2023 15th International Conference on Cyber Conflict: Meeting Reality (CyCon)最新文献

{"title":"Zero-Day Operational Cyber Readiness","authors":"B. Ozkan, İ. B. Tolga","doi":"10.23919/CyCon58705.2023.10181814","DOIUrl":"https://doi.org/10.23919/CyCon58705.2023.10181814","url":null,"abstract":"As we move all our business practices into cyber terrain, the unique characteristics of cyberspace assets and threats require a different perspective to define and implement the concept of cyberspace readiness. The connected and dependent nature of functional and core services in and through cyberspace has created a nondeterministic security environment with unpredictable, ubiquitous and ambiguous threat perceptions. Building, increasing and sustaining cyber readiness requires producing, training, equipping, deploying and sustaining cyber warriors with competent capabilities against a continuously mutating threat landscape in a timely manner. Traditional military readiness approaches geared for kinetic services do not suit the unique requirements of cyber warfare readiness. A unit at “60 days notice to move” has 60 days to get ready to act. If the average time to detect a cyber attack is 200 days, cyber defenders must be ready for cyber attacks on average 200 days before they start. Hence, we propose the term “zero-day readiness” to describe agile and vigilant cyber readiness. In this paper, we offer a novel cyberspace readiness model based on principles, resources, activities, capabilities and benefits. While resource-demanding to build, improve and sustain, the proposed Zero-Day Readiness model has the potential to significantly increase the assessment and visibility of gaps as well as support judgment on the allocation of limited resources. The added value of this research is in developing a more revisionist readiness perspective for cyberspace operational readiness than the traditional kinetic operational domains, particularly for organizational and military cyber defense perspectives.","PeriodicalId":391972,"journal":{"name":"2023 15th International Conference on Cyber Conflict: Meeting Reality (CyCon)","volume":"24 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121269787","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"AI-assisted Cyber Security Exercise Content Generation: Modeling a Cyber Conflict","authors":"A. Zacharis, Razvan Gavrila, C. Patsakis, D. Ikonomou","doi":"10.23919/CyCon58705.2023.10181930","DOIUrl":"https://doi.org/10.23919/CyCon58705.2023.10181930","url":null,"abstract":"A cyber conflict can be defined as a cyberattack or a series of attacks that target the critical functions of a country. Such attacks can potentially wreak havoc on government and civilian infrastructure and disrupt critical systems, resulting in damage to the state and even loss of life. National bodies are usually expected to run cyber crisis exercises to prevent such attacks and prepare for their impact. Developing risk scenarios that are both relevant and up to date with the current threat landscape is a critical element in the success of any cyber exercise, especially a cyber conflict scenario.Our work explores the results of applying machine learning to unstructured information sources to generate structured cyber exercise content in preparation for or during a destructive cyber conflict. We collected a dataset of publicly available cyber security articles and used them to assess future threats and as a skeleton for new exercise scenarios. We utilize named-entity recognition to structure the information based on a novel ontology. With the help of graph comparison methodologies, we match the generated scenarios to known threat actors’ tactics, techniques, and procedures and enrich the final scenario accordingly, with the help of synthetic text generators following our novel artificial-intelligence-assisted cyber exercise framework (AiCEF).Our framework has been evaluated on its efficiency and speed and can produce structured cyber exercise scenarios in real time, provided with incident descriptions in raw text format or a set of keywords. By deep diving into a pool of pre-tagged incidents, AiCEF can build exercise content from scratch, assisting inexperienced exercise planners in generating a scenario quicker and achieving a level of quality similar to an experienced planner or subject matter expert.We have assessed our methodology for relevance and preparedness by applying it to a real cyber conflict use case to model two categories of crisis management exercise scenarios: pre-conflict and post-conflict initiation. Thus, we assess whether the generated scenarios match the attack trends and the news feeds that were not used in training the AiCEF and prove that we can provide targeted and customized awareness of upcoming incidents.","PeriodicalId":391972,"journal":{"name":"2023 15th International Conference on Cyber Conflict: Meeting Reality (CyCon)","volume":"55 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132035331","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"CyCon 2023 Sponsors","authors":"","doi":"10.23919/cycon58705.2023.10181866","DOIUrl":"https://doi.org/10.23919/cycon58705.2023.10181866","url":null,"abstract":"","PeriodicalId":391972,"journal":{"name":"2023 15th International Conference on Cyber Conflict: Meeting Reality (CyCon)","volume":"83 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131151702","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"The Law of Neutrality and the Sharing of Cyber-Enabled Data During International Armed Conflict","authors":"Yann L. Schmuki","doi":"10.23919/cycon58705.2023.10181885","DOIUrl":"https://doi.org/10.23919/cycon58705.2023.10181885","url":null,"abstract":"The question of the extent to which neutral States are allowed to share (cyber-enabled) data during international armed conflict has rarely been addressed by governments and academia. There are two reasons for this gap: first, States are traditionally reluctant to publicly discuss or internationally regulate sharing of information with partners. Second, the law of neutrality has become a niche discipline in the past years when major international armed conflicts (IAC) were often considered to be passé. However, in today’s digitalized societies, information has acquired a value similar to physical goods. Supporting a belligerent with data may therefore be just as problematic from a neutrality perspective as delivering weapons. This paper discusses the important implications of the law of neutrality for neutral States to share data obtained in cyberspace. After introducing a neutrality framework that takes contemporary State practice into account, I illustrate that the discussions on neutrality in the context of the Russia-Ukraine war are neither new nor unaddressed. A short case study will outline the inherent tensions between a neutral State’s impartiality and its preventive obligations. Weighing these two factors in the context of an interconnected, cyber-driven security landscape, I argue that during an IAC, a neutral has the ability, but not the obligation, to share certain information with selected partners. However, this does not include militarily actionable data, as such sharing would violate the neutral State’s fundamental impartiality obligations.","PeriodicalId":391972,"journal":{"name":"2023 15th International Conference on Cyber Conflict: Meeting Reality (CyCon)","volume":"19 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122699144","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Towards Generalizing Machine Learning Models to Detect Command and Control Attack Traffic","authors":"Lina Gehri, Roland Meier, Daniel Hulliger, Vincent Lenders","doi":"10.23919/CyCon58705.2023.10182001","DOIUrl":"https://doi.org/10.23919/CyCon58705.2023.10182001","url":null,"abstract":"Identifying compromised hosts from network traffic traces has become challenging because benign and malicious traffic is encrypted, and both use the same protocols and ports. Machine learning-based anomaly detection models have been proposed to address this challenge by classifying malicious traffic based on network flow features learned from historical patterns. Previous work has shown that such models successfully identify compromised hosts in the same network environment in which they were trained. However, cyber incident response teams often have to look for intrusions in foreign networks, and we have found that learned models often fail to generalize to different network conditions. In this paper, we analyse the root cause of this problem using five network traces collected from different years and teams of Locked Shields, the world’s largest live-fire cyber defence exercise. We then explore techniques to make machine learning models generalize better to unknown network environments and evaluate their accuracy.","PeriodicalId":391972,"journal":{"name":"2023 15th International Conference on Cyber Conflict: Meeting Reality (CyCon)","volume":"6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125591907","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}