62 research outputs found
Evolving attackers against wireless sensor networks using genetic programming
Recent hardware developments have made it possible for the Internet of Things (IoT) to be built. A wide variety of industry sectors, including manufacturing, utilities, agriculture, transportation, and healthcare are actively seeking to incorporate IoT technologies in their operations. The increased connectivity and data sharing that give IoT systems their advantages also increase their vulnerability to attack. In this study, the authors explore the automated generation of attacks using genetic programming (GP), so that defences can be tested objectively in advance of deployment. In the authors' system, the GP-generated attackers targeted publish-subscribe communications within a wireless sensor networks that was protected by an artificial immune intrusion detection system (IDS) taken from the literature. The GP attackers successfully suppressed more legitimate messages than the hand-coded attack used originally to test the IDS, whilst reducing the likelihood of detection. Based on the results, it was possible to reconfigure the IDS to improve its performance. Whilst the experiments were focussed on establishing a proof-of-principle rather than a turnkey solution, they indicate that GP-generated attackers have the potential to improve the protection of systems with large attack surfaces, in a way that is complementary to traditional testing and certification
Artificial Intelligence and International Conflict in Cyberspace
This edited volume explores how artificial intelligence (AI) is transforming international conflict in cyberspace. Over the past three decades, cyberspace developed into a crucial frontier and issue of international conflict. However, scholarly work on the relationship between AI and conflict in cyberspace has been produced along somewhat rigid disciplinary boundaries and an even more rigid sociotechnical divide â wherein technical and social scholarship are seldomly brought into a conversation. This is the first volume to address these themes through a comprehensive and cross-disciplinary approach. With the intent of exploring the question âwhat is at stake with the use of automation in international conflict in cyberspace through AI?â, the chapters in the volume focus on three broad themes, namely: (1) technical and operational, (2) strategic and geopolitical and (3) normative and legal. These also constitute the three parts in which the chapters of this volume are organised, although these thematic sections should not be considered as an analytical or a disciplinary demarcation
The Malicious Use of Artificial Intelligence: Forecasting, Prevention, and Mitigation
This report surveys the landscape of potential security threats from
malicious uses of AI, and proposes ways to better forecast, prevent, and
mitigate these threats. After analyzing the ways in which AI may influence the
threat landscape in the digital, physical, and political domains, we make four
high-level recommendations for AI researchers and other stakeholders. We also
suggest several promising areas for further research that could expand the
portfolio of defenses, or make attacks less effective or harder to execute.
Finally, we discuss, but do not conclusively resolve, the long-term equilibrium
of attackers and defenders.Future of Humanity Institute, University of Oxford, Centre for the Study of Existential Risk, University of Cambridge, Center for a New American Security, Electronic Frontier Foundation, OpenAI. The Future of Life Institute is acknowledged as a funder
Red Perimeter Defeated: U.S. Naval Supremacy, Competitive Adaptation, and the Third Battle of the Atlantic, 1946-1981
This dissertation examines the long-term military competition between the U.S. and Soviet navies during 1946-81. It investigates the dynamics of naval posture change by integrating insights from military innovation theory with in-depth process tracing, thus providing a much-improved understanding of the Cold War at sea during the most decisive phases of the 'Third Battle of the Atlantic'
Cyber-Human Systems, Space Technologies, and Threats
CYBER-HUMAN SYSTEMS, SPACE TECHNOLOGIES, AND THREATS is our eighth textbook in a series covering the world of UASs / CUAS/ UUVs / SPACE. Other textbooks in our series are Space Systems Emerging Technologies and Operations; Drone Delivery of CBNRECy â DEW Weapons: Emerging Threats of Mini-Weapons of Mass Destruction and Disruption (WMDD); Disruptive Technologies with applications in Airline, Marine, Defense Industries; Unmanned Vehicle Systems & Operations On Air, Sea, Land; Counter Unmanned Aircraft Systems Technologies and Operations; Unmanned Aircraft Systems in the Cyber Domain: Protecting USAâs Advanced Air Assets, 2nd edition; and Unmanned Aircraft Systems (UAS) in the Cyber Domain Protecting USAâs Advanced Air Assets, 1st edition. Our previous seven titles have received considerable global recognition in the field. (Nichols & Carter, 2022) (Nichols, et al., 2021) (Nichols R. K., et al., 2020) (Nichols R. , et al., 2020) (Nichols R. , et al., 2019) (Nichols R. K., 2018) (Nichols R. K., et al., 2022)https://newprairiepress.org/ebooks/1052/thumbnail.jp
Security Hazards when Law is Code.
As software continues to eat the world, there is an increasing pressure to
automate every aspect of society, from self-driving cars, to algorithmic trading
on the stock market. As this pressure manifests into software implementations
of everything, there are security concerns to be addressed across many areas.
But are there some domains and fields that are distinctly susceptible to attacks,
making them difficult to secure?
My dissertation argues that one domain in particularâpublic policy and lawâ
is inherently difficult to automate securely using computers. This is in large part
because law and policy are written in a manner that expects them to be flexibly
interpreted to be fair or just. Traditionally, this interpreting is done by judges
and regulators who are capable of understanding the intent of the laws they are
enforcing. However, when these laws are instead written in code, and interpreted
by a machine, this capability to understand goes away. Because they blindly fol-
low written rules, computers can be tricked to perform actions counter to their
intended behavior.
This dissertation covers three case studies of law and policy being implemented
in code and security vulnerabilities that they introduce in practice. The first study
analyzes the security of a previously deployed Internet voting system, showing
how attackers could change the outcome of elections carried out online. The second study looks at airport security, investigating how full-body scanners can be
defeated in practice, allowing attackers to conceal contraband such as weapons or
high explosives past airport checkpoints. Finally, this dissertation also studies how
an Internet censorship system such as Chinaâs Great Firewall can be circumvented
by techniques that exploit the methods employed by the censors themselves.
To address these concerns of securing software implementations of law, a hybrid human-computer approach can be used. In addition, systems should be designed to allow for attacks or mistakes to be retroactively undone or inspected by
human auditors. By combining the strengths of computers (speed and cost) and
humans (ability to interpret and understand), systems can be made more secure
and more efficient than a method employing either alone.PhDComputer Science and EngineeringUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttp://deepblue.lib.umich.edu/bitstream/2027.42/120795/1/ewust_1.pd
Panofsky on Physics, Politics, and Peace: Pief Remembers
Wolfgang K.H. Panofsky is a prominent physicist who has been an active contributor to elementary particle physics, accelerator building, and laboratory administration as well as to international security policy and arms control. This volume is a somewhat unorthodox memoir. In Panofskyâs words: "This volume contains an unsystematic account of my past work; it is not intended to be an autobiography in the conventional meaning of the term. It is not even remotely a scholarly description of the momentous developments in which I was able to participate; rather it is a recital of memorable episodes, borrowing from the compulsory preface of facetious British history: âHistory is not what you thought. It is what you can remember.â " Pie
Best Practices and Recommendations for Cybersecurity Service Providers
This chapter outlines some concrete best practices and recommendations for cybersecurity service providers, with a focus on data sharing, data protection and penetration testing. Based on a brief outline of dilemmas that cybersecurity service providers may experience in their daily operations, it discusses data handling policies and practices of cybersecurity vendors along the following five topics: customer data handling; information about breaches; threat intelligence; vulnerability-related information; and data involved when collaborating with peers, CERTs, cybersecurity research groups, etc. There is, furthermore, a discussion of specific issues of penetration testing such as customer recruitment and execution as well as the supervision and governance of penetration testing. The chapter closes with some general recommendations regarding improving the ethical decision-making procedures of private cybersecurity service providers
Ethical and Unethical Hacking
The goal of this chapter is to provide a conceptual analysis of ethical, comprising history, common usage and the attempt to provide a systematic classification that is both compatible with common usage and normatively adequate. Subsequently, the article identifies a tension between common usage and a normativelyadequate nomenclature. âEthical hackersâ are often identified with hackers that abide to a code of ethics privileging business-friendly values. However, there is no guarantee that respecting such values is always compatible with the all-things-considered morally best act. It is recognised, however, that in terms of assessment, it may be quite difficult to determine who is an ethical hacker in the âall things consideredâ sense, while society may agree more easily on the determination of who is one in the âbusiness-friendlyâ limited sense. The article concludes by suggesting a pragmatic best-practice approach for characterising ethical hacking, which reaches beyond business-friendly values and helps in the taking of decisions that are respectful of the hackersâ individual ethics in morally debatable, grey zones
The Ethics of Cybersecurity
This open access book provides the first comprehensive collection of papers that provide an integrative view on cybersecurity. It discusses theories, problems and solutions on the relevant ethical issues involved. This work is sorely needed in a world where cybersecurity has become indispensable to protect trust and confidence in the digital infrastructure whilst respecting fundamental values like equality, fairness, freedom, or privacy. The book has a strong practical focus as it includes case studies outlining ethical issues in cybersecurity and presenting guidelines and other measures to tackle those issues. It is thus not only relevant for academics but also for practitioners in cybersecurity such as providers of security software, governmental CERTs or Chief Security Officers in companies
- âŠ