12 research outputs found
MTFS: a Moving Target Defense-Enabled File System for Malware Mitigation
Ransomware has remained one of the most notorious threats in the
cybersecurity field. Moving Target Defense (MTD) has been proposed as a novel
paradigm for proactive defense. Although various approaches leverage MTD, few
of them rely on the operating system and, specifically, the file system,
thereby making them dependent on other computing devices. Furthermore, existing
ransomware defense techniques merely replicate or detect attacks, without
preventing them. Thus, this paper introduces the MTFS overlay file system and
the design and implementation of three novel MTD techniques implemented on top
of it. One delaying attackers, one trapping recursive directory traversal, and
another one hiding file types. The effectiveness of the techniques are shown in
two experiments. First, it is shown that the techniques can delay and mitigate
ransomware on real IoT devices. Secondly, in a broader scope, the solution was
confronted with 14 ransomware samples, highlighting that it can save 97% of the
files
RCVaR: an Economic Approach to Estimate Cyberattacks Costs using Data from Industry Reports
Digitization increases business opportunities and the risk of companies being
victims of devastating cyberattacks. Therefore, managing risk exposure and
cybersecurity strategies is essential for digitized companies that want to
survive in competitive markets. However, understanding company-specific risks
and quantifying their associated costs is not trivial. Current approaches fail
to provide individualized and quantitative monetary estimations of
cybersecurity impacts. Due to limited resources and technical expertise, SMEs
and even large companies are affected and struggle to quantify their
cyberattack exposure. Therefore, novel approaches must be placed to support the
understanding of the financial loss due to cyberattacks. This article
introduces the Real Cyber Value at Risk (RCVaR), an economical approach for
estimating cybersecurity costs using real-world information from public
cybersecurity reports. RCVaR identifies the most significant cyber risk factors
from various sources and combines their quantitative results to estimate
specific cyberattacks costs for companies. Furthermore, RCVaR extends current
methods to achieve cost and risk estimations based on historical real-world
data instead of only probability-based simulations. The evaluation of the
approach on unseen data shows the accuracy and efficiency of the RCVaR in
predicting and managing cyber risks. Thus, it shows that the RCVaR is a
valuable addition to cybersecurity planning and risk management processes
CyberForce: A Federated Reinforcement Learning Framework for Malware Mitigation
Recent research has shown that the integration of Reinforcement Learning (RL)
with Moving Target Defense (MTD) can enhance cybersecurity in
Internet-of-Things (IoT) devices. Nevertheless, the practicality of existing
work is hindered by data privacy concerns associated with centralized data
processing in RL, and the unsatisfactory time needed to learn right MTD
techniques that are effective against a rising number of heterogeneous zero-day
attacks. Thus, this work presents CyberForce, a framework that combines
Federated and Reinforcement Learning (FRL) to collaboratively and privately
learn suitable MTD techniques for mitigating zero-day attacks. CyberForce
integrates device fingerprinting and anomaly detection to reward or penalize
MTD mechanisms chosen by an FRL-based agent. The framework has been deployed
and evaluated in a scenario consisting of ten physical devices of a real IoT
platform affected by heterogeneous malware samples. A pool of experiments has
demonstrated that CyberForce learns the MTD technique mitigating each attack
faster than existing RL-based centralized approaches. In addition, when various
devices are exposed to different attacks, CyberForce benefits from knowledge
transfer, leading to enhanced performance and reduced learning time in
comparison to recent works. Finally, different aggregation algorithms used
during the agent learning process provide CyberForce with notable robustness to
malicious attacks.Comment: 11 pages, 8 figure
RansomAI: AI-powered Ransomware for Stealthy Encryption
Cybersecurity solutions have shown promising performance when detecting
ransomware samples that use fixed algorithms and encryption rates. However, due
to the current explosion of Artificial Intelligence (AI), sooner than later,
ransomware (and malware in general) will incorporate AI techniques to
intelligently and dynamically adapt its encryption behavior to be undetected.
It might result in ineffective and obsolete cybersecurity solutions, but the
literature lacks AI-powered ransomware to verify it. Thus, this work proposes
RansomAI, a Reinforcement Learning-based framework that can be integrated into
existing ransomware samples to adapt their encryption behavior and stay
stealthy while encrypting files. RansomAI presents an agent that learns the
best encryption algorithm, rate, and duration that minimizes its detection
(using a reward mechanism and a fingerprinting intelligent detection system)
while maximizing its damage function. The proposed framework was validated in a
ransomware, Ransomware-PoC, that infected a Raspberry Pi 4, acting as a
crowdsensor. A pool of experiments with Deep Q-Learning and Isolation Forest
(deployed on the agent and detection system, respectively) has demonstrated
that RansomAI evades the detection of Ransomware-PoC affecting the Raspberry Pi
4 in a few minutes with >90% accuracy
Formic acid synthesis using CO₂ as raw material: Techno-economic and environmental evaluation and market potential
The future of carbon dioxide utilisation (CDU) processes, depend on (i) the future demand of synthesised products with CO₂, (ii) the availability of captured and anthropogenic CO₂, (iii) the overall CO₂ not emitted because of the use of the CDU process, and (iv) the economics of the plant. The current work analyses the mentioned statements through different technological, economic and environmental key performance indicators to produce formic acid from CO₂, along with their potential use and penetration in the European context. Formic acid is a well-known chemical that has potential as hydrogen carrier and as fuel for fuel cells. This work utilises process flow modelling, with simulations developed in CHEMCAD, to obtain the energy and mass balances, and the purchase equipment cost of the formic acid plant. Through a financial analysis, with the net present value as selected metric, the price of the tonne of formic acid and of CO₂ are varied to make the CDU project financially feasible. According to our research, the process saves CO₂ emissions when compared to its corresponding conventional process, under specific conditions. The success or effectiveness of the CDU process will also depend on other technologies and/or developments, like the availability of renewable electricity and steam
CoReTM: An Approach Enabling Cross-Functional Collaborative Threat Modeling
Threat Modeling is a structured process to identify critical assets in an organization and the threats posed by adversarial agents. The goal of applying such a process is to achieve a shared understanding of the inherent risks and potential counter-measures that can be put in place. In practice, threat modeling is a collaborative process combining stakeholders' perceptions in a holistic view of the threat landscape. However, this paper points out that related work mainly focuses on adapting models to technical aspects of architectural decisions. Thus, non-technical stakeholders are not included in the process.This paper proposes CoReTM, a novel overarching approach to applying well-established threat modeling methodologies in a collaborative setting. The resulting approach allows organizations to extend threat modeling to non-technical stakeholders in an automated way while supporting on-site, remote, or hybrid operations in a synchronous or asynchronous fashion