Reinforcement learning for efficient network penetration testing

Penetration testing (also known as pentesting or PT) is a common practice for actively assessing the defenses of a computer network by planning and executing all possible attacks to discover and exploit existing vulnerabilities. Current penetration testing methods are increasingly becoming non-standard, composite and resource-consuming despite the use of evolving tools. In this paper, we propose and evaluate an AI-based pentesting system which makes use of machine learning techniques, namely reinforcement learning (RL) to learn and reproduce average and complex pentesting activities. The proposed system is named Intelligent Automated Penetration Testing System (IAPTS) consisting of a module that integrates with industrial PT frameworks to enable them to capture information, learn from experience, and reproduce tests in future similar testing cases. IAPTS aims to save human resources while producing much-enhanced results in terms of time consumption, reliability and frequency of testing. IAPTS takes the approach of modeling PT environments and tasks as a partially observed Markov decision process (POMDP) problem which is solved by POMDP-solver. Although the scope of this paper is limited to network infrastructures PT planning and not the entire practice, the obtained results support the hypothesis that RL can enhance PT beyond the capabilities of any human PT expert in terms of time consumed, covered attacking vectors, accuracy and reliability of the outputs. In addition, this work tackles the complex problem of expertise capturing and re-use by allowing the IAPTS learning module to store and re-use PT policies in the same way that a human PT expert would learn but in a more efficient way

Antecedents and outcomes of brand management from the perspective of resource based view (RBV) theory

Brand management requires greater emphasis on internal factors to increase brand performance. A model of antecedents and outcomes of brand management is developed in this study based on the Resource Based View (RBV) Theory. Top management emphasis on brand, corporate supportive resources and market orientation are identified as crucial internal factors or antecedents for success of brand management. Apart from that, the brand management measurement are expanded in this study with the introduction of three new marketing constructs namely marketing capabilities, innovation and brand orientation as new dimensions in brand management which currently comprised of management related constructs. This study also contributes in the brand management of small and medium enterprise (SMEs) literature as previous studies mainly focused on the brand management for multinational companies or large organizations. One important issue of SMEs is the “internal” brand management which is currently under-researched even though it is critical in brand building and management. Therefore, this research aims to highlight the antecedents and outcomes of brand management in Malaysians’ SMEs based on RBV theory. A comprehensive literature review was done and a conceptual model is proposed in this literature review

Actionable Intelligence-Oriented Cyber Threat Modeling Framework

Amid the growing challenges of cybersecurity, the new paradigm of cyber threat intelligence (or CTI) has gained momentum to better deal with cyber threats. There, however, has been one fundamental and very practical problem of information overload organizations face in constructing an effective CTI program. We developed a cyber threat intelligence prototype that automatically and dynamically performs the correlation of business assets, vulnerabilities, and cyber threat information in a scoped setting to remediate the challenge of information overload. Conveniently called TIME (for Threat Intelligence Modeling Environment), it repeats the cycle of: (1) collect internal asset data; (2) gather vulnerability and threat data; (3) correlate vulnerabilities with assets; and (4) derive CTI and alerts significant internal asset-related vulnerabilities in a timely manner. For this, it takes advantage of CTI reports produced by online sites and several NIST standards intended to formalize vulnerability and threat management

Automating construction manufacturing procedures using BIM digital objects (BDOs): Case study of knowledge transfer partnership project in UK

Purpose This paper aims to present a novel proof-of-concept framework for implementing building information modeling (BIM) Digital Objects (BDO) to automate construction product manufacturers’ processes and augment lean manufacturing. Design/methodology/approach A mixed interpretivist and post-positivist epistemological lens is adopted to pursue the proof-of-concept’s development. From an operational perspective, a synthesis of literature using interpretivism provides the foundation for deductive research inquiry implemented within a case study approach. Within the case study, participatory action research (PAR) is implemented to test the proof of concept via three “waterfall” research phases, namely, literature diagnosis and BIM package selection, BDO development and validation and evaluation. Findings The findings illustrate that a BDO (which represents the digital twin of manufacturing products) can augment and drive automation processes and workflows for construction product manufacturers within a contractor’s supply chain. The developed framework illustrates the benefits of a BDO, by reducing the number of manufacturing processes to effectively eliminate early errors in the model, generates financial savings and reduces material wastage. Originality/value This research provides a seminal case study that implements BDO to automate construction product manufacturing processes and demonstrates the utilisation of BDO at an operational (vis-à-vis theoretical) level. Future research is proposed to implement a longitudinal approach to measure and report upon the success (or otherwise) of the proof of concept when implemented on fabrications and shop floor procedures

Modeling an Industrial Revolution: How to Manage Large-Scale, Complex IoT Ecosystems?

Advancements around the modern digital industry gave birth to a number of closely interrelated concepts: in the age of the Internet of Things (IoT), System of Systems (SoS), Cyber-Physical Systems (CPS), Digital Twins and the fourth industrial revolution, everything revolves around the issue of designing well-understood, sound and secure complex systems while providing maximum flexibility, autonomy and dynamics.The aim of the paper is to present a concise overview of a comprehensive conceptual framework for integrated modeling and management of industrial IoT architectures, supported by actual evidence from the Arrowhead Tools project; in particular, we adopt a three-dimensional projection of our complex engineering space, from modeling the engineering process to SoS design and deployment.In particular, we start from modeling principles of the the engineering process itself. Then, we present a design-time SoS representation along with a toolchain concept aiding SoS design and deployment. This brings us to reasoning about what potential workflows are thinkable for specifying comprehensive toolchains along with their data exchange interfaces. We also discuss the potential of aligning our vision with RAMI4.0, as well as the utilization perspectives for real-life engineering use-cases

Using ERP as a basis for Enterprise application integration

Architecting and implementing e-Business supply chain solutions across and within the modern day enterprise, is now becoming a necessity in order to maintain competitive and be adaptable to market needs. As such, the integration of information and processes is a vital step, using technologies such as using Enterprise Resource Planning (ERP), Supply Chain Management (SCM) and enterprise portal platforms. The effective sharing of resource planning and other enterprise related data across and within the enterprise is typically seen as a facet of a business to business (B2B) platform. However, such infrastructures typically involve a tight integration across intra and inter-organisational systems. This paper examines an Enterprise Application Integration (EAI) initiative taken by a global manufacturer of industrial automation products, which attempted to utilise ERP as an integration tool across its internal B2B infrastructure, to achieve such an aim. This paper discusses those integration considerations and complexities, experienced by the case company upon embarking on an EAI integration programme through the adoption of a core ERP as a catalyst for organizational change. In doing so the authors present an analysis of the inherent risks and limitations of this approach in terms of previously published literature in the field, relating to technology-driven organizational change and EAI impact and adoption frameworks

Zero Trust Implementation in the Emerging Technologies Era: Survey

This paper presents a comprehensive analysis of the shift from the traditional perimeter model of security to the Zero Trust (ZT) framework, emphasizing the key points in the transition and the practical application of ZT. It outlines the differences between ZT policies and legacy security policies, along with the significant events that have impacted the evolution of ZT. Additionally, the paper explores the potential impacts of emerging technologies, such as Artificial Intelligence (AI) and quantum computing, on the policy and implementation of ZT. The study thoroughly examines how AI can enhance ZT by utilizing Machine Learning (ML) algorithms to analyze patterns, detect anomalies, and predict threats, thereby improving real-time decision-making processes. Furthermore, the paper demonstrates how a chaos theory-based approach, in conjunction with other technologies like eXtended Detection and Response (XDR), can effectively mitigate cyberattacks. As quantum computing presents new challenges to ZT and cybersecurity as a whole, the paper delves into the intricacies of ZT migration, automation, and orchestration, addressing the complexities associated with these aspects. Finally, the paper provides a best practice approach for the seamless implementation of ZT in organizations, laying out the proposed guidelines to facilitate organizations in their transition towards a more secure ZT model. The study aims to support organizations in successfully implementing ZT and enhancing their cybersecurity measures.Comment: 15 pages, 3 figure