Proactive Identification of Cybersecurity Threats Using Online Sources

January 2019

abstract: Many existing applications of machine learning (ML) to cybersecurity are focused on detecting malicious activity already present in an enterprise. However, recent high-profile cyberattacks proved that certain threats could have been avoided. The speed of contemporary attacks along with the high costs of remediation incentivizes avoidance over response. Yet, avoidance implies the ability to predict - a notoriously difficult task due to high rates of false positives, difficulty in finding data that is indicative of future events, and the unexplainable results from machine learning algorithms. In this dissertation, these challenges are addressed by presenting three artificial intelligence (AI) approaches to support prioritizing defense measures. The first two approaches leverage ML on cyberthreat intelligence data to predict if exploits are going to be used in the wild. The first work focuses on what data feeds are generated after vulnerability disclosures. The developed ML models outperform the current industry-standard method with F1 score more than doubled. Then, an approach to derive features about who generated the said data feeds is developed. The addition of these features increase recall by over 19% while maintaining precision. Finally, frequent itemset mining is combined with a variant of a probabilistic temporal logic framework to predict when attacks are likely to occur. In this approach, rules correlating malicious activity in the hacking community platforms with real-world cyberattacks are mined. They are then used in a deductive reasoning approach to generate predictions. The developed approach predicted unseen real-world attacks with an average increase in the value of F1 score by over 45%, compared to a baseline approach. / Dissertation/Thesis / Doctoral Dissertation Computer Science 2019

Computer science

Artificial intelligence

Cybersecurity

Social network analysis

A VISUALIZATION TOOL FOR CYBERSECURITY EDUCATION FOR HIGH SCHOOL STUDENTS

Gabriel Alejandro Castro Aguayo (9768428)

17 December 2020

<p>Technology evolves at such a rapid pace nowadays, keeping up with education on cyber security tends to fall. Even with the rising threats, people put their personal information in their computers without knowing who could access the information. Many people keep their personal information online when they do shopping, banking, or on social media. These online activities attract adversaries that may have malicious attentions. The lack of cyber security practices is evident as we often hear the news of large-scale cyberattack incidents against financial institutions that leads to breach of personal information of their users. Cyber-attacks can have long term damaging effects. Cybersecurity awareness is necessary to start at an early age. If this subject is delivered to young users as an interactive tutorial, using game-based principles, then it is more likely to be learned in an entertaining manner. Hence, this thesis project focuses on a framework development for interactive and engaging cybersecurity education and its evaluation. </p> <p>The framework is developed to educate the users various cybersecurity related topics, such as malware, web security, and network security. It consists four stages for each topic: information, interaction, explanation, and assessment. In the information module, the user is presented details related to the topic. To maintain users’ interest, interaction module allows users to interrelate with common hacking attacks from real life situations. Explanation module provides the discussion of interaction module and introduces defense techniques. The users are tested in the Assessment module to measure their learning to be able to advance to next levels within the same topic. The developed framework is customizable since more modules can be integrated and existing modules can be swiftly modified. In addition, multiple surveys were conducted to analyze whether this framework explains the cybersecurity topics easily. </p>

Computer Engineering

cybersecurity practices

Unity 3D

Visualization tool

Automated Deployment of a Security Operations Center

Cardarelli, Anthony

16 June 2020

No description available.

Computer Science

Cybersecurity

Security Operation Center

Small and Medium Businesses

Are we focusing on the right things? : A systematic literature review on causes of cybersecurity incidents

Palmqvist, Martin

January 2022

Digitalisation driven by competition and performance has lead to a situation where most aspects of organisations business is digitised and vulnerable to cybersecurity incidents. Even though this discrepancy is being adressed incidents continue to happen. To be able to protect the organisation from cyber incidents an assessment of the security of information systems is needed. However cybersecurity incidents has been the subject of little research and the limited research there is often focuses on single causes, resulting in reduced accuracy of assessments. Therefore the question remains how different causes of incidents has affected organisations. To answer the question a systematic literature review and a taxonomy of four mutually exclusive cybersecurity incident causes are used. The result shows that 31 papers in the last five years contained relevant data, indicating that cause of incidents has not been the subject of much systematic research. Furthermore, the result shows that malicious actions were covered in 27 of the papers and human errors in 22 while system failures were only covered in seven and natural phenomena in zero. Through this the need for research on causes and effect of cybersecurity incidents is highlighted. Looking at the effect of the incidents there is a great spectra of results and the covered papers cannot be used to formulate a consensus. This seems to be an effect of the papers having different focus, suggesting a need for studies that include all possible causes as well as a common taxonomy to be used in multiple studies.

Cybersecurity

incident

cause

Information Systems

Motivating Cybersecurity Awareness within an Organisation : An explorative study from an awareness practitioner’s perspective

Agbo-ola, Adedoyin

January 2022

Security awareness has been a popular topic in the last few years for both information systems researchers and organisations. News broadcasts has brought attention to the increase in cyber-attacks, with these reports noting that a significant number of these breaches have been caused by human error, linked to employee’s lack of engagement with their organisations security policies and awareness campaigns. Whilst there is existing research in human factorsand the barriers of security behaviours effect on cybersecurity awareness; in practice we know very little about how employees can be motivated to engage in cybersecurity awareness programs. This study aims to explore how information security practitioners motivate interest in cybersecurity awareness. It does this through an exploratory case study approach using qualitative data collected from in-depth interviews of four cybersecurity awareness practitioners that were conducted. From an application perspective, the findings suggest that these practitioners do use a variety of techniques to motivate employee interest in cybersecurity awareness. The study identified four factors used by practitioners to motivate cybersecurity awareness which are 1) using different engaging techniques, 2) making it personable &amp; relatable, 3) utilising leadership commitment and 4) embracing technical controls. This paper discusses these factors and implications for practitioners.

cybersecurity awareness

barriers

motivators

Information Systems

Designing Cybersecurity Competitions in the Cloud: A Framework and Feasibility Study

Newby, Chandler Ryan

10 December 2018

Cybersecurity is an ever-expanding field. In order to stay current, training, development, and constant learning are necessary. One of these training methods has historically been competitions. Cybersecurity competitions provide a method for competitors to experience firsthand cybersecurity concepts and situations. These experiences can help build interest in, and improve skills in, cybersecurity. While there are diverse types of cybersecurity competitions, most are run with on-premise hardware, often centralized at a specific location, and are usually limited in scope by available hardware. This research focuses on the possibility of running cybersecurity competitions, specifically CCDC style competitions, in a public cloud environment. A framework for running cybersecurity competitions in general was developed and is presented in this research. The framework exists to assist those who are considering moving their competition to the cloud. After the framework was completed, a CCDC style competition was developed and run entirely in a public cloud environment. This allowed for a test of the framework, as well as a comparison against traditional, on-premise hosting of a CCDC. The cloud-based CCDC created was significantly less expensive than running a comparable size competition in on-premise hardware. Performance problems—typically endemic in traditionally-hosted CCDCs—were virtually non-existent. Other benefits, as well as potential contraindications, are also discussed. Another CCDC style competition, this one originally built for on-premise hardware, was then ported to the same public cloud provider. This porting process helped to further evaluate and enrich the framework. The porting process was successful, and data was added to the framework.

cybersecurity

IT

cloud

virtualization

competition

CCDC

Information Security

Evaluating an Educational Cybersecurity Playable Case Study

Johnson, Tanner West

11 December 2018

The realities of cyberattacks have become more and more prevalent in the world today. Due to the growing number of these attacks, the need for highly trained individuals has also increased. Because of a shortage of qualified candidates for these positions, there is an increasing need for cybersecurity education within high schools and universities. In this thesis, I discuss the development and evaluation of Cybermatics, an educational simulation, or playable case study, designed to help students learn and develop skills within the cybersecurity discipline. This playable case study was designed to allow students to gain an understanding of the field of cybersecurity and give them a taste of what a day in the life of a cybersecurity professional might be. It focuses on being an authentic experience so that students feel immersed within the simulation while completing their tasks, instead of regarding it as merely another assignment. We ran a pilot test of this playable case study in a university-level, introductory Information Technology class of 51 students. We found that Cybermatics increased the selfreported likelihood of over 70% of participants to pursue a career in a cybersecurity field. It also helped students understand the importance of leadership and ethics to a cybersecurity professional. We also found that the simulation helped students feel more confident about their ability to complete cybersecurity-related tasks.

playable case study

cybersecurity

simulation

educational

Information Security

CYBERSECURITY IN THE PUR-1 NUCLEAR REACTOR

Styliani Pantopoulou (11189106)

27 July 2021

Nuclear systems heavily depend on Instrumentation and Control (I&C) entities for their protection, monitoring and control processes, all of which play an important role for their safety and security. The obsolescence of analog I&C systems, along with the increased costs for their maintenance, has rendered the adoption of digital control systems inevitable. Digitization offers numerous advantages to systems, ranging from precision in measurements to reduction in equipment and costs. However, it also comes with a number of challenges, most of which are related to increased failure risk, either from human or control systems error, and vulnerability to attacks, which can be a major threat to non-proliferation. These characteristics point to the category of Cyber Physical Systems (CPSs), namely collections of computational components that receive physical inputs from sensors, and are connected to feedback loops in order to adapt to new circumstances. The ever growing use of CPSs may increase the risk for cyber attacks, that threaten a system’s integrity and security. Plenty of research has been conducted on this topic. The focus of this work is to implement an architecture that can protect the system under review, namely Purdue University Reactor Number One (PUR-1), from these types of attacks. The reactor is physically modelled, through the use of point kinetics equations and reactivity calculations. Controllers existing in the plant are modelled and tuned for the purpose of controlling the reactor’s power. Mitigation of the cyber attacks is later examined through fault tolerance. One of the main ways to achieve fault tolerance in systems of this type is through redundant components, the so-called replicas. Replicas are later used in a process of voting, in order to detect failures. According to the Byzantine Fault Tolerance (BFT) protocol, which is the most popular protocol for this purpose, a maximum number of t faults can be tolerated by the system, when there are in total 3t+1 replicas in the system architecture. Redundancy, however, is not capable to keep a system safe by itself under all circumstances. For this purpose, software diversity is explored. According to this, software in the controllers gets diversified into distinct variants. Different software variants execute instructions, and other variants are expected to execute other actions. In the case where some tampered inputs crash (or deactivate) one of the variants, other variants take control and the system is tolerant against failures. Lastly, CPS inertia is exploited along with rollback recovery methods for the rebooting of the system after a failure. The actual algorithm for the system studied in this work uses three redundant controllers and performs as follows; the error term from the subtraction of the output from the setpoint is fed as input to the first two controllers, as well as to the delay queue connected to the third controller. The outputs of the first two controllers are compared, and then there are two cases of operation. In the case of a good message in the input, the variants in the controllers do not crash, thus the signal from the top two controllers reaches the plant. In the case of a bad message, at least one of the two controllers crashes, because at least one of the code variants fails due to the diversity. This automatically triggers the comparator, which sends a signal so that the output of the isolated controller is used and propagates towards the plant. After implementing a Graphical User Interface (GUI), which acts as a simulator and visualizes the system’s state, it is shown that PUR-1 is able to overcome bad messages regarding scram or control rod positions, when the protection architecture is activated. More specifically, when a bad message for scram is sent, the reactor manages to not drop its power level and continues to adjust the rod positions in order to achieve a specific power setpoint. Moreover, in the case of a bad message for the control rod positions, which means that the system is running open loop and thus is uncontrolled, the reactor manages to recover the rod positions and power level after some seconds. Conversely, when the protection system is deactivated, it is shown that bad messages regarding scram or rod positions are able to affect the reactor's state. In the case of the scram bad message, the reactor power drops immediately, while in the case of the rod position bad message, the power level changes uncontrollably.

Nuclear Engineering

Cybersecurity

PUR-1

cyber physical systems

Increasing the Predictive Potential of Machine Learning Models for Enhancing Cybersecurity

Ahsan, Mostofa Kamrul

January 2021

Networks have an increasing influence on our modern life, making Cybersecurity an important field of research. Cybersecurity techniques mainly focus on antivirus software, firewalls and intrusion detection systems (IDSs), etc. These techniques protect networks from both internal and external attacks. This research is composed of three different essays. It highlights and improves the applications of machine learning techniques in the Cybersecurity domain. Since the feature size and observations of the cyber incident data are increasing with the growth of internet usage, conventional defense strategies against cyberattacks are getting invalid most of the time. On the other hand, the applications of machine learning tasks are getting better consistently to prevent cyber risks in a timely manner. For the last decade, machine learning and Cybersecurity have converged to enhance risk elimination. Since the cyber domain knowledge and adopting machine learning techniques do not align on the same page in the case of deployment of data-driven intelligent systems, there are inconsistencies where it is needed to bridge the gap. We have studied the most recent research works in this field and documented the most common issues regarding the implementation of machine learning algorithms in Cybersecurity. According to these findings, we have conducted research and experiments to improve the quality of service and security strength by discovering new approaches.

artificial intelligence

cyber attacks

cybersecurity

data science

machine learning

statistics

Ramverk för cybersäkerhet: Möjligheter och begränsningar

Hedåker, Johanna

January 2019

I takt med samhällets snabba tekniska utveckling finns också ett behov av exponentiell utveckling av cybersäkerhet. Trender pekar dock på att så inte har skettoch antalet säkerhetsincidenter och intrång har på senare år ökat avsevärt. Tidigarestudier föreslår att dessa incidenter skulle kunna förhindras, eller åtminstone begränsas, genom tillämpningen av moderna säkerhetsramverk, där CIS Critical SecurityControls är ett av de mer kända.Syftet med denna studie är att genom en enkätundersökning granska existerandeåsikter bland yrkesverksamma inom säkerhetsbranschen om vikten och effekterna avatt tillämpa sådana säkerhetsramverk.Resultatet av vår initiala undersökande studie pekar på att säkerhetsramverken kanbidra till att skapa en både grundläggande och substantiell säkerhetsnivå som är enkel att reproducera. Viss aktsamhet bör dock tas eftersom dessa är beroende av bådeerfarenhet och verksamhetsanpassning. Vidare bör grundläggande kursmoment i cybersäkerhet introduceras på utbildningar och kurser, inklusive de discipliner somtraditionellt sett ligger utanför säkerhetsdomänen, eftersom det digitala landskapethar förändrats. / As the technological advancements of our society continue to thrive, there is a need foran exponential growth in the field of cybersecurity. Trends suggest this has not beenthe case and the amount of data- and security breaches has drastically increased overthe past few years. Earlier studies suggest that these incidents could be prevented, orat least limited, by implementing modern cyber security frameworks, such as CISCritical Security Controls.The main aim of this study is to, by conducting an initial investigative survey, examine the existing opinions of professionals from the cybersecurity industry regardingthe significance and effects of implementing such cyber security frameworks.The results of our initial study suggest that cyber security frameworks could contribute to a both sufficient and substantial level of security. However, some caution shouldbe taken into consideration as the frameworks require both experience and adaptation. Furthermore, our results also show that there is a need to introduce basic cybersecurity competence in education, including education traditionally considered to beoutside the field of cybersecurity, as a result of the transformed digital environment.

cybersecurity

frameworks

ramverk

trender

datasäkerhet

analys

Engineering and Technology

Teknik och teknologier