2021 IEEE International Conference on Cyber Security and Resilience (CSR)最新文献

筛选
英文 中文
Cyber Security Certification Programmes 网络安全认证计划
2021 IEEE International Conference on Cyber Security and Resilience (CSR) Pub Date : 2021-07-26 DOI: 10.1109/CSR51186.2021.9527974
Eleni-Constantina Davri, E. Darra, Isidoros Monogioudis, Athanasios Grigoriadis, Christos Iliou, Notis Mengidis, T. Tsikrika, S. Vrochidis, A. Peratikou, Helen Gibson, Damir Haskovic, Dimitrios Kavallieros, Evangelos Chaskos, Peng Zhao, S. Shiaeles, N. Savage, Babak Akhgar, X. Bellekens, M. B. Farah
{"title":"Cyber Security Certification Programmes","authors":"Eleni-Constantina Davri, E. Darra, Isidoros Monogioudis, Athanasios Grigoriadis, Christos Iliou, Notis Mengidis, T. Tsikrika, S. Vrochidis, A. Peratikou, Helen Gibson, Damir Haskovic, Dimitrios Kavallieros, Evangelos Chaskos, Peng Zhao, S. Shiaeles, N. Savage, Babak Akhgar, X. Bellekens, M. B. Farah","doi":"10.1109/CSR51186.2021.9527974","DOIUrl":"https://doi.org/10.1109/CSR51186.2021.9527974","url":null,"abstract":"Although a large and fast-growing workforce for qualified cybersecurity professionals exists, developing a cybersecurity certification framework has to overcome many challenges. Towards this end, an extended review of the cybersecurity certifications offered currently on the market from 9 major issuing companies is conducted. Moreover, the guidelines for the definition of a cybersecurity certification framework as they are provided from the recent Cyber Security Act and framework of ENISA, NIST and ISO/IEC 17024 are covered. A vast comparison among the presented cybersecurity certifications is given, based not only on the cybersecurity domain covered but also the required level of candidate’s experience. A proposed certification program has been also analyzed based on the learning pathways and the knowledge areas described in FORESIGHT.","PeriodicalId":253300,"journal":{"name":"2021 IEEE International Conference on Cyber Security and Resilience (CSR)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-07-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129117982","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Mc-PUF: Memory-based and Machine Learning Resilient Strong PUF for Device Authentication in Internet of Things Mc-PUF:基于内存和机器学习的物联网设备认证弹性强PUF
2021 IEEE International Conference on Cyber Security and Resilience (CSR) Pub Date : 2021-07-26 DOI: 10.1109/CSR51186.2021.9527930
Phillip Williams, Haytham Idriss, M. Bayoumi
{"title":"Mc-PUF: Memory-based and Machine Learning Resilient Strong PUF for Device Authentication in Internet of Things","authors":"Phillip Williams, Haytham Idriss, M. Bayoumi","doi":"10.1109/CSR51186.2021.9527930","DOIUrl":"https://doi.org/10.1109/CSR51186.2021.9527930","url":null,"abstract":"Physically Unclonable Functions (PUFs) are hardware-based security primitives that utilize manufacturing process variations to realize binary keys (Weak PUFs) or binary functions (Strong PUFs). This primitive is desirable for key generation and authentication in constrained devices, due to its low power and low area overhead. However, in recent years many research papers are focused on the vulnerability of PUFs to modeling attacks. This attack is possible because the PUFs challenge and response exchanges are usually transmitted over communication channel without encryption. Thus, an attacker can collect challenge-response pairs and use it as input into a learning algorithm, to create a model that can predict responses given new challenges. In this paper we introduce a serial and a parallel novel 64-bits memory-based controlled PUF (Mc-PUF) architecture for device authentication that has high uniqueness and randomness, reliable, and resilient against modeling attacks. These architectures generate a response by utilizing bits extracted from the fingerprint of a synchronous random-access memory (SRAM) PUF with a control logic. The synthesis of the serial architecture yielded an area of 1.136K GE, while the parallel architecture was 3.013K GE. The best prediction accuracy obtained from the modeling attack was ~50%, which prevents an attacker from accurately predicting responses to future challenges. We also showcase the scalability of the design through XOR-ing several Mc-PUFs, further improving upon its security and performance. The remainder of the paper presents the proposed architectures, along with their hardware implementations, area and power consumption, and security resilience against modeling attacks. The 3-XOR Mc-PUF had the greatest overhead, but it produced the best randomness, uniqueness, and resilience against modeling attacks.","PeriodicalId":253300,"journal":{"name":"2021 IEEE International Conference on Cyber Security and Resilience (CSR)","volume":"8 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-07-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125315710","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
CSR 2021 Cover Page CSR 2021封面
2021 IEEE International Conference on Cyber Security and Resilience (CSR) Pub Date : 2021-07-26 DOI: 10.1109/csr51186.2021.9527901
{"title":"CSR 2021 Cover Page","authors":"","doi":"10.1109/csr51186.2021.9527901","DOIUrl":"https://doi.org/10.1109/csr51186.2021.9527901","url":null,"abstract":"","PeriodicalId":253300,"journal":{"name":"2021 IEEE International Conference on Cyber Security and Resilience (CSR)","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-07-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127805731","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
The SPIDER Cyber Security Investment Component (CIC) 网络安全投资组件(CIC)
2021 IEEE International Conference on Cyber Security and Resilience (CSR) Pub Date : 2021-07-26 DOI: 10.1109/CSR51186.2021.9527924
Maria Tsiodra, M. Chronopoulos, Matthias Ghering, E. Karapistoli, Neofytos Gerosavva, Nicolas Kylilis
{"title":"The SPIDER Cyber Security Investment Component (CIC)","authors":"Maria Tsiodra, M. Chronopoulos, Matthias Ghering, E. Karapistoli, Neofytos Gerosavva, Nicolas Kylilis","doi":"10.1109/CSR51186.2021.9527924","DOIUrl":"https://doi.org/10.1109/CSR51186.2021.9527924","url":null,"abstract":"Recent security incidents worldwide demonstrate the increase in the complexity and severity of cyber security threats. The attackers become better organized and the attack vectors are using more advanced methods and tools. Therefore, within the currently evolving and complex 5G cyber security landscape, both businesses and end-users need to find ways to enhance their cyber security preparedness level in order to safeguard their infrastructures and assets. Additionally, modern organizations need to invest in cyber security technologies to proactively address the identified cyber risks, based on the specific individual characteristics of their infrastructures. For this reason, investing in cyber security constitutes nowadays an essential financial and operational decision aiming to reduce the financial risk that successful cyber-attacks entail. In this paper, we demonstrate how capital budgeting techniques for gauging the financial risk of cyber attacks may be integrated within an optimisation model for optimal selection of mitigation measures into a single unified decision-making framework.","PeriodicalId":253300,"journal":{"name":"2021 IEEE International Conference on Cyber Security and Resilience (CSR)","volume":"52 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-07-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121663870","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Unveiling MIMETIC: Interpreting Deep Learning Traffic Classifiers via XAI Techniques 揭秘MIMETIC:通过XAI技术解释深度学习流量分类器
2021 IEEE International Conference on Cyber Security and Resilience (CSR) Pub Date : 2021-07-26 DOI: 10.1109/CSR51186.2021.9527948
Alfredo Nascita, Antonio Montieri, Giuseppe Aceto, D. Ciuonzo, V. Persico, A. Pescapé
{"title":"Unveiling MIMETIC: Interpreting Deep Learning Traffic Classifiers via XAI Techniques","authors":"Alfredo Nascita, Antonio Montieri, Giuseppe Aceto, D. Ciuonzo, V. Persico, A. Pescapé","doi":"10.1109/CSR51186.2021.9527948","DOIUrl":"https://doi.org/10.1109/CSR51186.2021.9527948","url":null,"abstract":"The widespread use of powerful mobile devices has deeply affected the mix of traffic traversing both the Internet and enterprise networks (with bring-your-own-device policies). Traffic encryption has become extremely common, and the quick proliferation of mobile apps and their simple distribution and update have created a specifically challenging scenario for traffic classification and its uses, especially network-security related ones. The recent rise of Deep Learning (DL) has responded to this challenge, by providing a solution to the time-consuming and human-limited handcrafted feature design, and better clas-sification performance. The counterpart of the advantages is the lack of interpretability of these black-box approaches, limiting or preventing their adoption in contexts where the reliability of results, or interpretability of polices is necessary. To cope with these limitations, eXplainable Artificial Intelligence (XAI) techniques have seen recent intensive research. Along these lines, our work applies XAI-based techniques (namely, Deep SHAP) to interpret the behavior of a state-of-the-art multimodal DL traffic classifier. As opposed to common results seen in XAI, we aim at a global interpretation, rather than sample-based ones. The results quantify the importance of each modality (payload- or header-based), and of specific subsets of inputs (e.g., TLS SNI and TCP Window Size) in determining the classification outcome, down to per-class (viz. application) level. The analysis is based on a publicly-released recent dataset focused on mobile app traffic.","PeriodicalId":253300,"journal":{"name":"2021 IEEE International Conference on Cyber Security and Resilience (CSR)","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-07-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126452506","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
Trust and Quality Computation for Cyber Threat Intelligence Sharing Platforms 网络威胁情报共享平台的信任与质量计算
2021 IEEE International Conference on Cyber Security and Resilience (CSR) Pub Date : 2021-07-26 DOI: 10.1109/CSR51186.2021.9527975
Kadir Burak Mavzer, E. Konieczna, Henrique Alves, Cagatay Yucel, Ioannis Chalkias, Dimitrios Mallis, D. Cetinkaya, Luis Angel Galindo Sánchez
{"title":"Trust and Quality Computation for Cyber Threat Intelligence Sharing Platforms","authors":"Kadir Burak Mavzer, E. Konieczna, Henrique Alves, Cagatay Yucel, Ioannis Chalkias, Dimitrios Mallis, D. Cetinkaya, Luis Angel Galindo Sánchez","doi":"10.1109/CSR51186.2021.9527975","DOIUrl":"https://doi.org/10.1109/CSR51186.2021.9527975","url":null,"abstract":"Information sharing has been considered a critical solution against the ever-increasing complexity of cyber-attacks. In this effort Cyber Threat Intelligence is undergoing a process of increasing its maturity levels. The quantification of the quality of shared information and the assessment of trust amongst information sharing entities is an important part of the process. The Trust and Quality Tool has been designed as a tool with the aim of improving the trust in the relevancy of shared information by enabling an option to assess its trustworthiness and defining a set of metrics for trust and quality.","PeriodicalId":253300,"journal":{"name":"2021 IEEE International Conference on Cyber Security and Resilience (CSR)","volume":"8 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-07-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128060178","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Anomaly based Resilient Network Intrusion Detection using Inferential Autoencoders 基于推理自编码器的异常弹性网络入侵检测
2021 IEEE International Conference on Cyber Security and Resilience (CSR) Pub Date : 2021-07-26 DOI: 10.1109/CSR51186.2021.9527980
Abdul Hannan, Christian Gruhl, B. Sick
{"title":"Anomaly based Resilient Network Intrusion Detection using Inferential Autoencoders","authors":"Abdul Hannan, Christian Gruhl, B. Sick","doi":"10.1109/CSR51186.2021.9527980","DOIUrl":"https://doi.org/10.1109/CSR51186.2021.9527980","url":null,"abstract":"This article focuses on the application of conditional variational autoencoders as anomaly detectors to identify emerging threats in computer networks. Autoencoders are machine learning techniques that are used to find lower-dimensional representations, i.e. an encoding in latent space, from input space. With variational Autoencoders (VAE) this representation is not a single code word or vector but a probability distribution – greatly improving the robustness of the coding scheme. In contrast to VAE, we present a conditional variational autoencoder (CVAE), which uses the latent representation to encode regular and malicious network traffic into a bimodal distribution. While regular autoencoders are unsupervised, we require some labeled data to tune the bimodal representations, thus turning the learning problem into a semi-supervised classification task. However, unknown threats (i.e. those not contained in labeled training data) can be detected as well. In our presented case study, based on available computer network datasets (KDD99 and CIC-IDS2017), we could improve the detection of unknown threats compared to conventional approaches. Our experiments are publicly available.","PeriodicalId":253300,"journal":{"name":"2021 IEEE International Conference on Cyber Security and Resilience (CSR)","volume":"116 4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-07-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133497379","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
Assessing adversarial training effect on IDSs and GANs 评估对抗训练对ids和gan的影响
2021 IEEE International Conference on Cyber Security and Resilience (CSR) Pub Date : 2021-07-26 DOI: 10.1109/CSR51186.2021.9527949
Hassan Chaitou, T. Robert, J. Leneutre, L. Pautet
{"title":"Assessing adversarial training effect on IDSs and GANs","authors":"Hassan Chaitou, T. Robert, J. Leneutre, L. Pautet","doi":"10.1109/CSR51186.2021.9527949","DOIUrl":"https://doi.org/10.1109/CSR51186.2021.9527949","url":null,"abstract":"Deep neural network-based Intrusion Detection Systems (IDSs) are gaining popularity to improve anomaly detection accuracy and robustness. Yet, Deep neural network (DNN) models have been shown to be vulnerable to adversarial attacks. An attacker can use a generator, here a Generative Adversarial Network, to alter an attack so that the IDS model misclassify it as normal network traffic. There is a race between adversarial attacks and mechanisms to make robust IDSs, like Adversarial Training. To our knowledge, no study thoroughly assesses how attack generators or IDS training is sensitive to parameters controlling resources spent during training. Such results provide insights on how much to spend on IDS training. This paper presents the outcome of this assessment for GANs vs adversarial training. Interestingly, it shows that GANs’ evasion capabilities are either very good or poor, with almost no average cases. Resources impact the likelihood of obtaining an efficient generator.","PeriodicalId":253300,"journal":{"name":"2021 IEEE International Conference on Cyber Security and Resilience (CSR)","volume":"36 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-07-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133600591","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Detecting SQL Injection Web Attacks Using Ensemble Learners and Data Sampling 基于集成学习器和数据采样的SQL注入Web攻击检测
2021 IEEE International Conference on Cyber Security and Resilience (CSR) Pub Date : 2021-07-26 DOI: 10.1109/CSR51186.2021.9527990
R. Zuech, John T. Hancock, T. Khoshgoftaar
{"title":"Detecting SQL Injection Web Attacks Using Ensemble Learners and Data Sampling","authors":"R. Zuech, John T. Hancock, T. Khoshgoftaar","doi":"10.1109/CSR51186.2021.9527990","DOIUrl":"https://doi.org/10.1109/CSR51186.2021.9527990","url":null,"abstract":"SQL Injection web attacks are a common choice among attackers to exploit web servers. We explore classification performance in detecting SQL Injection web attacks in the recent CSE-CIC-IDS2018 dataset with the Area Under the Receiver Operating Characteristic Curve (AUC) metric for the following seven classifiers: Random Forest (RF), CatBoost (CB), LightGBM (LGB), XGBoost (XGB), Decision Tree (DT), Naive Bayes (NB), and Logistic Regression (LR) (with the first four learners being ensemble learners and for comparison, the last three being single learners). Our unique data preparation of CSE-CID- IDS2018 affords a harsh experimental testbed of class imbalance as encountered in the real world for cybersecurity attacks. To the best of our knowledge, we are the first to apply random undersampling techniques to web attacks from the CSE-CIC- IDS2018 dataset while exploring various sampling ratios. We find the ensemble learners to be the most effective at detecting SQL Injection web attacks, but only after first applying massive data sampling.","PeriodicalId":253300,"journal":{"name":"2021 IEEE International Conference on Cyber Security and Resilience (CSR)","volume":"35 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-07-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132786826","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Improving Classification Trustworthiness in Random Forests 提高随机森林分类可信度
2021 IEEE International Conference on Cyber Security and Resilience (CSR) Pub Date : 2021-07-26 DOI: 10.1109/CSR51186.2021.9527939
Maria Stella de Biase, F. Marulli, Laura Verde, S. Marrone
{"title":"Improving Classification Trustworthiness in Random Forests","authors":"Maria Stella de Biase, F. Marulli, Laura Verde, S. Marrone","doi":"10.1109/CSR51186.2021.9527939","DOIUrl":"https://doi.org/10.1109/CSR51186.2021.9527939","url":null,"abstract":"Machine learning algorithms are becoming more and more widespread in industrial as well as in societal settings. This diffusion is starting to become a critical aspect of new software-intensive applications due to the need of fast reactions to changes, even if temporary, in data. This paper investigates on the improvement of reliability in the Machine Learning based classification by extending Random Forests with Bayesian Network models. Such models, combined with a mechanism able to adjust the reputation level of single learners, may improve the overall classification trustworthiness. A small example taken from the healthcare domain is presented to demonstrate the proposed approach.","PeriodicalId":253300,"journal":{"name":"2021 IEEE International Conference on Cyber Security and Resilience (CSR)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-07-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130597353","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信