发布求助
文献互助 智能选刊 最新文献

Proceedings of the 2023 European Interdisciplinary Cybersecurity Conference最新文献

筛选
英文 中文
Ontology-based Framework for Boundary Verification of Safety and Security Properties in Industrial Control Systems 基于本体的工业控制系统安全属性边界验证框架
Proceedings of the 2023 European Interdisciplinary Cybersecurity Conference Pub Date : 2023-06-14 DOI: 10.1145/3590777.3590785
Chibuzo Ukegbu, Ramesh Neupane, Hoda Mehrpouyan
{"title":"Ontology-based Framework for Boundary Verification of Safety and Security Properties in Industrial Control Systems","authors":"Chibuzo Ukegbu, Ramesh Neupane, Hoda Mehrpouyan","doi":"10.1145/3590777.3590785","DOIUrl":"https://doi.org/10.1145/3590777.3590785","url":null,"abstract":"As part of Industrial Control Systems (ICS), the control logic controls the physical processes of critical infrastructures such as power plants and water and gas distribution. The Programmable Logic Controller (PLC) commonly manages these processes through actuators based on information received from sensor readings. Therefore, boundary checking is essential in ICS because sensor readings and actuator values must be within the safe range to ensure safe and secure ICS operation. In this paper, we propose an ontology-based approach to provide the knowledge required to verify the boundaries of ICS components with respect to their safety and security specifications. For the proof of concept, the formal model of the Programmable Logic Controller (PLC) is created in UPPAAL and validated in UPPAAL-API. Then, the proposed boundary verification algorithm is used to import the required information from the safety/security ontology","PeriodicalId":231403,"journal":{"name":"Proceedings of the 2023 European Interdisciplinary Cybersecurity Conference","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129497910","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Cybersecurity and Digital Privacy Aspects of V2X in the EV Charging Structure 电动汽车充电结构中V2X的网络安全和数字隐私方面
Proceedings of the 2023 European Interdisciplinary Cybersecurity Conference Pub Date : 2023-06-14 DOI: 10.1145/3590777.3591406
U. Cali, M. Kuzlu, O. Elma, Osman Gazi Gucluturk, A. Kilic, Ferhat Ozgur Catak
{"title":"Cybersecurity and Digital Privacy Aspects of V2X in the EV Charging Structure","authors":"U. Cali, M. Kuzlu, O. Elma, Osman Gazi Gucluturk, A. Kilic, Ferhat Ozgur Catak","doi":"10.1145/3590777.3591406","DOIUrl":"https://doi.org/10.1145/3590777.3591406","url":null,"abstract":"With the advancement of green energy technology and rising public and political acceptance, electric vehicles (EVs) have grown in popularity. Electric motors, batteries, and charging systems are considered major components of EVs. The electric power infrastructure has been designed to accommodate the needs of EVs, with an emphasis on bidirectional power flow to facilitate power exchange. Furthermore, the communication infrastructure has been enhanced to enable cars to communicate and exchange information with one another, also known as Vehicle-to-Everything (V2X) technology. V2X is positioned to become a bigger and smarter system in the future of transportation, thanks to upcoming digital technologies like Artificial Intelligence (AI), Distributed Ledger Technology, and the Internet of Things. However, like with any technology that includes data collection and sharing, there are issues with digital privacy and cybersecurity. This paper addresses these concerns by creating a multi-layer Cyber-Physical-Social Systems (CPSS) architecture to investigate possible privacy and cybersecurity risks associated with V2X. Using the CPSS paradigm, this research explores the interaction of EV infrastructure as a very critical part of the V2X ecosystem, digital privacy, and cybersecurity concerns.","PeriodicalId":231403,"journal":{"name":"Proceedings of the 2023 European Interdisciplinary Cybersecurity Conference","volume":"101 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115635507","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
In Alice and Bob, I trust? 我相信爱丽丝和鲍勃?
Proceedings of the 2023 European Interdisciplinary Cybersecurity Conference Pub Date : 2023-06-14 DOI: 10.1145/3590777.3590808
Allison Wylde
{"title":"In Alice and Bob, I trust?","authors":"Allison Wylde","doi":"10.1145/3590777.3590808","DOIUrl":"https://doi.org/10.1145/3590777.3590808","url":null,"abstract":"As the need for societal and organizational cybersecurity increases, artificial intelligence (AI) driven intelligent virtual and physical assistants (robots) appear to offer promising solutions to help address future gaps in the work force. However, some important and as yet unanswered questions on trust arise. This extended abstract begins to tackle how trust may function in high-risk cybersecurity environments in the context of zero trust. Leveraging well-established trust building theory allows the first steps towards novel solutions to be developed and proposed. Implications and promising directions for future work are presented.","PeriodicalId":231403,"journal":{"name":"Proceedings of the 2023 European Interdisciplinary Cybersecurity Conference","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129948897","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
An Evaluation of Information Flows in Digital Euro Transactions Using Contextual Integrity Theory 基于上下文完整性理论的数字欧元交易信息流评估
Proceedings of the 2023 European Interdisciplinary Cybersecurity Conference Pub Date : 2023-06-14 DOI: 10.1145/3590777.3590779
Frédéric Tronnier, Patrick Biker, Erik Baur, Sascha Löbner
{"title":"An Evaluation of Information Flows in Digital Euro Transactions Using Contextual Integrity Theory","authors":"Frédéric Tronnier, Patrick Biker, Erik Baur, Sascha Löbner","doi":"10.1145/3590777.3590779","DOIUrl":"https://doi.org/10.1145/3590777.3590779","url":null,"abstract":"Privacy is regarded as a crucial factor in the development of Central Bank Digital Currency (CBDC), particularly for the digital euro in Europe. Currently, research on privacy in CBDC is scarce and focuses largely on its technical implementation or its influence on technology adoption. This work aims to act as a first step towards uncovering privacy norms in digital euro transactions for German citizens. To this end, we investigate privacy parameters and acceptable flows of information for digital euro transactions using an exploratory mixed-method approach based and contextual integrity theory. The privacy parameters, derived through the analysis of 21 qualitative interviews of experts and non-experts, are used to measure acceptability of various information flows in digital euro transactions for 129 respondents in a first quantitative evaluation. The results demonstrate the importance of acceptable and unacceptable recipients of transaction- and identity-related information as well as different transmission principles. The contributions of this work, the creation of a contextual integrity framework and the evaluation of first privacy norms in digital euro transactions, can be used by central banks and policy makers to design and implement CBDC that does not violate individuals’ privacy norms.","PeriodicalId":231403,"journal":{"name":"Proceedings of the 2023 European Interdisciplinary Cybersecurity Conference","volume":"44 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130635503","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Towards Detecting Anomalies in Log-Event Sequences with Deep Learning: Open Research Challenges 用深度学习检测日志事件序列中的异常:开放的研究挑战
Proceedings of the 2023 European Interdisciplinary Cybersecurity Conference Pub Date : 2023-06-14 DOI: 10.1145/3590777.3590789
Patrick Himler, Max Landauer, Florian Skopik, Markus Wurzenberger
{"title":"Towards Detecting Anomalies in Log-Event Sequences with Deep Learning: Open Research Challenges","authors":"Patrick Himler, Max Landauer, Florian Skopik, Markus Wurzenberger","doi":"10.1145/3590777.3590789","DOIUrl":"https://doi.org/10.1145/3590777.3590789","url":null,"abstract":"Anomaly Detection (AD) is an important area to reliably detect malicious behavior and attacks on computer systems. Log data is a rich source of information about systems and thus provides a suitable input for AD. With the sheer amount of log data available today, Machine Learning (ML) and its further development Deep Learning (DL) have been applied for years to create models for AD. Especially when processing complex log data, DL is often able to achieve better performance than ML. To detect anomalous patterns that span over multiple log lines, it is necessary to group these log lines into log-event sequences. This work uses a Long Short-Term Memory (LSTM) model for AD which is one of the most important approaches to represent long-range temporal dependencies in log-event sequences of arbitrary length. This means that we use past information to predict whether future events are normal or anomalous. For the LSTM model we adapt a state of the art open source implementation called LogDeep. For the evaluation, we use a Hadoop Distributed File System (HDFS) data set, which is well studied in current research, and an open source Audit data set provided by the Austrian Institute of Technology (AIT). In this paper we show that without padding, a common preprocessing step used that strongly influences the AD process and artificially improves detection results and thus accuracy in lab testing, it is not possible to achieve the same high quality of results shown in literature. Furthermore, we analyze limitations of DL approaches applied for AD and list future research priorities and design challenges.","PeriodicalId":231403,"journal":{"name":"Proceedings of the 2023 European Interdisciplinary Cybersecurity Conference","volume":"17 6","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121016764","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
A Framework for Advanced Persistent Threat Attribution using Zachman Ontology 基于Zachman本体的高级持续威胁归因框架
Proceedings of the 2023 European Interdisciplinary Cybersecurity Conference Pub Date : 2023-06-14 DOI: 10.1145/3590777.3590783
Venkata Sai Charan Putrevu, Hrushikesh Chunduri, Mohan Anand Putrevu, S. Shukla
{"title":"A Framework for Advanced Persistent Threat Attribution using Zachman Ontology","authors":"Venkata Sai Charan Putrevu, Hrushikesh Chunduri, Mohan Anand Putrevu, S. Shukla","doi":"10.1145/3590777.3590783","DOIUrl":"https://doi.org/10.1145/3590777.3590783","url":null,"abstract":"Advanced Persistent Threat (APT) is a type of cyber attack that infiltrates a targeted organization and exfiltrates sensitive data over an extended period of time or to cause sabotage. Recently, there has been a trend of nation states backing APT groups in order to further their political and financial interests, making the APT attribution process increasingly important. The APT attribution process involves identifying the actors behind an attack and their motivations, using a method of logical inference called abductive reasoning to determine the most likely explanation for a set of observations. While various attribution methods and frameworks have been proposed by the security community, many of them lack granularity and are dependent on the skills of practitioners rather than a standardized process. This can hinder both the understandability and reproducibility of attribution efforts as this process is practiced but not engineered. To address these issues, we propose a new framework for the APT attribution process based on the Zachman ontology, which offers greater granularity by posing specific primitive questions at various levels of the attribution process. This allows for more accurate conclusions about the attackers and their motivations, helping organizations to better protect themselves against future attacks.","PeriodicalId":231403,"journal":{"name":"Proceedings of the 2023 European Interdisciplinary Cybersecurity Conference","volume":"30 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122786647","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Digital Energy Platforms Considering Digital Privacy and Security by Design Principles 从设计原则考虑数字隐私和安全的数字能源平台
Proceedings of the 2023 European Interdisciplinary Cybersecurity Conference Pub Date : 2023-06-14 DOI: 10.1145/3590777.3591405
U. Cali, Marthe Fogstad Dynge, Ahmed Idries, Sambeet Mishra, I. Dmytro, Naser Hashemipour, M. Kuzlu
{"title":"Digital Energy Platforms Considering Digital Privacy and Security by Design Principles","authors":"U. Cali, Marthe Fogstad Dynge, Ahmed Idries, Sambeet Mishra, I. Dmytro, Naser Hashemipour, M. Kuzlu","doi":"10.1145/3590777.3591405","DOIUrl":"https://doi.org/10.1145/3590777.3591405","url":null,"abstract":"The power system and markets have become increasingly complex, along with efforts to digitalize the energy sector. Accessing flexibility services, in particular, through digital energy platforms, has enabled communication between multiple entities within the energy system and streamlined flexibility market operations. However, digitalizing these vast and complex systems introduces new cybersecurity and privacy concerns, which must be properly addressed during the design of the digital energy platform ecosystems. More specifically, both privacy and cybersecurity measures should be embedded into all phases of the platform design and operation, based on the privacy and security by design principles. In this study, these principles are used to propose a holistic but generic architecture for digital energy platforms that are able to facilitate multiple use cases for flexibility services in the energy sector. A hybrid framework using both DLT and non-DLT solutions ensures trust throughout the layers of the platform architecture. Furthermore, an evaluation of numerous energy flexibility service use cases operating at various stages of the energy value chain is shown and graded in terms of digital energy platform technical maturity, privacy, and cybersecurity issues.","PeriodicalId":231403,"journal":{"name":"Proceedings of the 2023 European Interdisciplinary Cybersecurity Conference","volume":"88 5","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"113969697","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Towards detecting device fingerprinting on iOS with API function hooking 在iOS上用API函数挂钩检测设备指纹
Proceedings of the 2023 European Interdisciplinary Cybersecurity Conference Pub Date : 2023-06-14 DOI: 10.1145/3590777.3590790
Kris Heid, Vincent Andrae, J. Heider
{"title":"Towards detecting device fingerprinting on iOS with API function hooking","authors":"Kris Heid, Vincent Andrae, J. Heider","doi":"10.1145/3590777.3590790","DOIUrl":"https://doi.org/10.1145/3590777.3590790","url":null,"abstract":"Device fingerprinting is a technique that got popular at the end of the 90s by websites, to identify and track users. One of the biggest drivers behind such practices are advertising companies to identify users interests to personalize ads. From a user’s perspective, this, of course, raises privacy concerns. While device fingerprinting and its detection has been extensively studied in the context of web browsing, little research has been conducted on device fingerprinting in mobile apps and especially iOS apps. In this paper, we capture the current state of device fingerprinting in iOS apps, and explore possible approaches for fingerprinting detection on mobile devices using static and dynamic app analysis techniques. Finally, we present a first heuristic approach for automatic behavior-based fingerprinting detection on iOS only using spatial and temporal context of relevant API-calls.","PeriodicalId":231403,"journal":{"name":"Proceedings of the 2023 European Interdisciplinary Cybersecurity Conference","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134371710","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
DGA Detection Using Similarity-Preserving Bloom Encodings 基于保持相似性布隆编码的DGA检测
Proceedings of the 2023 European Interdisciplinary Cybersecurity Conference Pub Date : 2023-06-14 DOI: 10.1145/3590777.3590795
Lasse Nitz, Avikarsha Mandal
{"title":"DGA Detection Using Similarity-Preserving Bloom Encodings","authors":"Lasse Nitz, Avikarsha Mandal","doi":"10.1145/3590777.3590795","DOIUrl":"https://doi.org/10.1145/3590777.3590795","url":null,"abstract":"The sanitization of concise data samples can be challenging, as they do not provide a clear distinction between sensitive and non-sensitive parts within individual samples. In this context, traditional sanitization and anonymization measures are not applicable. We consider the detection of algorithmically generated domains through machine learning as an example of such a case, where the benign samples may leak sensitive information. Within this scenario, we evaluate the use of a similarity-preserving Bloom encoding technique to obscure the training samples.","PeriodicalId":231403,"journal":{"name":"Proceedings of the 2023 European Interdisciplinary Cybersecurity Conference","volume":"3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123844091","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Usability, Security, and Privacy Recommendations for Mobile Parental Control 手机家长控制的可用性、安全性和隐私建议
Proceedings of the 2023 European Interdisciplinary Cybersecurity Conference Pub Date : 2023-06-14 DOI: 10.1145/3590777.3590800
Vahiny Gnanasekaran, K. De Moor
{"title":"Usability, Security, and Privacy Recommendations for Mobile Parental Control","authors":"Vahiny Gnanasekaran, K. De Moor","doi":"10.1145/3590777.3590800","DOIUrl":"https://doi.org/10.1145/3590777.3590800","url":null,"abstract":"Current mobile parental control aids parents in monitoring their children’s digital usage. Although many children are below 13 when receiving their first smartphone and social media accounts, only a few parents adopt such services. However, the literature reports several privacy, security, and usability challenges that need to be addressed to develop future mobile parental control. This paper presents three privacy, two security, and four usability recommendations for mobile parental control by conducting an in-depth literature review. 306 papers from the first iteration resulted in nine papers addressing clear recommendations and guidelines. Parental control should contribute to the children’s digital skill set and the development of good online habits, in addition to addressing security and privacy controls for mobile applications.","PeriodicalId":231403,"journal":{"name":"Proceedings of the 2023 European Interdisciplinary Cybersecurity Conference","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130424141","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信