IoT vulnerability data crawling and analysis

Internet of Things (IoT) is a whole new ecosystem comprised of heterogeneous connected devices —i.e. computers, laptops, smart-phones and tablets as well as embedded devices and sensors— that communicate to deliver capabilities making our living, cities, transport, energy, and many other areas more intelligent. The main concerns raised from the IoT ecosystem are the devices poor support for patching/updating and the poor on-board computational power. A number of issues stem from this: inherent vulnerabilities and the inability to detect and defend against external attacks. Also, due to the nature of their operation, the devices tend to be rather open to communication, which makes attacks easy to spread once reaching a network. The aim of this research is to investigate if it is possible to extract useful results regarding attacks’ trends and be able to predict them, before it is too late, by crawling Deep/Dark and Surface web. The results of this work show that is possible to find the trend and be able to act proactively in order to protect the IoT ecosystem

Cyber resilience meta-modelling: The railway communication case study

Recent times have demonstrated how much the modern critical infrastructures (e.g., energy, essential services, people and goods transportation) depend from the global communication networks. However, in the current Cyber-Physical World convergence, sophisticated attacks to the cyber layer can provoke severe damages to both physical structures and the operations of infrastructure affecting not only its functionality and safety, but also triggering cascade effects in other systems because of the tight interdependence of the systems that characterises the modern society. Hence, critical infrastructure must integrate the current cyber-security approach based on risk avoidance with a broader perspective provided by the emerging cyber-resilience paradigm. Cyber resilience is aimed as a way absorb the consequences of these attacks and to recover the functionality quickly and safely through adaptation. Several high-level frameworks and conceptualisations have been proposed but a formal definition capable of translating cyber resilience into an operational tool for decision makers considering all aspects of such a multifaceted concept is still missing. To this end, the present paper aims at providing an operational formalisation for cyber resilience starting from the Cyber Resilience Ontology presented in a previous work using model-driven principles. A domain model is defined to cope with the different aspects and “resilience-assurance” processes that it can be valid in various application domains. In this respect, an application case based on critical transportation communications systems, namely the railway communication system, is provided to prove the feasibility of the proposed approach and to identify future improvements

Risk Perception and Epidemics in Complex Computer Networks

We present a self-organised method for quickly obtaining the epidemic threshold of infective processes on networks. Starting from simple percolation models, we introduce the possibility that the effective infection probability is affected by the perception of the risk of being infected, given by the fraction of infected neighbours. We then extend the model to multiplex networks considering that agents (computer) can be infected by contacts on the physical network, while the information about the infection level may come from a partially different network. Finally, we consider more complex infection processes, with non-linear interactions among agents