Showing 1–2 of 2 results for author: Hafner, A

Node package manager's dependency network robustness

Authors: Andrej Hafner, Anže Mur, Jaka Bernard

Abstract: The robustness of npm dependency network is a crucial property, since many projects and web applications heavily rely on the functionalities of packages, especially popular ones that have many dependant packages. In the past, there have been instances where the removal or update of certain npm packages has caused widespread chaos and web-page downtime on the internet. Our goal is to track the netw… ▽ More The robustness of npm dependency network is a crucial property, since many projects and web applications heavily rely on the functionalities of packages, especially popular ones that have many dependant packages. In the past, there have been instances where the removal or update of certain npm packages has caused widespread chaos and web-page downtime on the internet. Our goal is to track the network's resilience to such occurrences through time and figure out whether the state of the network is trending towards a more robust structure. We show that the network is not robust to targeted attacks, since a security risk in a few crucial nodes affects a large part of the network. Because such packages are often backed up by serious communities with high standards, the issue is not alarming and is a consequence of power law distribution of the network. The current trend in average number of dependencies and effect of important nodes on the rest of the network is decreasing, which further improves the resilience and sets a positive path in development. Furthermore, we show that communities form around the most important packages, although they do not conform well to the common community definition using modularity. We also provide guidelines for package development that increases the robustness of the network and reduces the possibility of introducing security risks. △ Less

Submitted 22 October, 2021; originally announced October 2021.

Comments: 5 pages, 4 figures, created as part of the Introduction to Network Analysis class at FRI UL, Slovenia. Mentor: doc. dr. Lovro Šubelj

Devil in the Detail: Attack Scenarios in Industrial Applications

Authors: Simon D. Duque Anton, Alexander Hafner, Hans Dieter Schotten

Abstract: In the past years, industrial networks have become increasingly interconnected and opened to private or public networks. This leads to an increase in efficiency and manageability, but also increases the attack surface. Industrial networks often consist of legacy systems that have not been designed with security in mind. In the last decade, an increase in attacks on cyber-physical systems was obser… ▽ More In the past years, industrial networks have become increasingly interconnected and opened to private or public networks. This leads to an increase in efficiency and manageability, but also increases the attack surface. Industrial networks often consist of legacy systems that have not been designed with security in mind. In the last decade, an increase in attacks on cyber-physical systems was observed, with drastic consequences on the physical work. In this work, attack vectors on industrial networks are categorised. A real-world process is simulated, attacks are then introduced. Finally, two machine learning-based methods for time series anomaly detection are employed to detect the attacks. Matrix Profiles are employed more successfully than a predictor Long Short-Term Memory network, a class of neural networks. △ Less

Submitted 24 May, 2019; originally announced May 2019.

Comments: Submitted and accepted at the 2019 IEEE Workshop on the Internet of Safe Things