AiCEF: An AI-assisted Cyber Exercise Content Generation Framework Using Named Entity Recognition

Content generation that is both relevant and up to date with the current threats of the target audience is a critical element in the success of any Cyber Security Exercise (CSE). Through this work, we explore the results of applying machine learning techniques to unstructured information sources to generate structured CSE content. The corpus of our work is a large dataset of publicly available cyber security articles that have been used to predict future threats and to form the skeleton for new exercise scenarios. Machine learning techniques, like named entity recognition (NER) and topic extraction, have been utilised to structure the information based on a novel ontology we developed, named Cyber Exercise Scenario Ontology (CESO). Moreover, we used clustering with outliers to classify the generated extracted data into objects of our ontology. Graph comparison methodologies were used to match generated scenario fragments to known threat actors' tactics and help enrich the proposed scenario accordingly with the help of synthetic text generators. CESO has also been chosen as the prominent way to express both fragments and the final proposed scenario content by our AI-assisted Cyber Exercise Framework (AiCEF). Our methodology was put to test by providing a set of generated scenarios for evaluation to a group of experts to be used as part of a real-world awareness tabletop exercise

What's inside a node? Malicious IPFS nodes under the magnifying glass

InterPlanetary File System~(IPFS) is one of the most promising decentralized off-chain storage mechanisms, particularly relevant for blockchains, aiming to store the content forever, thus it is crucial to understand its composition, deduce actor intent and investigate its operation and impact. Beyond the network functionality that IPFS offers, assessing the quality of nodes, i.e. analysing and categorising node software and data, is essential to mitigate possible risks and exploitation of IPFS. To this end, in this work we took three daily snapshots of IPFS nodes within a month and analysed each node (by IP address) individually, using threat intelligence feeds. The above enabled us to quantify the number of potentially malicious and/or abused nodes. The outcomes lead us to consider using a filter to isolate malicious nodes from the network, an approach we implemented as a prototype and used for assessment of effectiveness.Comment: To appear at the 38th International Conference on ICT Systems Security and Privacy Protection (IFIP SEC 2023