Privacy-Friendly Collaboration for Cyber Threat Mitigation

Sharing of security data across organizational boundaries has often been advocated as a promising way to enhance cyber threat mitigation. However, collaborative security faces a number of important challenges, including privacy, trust, and liability concerns with the potential disclosure of sensitive data. In this paper, we focus on data sharing for predictive blacklisting, i.e., forecasting attack sources based on past attack information. We propose a novel privacy-enhanced data sharing approach in which organizations estimate collaboration benefits without disclosing their datasets, organize into coalitions of allied organizations, and securely share data within these coalitions. We study how different partner selection strategies affect prediction accuracy by experimenting on a real-world dataset of 2 billion IP addresses and observe up to a 105% prediction improvement.Comment: This paper has been withdrawn as it has been superseded by arXiv:1502.0533

Use of Graph Neural Networks in Aiding Defensive Cyber Operations

In an increasingly interconnected world, where information is the lifeblood of modern society, regular cyber-attacks sabotage the confidentiality, integrity, and availability of digital systems and information. Additionally, cyber-attacks differ depending on the objective and evolve rapidly to disguise defensive systems. However, a typical cyber-attack demonstrates a series of stages from attack initiation to final resolution, called an attack life cycle. These diverse characteristics and the relentless evolution of cyber attacks have led cyber defense to adopt modern approaches like Machine Learning to bolster defensive measures and break the attack life cycle. Among the adopted ML approaches, Graph Neural Networks have emerged as a promising approach for enhancing the effectiveness of defensive measures due to their ability to process and learn from heterogeneous cyber threat data. In this paper, we look into the application of GNNs in aiding to break each stage of one of the most renowned attack life cycles, the Lockheed Martin Cyber Kill Chain. We address each phase of CKC and discuss how GNNs contribute to preparing and preventing an attack from a defensive standpoint. Furthermore, We also discuss open research areas and further improvement scopes.Comment: 35 pages, 9 figures, 8 table

TRIDEnT: Building Decentralized Incentives for Collaborative Security

Sophisticated mass attacks, especially when exploiting zero-day vulnerabilities, have the potential to cause destructive damage to organizations and critical infrastructure. To timely detect and contain such attacks, collaboration among the defenders is critical. By correlating real-time detection information (alerts) from multiple sources (collaborative intrusion detection), defenders can detect attacks and take the appropriate defensive measures in time. However, although the technical tools to facilitate collaboration exist, real-world adoption of such collaborative security mechanisms is still underwhelming. This is largely due to a lack of trust and participation incentives for companies and organizations. This paper proposes TRIDEnT, a novel collaborative platform that aims to enable and incentivize parties to exchange network alert data, thus increasing their overall detection capabilities. TRIDEnT allows parties that may be in a competitive relationship, to selectively advertise, sell and acquire security alerts in the form of (near) real-time peer-to-peer streams. To validate the basic principles behind TRIDEnT, we present an intuitive game-theoretic model of alert sharing, that is of independent interest, and show that collaboration is bound to take place infinitely often. Furthermore, to demonstrate the feasibility of our approach, we instantiate our design in a decentralized manner using Ethereum smart contracts and provide a fully functional prototype.Comment: 28 page

Critical infrastructure protection

Postgraduate seminar series with a title Critical Infrastructure Protection held at the Department of Military Technology of the National Defence University. This book is a collection of some of talks that were presented in the seminar. The papers address threat intelligence, a protection of critical supply chains, cyber security in the management of an electricity company, and privacy preserving data mining. This set of papers tries to give some insight to current issues of the critical infrastructure protection. The seminar has always made a publication of the papers but this has been an internal publication of the Finnish Defence Forces and has not hindered publication of the papers in international conferences. Publication of these papers in peer reviewed conferences has indeed been always the goal of the seminar, since it teaches writing conference level papers. We still hope that an internal publication in the department series is useful to the Finnish Defence Forces by offering an easy access to these papers

Analysis of Privacy-aware Data Sharing in Cyber-physical Energy Systems

In this thesis, we determine the key factors and correlations among the privacy, security, and utility requirements of grid networks to ensure effective inter-and intra-actions within physical layer equipment (e.g., distributed energy resources (DERs), intelligent electronic devices (IEDs), etc.). We have conducted a comprehensive analysis of the existing consensus mechanisms in blockchain-enabled smart grids while pointing out the potential research gaps. We develop a practical and effective consensus mechanism for a private and permissioned blockchain-enabled Supervisory control and data acquisition (SCADA) system. Moreover, we bridge a common and popular industrial control system (ICS) protocol, distributed network protocol 3 (DNP3) with the blockchain network to ensure smooth operation. In addition, we develop differential privacy (DP)-enabled strategies to achieve data security, privacy, and utility requirements of the power system network under an adversarial setting. Specifically, we aim to analyze and develop a provable correlation between privacy loss and other DP parameters considering the variations of attacks and their impacts along with DP constraints. This will enable modern power grid designers to develop, design, and employ DP-based fault-tolerant models in data-driven power grid operation and control. Furthermore, we conduct feasibility and quality-of-service (QoS) analysis of the DP mechanism and the grid to achieve certified robustness. Feasibility analysis of the privacy measure provides an assessment of the practicability of differential privacy in grid operation and warns the operators about the possible failures and incoming attacks on physical layer operations. QoS is analyzed in the power grid in terms of data accuracy, computational overhead, and resource utilization

Exploring Cybertechnology Standards Through Bibliometrics: Case of National Institute of Standards and Technology

Cyber security is one of the topics that gain importance today. It is necessary to determine the basic components, basic dynamics, and main actors of the Cyber security issue, which is obvious that it will have an impact in many areas from social, social, economic, environmental, and political aspects, as a hot research topic. When the subject literature is examined, it has become a trend-forming research subject followed by institutions and organizations that produce R&D policy, starting from the level of governments. In this study, cybersecurity research is examined in the context of 5 basic cyber security functions specified in the cyber security standard (CSF) defined by the National Institute of Standards and Technology (NIST). It is aimed to determine the research topics emerging in the international literature, to identify the most productive countries, to determine the rankings created by these countries according to their functions, to determine the research clusters and research focuses. In the study, several quantitative methods were used, especially scientometrics, social network analysis (SNA) line theory and structural hole analysis. Statistical tests (Log-Likelihood Ratio) were used to reveal the prominent areas, and the text mining method was also used. we first defined a workflow according to the “Identify”, “Protect”, “Detect”, “Respond” and “Recover” setups, and conducted an online search on the Web of Science (WoS) to access the information on the publications on the relevant topics It is seen that actors, institutions and research create different densities according to various geographical regions in the 5 functions defined within the framework of cybersecurity. It is possible to say that infiltration detection, the internet of things and the concept of artificial intelligence are among the other prominent research focuses, although it is seen that smart grids are among the most prominent research topics. In the first clustering analysis we performed, we can say that 17 clusters are formed, especially when we look under the definition function. The largest of these clusters has 32 data points, so-called decision making models

Towards Cyber Security for Low-Carbon Transportation: Overview, Challenges and Future Directions

In recent years, low-carbon transportation has become an indispensable part as sustainable development strategies of various countries, and plays a very important responsibility in promoting low-carbon cities. However, the security of low-carbon transportation has been threatened from various ways. For example, denial of service attacks pose a great threat to the electric vehicles and vehicle-to-grid networks. To minimize these threats, several methods have been proposed to defense against them. Yet, these methods are only for certain types of scenarios or attacks. Therefore, this review addresses security aspect from holistic view, provides the overview, challenges and future directions of cyber security technologies in low-carbon transportation. Firstly, based on the concept and importance of low-carbon transportation, this review positions the low-carbon transportation services. Then, with the perspective of network architecture and communication mode, this review classifies its typical attack risks. The corresponding defense technologies and relevant security suggestions are further reviewed from perspective of data security, network management security and network application security. Finally, in view of the long term development of low-carbon transportation, future research directions have been concerned.Comment: 34 pages, 6 figures, accepted by journal Renewable and Sustainable Energy Review