343 research outputs found
Multidisciplinary perspectives on Artificial Intelligence and the law
This open access book presents an interdisciplinary, multi-authored, edited collection of chapters on Artificial Intelligence (‘AI’) and the Law. AI technology has come to play a central role in the modern data economy. Through a combination of increased computing power, the growing availability of data and the advancement of algorithms, AI has now become an umbrella term for some of the most transformational technological breakthroughs of this age. The importance of AI stems from both the opportunities that it offers and the challenges that it entails. While AI applications hold the promise of economic growth and efficiency gains, they also create significant risks and uncertainty. The potential and perils of AI have thus come to dominate modern discussions of technology and ethics – and although AI was initially allowed to largely develop without guidelines or rules, few would deny that the law is set to play a fundamental role in shaping the future of AI. As the debate over AI is far from over, the need for rigorous analysis has never been greater. This book thus brings together contributors from different fields and backgrounds to explore how the law might provide answers to some of the most pressing questions raised by AI. An outcome of the Católica Research Centre for the Future of Law and its interdisciplinary working group on Law and Artificial Intelligence, it includes contributions by leading scholars in the fields of technology, ethics and the law.info:eu-repo/semantics/publishedVersio
Cloud Forensic: Issues, Challenges and Solution Models
Cloud computing is a web-based utility model that is becoming popular every
day with the emergence of 4th Industrial Revolution, therefore, cybercrimes
that affect web-based systems are also relevant to cloud computing. In order to
conduct a forensic investigation into a cyber-attack, it is necessary to
identify and locate the source of the attack as soon as possible. Although
significant study has been done in this domain on obstacles and its solutions,
research on approaches and strategies is still in its development stage. There
are barriers at every stage of cloud forensics, therefore, before we can come
up with a comprehensive way to deal with these problems, we must first
comprehend the cloud technology and its forensics environment. Although there
are articles that are linked to cloud forensics, there is not yet a paper that
accumulated the contemporary concerns and solutions related to cloud forensic.
Throughout this chapter, we have looked at the cloud environment, as well as
the threats and attacks that it may be subjected to. We have also looked at the
approaches that cloud forensics may take, as well as the various frameworks and
the practical challenges and limitations they may face when dealing with cloud
forensic investigations.Comment: 23 pages; 6 figures; 4 tables. Book chapter of the book titled "A
Practical Guide on Security and Privacy in Cyber Physical Systems
Foundations, Applications and Limitations", World Scientific Series in
Digital Forensics and Cybersecurit
NEMISA Digital Skills Conference (Colloquium) 2023
The purpose of the colloquium and events centred around the central role that data plays
today as a desirable commodity that must become an important part of massifying digital
skilling efforts. Governments amass even more critical data that, if leveraged, could
change the way public services are delivered, and even change the social and economic
fortunes of any country. Therefore, smart governments and organisations increasingly
require data skills to gain insights and foresight, to secure themselves, and for improved
decision making and efficiency. However, data skills are scarce, and even more
challenging is the inconsistency of the associated training programs with most curated for
the Science, Technology, Engineering, and Mathematics (STEM) disciplines.
Nonetheless, the interdisciplinary yet agnostic nature of data means that there is
opportunity to expand data skills into the non-STEM disciplines as well.College of Engineering, Science and Technolog
Cognitive Machine Individualism in a Symbiotic Cybersecurity Policy Framework for the Preservation of Internet of Things Integrity: A Quantitative Study
This quantitative study examined the complex nature of modern cyber threats to propose the establishment of cyber as an interdisciplinary field of public policy initiated through the creation of a symbiotic cybersecurity policy framework. For the public good (and maintaining ideological balance), there must be recognition that public policies are at a transition point where the digital public square is a tangible reality that is more than a collection of technological widgets. The academic contribution of this research project is the fusion of humanistic principles with Internet of Things (IoT) technologies that alters our perception of the machine from an instrument of human engineering into a thinking peer to elevate cyber from technical esoterism into an interdisciplinary field of public policy. The contribution to the US national cybersecurity policy body of knowledge is a unified policy framework (manifested in the symbiotic cybersecurity policy triad) that could transform cybersecurity policies from network-based to entity-based. A correlation archival data design was used with the frequency of malicious software attacks as the dependent variable and diversity of intrusion techniques as the independent variable for RQ1. For RQ2, the frequency of detection events was the dependent variable and diversity of intrusion techniques was the independent variable. Self-determination Theory is the theoretical framework as the cognitive machine can recognize, self-endorse, and maintain its own identity based on a sense of self-motivation that is progressively shaped by the machine’s ability to learn. The transformation of cyber policies from technical esoterism into an interdisciplinary field of public policy starts with the recognition that the cognitive machine is an independent consumer of, advisor into, and influenced by public policy theories, philosophical constructs, and societal initiatives
Evaluation Methodologies in Software Protection Research
Man-at-the-end (MATE) attackers have full control over the system on which
the attacked software runs, and try to break the confidentiality or integrity
of assets embedded in the software. Both companies and malware authors want to
prevent such attacks. This has driven an arms race between attackers and
defenders, resulting in a plethora of different protection and analysis
methods. However, it remains difficult to measure the strength of protections
because MATE attackers can reach their goals in many different ways and a
universally accepted evaluation methodology does not exist. This survey
systematically reviews the evaluation methodologies of papers on obfuscation, a
major class of protections against MATE attacks. For 572 papers, we collected
113 aspects of their evaluation methodologies, ranging from sample set types
and sizes, over sample treatment, to performed measurements. We provide
detailed insights into how the academic state of the art evaluates both the
protections and analyses thereon. In summary, there is a clear need for better
evaluation methodologies. We identify nine challenges for software protection
evaluations, which represent threats to the validity, reproducibility, and
interpretation of research results in the context of MATE attacks
Majority Voting Approach to Ransomware Detection
Crypto-ransomware remains a significant threat to governments and companies
alike, with high-profile cyber security incidents regularly making headlines.
Many different detection systems have been proposed as solutions to the
ever-changing dynamic landscape of ransomware detection. In the majority of
cases, these described systems propose a method based on the result of a single
test performed on either the executable code, the process under investigation,
its behaviour, or its output. In a small subset of ransomware detection
systems, the concept of a scorecard is employed where multiple tests are
performed on various aspects of a process under investigation and their results
are then analysed using machine learning. The purpose of this paper is to
propose a new majority voting approach to ransomware detection by developing a
method that uses a cumulative score derived from discrete tests based on
calculations using algorithmic rather than heuristic techniques. The paper
describes 23 candidate tests, as well as 9 Windows API tests which are
validated to determine both their accuracy and viability for use within a
ransomware detection system. Using a cumulative score calculation approach to
ransomware detection has several benefits, such as the immunity to the
occasional inaccuracy of individual tests when making its final classification.
The system can also leverage multiple tests that can be both comprehensive and
complimentary in an attempt to achieve a broader, deeper, and more robust
analysis of the program under investigation. Additionally, the use of multiple
collaborative tests also significantly hinders ransomware from masking or
modifying its behaviour in an attempt to bypass detection.Comment: 17 page
Next-Generation Industrial Control System (ICS) Security:Towards ICS Honeypots for Defence-in-Depth Security
The advent of Industry 4.0 and smart manufacturing has led to an increased convergence of traditional manufacturing and production technologies with IP communications. Legacy Industrial Control System (ICS) devices are now exposed to a wide range of previously unconsidered threats, which must be considered to ensure the safe operation of industrial processes. Especially as cyberspace is presenting itself as a popular domain for nation-state operations, including against critical infrastructure. Honeypots are a well-known concept within traditional IT security, and they can enable a more proactive approach to security, unlike traditional systems. More work needs to be done to understand their usefulness within OT and critical infrastructure. This thesis advances beyond current honeypot implementations and furthers the current state-of-the-art by delivering novel ways of deploying ICS honeypots and delivering concrete answers to key research questions within the area. This is done by answering the question previously raised from a multitude of perspectives. We discuss relevant legislation, such as the UK Cyber Assessment Framework, the US NIST Framework for Improving Critical Infrastructure Cybersecurity, and associated industry-based standards and guidelines supporting operator compliance. Standards and guidance are used to frame a discussion on our survey of existing ICS honeypot implementations in the literature and their role in supporting regulatory objectives. However, these deployments are not always correctly configured and might differ from a real ICS. Based on these insights, we propose a novel framework towards the classification and implementation of ICS honeypots. This is underpinned by a study into the passive identification of ICS honeypots using Internet scanner data to identify honeypot characteristics. We also present how honeypots can be leveraged to identify when bespoke ICS vulnerabilities are exploited within the organisational network—further strengthening the case for honeypot usage within critical infrastructure environments. Additionally, we demonstrate a fundamentally different approach to the deployment of honeypots. By deploying it as a deterrent, to reduce the likelihood that an adversary interacts with a real system. This is important as skilled attackers are now adept at fingerprinting and avoiding honeypots. The results presented in this thesis demonstrate that honeypots can provide several benefits to the cyber security of and alignment to regulations within the critical infrastructure environment
Artificial Intelligence and International Conflict in Cyberspace
This edited volume explores how artificial intelligence (AI) is transforming international conflict in cyberspace. Over the past three decades, cyberspace developed into a crucial frontier and issue of international conflict. However, scholarly work on the relationship between AI and conflict in cyberspace has been produced along somewhat rigid disciplinary boundaries and an even more rigid sociotechnical divide – wherein technical and social scholarship are seldomly brought into a conversation. This is the first volume to address these themes through a comprehensive and cross-disciplinary approach. With the intent of exploring the question ‘what is at stake with the use of automation in international conflict in cyberspace through AI?’, the chapters in the volume focus on three broad themes, namely: (1) technical and operational, (2) strategic and geopolitical and (3) normative and legal. These also constitute the three parts in which the chapters of this volume are organised, although these thematic sections should not be considered as an analytical or a disciplinary demarcation
Cybersecurity: Past, Present and Future
The digital transformation has created a new digital space known as
cyberspace. This new cyberspace has improved the workings of businesses,
organizations, governments, society as a whole, and day to day life of an
individual. With these improvements come new challenges, and one of the main
challenges is security. The security of the new cyberspace is called
cybersecurity. Cyberspace has created new technologies and environments such as
cloud computing, smart devices, IoTs, and several others. To keep pace with
these advancements in cyber technologies there is a need to expand research and
develop new cybersecurity methods and tools to secure these domains and
environments. This book is an effort to introduce the reader to the field of
cybersecurity, highlight current issues and challenges, and provide future
directions to mitigate or resolve them. The main specializations of
cybersecurity covered in this book are software security, hardware security,
the evolution of malware, biometrics, cyber intelligence, and cyber forensics.
We must learn from the past, evolve our present and improve the future. Based
on this objective, the book covers the past, present, and future of these main
specializations of cybersecurity. The book also examines the upcoming areas of
research in cyber intelligence, such as hybrid augmented and explainable
artificial intelligence (AI). Human and AI collaboration can significantly
increase the performance of a cybersecurity system. Interpreting and explaining
machine learning models, i.e., explainable AI is an emerging field of study and
has a lot of potentials to improve the role of AI in cybersecurity.Comment: Author's copy of the book published under ISBN: 978-620-4-74421-
- …