79 research outputs found
A Systematic Mapping Study on Approaches for AI-Supported Security Risk Assessment
Effective assessment of cyber risks in the increasingly dynamic threat landscape must be supported by artificial intelligence techniques due to their ability to dynamically scale and adapt. This article provides the state of the art of AI-supported security risk assessment approaches in terms of a systematic mapping study. The overall goal is to obtain an overview of security risk assessment approaches that use AI techniques to identify, estimate, and/or evaluate cyber risks. We carried out the systematic mapping study following standard processes and identified in total 33 relevant primary studies that we included in our mapping study. The results of our study show that on average, the number of papers about AI-supported security risk assessment has been increasing since 2010 with the growth rate of 133% between 2010 and 2020. The risk assessment approaches reported have mainly been used to assess cyber risks related to intrusion detection, malware detection, and industrial systems. The approaches focus mostly on identifying and/or estimating security risks, and primarily make use of Bayesian networks and neural networks as supporting AI methods/techniques.acceptedVersio
A smart resource management mechanism with trust access control for cloud computing environment
The core of the computer business now offers subscription-based on-demand
services with the help of cloud computing. We may now share resources among
multiple users by using virtualization, which creates a virtual instance of a
computer system running in an abstracted hardware layer. It provides infinite
computing capabilities through its massive cloud datacenters, in contrast to
early distributed computing models, and has been incredibly popular in recent
years because to its continually growing infrastructure, user base, and hosted
data volume. This article suggests a conceptual framework for a workload
management paradigm in cloud settings that is both safe and
performance-efficient. A resource management unit is used in this paradigm for
energy and performing virtual machine allocation with efficiency, assuring the
safe execution of users' applications, and protecting against data breaches
brought on by unauthorised virtual machine access real-time. A secure virtual
machine management unit controls the resource management unit and is created to
produce data on unlawful access or intercommunication. Additionally, a workload
analyzer unit works simultaneously to estimate resource consumption data to
help the resource management unit be more effective during virtual machine
allocation. The suggested model functions differently to effectively serve the
same objective, including data encryption and decryption prior to transfer,
usage of trust access mechanism to prevent unauthorised access to virtual
machines, which creates extra computational cost overhead
Машинне навчання на ринках, що розвиваються, в часи пандемії
This is an introductory text to a collection of selected papers from the M3E2 2020 Summer: The Special Edition of International Conference on Monitoring, Modeling & Management of Emergent Economy, which was held in Odessa, Ukraine, on the July 13-18, 2020. It consists of short introduction and
some observations about the event and its future.Це вступний текст до збірки вибраних доповідей з M3E2 2020 Summer: Спеціального видання Міжнародної конференції з моніторингу, моделювання та управління емерджентною економікою, що відбулася в Одесі, Україна, 13-18 липня 2020 року. Він складається з короткого вступу та деяких спостережень про подію та її майбутнє
Handling of advanced persistent threats and complex incidents in healthcare, transportation and energy ICT infrastructures
In recent years, the use of information technologies in Critical Infrastructures is gradually increasing. Although this brings benefits, it also increases the possibility of security attacks. Despite the availability of various advanced incident handling techniques and tools, there is still no easy, structured, standardized and trusted way to manage and forecast interrelated cybersecurity incidents. This paper introduces CyberSANE, a novel dynamic and collaborative, warning and response system, which supports security officers and operators to recognize, identify, dynamically analyse, forecast, treat and respond to security threats and risks and and it guides them to handle effectively cyber incidents. The components of CyberSANE are described along with a description of the CyberSANE data flow. The main novelty of the CyberSANE system is the fact that it enables the combination of active incident handling approaches with reactive approaches to support incidents of compound, highly dependent Critical Information Infrastructures. The benefits and added value of using CyberSANE is described with the aid of a set of cyber-attack scenarios
Intrusion Detection: Embedded Software Machine Learning and Hardware Rules Based Co-Designs
Security of innovative technologies in future generation networks such as (Cyber Physical Systems (CPS) and Wi-Fi has become a critical universal issue for individuals, economy, enterprises, organizations and governments. The rate of cyber-attacks has increased dramatically, and the tactics used by the attackers are continuing to evolve and have become ingenious during the attacks. Intrusion Detection is one of the solutions against these attacks. One approach in designing an intrusion detection system (IDS) is software-based machine learning. Such approach can predict and detect threats before they result in major security incidents. Moreover, despite the considerable research in machine learning based designs, there is still a relatively small body of literature that is concerned with imbalanced class distributions from the intrusion detection system perspective. In addition, it is necessary to have an effective performance metric that can compare multiple multi-class as well as binary-class systems with respect to class distribution. Furthermore, the expectant detection techniques must have the ability to identify real attacks from random defects, ingrained defects in the design, misconfigurations of the system devices, system faults, human errors, and software implementation errors. Moreover, a lightweight IDS that is small, real-time, flexible and reconfigurable enough to be used as permanent elements of the system's security infrastructure is essential. The main goal of the current study is to design an effective and accurate intrusion detection framework with minimum features that are more discriminative and representative. Three publicly available datasets representing variant networking environments are adopted which also reflect realistic imbalanced class distributions as well as updated attack patterns. The presented intrusion detection framework is composed of three main modules: feature selection and dimensionality reduction, handling imbalanced class distributions, and classification. The feature selection mechanism utilizes searching algorithms and correlation based subset evaluation techniques, whereas the feature dimensionality reduction part utilizes principal component analysis and auto-encoder as an instance of deep learning. Various classifiers, including eight single-learning classifiers, four ensemble classifiers, one stacked classifier, and five imbalanced class handling approaches are evaluated to identify the most efficient and accurate one(s) for the proposed intrusion detection framework. A hardware-based approach to detect malicious behaviors of sensors and actuators embedded in medical devices, in which the safety of the patient is critical and of utmost importance, is additionally proposed. The idea is based on a methodology that transforms a device's behavior rules into a state machine to build a Behavior Specification Rules Monitoring (BSRM) tool for four medical devices. Simulation and synthesis results demonstrate that the BSRM tool can effectively identify the expected normal behavior of the device and detect any deviation from its normal behavior. The performance of the BSRM approach has also been compared with a machine learning based approach for the same problem. The FPGA module of the BSRM can be embedded in medical devices as an IDS and can be further integrated with the machine learning based approach. The reconfigurable nature of the FPGA chip adds an extra advantage to the designed model in which the behavior rules can be easily updated and tailored according to the requirements of the device, patient, treatment algorithm, and/or pervasive healthcare application
Real-time Adaptive Sensor Attack Detection and Recovery in Autonomous Cyber-physical Systems
Cyber-Physical Systems (CPS) tightly couple information technology with physical processes, which rises new vulnerabilities such as physical attacks that are beyond conventional cyber attacks.Attackers may non-invasively compromise sensors and spoof the controller to perform unsafe actions. This issue is even emphasized with the increasing autonomy in CPS. While this fact has motivated many defense mechanisms against sensor attacks, a clear vision of the timing and usability (or the false alarm rate) of attack detection still remains elusive. Existing works tend to pursue an unachievable goal of minimizing the detection delay and false alarm rate at the same time, while there is a clear trade-off between the two metrics. Instead, this dissertation argues that attack detection should bias different metrics (detection delay and false alarm) when a system sits in different states. For example, if the system is close to unsafe states, reducing the detection delay is preferable to lowering the false alarm rate, and vice versa. This dissertation proposes two real-time adaptive sensor attack detection frameworks. The frameworks can dynamically adapt the detection delay and false alarm rate so as to meet a detection deadline and improve usability according to different system statuses. We design and implement the proposed frameworks and validate them using realistic sensor data of automotive CPS to demonstrate its efficiency and efficacy.
Further, this dissertation proposes \textit{Recovery-by-Learning}, a data-driven attack recovery framework that restores CPS from sensor attacks. The importance of attack recovery is emphasized by the need to mitigate the attack\u27s impact on a system and restore it to continue functioning. We propose a double sliding window-based checkpointing protocol to remove compromised data and keep trustful data for state estimation.
Together, the proposed solutions enable a holistic attack resilient solution for automotive cyber-physical systems
Predictive maintenance using digital twins: A systematic literature review
Context: Predictive maintenance is a technique for creating a more sustainable, safe, and profitable industry. One of the key challenges for creating predictive maintenance systems is the lack of failure data, as the machine is frequently repaired before failure. Digital Twins provide a real-time representation of the physical machine and generate data, such as asset degradation, which the predictive maintenance algorithm can use. Since 2018, scientific literature on the utilization of Digital Twins for predictive maintenance has accelerated, indicating the need for a thorough review. Objective: This research aims to gather and synthesize the studies that focus on predictive maintenance using Digital Twins to pave the way for further research. Method: A systematic literature review (SLR) using an active learning tool is conducted on published primary studies on predictive maintenance using Digital Twins, in which 42 primary studies have been analyzed. Results: This SLR identifies several aspects of predictive maintenance using Digital Twins, including the objectives, application domains, Digital Twin platforms, Digital Twin representation types, approaches, abstraction levels, design patterns, communication protocols, twinning parameters, and challenges and solution directions. These results contribute to a Software Engineering approach for developing predictive maintenance using Digital Twins in academics and the industry. Conclusion: This study is the first SLR in predictive maintenance using Digital Twins. We answer key questions for designing a successful predictive maintenance model leveraging Digital Twins. We found that to this day, computational burden, data variety, and complexity of models, assets, or components are the key challenges in designing these models. 2022Scopus2-s2.0-8513459995
Detecting Cryptojacking Web Threats: An Approach with Autoencoders and Deep Dense Neural Networks
With the growing popularity of cryptocurrencies, which are an important part of day-to-day transactions over the Internet, the interest in being part of the so-called cryptomining service has attracted the attention of investors who wish to quickly earn profits by computing powerful transactional records towards the blockchain network. Since most users cannot afford the cost of specialized or standardized hardware for mining purposes, new techniques have been developed to make the latter easier, minimizing the computational cost required. Developers of large cryptocurrency houses have made available executable binaries and mainly browser-side scripts in order to authoritatively tap into users’ collective resources and effectively complete the calculation of puzzles to complete a proof of work. However, malicious actors have taken advantage of this capability to insert malicious scripts and illegally mine data without the user’s knowledge. This cyber-attack, also known as cryptojacking, is stealthy and difficult to analyze, whereby, solutions based on anti-malware extensions, blocklists, JavaScript disabling, among others, are not sufficient for accurate detection, creating a gap in multi-layer security mechanisms. Although in the state-of-the-art there are alternative solutions, mainly using machine learning techniques, one of the important issues to be solved is still the correct characterization of network and host samples, in the face of the increasing escalation of new tampering or obfuscation techniques. This paper develops a method that performs a fingerprinting technique to detect possible malicious sites, which are then characterized by an autoencoding algorithm that preserves the best information of the infection traces, thus, maximizing the classification power by means of a deep dense neural network
The future of Cybersecurity in Italy: Strategic focus area
This volume has been created as a continuation of the previous one, with the aim of outlining a set of focus areas and actions that the Italian Nation research community considers essential. The book touches many aspects of cyber security, ranging from the definition of the infrastructure and controls needed to organize cyberdefence to the actions and technologies to be developed to be better protected, from the identification of the main technologies to be defended to the proposal of a set of horizontal actions for training, awareness raising, and risk management
- …