A Self-Organising Multi-Agent System For Decentralised Forensic Investigations

As network-based threats continue to evolve more rapidly, detecting and responding to intrusion attempts in real-time requires an increasingly automated and intelligent response. This paper provides an agent-based framework for the analysis of cyber events within networks of varying sizes to detect complex multi-stage attacks. Agents are used as intelligent systems to explore domain specific and situational information showing the benefit of adaptive technologies that proactively analyse security events in real time. We introduce several algorithms to encapsulate and manage the traditional detection technologies and provide agent-based performance introspection as a mechanism to identify poorly performing systems. Our evaluation shows that the algorithms can reduce the amount of processing needed to analyse a security event by over 50% and improve the detection rate by up to 20% by introducing corrective systems to reduce false alarm rates in error-prone environments

A Multi-Agent Approach to Advanced Persistent Threat Detection in Networked Systems

Advanced cyber threats that are well planned, funded and stealthy are an increasing issue facing secure networked systems. As our reliance on protected networked systems continues to grow, the motivation for developing new malicious techniques that cannot be easily detected by traditional signature-based systems, and that make use of previously unseen zero-day vulnerabilities, continues to grow. Lack of adaptivity, extended data-collection and generalised algorithms to detect stealthy attacks is contributing to the insecurity of modern networked systems. To protect these networks, new approaches that can monitor and respond to indicators of compromise in a reflective way that considers all of the available evidence rather than individual points of data is required. This thesis presents a novel approach to intrusion detection and specifically focuses on detecting advanced persistent threats which are characteristically stealthy and evasive attacks. This approach offers a multi-agent model for automatically collecting, analysing and classifying data in a distributed way that considers the context in which the data was found. Using a context-based classification that considers the likelihood of a data-point being a false alarm or legitimate is used to decrease the prevalence of erroneous classifications and regulate continuation of the data collection process. Using this architecture, a detection rate increase of up to 20% is achieved in false alarm environments and an efficiency increase of up to 50% made over traditional monolithic intrusion detection systems. Additionally, the shortcomings of algorithms to detect stealthy attacks are addressed by providing a generalised anomaly detection algorithm for detecting the initial traces of an attack and deploying the proposed multi-agent model to investigate the attack further. The generalised algorithms can detect a wide variety of network-based attacks at an average detection rate of 85% providing an accurate and scalable way to detect the initial traces of compromise. The main novelty of this thesis is providing systems for detecting attacks where the threat model is increasingly stealthy and assumed capable of bypassing traditional signature-based approaches. The multi-agent architecture is unique in its ability, and the generalised anomaly detection algorithm is novel in detecting a variety of different cyber attacks from the network-flow layer. The evidence from this research suggests that context-based evidence gathering can provide a more efficient approach to analysing data and the generalised anomaly detection algorithm can be applied widely to detect attack indicators

A study of EU data protection regulation and appropriate security for digital services and platforms

A law often has more than one purpose, more than one intention, and more than one interpretation. A meticulously formulated and context agnostic law text will still, when faced with a field propelled by intense innovation, eventually become obsolete. The European Data Protection Directive is a good example of such legislation. It may be argued that the technological modifications brought on by the EU General Data Protection Regulation (GDPR) are nominal in comparison to the previous Directive, but from a business perspective the changes are significant and important. The Directive’s lack of direct economic incentive for companies to protect personal data has changed with the Regulation, as companies may now have to pay severe fines for violating the legislation. The objective of the thesis is to establish the notion of trust as a key design goal for information systems handling personal data. This includes interpreting the EU legislation on data protection and using the interpretation as a foundation for further investigation. This interpretation is connected to the areas of analytics, security, and privacy concerns for intelligent service development. Finally, the centralised platform business model and its challenges is examined, and three main resolution themes for regulating platform privacy are proposed. The aims of the proposed resolutions are to create a more trustful relationship between providers and data subjects, while also improving the conditions for competition and thus providing data subjects with service alternatives. The thesis contributes new insights into the evolving privacy practices in the digital society at an important time of transition from the service driven business models to the platform business models. Firstly, privacy-related regulation and state of the art analytics development are examined to understand their implications for intelligent services that are based on automated processing and profiling. The ability to choose between providers of intelligent services is identified as the core challenge. Secondly, the thesis examines what is meant by appropriate security for systems that handle personal data, something the GDPR requires that organisations use without however specifying what can be considered appropriate. We propose a method for active network security in web software that is developed through the use of analytics for detection and by inserting data generators into a software installation. The active network security method is proposed as a framework for achieving compliance with the GDPR requirements for services and platforms to use appropriate security. Thirdly, the platform business model is considered from the privacy point of view and the implication of “processing silos” for intelligent services. The centralised platform model is considered problematic from both the data subject and from the competition standpoint. A resolution is offered for enabling user-initiated open data flow to counter the centralised “processing silos”, and thereby to facilitate the introduction of decentralised platforms. The thesis provides an interdisciplinary analysis considering the legal study (lex lata) and additionally the resolution (lex ferenda) is defined through argumentativist legal dogmatics and (de lege ferenda) of how the legal framework ought to be adapted to fit the described environment. User-friendly Legal Science is applied as a theory framework to provide a holistic approach to answering the research questions. The User-friendly Legal Science theory has its roots in design science and offers a way towards achieving interdisciplinary research in the fields of information systems and legal science

The future of Cybersecurity in Italy: Strategic focus area

This volume has been created as a continuation of the previous one, with the aim of outlining a set of focus areas and actions that the Italian Nation research community considers essential. The book touches many aspects of cyber security, ranging from the definition of the infrastructure and controls needed to organize cyberdefence to the actions and technologies to be developed to be better protected, from the identification of the main technologies to be defended to the proposal of a set of horizontal actions for training, awareness raising, and risk management

Governance, marketplaces and social capital: the role of Batkhela bazaar in the evolving governance of the Malakand region of Pakistan

Marketplaces are frequently a key dimension of local governance in developing states. Yet to date, their role, and that of the social capital operating within them, in the evolution of formal and informal local governance structures has lacked systematic theoretical and empirical investigation. This is the case in the developing world in general, and in Pakistan specifically. This absence is of notable significance in the context of Pakistan and the Malakand region given that marketplaces, characterised by their complex formal and informal relationships, are centre-stage in the processes of local economic development and governance. This study addresses this gap by drawing together three streams of literature on decentralisation and local governance, social capital, and marketplaces, to explore the manner in which marketplaces generate social capital and the outcomes of this social capital for local governance. Adopting a relational framework for social capital and local governance, the thesis argues that marketplaces, as an element of both formal and informal local governance, generate both individual and associational social capital. To understand the implications of this marketplace-generated social capital, the study examines how it is generated by the economically dynamic Batkhela bazaar, and how it impacts on the evolving local governance of the Malakand region. To unearth the complex interrelationships between social capital and local governance, a qualitative, multi-method case study of Batkhela bazaar in Malakand District was undertaken. Working within a critical realist tradition, a survey of market traders was followed by intensive qualitative data collection through semi-structured interviews conducted with bazaar traders, local political leaders and local administration officials. Relevant records from related government departments, social welfare associations and bazaar traders’ associations were also collected and analysed. Theoretically, the thesis develops and applies an original meso-level analysis grounded in the Bourdieusian tradition, to improve understanding of the continuities and changes in the generation, operation and outcomes of social capital within marketplaces, and the relationship between social capital and local governance in developing state contexts. The results are presented in relation to the influence and impact of bazaar-generated social capital on citizens' empowerment and participation, the implementation of regulations, and social welfare provision. Although associations in Pakistan are weak, economic development is contributing to the development of associational life. The findings demonstrate that the individual and associational forms of social capital generated by the bazaar are frequently complementary and are linked in various ways to the political, regulatory and service provision activities of formal local government. Interpersonal networks of traders governed by the norms of trust and reciprocity have a dual role in a weak-state, low-trust environment: they stabilise the everyday governance of the marketplace, while simultaneously reinforcing formal institutional weakness by facilitating corruption and intercession. Neither individual nor associational social capital has a normatively “dark” or “bright” side: the major determinants of the outcomes of its use are rooted in the motives for which it is employed by differentially powerful actors, and in the domain in which it operates

The Advanced Framework for Evaluating Remote Agents (AFERA): A Framework for Digital Forensic Practitioners

Digital forensics experts need a dependable method for evaluating evidence-gathering tools. Limited research and resources challenge this process and the lack of multi-endpoint data validation hinders reliability in distributed digital forensics. A framework was designed to evaluate distributed agent-based forensic tools while enabling practitioners to self-evaluate and demonstrate evidence reliability as required by the courts. Grounded in Design Science, the framework features guidelines, data, criteria, and checklists. Expert review enhances its quality and practicality

An assessment of the multi-disciplinary approach to investigate corruption in the South African public service

The aim of this study is to assess the multi-disciplinary approach in the investigation of corruption in the South African public service. Data was collected by means of in-depth interviews conducted with members of the Directorate for Priority Crime Investigation’s Anti-Corruption Task Team to gain a comprehensive understanding of their experiences regarding the effectiveness of the Anti-Corruption Task Team in the investigation of corruption within the public service. In addition, the researcher conducted a comprehensive literature study of local and international legislation to curb corruption, supplemented with various multi-disciplinary approaches employed internationally. Furthermore, various global Anti-Corruption Agencies were studied to comprehend their functions and efficacy. The findings of the research identified and described various impediments facing the Anti-Corruption Task Team’s effectiveness in investigating corruption within the public service. As a result, this study recommends the need to establish a single Anti-Corruption Agency with a comprehensive mandate to prevent, investigate, and educate on corruption, to critically safeguard the independence of the Anti-Corruption Task Team against political interference, as well as the allocation of adequate resources and budget for its effective operation. The research identified best practices globally to combat corruption, which can be used to amend the current anti-corruption practices to suit the South African public service. Consequently, this study contributes significantly towards effective anti-corruption investigation in the South African public service.Maikemišetšo a dinyakišišo tše ke go lekola mokgwa wa go kopanya dikarolo tše mmalwa tša thuto go nyakišiša bomenetša ka ditirelong tša setšhaba tša Afrika Borwa. Data e kgobokeditšwe ka mokgwa wa dipoledišano tše di tletšego tšeo di dirilwego le maloko a Sehlophatšhomo sa Twantšho ya Bomenetša sa Ofisi ya Molaodimogolo wa Dinyakišišo tša Bosenyi bjo Bogolo go hwetša kwešišo ya maitemogelo a bona a go šoma ga Sehlophatšhomo sa Twantšho ya Bomenetša mo go nyakišišeng bomenetša mo ditirelong tša setšhaba. Go tlaleletše, monyakišiša o dirile dinyakišišo tše di tletšego tša dingwalwa tša peomolao ya gae le ya ditšhabatšhaba tšeo maikemišetšo a tšona e lego go fokotša bomenetša le mekgwa ya go kopanya dikarolo tše mmalwa tša thuto yeo e dirišwago ditšhabatšhabeng. Go tlaleletša, mekgatlo ya twantšho ya bomenetša bja lefase ya go fapana e nyakišišitšwe go kwešiša mešomo le mehola ya yona. Monyakišiši o utollotše le go hlaloša mapheko a go fapana go moholo wa dinyakišišo ka Sehlophatšhomo sa Twantšho ya Bomenetša mo bomenetšeng ka ditirelong tša mmušo. Ka lebaka leo, dinyakišišo di digela tlhokego ya go thoma mokgatlo o tee wa go lwantšha bomenetša wa taolela ye kgolo ya go thibela, go nyakišiša le go ruta ka ga bomenetša; go šireletša boikemelo bja sehlophatšhomo sa twantšho ya bomenetša le go thibela go tsenatsena ga dipolotiki; le go aba methopo yeo e lekanego le ditekanetšo gore e šome gabotse. Dinyakišišo di utollotše tirišo ye botse go feta ka moka lefaseng ka moka go lwantšha bomenetša, yeo e swanetšwego go mpshafatšwa go fihlelela dinyakwa tša ditirelo tša setšhaba tša Afrika Borwa.Inhloso yalolu cwaningo ukuhlola inqubo ebandakanya amadisiplini ehlukene ukuphenyisisa ngenkohlakalo kwezezimali kumkhakha wabasebenzi bakahulumeni eNingizimu Afrika. Idata iqoqwe ngokwenza ama-interview ajulile enziwe nabethimba elilwisana nezinkohlakalo kwezezimali, i-Anti-Corruption Task team lwabophiko lwabenza uphenyiso lobugebengu obukhulu lwe-Directorate of Priority Crime Investigation ukuthola ukuqondisisa okujulile ngezipiliyoni zabo ngokusebenza ngendlela enomphumela kwethimba le-Anti-Corruption Task Team ekuphenyisiseni ngenkohlakalo kwezezimali kumkhakha wabasebenzi bakahulumeni. Nangaphezu kwalokho, umcwaningi uye wafunda ngokujulile ngemibhalo yocwaningo imibhalo yemithetho yezwe kanye nemithetho yamazwe omhlaba enenhloso yokulwisana nenkohlakalo kwezezimali, kanye nezinqubo ezihlanganisa amadisiplini ehlukene ezisetshenziswa kumazwe omhlaba. Nangaphezu kwalokho, ama-ejensi omhlaba alwa nezinkohlakalo nawo kwafundwa ngawo ukuqondisisa imisebenzi yawo kanye nemiphumela yemisebenzi yawo. Umcwaningi waphawula kanye nokuchaza izihibe ezihlukene maqondana nokusebenza ngendlela enomphumela kophenyisiso olwenziwa ngabethimba le-Anti-Corruption Task Team kwinkohlakalo kwezeziali emkhakheni wabasebenzi bakahulueni. Ngenxa yalokhu, ucwaningo luncoma isidingo sokuthi kusungulwe i-ejensi eyodwa enamagunya ajulile okuvimbela, ukuphenyisisa kanye nokufundisa ngezindlela zokulwa nenkohlakalo kwezezimali; ukuvikela ukuzimela kwethimba lokulwa nenkohlakalo kanye nokuvimbela ukuthi ithimba lingaphazanyiswa ngabezepolitiki; kanye nokuhlinzeka ngemithombo eyenele kanye namabhajethi ukuze ithimba lisebenze kahle ngendlela enomphumela. Ucwaningo luphawule izindlela ezingcono kuwo wonke umhlaba zokulwa nenkohlakalo kwezezimali, kanti futhi lezi zinqubo kumele zichitshiyelwe noma zihlelwe kabusha ukuhlangabezana nezidingo zomkhakha wabasebenzi bakahulumeni eNingizimu Afrika. Kanti-ke futhi emuva kwalokho, lolu cwaningo luthela esivivaneni kuphenyisiso olunomphumela lokulwa nenkohlakalo kwezezimali okwenziwa kumkhakha wabasebenzi bakahulumeni eNingizimu Afrika.Criminology and Security SciencePh. D. (Criminal Justice

Achieving outcomes in complex public service systems: the case of the early years collaborative

Governments around the world have been increasingly adopting an ‘outcomes-focus’ in the design of policy and the management of public services, the implications of which have been subjected to increasing scrutiny within public administration (Boyne and Law 2005; Elvidge 2012; Heinrich 2002; Housden 2016; Lowe 2013; Lowe 2017; Wimbush 2011). Yet wherever an outcomes-based approach has been applied, be it within performance management (Bevan and Hood 2006; Lowe 2013; van Thiel and Leeuw 2002), budgeting (Perrin 2006; Ryan 2003), or commissioning, its achievements have fallen short of expectation (Wimbush 2011). Outcomes have predominantly been conceptualised and operationalised within what this thesis calls a ‘Rationalist’ approach, linked to the New Public Management context within which an outcomes-focus was popularised. This approach assumes we can understand the factors which drive outcomes, plan appropriate service interventions, harness the resources and commitment needed to put such interventions into practice, and manage such interventions towards their expected end points. Outcomes however are inherently complex phenomena – they are always transboundary, always co-produced by the individuals who experience them, and always impacted by a large number of unpredictable and uncontrollable factors in their external environment. Public management theory and practice finds itself at a crossroads: an imperative to improve outcomes, and a paradigmatic inability to do so – a challenge which scholarship is just beginning to respond to (Housden 2016; Lowe et al. 2016). This thesis contributes an alternative ‘Complex Systems’ theoretical framework which responds to (rather than simplifies or externalises) the inherent complexity which outcomes present. This theoretical framework draws on complex adaptive systems theory to enable a ‘Complex Systems’ approach to the management of outcomes. The framework is based on the conception of outcomes as emergent products of complex systems, and integrates three defining components of complex adaptive systems (self-organisation, distributed agentic learning, and attractor states) to enable an endogenous process of service transformation in conditions of uncertainty. This theoretical framework provides public management with more solid footing for understanding, analysing and designing outcomes-focussed interventions, with distinct advantages relative to existing outcomes-based approaches, in pursuing complex public service outcomes. The thesis applies this framework through a multiple embedded case study analysis (Yin 2009) of the Early Years Collaborative, a large-scale multi-agency Quality Improvement Collaborative operating across Scottish local authorities, as it seeks to improve a set of population-level child development outcomes

Instituting Dissensus: The Democratisation of Cultural Institutions in the 21st Century

In a time characterised by the increasing erosion of democratic institutions, processes of depoliticisation, and the imposition of a consensual order, this PhD thesis explores different modes of engagement with cultural institutions, focusing specifically on instituting practices as a model for the reinvention of democratic politics. Building on contemporary political philosophy, post-structuralist theory, and cultural studies, it begins by analysing both dissensus, as the democratic principle that entails the never-ending redefinition of the members of the society (meaning, whose voice is heard and recognised as a legitimate partner in the debate), and antagonism, as the founding moment and constitutive element that grounds the social (in the form of the exclusions that have been eventually naturalised). It demonstrates that dissensus is an inherently aesthetico-political phenomenon that has very distinct performative and spatial characteristics, since it involves the staging of equality, the introduction of new radical imaginaries, and the recalibration of the aesthetic register. Although dissensus is considered a fleeting moment, a rapturous incident, and a disruptive event with no ‘proper’ place, I set out to conceptualise the possibility of instituting dissensus, claiming antagonism, and channeling them towards the democratisation of cultural institutions. This entails the attempt to envisage an open, dynamic, and self-reflective model of a “dissensual institutionality” that can safeguard the continuous inscription of a multiplicity of social demands. Drawing on my ethnographic research in Europe and the U.S., this theoretical construct is then tested out through a series of under-researched empirical cases. The examined case studies include attempts of decentering and deterritorialising hegemonic machines and mega-institutions (such as documenta 14 in Athens, which foregrounded decolonial narratives and dissident histories from the periphery); endeavours of inventing new flexible organisational arrangements (such as alter-institutions in Athens, Paris, and Bochum that introduced novel parliamentary formats and decision-making processes); and, finally, modes of critical engagement with solidified institutional structures that set out to seize, reform, or even dismantle them (such as artistic activist initiatives in the U.S. that center-staged questions of toxic philanthropy, museum sponsorship, and labour rights). My investigation of ‘instituting dissensus’ ends by drawing some useful conclusions on the possibilities and limitations of the respective strategies, methodologies, and practices that take place within, at the threshold of, or outside institutional structures, in the attempt to enact new egalitarian political imaginaries.Cambridge AHRC Doctoral Training Partnership, The Cambridge Commonwealth, European and International Trust, The Onassis Foundatio