and decisions of those implementing an innovation principle. Second, I advance a stage-based conception of implementation for diffusion frameworks comprised of five stages: pre-adoption, introduction, modification, expansion, and full implementation. This framework can account for both partial and full adoption and provides a way to assess intermediate changes to an innovation prior to its full institutionalization. As a result, I use this framework to showcase the value of stage-based theorizing. Third, this dissertation introduces new methodological tools for testing stage-based hypotheses about adoption and implementation. In conjunction with qualitative analysis, this dissertation utilizes multistate survival modeling to assess variable effects at each stage of the implementation process. Traditional modeling techniques in the military diffusion literature—such as logistic regressions and basic survival modeling—prove both cumbersome and inadequate for assessing stage-based processes. In using multistate survival modeling, I emphasize the importance of matching methods to conceptual and theoretical assumptions

Positioning diplomacy within a strategic response to the cyber conflict threat

Background. Nation states unleash cyber attacks targeting other nation states (e.g. WannaCry, SolarWinds), termed “offensive cyber operations”. When such aggressions are deemed, according to the UN Charter, to constitute a threat to the peace, breach of the peace, or act of aggression towards a nation state, governments might choose to respond. Responses can range from silence all the way to retaliation, at the other end of the scale. The emergence of cyber diplomacy suggests a less militant and potentially powerful response option. Barrinha and Renard [5] explain that the rise of cyber diplomacy has coincided with “a growing contestation of the values, institutions and power dynamics of the liberal-created cyberspace”. (p.3). The question is: how could cyber diplomacy fit into a strategic threat management plan?Aim. To position cyber diplomacy within a strategic response to nation state offensive cyber operations.Method. To help us to position cyber diplomacy’s role in this domain, we first examine historical cyber conflicts, and governments’ responses to these, as well as testing the factors that might explain response choice. We then review a number of proposed options for managing cyber conflicts.Results. We propose a comprehensive “Five D’s” strategic framework to manage the threat of offensive cyber operations. Cyber diplomacy is included, acknowledging its emerging and potentially powerful role in managing cyber conflicts in the future.Conclusions. Cyber diplomacy has recently emerged and it has not yet been widely deployed. We show how it can be positioned within a strategic framework for managing the threat of offensive cyber operations from other nation states

NATO Cyber Defence, 2000-2022

The emergence of more devastating and organized cyber attacks by non-attributable threat actors internationally raises questions about whether classical deterrence theory in its contemporary form has assisted important military defence alliances, like the North Atlantic Treaty Organization (NATO), to adapt to the changing threat landscape. The timeline of the NATO Alliance\u27s adaptation to external cyber threats is examined at critical historical junctures. Changes and adaptation within internal policy-making processes at NATO headquarters and its affiliated centres, think tanks, and military bases are analysed with input from informed decision-makers. The research project demonstrates that NATO policy substantively changed over the period 2000 to June 30, 2022 because the scale and measure of cyber capabilities among 30 NATO Allies (particularly during and after the COVID-19 pandemic) contributed to a two-decade pattern of increasing defensive preparations, including new technologies, extensive military exercises, and military planning intended to counter amplifying hybrid threats in the \u27gray zone\u27 of conventional warfare. NATO implemented different security solutions to cyber space challenges, demonstrating the application of contemporary deterrence theory to current policy. Critical junctures, like major international precedent-setting cyber attacks, influenced cyber defence policy developments at NATO and internal policymaking processes like NATO Summitry. Two conceptual lenses—historical institutionalism and social learning—illuminate understanding of the evolution of NATO\u27s policy development, military exercises, and the training initiatives of affiliated NATO organizations over the period 2000-2022

Hacking for peace: the case for cyber coercion

Are cyber capabilities a useful method for coercive diplomacy? If so, what conditions favor successful cyber coercion to produce a desired victim response? This research explores how cyber coercion can be used as a tool of statecraft to change an adversary’s behavior and examines two cases over three temporal values. Examining the two cases of North Korea versus Sony and Russia versus Estonia illustrates practical lessons about the constraints and abilities of the employment of cyber coercion as well as how victim responses operate on a spectrum and can change over time. In examining George’s seven factors that favor coercive diplomacy and applying them to these cases, this research reveals four additional factors that ought to be included when addressing the dynamics that contribute to a victim changing their behavior in response to cyber coercion. The difference between a low-level attack (e.g. web defacement) compared with a high-level attack (e.g. paralyzing backbone servers) communicates two vastly different levels of threat to a victim and incurs extremely different costs for the victim. These technical aspects of cyber statecraft and their ramifications for cyber coercion are not covered by George’s earlier works on coercive diplomacy, as few people in the 1990s were even considering cyber as a threat landscape. This research does not provide one generalizable theory of how to conduct cyber coercion; rather, it provides a Utilitarian theory that identifies additional factors that favor cyber coercion and contributes to a conditional generalization. Further, it introduces the idea of examining this change in behavior over time to properly assess the impact of cyber coercion on the totality of the victim’s behavior. Extending the time intervals reveals additional critical data necessary to fully analyze the nature of a cyber coercion dyad. Finally, it provides a hybrid method to attain attribution by fusing social science methodology with cybersecurity techniques. Together, this data and method serve to correct the conventional wisdom on two influential cases; this research traces the process that proves why a correction for each case is warranted; and, it shows how the choices an aggressor makes in its cyber coercive strategy can result in different outcomes for the victims

Positioning diplomacy within a strategic response to the cyber conflict threat

Background. Nation states unleash cyber attacks targeting other nation states (e.g. WannaCry, SolarWinds), termed "offensive cyber operations". When such aggressions are deemed, according to the UN Charter, to constitute a threat to the peace, breach of the peace, or act of aggression towards a nation state, governments might choose to respond. Responses can range from silence all the way to retaliation, at the other end of the scale. The emergence of cyber diplomacy suggests a less militant and potentially powerful response option. Barrinha and Renard [5] explain that the rise of cyber diplomacy has coincided with "a growing contestation of the values, institutions and power dynamics of the liberal-created cyberspace". (p.3). The question is: how could cyber diplomacy fit into a strategic threat management plan? Aim. To position cyber diplomacy within a strategic response to nation state offensive cyber operations. Method. To help us to position cyber diplomacy's role in this domain, we first examine historical cyber conflicts, and governments' responses to these, as well as testing the factors that might explain response choice. We then review a number of proposed options for managing cyber conflicts. Results. We propose a comprehensive "Five D's" strategic framework to manage the threat of offensive cyber operations. Cyber diplomacy is included, acknowledging its emerging and potentially powerful role in managing cyber conflicts in the future. Conclusions. Cyber diplomacy has recently emerged and it has not yet been widely deployed. We show how it can be positioned within a strategic framework for managing the threat of offensive cyber operations from other nation states

Tokenized Markets Using Blockchain Technology: Exploring Recent Developments and Opportunities

[EN] The popularity of blockchain technology stems largely from its association with cryptocurrencies, but its potential applications extend beyond this. Fungible tokens, which are interchangeable, can facilitate value transactions, while smart contracts using non-fungible tokens enable the exchange of digital assets. Utilizing blockchain technology, tokenized platforms can create virtual markets that operate without the need for a central authority. In principle, blockchain technology provides these markets with a high degree of security, trustworthiness, and dependability. This article surveys recent developments in these areas, including examples of architectures, designs, challenges, and best practices (case studies) for the design and implementation of tokenized platforms for exchanging digital assets.This work has received financial support from the Horizon Europe Research & amp; Innovation Programme under Grant agreement N. 101092612 (Social and hUman ceNtered XR-SUN project), as well as from the Regional Department of Innovation, Universities, Science and Digital Society of the Generalitat Valenciana "Programa Investigo" (INVEST/2022/342), within the framework of the Plan de Recuperacion, Transformacion y Resiliencia funded by the European Union-NextGenerationEU.Juan-Pérez, ÁA.; Pérez Bernabeu, E.; Li, Y.; Martín, XA.; Ammouriova, M.; Barrios, BB. (2023). Tokenized Markets Using Blockchain Technology: Exploring Recent Developments and Opportunities. Information. 14(6). https://doi.org/10.3390/info1406034714