2023 IEEE International Conference on Cyber Security and Resilience (CSR)最新文献

{"title":"Metadata and Semantic Annotation of Digital Heritage Assets: a case study","authors":"Alba Amato, Dario Branco, S. Venticinque, G. Renda, Sabrina Mataluna","doi":"10.1109/CSR57506.2023.10224935","DOIUrl":"https://doi.org/10.1109/CSR57506.2023.10224935","url":null,"abstract":"Digital representation of real entities combined with the use of archiving platforms allows for easily preserve and share the original work, reducing the risk of damage or loss. However, in the context of the digitization of cultural heritage, the dependability and resilience of cultural fruition cannot be neglected. This paper presents an approach that exploits the integrated utilization of standard models and open source technologies, to archive and share digital heritage assets. Those assets are used to increase reliability recovering, through forms of augmented and virtual reality, the original fruition and increasing the information related to places and objects with lost details.","PeriodicalId":354918,"journal":{"name":"2023 IEEE International Conference on Cyber Security and Resilience (CSR)","volume":"18 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-07-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129709185","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Cyber Resilience, Societal Situational Awareness for SME","authors":"R. Kranenburg, Rohit Bohara, Raphael Yahalom, M. Ross","doi":"10.1109/CSR57506.2023.10225011","DOIUrl":"https://doi.org/10.1109/CSR57506.2023.10225011","url":null,"abstract":"In our paper, we describe the landscape that has led to the realization from the nineties of the last century that cyber is a social good: “Cyber is a social good, “said Cybersecurity and Infrastructure Security Agency Director Jen Easterly. “It's about societal resilience. And my last message (at CES 2023) is that we need to fundamentally change the relationship between government and industry.” This realization is build upon the belief that trust can be reinvented on three levels: that of data chains in devices, information chains in the supply chain (can I trust my supplier, my client), and trust in the realness, the ‘reality’ level of the contexts evoked by these chains in an age of deep fakes, Chat GPT and the Metaverse. We argue that there is a crisis of trust on all levels, a crisis which inevitability is part of the digital turn itself. As we move, as Mark Weiser wrote in his seminal text The Computer for the 21st century, to a form of computing that will disappear into “the fabric of everyday life”, and will only succeed as a success when it disappears fully from the experience of humans. It is the infrastructure itself that acquires a new layer and becomes ‘smart’. It has become an integral part of society that was before governed by rules of the kinetic realities of the world. These rules were built with certain threats in mind. The hybrid reality, layers of analogue/kinetic that interact sometimes, leads to new everyday practices that become social behavior. Leveling new threats then indeed becomes a social good. We argue that this is especially the case for small and medium-sized enterprises (SMEs), who by forming 99% of all business in Europe, not only pose a large fragmented threat vector, but also they are fighting cybercrime in isolation. We purpose a novel solution to exchange cybersecurity risk information with context among SMEs in a peer to peer mesh network. Additionally, a graph based risk analysis and prioritization method which takes into account the context information of assets and their environment.","PeriodicalId":354918,"journal":{"name":"2023 IEEE International Conference on Cyber Security and Resilience (CSR)","volume":"5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-07-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130764649","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Anomaly-Based Intrusion Detection in IIoT Networks Using Transformer Models","authors":"Jorge Casajús-Setién, C. Bielza, P. Larrañaga","doi":"10.1109/CSR57506.2023.10224965","DOIUrl":"https://doi.org/10.1109/CSR57506.2023.10224965","url":null,"abstract":"With the increase of device connectivity in Industry 4.0, securing industrial networks to defend them against cyberattacks has become a primary concern. Motivated by the huge data generated by devices in industrial environments, artificial intelligence has emerged as a promising complement to traditional cybersecurity. In order to gain insight about the possibility of cyberattacks, we propose a novel methodology to analyze industrial network traffic in real time exploiting the sequence modelling capabilities of the transformer architecture, widely used by the GPT model family for sequential language generation. We demonstrate that our method provides state-of-the art performance with promising explainability potential.","PeriodicalId":354918,"journal":{"name":"2023 IEEE International Conference on Cyber Security and Resilience (CSR)","volume":"102 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-07-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129400370","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Evaluating a Process-Aware IDS for Smart Grids on Distributed Hardware","authors":"Verena Menzel, Kai Oliver Großhanten, Anne Remke","doi":"10.1109/CSR57506.2023.10224985","DOIUrl":"https://doi.org/10.1109/CSR57506.2023.10224985","url":null,"abstract":"Recent incidents clearly identify the need for improved (cyber) security in the power distribution grid. The communication infrastructure of a power grid (the Supervisory Control and Data Acquisition (SCADA) network) is often a lucrative target for cyber-attacks and manipulations. In a recent line of work, a process-aware approach was proposed to locally monitor the communicated data and detect anomalies and inconsistencies. Recently, that approach was extended to a neighborhood level and tested in a simulation environment. This paper takes the extended approach closer to practice and shows its feasibility on distributed hardware. We evaluate the hardware capacity, the chosen communication protocol, and the real-time capability with respect to performance on a Raspberry Pis cluster and compare it to the originally centralized test cases. Further, requirements for transforming the distributed prototype into a real-world application are discussed.","PeriodicalId":354918,"journal":{"name":"2023 IEEE International Conference on Cyber Security and Resilience (CSR)","volume":"28 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-07-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124077562","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A Feature-Aware Semi-Supervised Learning Approach for Automotive Ethernet","authors":"Kabid Hassan Shibly, Md. Delwar Hossain, Hiroyuki Inoue, Yuzo Taenaka, Y. Kadobayashi","doi":"10.1109/CSR57506.2023.10224976","DOIUrl":"https://doi.org/10.1109/CSR57506.2023.10224976","url":null,"abstract":"The proliferation of devices aimed at enhancing vehicle and driver safety or providing various services to drivers has resulted in a considerable amount of network traffic. Employing a sophisticated network protocol like Automotive Ethernet is crucial for expediently processing the high volume of traffic routed to the In-Vehicle Network (IVN), as its transmission is dependent on the specific function being performed. T he increased interconnectivity of in-vehicle devices and external networks allows for the transfer of potential attack vectors and associated vulnerabilities from an Ethernet infrastructure to an Automotive Ethernet framework. As the architecture of Automotive Ethernet is comprised of heterogeneous networks, it is susceptible to various vulnerabilities and remains a largely uncharted area of research. While supervised learning has demonstrated potential in this domain, its application is still limited by the vulnerability to unknown attacks, given the nascent nature of this area of research. The proposed research advances an approach to detecting intrusion in Automotive Ethernet data, which leverages the power of semi-supervised learning. In essence, by augmenting data with selectively identifying key features that are most relevant to the learning objective and isolating them from extraneous noise, this method enhances the algorithm's ability to discern attack activity and ultimately achieves superior performance. Our research indicates an average attack detection rate of 98.8 % for CAN DoS attacks, 97.8% for CAN Reply, 96.1 % for PTP Sync, 92.4% for Frame injection, and 91.1 % for Switch attacks, and we replicated the experiment across multiple IVN intrusion datasets for comparison to verify the credibility and robustness of the findings.","PeriodicalId":354918,"journal":{"name":"2023 IEEE International Conference on Cyber Security and Resilience (CSR)","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-07-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123156738","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A Recipe for Cost-Effective Secure IoT: the Safe Place Project Case Study","authors":"Francesco Palmarini, Leonardo Veronese, Matteo Busi, R. Focardi, F. Luccio","doi":"10.1109/CSR57506.2023.10225007","DOIUrl":"https://doi.org/10.1109/CSR57506.2023.10225007","url":null,"abstract":"IoT systems are complex and heterogeneous, and consequently difficult to control and secure. This problem is compounded by the fact that the devices are often inexpensive with little computing power. In this paper, we present our experience within the Safe Place project which aimed to create an IoT system for healthier living environments, motivated by the SARS-Cov-2 emergency. The implemented IoT system can monitor people's movements, check the healthiness of the air, sanitize spaces and objects, and provide support to isolated people. Our recipe for a cost-effective secure IoT system trades-off security, usability, and cost, and is easily repeatable and implementable for other similar IoT systems.","PeriodicalId":354918,"journal":{"name":"2023 IEEE International Conference on Cyber Security and Resilience (CSR)","volume":"246 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-07-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115223422","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A Cost-Efficient Threat Intelligence Platform Powered by Crowdsourced OSINT","authors":"Alexander Khalil Daou, Fudong Li, S. Shiaeles","doi":"10.1109/CSR57506.2023.10225008","DOIUrl":"https://doi.org/10.1109/CSR57506.2023.10225008","url":null,"abstract":"Cyberattacks are a primary concern for organisations of all kinds, costing billions of dollars globally each year. As more businesses begin operating online, and as attackers develop more advanced malware and evolve their modus operandi, the demand for effective cyber security measures grows exponentially. One such measure is the threat intelligence platform (TIP): a system which gathers and presents information about current cyber threats, providing actionable insight to aid security teams in employing a more proactive approach to thwarting attacks. These platforms and their accompanying intelligence feeds can be costly when purchased from a commercial vendor, creating a financial barrier for small and medium-sized enterprises. This paper explores the use of crowdsourced open-source intelligence (OSINT) as an alternative to commercial threat intelligence. A model TIP is developed using a combination of crowdsourced OSINT, freeware, and cloud services, demonstrating the feasibility and benefits of using OSINT over commercial solutions. The developed TIP is evaluated using a dataset containing 16,713 malware samples collected via the MalwareBazaar repository.","PeriodicalId":354918,"journal":{"name":"2023 IEEE International Conference on Cyber Security and Resilience (CSR)","volume":"210 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-07-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114367390","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Cream Skimming the Underground: Identifying Relevant Information Points from Online Forums","authors":"Felipe Moreno Vera, M. Nogueira, Cainã Figueiredo, D. S. Menasch'e, Miguel Bicudo, Ashton Woiwood, Enrico Lovat, Anton Kocheturov, L. P. D. Aguiar","doi":"10.1109/CSR57506.2023.10224941","DOIUrl":"https://doi.org/10.1109/CSR57506.2023.10224941","url":null,"abstract":"This paper proposes a machine learning-based approach for detecting the exploitation of vulnerabilities in the wild by monitoring underground hacking forums. The increasing volume of posts discussing exploitation in the wild calls for an automatic approach to process threads and posts that will eventually trigger alarms depending on their content. To illustrate the proposed system, we use the CrimeBB dataset, which contains data scraped from multiple underground forums, and develop a supervised machine learning model that can filter threads citing CVEs and label them as Proof-of-Concept, Weaponization, or Exploitation. Leveraging random forests, we indicate that accuracy, precision and recall above 0.99 are attainable for the classification task. Additionally, we provide insights into the difference in nature between weaponization and exploitation, e.g., interpreting the output of a decision tree, and analyze the profits and other aspects related to the hacking communities. Overall, our work sheds insight into the exploitation of vulnerabilities in the wild and can be used to provide additional ground truth to models such as EPSS and Expected Exploitability.","PeriodicalId":354918,"journal":{"name":"2023 IEEE International Conference on Cyber Security and Resilience (CSR)","volume":"25 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-07-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126433896","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Towards a Hybrid Multi-Layer Blockchain-Based Energy Trading Market for Microgrids","authors":"Panagiotis Savvidis, Nikolaos Vakakis, A. Voulgaridis, E. Bellini, D. Ioannidis, K. Votis, D. Tzovaras","doi":"10.1109/CSR57506.2023.10224920","DOIUrl":"https://doi.org/10.1109/CSR57506.2023.10224920","url":null,"abstract":"Energy trading is currently transitioning from traditional centralized markets to decentralized peer to peer (P2P) solutions. More and more P2P projects are operating with the Blockchain technology, hosting e-auctions for prosumers who are part of microgrids and operating in the same network. This way of energy trading might be ideal for trading types of renewable energy with high predictability but the same does not apply for lower predictability types, such as solar energy. A critical issue of P2P energy trading markets, that operate only in the context of local energy communities, is the availability of resources when every prosumer adapts the same role in the market, thus leading to either large excess or deficit of energy. This paper introduces a blockchain-based semi-decentralized (hybrid) energy trading market that consists of more than one microgrids and each microgrid is composed of prosumers who produce and trade energy with others within their microgrid. Furthermore, inter-microgrid energy trading can be initiated, as well as trading with the main grid, when there are unmet energy requests. In order to ensure safety and security between untrusted parties, transactions happen in a permissioned blockchain network. As an alternative way to trade energy this solution proposes along with the Fungible Tokens, the use of Non-Fungible Tokens (NFT) that enclose amounts of energy to be used when needed. Each microgrid is equipped with an appropriately sized battery, a repository to maintain profits, and is coordinated by an administration manager, who is responsible for transactions happening outside of the microgrid.","PeriodicalId":354918,"journal":{"name":"2023 IEEE International Conference on Cyber Security and Resilience (CSR)","volume":"14 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-07-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131756180","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Learning When to Say Goodbye: What Should be the Shelf Life of an Indicator of Compromise?","authors":"Breno Tostes, Leonardo Ventura, Enrico Lovat, Matheus Martins, D. S. Menasch'e","doi":"10.1109/CSR57506.2023.10224937","DOIUrl":"https://doi.org/10.1109/CSR57506.2023.10224937","url":null,"abstract":"Indicators of Compromise (IOCs), such as IP addresses, file hashes, and domain names associated with known malware or attacks, are cornerstones of cybersecurity, serving to identify malicious activity on a network. In this work, we leverage real data to compare different parameterizations of IOC aging models. Our dataset comprises traffic at a real environment for more than 1 year. Among our trace-driven findings, we determine thresholds for the ratio between miss over monitoring costs such that the system benefits from storing IOCs for a finite time-to-live (TTL) before eviction. To the best of our knowledge, this is the first real world evaluation of thresholds related to IOC aging, paving the way towards realistic IOC decaying models.","PeriodicalId":354918,"journal":{"name":"2023 IEEE International Conference on Cyber Security and Resilience (CSR)","volume":"21 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-07-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133225733","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}