Model-Driven Cyber Range Training: A Cyber Security Assurance Perspective

Security demands are increasing for all types of organisations, due to the ever-closer integration of computing infrastructures and smart devices into all aspects of the organisational operations. Consequently, the need for security-aware employees in every role of an organisation increases in accordance. Cyber Range training emerges as a promising solution, allowing employees to train in both realistic environments and scenarios and gaining hands-on experience in security aspects of varied complexity, depending on their role and level of expertise. To that end, this work introduces a model-driven approach for Cyber Range training that facilitates the generation of tailor-made training scenarios based on a comprehensive model-based description of the organisation and its security posture. Additionally, our approach facilitates the auto- mated deployment of such training environments, tailored to each defined scenario, through simulation and emulation means. To further highlight the usability of the proposed approach, this work also presents scenarios focusing on phishing threats, with increasing level of complexity and difficulty

Constrained K-Means Classification

Classification-via-clustering (CvC) is a widely used method, using a clustering procedure to perform classification tasks. In this paper, a novel K-Means-based CvC algorithm is presented, analysed and evaluated. Two additional techniques are employed to reduce the effects of the limitations of K-Means. A hypercube of constraints is defined for each centroid and weights are acquired for each attribute of each class, for the use of a weighted Euclidean distance as a similarity criterion in the clustering procedure. Experiments are made with 42 well–known classification datasets. The experimental results demonstrate that the proposed algorithm outperforms CvC with simple K-Means

Cyra: A model-driven cyber range assurance platform

Digital technologies are facilitating our daily activities, and thus leading to the social transformation with the upcoming 5G communications and the Internet of Things. However, mainstream and sophisticated attacks are remaining a threat, both for individuals and organisations. Cyber Range emerges as a promising solution to effectively train people in cybersecurity aspects. A Training Programme is considered adequate only if it can adapt to the scope of the attacks they cover and if the trainees apply the learning material to the operational system. Therefore, this study introduces the model-driven CYber Range Assurance platform (CYRA). The solution allows a trainee to be trained for known and new cyber-attacks by adapting to the continuously evolving threat landscape and examines if the trainees transfer the acquired knowledge to the working environment. Furthermore, this paper presents a use case on an operational backend ICT system, showing how the CYRA platform was utilised to increase the security posture of the organisation

A hybrid approach to cyber risk evaluation

A cyber risk assessment is a process of identifying, analysing, and managing potential risks to an organisation’s information assets. Its goal is to detect vulnerabilities and threats, assess their potential impact, and develop a plan to mitigate or eliminate risks. To conduct the assessment, the organisation’s current cyber security measures and practices are thoroughly reviewed to identify weaknesses and areas for improvement. The results are then used to develop a comprehensive cyber security strategy that safeguards against known and potential risks. Despite the existence of several risk assessment techniques and tools, they may not adequately anticipate and protect against cyber threats. With attackers becoming increasingly sophisticated, they are constantly devising new tactics and techniques to breach an organisation’s defences. Security professionals may find it challenging to stay ahead of the curve and ensure the security of their systems. Furthermore, even the most advanced cyber security measures can be ineffective if implemented incorrectly. For instance, employees not trained to use security systems or systems not regularly updated and maintained can be vulnerable to attacks. The rapid pace of technological change can also make it difficult for organisations to keep up with the latest security developments and trends, creating new vulnerabilities and potential points of attack. Furthermore, to ensure a comprehensive assessment of an organisation’s cyber risks, it is crucial for risk assessment tools to be able to combine information from multiple sources, including network logs, vulnerability scans, threat intelligence feeds, and employee activity reports. If these tools cannot integrate data from various sources, they may overlook critical risks, leading to incomplete or inaccurate assessments that expose organisations to cyber attacks. Thus, despite the availability of powerful tools and techniques for cyber risk assessment, it is essential to address the limitations and challenges to safeguarding an organisation’s information assets. The focus of this thesis is CRISES, a query-type language that enables the definition of custom risk detection models to evaluate multiple risk assessments in a pipelined manner. Additionally, CRISES allows for hybrid analysis, which combines different types of assessments to provide a comprehensive evaluation. With CRISES, users can (a) create standalone or hybrid risk detection models for various assessment types, (b) execute these models using the proposed implementation, and (c) leverage the results to evaluate the security status of the cyber system. In addition, CRISES provides impact analysis capabilities in both economic and technical terms, allowing organisations to estimate the potential cost of an attack and evaluate the potential risks or challenges associated with particular courses of action. This is made possible through the use of the proposed underlying model, which facilitates a comprehensive definition of the asset inventory by taking into account several critical factors, including the interdependencies between the assets. By adopting CRISES, organisations can significantly enhance their incident response capabilities, minimise downtime, and mitigate potential cybersecurity threats. Furthermore, the comprehensive insights provided by CRISES can be utilised by cybersecurity analysts and administrators to develop robust countermeasures against future cyber-attacks

Gut Barrier Disruption Secondary to Radiofrequency-Assisted Liver Parenchyma Resection in a Porcine Model

Background: Radiofrequency-assisted liver resection (RF-LR) techniques minimize intraoperative blood loss, while avoiding the Pringle maneuver. Both surgical excision and radiofrequency ablation of liver parenchyma compromise gut barrier function with subsequent bacterial translocation. The present study sought to investigate in a porcine model the impact of two RF-LR techniques on the integrity and inflammatory response of the gut barrier. Methods: Twenty-four pigs were subjected to either (a) partial hepatectomy (PH) employing the “sequential coagulate-cut” technique using a monopolar electrode (SCC group), the one using the bipolar Habib-4X device (group H), or the “crush-clamp” technique (group CC) or (b) sham operation (group Sham). At 48-h post-operation, ileal tissue was excised to be subjected to histopathologic examination, histomorphometric analysis, and immunohistochemical assessment of the mitotic and apoptotic activities and the expression of interleukin-6 (IL-6), tumor necrosis factor-α (TNFα), and nuclear factor-κB (NFκΒ). Results: Histopathologic score increased in all PH groups, being higher in group SCC, while lower in group H. Villous height decreased in group SCC only. Mitotic index decreased, while apoptotic index increased in all PH groups. An increase in tissue expression score was noted for IL-6 in group CC, for TNFα in all PH groups, being lower in group H compared to group CC, and for NFκB in all PH groups. Conclusions: The Habib-4X technique for liver resection proved to preserve the integrity of gut barrier, being less injurious in the intestinal mucosa compared to the SCC and CC techniques. © 2022, The Society for Surgery of the Alimentary Tract