Global ETD Search

371	A Framework for Conceptual Characterization of Ontologies and its Application in the Cybersecurity Domain Franco Martins Souza, Beatriz 17 May 2024 (has links) [ES] Las ontologías son artefactos computacionales con una amplia gama de aplicaciones. Estos artefactos representan el conocimiento con la mayor precisión posible y brindan a los humanos un marco para representar y aclarar el conocimiento. Además, las ontologías se pueden implementar y procesar agregando semántica a los datos que deben intercambiarse entre sistemas. En los sistemas, los datos transportan información y deben seguir los Principios FAIR para cumplir su propósito. Sin embargo, los dominios del conocimiento pueden ser vastos, complejos y sensibles, lo que hace que la interoperabilidad sea un desafío. Además, el diseño y desarrollo de ontologías no es una tarea sencilla, y debe seguir metodologías y estándares, además de cumplir una serie de requisitos. De hecho, las ontologías se han utilizado para producir FAIRness de datos debido a sus características, aplicaciones y competencias semánticas. Con la creciente necesidad de interoperar datos surgió la necesidad de interoperar ontologías para garantizar la correcta transmisión e intercambio de información. Para satisfacer esta demanda de ontologías interoperativas y, al mismo tiempo, conceptualizar dominios amplios y complejos, surgieron las Redes de Ontologías. Además, las ontologías comenzaron a presentar conceptualizaciones a través de la fragmentación del conocimiento de diferentes maneras, dependiendo de requisitos como el alcance de la ontología, su propósito, si es procesable o para uso humano, su contexto, entre otros aspectos formales, haciendo que la Ingeniería Ontológica sea también un dominio complejo. El problema es que en el Proceso de Ingeniería de Ontologías, las personas responsables toman diferentes perspectivas sobre las conceptualizaciones, provocando que las ontologías tengan sesgos a veces más ontológicos y otras más relacionados con el dominio. Estos problemas dan como resultado ontologías que carecen de fundamento o bien implementaciones de ontologías sin un modelo de referencia previo. Proponemos una (meta)ontología basada en la Ontología Fundacional Unicada (UFO, del inglés, Unified Foundational Ontology) y respaldada por estándares de clasificación ontológica reconocidos, guías y principios FAIR para resolver este problema de falta de consenso en las conceptualizaciones. La Ontología para el Análisis Ontológico (O4OA, del inglés, Ontology for Ontological Analysis) considera perspectivas, conocimientos, características y compromisos, que son necesarios para que la ontología y el dominio faciliten el proceso de Análisis Ontológico, incluyendo el análisis de las ontologías que conforman una red de ontologías. Utilizando O4OA, proponemos el Marco para la Caracterización Ontológica (F4OC, del inglés, Framework for Ontology Characterization) para proporcionar pautas y mejores prácticas a los responsables, a la luz de O4OA. F4OC proporciona un entorno estable y homogéneo para facilitar el análisis ontológico, abordando simultáneamente las perspectivas ontológicas y de dominio de los involucrados. Además, aplicamos O4OA y F4OC a varios estudios de casos en el Dominio de Ciberseguridad, el cual es complejo, extremadamente regulado y sensible, y propenso a dañar a personas y organizaciones. El principal objetivo de esta tesis doctoral es proporcionar un entorno sistemático y reproducible para ingenieros en ontologías y expertos en dominios, responsables de garantizar ontologías desarrolladas de acuerdo con los Principios FAIR. Aspiramos a que O4OA y F4OC sean contribuciones valiosas para la comunidad de modelado conceptual, así como resultados adicionales para la comunidad de ciberseguridad a través del análisis ontológico de nuestros estudios de caso. / [CA] Les ontologies són artefactes computacionals amb una àmplia gamma d'aplicacions. Aquests artefactes representen el coneixement amb la major precisió possible i brinden als humans un marc per a representar i aclarir el coneixement. A més, les ontologies es poden implementar i processar agregant semàntica a les dades que han d'intercanviar-se entre sistemes. En els sistemes, les dades transporten informació i han de seguir els Principis FAIR per a complir el seu propòsit. No obstant això, els dominis del coneixement poden ser vastos, complexos i sensibles, la qual cosa fa que la interoperabilitat siga un desafiament. A més, el disseny i desenvolupament d'ontologies no és una tasca senzilla, i ha de seguir metodologies i estàndards, a més de complir una sèrie de requisits. De fet, les ontologies s'han utilitzat per a produir FAIRness de dades a causa de les seues característiques, aplicacions i competències semàntiques. Amb la creixent necessitat de inter operar dades va sorgir la necessitat de inter operar ontologies per a garantir la correcta transmissió i intercanvi d'informació. Per a satisfer aquesta demanda d'ontologies inter operatives i, al mateix temps, conceptualitzar dominis amplis i complexos, van sorgir Xarxes d'Ontologies. A més, les ontologies van començar a presentar conceptualitzacions a través de la fragmentació del coneixement de diferents maneres, depenent de requisits com l'abast de l'ontologia, el seu propòsit, si és procesable o per a ús humà, el seu context i diversos altres aspectes formals, fent que el Enginyeria Ontològica també és un domini complex. El problema és que en Procés d'Enginyeria d'Ontologies, les persones responsables prenen diferents perspectives sobre les conceptualitzacions, provocant que les ontologies tinguen biaixos a vegades més ontològics i altres més relacionats amb el domini. Aquests problemes donen com a resultat ontologies que manquen de fonament i implementacions d'ontologies sense un model de referència previ. Proposem una (meta)ontologia basada en la Ontologia Fundacional Unificada (UFO, de le inglés, Unified Foundational Ontology) i recolzada per coneguts estàndard de classificació ontològica, guies i principis FAIR per a resoldre aquest problema de falta de consens en les conceptualitzacions. La Ontologia per a l'Anàlisi Ontològica (O4OA, de le inglés, Ontology for Ontological Analysis) considera perspectives, coneixements, característiques i compromisos, que són necessaris perquè l'ontologia i el domini faciliten el procés de Anàlisi Ontològica, incloent-hi l'anàlisi de les ontologies que conformen una xarxa d'ontologies. Utilitzant O4OA, proposem el Marco per a la Caracterització Ontològica (F4OC, de le inglés, Framework for Ontology Characterization) per a proporcionar pautes i millors pràctiques als responsables, a la llum d'O4OA. F4OC proporciona un entorn estable i homogeni per a facilitar l'anàlisi ontològica, abordant simultàniament les perspectives ontològiques i de domini dels involucrades. A més, apliquem O4OA i F4OC a diversos estudis de casos en el Domini de Seguretat Cibernètica, que és complex, extremadament regulat i sensible, i propens a danyar a persones i organitzacions. L'objectiu principal d'aquesta tesi és proporcionar un entorn sistemàtic, reproduïble i escalable per a engineers en ontologies i experts in dominis encarregats de garantir les ontologies desenvolupades d'acord amb els Principis FAIR. Aspirem a fer que O4OA i F4OC aportin valuoses contribucions a la comunitat de modelització conceptual, així com resultats addicionals per a la comunitat de ciberseguretat mitjançant l'anàlisi ontològica dels nostres estudis de cas. / [EN] Ontologies are computational artifacts with a wide range of applications. They represent knowledge as accurately as possible and provide humans with a framework for knowledge representation and clarification. Additionally, ontologies can be implemented and processed by adding semantics to data that needs to be exchanged between systems. In systems, data is the carrier of information and needs to comply with the FAIR Principles to fulfill its purpose. However, knowledge domains can be vast, complex, and sensitive, making interoperability challenging. Moreover, ontology design and development are not easy tasks; they must follow methodologies and standards and comply with a set of requirements. Indeed, ontologies have been used to provide data FAIRness due to their characteristics, applications, and semantic competencies. With the growing need to interoperate data came the need to interoperate ontologies to guarantee the correct transmission and exchange of information. To meet the need to interoperate ontologies and at the same time conceptualize complex and vast domains, Ontology Networks emerged. Moreover, ontologies began to carry out conceptualizations, fragmenting knowledge in different ways depending on requirements, such as the ontology scope, purpose, whether it is processable or for human use, its context, and several other formal aspects, making Ontology Engineering also a complex domain. The problem is that in the Ontology Engineering Process, stakeholders take different perspectives of the conceptualizations, and this causes ontologies to have biases that are sometimes more ontological and sometimes more related to the domain. These problems result in ontologies that lack grounding and ontology implementations without a previous reference model. We propose a (meta)ontology grounded over the Unified Foundational Ontology (UFO) and supported by well-known ontological classification standards, guides, and FAIR Principles to address this problem of lack of consensual conceptualization. The Ontology for Ontological Analysis (O4OA) considers ontological-related and domain-related perspectives, knowledge, characteristics, and commitment that are needed to facilitate the process of Ontological Analysis, including the analysis of ontologies composing an ontology network. Using O4OA we propose the Framework for Ontology Characterization (F4OC) to provide guidelines and best practices in the light of O4OA for stakeholders. The F4OC fosters a stable and uniform environment for ontological analysis, integrating stakeholder perspectives. Moreover, we applied O4OA and F4OC to several case studies in the Cybersecurity Domain, which is intricate, highly regulated, and sensitive to causing harm to people and organizations. The main objective of this doctoral thesis is to provide a systematic and reproducible environment for ontology engineers and domain specialists responsible for ensuring ontologies developed according to the FAIR Principles. We aspire that O4OA and F4OC be valuable contributions to the conceptual modeling community as well as the additional outcomes for the cybersecurity community through the ontological analysis in our case studies. / Franco Martins Souza, B. (2024). A Framework for Conceptual Characterization of Ontologies and its Application in the Cybersecurity Domain [Tesis doctoral]. Universitat Politècnica de València. https://doi.org/10.4995/Thesis/10251/204584 Modelado conceptual Ontologías Ingeniería ontológica Inteligencia Artificial Ciberseguridad FAIR Principles Ontology Networks Conceptual Modeling Ontologies Ontology Engineering Artificial Intelligence Cybersecurity LENGUAJES Y SISTEMAS INFORMATICOS
372	AI-based Detection Against Cyberattacks in Cyber-Physical Distribution Systems Sahani, Nitasha 05 June 2024 (has links) Integration of a cyber system and communication systems with the traditional power grid has enabled better monitoring and control of the smart grid making it more reliable and resilient. This empowers the system operators to make informed decisions as a result of better system visibility. The grid has moved from a completely air-gapped structure to a well-connected network. However, this remote-control capability to control distributed physical components in a distribution system can be exploited by adversaries with malicious intent to disrupt the power supply to the customers. Therefore, while taking advantage of the cyber-physical posture in the smart grid for improved controllability, there is a critical need for cybersecurity research to protect the critical power infrastructure from cyberattacks. While the literature regarding cybersecurity in distribution systems has focused on detecting and mitigating the cyberattack impact on the physical system, there has been limited effort towards a preventive approach for detecting cyberattacks. With this in mind, this dissertation focuses on developing intelligent solutions to detect cyberattacks in the cyber layer of the distribution grid and prevent the attack from impacting the physical grid. There has been a particular emphasis on the impact of coordinated attacks and the design of proactive defense to detect the attacker's intent to predict the attack trajectory. The vulnerability assessment of the cyber-physical system in this work identifies the key areas in the system that are prone to cyberattacks and failure to detect attacks timely can lead to cascading outages. A comprehensive cyber-physical system is developed to deploy different intrusion detection solutions and quantify the effect of proactive detection in the cyber layer. The attack detection approach is driven by artificial intelligence to learn attack patterns for effective attack path prediction in both a fully observable and partially observable distribution system. The role of effective communication technology in attack detection is also realized through detailed modeling of 5G and latency requirements are validated. / Doctor of Philosophy / The traditional power grid was designed to supply electricity from the utility side to the customers. This grid model has shifted from a one-directional supply of power to a bi-directional one where customers with generation capacity can provide power to the grid. This is possible through bi-directional data flow which ensures the complete power system observability and allows the utility to monitor and control distributed power components remotely. This connectivity depends on the cyber system and efficient communication for ensuring stable and reliable system operations. However, this also makes the grid vulnerable to cyberattacks as the traditional air-gapped grid has evolved into a highly connected network, thus increasing the attack surface for attackers. They might pose the capability to intrude on the network by exploiting network vulnerability, move laterally through different aspects of the network, and cause operational disruption. The type of disruption can be minor voltage fluctuations or even widespread power outages depending on the ultimate malicious attack goal of such adversaries. Therefore, cybersecurity measures for protecting critical power infrastructure are extremely important to ensure smooth system operations. There has been recent research effort for detecting such attacks, isolating the attacked parts in the grid, and mitigating the impact of the attack, however, instead of a passive response there is a need for a preventive or proactive detection mechanism. This can ensure capturing the attack at the cyber layer before intruders can impact the physical grid. This is the primary motivation to design an intrusion detection system that can detect different coordinated attacks (where different attacks are related and directed towards a specific goal) and can predict the attack path. This dissertation focuses on first identifying the vulnerabilities in the distribution system and a comprehensive cyber-physical system is developed. Different detection algorithms are developed to detect cyberattacks in the distribution grid and have the intelligence to learn the attack patterns to successfully predict the attack path. Additionally, the effectiveness of advanced communication such as 5G is also tested for different system operations in the distribution system. Abductive Reasoning Artificial Intelligence Cause-effect Correlation Coordinated Cyberattacks Cyber-physical Systems Cybersecurity Distribution Systems Intrusion Detection Machine Learning Model-based Reinforcement Learning
373	The Impact of Cyberattacks on Safe and Efficient Operations of Connected and Autonomous Vehicles McManus, Ian Patrick 01 September 2021 (has links) The landscape of vehicular transportation is quickly shifting as emerging technologies continue to increase in intelligence and complexity. From the introduction of Intelligent Transportation Systems (ITS) to the quickly developing field of Connected and Autonomous Vehicles (CAVs), the transportation industry is experiencing a shift in focus. A move to more autonomous and intelligent transportation systems brings with it a promise of increased equity, efficiency, and safety. However, one aspect that is overlooked in this shift is cybersecurity. As intelligent systems and vehicles have been introduced, a large amount of research has been conducted showing vulnerabilities in them. With a new connected transportation system emerging, a multidisciplinary approach will be required to develop a cyber-resilient network. Ensuring protection against cyberattacks and developing a system that can handle their consequences is a key objective moving forward. The first step to developing this system is understanding how different cyberattacks can negatively impact the operations of the transportation system. This research aimed to quantify the safety and efficiency impacts of an attack on the transportation network. To do so, a simulation was developed using Veins software to model a network of intelligent intersections in an urban environment. Vehicles communicated with Road-Side Units (RSUs) to make intersection reservations – effectively simulating CAV vehicle network. Denial of Service (DoS) and Man in the Middle (MITM) attacks were simulated by dropping and delaying vehicle's intersection reservation requests, respectively. Attacks were modeled with varying degrees of severity by changing the number of infected RSUs in the system and their attack success rates. Data analysis showed that severe attacks, either from a DoS or MITM attack, can have significant impact on the transportation network's operations. The worst-case scenario for each introduced an over 20% increase in delay per vehicle. The simulation showed also that increasing the number of compromised RSUs directly related to decreased safety and operational efficiency. Successful attacks also produced a high level of variance in their impact. One other key finding was that a single compromised RSU had very limited impact on the transportation network. These findings highlight the importance of developing security and resilience in a connected vehicle environment. Building a network that can respond to an initial attack and prevent an attack's dissemination through the network is crucial in limiting the negative effects of the attack. If proper resilience planning is not implemented for the next generation of transportation, adversaries could cause great harm to safety and efficiency with relative ease. The next generation of vehicular transportation must be able to withstand cyberattacks to function. Understanding their impact is a key first step for engineers and planners on the long road to ensuring a secure transportation network. / Master of Science / The landscape of transportation is quickly shifting as transportation technologies continue to increase in intelligence and complexity. The transportation industry is shifting its focus to Connected and Autonomous Vehicles (CAVs). The move to more autonomous and intelligent transportation systems brings with it a promise of increased transportation equity, efficiency, and safety. However, one aspect that is often overlooked in this shift is cybersecurity. As intelligent systems and vehicles have been introduced, a large amount of research has been conducted showing cyber vulnerabilities in them. With a new connected transportation system emerging, a multidisciplinary approach will be required to prevent and handle attacks. Ensuring protection against cyberattacks is a key objective moving forward. The first step to developing this system is understanding how different cyberattacks can negatively impact the operations of the transportation system. This research aimed to measure the safety and efficiency impacts of an attack on the transportation network. To do so, a simulation was developed to model an intelligent urban road network. Vehicles made reservations at each intersection they passed – effectively simulating an autonomous vehicle network. Denial of Service (DoS) and Man in the Middle (MITM) attacks were simulated by dropping, and delaying vehicle's intersection reservation requests, respectively. These cyberattacks were modeled with varying degrees of severity to test the different impacts on the transportation network. Analysis showed that severe attacks can have significant impact on the transportation network's operations. The worst-case scenario for each attack introduced an over 20% increase in delay per vehicle. The simulation showed also that increasing the number of attacked intersections directly related to decreased safety and operational efficiency. Successful attacks also produced a high level of variance in their impact. One other key finding was that a single compromised RSU had very limited impact on the transportation network. These findings highlight the importance of developing security and resilience in a connected vehicle environment. Building a transportation network that can respond to an initial attack and prevent it from impacting the entire network is crucial in limiting the negative effects of the attack. If proper resilience planning is not implemented for CAVs, hackers could cause great harm to safety and efficiency with relative ease. The next generation of vehicular transportation must be able to withstand cyberattacks to function. Understanding their impact is a key first step for engineers and planners on the long road to ensuring a secure transportation network. Cybersecurity Autonomous Vehicles Cavs Dos MITM Transportation Safety Traffic Operation Modeling Resilience Risk Impact RSU V2X Communication VANET ITS Autonomous Vehicles Simulation Veins Cyberattacks
374	Threat Hunting basado en técnicas de Inteligencia Artificial Aragonés Lozano, Mario 23 May 2024 (has links) [ES] Tanto la cantidad como la tipología de los ciberataques va en aumento día a día y la tendencia es que continúen creciendo de forma exponencial en los próximos años. Estos ciberataques afectan a todos los dispositivos, independientemente de si su propietario es un particular (o ciudadano), una empresa privada, un organismo público o una infraestructura crítica y los objetivos de estos ataques son muchos, desde la solicitud de una recompensa económica hasta el robo de información clasificada. Dado este hecho, los individuos, las organizaciones y las corporaciones deben tomar medidas para prevenirlos y, en caso de que en algún momento los reciban, analizarlos y reaccionar en caso de que fuese necesario. Cabe destacar que aquellos ataques que buscan ser más eficientes, son capaces de ocultarse un largo tiempo, incluso después de sus acciones iniciales, por lo que la detección del ataque y el saneamiento del sistema puede llegar a dificultarse a niveles insospechados o, incluso, no tenerse la certeza de que se ha hecho correctamente. Para prevenir, analizar y reaccionar ante los ataques más complejos, normalmente conocidos como ataques de día cero, las organizaciones deben tener ciberespecialistas conocidos como cazadores de amenazas. Éstos son los encargados de monitorizar los dispositivos de la empresa con el objetivo de detectar comportamientos extraños, analizarlos y concluir si se está produciendo un ataque o no con la finalidad de tomar decisiones al respecto. Estos ciberespecialistas deben analizar grandes cantidades de datos (mayormente benignos, repetitivos y con patrones predecibles) en cortos periodos de tiempo para detectar ciberataques, con la sobrecarga cognitiva asociada. El uso de inteligencia artificial, específicamente aprendizaje automático y aprendizaje profundo, puede impactar de forma notable en el análisis en tiempo real de dichos datos. Además, si los ciberespecialistas son capaces de visualizar los datos de forma correcta, éstos pueden ser capaces de obtener una mayor consciencia situacional del problema al que se enfrentan. Este trabajo busca definir una arquitectura que contemple desde la adquisición de datos hasta la visualización de los mismos, pasando por el procesamiento de éstos y la generación de hipótesis acerca de lo que está sucediendo en la infraestructura monitorizada. Además, en la definición de la misma se deberá tener en consideración aspectos tan importantes como la disponibilidad, integridad y confidencialidad de los datos, así como la alta disponibilidad de los distintos componentes que conformen ésta. Una vez definida la arquitectura, este trabajo busca validarla haciendo uso de un prototipo que la implemente en su totalidad. Durante esta fase de evaluación, es importante que quede demostrada la versatilidad de la arquitectura propuesta para trabajar en diferentes casos de uso, así como su capacidad para adaptarse a los cambios que se producen en las distintas técnicas de aprendizaje automático y aprendizaje profundo. / [CA] Tant la quantitat com la tipologia dels ciberatacs va en augment dia a dia i la tendència és que continuen creixent de manera exponencial en els pròxims anys. Aquestos ciberatacs afecten a tots els dispositius, independentment de si el seu propietari és un particular (o ciutadà), una empresa privada, un organisme públic o una infraestructura crítica i els objectius d'aquestos atacs són molts, des de la sol·licitud d'una recompensa econòmica fins al robatori d'informació classificada. Donat aquest fet, els individus, les organitzacions i les corporacions deuen prendre mesures per a previndre'ls i, en cas que en algun moment els reben, analitzar-los i reaccionar en cas que fora necessari. Cal destacar que aquells atacs que busquen ser més eficients, són capaços d'ocultar-se un llarg temps, fins i tot després de les seues accions inicials, per la qual cosa la detecció de l'atac i el sanejament del sistema pot arribar a dificultar-se a nivells insospitats o, fins i tot, no tindre's la certesa que s'ha fet correctament. Per a previndre, analitzar i reaccionar davant els atacs més complexos, normalment coneguts com a atacs de dia zero, les organitzacions han de tindre ciberespecialistes coneguts com caçadors d'amenaces. Aquestos són els encarregats de monitoritzar els dispositius de l'empresa amb l'objectiu de detectar comportaments estranys, analitzar-los i concloure si s'està produint un atac o no amb la finalitat de prendre decisions al respecte. Aquestos ciberespecialistes han d'analitzar grans quantitats de dades (majoritàriament benignes, repetitives i amb patrons predictibles) en curts períodes de temps per a detectar els ciberatacs, amb la sobrecàrrega cognitiva associada. L'ús d'intel·ligència artificial, específicament aprenentatge automàtic i aprenentatge profund, pot impactar de manera notable en l'anàlisi en temps real d'aquestes dades. A més, si els ciberespecialistes són capaços de visualitzar les dades de manera correcta, aquestos poden ser capaços d'obtindre una major consciència situacional del problema al qual s'enfronten. Aquest treball busca definir una arquitectura que contemple des de l'adquisició de dades fins a la visualització d'aquestes, passant pel processament de la informació recol·lectada i la generació d'hipòtesis sobre el que està succeint en la infraestructura monitoritzada. A més, en la definició de la mateixa s'haurà de tindre en consideració aspectes tan importants com la disponibilitat, integritat i confidencialitat de les dades, així com la alta disponibilitat dels diferents components que conformen aquesta. Una volta s'hatja definit l'arquitectura, aquest treball busca validar-la fent ús d'un prototip que la implemente íntegrament. Durant aquesta fase d'avaluació, és important que quede demostrada la versatilitat de l'arquitectura proposada per a treballar en diferents casos d'ús, així com la seua capacitat per a adaptar-se als canvis que es produïxen en les diferents tècniques d'aprenentatge automàtic i aprenentatge profund. / [EN] Both the number and type of cyber-attacks are increasing day by day and the trend is that they will continue to grow exponentially in the coming years. These cyber-attacks affect all devices, regardless of whether the owner is an individual (or citizen), a private company, a public entity or a critical infrastructure, and the targets of these attacks are many, ranging from the demand for financial reward to the theft of classified information. Given this fact, individuals, organisations and corporations must take steps to prevent them and, in case they ever receive them, analyse them and react if necessary. It should be noted that those attacks that seek to be more efficient are able to hide for a long time, even after their initial actions, so that the detection of the attack and the remediation of the system can become difficult to unsuspected levels or even uncertain whether it has been done correctly. To prevent, analyse and react to the most complex attacks, usually known as zero-day attacks, organisations must have cyber-specialists known as threat hunters. They are responsible for monitoring the company's devices in order to detect strange behaviours, analyse it and conclude whether or not an attack is taking place in order to make decisions about it. These cyber-specialists must analyse large amounts of data (mostly benign, repetitive and with predictable patterns) in short periods of time to detect cyber-attacks, with the associated cognitive overload. The use of artificial intelligence, specifically machine learning and deep learning, can significantly impact the real-time analysis of such data. Not only that, but if these cyber-specialists are able to visualise the data correctly, they may be able to gain greater situational awareness of the problem they face. This work seeks to define an architecture that contemplates from data acquisition to data visualisation, including data processing and the generation of hypotheses about what is happening in the monitored infrastructure. In addition, the definition of the architecture must take into consideration important aspects such as the availability, integrity and confidentiality of the data, as well as the high availability of the different components that make it up. Once the architecture has been defined, this work seeks to validate it by using a prototype that fully implements it. During this evaluation phase, it is important to demonstrate the versatility of the proposed architecture to work in different use cases, as well as its capacity to adapt to the changes that occur in the different machine learning and deep learning techniques. / Aragonés Lozano, M. (2024). Threat Hunting basado en técnicas de Inteligencia Artificial [Tesis doctoral]. Universitat Politècnica de València. https://doi.org/10.4995/Thesis/10251/204427 Ciberseguridad Arquitectura de aplicación Caza de amenazas Inteligencia artificial Aprendizaje automático Aprendizaje profundo Deep learning Machine learning Artificial Intelligence Threat hunting Application architecture Cybersecurity INGENIERÍA TELEMÁTICA
375	Toward a Decision Support System for Measuring and Managing Cybersecurity Risk in Supply Chains Baker, Wade Henderson 03 April 2017 (has links) Much of the confusion about the effectiveness of information security programs concerns not only how to measure, but also what to measure — an issue of equivocality. Thus, to lower uncertainty for improved decision-making, it is first essential to reduce equivocality by defining, expanding, and clarifying risk factors so that metrics, the "necessary measures," can be unambiguously applied. We formulate a system that (1) allows threats to be accurately measured and tracked, (2) enables the impacts and costs of successful threats to be determined, and (3) aids in evaluating the effectiveness and return on investment of countermeasures. We then examine the quality of controls implemented to mitigate cyber risk and study how effectively they reduce the likelihood of security incidents. Improved control quality was shown to reduce the likelihood of security incidents, yet the results indicate that investing in maximum quality is not necessarily the most efficient use of resources. The next manuscript expands the discussion of cyber risk management beyond single organizations by surveying perceptions and experiences of risk factors related to 3rd parties. To validate and these findings, we undertake in an in-depth investigation of nearly 1000 real-world data breaches occurring over a ten-year period. It provides a robust data model and rich database required by a decision support system for cyber risk in the extended enterprise. To our knowledge, it is the most comprehensive field study ever conducted on the subject. Finally, we incorporate these insights, data, and factors into a simulation model that enables us study the transfer of cyber risk across different supply chain configurations and draw important managerial implications. / Ph. D. cybersecurity cyber security information security cyber risk information risk risk modeling risk management security metrics decision support systems supply chain management supply chain risk supply chain information sharing
376	Federated Online Learning with Streaming Data for Intrusion Detection Systems : Comparing Federated and Centralized Learning Methods in Online and Offline Settings Arvidsson, Victor January 2024 (has links) Background. With increased pressure from both regulatory bodies and end-users, interest in privacy preserving machine learning methods have increased among companies and researchers in the last few years. One of the main areas of research regarding this is federated learning. Further, with the current situation in the world, interest in cybersecurity is also at an all time high, where intrusion detection systems are one component of interest. With anomaly-based intrusion detection systems using machine learning methods, it is desirable that these can adapt automatically over time as the network patterns change, resulting in online learning being highly relevant for this application. Previous research has studied offline federated intrusion detection systems. However, there have been very little work performed in the study of online federated learning for intrusion detection systems. Objectives. The objective of this thesis is to evaluate the performance of online federated machine learning methods for intrusion detection systems. Furthermore, the thesis will study the performance relationship between offline and online models for both centralized and federated learning, in order to draw conclusions about the ability to extrapolate from results between the different types of models. Methods. This thesis uses a quasi-experiment to evaluate two different types of models, Naive Bayes and Semi-supervised Federated Learning on Evolving Data Streams (SFLEDS), on three different datasets, NSL-KDD, UNSW-NB15, and CIC-IDS2017. For each model, four variants are implemented: centralized offline, centralized online, federated offline and federated online, and in the federated setting the models are evaluated with 20, 30, and 40 clients. Results. The results show that the best performing model in general is the federated online SFLEDS. They also highlight an important problem with using imbalanced datasets without proper care for data preprocessing and model design. Finally, the results show that there are no general relationships between offline and online models that hold in both the centralized and federated settings in terms of prediction performance. Conclusions. The main conclusion of the thesis is that online federated learning has a lot of potential for the application of intrusion detection systems, but more research is required to find the optimal models and parameters that result in satisfactory performance. / Bakgrund. Med ökat tryck från både tillsynsorgan och slutanvändare har intresset för integritetsbevarande maskininlärning ökat hos företag och forskare under de senaste åren. Ett av huvudområdena där det forskas om detta är inom federerad inlärning. Vidare, med det nuvarande läget i världen är intresset för cybersäkerhet högre än någonsin, där bland annat intrångsdetekteringssystem är av intresse. Med avvikelsebaserade intrångsdetekteringssystem som använder sig av maskininlärning så är det önskvärt att dessa automatiskt kan anpassa sig över tid när nätverksmönster förändras, vilket resulterar i att online maskininlärning är högst relevant för området. Tidigare forskning har studerat federerade offline intrångsdetekteringssystem, men det finns väldigt lite forskning gällande federerad online maskininlärning för intrångsdetekteringssystem. Syfte. Syftet med det här arbetet är att utvärdera prestandan av federerad online maskininlärning för intrångsdetekteringssystem. Vidare kommer det här arbetet att studera prestandaförhållandet mellan offline och online modeller för både centraliserad och federerad inlärning, för att kunna dra slutsatser om förmågan att extrapolera resultat mellan olika typer av modeller. \newline\textbf{Metod.} Det här arbetet använder sig av ett kvasiexperiment för att utvärdera två olika modeller, Naive Bayes och Semi-supervised Federated Learning on Evolving Data Streams (SFLEDS), på tre olika dataset, NSL-KDD, UNSW-NB15 och CIC-IDS2017. För varje modell implementeras fyra varianter: centraliserad offline, centraliserad online, federerad offline och federerad online. De federerade modellerna utvärderas med 20, 30 och 40 klienter. Resultat. Resultaten visar att den generellt bästa modellen är online SFLEDS. De belyser även ett viktigt problem med att använda obalanserade dataset utan tillräcklig hänsyn till förbearbetning av datan och modelldesign. Slutligen visar resultaten att det inte finns något generellt samband mellan offline och online modeller som stämmer för både centraliserad och federerad inlärning när det gäller modellprestanda. Slutsatser. Den huvudsakliga slutsatsen från arbetet är att federerad online maskininlärning har stor potential för intrångsdetekteringssystem, men mer forskning krävs för att hitta den bästa modellen och de bästa parametrarna för att nå ett tillfredsställande resultat. Naive Bayes SFLEDS Semi-Supervised Learning Cybersecurity Centralized Federated Learning Naive Bayes SFLEDS Semi-övervakad maskininlärning Cybersäkerhet Centraliserad federerad maskininlärning Computer Sciences Datavetenskap (datalogi)
377	Applying Practice Theory to Develop Functional Requirements Specifications Nittler, Lovisa January 2024 (has links) Purpose - This study investigated how practice theory could enhance the Requirements Engineering elicitation process in IS development, focusing on addressing the misalignment between user needs and system functionalities. The research centered on the question: How can practice theory be used to formulate functional requirements specifications in system development? The specific practice examined was the Cybersecurity Maturity Assessment (CMA) at a cybersecurity company. Methodology - This qualitative study used semi-structured interviews to collect data from seven participants with expertise in conducting or overseeing CMA processes. The interview questions were based on Schatzki's Practice Theory: teleoaffective structures, understandings, rules, and material arrangements. Thematic analysis was applied to extract relevant themes and patterns. Findings - The results reveal that integrating practive theory in the elicitation stage of RE deepens the understanding of user practices and challenges. It helps to reveal not only the explicit needs but also the implicit and tacit knowledge that shapes user's interactions with systems. Conclusion - The study concludes that practice theory provides a valuable addition to the traditional elicitation step of the RE process. This research contributes to both the practice and theory of IS development by showing how the integration of sociological theories can improve technological processes and lead to the creation of more efficient and user-centered information systems. Practice Theory Requirements Engineering Cybersecurity Maturity Assessment Functional Requirements Elicitation Process Information Systems, Social aspects
378	Framtidens cybersäkerhet : en studie om hur Natural Language Processing påverkar dagens cybersäkerhetsarbete / The Future of Cybersecurity : A Study on How Natural Language Processing Impacts Today's Cybersecurity Efforts Grönstedt Söderberg, Olle, Mattsson, Fredrik January 2024 (has links) Sedan lanseringen av OpenAIs generativa chatbot ChatGPT i slutet av 2022 har intresset för artificiell intelligens (AI) och specifikt Natural Language Processing (NLP) ökat markant. Genom dess förmåga att tolka och generera mänskligt språk har NLP redan transformerat flertalet industrier och skapat debatter bland forskare, där somliga ser AI som en av de mest betydelsefulla innovationerna någonsin, medan andra varnar för att den hastiga teknikutvecklingen leder till nya och förändrade risker. Denna studie syftar till att undersöka cybersäkerhetsexperters syn på risker relaterade till användningen av NLP och dess inverkan på cybersäkerhetsarbete. Genom intervjuer och enkäter har studien identifierat flera risker som effektiviseras i och med användningen av NLP-baserade tjänster. Studiens enkätresultat visar vilka risker cybersäkerhetsexperter värderar högst utifrån sannolikhet och potentiella skada. Värderingarna görs med ramverket CIA i åtanke (Confidentiality, Integrity, Availability), en beprövad säkerhetsmodell som används för att upprätthålla god informations- och cybersäkerhet. Studiens intervjuresultat förser studien med insikter i respondenternas bakomliggande resonemang och betonar också vikten av medvetenhet vid användningen av NLP-baserade tjänster. Sammantaget förser studien läsaren med en förståelse för de risker som är förknippade med Natural language processing och ger insikt i de faktorer som cybersäkerhetsexperter tar i beaktning när de bedömer dessa risker. De tre risker som studien identifierade som särskilt framstående var: Spear-phishing, Skadlig Kod och Data leaks. Natural language processing Cybersecurity Artificial intelligence CIA Risks Natural language processing Cybersäkerhet Artificiell intelligens CIA Risker Information Systems, Social aspects
379	Etisk hackning av en smart kattlucka : Sårbarhetstestning av en smart kattlucka / Ethical hacking of a smart cat flap : Vulnerability testing of a smart cat flap Kastrati, Adrian January 2024 (has links) Många hem köper produkter som är internetuppkopplade, sakernas internet (IoT), det gäller allt från lampor till kattluckor. Detta öppnar upp för möjligheten att styra sitt hem på nya sätt men det medför nya hot mot hem och samhället. Detta är ett kritiskt problem för många företag, särskilt på IoT-marknaden där det finns incitament som driver låga kostnader och snabb marknadsintroduktion. Litteratstudien visade en brist på tydliga värderingar av investeringar och att även om produktivitet påverkas negativt och förlänger tiden från idé till marknad undviks framtida svårigheter vid lyckade cybersäkerhethetsåtgärder. Trots de betydande hoten kan många företag välja att acceptera risken för cyberattacker på grund av att kostnader vid säkerhetsbrister inte alltid hamnar hos dem.Sårbarhetstestningsmetoden PatrIoT följdes för att grundligt testa IoT-produkten Microchip Cat Flap Connect. Attacker som utfördes var bland annat ping-flooding och MiTM. Produkten visade sig vara säker och vanliga svagheter som öppna nät- verkstjänster och avsaknad av kryptering var frånvarande. Produkten visade sig vara sårbar mot överflödesattacker (DoS) i form av ping-flooding. Med det går det att säga att produkten följer ett flertal principer för utveckling mot säker IoT men servern som används för webbapplikationen bör implementera krav på att endast lita på certifikat av betrodda certifikatutfärdare. / Many households purchase internet-connected products, Internet of Things (IoT), which includes everything from lamps to cat flaps. This opens new ways and possibilities of controlling one's home, but it brings new threats to home and society. This is a critical issue for many companies, especially in the IoT market where there are incentives that drive low costs and quick time to market. The literature study showed a lack of clear valuations of investments and that even if productivity is negatively affected and the time from idea to market is extended, future difficulties are avoided with successful cyber security measures. Despite the significant threats, many companies may choose to accept the risk of cyber-attacks because the costs of security breaches do not always end up with them.The PatrIoT vulnerability testing methodology was followed to thoroughly test the IoT product Microchip Cat Flap Connect. The product proved to be secure and common weaknesses, such as open network services and lack of proper implementation of encryption, could not be identified. The product was found to be vulnerable to denial-of-service (DoS) attacks in the form of ping-flooding. With that, it can be said that the product follows several principles for development towards secure IoT, but the server used for the web application should implement requirements to only trust certificates from trusted certificate authorities. Ethical hacking vulnerbility testing PatrIoT smart homes internet of things threat modelling cybersecurity Etisk hackning sårbarhetstestning PatrIoT smarta hem sakernas internet hotmodellering cybersäkerhet Computer and Information Sciences Data- och informationsvetenskap
380	Cybersecurity awareness among Swedish young adults in usage of public Wi-Fi networks Al Shakosh, Suhel January 2024 (has links) The widespread availability of public Wi-Fi has significantly impacted how young adults in Sweden access the Internet for various purposes, including social interactions, academic activities, and entertainment. However, this convenience comes with substantial cybersecurity risks. This study aims to explore and understand the awareness level among young adults regarding cybersecurity threats when utilizing public Wi-Fi and to delve into the measures and strategies employed by young adults to safeguard themselves from these identified threats. The root problem addressed in this study is the potential gap in cybersecurity awareness and protective behaviors among young adults who frequently use public Wi-Fi. Understanding this gap is crucial for developing effective educational initiatives and security practices that can mitigate the risks involved. To investigate this issue, a qualitative research method was employed, involving semi-structured interviews with ten participants, balanced in gender. The interviews aimed to gather in-depth insights into the participants' motivations for using public Wi-Fi, their awareness of cybersecurity risks, and the measures they take to protect themselves. Utilizing semi-structured interviews with ten participants, the study reveals a diverse range of awareness and behaviors. While some participants demonstrate a strong understanding of cyber threats and employ proactive measures such as using VPNs and antivirus software, others show only a cursory awareness and engage in risky behaviors due to a lack of knowledge or disregard for potential threats. This variation highlights a disparity in how young adults approach cybersecurity when using public Wi-Fi. The study underscores a need for targeted educational initiatives to enhance protective practices among this demographic, which could inform future cybersecurity policies and educational programs. By focusing on increasing cybersecurity awareness and promoting better security habits, the risks associated with public Wi-Fi usage can be better managed, thereby helping to protect the digital lives of young individuals in Sweden. Public Wi-Fi cybersecurity young adults Internet safety risk awareness protective measures VPN (virtual private network) privacy security Information Systems, Social aspects

Search results