Simulation for Cybersecurity: State of the Art and Future Directions

In this article, we provide an introduction to simulation for cybersecurity and focus on three themes: (1) an overview of the cybersecurity domain; (2) a summary of notable simulation research efforts for cybersecurity; and (3) a proposed way forward on how simulations could broaden cybersecurity efforts. The overview of cybersecurity provides readers with a foundational perspective of cybersecurity in the light of targets, threats, and preventive measures. The simulation research section details the current role that simulation plays in cybersecurity, which mainly falls on representative environment building; test, evaluate, and explore; training and exercises; risk analysis and assessment; and humans in cybersecurity research. The proposed way forward section posits that the advancement of collecting and accessing sociotechnological data to inform models, the creation of new theoretical constructs, and the integration and improvement of behavioral models are needed to advance cybersecurity efforts

TrustGuard: GNN-based Robust and Explainable Trust Evaluation with Dynamicity Support

Trust evaluation assesses trust relationships between entities and facilitates decision-making. Machine Learning (ML) shows great potential for trust evaluation owing to its learning capabilities. In recent years, Graph Neural Networks (GNNs), as a new ML paradigm, have demonstrated superiority in dealing with graph data. This has motivated researchers to explore their use in trust evaluation, as trust relationships among entities can be modeled as a graph. However, current trust evaluation methods that employ GNNs fail to fully satisfy the dynamicity nature of trust, overlook the adverse effects of attacks on trust evaluation, and cannot provide convincing explanations on evaluation results. To address these problems, in this paper, we propose TrustGuard, a GNN-based accurate trust evaluation model that supports trust dynamicity, is robust against typical attacks, and provides explanations through visualization. Specifically, TrustGuard is designed with a layered architecture that contains a snapshot input layer, a spatial aggregation layer, a temporal aggregation layer, and a prediction layer. Among them, the spatial aggregation layer can be plugged into a defense mechanism for a robust aggregation of local trust relationships, and the temporal aggregation layer applies an attention mechanism for effective learning of temporal patterns. Extensive experiments on two real-world datasets show that TrustGuard outperforms state-of-the-art GNN-based trust evaluation models with respect to trust prediction across single-timeslot and multi-timeslot, even in the presence of attacks. In particular, TrustGuard can explain its evaluation results by visualizing both spatial and temporal views

Cyber Security

This open access book constitutes the refereed proceedings of the 18th China Annual Conference on Cyber Security, CNCERT 2022, held in Beijing, China, in August 2022. The 17 papers presented were carefully reviewed and selected from 64 submissions. The papers are organized according to the following topical sections: ​​data security; anomaly detection; cryptocurrency; information security; vulnerabilities; mobile internet; threat intelligence; text recognition

Identifying vulnerabilities of industrial control systems using evolutionary multiobjective optimisation

In this paper, we propose a novel methodology to assist in identifying vulnerabilities in real-world complex heterogeneous industrial control systems (ICS) using two Evolutionary Multiobjective Optimisation (EMO) algorithms, NSGA-II and SPEA2. Our approach is evaluated on a well-known benchmark chemical plant simulator, the Tennessee Eastman (TE) process model. We identified vulnerabilities in individual components of the TE model and then made use of these vulnerabilities to generate combinatorial attacks. The generated attacks were aimed at compromising the safety of the system and inflicting economic loss. Results were compared against random attacks, and the performance of the EMO algorithms was evaluated using hypervolume, spread, and inverted generational distance (IGD) metrics. A defence against these attacks in the form of a novel intrusion detection system was developed, using machine learning algorithms. The designed approach was further tested against the developed detection methods. The obtained results demonstrate that the developed EMO approach is a promising tool in the identification of the vulnerable components of ICS, and weaknesses of any existing detection systems in place to protect the system. The proposed approach can serve as a proactive defense tool for control and security engineers to identify and prioritise vulnerabilities in the system. The approach can be employed to design resilient control strategies and test the effectiveness of security mechanisms, both in the design stage and during the operational phase of the system

Army Support of Military Cyberspace Operations: Joint Contexts and Global Escalation Implications

View the Executive SummaryMilitary cyberspace operations have evolved significantly over the past 2 decades and are now emerging into the realm of military operations in the traditional domains of land, sea, and air. The goal of this monograph is to provide senior policymakers, decisionmakers, military leaders, and their respective staffs with a better understanding of Army cyberspace operations within the context of overall U.S. military cyberspace operations. It examines the development of such operations in three major sections. First, it looks at the evolution of Department of Defense cyberspace operations over the past decade to include the founding of U.S. Cyber Command from its roots in various military units focused on defensive and offensive cyberspace operations. Second, it examines the evolution of the Army implementation of cyberspace operations toward the initial establishment of Army Cyber Command as well as recent efforts to establish Fort Gordon, Georgia as the center of gravity for Army cyberspace activities. Third, it explores the role of cyberspace operations in the escalation of international conflict, focusing on the sufficiency of the current cyberspace force structure to address an international environment of multiple actors interacting with varying degrees of tension.https://press.armywarcollege.edu/monographs/1470/thumbnail.jp

Robust Recommender System: A Survey and Future Directions

With the rapid growth of information, recommender systems have become integral for providing personalized suggestions and overcoming information overload. However, their practical deployment often encounters "dirty" data, where noise or malicious information can lead to abnormal recommendations. Research on improving recommender systems' robustness against such dirty data has thus gained significant attention. This survey provides a comprehensive review of recent work on recommender systems' robustness. We first present a taxonomy to organize current techniques for withstanding malicious attacks and natural noise. We then explore state-of-the-art methods in each category, including fraudster detection, adversarial training, certifiable robust training against malicious attacks, and regularization, purification, self-supervised learning against natural noise. Additionally, we summarize evaluation metrics and common datasets used to assess robustness. We discuss robustness across varying recommendation scenarios and its interplay with other properties like accuracy, interpretability, privacy, and fairness. Finally, we delve into open issues and future research directions in this emerging field. Our goal is to equip readers with a holistic understanding of robust recommender systems and spotlight pathways for future research and development

Cyber Security

This open access book constitutes the refereed proceedings of the 18th China Annual Conference on Cyber Security, CNCERT 2022, held in Beijing, China, in August 2022. The 17 papers presented were carefully reviewed and selected from 64 submissions. The papers are organized according to the following topical sections: ​​data security; anomaly detection; cryptocurrency; information security; vulnerabilities; mobile internet; threat intelligence; text recognition

Digital Weapons of Mass Destablization

In the coming decade, a global proliferation of networked technologies will widen the cyber threat landscape. Pairing new and unforeseen cyber vulnerabilities with weapons of mass destruction (WMD) increases the secondary threats that cyber attacks bring and also necessitates a shift in definitions. WMD will become weapons of mass destabilization, allowing adversaries to gain strategic advantage in novel ways. Altering this definition provides clarity and specific actions that can be taken to disrupt, mitigate and recover from this combined threat. Additionally, a new class of Digital WMD (DWMD) will emerge, threatening military, government, and civilian targets worldwide. These combined and new threats will require the expansion of current defensive or mitigation activities, partnerships, and preparationhttps://digitalcommons.usmalibrary.org/aci_books/1035/thumbnail.jp