RCVaR: an Economic Approach to Estimate Cyberattacks Costs using Data from Industry Reports

Digitization increases business opportunities and the risk of companies being victims of devastating cyberattacks. Therefore, managing risk exposure and cybersecurity strategies is essential for digitized companies that want to survive in competitive markets. However, understanding company-specific risks and quantifying their associated costs is not trivial. Current approaches fail to provide individualized and quantitative monetary estimations of cybersecurity impacts. Due to limited resources and technical expertise, SMEs and even large companies are affected and struggle to quantify their cyberattack exposure. Therefore, novel approaches must be placed to support the understanding of the financial loss due to cyberattacks. This article introduces the Real Cyber Value at Risk (RCVaR), an economical approach for estimating cybersecurity costs using real-world information from public cybersecurity reports. RCVaR identifies the most significant cyber risk factors from various sources and combines their quantitative results to estimate specific cyberattacks costs for companies. Furthermore, RCVaR extends current methods to achieve cost and risk estimations based on historical real-world data instead of only probability-based simulations. The evaluation of the approach on unseen data shows the accuracy and efficiency of the RCVaR in predicting and managing cyber risks. Thus, it shows that the RCVaR is a valuable addition to cybersecurity planning and risk management processes

A Framework Quantifying Trustworthiness of Supervised Machine and Deep Learning Models

Trusting Artificial Intelligence (AI) is controversial since models and predictions might not be fair, understandable by humans, robust against adversaries, or trained appropriately. Existing toolkits help data scientists to create fair, explainable, robust, and transparent Machine and Deep Learning (ML/DL) models. However, tools to quantify AI trustworthiness according to pillars and metrics relevant for heterogeneous scenarios are still missing. This work proposes a novel algorithm that quantifies the trustworthiness level of supervised ML/DL models according to their fairness, explainability, robustness, and accountability. The algorithm is deployed on a Web application to allow the general public to calculate the trustworthiness of their models. Finally, a validation scenario with models classifying cyberattacks demonstrates the applicability of the Web application and algorithm

On the design and development of emulation platforms for NFV-based infrastructures

Network Functions Virtualisation (NFV) presents several advantages over traditional network architectures, such as flexibility, security, and reduced CAPEX/OPEX. In traditional middleboxes, network functions are usually executed on specialised hardware (e.g., firewall, DPI). Virtual Network Functions (VNFs) on the other hand, are executed on commodity hardware, employing Software Defined Networking (SDN) technologies (e.g., OpenFlow, P4). Although platforms for prototyping NFV environments have emerged in recent years, they still present limitations that hinder the evaluation of NFV scenarios such as fog computing and heterogeneous networks. In this work, we present NIEP: a platform for designing and testing NFV-based infrastructures and VNFs. NIEP consists of a network emulator and a platform for Click-based VNFs development. NIEP provides a complete NFV emulation environment, allowing network operators to test their solutions in a controlled scenario prior to deployment in production networks

Visualizações interativas para gerenciamento de funções de rede virtualizada

Network Functions Virtualization (NFV) is driving a paradigm shift in telecommunications networks and computer networks, by fostering new business models and creating innovation opportunities. In NFV-enabled networks, service providers have the opportunity to build a business model where tenants can purchase Virtual Network Functions (VNFs) that provide distinct network services and functions (e.g., Firewall, NAT, and transcoders). However, the amount of managed data grows in a fast pace. The network operator must understand and manipulate many data to effectively manage the network. To tackle this problem, we introduce VISION, a platform based on visualizations techniques to help network operators to determine the cause of not obvious problems. For this, we provide: (i) an approach to collect and organize data from the NFV environments; (ii) five distinct visualizations that can aid in NFV management tasks, such as in the process of identifying VNFs problems and planning of NFV-enabled businesses; and (iii) a template model that supports new visualization applications. To evaluate our work, we implemented a prototype of VISION platform and each of the proposed visualizations. We then conducted distinct case studies to provide evidence of the feasibility of our visualizations. These case studies cover different scenarios, such as the identification of misplacement of VNFs that are generating bottlenecks in a forwarding graph and the investigation of investment priorities to supply tenants demands. Finally, we present a usability evaluation with network operators to indicate the benefits of the VISION platform. The results obtained show that our visualizations allow the operator to access relevant information and have insights to identify not obvious problems in the context of NFV-enabled networks. In addition, we received positive feedback about general usability aspects related to our prototype.A Virtualização de Funções de Rede (Network Functions Virtualization - NFV) está mudando o paradigma das redes de telecomunicações. Esta nova tecnologia permite diversas oportunidades de inovações e possibilita o desenvolvimento de novos modelos de negócio. Em relação às redes NFV, os provedores de serviços têm a oportunidade de criar modelos de negócio que permitam aos clientes contratarem Funções de Rede Virtualizadas (Virtual Network Functions - VNFs) que proveem diferentes serviços de rede (e.g., Firewall, NAT e transcoders). Porém, nestes modelos, a quantidade de informações a serem gerenciadas cresce rapidamente. Baseado nisso, os operadores de rede devem ser capazes de entender e manipular uma grande quantidade de informação para gerenciar, de forma efetiva, as redes NFV. Para enfrentar esse problema, introduzimos uma plataforma de visualização denominada VISION, a qual tem como principal objetivo ajudar os operadores de rede na identificação da causa raiz de problemas em NFV. Para isso, propusemos: (i) uma abordagem para coleta e organização de dados do ambiente NFV gerenciado; (ii) cinco diferentes visualizações que auxiliam nas tarefas de gerenciamento de NFV como, por exemplo, no processo de identificação de problemas em VNFs e no planejamento de negócios e (iii) um modelo baseado em templates que suporta o desenvolvimento e o reuso de visualizações. Para fins de avaliação desta dissertação, foi desenvolvido um protótipo da plataforma VISION e de todas as visualizações propostas. Após, conduzimos um conjunto de casos de estudo para prover evidências sobre a viabilidade e utilidade de nossas visualizações. Os diferentes casos analisados, abordam por exemplo, a identificação de problemas na alocação de VNFs que estão impactando no desempenho do serviço oferecido e também na investigação de prioridades de investimento para suprir as demandas dos clientes da rede. Por fim, apresentamos uma avaliação de usabilidade realizada juntamente a especialistas em redes de computadores para avaliar os recursos e benefícios da plataforma VISION. Os resultados obtidos demonstram que nossas visualizações possibilitam ao operador de rede um rápido e fácil acesso às informações importantes para o gerenciamento de redes NFV, assim facilitando a obtenção de insights para a identificação de problemas complexos no contexto de redes NFV. Além disso, os resultados demonstram uma avaliação positiva por especialistas sobre os aspectos gerais de usabilidade do protótipo desenvolvido

Visualizações interativas para gerenciamento de funções de rede virtualizada

Network Functions Virtualization (NFV) is driving a paradigm shift in telecommunications networks and computer networks, by fostering new business models and creating innovation opportunities. In NFV-enabled networks, service providers have the opportunity to build a business model where tenants can purchase Virtual Network Functions (VNFs) that provide distinct network services and functions (e.g., Firewall, NAT, and transcoders). However, the amount of managed data grows in a fast pace. The network operator must understand and manipulate many data to effectively manage the network. To tackle this problem, we introduce VISION, a platform based on visualizations techniques to help network operators to determine the cause of not obvious problems. For this, we provide: (i) an approach to collect and organize data from the NFV environments; (ii) five distinct visualizations that can aid in NFV management tasks, such as in the process of identifying VNFs problems and planning of NFV-enabled businesses; and (iii) a template model that supports new visualization applications. To evaluate our work, we implemented a prototype of VISION platform and each of the proposed visualizations. We then conducted distinct case studies to provide evidence of the feasibility of our visualizations. These case studies cover different scenarios, such as the identification of misplacement of VNFs that are generating bottlenecks in a forwarding graph and the investigation of investment priorities to supply tenants demands. Finally, we present a usability evaluation with network operators to indicate the benefits of the VISION platform. The results obtained show that our visualizations allow the operator to access relevant information and have insights to identify not obvious problems in the context of NFV-enabled networks. In addition, we received positive feedback about general usability aspects related to our prototype.A Virtualização de Funções de Rede (Network Functions Virtualization - NFV) está mudando o paradigma das redes de telecomunicações. Esta nova tecnologia permite diversas oportunidades de inovações e possibilita o desenvolvimento de novos modelos de negócio. Em relação às redes NFV, os provedores de serviços têm a oportunidade de criar modelos de negócio que permitam aos clientes contratarem Funções de Rede Virtualizadas (Virtual Network Functions - VNFs) que proveem diferentes serviços de rede (e.g., Firewall, NAT e transcoders). Porém, nestes modelos, a quantidade de informações a serem gerenciadas cresce rapidamente. Baseado nisso, os operadores de rede devem ser capazes de entender e manipular uma grande quantidade de informação para gerenciar, de forma efetiva, as redes NFV. Para enfrentar esse problema, introduzimos uma plataforma de visualização denominada VISION, a qual tem como principal objetivo ajudar os operadores de rede na identificação da causa raiz de problemas em NFV. Para isso, propusemos: (i) uma abordagem para coleta e organização de dados do ambiente NFV gerenciado; (ii) cinco diferentes visualizações que auxiliam nas tarefas de gerenciamento de NFV como, por exemplo, no processo de identificação de problemas em VNFs e no planejamento de negócios e (iii) um modelo baseado em templates que suporta o desenvolvimento e o reuso de visualizações. Para fins de avaliação desta dissertação, foi desenvolvido um protótipo da plataforma VISION e de todas as visualizações propostas. Após, conduzimos um conjunto de casos de estudo para prover evidências sobre a viabilidade e utilidade de nossas visualizações. Os diferentes casos analisados, abordam por exemplo, a identificação de problemas na alocação de VNFs que estão impactando no desempenho do serviço oferecido e também na investigação de prioridades de investimento para suprir as demandas dos clientes da rede. Por fim, apresentamos uma avaliação de usabilidade realizada juntamente a especialistas em redes de computadores para avaliar os recursos e benefícios da plataforma VISION. Os resultados obtidos demonstram que nossas visualizações possibilitam ao operador de rede um rápido e fácil acesso às informações importantes para o gerenciamento de redes NFV, assim facilitando a obtenção de insights para a identificação de problemas complexos no contexto de redes NFV. Além disso, os resultados demonstram uma avaliação positiva por especialistas sobre os aspectos gerais de usabilidade do protótipo desenvolvido

A Controlled Natural Language to Support Intent-based Blockchain Selection

In the last years, cryptocurrencies have becomeincreasingly popular along with their underlying distributedledger technology, referred to as a Blockchain (BC). Nowadays,a wide variety of BC implementations are available. However,the selection of a suitable implementation for a particularapplication or use case is complex because it requires technicalunderstanding of the underlying BC implementation aspects.Therefore, this paper proposes a Controlled Natural Language(CNL) to extends existing BC selection solutions to abstractunderlying implementation details. The approach allows thespecification abstract high-level policies, referred to as intents, inan English-based language. The approach is inspired by previousapproaches from the network management field. Moreover, astate machine-based refinement technique is proposed to refinethese intents into low-level BC selection policies. The resultsof the performance evaluation of the prototype implementationshow that the refinement process presents a minimal overhead.In addition, the perceived intuitiveness of the CNL by userswas assessed in a survey. The results of the survey suggest thattechnical and non-technical individuals benefit from an intent-based approach equall

CyberTEA: a Technical and Economic Approach for Cybersecurity Planning and Investment

It is essential to look at cybersecurity not only as a technical problem but also from economic, societal, and legal perspectives. Companies need to pay more attention to planning and investments in cybersecurity due to different factors, such as budget constraints and complexities involved in the planning and decision-making processes. Also, companies wrongly do not see themselves as the target of a potential cyberattack. Therefore, there is still a need for approaches that support companies, especially Small and Medium-sized Enterprises (SME), during the cybersecurity planning and investment decisions. This PhD thesis addressed cybersecurity planning and investment gaps by proposing the CyberTEA approach. This approach is composed of a five-phase methodology, a framework, and a set of solutions for cybersecurity planning and investment, considering the technical requirements of cybersecurity and its economic dimensions, such as the potential economic impacts of cyberattacks and the cost-benefit of protections available on the market to protect against specific threats. The evaluations and scientific advances of CyberTEA approach was proven valid to support SMEs while also showing the benefits and opportunities for cybersecurity economic approaches