The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
Currently the false data injection (FDI) attack bring direct challenges in synchronized phase measurement unit (PMU) based network state estimation in wide-area measurement system, resulting in degraded system reliability and power supply security. This paper assesses the performance of state estimation in electric cyber-physical system paradigm considering the presence of FDI attacks. The adverse...
Cyber network analysts follow complex processes in their investigations of potential threats to their network. Much research is dedicated to providing automated decision support in the effort to make their tasks more efficient, accurate, and timely. Support tools come in a variety of implementations from machine learning algorithms that monitor streams of data to visual analytic environments for exploring...
The area of visualization in cyber-security is advancing at a fast pace. However, there is a lack of standardized guidelines for designing and evaluating the resulting visualizations. Furthermore, limited end-user involvement in the design process leads to visualizations that are generic and often ineffective for cyber-security analysts. Thus, the adoption of the resultant cyber-security visualizations...
ICT systems have become an integral part of business and life. At the same time, these systems have become extremely complex. In such systems exist numerous vulnerabilities waiting to be exploited by potential threat actors. pwnPr3d is a novel modelling approach that performs automated architectural analysis with the objective of measuring the cyber security of the modeled architecture. Its integrated...
New and unseen network attacks pose a great threat to the signature-based detection systems. Consequently, machine learning-based approaches are designed to detect attacks, which rely on features extracted from network data. The problem is caused by different distribution of features in the training and testing datasets, which affects the performance of the learned models. Moreover, generating labeled...
Manifold approaches to security requirements engineering have been proposed, yet there is no consensus how to elicit, analyze, or express security needs. This perspective paper systematizes the problem space of security requirements engineering. Security needs result from the interplay of three dimensions: threats, security goals, and system design. Elementary statements can be made in each dimension,...
Cyber-Physical Systems (CPS) consist of embedded computers with sensing and actuation capability, and are integrated into and tightly coupled with a physical system. Because the physical and cyber components of the system are tightly coupled, cyber-security is important for ensuring the system functions properly and safely. However, the effects of a cyberattack on the whole system may be difficult...
As the malware threat landscape is constantly evolving and over one million new malware strains are being generated every day [1], early automatic detection of threats constitutes a top priority of cybersecurity research, and amplifies the need for more advanced detection and classification methods that are effective and efficient. In this paper, we present the application of machine learning algorithms...
With the development of information technology, software plays an increasingly important role in the process of social development. However, at the same time, the number of software vulnerabilities is growing, posing a threat to national security and social stability. Therefore, some scholars and research institutions are paying their attention to the study of software vulnerability. In this paper,...
In recent times, major cybersecurity breaches and cyber fraud had huge negative impact on victim organisations. The biggest impact made on major areas of business activities. Majority of organisations facing cybersecurity adversity and advanced threats suffers from huge financial and reputation loss. The current security technologies, policies and processes are providing necessary capabilities and...
The analysis of malicious software (malware) is one of the hardest open problems in computer security, since there is a huge and varied number of samples produced daily. In addition,modern malicious programs have automatic mutation capabilities. Through behavior analysis of existing malware, we are able to understand new variants and develop new protection methods. Ontologies can be used to model...
While the term "vulnerability" is widespread in the protection of the critical infrastructures, there is still a gap between its meanings according to the different perspectives from which the security problem is viewed. Cyber and physical notions of vulnerability are different notwithstanding the scientific community has underlined the importance to deal with these two aspects in a unified...
Bayesian game theory is an interesting field within cyber security. Applying it to bank transfer systems can be very useful in finding risks in time and to dynamically adapt to them. It can not only provide insight about the best threat control methods, but also gives insights in how confidential certain core information and actions within the system are. By defining key points for bank transfer systems,...
Network segmentation is a security measure that partitions a network into sections or segments to restrict the movement of a cyber attacker and make it difficult for her to gain access to valuable network resources. This threat-mitigating practice has been recommended by several information security agencies. While it is clear that segmentation is a critical defensive mitigation against cyber threats,...
This tutorial will give a security-oriented introduction to CodeSonar, its program model, and its analyses. Attendees will be given access to a live CodeSonar instance, and will be shown how to explore a code base and review analysis results. Finally, a taste of how to extend CodeSonar will be given.
Achieving mission objectives in complex and increasingly adversarial networks is difficult even under the best of circumstances. Currently, there are few tools for reasoning about how to react to rapid changes in a given network's environmental state; that is, we do not know how to cope with adversarial actions in hostile environments. In this paper, we consider a preliminary operational model that...
We propose a model to represent graphically the impact of cyber events (e.g., attacks, countermeasures) as a prismatic instance of n-sides. The approach considers information about all entities composing an information system (e.g., users, IP addresses, resources, etc.), as well as information about the attacker's knowledge, motivation and capabilities. The base of the prism is represented as an n-side...
Critical infrastructure faces changed landscape of threats which requires progress in the understanding of highly sophisticated attacks. A reflection of this awareness is the upcoming technical documentation of umbrella organizations in critical infrastructure. The attack modeling is an important approach in the design stage of the system. The attack tree is a structural technique for attack modeling...
Cyber security has been heavily studied in both industry and academia, but the traditional security technology is still facing unprecedented challenges in the background of massive and complicated network traffic. Game theory as a mathematical model of conflict and cooperation between intelligent rational decision-makers has great potential to improve cyber security. This paper describes a focused...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.