Pub Date : 2023-06-19DOI: 10.34190/eccws.22.1.1176
Aysha Alkuwaiti, Mera Alremeithi, Haya Alobeidli, R. Ikuesan
A fake website is considered a website that is intended to cause harm and manipulate users, especially novice users without some knowledge of indicators of fakeness. Understanding the indicators of fake websites is thus considered an important concept to avoid being a victim of malicious attacks in online engagements. In some cases, such knowledge is required to reduce the potential attack surface of cyber criminals. However, the increasing rate of website diversity and complexities makes it difficult for an individual to distinguish between a fake and a real website while compounding the investigation process of a website. Also, the growing rate of website imitation technology and website domain closure presents a veritable platform for the development of fake websites. As a step towards determining the genuineness of a website, this study developed a forensic framework based on an exploratory analysis of different genres of fake websites. To achieve this, forensic methodologies and processes were applied to methodically selected samples of known fake websites based on three fakeness categories: Hoaxes, Cybersquatting, and Sweepstakes. The result revealed the existence of salient markers which can be used as indicators of fakeness and can be applied across a wide genre of websites. Furthermore, the resultant observation was used to develop a digital forensic framework for website fakeness evaluation. The developed framework was benchmarked to the ISO 27043/2015 and the NIST SP800-86 standard for completeness and relevance to forensic investigation processes. By leveraging the proposed digital forensic framework, an investigation can develop a reliable pointer to evaluate the genuineness of any website, which can significantly reduce the investigation time. For a non-forensic individual, the developed framework can be leveraged to identify, at first glance, the degree of fakeness of a website. Such a mechanism can therefore provide a useful tool to reduce the potential susceptibility of users thereby creating user awareness.
{"title":"Towards the Development of Indicators of Fake Websites for Digital Investigation","authors":"Aysha Alkuwaiti, Mera Alremeithi, Haya Alobeidli, R. Ikuesan","doi":"10.34190/eccws.22.1.1176","DOIUrl":"https://doi.org/10.34190/eccws.22.1.1176","url":null,"abstract":"A fake website is considered a website that is intended to cause harm and manipulate users, especially novice users without some knowledge of indicators of fakeness. Understanding the indicators of fake websites is thus considered an important concept to avoid being a victim of malicious attacks in online engagements. In some cases, such knowledge is required to reduce the potential attack surface of cyber criminals. However, the increasing rate of website diversity and complexities makes it difficult for an individual to distinguish between a fake and a real website while compounding the investigation process of a website. Also, the growing rate of website imitation technology and website domain closure presents a veritable platform for the development of fake websites. As a step towards determining the genuineness of a website, this study developed a forensic framework based on an exploratory analysis of different genres of fake websites. To achieve this, forensic methodologies and processes were applied to methodically selected samples of known fake websites based on three fakeness categories: Hoaxes, Cybersquatting, and Sweepstakes. The result revealed the existence of salient markers which can be used as indicators of fakeness and can be applied across a wide genre of websites. Furthermore, the resultant observation was used to develop a digital forensic framework for website fakeness evaluation. The developed framework was benchmarked to the ISO 27043/2015 and the NIST SP800-86 standard for completeness and relevance to forensic investigation processes. By leveraging the proposed digital forensic framework, an investigation can develop a reliable pointer to evaluate the genuineness of any website, which can significantly reduce the investigation time. For a non-forensic individual, the developed framework can be leveraged to identify, at first glance, the degree of fakeness of a website. Such a mechanism can therefore provide a useful tool to reduce the potential susceptibility of users thereby creating user awareness.","PeriodicalId":258360,"journal":{"name":"European Conference on Cyber Warfare and Security","volume":"27 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126529252","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-06-19DOI: 10.34190/eccws.22.1.1240
Stacey O Baror, Richard Adeyemi, I, H. Venter
Developing a generic digital forensic solution in a cloud computing platform that can address the functional requirements of digital forensic stakeholders is a complex process. The solution would require a technology-independent architectural design that addresses the challenges of incident threat identification, triggering, incident threat isolation and investigation. Existing approaches are limited to the functionality that treats these four challenges individually without the due diligence to consider their interoperability. This study proposes a context-independent and technology-neutral architecture to address these issues by developing a digital forensic readiness (DFR) based on a human language communication interaction (HLI) system that could create a cybercrime language as a service (DFClaaS). The functional architectural design of the proposed DFR HLI DFClaaS system comprises microservices, layered and event/component-based architectural patterns on top of cloud architectural patterns. The DFR HLI DFClaaS system integrates flexibility and other quality requirements to separate concerns while accommodating rigid requirements like security and reliability. The developed architecture is essential for any human-centred digital forensic solution. Therefore, integrating the developed architecture presents a reliable baseline for the digital forensic community.
{"title":"Functional Architectural Design of a Digital Forensic Readiness Cybercrime Language as a Service","authors":"Stacey O Baror, Richard Adeyemi, I, H. Venter","doi":"10.34190/eccws.22.1.1240","DOIUrl":"https://doi.org/10.34190/eccws.22.1.1240","url":null,"abstract":"Developing a generic digital forensic solution in a cloud computing platform that can address the functional requirements of digital forensic stakeholders is a complex process. The solution would require a technology-independent architectural design that addresses the challenges of incident threat identification, triggering, incident threat isolation and investigation. Existing approaches are limited to the functionality that treats these four challenges individually without the due diligence to consider their interoperability. This study proposes a context-independent and technology-neutral architecture to address these issues by developing a digital forensic readiness (DFR) based on a human language communication interaction (HLI) system that could create a cybercrime language as a service (DFClaaS). The functional architectural design of the proposed DFR HLI DFClaaS system comprises microservices, layered and event/component-based architectural patterns on top of cloud architectural patterns. The DFR HLI DFClaaS system integrates flexibility and other quality requirements to separate concerns while accommodating rigid requirements like security and reliability. The developed architecture is essential for any human-centred digital forensic solution. Therefore, integrating the developed architecture presents a reliable baseline for the digital forensic community. ","PeriodicalId":258360,"journal":{"name":"European Conference on Cyber Warfare and Security","volume":"16 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121735551","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-06-19DOI: 10.34190/eccws.22.1.1172
Ban AlOmar, Z. Trabelsi, Firas Saidi
Cyber-attacks are becoming increasingly sophisticated, posing more significant challenges to traditional intrusion detection methods. The inability to prevent intrusions could compromise the credibility of security services, thereby putting data confidentiality, integrity, and availability at risk. In response to this problem, research has been conducted to apply deep learning (DL) models to intrusion detection, leveraging the new era of AI and the proven efficiency of DL in many fields. This study proposes a new intrusion detection system (IDS) based on DL, utilizing attention-based long short-term memory (AT-LSTM) and attention-based bidirectional LSTM (AT-BiLSTM) models. The time-series nature of network traffic data, which changes continuously over time, makes LSTM and BiLSTM particularly effective in handling intrusion detection. These models can capture long-term dependencies in the sequence of events, learn the patterns of normal network behaviour, and detect deviations from this behaviour that may indicate an intrusion. Also, the attention mechanism in the proposed models lets them make predictions based on the most important parts of the network traffic data. This is important for finding intrusions because network traffic data can have many different features, not all of which are important for finding an attack. The attention mechanism lets the models learn which features are most important for making accurate predictions, which improves their performance and efficiency. The UNSW-NB15 benchmark dataset is used in the study to measure and compare the effectiveness and reliability of the proposed system. This dataset contains normal and attack traffic data with a significant class imbalance. To address this issue, the study employs the Synthetic Minority Over-sampling Technique (SMOTE) to balance the dataset, thus reducing the risk of overfitting to the majority class and improving the model's performance in detecting attacks. The performance evaluation results demonstrate that the proposed models achieved a detection rate of over 93%, indicating high precision in detecting intrusions. By harnessing the power of deep learning, these models can learn and adapt to new threats over time, thus ensuring data confidentiality, integrity, and availability in today's interconnected world.
{"title":"Attention-Based Deep Learning Modelling for Intrusion Detection","authors":"Ban AlOmar, Z. Trabelsi, Firas Saidi","doi":"10.34190/eccws.22.1.1172","DOIUrl":"https://doi.org/10.34190/eccws.22.1.1172","url":null,"abstract":"Cyber-attacks are becoming increasingly sophisticated, posing more significant challenges to traditional intrusion detection methods. The inability to prevent intrusions could compromise the credibility of security services, thereby putting data confidentiality, integrity, and availability at risk. In response to this problem, research has been conducted to apply deep learning (DL) models to intrusion detection, leveraging the new era of AI and the proven efficiency of DL in many fields. This study proposes a new intrusion detection system (IDS) based on DL, utilizing attention-based long short-term memory (AT-LSTM) and attention-based bidirectional LSTM (AT-BiLSTM) models. The time-series nature of network traffic data, which changes continuously over time, makes LSTM and BiLSTM particularly effective in handling intrusion detection. These models can capture long-term dependencies in the sequence of events, learn the patterns of normal network behaviour, and detect deviations from this behaviour that may indicate an intrusion. Also, the attention mechanism in the proposed models lets them make predictions based on the most important parts of the network traffic data. This is important for finding intrusions because network traffic data can have many different features, not all of which are important for finding an attack. The attention mechanism lets the models learn which features are most important for making accurate predictions, which improves their performance and efficiency. The UNSW-NB15 benchmark dataset is used in the study to measure and compare the effectiveness and reliability of the proposed system. This dataset contains normal and attack traffic data with a significant class imbalance. To address this issue, the study employs the Synthetic Minority Over-sampling Technique (SMOTE) to balance the dataset, thus reducing the risk of overfitting to the majority class and improving the model's performance in detecting attacks. The performance evaluation results demonstrate that the proposed models achieved a detection rate of over 93%, indicating high precision in detecting intrusions. By harnessing the power of deep learning, these models can learn and adapt to new threats over time, thus ensuring data confidentiality, integrity, and availability in today's interconnected world.","PeriodicalId":258360,"journal":{"name":"European Conference on Cyber Warfare and Security","volume":"32 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131293620","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-06-19DOI: 10.34190/eccws.22.1.1316
V. Greiman
As described by Former U.S. Secretary of Defense, Donald Rumsfeld in his 2011 book, Known and Unknown, “there are many things of which we are completely unaware—in fact, there are things of which we are so unaware, we don’t even know we are unaware of them. Throughout history the world has faced numerous catastrophic events that were not foreseen but in hindsight were discoverable including the devastating effects of Pearl Harbor, and the September 11 terrorist attacks. More recently, the potential for catastrophic loss has been magnified in the 2020 Solar Winds and 2021 Colonial Pipeline cyber-attacks. We may not know when or how these events will occur or how much damage or destruction will occur, but we do know that these events are possible. The literature differentiates between events that occur totally by surprise, and outcomes or events that actors have identified as possibly existing but do not know whether they will take place or not. The aim of this paper is to provide insight, based on an empirical review of selected attacks both within and outside the cyber space literature to uncover the underlying risk, uncertainty, and complexity that may have been known but not seriously considered by those who had the knowledge and capability to investigate the warning signs. Based on the case study analysis, this paper will present the reasons for inaction and how we can learn from these experiences. The following two theories – institutionalization and rationalization have been found to provide some reasons for the occurrence of behaviors which increase the possibility of unobserved risks. In this paper we explore these theories through case study analysis and propose a framework consisting of four concepts for increasing awareness of these situations.
{"title":"Known Unknowns: The Inevitability of Cyber Attacks","authors":"V. Greiman","doi":"10.34190/eccws.22.1.1316","DOIUrl":"https://doi.org/10.34190/eccws.22.1.1316","url":null,"abstract":"As described by Former U.S. Secretary of Defense, Donald Rumsfeld in his 2011 book, Known and Unknown, “there are many things of which we are completely unaware—in fact, there are things of which we are so unaware, we don’t even know we are unaware of them. Throughout history the world has faced numerous catastrophic events that were not foreseen but in hindsight were discoverable including the devastating effects of Pearl Harbor, and the September 11 terrorist attacks. More recently, the potential for catastrophic loss has been magnified in the 2020 Solar Winds and 2021 Colonial Pipeline cyber-attacks. We may not know when or how these events will occur or how much damage or destruction will occur, but we do know that these events are possible. The literature differentiates between events that occur totally by surprise, and outcomes or events that actors have identified as possibly existing but do not know whether they will take place or not. The aim of this paper is to provide insight, based on an empirical review of selected attacks both within and outside the cyber space literature to uncover the underlying risk, uncertainty, and complexity that may have been known but not seriously considered by those who had the knowledge and capability to investigate the warning signs. Based on the case study analysis, this paper will present the reasons for inaction and how we can learn from these experiences. The following two theories – institutionalization and rationalization have been found to provide some reasons for the occurrence of behaviors which increase the possibility of unobserved risks. In this paper we explore these theories through case study analysis and propose a framework consisting of four concepts for increasing awareness of these situations.","PeriodicalId":258360,"journal":{"name":"European Conference on Cyber Warfare and Security","volume":"20 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125293985","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-06-19DOI: 10.34190/eccws.22.1.1271
Lucas Potter, Kimberly Mossberg, X. Palmer
Verification is central to any process in a functional and enduring cyber-secure organization. This verification ishow the validity or accuracy of a state of being is assessed (Schlick, 1936; Balci, 1998). Conversely, breakdownin verification procedures is core to the interruption of normal operations for an organization. A key problemfor organizations that utilize biology as an interlock within their systems is that personnel lack sufficient abilityto verify all practically relevant biological information for procedures such as a nurse logging a blood draw, or amolecular biology technician preparing agar to culture microbes for study. This has several implications, one ofwhich is our diminished ability to approximate and defend against emerging biologically-linked cyberthreats.These could be in the form of mis- or dis-information, contaminants, or calculated threats to vital supplies.Two important questions to ask are: “What may be the implications of diminished ability to undergo strictverification measures (such as triple redundancy and technological distancing).” And “how does this impactour ability to anticipate and make changes for verification of biological processes?” This paper aims to discusskey areas where verification gaps exist and how to bridgethos gaps. Towards this, we cover data integrity,implications of the lack of verification, triple redundancy, technological distancing, biosafety concerns, andmore. All of this will factor into the ability of organizations with proximity to biosecurity to anticipate nationalchanges to biological processes that are nationally relevant.
{"title":"A Reflection on Typology and Verification Flaws in consideration of Biocybersecurity/Cyberbiosecurity: Just Another Gap in the Wall","authors":"Lucas Potter, Kimberly Mossberg, X. Palmer","doi":"10.34190/eccws.22.1.1271","DOIUrl":"https://doi.org/10.34190/eccws.22.1.1271","url":null,"abstract":"Verification is central to any process in a functional and enduring cyber-secure organization. This verification ishow the validity or accuracy of a state of being is assessed (Schlick, 1936; Balci, 1998). Conversely, breakdownin verification procedures is core to the interruption of normal operations for an organization. A key problemfor organizations that utilize biology as an interlock within their systems is that personnel lack sufficient abilityto verify all practically relevant biological information for procedures such as a nurse logging a blood draw, or amolecular biology technician preparing agar to culture microbes for study. This has several implications, one ofwhich is our diminished ability to approximate and defend against emerging biologically-linked cyberthreats.These could be in the form of mis- or dis-information, contaminants, or calculated threats to vital supplies.Two important questions to ask are: “What may be the implications of diminished ability to undergo strictverification measures (such as triple redundancy and technological distancing).” And “how does this impactour ability to anticipate and make changes for verification of biological processes?” This paper aims to discusskey areas where verification gaps exist and how to bridgethos gaps. Towards this, we cover data integrity,implications of the lack of verification, triple redundancy, technological distancing, biosafety concerns, andmore. All of this will factor into the ability of organizations with proximity to biosecurity to anticipate nationalchanges to biological processes that are nationally relevant.","PeriodicalId":258360,"journal":{"name":"European Conference on Cyber Warfare and Security","volume":"67 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133670331","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-06-19DOI: 10.34190/eccws.22.1.1072
Clara Maathuis, S. Chockalingam
Just as every neuron in a biological neural network is a reinforcement learning agent, thus a component of a large and advanced structure is de facto a model, the two main components forming the principle of proportionality in military operations can be seen and are as a matter of fact two different entities and models. These are collateral damage depicting the unintentional effects affecting civilians and civilian objects, and military advantage symbolizing the intentional effects contributing to achieving the military objectives defined for military operation conducted. These two entities are complex processes relying on available information, projection on time to the moment of target engagement through estimation and are strongly dependent of common-sense reasoning and decision making. As a deduction, these two components and the proportionality decision result are processes surrounded by various sources and types of uncertainty. However, the existing academic and practitioner efforts in understanding the meaning, dimensions, and implications of the proportionality principle are considering military-legal and ethical lenses, and less technical ones. Accordingly, this research calls for a movement from the existing vision of interpreting proportionality in a possibilistic way to a probabilistic way. Henceforth, this research aims to build two probabilistic Machine Learning models based on Bayesian Belief Networks for assessing proportionality in military operations. The first model embeds a binary classification approach assessing if the engagement is proportional or disproportional, and the second model that extends this perspective based on previous research to perform multi-class classification for assessing degrees of proportionality. To accomplish this objective, this research follows the Design Science Research methodology and conducts an extensive literature for building and demonstrating the model proposed. Finally, this research intends to contribute to designing and developing explainable and responsible intelligent solutions that support human-based military targeting decision-making processes involved when building and conducting military operations.
{"title":"Tackling Uncertainty Through Probabilistic Modelling of Proportionality in Military Operations","authors":"Clara Maathuis, S. Chockalingam","doi":"10.34190/eccws.22.1.1072","DOIUrl":"https://doi.org/10.34190/eccws.22.1.1072","url":null,"abstract":"Just as every neuron in a biological neural network is a reinforcement learning agent, thus a component of a large and advanced structure is de facto a model, the two main components forming the principle of proportionality in military operations can be seen and are as a matter of fact two different entities and models. These are collateral damage depicting the unintentional effects affecting civilians and civilian objects, and military advantage symbolizing the intentional effects contributing to achieving the military objectives defined for military operation conducted. These two entities are complex processes relying on available information, projection on time to the moment of target engagement through estimation and are strongly dependent of common-sense reasoning and decision making. As a deduction, these two components and the proportionality decision result are processes surrounded by various sources and types of uncertainty. However, the existing academic and practitioner efforts in understanding the meaning, dimensions, and implications of the proportionality principle are considering military-legal and ethical lenses, and less technical ones. Accordingly, this research calls for a movement from the existing vision of interpreting proportionality in a possibilistic way to a probabilistic way. Henceforth, this research aims to build two probabilistic Machine Learning models based on Bayesian Belief Networks for assessing proportionality in military operations. The first model embeds a binary classification approach assessing if the engagement is proportional or disproportional, and the second model that extends this perspective based on previous research to perform multi-class classification for assessing degrees of proportionality. To accomplish this objective, this research follows the Design Science Research methodology and conducts an extensive literature for building and demonstrating the model proposed. Finally, this research intends to contribute to designing and developing explainable and responsible intelligent solutions that support human-based military targeting decision-making processes involved when building and conducting military operations.","PeriodicalId":258360,"journal":{"name":"European Conference on Cyber Warfare and Security","volume":"26 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132008703","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-06-19DOI: 10.34190/eccws.22.1.1283
M. Barnett, I. Samori, Brandon Griffin, X. Palmer, Lucas Potter
Prior work has discussed the emerging fields of Biocybersecurity (BCS) and Cyberbiosecurity (CBS) in multiple forms. These include the definition, mission-awareness, general applications, and policy (Murch et al, 2018; Peccoud et al, 2019; Potter et al, 2020). One area that has received relatively little attention are unique BCS/CBS vulnerabilities with maritime theaters, which refers to ocean and littoral-based commercial and military ventures. There is considerable ground for both bioeconomies and militaries to be placed at risk of degraded capacity for activity due to maritime-specific BCS/CBS attacks presently in the future. This is especially the case where aforementioned vulnerabilities are used to disrupt logistics through targeting of personnel and means of transport. This paper discusses the growing relevance of CBS/BCS in maritime space, aspects of maritime environments that can be exploited for BCS attacks, possible BCS/CBS attacks in the near future, possible BCS/CBS means of defense and pre-emptive positioning, and discussion of BCS/CBS relevance in international policy, and differences in application. This paper aims to facilitate and accelerate discussion of BCS to spur helpful action in this area.
先前的工作以多种形式讨论了生物网络安全(BCS)和网络生物安全(CBS)的新兴领域。这些包括定义、任务意识、一般应用和策略(Murch等人,2018;Peccoud等人,2019;Potter et al ., 2020)。一个受到相对较少关注的领域是海上战区独特的BCS/CBS漏洞,这是指海洋和沿海的商业和军事冒险。由于目前和未来针对海洋的BCS/CBS攻击,生物经济和军队都有相当大的理由面临活动能力下降的风险。特别是在利用上述漏洞以人员和运输工具为目标来破坏后勤的情况下。本文讨论了CBS/BCS在海上空间日益增长的相关性,可用于BCS攻击的海洋环境方面,不久的将来可能发生的BCS/CBS攻击,可能的BCS/CBS防御手段和先发制人的定位,以及BCS/CBS在国际政策中的相关性和应用差异的讨论。本文旨在促进和加快对BCS的讨论,以推动这一领域的有益行动。
{"title":"A Commentary and Exploration of Maritime Applications of Biosecurity and Cybersecurity Intersections","authors":"M. Barnett, I. Samori, Brandon Griffin, X. Palmer, Lucas Potter","doi":"10.34190/eccws.22.1.1283","DOIUrl":"https://doi.org/10.34190/eccws.22.1.1283","url":null,"abstract":"Prior work has discussed the emerging fields of Biocybersecurity (BCS) and Cyberbiosecurity (CBS) in multiple forms. These include the definition, mission-awareness, general applications, and policy (Murch et al, 2018; Peccoud et al, 2019; Potter et al, 2020). One area that has received relatively little attention are unique BCS/CBS vulnerabilities with maritime theaters, which refers to ocean and littoral-based commercial and military ventures. There is considerable ground for both bioeconomies and militaries to be placed at risk of degraded capacity for activity due to maritime-specific BCS/CBS attacks presently in the future. This is especially the case where aforementioned vulnerabilities are used to disrupt logistics through targeting of personnel and means of transport. This paper discusses the growing relevance of CBS/BCS in maritime space, aspects of maritime environments that can be exploited for BCS attacks, possible BCS/CBS attacks in the near future, possible BCS/CBS means of defense and pre-emptive positioning, and discussion of BCS/CBS relevance in international policy, and differences in application. This paper aims to facilitate and accelerate discussion of BCS to spur helpful action in this area.","PeriodicalId":258360,"journal":{"name":"European Conference on Cyber Warfare and Security","volume":"113 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114219185","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-06-19DOI: 10.34190/eccws.22.1.1053
Nombeko Ntingi, Sebastian von Solms, Jaco du Toit
Small, medium, and micro enterprises (SMMEs) are obliged to adopt digital technologies to render services to their clients and remain competitive. The COVID-19 global crisis has accelerated the cyberfication of systems and services. The move to digital platforms has afforded SMMEs opportunities to offer their services to a broader geographical area. However, this has also presented opportunities for cybercriminals to invade the digital infrastructure. Adopting digital transformation has put SMMEs in a vulnerable position since they need to manage their cybersecurity while lacking the necessary skills and ICT infrastructure. The inability of SMMEs to defend themselves against cyberattacks compels them to outsource their security needs to external security service providers. These external security service providers offer security services based on a hierarchical operating model. Essential security services are offered at a lower level. If the paying clients require advanced security services, they may be provided as an add-on to the contractual agreement resulting in additional cost. � �This paper explores the active cyber defence (ACD) approach to enhance cybersecurity defence while minimising service costs. Therefore, the primary objective and outcome of this paper are to identify some of the essential drivers that will contribute towards developing the active cyber defence framework for SMMEs in developing countries. For purposes of clarity, essential drivers are the gaps highlighted during the literature review and will be referred to as “essential drivers” throughout the paper. The essential drivers, together with suggested recommendations, will be consolidated. The essential drivers were drawn from existing literature by going through peer-reviewed academic papers and company whitepapers. � �To achieve the primary objective, we need to establish whether SMMEs are utilising the services of external security service providers. The external security service providers will be referred to as “Security Operation Centre - SOC as a service” throughout the paper. The secondary objective of this paper is to determine whether SMMEs are utilising the SOC as a service and if they do, whether they realise value for money. � �
{"title":"Towards an active cyber defence framework for SMMEs in developing countries","authors":"Nombeko Ntingi, Sebastian von Solms, Jaco du Toit","doi":"10.34190/eccws.22.1.1053","DOIUrl":"https://doi.org/10.34190/eccws.22.1.1053","url":null,"abstract":"Small, medium, and micro enterprises (SMMEs) are obliged to adopt digital technologies to render services to their clients and remain competitive. The COVID-19 global crisis has accelerated the cyberfication of systems and services. The move to digital platforms has afforded SMMEs opportunities to offer their services to a broader geographical area. However, this has also presented opportunities for cybercriminals to invade the digital infrastructure. Adopting digital transformation has put SMMEs in a vulnerable position since they need to manage their cybersecurity while lacking the necessary skills and ICT infrastructure. The inability of SMMEs to defend themselves against cyberattacks compels them to outsource their security needs to external security service providers. These external security service providers offer security services based on a hierarchical operating model. Essential security services are offered at a lower level. If the paying clients require advanced security services, they may be provided as an add-on to the contractual agreement resulting in additional cost. \u0000 \u0000This paper explores the active cyber defence (ACD) approach to enhance cybersecurity defence while minimising service costs. Therefore, the primary objective and outcome of this paper are to identify some of the essential drivers that will contribute towards developing the active cyber defence framework for SMMEs in developing countries. For purposes of clarity, essential drivers are the gaps highlighted during the literature review and will be referred to as “essential drivers” throughout the paper. The essential drivers, together with suggested recommendations, will be consolidated. The essential drivers were drawn from existing literature by going through peer-reviewed academic papers and company whitepapers. \u0000 \u0000To achieve the primary objective, we need to establish whether SMMEs are utilising the services of external security service providers. The external security service providers will be referred to as “Security Operation Centre - SOC as a service” throughout the paper. The secondary objective of this paper is to determine whether SMMEs are utilising the SOC as a service and if they do, whether they realise value for money. \u0000 \u0000 ","PeriodicalId":258360,"journal":{"name":"European Conference on Cyber Warfare and Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129348437","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-06-19DOI: 10.34190/eccws.22.1.1114
S. Haataja
States are increasingly engaging in cybersecurity cooperation activities and providing support to other states in offensive cyber operations. While international cooperation is generally encouraged and many cybersecurity cooperation activities are lawful, there is also a risk of being complicit in the internationally wrongful acts of other states. This paper examines the risk of complicity in offensive cyber operations under international law on aiding or assisting. It argues that, while international law in this context applies to cyber operations by states, existing uncertainties and limitations around the key components of the law on aiding or assisting are compounded by competing interpretations about how international law generally applies to state conduct in cyberspace. The paper consists of four sections. Following the introduction in section one, section two outlines some of the ways in which states are cooperating in relation to cybersecurity and offensive cyber operations. Section three examines the key elements of international law on aiding or assisting as contained within article 16 of the International Law Commission’s Articles on the Responsibility of States for Internationally Wrongful Acts, and the extent to which these apply or are problematised in relation cyber operations. It demonstrates that article 16 adopts a broad approach to what constitutes ‘aiding or assisting’ and this captures various types of activities in support of cyber operations provided the aid or assistance contributes significantly to a wrongful act of another state, the accomplice state has knowledge of the factual circumstances and the illegality of the act by the principal state, and where the accomplice state and principal state are bound by the same legal obligation. Section four concludes by outlining the limits of cooperation in the cyber context and how states can mitigate the risk of complicity in violations of international law.
{"title":"Complicity in Unlawful Offensive Cyber Operations Under International Law on State Responsibility","authors":"S. Haataja","doi":"10.34190/eccws.22.1.1114","DOIUrl":"https://doi.org/10.34190/eccws.22.1.1114","url":null,"abstract":"States are increasingly engaging in cybersecurity cooperation activities and providing support to other states in offensive cyber operations. While international cooperation is generally encouraged and many cybersecurity cooperation activities are lawful, there is also a risk of being complicit in the internationally wrongful acts of other states. This paper examines the risk of complicity in offensive cyber operations under international law on aiding or assisting. It argues that, while international law in this context applies to cyber operations by states, existing uncertainties and limitations around the key components of the law on aiding or assisting are compounded by competing interpretations about how international law generally applies to state conduct in cyberspace. The paper consists of four sections. Following the introduction in section one, section two outlines some of the ways in which states are cooperating in relation to cybersecurity and offensive cyber operations. Section three examines the key elements of international law on aiding or assisting as contained within article 16 of the International Law Commission’s Articles on the Responsibility of States for Internationally Wrongful Acts, and the extent to which these apply or are problematised in relation cyber operations. It demonstrates that article 16 adopts a broad approach to what constitutes ‘aiding or assisting’ and this captures various types of activities in support of cyber operations provided the aid or assistance contributes significantly to a wrongful act of another state, the accomplice state has knowledge of the factual circumstances and the illegality of the act by the principal state, and where the accomplice state and principal state are bound by the same legal obligation. Section four concludes by outlining the limits of cooperation in the cyber context and how states can mitigate the risk of complicity in violations of international law.","PeriodicalId":258360,"journal":{"name":"European Conference on Cyber Warfare and Security","volume":"105 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124731651","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-06-19DOI: 10.34190/eccws.22.1.1160
Stylianos Koumoutzelis, I. Giannoulakis, Titos Georgoulakis, G. Avdikos, E. Kafetzakis
Graphics Processing Units (GPUs) and Field Programmable Gate Arrays (FPGAs) are widely applied to cloud and embedded applications in which such devices are applied to near and far edge computing operations. This pool of available devices has a wide range of power/size specifications to support servers ranging from big data centres to small cloudlets, or even down to embedded systems and IoT boards. Overall, the most prominent devices and vendors in the market today are the following Xilinx for FPGA-based accelerators, Nvidia and AMD for GPUs, Intel for FPGA- /GPU-based accelerators. Decreasing the latency and increasing the throughput of Artificial Intelligence Functions (AIF), either for network automation or user applications, requires some sort of parallelization inside such purpose-built hardware acceleration. The AI@EDGE project is developing a Connect-Compute Platform (CCP) in which hardware accelerators (1 Nvidia GPU Tesla V100 (near edge device) and 1 Jetson AGX and 1 Jetson Nano (far edge devices), as well as 2 Xilinx FPGAs Alveo U280+U200 (near edge devices) and 1 Versal VCK190 and 2 Zynq ZCU104) are placed inside a server node and execute edge computing scenarios involving multiple nodes of diverse compute capabilities each, to test various integration approaches, to study orchestration techniques measure AIF deployment efficiency, all while developing certain FPGA/GPU code to accelerate representative AIFs of AI@EDGE. In this paper we compare the power/size/performance specifications of all accelerators and highlight the security issues associated with the cloud and embedded accelerators. This study presents the security issues announced by the vendors with the results of our tests and proposes tests and security functions (policies and objectives) which will be applied to the CCP to increase the security level of CCP. It also considers security issues related with the hardware set-up (accelerators inside server nodes) from the network point of view.
{"title":"Security Issues of GPUs and FPGAs for AI-powered near & far Edge Services","authors":"Stylianos Koumoutzelis, I. Giannoulakis, Titos Georgoulakis, G. Avdikos, E. Kafetzakis","doi":"10.34190/eccws.22.1.1160","DOIUrl":"https://doi.org/10.34190/eccws.22.1.1160","url":null,"abstract":"Graphics Processing Units (GPUs) and Field Programmable Gate Arrays (FPGAs) are widely applied to cloud and embedded applications in which such devices are applied to near and far edge computing operations. This pool of available devices has a wide range of power/size specifications to support servers ranging from big data centres to small cloudlets, or even down to embedded systems and IoT boards. Overall, the most prominent devices and vendors in the market today are the following Xilinx for FPGA-based accelerators, Nvidia and AMD for GPUs, Intel for FPGA- /GPU-based accelerators. Decreasing the latency and increasing the throughput of Artificial Intelligence Functions (AIF), either for network automation or user applications, requires some sort of parallelization inside such purpose-built hardware acceleration. The AI@EDGE project is developing a Connect-Compute Platform (CCP) in which hardware accelerators (1 Nvidia GPU Tesla V100 (near edge device) and 1 Jetson AGX and 1 Jetson Nano (far edge devices), as well as 2 Xilinx FPGAs Alveo U280+U200 (near edge devices) and 1 Versal VCK190 and 2 Zynq ZCU104) are placed inside a server node and execute edge computing scenarios involving multiple nodes of diverse compute capabilities each, to test various integration approaches, to study orchestration techniques measure AIF deployment efficiency, all while developing certain FPGA/GPU code to accelerate representative AIFs of AI@EDGE. In this paper we compare the power/size/performance specifications of all accelerators and highlight the security issues associated with the cloud and embedded accelerators. This study presents the security issues announced by the vendors with the results of our tests and proposes tests and security functions (policies and objectives) which will be applied to the CCP to increase the security level of CCP. It also considers security issues related with the hardware set-up (accelerators inside server nodes) from the network point of view.","PeriodicalId":258360,"journal":{"name":"European Conference on Cyber Warfare and Security","volume":"325 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130023708","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: