No Arabic abstract
Computer users are generally faced with difficulties in making correct security decisions. While an increasingly fewer number of people are trying or willing to take formal security training, online sources including news, security blogs, and websites are continuously making security knowledge more accessible. Analysis of cybersecurity texts can provide insights into the trending topics and identify current security issues as well as how cyber attacks evolve over time. These in turn can support researchers and practitioners in predicting and preparing for these attacks. Comparing different sources may facilitate the learning process for normal users by persisting the security knowledge gained from different cybersecurity context. Prior studies neither systematically analysed the wide-range of digital sources nor provided any standardisation in analysing the trending topics from recent security texts. Although LDA has been widely adopted in topic generation, its generated topics cannot cover the cybersecurity concepts completely and considerably overlap. To address this issue, we propose a semi-automated classification method to generate comprehensive security categories instead of LDA-generated topics. We further compare the identified 16 security categories across different sources based on their popularity and impact. We have revealed several surprising findings. (1) The impact reflected from cyber-security texts strongly correlates with the monetary loss caused by cybercrimes. (2) For most categories, security blogs share the largest popularity and largest absolute/relative impact over time. (3) Websites deliver security information without caring about timeliness much, where one third of the articles do not specify the date and the rest have a time lag in posting emerging security issues.
Model-based evaluation in cybersecurity has a long history. Attack Graphs (AGs) and Attack Trees (ATs) were the earlier developed graphical security models for cybersecurity analysis. However, they have limitations (e.g., scalability problem, state-space explosion problem, etc.) and lack the ability to capture other security features (e.g., countermeasures). To address the limitations and to cope with various security features, a graphical security model named attack countermeasure tree (ACT) was developed to perform security analysis by taking into account both attacks and countermeasures. In our research, we have developed different variants of a hierarchical graphical security model to solve the complexity, dynamicity, and scalability issues involved with security models in the security analysis of systems. In this paper, we summarize and classify security models into the following; graph-based, tree-based, and hybrid security models. We discuss the development of a hierarchical attack representation model (HARM) and different variants of the HARM, its applications, and usability in a variety of domains including the Internet of Things (IoT), Cloud, Software-Defined Networking, and Moving Target Defenses. We provide the classification of the security metrics, including their discussions. Finally, we highlight existing problems and suggest future research directions in the area of graphical security models and applications. As a result of this work, a decision-maker can understand which type of HARM will suit their network or security analysis requirements.
Analysing research trends and predicting their impact on academia and industry is crucial to gain a deeper understanding of the advances in a research field and to inform critical decisions about research funding and technology adoption. In the last years, we saw the emergence of several publicly-available and large-scale Scientific Knowledge Graphs fostering the development of many data-driven approaches for performing quantitative analyses of research trends. This chapter presents an innovative framework for detecting, analysing, and forecasting research topics based on a large-scale knowledge graph characterising research articles according to the research topics from the Computer Science Ontology. We discuss the advantages of a solution based on a formal representation of topics and describe how it was applied to produce bibliometric studies and innovative tools for analysing and predicting research dynamics.
Increasing volatilities within power transmission and distribution force power grid operators to amplify their use of communication infrastructure to monitor and control their grid. The resulting increase in communication creates a larger attack surface for malicious actors. Indeed, cyber attacks on power grids have already succeeded in causing temporary, large-scale blackouts in the recent past. In this paper, we analyze the communication infrastructure of power grids to derive resulting fundamental challenges of power grids with respect to cybersecurity. Based on these challenges, we identify a broad set of resulting attack vectors and attack scenarios that threaten the security of power grids. To address these challenges, we propose to rely on a defense-in-depth strategy, which encompasses measures for (i) device and application security, (ii) network security, (iii) physical security, as well as (iv) policies, procedures, and awareness. For each of these categories, we distill and discuss a comprehensive set of state-of-the art approaches, and identify further opportunities to strengthen cybersecurity in interconnected power grids.
This paper proposes a new event-based parameter switching method for the control tasks of cybersecurity in the context of preventive and reactive cyber defense dynamics. Our parameter switching method helps avoid excessive control costs as well as guarantees the dynamics to converge as our desired speed. Meanwhile, it can be proved that this approach is Zeno-free. A new estimation method with adaptive time windows is used to bridge the gap between the probability state and the sampling state. With the new estimation method, several practical experiments are given afterwards.
To fully empower sensor networks with cognitive Internet of Things (IoT) technology, efficient medium access control protocols that enable the coexistence of cognitive sensor networks with current wireless infrastructure are as essential as the cognitive power in data fusion and processing due to shared wireless spectrum. Cognitive radio (CR) is introduced to increase spectrum efficiency and support such an endeavor, which thereby becomes a promising building block toward facilitating cognitive IoT. In this paper, primary users (PUs) refer to devices in existing wireless infrastructure, and secondary users (SUs) refer to cognitive sensors. For interference control between PUs and SUs, SUs adopt dynamic spectrum access and power adjustment to ensure sufficient operation of PUs, which inevitably leads to increasing latency and poses new challenges on the reliability of IoT communications. To guarantee operations of primary systems while simultaneously optimizing system performance in cognitive radio ad hoc networks (CRAHNs), this paper proposes interference-aware flooding schemes exploiting global timeout and vaccine recovery schemes to control the heavy buffer occupancy induced by packet replications. The information delivery dynamics of SUs under the proposed interference-aware recovery-assisted flooding schemes is analyzed via epidemic models and stochastic geometry from a macroscopic view of the entire system. The simulation results show that our model can efficiently capture the complicated data delivery dynamics in CRAHNs in terms of end-to-end transmission reliability and buffer occupancy. This paper sheds new light on analysis of recovery-assisted flooding schemes in CRAHNs and provides performance evaluation of cognitive IoT services built upon CRAHNs.