Security Technologies and Methods for Advanced Cyber Threat Intelligence, Detection and Mitigation

The rapid growth of the Internet interconnectivity and complexity of communication systems has led us to a significant growth of cyberattacks globally often with severe and disastrous consequences. The swift development of more innovative and effective (cyber)security solutions and approaches are vital which can detect, mitigate and prevent from these serious consequences. Cybersecurity is gaining momentum and is scaling up in very many areas. This book builds on the experience of the Cyber-Trust EU project’s methods, use cases, technology development, testing and validation and extends into a broader science, lead IT industry market and applied research with practical cases. It offers new perspectives on advanced (cyber) security innovation (eco) systems covering key different perspectives. The book provides insights on new security technologies and methods for advanced cyber threat intelligence, detection and mitigation. We cover topics such as cyber-security and AI, cyber-threat intelligence, digital forensics, moving target defense, intrusion detection systems, post-quantum security, privacy and data protection, security visualization, smart contracts security, software security, blockchain, security architectures, system and data integrity, trust management systems, distributed systems security, dynamic risk management, privacy and ethics

Automated Mapping of Vulnerability Advisories onto their Fix Commits in Open Source Repositories

The lack of comprehensive sources of accurate vulnerability data represents a critical obstacle to studying and understanding software vulnerabilities (and their corrections). In this paper, we present an approach that combines heuristics stemming from practical experience and machine-learning (ML) - specifically, natural language processing (NLP) - to address this problem. Our method consists of three phases. First, an advisory record containing key information about a vulnerability is extracted from an advisory (expressed in natural language). Second, using heuristics, a subset of candidate fix commits is obtained from the source code repository of the affected project by filtering out commits that are known to be irrelevant for the task at hand. Finally, for each such candidate commit, our method builds a numerical feature vector reflecting the characteristics of the commit that are relevant to predicting its match with the advisory at hand. The feature vectors are then exploited for building a final ranked list of candidate fixing commits. The score attributed by the ML model to each feature is kept visible to the users, allowing them to interpret of the predictions. We evaluated our approach using a prototype implementation named Prospector on a manually curated data set that comprises 2,391 known fix commits corresponding to 1,248 public vulnerability advisories. When considering the top-10 commits in the ranked results, our implementation could successfully identify at least one fix commit for up to 84.03% of the vulnerabilities (with a fix commit on the first position for 65.06% of the vulnerabilities). In conclusion, our method reduces considerably the effort needed to search OSS repositories for the commits that fix known vulnerabilities

Security Technologies and Methods for Advanced Cyber Threat Intelligence, Detection and Mitigation

The rapid growth of the Internet interconnectivity and complexity of communication systems has led us to a significant growth of cyberattacks globally often with severe and disastrous consequences. The swift development of more innovative and effective (cyber)security solutions and approaches are vital which can detect, mitigate and prevent from these serious consequences. Cybersecurity is gaining momentum and is scaling up in very many areas. This book builds on the experience of the Cyber-Trust EU project’s methods, use cases, technology development, testing and validation and extends into a broader science, lead IT industry market and applied research with practical cases. It offers new perspectives on advanced (cyber) security innovation (eco) systems covering key different perspectives. The book provides insights on new security technologies and methods for advanced cyber threat intelligence, detection and mitigation. We cover topics such as cyber-security and AI, cyber-threat intelligence, digital forensics, moving target defense, intrusion detection systems, post-quantum security, privacy and data protection, security visualization, smart contracts security, software security, blockchain, security architectures, system and data integrity, trust management systems, distributed systems security, dynamic risk management, privacy and ethics

Tsunami Decision Support Systems. TDSS-2015. Outcomes of the 6th JRC ECML Crisis Management Technology Workshop

The 6th JRC ECML Crisis Management Technology Workshop on Tsunami Decision Support Systems was held in the European Crisis Management Laboratory (ECML) of the Joint Research Centre in Ispra, Italy, from 2ndto 3rd July 2015. The workshop, co-organized with DRIVER (Driving Innovation in Crisis Management for European Resilience) Consortium Partners, brought together stakeholders in the design, development and use of ICT tools for decision support. 20 participants attended the event. A good mix of regional and national service providers was represented, along with European and non-European systems providers and users. The purpose of the workshop was to show the status of the technology in this field, the specific requirements and the benefits in the use of one or another solution. During the first day participants presented their tools, while during the second they had to carry out demonstration exercises on the basis of given scenarios. In the last part of the event, they were involved in a discussion which revolved around a set of questions focused on, inter alia, strengths, weaknesses and opportunities of each tool. The main aims of the discussion were to identify both new opportunities for collaboration and for tools integration and also to “bridge the gap” between the scientific and technical level and the operational dimension. The workshop was a very good opportunity for several research and operational teams to collaboratively discuss Decision Support Systems, lessons learned, ideas for improvements and opportunities for collaboration.JRC.G.2-Global security and crisis managemen

Enhancing Trust –A Unified Meta-Model for Software Security Vulnerability Analysis

Over the last decade, a globalization of the software industry has taken place which has facilitated the sharing and reuse of code across existing project boundaries. At the same time, such global reuse also introduces new challenges to the Software Engineering community, with not only code implementation being shared across systems but also any vulnerabilities it is exposed to as well. Hence, vulnerabilities found in APIs no longer affect only individual projects but instead might spread across projects and even global software ecosystem borders. Tracing such vulnerabilities on a global scale becomes an inherently difficult task, with many of the resources required for the analysis not only growing at unprecedented rates but also being spread across heterogeneous resources. Software developers are struggling to identify and locate the required data to take full advantage of these resources. The Semantic Web and its supporting technology stack have been widely promoted to model, integrate, and support interoperability among heterogeneous data sources. This dissertation introduces four major contributions to address these challenges: (1) It provides a literature review of the use of software vulnerabilities databases (SVDBs) in the Software Engineering community. (2) Based on findings from this literature review, we present SEVONT, a Semantic Web based modeling approach to support a formal and semi-automated approach for unifying vulnerability information resources. SEVONT introduces a multi-layer knowledge model which not only provides a unified knowledge representation, but also captures software vulnerability information at different abstract levels to allow for seamless integration, analysis, and reuse of the modeled knowledge. The modeling approach takes advantage of Formal Concept Analysis (FCA) to guide knowledge engineers in identifying reusable knowledge concepts and modeling them. (3) A Security Vulnerability Analysis Framework (SV-AF) is introduced, which is an instantiation of the SEVONT knowledge model to support evidence-based vulnerability detection. The framework integrates vulnerability ontologies (and data) with existing Software Engineering ontologies allowing for the use of Semantic Web reasoning services to trace and assess the impact of security vulnerabilities across project boundaries. Several case studies are presented to illustrate the applicability and flexibility of our modelling approach, demonstrating that the presented knowledge modeling approach cannot only unify heterogeneous vulnerability data sources but also enables new types of vulnerability analysis

GPT Semantic Networking: A Dream of the Semantic Web – The Time is Now

The book presents research and practical implementations related to natural language processing (NLP) technologies based on the concept of artificial intelligence, generative AI, and the concept of Complex Networks aimed at creating Semantic Networks. The main principles of NLP, training models on large volumes of text data, new universal and multi-purpose language processing systems are presented. It is shown how the combination of NLP and Semantic Networks technologies opens up new horizons for text analysis, context understanding, the formation of domain models, causal networks, etc. This book presents methods for creating Semantic Networks based on prompt engineering. Practices are presented that will help build semantic networks capable of solving complex problems and making revolutionary changes in the analytical activity. The publication is intended for those who are going to use large language models for the construction and analysis of semantic networks in order to solve applied problems, in particular, in the field of decision making.У книзі представлені дослідження та практичні реалізації технологій обробки природної мови (НЛП), заснованих на концепції штучного інтелект, генеративний ШІ та концепція складних мереж, спрямована на створення семантичних мереж. Представлено основні принципи НЛП, моделі навчання на великих обсягах текстових даних, нові універсальні та багатоцільові системи обробки мови. Показано, як поєднання технологій NLP і семантичних мереж відкриває нові горизонти для аналізу тексту, розуміння контексту, формування моделей домену, причинно-наслідкових мереж тощо. У цій книзі представлені методи створення семантичних мереж на основі оперативного проектування. Представлені практики, які допоможуть побудувати семантичні мережі, здатні вирішувати складні проблеми та вносити революційні зміни в аналітичну діяльність. Видання розраховане на тих, хто збирається використовувати велику мову моделі побудови та аналізу семантичних мереж з метою вирішення прикладних задач, зокрема, у сфері прийняття рішень

Analysis of the Cyber Attacks against ADS-B Perspective of Aviation Experts

Käesolev töö loob põhjaliku ülevaate lennunduses valitsevatest küberjulgeoleku ohtudest. Tsiviillennunduse lennuliiklusteenindus ja õhuseire on üleminekufaasis valmistudes kasutusele võtma uue põlvkonna tehnoloogiaid, mis tulevikus asendavad praeguse radaripõhise lennukite jälgimissüsteemi uue satelliitpõhise süsteemiga. Lennunduse sideteenuste moderniseerimine loob aluse uuetele turvalisusega seotud ohtudele, mille võimalikke negatiivseid tagajärgi ei ole suudetud veel maandada. Magistritöö eesmärk on koostada kvalitatiivne süstemaatiline analüüs võimalikest küberrünnakutest uue satelliitpõhise automaatse sõltuva seire üldsaade (Automatic dependent surveillance-broadcast –ADS-B) vastu. Analüüs ühendab teadmised küberturvalisuse ja lennunduse valdkonnast, mille koos käsitlemine on oluline turvalise tagamise sesiukohalt. Töö fokusseerub ADS-B süsteemis esinevatele kitsaskohtadele, mis küberturvalise seisukohalt võivad kätkeda ohte või häirida tõsiselt lennuliiklusteeniduse tööd. Potentsiaalsed ohud ADS- S süsteemi vastu on kirjeldatud ja liigitatud sõltuvalt ohuastmest. Analüüsi põhiosa moodustab lennundus spetsialistide seas läbiviidud küsitlus, mille põhjal on hinnatud ohu tõsidust, selle mõju lennundussüsteemile ja milliseid toiminguid on vajalik rakendada ohu esinemise korral. Töö analüüs hindab mõned käsitletud ohtudest ebaoluliseks, mis ei kujuta endast märkisväärset probleemi süsteemi operaatoritele. Sellegi poolest esineb teatava keerulisuse astmega ohustsenaariumeid, mille tagajärjel on süsteem tugevalt häiritud või millega võib kaasneda ulatuslik kahju. Läbiviidud küsitluse põhjal on esitatud meetmeid, kuidas maandada võimalikke negatiivseid mõjusid ohuolukorras. Töö tulemused on olulised pööramaks tähelepanu lennunduses esinevatele küberohtudele. Töö on kirjutatud inglise keeles ja sisaldab 58 lehekülge, 5 peatükki, 17 joonist ja 15 tabelit.The present paper has a profound literature review of the relation between cyber security, aviation and the vulnerabilities prone by the increasing use of information systems in avia-tion realm. Civil aviation is in the process of evolution of the air traffic management sys-tem through the introduction of new technologies. Therefore, the modernization of aero-nautical communications are creating network security issues in aviation that have not been mitigated yet. The purpose of this thesis is to make a systematic qualitative analysis of the cyber-attacks against Automatic Dependent Surveillance Broadcast. With this analysis, the paper combines the knowledge of two fields which are meant to deal together with the security issues in aviation. The thesis focuses on the exploitation of the vulnerabilities of ADS-B and presents an analysis taking into account the perspective of cyber security and aviation experts. The threats to ADS-B are depicted, classified and evaluated by aviation experts, making use of interviews in order to determine the possible impact, and the ac-tions that would follow in case a cyber-attack occurs. The results of the interviews show that some attacks do not really represent a real problem for the operators of the system and that other attacks may create enough confusion due to their complexity. The experience is a determinant factor for the operators of ADS-B, because based on that a set of mitiga-tions was proposed by aviation experts that can help to cope in a cyber-attack situation. This analysis can be used as a reference guide to understand the impact of cyber security threats in aviation and the need of the research and aviation communities to broaden the knowledge and to increase the level of expertise in order to face the challenges posed by network security issues. The thesis is in English and contains 58 pages of text, 5 chapters, 17 figures, 15 tables

DrAGON: A Framework for Computing Preferred Defense Policies from Logical Attack Graphs

Attack graphs provide formalism for modelling the vulnerabilities using a compact representation scheme. Two of the most popular attack graph representations are scenario attack graphs, and logical attack graphs. In logical attack graphs, the host machines present in the network are represented as exploit nodes, while the configurations (IDS rules, firewall policies etc.) running on them are represented as fact nodes. The actual user privileges that are possible on each of these hosts are represented as privilege nodes. Existing work provides methods to analyze logical attack graphs and compute attack paths of varying costs. In this thesis we develop a framework for analyzing the attack graph from a defender perspective. Given an acyclic logical dependency attack graph we compute defense policies that cover all known exploits that can be used by the attacker and also are preferred with respect to minimizing the impacts. In contrast to previous work on analysis of logical attack graphs where quantitative costs are assigned to the vulnerabilities (exploits), our framework allows attack graph analysis using descriptions of vulnerabilities on a qualitative scale. We develop two algorithms for computing preferred defense policies that are optimal with respect to defender preferences. Our research to the best of our knowledge is the first fully qualitative approach to analyzing these logical attack graphs and formulating defense policies based on the preferences and priorities of the defender. We provide a prototype implementation of our framework that allows logical attack graphs to be input using a simple text file (custom language), or using a GUI tool in graphical markup language (GML) format. Our implementation uses the NVD (National Vulnerability Database) as the source of CVSS impact metrics for vulnerabilities in the attack graph. Our framework generates a preferred order of defense policies using an existing preference reasoner. Preliminary experiments on various attack graphs show the correctness and efficiency of our approach