Pub Date : 2023-06-19DOI: 10.34190/eccws.22.1.1145
Aleksandras Melnikovas, R. Lugo, Kaie Maennel, A. Brilingaitė, Stefan Sütterlin, A. Juozapavičius
Labor market analysis shows that there is a significant shortage of experienced cybersecurity professionals, and this trend is expected to continue in the future. In addition, young people who are reluctant to choose STEM subjects in school typically do not see cybersecurity as a part of their future because they believe it demands exclusive technical knowledge that is beyond their reach. We aimed to change this perception among students of the social sciences, assuming that by providing social science students with the basics of cybersecurity, it would be possible to raise their awareness and encourage them to consider this field as a potential career option. Our team has designed a concise technical course based on Kolb's model that employs experiential learning to provide students with a basic knowledge of ethical intrusion (penetration testing). During the 32-hour subject, cadet officers with no prior IT education experienced all the steps of hacking both into a remotely accessible and physically accessible computer, including initial reconnaissance, vulnerability scanning, exploitation, and privilege escalation. A hands-on practical task of breaking into a highly vulnerable remote computer allowed for the evaluation of knowledge and skills as well as the reinforcement of learning experiences. In order to assess how the students' perceptions of the cybersecurity profession have changed based on the theory of planned behavior, they were asked to provide feedback immediately after the course and one year later. The results indicate that the short, technically challenging, but practical course based on experiential learning had a significant and positive effect on participants' attitudes: they were substantially more likely to consider cybersecurity as a future career, and some of them began participating in other cybersecurity courses or activities. It is reasonable to assume, therefore, that providing similar technical courses to social science students will encourage them to pursue cybersecurity-related careers in the future.
{"title":"Teaching pentesting to social sciences students using experiential learning techniques to improve attitudes towards possible cybersecurity careers","authors":"Aleksandras Melnikovas, R. Lugo, Kaie Maennel, A. Brilingaitė, Stefan Sütterlin, A. Juozapavičius","doi":"10.34190/eccws.22.1.1145","DOIUrl":"https://doi.org/10.34190/eccws.22.1.1145","url":null,"abstract":"Labor market analysis shows that there is a significant shortage of experienced cybersecurity professionals, and this trend is expected to continue in the future. In addition, young people who are reluctant to choose STEM subjects in school typically do not see cybersecurity as a part of their future because they believe it demands exclusive technical knowledge that is beyond their reach. We aimed to change this perception among students of the social sciences, assuming that by providing social science students with the basics of cybersecurity, it would be possible to raise their awareness and encourage them to consider this field as a potential career option. Our team has designed a concise technical course based on Kolb's model that employs experiential learning to provide students with a basic knowledge of ethical intrusion (penetration testing). During the 32-hour subject, cadet officers with no prior IT education experienced all the steps of hacking both into a remotely accessible and physically accessible computer, including initial reconnaissance, vulnerability scanning, exploitation, and privilege escalation. A hands-on practical task of breaking into a highly vulnerable remote computer allowed for the evaluation of knowledge and skills as well as the reinforcement of learning experiences. In order to assess how the students' perceptions of the cybersecurity profession have changed based on the theory of planned behavior, they were asked to provide feedback immediately after the course and one year later. The results indicate that the short, technically challenging, but practical course based on experiential learning had a significant and positive effect on participants' attitudes: they were substantially more likely to consider cybersecurity as a future career, and some of them began participating in other cybersecurity courses or activities. It is reasonable to assume, therefore, that providing similar technical courses to social science students will encourage them to pursue cybersecurity-related careers in the future.","PeriodicalId":258360,"journal":{"name":"European Conference on Cyber Warfare and Security","volume":"10 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127693897","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-06-19DOI: 10.34190/eccws.22.1.1263
Helvi Salminen
The concept of Zero trust was first introduced in mid 1990’s, and has gradually attracted increasing attention. This approach to building organizations’ information system infrastructures has been developed as response to increasing interaction and interconnection of information systems. Along with organizational boundaries have become less clear with the new business models where a business process exceeds the organizational boundaries, also the boundaries of information systems are no longer clear. In this interconnected world the purely perimeter-based security model defining zones of trusted entities inside the perimeter and the untrusted external world outside the perimeter no longer serves the needs of new business models. And the combination of complex technology and sophisticated attack methods it is no longer possible to be sure that all system components and actors inside the perimeter can be trusted. The Zero trust approach brings the sophisticated controls from the perimeter to the entire system. The core idea can be expressed with the four words “never trust, always verify”. No system component is by default trusted , and one-time verification is not sufficient – access to a resource must be verified at each connection attempt. Mutual authentication of the communicating parties is in the core of the approach. But does the zero trust approach have unwanted side-effects? The complexity of the system increases when new control layers are built, and system complexity can increase the possibility of configuration errors. Can there be other side-effects as well? The need for trust does not disappear even when the systems are built on the zero trust principles. When studying the zero trust approach the author started thinking what would happen in human interaction and organizational co-operation if they are based on or partly apply the zero trust approach. And the scenarios were quite gloomy. But is this only a nightmare or already at least partly present in our reality? This article describes the zero trust approach and its applicability to technical environments. The second part present scenarios of the impacts which application of zero trust principles could have – or maybe already has - in human communication and organizational relationships.
{"title":"Zero Trust: The Magic Bullet or Devil’s Advocate?","authors":"Helvi Salminen","doi":"10.34190/eccws.22.1.1263","DOIUrl":"https://doi.org/10.34190/eccws.22.1.1263","url":null,"abstract":"The concept of Zero trust was first introduced in mid 1990’s, and has gradually attracted increasing attention. This approach to building organizations’ information system infrastructures has been developed as response to increasing interaction and interconnection of information systems. Along with organizational boundaries have become less clear with the new business models where a business process exceeds the organizational boundaries, also the boundaries of information systems are no longer clear. In this interconnected world the purely perimeter-based security model defining zones of trusted entities inside the perimeter and the untrusted external world outside the perimeter no longer serves the needs of new business models. And the combination of complex technology and sophisticated attack methods it is no longer possible to be sure that all system components and actors inside the perimeter can be trusted. The Zero trust approach brings the sophisticated controls from the perimeter to the entire system. The core idea can be expressed with the four words “never trust, always verify”. No system component is by default trusted , and one-time verification is not sufficient – access to a resource must be verified at each connection attempt. Mutual authentication of the communicating parties is in the core of the approach. But does the zero trust approach have unwanted side-effects? The complexity of the system increases when new control layers are built, and system complexity can increase the possibility of configuration errors. Can there be other side-effects as well? The need for trust does not disappear even when the systems are built on the zero trust principles. When studying the zero trust approach the author started thinking what would happen in human interaction and organizational co-operation if they are based on or partly apply the zero trust approach. And the scenarios were quite gloomy. But is this only a nightmare or already at least partly present in our reality? This article describes the zero trust approach and its applicability to technical environments. The second part present scenarios of the impacts which application of zero trust principles could have – or maybe already has - in human communication and organizational relationships.","PeriodicalId":258360,"journal":{"name":"European Conference on Cyber Warfare and Security","volume":"75 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128391938","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-06-19DOI: 10.34190/eccws.22.1.1154
Adam M Spanier, W. Mahoney
Analysis (SA) in Cybersecurity is a practice aimed at detecting vulnerabilities within the source code of a program. Modern SA applications, though highly sophisticated, lack programming language agnostic generalization, instead requiring codebase specific implementations for each programming language. The manner in which SA is implemented today, though functional, requires significant man hours to develop and maintain, higher costs due to custom applications for each language, and creates inconsistencies in implementation from SA-tool to SA-tool. A source of programming language generalization occurs within compilers. During the compilation process, source code is converted into a grammatically consistent Intermediate Representation (IR) (e.g. LLVM-IR) before being converted to an output format. The grammatical consistencies provided by the IR theoretically allow the same program written in different languages to be analyzed using the same mechanism. By using the IRs of compiled programming languages as the codebase of SA practices, multiple programming languages can be encompassed by a single SA tool. To begin understanding the possibilities the combination of SA and IRs may reveal, this research presents the following outcomes: 1) a systematic literature search, 2) a literature review, and 3) the classification of existing work pertaining to SA practices using IRs. The results of the study indicate that generalized Static Analysis using the LLVM IR is already a common practice in all compilers, but that the extended use of the LLVM IR in Cybersecurity SA practices aimed at finding vulnerabilities in source code remains underdeveloped.
{"title":"Static Vulnerability Analysis Using Intermediate Representations: A Literature Review","authors":"Adam M Spanier, W. Mahoney","doi":"10.34190/eccws.22.1.1154","DOIUrl":"https://doi.org/10.34190/eccws.22.1.1154","url":null,"abstract":"Analysis (SA) in Cybersecurity is a practice aimed at detecting vulnerabilities within the source code of a program. Modern SA applications, though highly sophisticated, lack programming language agnostic generalization, instead requiring codebase specific implementations for each programming language. The manner in which SA is implemented today, though functional, requires significant man hours to develop and maintain, higher costs due to custom applications for each language, and creates inconsistencies in implementation from SA-tool to SA-tool. A source of programming language generalization occurs within compilers. During the compilation process, source code is converted into a grammatically consistent Intermediate Representation (IR) (e.g. LLVM-IR) before being converted to an output format. The grammatical consistencies provided by the IR theoretically allow the same program written in different languages to be analyzed using the same mechanism. By using the IRs of compiled programming languages as the codebase of SA practices, multiple programming languages can be encompassed by a single SA tool. To begin understanding the possibilities the combination of SA and IRs may reveal, this research presents the following outcomes: 1) a systematic literature search, 2) a literature review, and 3) the classification of existing work pertaining to SA practices using IRs. The results of the study indicate that generalized Static Analysis using the LLVM IR is already a common practice in all compilers, but that the extended use of the LLVM IR in Cybersecurity SA practices aimed at finding vulnerabilities in source code remains underdeveloped.","PeriodicalId":258360,"journal":{"name":"European Conference on Cyber Warfare and Security","volume":"78 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124106062","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-06-19DOI: 10.34190/eccws.22.1.1143
Tatu Niskanen, J. Salonen
The ongoing need for societal and industrial digital transformation requires rapidly expanding networks of interconnected organizations and dictates an increasing role for cybersecurity in information sharing. A typical setup consists of multiple stakeholders working closely together and needing efficient channels for sharing relevant information in a secure manner. This is especially prevalent with complex modern supply chains and critical information infrastructures. They often comprise of numerous co-operating organizations, people and in some cases smart devices having different levels of access to a variety of information. Granular access control plays a vital role when distributing information efficiently between stakeholders without revealing sensitive pieces of data to unwanted third parties. This article presents a novel framework for enabling fine-grained access control to share information efficiently and securely in these situations. Our motivation and use case for the framework originates from the secure sharing of cyber incident information in the maritime logistics industry. We present a novel solution to this problem by developing an information sharing platform and a meta-model, demonstrated using an implementation with structured JSON data formats, while supporting previously researched attribute-based encryption schemes. The proposed framework provides a broader context to the fine-grained data access control challenge in addition to the technical implementation.
{"title":"Enabling fine-grained access control in information sharing with structured data formats","authors":"Tatu Niskanen, J. Salonen","doi":"10.34190/eccws.22.1.1143","DOIUrl":"https://doi.org/10.34190/eccws.22.1.1143","url":null,"abstract":"The ongoing need for societal and industrial digital transformation requires rapidly expanding networks of interconnected organizations and dictates an increasing role for cybersecurity in information sharing. A typical setup consists of multiple stakeholders working closely together and needing efficient channels for sharing relevant information in a secure manner. This is especially prevalent with complex modern supply chains and critical information infrastructures. They often comprise of numerous co-operating organizations, people and in some cases smart devices having different levels of access to a variety of information. Granular access control plays a vital role when distributing information efficiently between stakeholders without revealing sensitive pieces of data to unwanted third parties. This article presents a novel framework for enabling fine-grained access control to share information efficiently and securely in these situations. Our motivation and use case for the framework originates from the secure sharing of cyber incident information in the maritime logistics industry. We present a novel solution to this problem by developing an information sharing platform and a meta-model, demonstrated using an implementation with structured JSON data formats, while supporting previously researched attribute-based encryption schemes. The proposed framework provides a broader context to the fine-grained data access control challenge in addition to the technical implementation.","PeriodicalId":258360,"journal":{"name":"European Conference on Cyber Warfare and Security","volume":"34 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117029160","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
On December 8th, 2021, Professor Stuart Russell delivered the second of that year’s Reith Lectures, presented under the banner title ‘Living With Artificial Intelligence’. This specific talk dealt with ‘The Future Role of AI in Warfare’, and in this paper I propose a reading of Russell’s address which both summarises and critiques his argument and stance, to determine what, if anything, can be taken from his position as effectively a public philosopher and applied in the realm of modern warfare, where ethical questions are taken from the seminar room and enacted in battlespace. The Reith lectures occupy a unique place in public discourse; given each year by a leading figure in the field under discussion, they help to shape opinion and debate. In considering the role of AI, and in particular its deployment in combat, there is undoubtedly a need for multi- and transdisciplinary thought, but the choice of Russell as the lecturer is not unproblematic. He is undoubtedly an expert in the field of AI, but he has no direct experience of working with the military, and is clearly not a neutral witness. He has been a leading figure in the campaign to ban research into autonomous weapon systems, and was closely involved in the production of Slaughterbots, a short film which presents a nightmare vision of swarming drones as agents of political repression. There are deep and serious questions to be asked about the role of AI in warfare, but Russell’s position that we must stop all research in the field is arguably naïve. Our adversaries will surely not be as punctilious. At the heart of the debate lie complex issues concerning human agency and control (and ‘control’ lies at the etymological root of ‘cyber’); this paper will use Russell’s lecture as a starting point for the consideration of how we might develop an ethical doctrine for the use of AI, resting on the idea of human-machine teaming. It will, in short, argue for a cybernetic solution to the problems of cyber warfare.
{"title":"Reith, Russell, and the Robots: AI, Warfare, and Shaping the Debate","authors":"K. Scott","doi":"10.34190/eccws.21.1.510","DOIUrl":"https://doi.org/10.34190/eccws.21.1.510","url":null,"abstract":"On December 8th, 2021, Professor Stuart Russell delivered the second of that year’s Reith Lectures, presented under the banner title ‘Living With Artificial Intelligence’. This specific talk dealt with ‘The Future Role of AI in Warfare’, and in this paper I propose a reading of Russell’s address which both summarises and critiques his argument and stance, to determine what, if anything, can be taken from his position as effectively a public philosopher and applied in the realm of modern warfare, where ethical questions are taken from the seminar room and enacted in battlespace. The Reith lectures occupy a unique place in public discourse; given each year by a leading figure in the field under discussion, they help to shape opinion and debate. In considering the role of AI, and in particular its deployment in combat, there is undoubtedly a need for multi- and transdisciplinary thought, but the choice of Russell as the lecturer is not unproblematic. He is undoubtedly an expert in the field of AI, but he has no direct experience of working with the military, and is clearly not a neutral witness. He has been a leading figure in the campaign to ban research into autonomous weapon systems, and was closely involved in the production of Slaughterbots, a short film which presents a nightmare vision of swarming drones as agents of political repression. There are deep and serious questions to be asked about the role of AI in warfare, but Russell’s position that we must stop all research in the field is arguably naïve. Our adversaries will surely not be as punctilious. At the heart of the debate lie complex issues concerning human agency and control (and ‘control’ lies at the etymological root of ‘cyber’); this paper will use Russell’s lecture as a starting point for the consideration of how we might develop an ethical doctrine for the use of AI, resting on the idea of human-machine teaming. It will, in short, argue for a cybernetic solution to the problems of cyber warfare.","PeriodicalId":258360,"journal":{"name":"European Conference on Cyber Warfare and Security","volume":"325 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-06-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124588685","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Information warfare is no longer a denizen purely of the political domain. It is a phenomenon that permeates other domains, especially those of mass communications and cybersecurity. Deepfakes, sock puppets, and microtargeted political advertising on social media are some examples of techniques that have been employed by threat actors to exert influence over consumers of mass media. Social Network Analysis (SNA) is an aggregation of tools and techniques used to research and analyze the nature of relationships between entities. SNA makes use of such tools as text mining, sentiment analysis, and machine learning algorithms to identify and measure aspects of human behavior in certain defined conditions. One area of interest in SNA is the ability to identify and measure levels of strong emotions in groups of people. In particular, we have developed a technique in which the potential for increased violence within a community can be identified and measured using a combination of text mining, sentiment analysis, and graph theory. We have compiled a custom lexicon of terms used commonly in discussions relating to acts of violence. Each term in the lexicon has a numerical weight associated with it, indicating how violent the term is. We will take samples of online community discussions from Twitter and use the R and Python programming languages to cross-reference the samples with our lexicon. The results will be displayed in a Twitter discussion graph where the user nodes are color-coded according to the overall level of violence that is inherent in the Tweet. This methodology will demonstrate which communities within an online social network discussion are more at risk for potentially violent behavior. We assert that when this approach is used in association with other NLP techniques such as word embeddings and sentiment analysis, it will provide cybersecurity and homeland security analysts with actionable threat intelligence.
{"title":"Identification of Violence in Twitter Using a Custom Lexicon and NLP","authors":"Jonathan Adkins","doi":"10.34190/eccws.21.1.340","DOIUrl":"https://doi.org/10.34190/eccws.21.1.340","url":null,"abstract":"Information warfare is no longer a denizen purely of the political domain. It is a phenomenon that permeates other domains, especially those of mass communications and cybersecurity. Deepfakes, sock puppets, and microtargeted political advertising on social media are some examples of techniques that have been employed by threat actors to exert influence over consumers of mass media. Social Network Analysis (SNA) is an aggregation of tools and techniques used to research and analyze the nature of relationships between entities. SNA makes use of such tools as text mining, sentiment analysis, and machine learning algorithms to identify and measure aspects of human behavior in certain defined conditions. One area of interest in SNA is the ability to identify and measure levels of strong emotions in groups of people. In particular, we have developed a technique in which the potential for increased violence within a community can be identified and measured using a combination of text mining, sentiment analysis, and graph theory. We have compiled a custom lexicon of terms used commonly in discussions relating to acts of violence. Each term in the lexicon has a numerical weight associated with it, indicating how violent the term is. We will take samples of online community discussions from Twitter and use the R and Python programming languages to cross-reference the samples with our lexicon. The results will be displayed in a Twitter discussion graph where the user nodes are color-coded according to the overall level of violence that is inherent in the Tweet. This methodology will demonstrate which communities within an online social network discussion are more at risk for potentially violent behavior. We assert that when this approach is used in association with other NLP techniques such as word embeddings and sentiment analysis, it will provide cybersecurity and homeland security analysts with actionable threat intelligence.","PeriodicalId":258360,"journal":{"name":"European Conference on Cyber Warfare and Security","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-06-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116464084","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Stephen Taylor, Jason Dahlstrom, E. Baker, Brandon Guzman
This paper describes a fully automated process that creates a custom hardware traffic validator directly from a formal grammar and deploys it within a specialized network security appliance. The appliance appears as a hidden, all-hardware “bump-in-the-wire” that can be inserted within any network segment; it stores and validates messages on-the-fly, and either forwards or drops individual packets in real-time. Consequently, it serves to disrupt and mitigate stealthy remote attacks that leverage zero-day exploits and persistent implants. Allowed traffic, files, and mission payload formats are specified formally using a standard Look-Ahead, Left-to-Right (LALR) grammar that operates on ASCII and/or binary data. The grammars can be expressed either in Backus-Naur Form (BNF), used by industry standard tools such as Bison, or through state-of-the-art combinators, such as Hammer, under development within the DARPA SafeDocs program. Bison and Hammer compiler tools are used to generate standard shift/reduce parsing tables. These tables are post-processed to improve their compactness and practical viability. The optimized tables are then combined with a generic push-down automaton to form a complete parser. The parser is then automatically transformed into a hardware circuit using High-Level Synthesis (HLS). The result is a composable block of circuitry that can be directly inserted into a generic communications harness embedded within a Field Programmable Gate Array (FPGA) on the network appliance.
{"title":"Automatic Construction of Hardware Traffic Validators","authors":"Stephen Taylor, Jason Dahlstrom, E. Baker, Brandon Guzman","doi":"10.34190/eccws.21.1.200","DOIUrl":"https://doi.org/10.34190/eccws.21.1.200","url":null,"abstract":"This paper describes a fully automated process that creates a custom hardware traffic validator directly from a formal grammar and deploys it within a specialized network security appliance. The appliance appears as a hidden, all-hardware “bump-in-the-wire” that can be inserted within any network segment; it stores and validates messages on-the-fly, and either forwards or drops individual packets in real-time. Consequently, it serves to disrupt and mitigate stealthy remote attacks that leverage zero-day exploits and persistent implants. Allowed traffic, files, and mission payload formats are specified formally using a standard Look-Ahead, Left-to-Right (LALR) grammar that operates on ASCII and/or binary data. The grammars can be expressed either in Backus-Naur Form (BNF), used by industry standard tools such as Bison, or through state-of-the-art combinators, such as Hammer, under development within the DARPA SafeDocs program. Bison and Hammer compiler tools are used to generate standard shift/reduce parsing tables. These tables are post-processed to improve their compactness and practical viability. The optimized tables are then combined with a generic push-down automaton to form a complete parser. The parser is then automatically transformed into a hardware circuit using High-Level Synthesis (HLS). The result is a composable block of circuitry that can be directly inserted into a generic communications harness embedded within a Field Programmable Gate Array (FPGA) on the network appliance.","PeriodicalId":258360,"journal":{"name":"European Conference on Cyber Warfare and Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-06-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128299519","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Dynamic Random-Access Memory (DRAM)-based Physically Unclonable Functions (PUFs) are a part of the Physical Layer Security (PhySec) domain. Those electrical PUFs are memory based and exhibit a high availability, Shannon Entropy, low energy consumption and high amount of Challenge Response Pairs (CRPs). Because of those properties, the DRAM PUF is a promising approach for security applications in the Industrial Internet of Things (IIoT) context as well as securing the Sixth-Generation (6G) Wireless Systems and edge computing. �DRAM, with its most common one-Transistor one-Capacitor (1T1C) architecture, and as a volatile memory is embedded in almost every modern computing unit. Regarding the PUF security applications, four main types of applications are currently distinguished in the scientific community: Retention Error, Row Hammer, Startup and Latency PUFs. Thereby these differ in their procedure in how responses are generated as well as by the physical mechanisms. Each of them with varying properties in terms of availability, reliability, uniqueness and uniformity. �To examine this, and to obtain comparable results, this work proposes to compare the four different DRAM-PUF types i) with the same metrics of evaluation and ii) implemented on the same DRAM cells. This represents both the difference with regard to the work done in the literature and the added value of this work presented. As far as known, there is no work to date that performs the intended evaluations using the same evaluation platform under the identical conditions. However, this is required for comparable results. �This consistent comparison is ensured by a self-developed and implemented evaluation platform, which is accordingly equipped with a significant number of DRAMs. By an appropriate high volume of measurements, a corresponding resolution will be given. Monitoring the environmental conditions prevents from wrong interpretations caused by environmental influences but also provides useful context information. Furthermore, a detailed technical and physical background will be described. The results of this approach will assist by the consideration of which DRAM-PUF is appropriate in which (environmental) conditions and thereby provide a guideline for practitioners.
{"title":"DRAM-based Physically Unclonable Functions and the Need for Proper Evaluation","authors":"C. Lipps, Pascal Ahr, H. Schotten","doi":"10.34190/eccws.21.1.404","DOIUrl":"https://doi.org/10.34190/eccws.21.1.404","url":null,"abstract":"Dynamic Random-Access Memory (DRAM)-based Physically Unclonable Functions (PUFs) are a part of the Physical Layer Security (PhySec) domain. Those electrical PUFs are memory based and exhibit a high availability, Shannon Entropy, low energy consumption and high amount of Challenge Response Pairs (CRPs). Because of those properties, the DRAM PUF is a promising approach for security applications in the Industrial Internet of Things (IIoT) context as well as securing the Sixth-Generation (6G) Wireless Systems and edge computing. \u0000DRAM, with its most common one-Transistor one-Capacitor (1T1C) architecture, and as a volatile memory is embedded in almost every modern computing unit. Regarding the PUF security applications, four main types of applications are currently distinguished in the scientific community: Retention Error, Row Hammer, Startup and Latency PUFs. Thereby these differ in their procedure in how responses are generated as well as by the physical mechanisms. Each of them with varying properties in terms of availability, reliability, uniqueness and uniformity. \u0000To examine this, and to obtain comparable results, this work proposes to compare the four different DRAM-PUF types i) with the same metrics of evaluation and ii) implemented on the same DRAM cells. This represents both the difference with regard to the work done in the literature and the added value of this work presented. As far as known, there is no work to date that performs the intended evaluations using the same evaluation platform under the identical conditions. However, this is required for comparable results. \u0000This consistent comparison is ensured by a self-developed and implemented evaluation platform, which is accordingly equipped with a significant number of DRAMs. By an appropriate high volume of measurements, a corresponding resolution will be given. Monitoring the environmental conditions prevents from wrong interpretations caused by environmental influences but also provides useful context information. Furthermore, a detailed technical and physical background will be described. The results of this approach will assist by the consideration of which DRAM-PUF is appropriate in which (environmental) conditions and thereby provide a guideline for practitioners. ","PeriodicalId":258360,"journal":{"name":"European Conference on Cyber Warfare and Security","volume":"7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-06-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123985523","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
As cyber crime becomes ever more sophisticated and a significant asymmetric threat, the need for effective cyber security is of vital importance. One important cyber security response is through cyber norms. At the same time, calls for multi-sector and multi-domain trust and cooperation are widespread. Yet research on the nature of trust and cooperation in cyber security norms appears to be underdeveloped. Key questions remain concerning the emergence and nature of trust and cooperation in norms. In addressing this gap, the article first considers how we can understand trust and cooperation in cyber norms through leveraging well-established theory from management research on trust building. Next, the paper examines the SolarWinds breach, as an example, to evaluate norms, trust and cooperation. The paper then applies principles from prominent trust-building theory to examine the antecedents, processes of outputs involved in building trust and cooperation. The contribution of this work presents a foundational conceptual framework, to allow the dynamics of norms, trust, and cooperation in managing cyber crime incidents to be studied. In doing so, the literature on examining trust and cooperation in norms is extended. Other researchers’ interest is encouraged as is an agenda for further research on norms, trust, and cooperation to support cyber security management. Implications may help the cyber security community as they construct and manage norms, trust, and cooperation.
{"title":"Cyber Security Norms: Trust and Cooperation","authors":"Allison Wylde","doi":"10.34190/eccws.21.1.498","DOIUrl":"https://doi.org/10.34190/eccws.21.1.498","url":null,"abstract":"As cyber crime becomes ever more sophisticated and a significant asymmetric threat, the need for effective cyber security is of vital importance. One important cyber security response is through cyber norms. At the same time, calls for multi-sector and multi-domain trust and cooperation are widespread. Yet research on the nature of trust and cooperation in cyber security norms appears to be underdeveloped. Key questions remain concerning the emergence and nature of trust and cooperation in norms. In addressing this gap, the article first considers how we can understand trust and cooperation in cyber norms through leveraging well-established theory from management research on trust building. Next, the paper examines the SolarWinds breach, as an example, to evaluate norms, trust and cooperation. The paper then applies principles from prominent trust-building theory to examine the antecedents, processes of outputs involved in building trust and cooperation. The contribution of this work presents a foundational conceptual framework, to allow the dynamics of norms, trust, and cooperation in managing cyber crime incidents to be studied. In doing so, the literature on examining trust and cooperation in norms is extended. Other researchers’ interest is encouraged as is an agenda for further research on norms, trust, and cooperation to support cyber security management. Implications may help the cyber security community as they construct and manage norms, trust, and cooperation.","PeriodicalId":258360,"journal":{"name":"European Conference on Cyber Warfare and Security","volume":"333 ","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-06-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"113985918","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
L. Segurola, Telmo Egüés, Francesco Zola, Raul Orduna
Domain Generation Algorithms (DGA) are systems used to create immediate multiple and varying domain names. Such “artificial” domains can be then used for siting command and control servers which in turn oversee recruiting/infecting devices, and finally turning them into new resources to be exploited. In this sense, identifying DGA domain names can be crucial, to avoid cyberattacks like Phishing, Spam sending, Bitcoin mining, and many other. Usually, domain names generated by DGAs, are comprised by illegible character strings, but new “intelligent” DGAs tend to generate names using combination of words in dictionaries making its detection a challenging task. For this reason, in this work, we propose to address this problem using a combination of Machine Learning algorithms for improving the classification of DGAs domains. In particular, we propose to combine Siamese Neural Networks and traditional supervised Machine Learning algorithms in order to expand the input domain into separable n-dimensional data points and then achieve the domain classification. The proposed approach can be separated into 3 phases. In a first phase, domain names are encoded, by a one-hot encoder and a variation of this, named probabilistic one-hot encoder, which are implemented separately. Then, in the second phase, Long Short-Term Memory and Convolutional Siamese embedders are tested and compared. In particular, the first one is combined with the one-hot, while the Convolution algorithm is applied with the probabilistic one-hot encoded data. In the final step, five Machine Learning algorithms are tested using the two ways embedded data. Both embedder approaches reach very high results in terms of F1-score and Accuracy (about 91%) depending on the implemented classifier. The promising results obtained by the application of the proposed method shows that it is possible to perform DGA domain classification uniquely over the domain names, without considering external information such as DNS packets features.
{"title":"Siamese Neural Network and Machine Learning for DGA Classification","authors":"L. Segurola, Telmo Egüés, Francesco Zola, Raul Orduna","doi":"10.34190/eccws.21.1.205","DOIUrl":"https://doi.org/10.34190/eccws.21.1.205","url":null,"abstract":"Domain Generation Algorithms (DGA) are systems used to create immediate multiple and varying domain names. Such “artificial” domains can be then used for siting command and control servers which in turn oversee recruiting/infecting devices, and finally turning them into new resources to be exploited. In this sense, identifying DGA domain names can be crucial, to avoid cyberattacks like Phishing, Spam sending, Bitcoin mining, and many other. Usually, domain names generated by DGAs, are comprised by illegible character strings, but new “intelligent” DGAs tend to generate names using combination of words in dictionaries making its detection a challenging task. For this reason, in this work, we propose to address this problem using a combination of Machine Learning algorithms for improving the classification of DGAs domains. In particular, we propose to combine Siamese Neural Networks and traditional supervised Machine Learning algorithms in order to expand the input domain into separable n-dimensional data points and then achieve the domain classification. The proposed approach can be separated into 3 phases. In a first phase, domain names are encoded, by a one-hot encoder and a variation of this, named probabilistic one-hot encoder, which are implemented separately. Then, in the second phase, Long Short-Term Memory and Convolutional Siamese embedders are tested and compared. In particular, the first one is combined with the one-hot, while the Convolution algorithm is applied with the probabilistic one-hot encoded data. In the final step, five Machine Learning algorithms are tested using the two ways embedded data. Both embedder approaches reach very high results in terms of F1-score and Accuracy (about 91%) depending on the implemented classifier. The promising results obtained by the application of the proposed method shows that it is possible to perform DGA domain classification uniquely over the domain names, without considering external information such as DNS packets features.","PeriodicalId":258360,"journal":{"name":"European Conference on Cyber Warfare and Security","volume":"2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-06-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128901678","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: