MTFS: a Moving Target Defense-Enabled File System for Malware Mitigation

Ransomware has remained one of the most notorious threats in the cybersecurity field. Moving Target Defense (MTD) has been proposed as a novel paradigm for proactive defense. Although various approaches leverage MTD, few of them rely on the operating system and, specifically, the file system, thereby making them dependent on other computing devices. Furthermore, existing ransomware defense techniques merely replicate or detect attacks, without preventing them. Thus, this paper introduces the MTFS overlay file system and the design and implementation of three novel MTD techniques implemented on top of it. One delaying attackers, one trapping recursive directory traversal, and another one hiding file types. The effectiveness of the techniques are shown in two experiments. First, it is shown that the techniques can delay and mitigate ransomware on real IoT devices. Secondly, in a broader scope, the solution was confronted with 14 ransomware samples, highlighting that it can save 97% of the files

RCVaR: an Economic Approach to Estimate Cyberattacks Costs using Data from Industry Reports

Digitization increases business opportunities and the risk of companies being victims of devastating cyberattacks. Therefore, managing risk exposure and cybersecurity strategies is essential for digitized companies that want to survive in competitive markets. However, understanding company-specific risks and quantifying their associated costs is not trivial. Current approaches fail to provide individualized and quantitative monetary estimations of cybersecurity impacts. Due to limited resources and technical expertise, SMEs and even large companies are affected and struggle to quantify their cyberattack exposure. Therefore, novel approaches must be placed to support the understanding of the financial loss due to cyberattacks. This article introduces the Real Cyber Value at Risk (RCVaR), an economical approach for estimating cybersecurity costs using real-world information from public cybersecurity reports. RCVaR identifies the most significant cyber risk factors from various sources and combines their quantitative results to estimate specific cyberattacks costs for companies. Furthermore, RCVaR extends current methods to achieve cost and risk estimations based on historical real-world data instead of only probability-based simulations. The evaluation of the approach on unseen data shows the accuracy and efficiency of the RCVaR in predicting and managing cyber risks. Thus, it shows that the RCVaR is a valuable addition to cybersecurity planning and risk management processes

CyberForce: A Federated Reinforcement Learning Framework for Malware Mitigation

Recent research has shown that the integration of Reinforcement Learning (RL) with Moving Target Defense (MTD) can enhance cybersecurity in Internet-of-Things (IoT) devices. Nevertheless, the practicality of existing work is hindered by data privacy concerns associated with centralized data processing in RL, and the unsatisfactory time needed to learn right MTD techniques that are effective against a rising number of heterogeneous zero-day attacks. Thus, this work presents CyberForce, a framework that combines Federated and Reinforcement Learning (FRL) to collaboratively and privately learn suitable MTD techniques for mitigating zero-day attacks. CyberForce integrates device fingerprinting and anomaly detection to reward or penalize MTD mechanisms chosen by an FRL-based agent. The framework has been deployed and evaluated in a scenario consisting of ten physical devices of a real IoT platform affected by heterogeneous malware samples. A pool of experiments has demonstrated that CyberForce learns the MTD technique mitigating each attack faster than existing RL-based centralized approaches. In addition, when various devices are exposed to different attacks, CyberForce benefits from knowledge transfer, leading to enhanced performance and reduced learning time in comparison to recent works. Finally, different aggregation algorithms used during the agent learning process provide CyberForce with notable robustness to malicious attacks.Comment: 11 pages, 8 figure

RansomAI: AI-powered Ransomware for Stealthy Encryption

Cybersecurity solutions have shown promising performance when detecting ransomware samples that use fixed algorithms and encryption rates. However, due to the current explosion of Artificial Intelligence (AI), sooner than later, ransomware (and malware in general) will incorporate AI techniques to intelligently and dynamically adapt its encryption behavior to be undetected. It might result in ineffective and obsolete cybersecurity solutions, but the literature lacks AI-powered ransomware to verify it. Thus, this work proposes RansomAI, a Reinforcement Learning-based framework that can be integrated into existing ransomware samples to adapt their encryption behavior and stay stealthy while encrypting files. RansomAI presents an agent that learns the best encryption algorithm, rate, and duration that minimizes its detection (using a reward mechanism and a fingerprinting intelligent detection system) while maximizing its damage function. The proposed framework was validated in a ransomware, Ransomware-PoC, that infected a Raspberry Pi 4, acting as a crowdsensor. A pool of experiments with Deep Q-Learning and Isolation Forest (deployed on the agent and detection system, respectively) has demonstrated that RansomAI evades the detection of Ransomware-PoC affecting the Raspberry Pi 4 in a few minutes with >90% accuracy

Formic acid synthesis using CO₂ as raw material: Techno-economic and environmental evaluation and market potential

The future of carbon dioxide utilisation (CDU) processes, depend on (i) the future demand of synthesised products with CO₂, (ii) the availability of captured and anthropogenic CO₂, (iii) the overall CO₂ not emitted because of the use of the CDU process, and (iv) the economics of the plant. The current work analyses the mentioned statements through different technological, economic and environmental key performance indicators to produce formic acid from CO₂, along with their potential use and penetration in the European context. Formic acid is a well-known chemical that has potential as hydrogen carrier and as fuel for fuel cells. This work utilises process flow modelling, with simulations developed in CHEMCAD, to obtain the energy and mass balances, and the purchase equipment cost of the formic acid plant. Through a financial analysis, with the net present value as selected metric, the price of the tonne of formic acid and of CO₂ are varied to make the CDU project financially feasible. According to our research, the process saves CO₂ emissions when compared to its corresponding conventional process, under specific conditions. The success or effectiveness of the CDU process will also depend on other technologies and/or developments, like the availability of renewable electricity and steam

CoReTM: An Approach Enabling Cross-Functional Collaborative Threat Modeling

Threat Modeling is a structured process to identify critical assets in an organization and the threats posed by adversarial agents. The goal of applying such a process is to achieve a shared understanding of the inherent risks and potential counter-measures that can be put in place. In practice, threat modeling is a collaborative process combining stakeholders' perceptions in a holistic view of the threat landscape. However, this paper points out that related work mainly focuses on adapting models to technical aspects of architectural decisions. Thus, non-technical stakeholders are not included in the process.This paper proposes CoReTM, a novel overarching approach to applying well-established threat modeling methodologies in a collaborative setting. The resulting approach allows organizations to extend threat modeling to non-technical stakeholders in an automated way while supporting on-site, remote, or hybrid operations in a synchronous or asynchronous fashion