Behavioral analysis in cybersecurity using machine learning: a study based on graph representation, class imbalance and temporal dissection

The main goal of this thesis is to improve behavioral cybersecurity analysis using machine learning, exploiting graph structures, temporal dissection, and addressing imbalance problems.This main objective is divided into four specific goals: OBJ1: To study the influence of the temporal resolution on highlighting micro-dynamics in the entity behavior classification problem. In real use cases, time-series information could be not enough for describing the entity behavior classification. For this reason, we plan to exploit graph structures for integrating both structured and unstructured data in a representation of entities and their relationships. In this way, it will be possible to appreciate not only the single temporal communication but the whole behavior of these entities. Nevertheless, entity behaviors evolve over time and therefore, a static graph may not be enoughto describe all these changes. For this reason, we propose to use a temporal dissection for creating temporal subgraphs and therefore, analyze the influence of the temporal resolution on the graph creation and the entity behaviors within. Furthermore, we propose to study how the temporal granularity should be used for highlighting network micro-dynamics and short-term behavioral changes which can be a hint of suspicious activities. OBJ2: To develop novel sampling methods that work with disconnected graphs for addressing imbalanced problems avoiding component topology changes. Graph imbalance problem is a very common and challenging task and traditional graph sampling techniques that work directly on these structures cannot be used without modifying the graph’s intrinsic information or introducing bias. Furthermore, existing techniques have shown to be limited when disconnected graphs are used. For this reason, novel resampling methods for balancing the number of nodes that can be directly applied over disconnected graphs, without altering component topologies, need to be introduced. In particular, we propose to take advantage of the existence of disconnected graphs to detect and replicate the most relevant graph components without changing their topology, while considering traditional data-level strategies for handling the entity behaviors within. OBJ3: To study the usefulness of the generative adversarial networks for addressing the class imbalance problem in cybersecurity applications. Although traditional data-level pre-processing techniques have shown to be effective for addressing class imbalance problems, they have also shown downside effects when highly variable datasets are used, as it happens in cybersecurity. For this reason, new techniques that can exploit the overall data distribution for learning highly variable behaviors should be investigated. In this sense, GANs have shown promising results in the image and video domain, however, their extension to tabular data is not trivial. For this reason, we propose to adapt GANs for working with cybersecurity data and exploit their ability in learning and reproducing the input distribution for addressing the class imbalance problem (as an oversampling technique). Furthermore, since it is not possible to find a unique GAN solution that works for every scenario, we propose to study several GAN architectures with several training configurations to detect which is the best option for a cybersecurity application. OBJ4: To analyze temporal data trends and performance drift for enhancing cyber threat analysis. Temporal dynamics and incoming new data can affect the quality of the predictions compromising the model reliability. This phenomenon makes models get outdated without noticing. In this sense, it is very important to be able to extract more insightful information from the application domain analyzing data trends, learning processes, and performance drifts over time. For this reason, we propose to develop a systematic approach for analyzing how the data quality and their amount affect the learning process. Moreover, in the contextof CTI, we propose to study the relations between temporal performance drifts and the input data distribution for detecting possible model limitations, enhancing cyber threat analysis.Programa de Doctorado en Ciencias y Tecnologías Industriales (RD 99/2011) Industria Zientzietako eta Teknologietako Doktoretza Programa (ED 99/2011

EXPLORING TECHNOLOGY TRUST IN BITCOIN: THE BLOCKCHAIN EXEMPLAR

The acceptance of Bitcoin as an electronic currency is steadily on the rise. This implies there is a surge in the diffusion and adoption of the blockchain technology introduced by Bitcoin as well. Moreover, the potential of this novel disruptive technology has been acknowledged by academic researchers and practitioners alike. IS research has shown that trust is a significant antecedent enabling the adoption of a novel technology and attenuating the apprehensions of risk and uncertainty among consumers. Trust in a technology is formed by the trusting beliefs of a trustor regarding the trustworthiness of the IT artifact. The blockchain technology, the trustee, has features like cryptography, decentralization, hash functions, digital signature, consensus mechanism, which embody trust in the technology. We present an extensive description of Bitcoin as an instantiation of the blockchain technology, while offering a detailed account of the literature on trust in a technology. We conceptually present, through the use of knowledge mapping, how blockchain ensures trust in the technology. We propose future research directions for trust research in the blockchain context and urge IS academics to explore trust in this novel context

Cyber Security

This open access book constitutes the refereed proceedings of the 18th China Annual Conference on Cyber Security, CNCERT 2022, held in Beijing, China, in August 2022. The 17 papers presented were carefully reviewed and selected from 64 submissions. The papers are organized according to the following topical sections: ​​data security; anomaly detection; cryptocurrency; information security; vulnerabilities; mobile internet; threat intelligence; text recognition

Cyber Security

This open access book constitutes the refereed proceedings of the 18th China Annual Conference on Cyber Security, CNCERT 2022, held in Beijing, China, in August 2022. The 17 papers presented were carefully reviewed and selected from 64 submissions. The papers are organized according to the following topical sections: ​​data security; anomaly detection; cryptocurrency; information security; vulnerabilities; mobile internet; threat intelligence; text recognition

Principles of Security and Trust: 7th International Conference, POST 2018, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2018, Thessaloniki, Greece, April 14-20, 2018, Proceedings

authentication; computer science; computer software selection and evaluation; cryptography; data privacy; formal logic; formal methods; formal specification; internet; privacy; program compilers; programming languages; security analysis; security systems; semantics; separation logic; software engineering; specifications; verification; world wide we

Internet of Things From Hype to Reality

The Internet of Things (IoT) has gained significant mindshare, let alone attention, in academia and the industry especially over the past few years. The reasons behind this interest are the potential capabilities that IoT promises to offer. On the personal level, it paints a picture of a future world where all the things in our ambient environment are connected to the Internet and seamlessly communicate with each other to operate intelligently. The ultimate goal is to enable objects around us to efficiently sense our surroundings, inexpensively communicate, and ultimately create a better environment for us: one where everyday objects act based on what we need and like without explicit instructions

Reasoning about Cyber Threat Actors

abstract: Reasoning about the activities of cyber threat actors is critical to defend against cyber attacks. However, this task is difficult for a variety of reasons. In simple terms, it is difficult to determine who the attacker is, what the desired goals are of the attacker, and how they will carry out their attacks. These three questions essentially entail understanding the attacker’s use of deception, the capabilities available, and the intent of launching the attack. These three issues are highly inter-related. If an adversary can hide their intent, they can better deceive a defender. If an adversary’s capabilities are not well understood, then determining what their goals are becomes difficult as the defender is uncertain if they have the necessary tools to accomplish them. However, the understanding of these aspects are also mutually supportive. If we have a clear picture of capabilities, intent can better be deciphered. If we understand intent and capabilities, a defender may be able to see through deception schemes. In this dissertation, I present three pieces of work to tackle these questions to obtain a better understanding of cyber threats. First, we introduce a new reasoning framework to address deception. We evaluate the framework by building a dataset from DEFCON capture-the-flag exercise to identify the person or group responsible for a cyber attack. We demonstrate that the framework not only handles cases of deception but also provides transparent decision making in identifying the threat actor. The second task uses a cognitive learning model to determine the intent – goals of the threat actor on the target system. The third task looks at understanding the capabilities of threat actors to target systems by identifying at-risk systems from hacker discussions on darkweb websites. To achieve this task we gather discussions from more than 300 darkweb websites relating to malicious hacking.Dissertation/ThesisDoctoral Dissertation Computer Engineering 201

Sensor-based ICT Systems for Smart Societies

L'abstract è presente nell'allegato / the abstract is in the attachmen

Understanding and designing for trust in Bitcoin Blockchain

Bitcoin is a cryptocurrency that has created a new revolution in peer-to-peer technology. Built upon decentralised technology known as Blockchain, it supports transparent, fast, cost-effective and irreversible transactions, without the need for trusting the third-party financial institution. The privacy of Bitcoin users is protected, by the pseudoanonymous transaction. At present, Bitcoin holds the largest market share in cryptocurrency and the Blockchain technology had captured the interest of multi-corporations, such as Microsoft, Dell, and T-Mobile. However, Bitcoins have no legal tender in most and it is even worse with the illicit use by the irresponsible people and the cyber-attacks towards the application. Hence, these are the primary motivation of this Ph.D. work, to explore the trust between people and Bitcoin technology as well as identify the opportunities to design for the trust challenges. This thesis investigates the challenges and design works with 80 Bitcoin stakeholders such as users, miners, Blockchain experts and novices in six different but interrelated studies. The first and second studies report in-depth preliminary studies with 20 Bitcoin users and 20 miners to identify the trust challenges in people’s daily practices in using Bitcoin. Based on the findings, users’ risk related to dishonest partner in peer-to-peer Bitcoins transactions is the highlighted trust challenges to be addressed in this thesis. With a strong understanding of Bitcoin mining process, a physical Blockchain design kit, namely BlocKit was developed based on the embodied cognition theories and material centred design. This BlocKit was evaluated by 15 Bitcoin Blockchain’s experienced users and one of the important outcomes proposed the principles to design for trust application in peer-to-peer Bitcoins transactions. Later the algorithms of trust for Bitcoin application were developed based on the suggested principles and were validated by 10 Bitcoin Blockchain’s experienced users. Finally, based on the designed algorithms as well as a newly identified heuristic evaluation for trust, a mock-up prototype of Bitcoin wallet application namely, BitXFps was developed and the interface was evaluated for trust by 15 Bitcoin Blockchain’s experienced users