Cyber-Physical Threat Intelligence for Critical Infrastructures Security

Modern critical infrastructures can be considered as large scale Cyber Physical Systems (CPS). Therefore, when designing, implementing, and operating systems for Critical Infrastructure Protection (CIP), the boundaries between physical security and cybersecurity are blurred. Emerging systems for Critical Infrastructures Security and Protection must therefore consider integrated approaches that emphasize the interplay between cybersecurity and physical security techniques. Hence, there is a need for a new type of integrated security intelligence i.e., Cyber-Physical Threat Intelligence (CPTI). This book presents novel solutions for integrated Cyber-Physical Threat Intelligence for infrastructures in various sectors, such as Industrial Sites and Plants, Air Transport, Gas, Healthcare, and Finance. The solutions rely on novel methods and technologies, such as integrated modelling for cyber-physical systems, novel reliance indicators, and data driven approaches including BigData analytics and Artificial Intelligence (AI). Some of the presented approaches are sector agnostic i.e., applicable to different sectors with a fair customization effort. Nevertheless, the book presents also peculiar challenges of specific sectors and how they can be addressed. The presented solutions consider the European policy context for Security, Cyber security, and Critical Infrastructure protection, as laid out by the European Commission (EC) to support its Member States to protect and ensure the resilience of their critical infrastructures. Most of the co-authors and contributors are from European Research and Technology Organizations, as well as from European Critical Infrastructure Operators. Hence, the presented solutions respect the European approach to CIP, as reflected in the pillars of the European policy framework. The latter includes for example the Directive on security of network and information systems (NIS Directive), the Directive on protecting European Critical Infrastructures, the General Data Protection Regulation (GDPR), and the Cybersecurity Act Regulation. The sector specific solutions that are described in the book have been developed and validated in the scope of several European Commission (EC) co-funded projects on Critical Infrastructure Protection (CIP), which focus on the listed sectors. Overall, the book illustrates a rich set of systems, technologies, and applications that critical infrastructure operators could consult to shape their future strategies. It also provides a catalogue of CPTI case studies in different sectors, which could be useful for security consultants and practitioners as well

Cyber-Physical Threat Intelligence for Critical Infrastructures Security

Modern critical infrastructures can be considered as large scale Cyber Physical Systems (CPS). Therefore, when designing, implementing, and operating systems for Critical Infrastructure Protection (CIP), the boundaries between physical security and cybersecurity are blurred. Emerging systems for Critical Infrastructures Security and Protection must therefore consider integrated approaches that emphasize the interplay between cybersecurity and physical security techniques. Hence, there is a need for a new type of integrated security intelligence i.e., Cyber-Physical Threat Intelligence (CPTI). This book presents novel solutions for integrated Cyber-Physical Threat Intelligence for infrastructures in various sectors, such as Industrial Sites and Plants, Air Transport, Gas, Healthcare, and Finance. The solutions rely on novel methods and technologies, such as integrated modelling for cyber-physical systems, novel reliance indicators, and data driven approaches including BigData analytics and Artificial Intelligence (AI). Some of the presented approaches are sector agnostic i.e., applicable to different sectors with a fair customization effort. Nevertheless, the book presents also peculiar challenges of specific sectors and how they can be addressed. The presented solutions consider the European policy context for Security, Cyber security, and Critical Infrastructure protection, as laid out by the European Commission (EC) to support its Member States to protect and ensure the resilience of their critical infrastructures. Most of the co-authors and contributors are from European Research and Technology Organizations, as well as from European Critical Infrastructure Operators. Hence, the presented solutions respect the European approach to CIP, as reflected in the pillars of the European policy framework. The latter includes for example the Directive on security of network and information systems (NIS Directive), the Directive on protecting European Critical Infrastructures, the General Data Protection Regulation (GDPR), and the Cybersecurity Act Regulation. The sector specific solutions that are described in the book have been developed and validated in the scope of several European Commission (EC) co-funded projects on Critical Infrastructure Protection (CIP), which focus on the listed sectors. Overall, the book illustrates a rich set of systems, technologies, and applications that critical infrastructure operators could consult to shape their future strategies. It also provides a catalogue of CPTI case studies in different sectors, which could be useful for security consultants and practitioners as well

Generative Methods, Meta-learning, and Meta-heuristics for Robust Cyber Defense

Cyberspace is the digital communications network that supports the internet of battlefield things (IoBT), the model by which defense-centric sensors, computers, actuators and humans are digitally connected. A secure IoBT infrastructure facilitates real time implementation of the observe, orient, decide, act (OODA) loop across distributed subsystems. Successful hacking efforts by cyber criminals and strategic adversaries suggest that cyber systems such as the IoBT are not secure. Three lines of effort demonstrate a path towards a more robust IoBT. First, a baseline data set of enterprise cyber network traffic was collected and modelled with generative methods allowing the generation of realistic, synthetic cyber data. Next, adversarial examples of cyber packets were algorithmically crafted to fool network intrusion detection systems while maintaining packet functionality. Finally, a framework is presented that uses meta-learning to combine the predictive power of various weak models. This resulted in a meta-model that outperforms all baseline classifiers with respect to overall accuracy of packets, and adversarial example detection rate. The National Defense Strategy underscores cybersecurity as an imperative to defend the homeland and maintain a military advantage in the information age. This research provides both academic perspective and applied techniques to to further the cybersecurity posture of the Department of Defense into the information age

An Approach to Guide Users Towards Less Revealing Internet Browsers

When browsing the Internet, HTTP headers enable both clients and servers send extra data in their requests or responses such as the User-Agent string. This string contains information related to the sender’s device, browser, and operating system. Previous research has shown that there are numerous privacy and security risks result from exposing sensitive information in the User-Agent string. For example, it enables device and browser fingerprinting and user tracking and identification. Our large analysis of thousands of User-Agent strings shows that browsers differ tremendously in the amount of information they include in their User-Agent strings. As such, our work aims at guiding users towards using less exposing browsers. In doing so, we propose to assign an exposure score to browsers based on the information they expose and vulnerability records. Thus, our contribution in this work is as follows: first, provide a full implementation that is ready to be deployed and used by users. Second, conduct a user study to identify the effectiveness and limitations of our proposed approach. Our implementation is based on using more than 52 thousand unique browsers. Our performance and validation analysis show that our solution is accurate and efficient. The source code and data set are publicly available and the solution has been deployed

Survival in the e-conomy: 2nd Australian information warfare & security conference 2001

This is an international conference for academics and industry specialists in information warfare, security, and other related fields. The conference has drawn participants from national and international organisations

Neural-Kalman Schemes for Non-Stationary Channel Tracking and Learning

This Thesis focuses on channel tracking in Orthogonal Frequency-Division Multiplexing (OFDM), a widely-used method of data transmission in wireless communications, when abrupt changes occur in the channel. In highly mobile applications, new dynamics appear that might make channel tracking non-stationary, e.g. channels might vary with location, and location rapidly varies with time. Simple examples might be the di erent channel dynamics a train receiver faces when it is close to a station vs. crossing a bridge vs. entering a tunnel, or a car receiver in a route that grows more tra c-dense. Some of these dynamics can be modelled as channel taps dying or being reborn, and so tap birth-death detection is of the essence. In order to improve the quality of communications, we delved into mathematical methods to detect such abrupt changes in the channel, such as the mathematical areas of Sequential Analysis/ Abrupt Change Detection and Random Set Theory (RST), as well as the engineering advances in Neural Network schemes. This knowledge helped us nd a solution to the problem of abrupt change detection by informing and inspiring the creation of low-complexity implementations for real-world channel tracking. In particular, two such novel trackers were created: the Simpli- ed Maximum A Posteriori (SMAP) and the Neural-Network-switched Kalman Filtering (NNKF) schemes. The SMAP is a computationally inexpensive, threshold-based abrupt-change detector. It applies the three following heuristics for tap birth-death detection: a) detect death if the tap gain jumps into approximately zero (memoryless detection); b) detect death if the tap gain has slowly converged into approximately zero (memory detection); c) detect birth if the tap gain is far from zero. The precise parameters for these three simple rules can be approximated with simple theoretical derivations and then ne-tuned through extensive simulations. The status detector for each tap using only these three computationally inexpensive threshold comparisons achieves an error reduction matching that of a close-to-perfect path death/birth detection, as shown in simulations. This estimator was shown to greatly reduce channel tracking error in the target Signal-to-Noise Ratio (SNR) range at a very small computational cost, thus outperforming previously known systems. The underlying RST framework for the SMAP was then extended to combined death/birth and SNR detection when SNR is dynamical and may drift. We analyzed how di erent quasi-ideal SNR detectors a ect the SMAP-enhanced Kalman tracker's performance. Simulations showed SMAP is robust to SNR drift in simulations, although it was also shown to bene t from an accurate SNR detection. The core idea behind the second novel tracker, NNKFs, is similar to the SMAP, but now the tap birth/death detection will be performed via an arti cial neuronal network (NN). Simulations show that the proposed NNKF estimator provides extremely good performance, practically identical to a detector with 100% accuracy. These proposed Neural-Kalman schemes can work as novel trackers for multipath channels, since they are robust to wide variations in the probabilities of tap birth and death. Such robustness suggests a single, low-complexity NNKF could be reusable over di erent tap indices and communication environments. Furthermore, a di erent kind of abrupt change was proposed and analyzed: energy shifts from one channel tap to adjacent taps (partial tap lateral hops). This Thesis also discusses how to model, detect and track such changes, providing a geometric justi cation for this and additional non-stationary dynamics in vehicular situations, such as road scenarios where re ections on trucks and vans are involved, or the visual appearance/disappearance of drone swarms. An extensive literature review of empirically-backed abrupt-change dynamics in channel modelling/measuring campaigns is included. For this generalized framework of abrupt channel changes that includes partial tap lateral hopping, a neural detector for lateral hops with large energy transfers is introduced. Simulation results suggest the proposed NN architecture might be a feasible lateral hop detector, suitable for integration in NNKF schemes. Finally, the newly found understanding of abrupt changes and the interactions between Kalman lters and neural networks is leveraged to analyze the neural consequences of abrupt changes and brie y sketch a novel, abrupt-change-derived stochastic model for neural intelligence, extract some neuro nancial consequences of unstereotyped abrupt dynamics, and propose a new portfolio-building mechanism in nance: Highly Leveraged Abrupt Bets Against Failing Experts (HLABAFEOs). Some communication-engineering-relevant topics, such as a Bayesian stochastic stereotyper for hopping Linear Gauss-Markov (LGM) models, are discussed in the process. The forecasting problem in the presence of expert disagreements is illustrated with a hopping LGM model and a novel structure for a Bayesian stereotyper is introduced that might eventually solve such problems through bio-inspired, neuroscienti cally-backed mechanisms, like dreaming and surprise (biological Neural-Kalman). A generalized framework for abrupt changes and expert disagreements was introduced with the novel concept of Neural-Kalman Phenomena. This Thesis suggests mathematical (Neural-Kalman Problem Category Conjecture), neuro-evolutionary and social reasons why Neural-Kalman Phenomena might exist and found signi cant evidence for their existence in the areas of neuroscience and nance. Apart from providing speci c examples, practical guidelines and historical (out)performance for some HLABAFEO investing portfolios, this multidisciplinary research suggests that a Neural- Kalman architecture for ever granular stereotyping providing a practical solution for continual learning in the presence of unstereotyped abrupt dynamics would be extremely useful in communications and other continual learning tasks.Programa de Doctorado en Multimedia y Comunicaciones por la Universidad Carlos III de Madrid y la Universidad Rey Juan CarlosPresidente: Luis Castedo Ribas.- Secretaria: Ana García Armada.- Vocal: José Antonio Portilla Figuera

Novel Attacks and Defenses for Enterprise Internet-of-Things (E-IoT) Systems

This doctoral dissertation expands upon the field of Enterprise Internet-of-Things (E-IoT) systems, one of the most ubiquitous and under-researched fields of smart systems. E-IoT systems are specialty smart systems designed for sophisticated automation applications (e.g., multimedia control, security, lighting control). E-IoT systems are often closed source, costly, require certified installers, and are more robust for their specific applications. This dissertation begins with an analysis of the current E-IoT threat landscape and introduces three novel attacks and defenses under-studied software and protocols heavily linked to E-IoT systems. For each layer, we review the literature for the threats, attacks, and countermeasures. Based on the systematic knowledge we obtain from the literature review, we propose three novel attacks and countermeasures to protect E-IoT systems. In the first attack, we present PoisonIvy, several attacks developed to show that malicious E-IoT drivers can be used to compromise E-IoT. In response to PoisonIvy threats, we describe Ivycide, a machine-learning network-based solution designed to defend E-IoT systems against E-IoT driver threats. As multimedia control is a significant application of E-IoT, we introduce is HDMI-Walk, a novel attack vector designed to demonstrate that HDMI\u27s Consumer Electronics Control (CEC) protocol can be used to compromise multiple devices through a single connection. To defend devices from this threat, we introduce HDMI-Watch, a standalone intrusion detection system (IDS) designed to defend HDMI-enabled devices from HDMI-Walk-style attacks. Finally, this dissertation evaluates the security of E-IoT proprietary protocols with LightingStrike, a series of attacks used to demonstrate that popular E-IoT proprietary communication protocols are insecure. To address LightningStrike threats, we introduce LGuard, a complete defense framework designed to defend E-IoT systems from LightingStrike-style attacks using computer vision, traffic obfuscation, and traffic analysis techniques. For each contribution, all of the defense mechanisms proposed are implemented without any modification to the underlying hardware or software. All attacks and defenses in this dissertation were performed with implementations on widely-used E-IoT devices and systems. We believe that the research presented in this dissertation has notable implications on the security of E-IoT systems by exposing novel threat vectors, raising awareness, and motivating future E-IoT system security research

A study of standards and the mitigation of risk in information systems

Organisations from the multinational Organisation for Economic Cooperation and Development through to national initiatives such as the UK's Cabinet Office, have recognised that risk - the realisation of undesirable outcomes - needs a firm framework of policy and action for mitigation. Many standards have been set that implicitly or explicitly expect to manage risk in information systems, so creating a framework of such standards would steer outcomes to desirable results.This study applies a mixed methodology of desk enquiries, surveys, and action research to investigate how the command and control of information systems may be regulated by the fusion and fission of tacit knowledge in standards comprising the experience and inductive reasoning of experts. Information system user organisations from the membership of The National Computing Centre provided the working environment in which the research was conducted in real time. The research shows how a taxonomy of risks can be selected, and how a validated catalogue of standards which describe the mitigation of those risks can be assembled taking the quality of fit and expertise required to apply the standards into account. The work bridges a gap in the field by deriving a measure of organisational risk appetite with respect to information systems and the risk attitude of individuals, and linking them to a course of action - through the application of standards - to regulate the performance of information systems within a defined tolerance. The construct of a methodology to learn about a framework of ideas has become an integral part of the methodology itself with the standards forming the framework and providing direction of its application.The projects that comprise the research components have not proven the causal link between standards and the removal of risk, leaving this ripe for a narrowly scoped, future investigation. The thesis discusses the awareness of risk and the propensity for its management, developing this into the definition of a framework of standards to mitigate known risks in information systems with a new classification scheme that cross-references the efficacy of a standard with the expertise expected from those who apply it. The thesis extends this to the idea that the framework can be scaled to the views of stakeholders, used to detect human vulnerabilities in information systems, and developed to absorb the lessons learnt from emergent risk. The research has clarified the investigation of the security culture in the thrall of an information system and brought the application of technical and management standards closer to overcoming the social and psychological barriers that practitioners and researchers must overcome.EThOS - Electronic Theses Online ServiceGBUnited Kingdo

Personality Identification from Social Media Using Deep Learning: A Review

Social media helps in sharing of ideas and information among people scattered around the world and thus helps in creating communities, groups, and virtual networks. Identification of personality is significant in many types of applications such as in detecting the mental state or character of a person, predicting job satisfaction, professional and personal relationship success, in recommendation systems. Personality is also an important factor to determine individual variation in thoughts, feelings, and conduct systems. According to the survey of Global social media research in 2018, approximately 3.196 billion social media users are in worldwide. The numbers are estimated to grow rapidly further with the use of mobile smart devices and advancement in technology. Support vector machine (SVM), Naive Bayes (NB), Multilayer perceptron neural network, and convolutional neural network (CNN) are some of the machine learning techniques used for personality identification in the literature review. This paper presents various studies conducted in identifying the personality of social media users with the help of machine learning approaches and the recent studies that targeted to predict the personality of online social media (OSM) users are reviewed