The benefits of applying and integrating robotics and automation machinery in production plans are being followed by the peak of cybersecurity issues associated with them. This study presents the threat model for a production plant integrated with different components such as PLCs, machine tools, sensors, actuators, and robots. Attending to the heterogeneity of components, protocols, and devices, this paper tries to represent the possible threats that would be affecting the factory and proposes a set of changes and mitigations that would increase their cybersecurity and resilience.
Authored by Francisco Lera, Miguel Santamarta, Gonzalo Costales, Unay Ayucar, Endika Gil-Uriarte, Alfonso Glera, Victor Mayoral-Vilches
Threat modeling and security assessment rely on public information on products, vulnerabilities and weaknesses. So far, databases in these categories have rarely been analyzed in combination. Yet, doing so could help predict unreported vulnerabilities and identify common threat patterns. In this paper, we propose a methodology for producing and optimizing a knowledge graph that aggregates knowledge from common threat databases (CPE, CVE, and CWE). We apply the threat knowledge graph to predict associations between threat databases, specifically between products and vulnerabilities. We evaluate the prediction performance based on historical data, using precision, recall, and F1-score metrics. We demonstrate the ability of the threat knowledge graph to uncover many associations that are currently unknown but will be revealed in the future.
Authored by Zhenpeng Shi, Nikolay Matyunin, Kalman Graffi, David Starobinski
Threat hunting has become very popular due to the present dynamic cyber security environment. As there remains increase in attacks’ landscape, the traditional way of monitoring threats is not scalable anymore. Consequently, threat hunting modeling technique is implemented as an emergent activity using machine learning (ML) paradigms. ML predictive analytics was carried out on OSTO-CID dataset using four algorithms to develop the model. Cross validation ratio of 80:20 was used to train and test the model. Decision tree classifier (DTC) gives the best metrics results among the four ML algorithms with 99.30\% accuracy. Therefore, DTC can be used for developing threat hunting model to mitigate cyber-attacks using data mining approach.
Authored by Akinsola T., Olajubu A., Aderounmu A.
Aiming at the problem of threat assessment of air and space target, a new algorithm for target threat assessment and ranking in intelligent aided decision system is proposed. The algorithm uses the radar characteristics of the targets, such as velocity, acceleration, altitude, heading and electronic interference, as target threat assessment features. Then the Analytic Hierarchy Process (AHP) method of multi-attribute decision is used to fuse information, and the judgment matrix of attribute importance is constructed by fuzzy dynamic interval method, which effectively solves the problem of attribute weight changing with time. Finally, the threat degree is determined by sorting the fusion results. The simulation results show that the algorithm is effective.
Authored by Xia Wu, Jianying Li, Min Shi
An Intrusion detection system (IDS) plays a role in network intrusion detection through network data analysis, and high detection accuracy, precision, and recall are required to detect intrusions. Also, various techniques such as expert systems, data mining, and state transition analysis are used for network data analysis. The paper compares the detection effects of the two IDS methods using data mining. The first technique is a support vector machine (SVM), a machine learning algorithm; the second is a deep neural network (DNN), one of the artificial neural network models. The accuracy, precision, and recall were calculated and compared using NSL-KDD training and validation data, which is widely used in intrusion detection to compare the detection effects of the two techniques. DNN shows slightly higher accuracy than the SVM model. The risk of recognizing an actual intrusion as normal data is much greater than the risk of considering normal data as an intrusion, so DNN proves to be much more effective in intrusion detection than SVM.
Authored by N Patel, B Mehtre, Rajeev Wankar
This study aimed to recognize threats by recognizing the assailant pose, victim pose, and the threat object used by the assailant in one frame in a threat emergency situation using a 2D camera and by applying YOLOv5s algorithm. The system s ability to correctly identify threats depends heavily on the training and labeling in YOLOv5s. Thus, the bounding boxes were carefully assigned, and the labels were arranged properly. Through the application of YOLOv5s algorithm, supervised learning was implemented. Recognized threats were identified by recognizing the three variables including, victim pose, assailant pose, and threat object in one frame. The YOLOv5s were able to localize the pose and object and avoid misclassification by setting the appropriate Intersection over Union (IoU) and confidence threshold. Using a truth table, YOLOv5s was able to identify threats by removing possibilities that were not even threats. As for the result, the system was able to recognize each of the assailant poses, victim poses, and threat objects in one frame. Thus, the system was able to obtain an overall reliability of 98.125\%.
Authored by Shaina Languido, Erika Entredicho, Kimbierly Borromeo, Ma. Manaois, Karl Villanueva, Engr. Tolentino
Topic modeling algorithms from the natural language processing (NLP) discipline have been used for various applications. For instance, topic modeling for the product recommendation systems in the e-commerce systems. In this paper, we briefly reviewed topic modeling applications and then described our proposed idea of utilizing topic modeling approaches for cyber threat intelligence (CTI) applications. We improved the previous work by implementing BERTopic and Top2Vec approaches, enabling users to select their preferred pretrained text/sentence embedding model, and supporting various languages. We implemented our proposed idea as the new topic modeling module for the Open Web Application Security Project (OWASP) Maryam: Open-Source Intelligence (OSINT) framework. We also described our experiment results using a leaked hacker forum dataset (nulled.io) to attract more researchers and open-source communities to participate in the Maryam project of OWASP Foundation.
Authored by Hatma Suryotrisongko, Hari Ginardi, Henning Ciptaningtyas, Saeed Dehqan, Yasuo Musashi
Cyber Threat Intelligence has been demonstrated to be an effective element of defensive security and cyber protection with examples dating back to the founding of the Financial Sector Information Sharing and Analysis Center (FS ISAC) in 1998. Automated methods are needed today in order to stay current with the magnitude of attacks across the globe. Threat information must be actionable, current and credibly validated if they are to be ingested into computer operated defense systems. False positives degrade the value of the system. This paper outlines some of the progress made in applying artificial intelligence techniques as well as the challenges associated with utilizing machine learning to refine the flow of threat intelligence. A variety of methods have been developed to create learning models that can be integrated with firewalls, rules and heuristics. In addition more work is needed to effectively support the limited number of expert human hours available to evaluate the prioritized threat landscape flagged as malicious in a (Security Operations Center) SOC environment.
Authored by Jon Haass
In order to solve the problem of intelligent multi-target threat assessment in Information land battlefield, The SVM nonlinear classification can be effectively solved through the high-dimensional mapping of complex features. The land battlefield target threat assessment index system is selected, the sample data is standardized and standardized, and the target threat assessment SVM classifier is designed, Four commonly kernel functions and penalty coefficients are applied to estimate the threat of targets in land battlefield. The example shows that this method has high classification accuracy and suitable for dealing with complex and changeable battlefield threat data, and has high practical value. The correctness of the conclusion is validated by Python.
Authored by Huan Zhang, Zunpei Wei
To improve the judging and decision-making ability on air target threats in air defense operations, an air target threat assessment method is proposed based on Relevance Vector Machine (RVM) and Artificial Bee Colony (ABC) algorithm. From the reality of air defense operations, the air target threat index system is firstly constructed according to mathematical statistical analysis, and then ABC algorithm is used to optimize the parameters involved in the multi-kernel RVM to establish an air target threat assessment model. Simulation analysis shows that, the proposed method is a high-precision air target threat assessment method, and it is better than RVM method with single Gauss kernel or single Sigmoid kernel in all accuracy indices, thus confirming its effectiveness and feasibility.
Authored by Hanwen Zhang, Xusheng Gan, Nan Wu, Pingni Liu, Zongchen Li
Practical cryptographic systems rely on a true random number generator (TRNG), which is a necessary component in any hardware Root-of-Trust (RoT). Hardware trust anchors are also integrated into larger chips, for instance as hard-IP cores in FPGAs, where the remaining FPGA fabric is freely programmable. To provide security guarantees, proper operation of the TRNG is critical. By that, adversaries are interested to tamper with the ability of TRNGs to produce unpredictable random numbers. In this paper, we show that an FPGA on-chip attack can reduce the true randomness of a TRNG integrated as a hard-IP module in the FPGA. This module is considered to be an immutable security module, compliant with NIST SP 800193 Platform Firmware Resilience Guidelines (PFR), which is a well known guideline for system resilience, and it is also certified by the Cryptographic Algorithm Validation Program (CAVP). By performing an on-chip voltage drop-based fault attack with user-programmable FPGA logic, the random numbers produced by the IP core fail NIST SP 800-22 and BSI AIS31 tests, meaning they are not truly random anymore. By that, this paper shows that new attack vectors can break even verified IP cores, since on-chip attacks are usually not considered in the threat model, which can still affect highly integrated systems.
Authored by Dennis Gnad, Jiaqi Hu, Mehdi Tahoori
In the last decade, numerous Industrial IoT systems have been deployed. Attack vectors and security solutions for these are an active area of research. However, to the best of our knowledge, only very limited insight in the applicability and real-world comparability of attacks exists. To overcome this widespread problem, we have developed and realized an approach to collect attack traces at a larger scale. An easily deployable system integrates well into existing networks and enables the investigation of attacks on unmodified commercial devices.
Authored by Till Zimmermann, Eric Lanfer, Nils Aschenbruck
The aim of this paper is to examine noteworthy cyberattacks that have taken place against ICS and SCADA systems and to analyse them. This paper also proposes a new classification scheme based on the severity of the attack. Since the information revolution, computers and associated technologies have impacted almost all aspects of daily life, and this is especially true of the industrial sector where one of the leading trends is that of automation. This widespread proliferation of computers and computer networks has also made it easier for malicious actors to gain access to these systems and networks and carry out harmful activities.
Authored by Cheerag Kaura, Nidhi Sindhwani, Alka Chaudhary
Ransomware groups represent a significant cyber threat to Western states. Most high-end ransomware actors reside in territorial safe-haven jurisdictions and prove to be resistant to traditional law enforcement activities. This has prompted public sector and cybersecurity industry leaders to perceive ransomware as a national security threat requiring a whole-of-government approach, including cyber operations. In this paper, we investigate whether cyber operations or the threat of cyber operations influence the ransomware ecosystem. Subsequently, we assess the vectors of influence and characteristics of past operations that have disrupted the ecosystem. We describe the specifics of the ransomware-as-a-service system and provide three case studies (DarkSide/BlackMatter, REvil, Conti) highly representative of the current ecosystem and the effect cyber operations have on it. Additionally, we present initial observations about the influence of cyber operations on the system, including best practices from cyber operations against non-state groups. We conclude that even professional, highly skilled, and top-performing ransomware groups can be disrupted through cyber operations. In fact, cyber operations can even bypass some limits imposed on law enforcement operations. Even when ransomware groups rebrand or resurface after a hiatus, we suggest their infrastructure (both technical, human, and reputational) will still suffer mid-to long-term disruption. Although cyber operations are unlikely to be a silver bullet, they are an essential tool in the whole-of-government and multinational efforts and may even grow in importance in the next several years.1‘Releasing the hounds’ is a term for offensive cyber operations aimed at disrupting global ransomware gangs, especially those conducted by militaries or intelligence agencies. First use is found in Patrick Gray and Adam Boileau, ‘Feature Podcast: Releasing the Hounds with Bobby Chesney’, Risky Business, 28 May 2020, https://risky.biz/HF6/.
Authored by Michael Bátrla, Jakub Harašta