-
A Unified Knowledge Graph to Permit Interoperability of Heterogeneous Digital Evidence
Authors:
Ali Alshumrani,
Nathan Clarke,
Bogdan Ghita
Abstract:
The modern digital world is highly heterogeneous, encompassing a wide variety of communications, devices, and services. This interconnectedness generates, synchronises, stores, and presents digital information in multidimensional, complex formats, often fragmented across multiple sources. When linked to misuse, this digital information becomes vital digital evidence. Integrating and harmonising th…
▽ More
The modern digital world is highly heterogeneous, encompassing a wide variety of communications, devices, and services. This interconnectedness generates, synchronises, stores, and presents digital information in multidimensional, complex formats, often fragmented across multiple sources. When linked to misuse, this digital information becomes vital digital evidence. Integrating and harmonising these diverse formats into a unified system is crucial for comprehensively understanding evidence and its relationships. However, existing approaches to date have faced challenges limiting investigators' ability to query heterogeneous evidence across large datasets. This paper presents a novel approach in the form of a modern unified data graph. The proposed approach aims to seamlessly integrate, harmonise, and unify evidence data, enabling cross-platform interoperability, efficient data queries, and improved digital investigation performance. To demonstrate its efficacy, a case study is conducted, highlighting the benefits of the proposed approach and showcasing its effectiveness in enabling the interoperability required for advanced analytics in digital investigations.
△ Less
Submitted 21 February, 2024;
originally announced February 2024.
-
Data Driven Approaches to Cybersecurity Governance for Board Decision-Making -- A Systematic Review
Authors:
Anita Modi,
Ievgeniia Kuzminykh,
Bogdan Ghita
Abstract:
Cybersecurity governance influences the quality of strategic decision-making to ensure cyber risks are managed effectively. Board of Directors are the decisions-makers held accountable for managing this risk; however, they lack adequate and efficient information necessary for making such decisions. In addition to the myriad of challenges they face, they are often insufficiently versed in the techn…
▽ More
Cybersecurity governance influences the quality of strategic decision-making to ensure cyber risks are managed effectively. Board of Directors are the decisions-makers held accountable for managing this risk; however, they lack adequate and efficient information necessary for making such decisions. In addition to the myriad of challenges they face, they are often insufficiently versed in the technology or cybersecurity terminology or not provided with the correct tools to support them to make sound decisions to govern cybersecurity effectively. A different approach is needed to ensure BoDs are clear on the approach the business is taking to build a cyber resilient organization. This systematic literature review investigates the existing risk measurement instruments, cybersecurity metrics, and associated models for supporting BoDs. We identified seven conceptual themes through literature analysis that form the basis of this study's main contribution. The findings showed that, although sophisticated cybersecurity tools exist and are develo**, there is limited information for Board of Directors to support them in terms of metrics and models to govern cybersecurity in a language they understand. The review also provides some recommendations on theories and models that can be further investigated to provide support to Board of Directors.
△ Less
Submitted 29 November, 2023;
originally announced November 2023.
-
Audio Interval Retrieval using Convolutional Neural Networks
Authors:
Ievgeniia Kuzminykh,
Dan Shevchuk,
Stavros Shiaeles,
Bogdan Ghita
Abstract:
Modern streaming services are increasingly labeling videos based on their visual or audio content. This typically augments the use of technologies such as AI and ML by allowing to use natural speech for searching by keywords and video descriptions. Prior research has successfully provided a number of solutions for speech to text, in the case of a human speech, but this article aims to investigate…
▽ More
Modern streaming services are increasingly labeling videos based on their visual or audio content. This typically augments the use of technologies such as AI and ML by allowing to use natural speech for searching by keywords and video descriptions. Prior research has successfully provided a number of solutions for speech to text, in the case of a human speech, but this article aims to investigate possible solutions to retrieve sound events based on a natural language query, and estimate how effective and accurate they are. In this study, we specifically focus on the YamNet, AlexNet, and ResNet-50 pre-trained models to automatically classify audio samples using their respective melspectrograms into a number of predefined classes. The predefined classes can represent sounds associated with actions within a video fragment. Two tests are conducted to evaluate the performance of the models on two separate problems: audio classification and intervals retrieval based on a natural language query. Results show that the benchmarked models are comparable in terms of performance, with YamNet slightly outperforming the other two models. YamNet was able to classify single fixed-size audio samples with 92.7% accuracy and 68.75% precision while its average accuracy on intervals retrieval was 71.62% and precision was 41.95%. The investigated method may be embedded into an automated event marking architecture for streaming services.
△ Less
Submitted 20 September, 2021;
originally announced September 2021.
-
Comparative Analysis of Cryptographic Key Management Systems
Authors:
Levgeniia Kuzminykh,
Bogdan Ghita,
Stavros Shiaeles
Abstract:
Managing cryptographic keys can be a complex task for an enterprise and particularly difficult to scale when an increasing number of users and applications need to be managed. In order to address scalability issues, typical IT infrastructures employ key management systems that are able to handle a large number of encryption keys and associate them with the authorized requests. Given their necessit…
▽ More
Managing cryptographic keys can be a complex task for an enterprise and particularly difficult to scale when an increasing number of users and applications need to be managed. In order to address scalability issues, typical IT infrastructures employ key management systems that are able to handle a large number of encryption keys and associate them with the authorized requests. Given their necessity, recent years have witnessed a variety of key management systems, aligned with the features, quality, price and security needs of specific organisations. While the spectrum of such solutions is welcome and demonstrates the expanding nature of the market, it also makes it time consuming for IT managers to identify the appropriate system for their respective company needs. This paper provides a list of key management tools which include a minimum set of features, such as availability of secure database for managing keys, an authentication, authorization, and access control model for restricting and managing access to keys, effective logging of actions with keys, and the presence of an API for accessing functions directly from the application code. Five systems were comprehensively compared by evaluating the attributes related to complexity of the implementation, its popularity, linked vulnerabilities and technical performance in terms of response time and network usage. These were Pinterest Knox, Hashicorp Vault, Square Keywhiz, OpenStack Barbican, and Cyberark Conjur. Out of these five, Hachicorp Vault was determined to be the most suitable system for small businesses.
△ Less
Submitted 20 September, 2021;
originally announced September 2021.
-
A Novel Online Incremental Learning Intrusion Prevention System
Authors:
Christos Constantinides,
Stavros Shiaeles,
Bogdan Ghita,
Nicholas Kolokotronis
Abstract:
Attack vectors are continuously evolving in order to evade Intrusion Detection systems. Internet of Things (IoT) environments, while beneficial for the IT ecosystem, suffer from inherent hardware limitations, which restrict their ability to implement comprehensive security measures and increase their exposure to vulnerability attacks. This paper proposes a novel Network Intrusion Prevention System…
▽ More
Attack vectors are continuously evolving in order to evade Intrusion Detection systems. Internet of Things (IoT) environments, while beneficial for the IT ecosystem, suffer from inherent hardware limitations, which restrict their ability to implement comprehensive security measures and increase their exposure to vulnerability attacks. This paper proposes a novel Network Intrusion Prevention System that utilises a SelfOrganizing Incremental Neural Network along with a Support Vector Machine. Due to its structure, the proposed system provides a security solution that does not rely on signatures or rules and is capable to mitigate known and unknown attacks in real-time with high accuracy. Based on our experimental results with the NSL KDD dataset, the proposed framework can achieve on-line updated incremental learning, making it suitable for efficient and scalable industrial applications.
△ Less
Submitted 20 September, 2021;
originally announced September 2021.
-
Malware Squid: A Novel IoT Malware Traffic Analysis Framework using Convolutional Neural Network and Binary Visualisation
Authors:
Robert Shire,
Stavros Shiaeles,
Keltoum Bendiab,
Bogdan Ghita,
Nicholas Kolokotronis
Abstract:
Internet of Things devices have seen a rapid growth and popularity in recent years with many more ordinary devices gaining network capability and becoming part of the ever growing IoT network. With this exponential growth and the limitation of resources, it is becoming increasingly harder to protect against security threats such as malware due to its evolving faster than the defence mechanisms can…
▽ More
Internet of Things devices have seen a rapid growth and popularity in recent years with many more ordinary devices gaining network capability and becoming part of the ever growing IoT network. With this exponential growth and the limitation of resources, it is becoming increasingly harder to protect against security threats such as malware due to its evolving faster than the defence mechanisms can handle with. The traditional security systems are not able to detect unknown malware as they use signature-based methods. In this paper, we aim to address this issue by introducing a novel IoT malware traffic analysis approach using neural network and binary visualisation. The prime motivation of the proposed approach is to faster detect and classify new malware (zero-day malware). The experiment results show that our method can satisfy the accuracy requirement of practical application.
△ Less
Submitted 7 September, 2021;
originally announced September 2021.
-
A Novel Multimodal Biometric Authentication System using Machine Learning and Blockchain
Authors:
Richard Brown,
Gueltoum Bendiab,
Stavros Shiaeles,
Bogdan Ghita
Abstract:
Traditional authentication systems that rely on simple passwords, PIN numbers or tokens have many security issues, like easily guessed passwords, PIN numbers written on the back of cards, etc. Thus, biometric authentication methods that rely on physical and behavioural characteristics have been proposed as an alternative for those systems. In real-world applications, authentication systems that in…
▽ More
Traditional authentication systems that rely on simple passwords, PIN numbers or tokens have many security issues, like easily guessed passwords, PIN numbers written on the back of cards, etc. Thus, biometric authentication methods that rely on physical and behavioural characteristics have been proposed as an alternative for those systems. In real-world applications, authentication systems that involve a single biometric faced many issues, especially lack of accuracy and noisy data, which boost the research community to create multibiometric systems that involve a variety of biometrics. Those systems provide better performance and higher accuracy compared to other authentication methods. However, most of them are inconvenient and requires complex interactions from the user. Thus, in this paper, we introduce a novel multimodal authentication system that relies on machine learning and blockchain, with the aim of providing a more secure, transparent, and convenient authentication mechanism. The proposed system combines four important biometrics, fingerprint, face, age, and gender. The supervised learning algorithm Decision Tree has been used to combine the results of the biometrics verification process and produce a confidence level related to the user. The initial experimental results show the efficiency and robustness of the proposed multimodal systems.
△ Less
Submitted 6 September, 2021;
originally announced September 2021.
-
Detection of Insider Threats using Artificial Intelligence and Visualisation
Authors:
Vasileios Koutsouvelis,
Stavros Shiaeles,
Bogdan Ghita,
Gueltoum Bendiab
Abstract:
Insider threats are one of the most damaging risk factors for the IT systems and infrastructure of a company or an organization; identification of insider threats has prompted the interest of the world academic research community, with several solutions having been proposed to alleviate their potential impact. For the implementation of the experimental stage described in this study, the Convolutio…
▽ More
Insider threats are one of the most damaging risk factors for the IT systems and infrastructure of a company or an organization; identification of insider threats has prompted the interest of the world academic research community, with several solutions having been proposed to alleviate their potential impact. For the implementation of the experimental stage described in this study, the Convolutional Neural Network (from now on CNN) algorithm was used and implemented via the Google TensorFlow program, which was trained to identify potential threats from images produced by the available dataset. From the examination of the images that were produced and with the help of Machine Learning, the question of whether the activity of each user is classified as malicious or not for the Information System was answered.
△ Less
Submitted 6 September, 2021;
originally announced September 2021.
-
The Challenges with Internet of Things for Business
Authors:
Ievgeniia Kuzminykh,
Bogdan Ghita,
Jose M. Such
Abstract:
Many companies consider IoT as a central element for increasing competitiveness. Despite the growing number of cyberattacks on IoT devices and the importance of IoT security, no study has yet primarily focused on the impact of IoT security measures on the security challenges. This paper presents a review of the current state of security of IoT in companies that produce IoT products and have begun…
▽ More
Many companies consider IoT as a central element for increasing competitiveness. Despite the growing number of cyberattacks on IoT devices and the importance of IoT security, no study has yet primarily focused on the impact of IoT security measures on the security challenges. This paper presents a review of the current state of security of IoT in companies that produce IoT products and have begun a transformation towards the digitalization of their products and the associated production processes. The analysis of challenges in IoT security was conducted based on the review of resources and reports on IoT security, while map** the relevant solutions/measures for strengthening security to the existing challenges. This map** assists stakeholders in understanding the IoT security initiatives regarding their business needs and issues. Based on the analysis, we conclude that almost all companies have an understanding of basic security measures as encryption, but do not understand threat surface and not aware of advanced methods of protecting data and devices. The analysis shows that most companies do not have internal experts in IoT security and prefer to outsource security operations to security providers.
△ Less
Submitted 7 December, 2020;
originally announced December 2020.
-
Impact of Network and Host Characteristics on the Keystroke Pattern in Remote Desktop Sessions
Authors:
Ievgeniia Kuzminykh,
Bogdan Ghita,
Alexandr Silonosov
Abstract:
Authentication based on keystroke dynamics is a convenient biometric approach, easy in use, transparent, and cheap as it does not require a dedicated sensor. Keystroke authentication, as part of multi factor authentication, can be used in remote display access to guarantee the security of use of remote connectivity systems during the access control phase or throughout the session. This paper inves…
▽ More
Authentication based on keystroke dynamics is a convenient biometric approach, easy in use, transparent, and cheap as it does not require a dedicated sensor. Keystroke authentication, as part of multi factor authentication, can be used in remote display access to guarantee the security of use of remote connectivity systems during the access control phase or throughout the session. This paper investigates how network conditions and additional host interaction may impact the behavioural pattern of keystrokes when used in a remote desktop application scenario. We focus on the timing of adjacent keys and investigate this impact by calculating the variations of the Euclidean distance between a reference profile and resulting profiles following such impairments. The experimental results indicate that variations of congestion latency, whether produced by adjacent traffic sources or by additional remote desktop interactions, have a substantive impact on the Euclidian distance, which in turn may affect the effectiveness of the biometric authentication algorithm. Results also indicate that data flows within remote desktop protocol are not prioritized and therefore additional traffic will have a significant impact on the keystroke timings, which renders continuous authentication less effective for remote access and more appropriate for one-time login.
△ Less
Submitted 7 December, 2020;
originally announced December 2020.
-
A machine-learning approach to Detect users' suspicious behaviour through the Facebook wall
Authors:
Aimilia Panagiotou,
Bogdan Ghita,
Stavros Shiaeles,
Keltoum Bendiab
Abstract:
Facebook represents the current de-facto choice for social media, changing the nature of social relationships. The increasing amount of personal information that runs through this platform publicly exposes user behaviour and social trends, allowing aggregation of data through conventional intelligence collection techniques such as OSINT (Open Source Intelligence). In this paper, we propose a new m…
▽ More
Facebook represents the current de-facto choice for social media, changing the nature of social relationships. The increasing amount of personal information that runs through this platform publicly exposes user behaviour and social trends, allowing aggregation of data through conventional intelligence collection techniques such as OSINT (Open Source Intelligence). In this paper, we propose a new method to detect and diagnose variations in overall Facebook user psychology through Open Source Intelligence (OSINT) and machine learning techniques. We are aggregating the spectrum of user sentiments and views by using N-Games charts, which exhibit noticeable variations over time, validated through long term collection. We postulate that the proposed approach can be used by security organisations to understand and evaluate the user psychology, then use the information to predict insider threats or prevent insider attacks.
△ Less
Submitted 31 October, 2019;
originally announced October 2019.
-
Agent-based Vs Agent-less Sandbox for Dynamic Behavioral Analysis
Authors:
Muhammad Ali,
Stavros Shiaeles,
Maria Papadaki,
Bogdan Ghita
Abstract:
Malicious software is detected and classified by either static analysis or dynamic analysis. In static analysis, malware samples are reverse engineered and analyzed so that signatures of malware can be constructed. These techniques can be easily thwarted through polymorphic, metamorphic malware, obfuscation and packing techniques, whereas in dynamic analysis malware samples are executed in a contr…
▽ More
Malicious software is detected and classified by either static analysis or dynamic analysis. In static analysis, malware samples are reverse engineered and analyzed so that signatures of malware can be constructed. These techniques can be easily thwarted through polymorphic, metamorphic malware, obfuscation and packing techniques, whereas in dynamic analysis malware samples are executed in a controlled environment using the sandboxing technique, in order to model the behavior of malware. In this paper, we have analyzed Petya, Spyeye, VolatileCedar, PAFISH etc. through Agent-based and Agentless dynamic sandbox systems in order to investigate and benchmark their efficiency in advanced malware detection.
△ Less
Submitted 12 March, 2019;
originally announced April 2019.
-
Detection of LDDoS Attacks Based on TCP Connection Parameters
Authors:
Michael Siracusano,
Stavros Shiaeles,
Bogdan Ghita
Abstract:
Low-rate application layer distributed denial of service (LDDoS) attacks are both powerful and stealthy. They force vulnerable webservers to open all available connections to the adversary, denying resources to real users. Mitigation advice focuses on solutions that potentially degrade quality of service for legitimate connections. Furthermore, without accurate detection mechanisms, distributed at…
▽ More
Low-rate application layer distributed denial of service (LDDoS) attacks are both powerful and stealthy. They force vulnerable webservers to open all available connections to the adversary, denying resources to real users. Mitigation advice focuses on solutions that potentially degrade quality of service for legitimate connections. Furthermore, without accurate detection mechanisms, distributed attacks can bypass these defences. A methodology for detection of LDDoS attacks, based on characteristics of malicious TCP flows, is proposed within this paper. Research will be conducted using combinations of two datasets: one generated from a simulated network, the other from the publically available CIC DoS dataset. Both contain the attacks slowread, slowheaders and slowbody, alongside legitimate web browsing. TCP flow features are extracted from all connections. Experimentation was carried out using six supervised AI algorithms to categorise attack from legitimate flows. Decision trees and k-NN accurately classified up to 99.99% of flows, with exceptionally low false positive and false negative rates, demonstrating the potential of AI in LDDoS detection.
△ Less
Submitted 12 March, 2019;
originally announced April 2019.