Pub Date : 2023-06-19DOI: 10.34190/eccws.22.1.1303
S. Chockalingam, Clara Maathuis
Over the last years, cyber-attacks are increasing in organizations especially due to the use of emerging technologies and transformation in terms of how we work. Informed decision-making in cyber security is critical to prevent, detect, respond, and recover from cyber-attacks effectively and efficiently. In cyber security, Decision Support System (DSS) plays a crucial role especially in supporting security analysts, managers, and operators in making informed decisions. Artificial Intelligence (AI)-based techniques like Bayesian Networks, Decision Trees are used as an underlying approach in such DSSs. Furthermore, Influence Diagrams (IDs) possess the capability to support informed decision-making based on its existing applications in other domains like medical. However, the complete capability and potential of IDs are not utilised in cyber security especially in terms of its explainable nature for different stakeholders and existing applications in other domains. Therefore, this research tackles the following research question: “What are potential applications of Influence Diagrams (IDs) in cyber security?”. We identified applications of IDs in different domains and then translated it to design potential applications for cyber security issues. In the future, this will help both researchers and practitioners to develop and implement IDs for cyber security-related problems, which in turn will enhance decision-making especially due to its explainable nature for different stakeholders.
{"title":"Influence Diagrams in Cyber Security: Conceptualization and Potential Applications","authors":"S. Chockalingam, Clara Maathuis","doi":"10.34190/eccws.22.1.1303","DOIUrl":"https://doi.org/10.34190/eccws.22.1.1303","url":null,"abstract":"Over the last years, cyber-attacks are increasing in organizations especially due to the use of emerging technologies and transformation in terms of how we work. Informed decision-making in cyber security is critical to prevent, detect, respond, and recover from cyber-attacks effectively and efficiently. In cyber security, Decision Support System (DSS) plays a crucial role especially in supporting security analysts, managers, and operators in making informed decisions. Artificial Intelligence (AI)-based techniques like Bayesian Networks, Decision Trees are used as an underlying approach in such DSSs. Furthermore, Influence Diagrams (IDs) possess the capability to support informed decision-making based on its existing applications in other domains like medical. However, the complete capability and potential of IDs are not utilised in cyber security especially in terms of its explainable nature for different stakeholders and existing applications in other domains. Therefore, this research tackles the following research question: “What are potential applications of Influence Diagrams (IDs) in cyber security?”. We identified applications of IDs in different domains and then translated it to design potential applications for cyber security issues. In the future, this will help both researchers and practitioners to develop and implement IDs for cyber security-related problems, which in turn will enhance decision-making especially due to its explainable nature for different stakeholders.","PeriodicalId":258360,"journal":{"name":"European Conference on Cyber Warfare and Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132592669","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-06-19DOI: 10.34190/eccws.22.1.1211
Aarne Hummelholm
The AIQUSEC (AI-based quantum secure cyber security automation and orchestration in the edge intelligence of future networks) brings measurable advances to the cyber security of access and edge networks and their services, as well as Operational Service Technologies (OT). The research aims for significant cybersecurity scalability, efficiency, and effectiveness of operations through improved and enhanced device and sensor securities, security assurance, quantum security, and Artificial Intelligence (AI) based automation solutions. The new application scenarios of near future, the multiple stakeholders within each scenario, and the higher data volumes raise the need for novel cybersecurity solutions. Recently, OT cybersecurity threat landscape has become wider, due to the increase digitalization of services, the increase in virtualization and slicing of networks, as well as the increase in advanced cyber-attacks. Because of recent advances in computing power, AI in cybersecurity analyzing and validations is now becoming a reality. A significant part of currently used encryption technologies which secures communications and infrastructures might become instantly penetrable when quantum computing becomes available. Enabling quantum-safety migration development is a clear goal to the project. The research develops a state-of-the-art information security verification and validation environment that supports the integration of cyber security systems as a reference model, focusing on architectural choices and network connection from different vertical use cases. With the help of the platform and the reference model, common cybersecurity capabilities and requirements can be built, tested, and validated, as well as their fulfillment. In addition to the environment mentioned above, the results of the research are demonstrated and utilized in critical communication systems, water utilities, industrial environments, in physical access solutions and remote work. The developed platform can also be used for auditing devices, systems, and software’s in the future. The research integrates new quantum-safe artificial intelligence-based, hardware-hardened, and scalable cybersecurity solutions that have been validated in a standardized way. In this research, we also deal with the requirements of the EU sustainable growth program - issues related to the green transition. �
{"title":"AI-based quantum-safe cybersecurity automation and orchestration for edge intelligence in future networks","authors":"Aarne Hummelholm","doi":"10.34190/eccws.22.1.1211","DOIUrl":"https://doi.org/10.34190/eccws.22.1.1211","url":null,"abstract":"The AIQUSEC (AI-based quantum secure cyber security automation and orchestration in the edge intelligence of future networks) brings measurable advances to the cyber security of access and edge networks and their services, as well as Operational Service Technologies (OT). The research aims for significant cybersecurity scalability, efficiency, and effectiveness of operations through improved and enhanced device and sensor securities, security assurance, quantum security, and Artificial Intelligence (AI) based automation solutions. The new application scenarios of near future, the multiple stakeholders within each scenario, and the higher data volumes raise the need for novel cybersecurity solutions. Recently, OT cybersecurity threat landscape has become wider, due to the increase digitalization of services, the increase in virtualization and slicing of networks, as well as the increase in advanced cyber-attacks. Because of recent advances in computing power, AI in cybersecurity analyzing and validations is now becoming a reality. A significant part of currently used encryption technologies which secures communications and infrastructures might become instantly penetrable when quantum computing becomes available. Enabling quantum-safety migration development is a clear goal to the project. The research develops a state-of-the-art information security verification and validation environment that supports the integration of cyber security systems as a reference model, focusing on architectural choices and network connection from different vertical use cases. With the help of the platform and the reference model, common cybersecurity capabilities and requirements can be built, tested, and validated, as well as their fulfillment. In addition to the environment mentioned above, the results of the research are demonstrated and utilized in critical communication systems, water utilities, industrial environments, in physical access solutions and remote work. The developed platform can also be used for auditing devices, systems, and software’s in the future. The research integrates new quantum-safe artificial intelligence-based, hardware-hardened, and scalable cybersecurity solutions that have been validated in a standardized way. In this research, we also deal with the requirements of the EU sustainable growth program - issues related to the green transition. \u0000 ","PeriodicalId":258360,"journal":{"name":"European Conference on Cyber Warfare and Security","volume":"99 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131459745","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-06-19DOI: 10.34190/eccws.22.1.1208
Ioannis Moutafis, Antonios Andreatos, Petros Stefaneas
This paper focuses on the security of electronic mail, using machine learning algorithms. Spam email is unwanted messages, usually commercial, sent to a large number of recipients. In this work, an algorithm for the detection of spam messages with the aid of machine learning methods is proposed. The algorithm accepts as input text email messages grouped as benevolent (“ham”) and malevolent (spam) and produces a text file in csv format. This file then is used to train a bunch of ten Machine Learning techniques to classify incoming emails into ham or spam. The following Machine Learning techniques have been tested: Support Vector Machines, k-Nearest Neighbour, Naïve Bayes, Neural Networks, Recurrent Neural Networks, Ada Boost, Random Forest, Gradient Boosting, Logistic Regression and Decision Trees. Testing was performed using two popular datasets, as well as a publicly available csv file. Our algorithm is written in Python and produces satisfactory results in terms of accuracy, compared to state-of-the-art implementations. In addition, the proposed system generates three output files: a csv file with the spam email IP addresses (of originating email servers), a map with their geolocation, as well as a csv file with statistics about the countries of origin. These files can be used to update existing organisational filters and blacklists used in other spam filters.
{"title":"Spam Email Detection Using Machine Learning Techniques","authors":"Ioannis Moutafis, Antonios Andreatos, Petros Stefaneas","doi":"10.34190/eccws.22.1.1208","DOIUrl":"https://doi.org/10.34190/eccws.22.1.1208","url":null,"abstract":"This paper focuses on the security of electronic mail, using machine learning algorithms. Spam email is unwanted messages, usually commercial, sent to a large number of recipients. In this work, an algorithm for the detection of spam messages with the aid of machine learning methods is proposed. The algorithm accepts as input text email messages grouped as benevolent (“ham”) and malevolent (spam) and produces a text file in csv format. This file then is used to train a bunch of ten Machine Learning techniques to classify incoming emails into ham or spam. The following Machine Learning techniques have been tested: Support Vector Machines, k-Nearest Neighbour, Naïve Bayes, Neural Networks, Recurrent Neural Networks, Ada Boost, Random Forest, Gradient Boosting, Logistic Regression and Decision Trees. Testing was performed using two popular datasets, as well as a publicly available csv file. Our algorithm is written in Python and produces satisfactory results in terms of accuracy, compared to state-of-the-art implementations. In addition, the proposed system generates three output files: a csv file with the spam email IP addresses (of originating email servers), a map with their geolocation, as well as a csv file with statistics about the countries of origin. These files can be used to update existing organisational filters and blacklists used in other spam filters.","PeriodicalId":258360,"journal":{"name":"European Conference on Cyber Warfare and Security","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135286921","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-06-19DOI: 10.34190/eccws.22.1.1212
Nikolaos Chrysikos, P. Karampelas, Konstantinos F. Xylogiannopoulos
Android is arguably the most widely used mobile operating system in the world. Due to its widespread use, it has attracted a lot of attention of cybercriminals who attempt to exploit its architecture and outsmart innocent users to install malware applications. The number of such applications is growing every day either by alternating a basic exploitation mechanism or by creating novel mechanisms to exfiltrate users’ data. As a result, there is an increasing need for detection mechanisms that can classify these applications to families based on their characteristics. A significant amount of research has already been devoted to analysing and mitigating this growing problem; however, this situation demands more efficient methods with higher precision. The paper proposes such a framework for analysing and classifying a malicious application to certain families relying on the permissions used. The proposed method involves the pre-processing of the applications to extract their permissions, the tokenization of permissions, the data cleansing and finally the application of the Random Forest Classifier to classify the applications in families. The proposed method is trained and tested with a dataset of 11,159 malicious applications categorized in 33 unique families. The precision, recall and f1-score achieved is 98%. The results of the proposed methodology are promising, since it even works in an unbalanced dataset and in many cases outperform other state-of-the-art approaches.
{"title":"Permission-Based Classification of Android Malware Applications Using Random Forest","authors":"Nikolaos Chrysikos, P. Karampelas, Konstantinos F. Xylogiannopoulos","doi":"10.34190/eccws.22.1.1212","DOIUrl":"https://doi.org/10.34190/eccws.22.1.1212","url":null,"abstract":"Android is arguably the most widely used mobile operating system in the world. Due to its widespread use, it has attracted a lot of attention of cybercriminals who attempt to exploit its architecture and outsmart innocent users to install malware applications. The number of such applications is growing every day either by alternating a basic exploitation mechanism or by creating novel mechanisms to exfiltrate users’ data. As a result, there is an increasing need for detection mechanisms that can classify these applications to families based on their characteristics. A significant amount of research has already been devoted to analysing and mitigating this growing problem; however, this situation demands more efficient methods with higher precision. The paper proposes such a framework for analysing and classifying a malicious application to certain families relying on the permissions used. The proposed method involves the pre-processing of the applications to extract their permissions, the tokenization of permissions, the data cleansing and finally the application of the Random Forest Classifier to classify the applications in families. The proposed method is trained and tested with a dataset of 11,159 malicious applications categorized in 33 unique families. The precision, recall and f1-score achieved is 98%. The results of the proposed methodology are promising, since it even works in an unbalanced dataset and in many cases outperform other state-of-the-art approaches.","PeriodicalId":258360,"journal":{"name":"European Conference on Cyber Warfare and Security","volume":"430 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132201051","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-06-19DOI: 10.34190/eccws.22.1.1254
Maria Keinonen
Cyber deterrence is often studied from the point of view of deterrence by punishment or offensive cyber strategies. A vast amount of studies claim that deterrence in cyberspace can never be successful with cyber means alone due to technical challenges and the problem of attribution. Some scholars argue that cyber resilience is an essential part of cyber deterrence, since not every cyberattack can be countered. These reviews are usually technical and concentrate on investigating the balance of offensive and defensive cyber strategies. The technical view leaves gaps in the physical and cyber-persona layers of cyberspace. This paper examines resilience from a societal perspective and reflects on the findings of cyber deterrence theories. The Concept of Comprehensive Security (CCS) is a Finnish model for building and sustaining resilience in society. Preparation for disruptive situations is carried out with the operating principle of overall safety, where society´s vital functions are protected in collaboration between the authorities, the business world, organisations, and citizens. The growing importance of cyber security has led to emphasising the importance of cyber resilience in the Concept of Comprehensive Security. This study investigates the possibilities to utilize the CCS as a tool for cyber deterrence and aims to create a new perspective on the international academic discussion of cyber deterrence. The research method is content analysis. The investigated material consists of Finnish CCS documents, as well as academic cyber deterrence and cyber resilience literature. The characteristics of the CCS are compared to the factors found in the cyber deterrence material to answer the research question. The key observation presented in this study is that a comprehensive approach to building resilience in the society is essential for the credibility of cyber deterrence. Resilience in cyberspace should be viewed from the perspective of every layer, including logical, physical and cyber-persona layers.
{"title":"The Concept of Comprehensive Security as a Tool for Cyber Deterrence","authors":"Maria Keinonen","doi":"10.34190/eccws.22.1.1254","DOIUrl":"https://doi.org/10.34190/eccws.22.1.1254","url":null,"abstract":"Cyber deterrence is often studied from the point of view of deterrence by punishment or offensive cyber strategies. A vast amount of studies claim that deterrence in cyberspace can never be successful with cyber means alone due to technical challenges and the problem of attribution. Some scholars argue that cyber resilience is an essential part of cyber deterrence, since not every cyberattack can be countered. These reviews are usually technical and concentrate on investigating the balance of offensive and defensive cyber strategies. The technical view leaves gaps in the physical and cyber-persona layers of cyberspace. This paper examines resilience from a societal perspective and reflects on the findings of cyber deterrence theories. The Concept of Comprehensive Security (CCS) is a Finnish model for building and sustaining resilience in society. Preparation for disruptive situations is carried out with the operating principle of overall safety, where society´s vital functions are protected in collaboration between the authorities, the business world, organisations, and citizens. The growing importance of cyber security has led to emphasising the importance of cyber resilience in the Concept of Comprehensive Security. This study investigates the possibilities to utilize the CCS as a tool for cyber deterrence and aims to create a new perspective on the international academic discussion of cyber deterrence. The research method is content analysis. The investigated material consists of Finnish CCS documents, as well as academic cyber deterrence and cyber resilience literature. The characteristics of the CCS are compared to the factors found in the cyber deterrence material to answer the research question. The key observation presented in this study is that a comprehensive approach to building resilience in the society is essential for the credibility of cyber deterrence. Resilience in cyberspace should be viewed from the perspective of every layer, including logical, physical and cyber-persona layers.","PeriodicalId":258360,"journal":{"name":"European Conference on Cyber Warfare and Security","volume":"19 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126288917","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-06-19DOI: 10.34190/eccws.22.1.1443
R. Naidoo, Carla Jacobs
Acts of cyber warfare and cyber terrorism (CWCT) that target a nation's critical infrastructure (CI) are quickly becoming a larger threat to national security than conventional kinetic warfare strategies. Adversaries or potential adversaries can target a nation's electrical grids, telecommunications, financial services, transportation, healthcare systems, and other forms of CI. These acts pose a major threat to a nation's CI and consequently exposes citizens to public health, safety, security, and economic development risks. Identifying cyber vulnerabilities and threats can help nations to improve their CI defence strategies. There is a crucial need for research that can aid in understanding the major types of CI threats and by what method they might occur. This paper conducts a systematic literature review to develop an initial threat intelligence framework of CWCT attacks on CI. Drawing from a Human–Cyber–Physical Systems (HCPS) lens, the threat intelligence framework classifies CWCT attacks according to the methods, weapons, vulnerabilities, targets and impact of the CWCT attack. The cyber warfare community can extend the proposed HCPS-based threat intelligence framework to develop more advanced cyber security mitigation strategies, training scenarios and simulations. Large-scale monitoring of CI threats requires in-depth threat intelligence analysis and a collaborative defence strategy. This calls for a higher degree of coordination and orchestration between the military, intelligence agencies, government departments, multinational allies, regulators, and commercial entities. Future research can customize the proposed HCPS-based threat intelligence framework to cater for the unique threats facing specific CI domains.
{"title":"Cyber Warfare and Cyber Terrorism Threats Targeting Critical Infrastructure: A HCPS-based Threat Modelling Intelligence Framework","authors":"R. Naidoo, Carla Jacobs","doi":"10.34190/eccws.22.1.1443","DOIUrl":"https://doi.org/10.34190/eccws.22.1.1443","url":null,"abstract":"Acts of cyber warfare and cyber terrorism (CWCT) that target a nation's critical infrastructure (CI) are quickly becoming a larger threat to national security than conventional kinetic warfare strategies. Adversaries or potential adversaries can target a nation's electrical grids, telecommunications, financial services, transportation, healthcare systems, and other forms of CI. These acts pose a major threat to a nation's CI and consequently exposes citizens to public health, safety, security, and economic development risks. Identifying cyber vulnerabilities and threats can help nations to improve their CI defence strategies. There is a crucial need for research that can aid in understanding the major types of CI threats and by what method they might occur. This paper conducts a systematic literature review to develop an initial threat intelligence framework of CWCT attacks on CI. Drawing from a Human–Cyber–Physical Systems (HCPS) lens, the threat intelligence framework classifies CWCT attacks according to the methods, weapons, vulnerabilities, targets and impact of the CWCT attack. The cyber warfare community can extend the proposed HCPS-based threat intelligence framework to develop more advanced cyber security mitigation strategies, training scenarios and simulations. Large-scale monitoring of CI threats requires in-depth threat intelligence analysis and a collaborative defence strategy. This calls for a higher degree of coordination and orchestration between the military, intelligence agencies, government departments, multinational allies, regulators, and commercial entities. Future research can customize the proposed HCPS-based threat intelligence framework to cater for the unique threats facing specific CI domains.","PeriodicalId":258360,"journal":{"name":"European Conference on Cyber Warfare and Security","volume":"17 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125227999","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-06-19DOI: 10.34190/eccws.22.1.1438
Fouz Barman, N. Alkaabi, Hamda Almenhali, Mahra Alshedi, R. Ikuesan
Reconnaissance and enumeration are both equally significant phases of the penetration testing lifecycle. In hindsight, both reconnaissance and enumeration seem to be very similar as the pair involve information gathering. Whilst reconnaissance leverages passive approaches without direct interaction with the target, enumeration exploits susceptibilities and vulnerabilities in direct client-server communication. Both phases involve gathering information and pinpointing the attack surface within the network of the target. To do so, powerful tools such as Nmap and Netcat are utilized by ethical hackers and penetration testers to identify and resolve security vulnerabilities and weaknesses. Nmap is an open-source command-line tool used for information gathering, network discovery, and security auditing. Whereas Netcat is a back-end tool that manages networks, monitors traffic flow between systems, as well as allows port scanning and listening. However, the plethora of tools and approaches available for these two phases often introduce inconsistencies and time wastage, which can lead to frustration and poor outcome for inexperienced penetration testers. Additionally, not all commands found online are relevant and applicable. In such situations, there is a high probability that the user will feel overwhelmed and exasperated with the overflow of new and foreign information. To address this daunting challenge, this study developed a methodical framework that can provide a technical guide for the reconnaissance and enumeration phases of the penetration testing lifecycle. Furthermore, a clear and thorough step-by-step procedure and detailed explanations of each stage and commands initiated using Nmap and Netcat are provided. The output of this study will be extremely beneficial and informative to a vast group of audience, ranging from university students majoring in security to individuals interested in ethical hacking, and even someone looking for a job with a position of a penetration tester. Furthermore, this technical guide on Nmap and Netcat extends the common body of knowledge in penetration, as a bridge between the industry and academia.
{"title":"A Methodical Framework for Conducting Reconnaissance and Enumeration in the Ethical Hacking Lifecycle","authors":"Fouz Barman, N. Alkaabi, Hamda Almenhali, Mahra Alshedi, R. Ikuesan","doi":"10.34190/eccws.22.1.1438","DOIUrl":"https://doi.org/10.34190/eccws.22.1.1438","url":null,"abstract":"Reconnaissance and enumeration are both equally significant phases of the penetration testing lifecycle. In hindsight, both reconnaissance and enumeration seem to be very similar as the pair involve information gathering. Whilst reconnaissance leverages passive approaches without direct interaction with the target, enumeration exploits susceptibilities and vulnerabilities in direct client-server communication. Both phases involve gathering information and pinpointing the attack surface within the network of the target. To do so, powerful tools such as Nmap and Netcat are utilized by ethical hackers and penetration testers to identify and resolve security vulnerabilities and weaknesses. Nmap is an open-source command-line tool used for information gathering, network discovery, and security auditing. Whereas Netcat is a back-end tool that manages networks, monitors traffic flow between systems, as well as allows port scanning and listening. However, the plethora of tools and approaches available for these two phases often introduce inconsistencies and time wastage, which can lead to frustration and poor outcome for inexperienced penetration testers. Additionally, not all commands found online are relevant and applicable. In such situations, there is a high probability that the user will feel overwhelmed and exasperated with the overflow of new and foreign information. To address this daunting challenge, this study developed a methodical framework that can provide a technical guide for the reconnaissance and enumeration phases of the penetration testing lifecycle. Furthermore, a clear and thorough step-by-step procedure and detailed explanations of each stage and commands initiated using Nmap and Netcat are provided. The output of this study will be extremely beneficial and informative to a vast group of audience, ranging from university students majoring in security to individuals interested in ethical hacking, and even someone looking for a job with a position of a penetration tester. Furthermore, this technical guide on Nmap and Netcat extends the common body of knowledge in penetration, as a bridge between the industry and academia.","PeriodicalId":258360,"journal":{"name":"European Conference on Cyber Warfare and Security","volume":"36 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129954403","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-06-19DOI: 10.34190/eccws.22.1.1222
C. Tselikis
In this paper, we examine architectural designs for the support of demanding ad hoc IoT applications, such as industrial and large-scale IoTs. First, we examine the traditional software stack of nodes involved in centralized sensory applications. Then, we propose a highly distributed ad hoc architecture with increased node cooperation. Finally, we propose a secure fog-based hybrid model that offers optimizations with respect to performance and security and which facilitates the development of intelligent localized end-user applications with very strict latency requirements. In the three models that we examine we highlight operations at the routing layer and at the clustering sub-layer.
{"title":"On the software architectures for fog-based secure IOT deployments","authors":"C. Tselikis","doi":"10.34190/eccws.22.1.1222","DOIUrl":"https://doi.org/10.34190/eccws.22.1.1222","url":null,"abstract":"In this paper, we examine architectural designs for the support of demanding ad hoc IoT applications, such as industrial and large-scale IoTs. First, we examine the traditional software stack of nodes involved in centralized sensory applications. Then, we propose a highly distributed ad hoc architecture with increased node cooperation. Finally, we propose a secure fog-based hybrid model that offers optimizations with respect to performance and security and which facilitates the development of intelligent localized end-user applications with very strict latency requirements. In the three models that we examine we highlight operations at the routing layer and at the clustering sub-layer.","PeriodicalId":258360,"journal":{"name":"European Conference on Cyber Warfare and Security","volume":"24 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117190932","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-06-19DOI: 10.34190/eccws.22.1.1447
Ilona Frisk, Harri Ruoslahti, Ilkka Tikanmäki
Information technology and its applications surround us and those have become crucial to our lives. However, the understanding of the digital world is not as strong. Successful and functional cybersecurity is a vital component for the defence of a civilised society. This study looks at how cybersecurity has been handled in thesis written at one University of Applied Sciences and what kind of topics have been chosen by thesis writers, and what is written about cybersecurity in them to understand how cybersecurity is seen in higher education. The goal of this paper was to find out how cybersecurity has been handled in theses and what kind of topics have been chosen by thesis writers. The two research questions are: what theses have been published that handle cybersecurity; and how does cybersecurity in them? As typical of a case study, attention is paid to a small number of cases (n = 15) attempting to describe the phenomenon they represent. Of the fifteen theses, two were master’s and thirteen bachelor’s theses, and mostly completed in Safety, Security and Risk Management, Security Management, and Business information technology programmes. Based on the results in this case, cyber security is being examined or developed from several, different points of view and in multidisciplinary ways.
{"title":"Cybersecurity Through Thesis in Laurea University of Applied Sciences","authors":"Ilona Frisk, Harri Ruoslahti, Ilkka Tikanmäki","doi":"10.34190/eccws.22.1.1447","DOIUrl":"https://doi.org/10.34190/eccws.22.1.1447","url":null,"abstract":"Information technology and its applications surround us and those have become crucial to our lives. However, the understanding of the digital world is not as strong. Successful and functional cybersecurity is a vital component for the defence of a civilised society. This study looks at how cybersecurity has been handled in thesis written at one University of Applied Sciences and what kind of topics have been chosen by thesis writers, and what is written about cybersecurity in them to understand how cybersecurity is seen in higher education. The goal of this paper was to find out how cybersecurity has been handled in theses and what kind of topics have been chosen by thesis writers. The two research questions are: what theses have been published that handle cybersecurity; and how does cybersecurity in them? As typical of a case study, attention is paid to a small number of cases (n = 15) attempting to describe the phenomenon they represent. Of the fifteen theses, two were master’s and thirteen bachelor’s theses, and mostly completed in Safety, Security and Risk Management, Security Management, and Business information technology programmes. Based on the results in this case, cyber security is being examined or developed from several, different points of view and in multidisciplinary ways.","PeriodicalId":258360,"journal":{"name":"European Conference on Cyber Warfare and Security","volume":"71 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130640305","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-06-19DOI: 10.34190/eccws.22.1.1070
Jussi Simola, J. Pöyhönen, M. Lehto
Systems of system-level thinking is required when the purpose is to develop a coherent understanding of the ecosystem where every user and system requirements are divided into specific parts. The smarter project, as a part of the Sea4value program of DIMECC, aims to develop harbor operations, including passenger and cargo transportation, in a way that port processes will improve, emissions will decrease, and overall security will enhance in smart ports. This paper describes cyber-attack impacts against the Smart terminal system of systems in the cyber realm by utilizing the MITRE ATTACK® framework to map the objectives of threat actors. The Smart Terminal system environment includes ICT, ICS networks and components, communication systems, and port service systems. Internal and external threat sources or actors are hard to divide exactly because of the diversity of the threats. Hybrid threats challenge maritime domain awareness globally. The cyber threat impacts on IT and OT environments are connected to each other because of the use of internal and external networks that impact each other by combining vulnerabilities and threats. Well-working port and terminal operations require not only protected operational systems or sensor systems, but human errors must also be minimized. Objectives of threat actors are presented, categorized, and listed. Threat scenarios illustrate that cyber threats and risks are mainly similar in the maritime global-linked port community and basic hinterland trade. The networked supply chain of the business causes evolving and combined threat scenarios. European and international standards, regulations, policies, recommendations, and, e.g., guidelines by the IMO, set new cyber-threat requirements for port and terminal services and facilities. Therefore, overall security must be considered when cyber-security is the development area. Information exchange in an understandable form is essential for maintaining business continuity. Threat information has to be transferred among stakeholders as well as cyber security codes have to be followed in the port operations of partners that are involved, for example, in operational and system-level actions. Digitalization in smart ports and terminals enhances the capacity to handle cargo and passengers more efficiently, but cyber threats evolve.
{"title":"Smart Terminal System of Systems’ Cyber Threat Impact Evaluation","authors":"Jussi Simola, J. Pöyhönen, M. Lehto","doi":"10.34190/eccws.22.1.1070","DOIUrl":"https://doi.org/10.34190/eccws.22.1.1070","url":null,"abstract":"Systems of system-level thinking is required when the purpose is to develop a coherent understanding of the ecosystem where every user and system requirements are divided into specific parts. The smarter project, as a part of the Sea4value program of DIMECC, aims to develop harbor operations, including passenger and cargo transportation, in a way that port processes will improve, emissions will decrease, and overall security will enhance in smart ports. This paper describes cyber-attack impacts against the Smart terminal system of systems in the cyber realm by utilizing the MITRE ATTACK® framework to map the objectives of threat actors. The Smart Terminal system environment includes ICT, ICS networks and components, communication systems, and port service systems. Internal and external threat sources or actors are hard to divide exactly because of the diversity of the threats. Hybrid threats challenge maritime domain awareness globally. The cyber threat impacts on IT and OT environments are connected to each other because of the use of internal and external networks that impact each other by combining vulnerabilities and threats. Well-working port and terminal operations require not only protected operational systems or sensor systems, but human errors must also be minimized. Objectives of threat actors are presented, categorized, and listed. Threat scenarios illustrate that cyber threats and risks are mainly similar in the maritime global-linked port community and basic hinterland trade. The networked supply chain of the business causes evolving and combined threat scenarios. European and international standards, regulations, policies, recommendations, and, e.g., guidelines by the IMO, set new cyber-threat requirements for port and terminal services and facilities. Therefore, overall security must be considered when cyber-security is the development area. Information exchange in an understandable form is essential for maintaining business continuity. Threat information has to be transferred among stakeholders as well as cyber security codes have to be followed in the port operations of partners that are involved, for example, in operational and system-level actions. Digitalization in smart ports and terminals enhances the capacity to handle cargo and passengers more efficiently, but cyber threats evolve.","PeriodicalId":258360,"journal":{"name":"European Conference on Cyber Warfare and Security","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128573211","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: