发布求助
文献互助 智能选刊 最新文献

2023 IEEE/ACM 4th International Workshop on Engineering and Cybersecurity of Critical Systems (EnCyCriS)最新文献

筛选
英文 中文
Studying Secure Coding in the Laboratory: Why, What, Where, How, and Who? 在实验室研究安全编码:为什么,什么,在哪里,怎么做,谁?
2023 IEEE/ACM 4th International Workshop on Engineering and Cybersecurity of Critical Systems (EnCyCriS) Pub Date : 2023-05-01 DOI: 10.1109/EnCyCriS59249.2023.00008
Ita Ryan, Klaas-Jan Stol, U. Roedig
{"title":"Studying Secure Coding in the Laboratory: Why, What, Where, How, and Who?","authors":"Ita Ryan, Klaas-Jan Stol, U. Roedig","doi":"10.1109/EnCyCriS59249.2023.00008","DOIUrl":"https://doi.org/10.1109/EnCyCriS59249.2023.00008","url":null,"abstract":"Software security is an area of growing concern, with over 192,000 known vulnerabilities in public software at the time of writing. Many aids to secure coding exist. Assessing the effectiveness of such aids in a laboratory environment is difficult. There are a number of concerns to address, such as recruitment issues and the level of instrumentation needed to perform an accurate measurement. Based on an extensive literature review of software development aids, we describe recent approaches to running laboratory studies, their characteristics, and their benefits and drawbacks. This paper should be of use to anyone planning to undertake coding studies with software developers.","PeriodicalId":198704,"journal":{"name":"2023 IEEE/ACM 4th International Workshop on Engineering and Cybersecurity of Critical Systems (EnCyCriS)","volume":"241 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116061294","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Evaluating Moving Target Defenses against Realistic Attack Scenarios 评估针对现实攻击场景的移动目标防御
2023 IEEE/ACM 4th International Workshop on Engineering and Cybersecurity of Critical Systems (EnCyCriS) Pub Date : 2023-05-01 DOI: 10.1109/EnCyCriS59249.2023.00005
Alex Brown, Tze-Wen Lee, Jin B. Hong
{"title":"Evaluating Moving Target Defenses against Realistic Attack Scenarios","authors":"Alex Brown, Tze-Wen Lee, Jin B. Hong","doi":"10.1109/EnCyCriS59249.2023.00005","DOIUrl":"https://doi.org/10.1109/EnCyCriS59249.2023.00005","url":null,"abstract":"Defenders are continuously seeking new tools for better security, including proactive defenses like Moving Target Defense (MTD). MTD continuously changes the attack surface, but there's little research on combining different MTD techniques, and often attack scenarios considered are simple and unrealistic. This paper proposes to evaluate the combined effects of MTD techniques against practical and realistic attack scenarios through a simulation framework. Our results indicate that adopting MTD techniques in general improves the security of systems, but combinations can have varying levels of defense depending on the attack scenarios. Hence, our proposed approach provides a more realistic evaluation of MTD techniques and their combinations taking into account practical attack scenarios, which can aid decision-makers to make better-informed decisions.","PeriodicalId":198704,"journal":{"name":"2023 IEEE/ACM 4th International Workshop on Engineering and Cybersecurity of Critical Systems (EnCyCriS)","volume":"104 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115271234","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Autoencoder via DCNN and LSTM Models for Intrusion Detection in Industrial Control Systems of Critical Infrastructures 基于DCNN和LSTM模型的自编码器在关键基础设施工业控制系统中的入侵检测
2023 IEEE/ACM 4th International Workshop on Engineering and Cybersecurity of Critical Systems (EnCyCriS) Pub Date : 2023-05-01 DOI: 10.1109/EnCyCriS59249.2023.00006
Kayode Yakub Saheed, S. Misra, S. Chockalingam
{"title":"Autoencoder via DCNN and LSTM Models for Intrusion Detection in Industrial Control Systems of Critical Infrastructures","authors":"Kayode Yakub Saheed, S. Misra, S. Chockalingam","doi":"10.1109/EnCyCriS59249.2023.00006","DOIUrl":"https://doi.org/10.1109/EnCyCriS59249.2023.00006","url":null,"abstract":"Industrial Control Systems (ICS) are widely used to carry out the fundamental functions of a society and are frequently employed in Critical Infrastructures (CIs). Consequently, protection against cyber-attacks is essential for these systems. Over the years, numerous cyber-attack detection system concepts have been proposed, each employing a distinct set of processes and methodologies. Despite this, there is a significant gap in the field of techniques for detecting cyber-attacks on ICS. Most existing studies used device logs, which require considerable pre-processing and understanding before they can be utilized for intrusion detection in an ICS environment. In this paper, we proposed an intrusion detection using an autoencoder for feature dimensionality reduction trained on network flow data via a Deep Convolutional Neural Network (DCNN) and Long Short-Term Memory (LSTM), which does not require prior knowledge of the underlying architecture and network's topology. The experimental analysis was performed on the ICS dataset and gas pipeline data given by Mississippi State University (MSU). The LSTM model achieved an accuracy greater than 99% and an AUC-ROC of 99.50% on the ICS data, whereas the DCNN model achieved an accuracy of 96.0% and an AUC-ROC of 97.20% on the gas pipeline network data, with extremely low false negatives and false positives. The results of the study showed that LSTM is superior to DCNN in detecting anomalies in ICS. In addition, the results disclosed that LSTM and DCNN are effective at time series prediction tasks. This observation is encouraging, as DCNN and LSTM are smaller, faster, and more straightforward than the deep neural network and recurrent neural networks utilized in previous research. The proposed IDS architecture is a low-cost, network-based solution that requires minimal processing, performs unsupervised, and is straightforward to implement in a real-world environment.","PeriodicalId":198704,"journal":{"name":"2023 IEEE/ACM 4th International Workshop on Engineering and Cybersecurity of Critical Systems (EnCyCriS)","volume":"38 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115976027","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
The State of Secure Coding Practice: Small Organisations and “Lone, Rogue Coders” 安全编码实践的现状:小型组织和“孤独、流氓编码者”
2023 IEEE/ACM 4th International Workshop on Engineering and Cybersecurity of Critical Systems (EnCyCriS) Pub Date : 2023-05-01 DOI: 10.1109/EnCyCriS59249.2023.00010
Ita Ryan, Klaas-Jan Stol, U. Roedig
{"title":"The State of Secure Coding Practice: Small Organisations and “Lone, Rogue Coders”","authors":"Ita Ryan, Klaas-Jan Stol, U. Roedig","doi":"10.1109/EnCyCriS59249.2023.00010","DOIUrl":"https://doi.org/10.1109/EnCyCriS59249.2023.00010","url":null,"abstract":"Software security is a rapidly developing problem. Malware, ransomware and spyware routinely leverage vulnerabilities in software to gain access to systems, escalate privileges and run adversarial code. One approach to solving this issue is to use secure software methods, which attempt to guide organisations in improving their software assurance. However, these methods implicitly assume the presence of substantial resources deployed in a compliance-mandated environment. The distinct and often limited environment in which small organisations, independent teams and lone coders operate is not considered. Advice for software security in small teams is almost absent from the literature, as is a way to measure the levels of secure coding in such teams. In order to address this problem, we must begin by understanding it. As part of the analysis of a large survey on current software security practice, we examined the current software security practices of small and open source organisations, and of lone and non-company developers. We present our results in this paper. We hope that they will facilitate the targeting of security advice to these neglected developer categories.","PeriodicalId":198704,"journal":{"name":"2023 IEEE/ACM 4th International Workshop on Engineering and Cybersecurity of Critical Systems (EnCyCriS)","volume":"59 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127909987","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
EnCyCriS 2023 Committees EnCyCriS 2023委员会
2023 IEEE/ACM 4th International Workshop on Engineering and Cybersecurity of Critical Systems (EnCyCriS) Pub Date : 2023-05-01 DOI: 10.1109/encycris59249.2023.00013
{"title":"EnCyCriS 2023 Committees","authors":"","doi":"10.1109/encycris59249.2023.00013","DOIUrl":"https://doi.org/10.1109/encycris59249.2023.00013","url":null,"abstract":"","PeriodicalId":198704,"journal":{"name":"2023 IEEE/ACM 4th International Workshop on Engineering and Cybersecurity of Critical Systems (EnCyCriS)","volume":"15 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125593830","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Functional Cyber-Resilience - Extending the Cybersecurity Paradigm in Critical Infrastructures 功能网络弹性——在关键基础设施中扩展网络安全范式
2023 IEEE/ACM 4th International Workshop on Engineering and Cybersecurity of Critical Systems (EnCyCriS) Pub Date : 2023-05-01 DOI: 10.1109/EnCyCriS59249.2023.00007
J. Haan
{"title":"Functional Cyber-Resilience - Extending the Cybersecurity Paradigm in Critical Infrastructures","authors":"J. Haan","doi":"10.1109/EnCyCriS59249.2023.00007","DOIUrl":"https://doi.org/10.1109/EnCyCriS59249.2023.00007","url":null,"abstract":"The digitalization and connectivity is growing fast in many areas of society. This is also the case in critical infrastructures like Air Traffic Management systems. This will inevitably lead to an progressing technology dependency. Over the past years, the awareness has been improved, leading to an increasing attention for cyber-security challenges. In this paper, I will explain why this will not be sufficient in the long run to ensure business continuity. In addition to the risk coming from an increasing dependency, a concentration of technical infrastructures and a decrease of diversity can be observed. On the non-technical side the risk from geo-political differences are increasing as well. To address this, new, risk landscape, we need a different way of looking at system-wide risks. The risks and mitigation should be considered at a, generic, functional level rather than individual, technical, human and organisational levels.","PeriodicalId":198704,"journal":{"name":"2023 IEEE/ACM 4th International Workshop on Engineering and Cybersecurity of Critical Systems (EnCyCriS)","volume":"35 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131551025","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Foreword from the EnCyCriS 2023 Organizers 《2023年百科全书》组织者的前言
2023 IEEE/ACM 4th International Workshop on Engineering and Cybersecurity of Critical Systems (EnCyCriS) Pub Date : 2023-05-01 DOI: 10.1109/encycris59249.2023.00012
{"title":"Foreword from the EnCyCriS 2023 Organizers","authors":"","doi":"10.1109/encycris59249.2023.00012","DOIUrl":"https://doi.org/10.1109/encycris59249.2023.00012","url":null,"abstract":"","PeriodicalId":198704,"journal":{"name":"2023 IEEE/ACM 4th International Workshop on Engineering and Cybersecurity of Critical Systems (EnCyCriS)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116092393","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Cryptography Based Security for the ATM Surveillance Chain 基于密码学的ATM监控链安全
2023 IEEE/ACM 4th International Workshop on Engineering and Cybersecurity of Critical Systems (EnCyCriS) Pub Date : 2023-05-01 DOI: 10.1109/EnCyCriS59249.2023.00009
J. Haan, Abdel Youssouf
{"title":"Cryptography Based Security for the ATM Surveillance Chain","authors":"J. Haan, Abdel Youssouf","doi":"10.1109/EnCyCriS59249.2023.00009","DOIUrl":"https://doi.org/10.1109/EnCyCriS59249.2023.00009","url":null,"abstract":"Legacy systems are quite common in critical infrastructures. The Air Traffic Management (ATM) domain is no exception. The combination of their legacy technology and use in critical infrastructures make them attractive and sometimes easy targets for cyber-attacks. Like many critical infrastructures, ATM is heavily constrained and strongly regulated. This limits the possibilities of short term changes. The development and operational life-cycles of these systems are usually quite long. This increases the need for transitional security mechanisms that can be retrofitted in a minimal invasive way without compromising safety and performance requirements while taking into account the ATM constraints. In this paper a Proof of Concept study is described that investigates a flexible and lean implementation for the ATM surveillance chain, based on standardized protocols and open source software.","PeriodicalId":198704,"journal":{"name":"2023 IEEE/ACM 4th International Workshop on Engineering and Cybersecurity of Critical Systems (EnCyCriS)","volume":"63 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128201240","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信