Security challenges of small cell as a service in virtualized mobile edge computing environments

Research on next-generation 5G wireless networks is currently attracting a lot of attention in both academia and industry. While 5G development and standardization activities are still at their early stage, it is widely acknowledged that 5G systems are going to extensively rely on dense small cell deployments, which would exploit infrastructure and network functions virtualization (NFV), and push the network intelligence towards network edges by embracing the concept of mobile edge computing (MEC). As security will be a fundamental enabling factor of small cell as a service (SCaaS) in 5G networks, we present the most prominent threats and vulnerabilities against a broad range of targets. As far as the related work is concerned, to the best of our knowledge, this paper is the first to investigate security challenges at the intersection of SCaaS, NFV, and MEC. It is also the first paper that proposes a set of criteria to facilitate a clear and effective taxonomy of security challenges of main elements of 5G networks. Our analysis can serve as a staring point towards the development of appropriate 5G security solutions. These will have crucial effect on legal and regulatory frameworks as well as on decisions of businesses, governments, and end-users

INCORPORATING PERISHABILITY AND OBSOLESCENCE INTO CYBERWEAPON SCHEDULING

As cyberspace operations become further integrated into operational planning for nation-states, planners must understand the implications of perishability and obsolescence when deciding how to use cyberweapons. Obsolescence reflects the risk that a vulnerability will be patched without cyberweapon use, while perishability describes the short lifespan of a cyberweapon once it is used; one creates an incentive to use and the other an incentive to stockpile. This thesis examined operating-system vulnerabilities over four years: we quantified the duration between key events of their life cycles as well as the time to release a patch after disclosure. We performed survival analysis for longevity and post-disclosure patch time using Kaplan-Meier curves, then found that the data fit well to Weibull distributions. We also examined the effects of severity and operating system on the lengths of vulnerability life-cycle phases. Our parametric models enable planners to predict the expected survival time of a cyberweapon’s vulnerability, allowing them to determine when to use them, replenish them, and assess windows of opportunity for reuse. This reduces the need to stockpile cyberweapons and creates incentives to use them before the expected survival time. The observed wide variability in longevity values indicates that risk tolerance is important in deciding when to use a cyberweapon.Outstanding ThesisLieutenant Commander, United States NavyApproved for public release. Distribution is unlimited

Few-shot Multi-domain Knowledge Rearming for Context-aware Defence against Advanced Persistent Threats

Advanced persistent threats (APTs) have novel features such as multi-stage penetration, highly-tailored intention, and evasive tactics. APTs defense requires fusing multi-dimensional Cyber threat intelligence data to identify attack intentions and conducts efficient knowledge discovery strategies by data-driven machine learning to recognize entity relationships. However, data-driven machine learning lacks generalization ability on fresh or unknown samples, reducing the accuracy and practicality of the defense model. Besides, the private deployment of these APT defense models on heterogeneous environments and various network devices requires significant investment in context awareness (such as known attack entities, continuous network states, and current security strategies). In this paper, we propose a few-shot multi-domain knowledge rearming (FMKR) scheme for context-aware defense against APTs. By completing multiple small tasks that are generated from different network domains with meta-learning, the FMKR firstly trains a model with good discrimination and generalization ability for fresh and unknown APT attacks. In each FMKR task, both threat intelligence and local entities are fused into the support/query sets in meta-learning to identify possible attack stages. Secondly, to rearm current security strategies, an finetuning-based deployment mechanism is proposed to transfer learned knowledge into the student model, while minimizing the defense cost. Compared to multiple model replacement strategies, the FMKR provides a faster response to attack behaviors while consuming less scheduling cost. Based on the feedback from multiple real users of the Industrial Internet of Things (IIoT) over 2 months, we demonstrate that the proposed scheme can improve the defense satisfaction rate.Comment: It has been accepted by IEEE SmartNet

Keeping space safe: towards a long-term strategy to arms control in space

When in 2007, China shot down an old weather satellite of its own this was the first test of an anti-satellite weapon since the 1980s. Many observers saw this as a reaction to an increasing investment of the United States in advanced technology for the “control” of space and warned of an arms race in space. Such an arms race would indeed have negative consequences for space safety and for the security of all space-faring nations. An exchange of violence in space would strongly restrain the usability of space and it could escalate to war on earth. But even below the threshold of a space war, space debris resulting from space weapon testing, could severely affect space safety. Currently, there are more than 21,000 pieces of trackable space debris in orbit that endanger other space objects such as satellites. Further testing of anti-satellite weapons would increase this number significantly. Keeping in mind that a lot of money is earned with space applications – the global revenue of the space industry in 2009 amounted to $261.61 billion – an arms race in space would have negative economic consequences, too. Then how can we keep space safe? This is the central question, this report wants to answer. One recent initiative in this regard is the EU proposal to make the major spacefaring states agree on a Code of Conduct for behavior in space. While the establishment of “rules of the road” for space would be a first step into the right direction, it does not ban space weapons and hence cannot prevent an arms race in space. This report argues that the establishment of an international arms control regime for space would be a better instrument to keep space safe and that the EU should therefore combine its Code of Conduct approach with an initiative to establish such a regime. Of course, an arms control regime for space cannot be established overnight. This report outlines a long-term strategy that maps out the central problems that must be solved to reach arms control in space. In order to do so, it draws on theoretical considerations on the establishment of international regimes. The finding of this analysis is that in order to be able to agree on arms control in space, states must solve two classical problems of international cooperation, namely cheating and the unequal distribution of gains. This is possible, though, by drawing upon classical solutions to these problems, namely verification and issue-linkage. A first problem that prevents states from agreeing to arms control in space is the fear that other states would not stick to their commitment. This fear is reflected in the American concern for effective verification and, indeed, drawing up mechanisms for verification must be part of any arms control agreement for space. This is possible, though. Although not every action that could lead to the development of space weapons can be verified, testing space weapons under real conditions can. Since space weapons cannot be developed overnight, states can make use of a strategy of reciprocity, a kind of space weapons testing tit-for-tat. A second problem results from the fact that states tend to cooperate only, if the gains from this cooperation are distributed equally. This is not easy in the case of space weapons where the U.S. clearly has the technological lead. However, a general ban of space weapons provides for a compromise between the U.S. – that chiefly would benefit from a ban on ground-based anti-satellite weapons – and Russia and China who mainly seek to restrict the placement of more sophisticated weapons in orbit. However, before these problems can be tackled, the major space-faring states have to “learn” that due to the interdependent character of space, unilateral strategies, i.e. developing space weapons, do not further their security. By drawing a parallel between the case of space weapons and nuclear arms control during the Cold War, this report argues that the emergence of a transnational epistemic community of space experts from the major space-faring states that produces consensual knowledge on the dangers of warfare in space would be an important step to foster learning in space. The EU could facilitate such a process of knowledge building by initiating a series of conferences among scientists from the major space-faring nations on the dangers of war in space

Network Analysis with Stochastic Grammars

Digital forensics requires significant manual effort to identify items of evidentiary interest from the ever-increasing volume of data in modern computing systems. One of the tasks digital forensic examiners conduct is mentally extracting and constructing insights from unstructured sequences of events. This research assists examiners with the association and individualization analysis processes that make up this task with the development of a Stochastic Context -Free Grammars (SCFG) knowledge representation for digital forensics analysis of computer network traffic. SCFG is leveraged to provide context to the low-level data collected as evidence and to build behavior profiles. Upon discovering patterns, the analyst can begin the association or individualization process to answer criminal investigative questions. Three contributions resulted from this research. First , domain characteristics suitable for SCFG representation were identified and a step -by- step approach to adapt SCFG to novel domains was developed. Second, a novel iterative graph-based method of identifying similarities in context-free grammars was developed to compare behavior patterns represented as grammars. Finally, the SCFG capabilities were demonstrated in performing association and individualization in reducing the suspect pool and reducing the volume of evidence to examine in a computer network traffic analysis use case

Applying Cyber Threat Intelligence to Industrial Control Systems

A cybersecurity initiative known as cyber threat intelligence (CTI) has recently been developed and deployed. The overall goal of this new technology is to help protect network infrastructures. Threat intelligence platforms (TIPs) have also been created to help facilitate CTI effectiveness within organizations. There are many benefits that both can achieve within the information technology (IT) sector. The industrial control system (ICS) sector can also benefit from these technologies as most ICS networks are connected to IT networks. CTI and TIPs become resourceful when using indicators of compromise (IOCs) from known ICS malware attacks and an open source intrusion detection system (IDS). This research shows how these IT-based technologies may help protect ICS. Three known malware attack scenarios are used to showcase its likely deployment. These scenarios are well-documented campaigns that targeted ICS environments and consisted of numerous IOCs. Equipped with this data, critical asset owners can obtain situational awareness on potential attacks and protect their devices with the proper implementation of CTI and TIP technologies

An OpenEaagles Framework Extension for Hardware-in-the-Loop Swarm Simulation

Unmanned Aerial Vehicle (UAV) swarm applications, algorithms, and control strategies have experienced steady growth and development over the past 15 years. Yet, to this day, most swarm development efforts have gone untested and thus unimplemented. Cost of aircraft systems, government imposed airspace restrictions, and the lack of adequate modeling and simulation tools are some of the major inhibitors to successful swarm implementation. This thesis examines how the OpenEaagles simulation framework can be extended to bridge this gap. This research aims to utilize Hardware-in-the-Loop (HIL) simulation to provide developers a functional capability to develop and test the behaviors of scalable and modular swarms of autonomous UAVs in simulation with high confidence that these behaviors will prop- agate to real/live ight tests. Demonstrations show the framework enhances and simplifies swarm development through encapsulation, possesses high modularity, pro- vides realistic aircraft modeling, and is capable of simultaneously accommodating four hardware-piloted swarming UAVs during HIL simulation or 64 swarming UAVs during pure simulation

NETWORK TRAFFIC CHARACTERIZATION AND INTRUSION DETECTION IN BUILDING AUTOMATION SYSTEMS

The goal of this research was threefold: (1) to learn the operational trends and behaviors of a realworld building automation system (BAS) network for creating building device models to detect anomalous behaviors and attacks, (2) to design a framework for evaluating BA device security from both the device and network perspectives, and (3) to leverage new sources of building automation device documentation for developing robust network security rules for BAS intrusion detection systems (IDSs). These goals were achieved in three phases, first through the detailed longitudinal study and characterization of a real university campus building automation network (BAN) and with the application of machine learning techniques on field level traffic for anomaly detection. Next, through the systematization of literature in the BAS security domain to analyze cross protocol device vulnerabilities, attacks, and defenses for uncovering research gaps as the foundational basis of our proposed BA device security evaluation framework. Then, to evaluate our proposed framework the largest multiprotocol BAS testbed discussed in the literature was built and several side-channel vulnerabilities and software/firmware shortcomings were exposed. Finally, through the development of a semi-automated specification gathering, device documentation extracting, IDS rule generating framework that leveraged PICS files and BIM models.Ph.D

Critical infrastructure protection

Postgraduate seminar series with a title Critical Infrastructure Protection held at the Department of Military Technology of the National Defence University. This book is a collection of some of talks that were presented in the seminar. The papers address threat intelligence, a protection of critical supply chains, cyber security in the management of an electricity company, and privacy preserving data mining. This set of papers tries to give some insight to current issues of the critical infrastructure protection. The seminar has always made a publication of the papers but this has been an internal publication of the Finnish Defence Forces and has not hindered publication of the papers in international conferences. Publication of these papers in peer reviewed conferences has indeed been always the goal of the seminar, since it teaches writing conference level papers. We still hope that an internal publication in the department series is useful to the Finnish Defence Forces by offering an easy access to these papers

Survey on encode biometric data for transmission in wireless communication networks

The aim of this research survey is to review an enhanced model supported by artificial intelligence to encode biometric data for transmission in wireless communication networks can be tricky as performance decreases with increasing size due to interference, especially if channels and network topology are not selected carefully beforehand. Additionally, network dissociations may occur easily if crucial links fail as redundancy is neglected for signal transmission. Therefore, we present several algorithms and its implementation which addresses this problem by finding a network topology and channel assignment that minimizes interference and thus allows a deployment to increase its throughput performance by utilizing more bandwidth in the local spectrum by reducing coverage as well as connectivity issues in multiple AI-based techniques. Our evaluation survey shows an increase in throughput performance of up to multiple times or more compared to a baseline scenario where an optimization has not taken place and only one channel for the whole network is used with AI-based techniques. Furthermore, our solution also provides a robust signal transmission which tackles the issue of network partition for coverage and for single link failures by using airborne wireless network. The highest end-to-end connectivity stands at 10 Mbps data rate with a maximum propagation distance of several kilometers. The transmission in wireless network coverage depicted with several signal transmission data rate with 10 Mbps as it has lowest coverage issue with moderate range of propagation distance using enhanced model to encode biometric data for transmission in wireless communication