REVIEW | doi:10.20944/preprints202208.0235.v1
Subject: Engineering, Other Keywords: Malware; cyber security; cyber-attacks; two factor authentication; software; targeting; privacy; causes of cyber attacks
Online: 12 August 2022 (10:33:03 CEST)
Background: Cyber Security is to protect online data and software from cyber threats. These cyberattacks are typically intended to gain access to, change, or delete sensitive information; extort money from users; or disrupt regular corporate activities. It is difficult to keep up a regular follow up with new technologies so it is necessary to keep the important data safe from cyber threats. There are many types of cyber threats; malware, ransom-ware, social engineering, phishing etc. To prevent cyber-attacks one can use password manager tools like LastPass and others. People also use two factor authentication for double security on their accounts. Methods: Boards such as the National Institute of Standards and Technology (NIST) are developing frameworks to assist firms in understanding their security risks, improving cybersecurity procedures, and preventing cyber assaults. The fight against cybercrimes and attack, rganisations needed a strong base there are 5 types of cyber securities; Critical Infrastructure Security, application security, network security, cloud security and (IoT) Security. In the modern time US is highly based on computers and on different software so it is really important for US to be more conscious about the security as they get many threats almost everyday for hacking their data and accounts.Results and Conclusion: Nowadays, even small businesses rarely recover their loss from the cyber-attacks and many back-off from continuing their businesses after being target of hackers. The first cybercrime attack was recorded on 1988 by a graduate student. Now that large companies and even small businesses are aware of cyber-attacks so they try their best to take every precaution to prevent the hacking with double security and password manager tools.
ARTICLE | doi:10.20944/preprints202009.0630.v1
Online: 26 September 2020 (12:47:42 CEST)
In this COVID-19 pandemic, the use and dependency on Internet has grown exponentially. The number of people doing online activities such as e-learning, remote working, online shopping and others have increased. This has also led to increased vulnerability to cyber crimes. Cyber security attacks have become a serious problem. The common types of cyber security attacks are phishing, malware, ransomware, social engineering, identity theft and denial-of-service. The attackers target the victims in order to get their credential information or financial benefits. Those people who are doing online activities are vulnerable to cyber threats. This is because the network is not safe. The attackers are able to code according to the weaknesses of the Internet. Once the attackers hack into the devices, they have the root access and can do whatever they want to do with the device. In this research paper, the concept of cyber security attack and detailed research about real attacks are discussed. This is followed by detailed review about the recent cyber security attacks with a critical analysis. Moreover, the research paper will be proposing the latest research contribution of cyber security during COVID-19 and the implementation scenario which will give the examples about how the companies maintain privacy as well as the limitations. Then, the paper will be discussing the reasons that people are vulnerable to cyber security and the unique solution to the problems stated. Finally, this paper will conclude with an in-depth analysis and future direction for cyber security research.
REVIEW | doi:10.20944/preprints202109.0461.v1
Online: 28 September 2021 (10:21:26 CEST)
In recent years, due to their frequent use and widespread use, IoT (Internet of Things) devices have become an attractive target for hackers. As a result of their limited network resources and complex operating systems, they are vulnerable to attacks. Using a honeypot can, therefore, be a very effective way of detecting malicious requests and capturing samples of exploits. The purpose of this article is to introduce honeypots, the rise of IoT devices, and how they can be exploited by attackers. Various honeypot ecosystems will be investigated further for capturing and analyzing information from attacks against these IoT devices. As well as how to leverage proactive strategies in terms of IoT security, it will provide insights on the attack vectors present in most IoT systems, along with understanding attack patterns.
ARTICLE | doi:10.20944/preprints202102.0148.v1
Subject: Mathematics & Computer Science, Algebra & Number Theory Keywords: IIoT; IoT; Industry 4.0; Protocols; Cyber Threats; Attacks; Security
Online: 5 February 2021 (08:34:21 CET)
In today’s Industrial IoT (IIoT) environment, where different systems interact with the physical world, the state proposed by the Industry 4.0 standards can lead to escalating vulnerabilities, especially when these systems receive data streams from multiple intermediaries, requiring multilevel security approaches, in addition to link encryption. At the same time taking into account the heterogeneity of the systems included in the IIoT ecosystem and the non-institutionalized interoperability in terms of hardware and software, serious issues arise as to how to secure these systems. In this framework, given that the protection of industrial equipment is a requirement inextricably linked to technological developments and the use of the IoT, it is important to identify the major vulnerabilities, the associated risks and threats and to suggest the most appropriate countermeasures. In this context, this study provides a description of the attacks against IIoT systems, as well as a thorough analysis of the solutions against these attacks, as they have been proposed in the most recent literature.
REVIEW | doi:10.20944/preprints202102.0340.v1
Subject: Keywords: Cybersecurity; Deep Learning; Artificial Neural Network; Artificial Intelligence; Cyber-Attacks; Cybersecurity Analytics; Cyber Threat Intelligence
Online: 16 February 2021 (15:31:02 CET)
Deep learning (DL), which is originated from an artificial neural network (ANN), is one of the major technologies of today's smart cybersecurity systems or policies to function in an intelligent manner. Popular deep learning techniques, such as Multi-layer Perceptron (MLP), Convolutional Neural Network (CNN or ConvNet), Recurrent Neural Network (RNN) or Long Short-Term Memory (LSTM), Self-organizing Map (SOM), Auto-Encoder (AE), Restricted Boltzmann Machine (RBM), Deep Belief Networks (DBN), Generative Adversarial Network (GAN), Deep Transfer Learning (DTL or Deep TL), Deep Reinforcement Learning (DRL or Deep RL), or their ensembles and hybrid approaches can be used to intelligently tackle the diverse cybersecurity issues. In this paper, we aim to present a comprehensive overview from the perspective of these neural networks and deep learning techniques according to today's diverse needs. We also discuss the applicability of these techniques in various cybersecurity tasks such as intrusion detection, identification of malware or botnets, phishing, predicting cyber-attacks, e.g. denial of service (DoS), fraud detection or cyber-anomalies, etc. Finally, we highlight several research issues and future directions within the scope of our study in the field. Overall, the ultimate goal of this paper is to serve as a reference point and guidelines for the academia and professionals in the cyber industries, especially from the deep learning point of view.
REVIEW | doi:10.20944/preprints202101.0457.v1
Subject: Mathematics & Computer Science, Algebra & Number Theory Keywords: Cybersecurity; artificial intelligence; machine learning; cyber data analytics; cyber-attacks; anomaly; intrusion detection; security intelligence
Online: 25 January 2021 (09:19:10 CET)
Artificial Intelligence (AI) is one of the key technologies of the Fourth Industrial Revolution (Industry 4.0), which can be used for the protection of Internet-connected systems from cyber-threats, attacks, damage, or unauthorized access. To intelligently solve today's various cybersecurity issues, popular AI techniques involving Machine Learning (ML) and Deep Learning (DL) methods, the concept of Natural Language Processing (NLP), Knowledge Representation and Reasoning (KRR), as well as the concept of knowledge or rule-based Expert Systems (ES) modeling can be used. Based on these AI methods, in this paper, we present a comprehensive view on "AI-driven Cybersecurity" that can play an important role for intelligent cybersecurity services and management. The security intelligence modeling based on such AI methods can make the cybersecurity computing process automated and intelligent than the conventional security systems. We also highlight several research directions within the scope of our study, which can help researchers do future research in the area. Overall, this paper's ultimate objective is to serve as a reference point and guidelines for cybersecurity researchers as well as industry professionals in the area, especially from an AI-based technical point of view.
ARTICLE | doi:10.20944/preprints202004.0481.v1
Subject: Mathematics & Computer Science, Information Technology & Data Management Keywords: cybersecurity; cyber-attacks; anomaly detection; intrusion detection system; machine learning; network behavior analysis; cyber decision making; cybersecurity analytics; cyber threat intelligence.
Online: 27 April 2020 (08:10:53 CEST)
Cyber security has recently received enormous attention in today’s security concerns, due to the popularity of the Internet-of-Things (IoT), the tremendous growth of computer networks, and the huge number of relevant applications. Thus, detecting various cyber-attacks or anomalies in a network and building an effective intrusion detection system that performs an essential role in today’s security is becoming more important. Artificial intelligence, particularly machine learning techniques, can be used for building such a data-driven intelligent intrusion detection system. In order to achieve this goal, in this paper, we present an Intrusion Detection Tree (“IntruDTree”) machine-learning-based security model that first takes into account the ranking of security features according to their importance and then build a tree-based generalized intrusion detection model based on the selected important features. This model is not only effective in terms of prediction accuracy for unseen test cases but also minimizes the computational complexity of the model by reducing the feature dimensions. Finally, the effectiveness of our IntruDTree model was examined by conducting experiments on cybersecurity datasets and computing the precision, recall, fscore, accuracy, and ROC values to evaluate. We also compare the outcome results of IntruDTree model with several traditional popular machine learning methods such as the naive Bayes classifier, logistic regression, support vector machines, and k-nearest neighbor, to analyze the effectiveness of the resulting security model.
ARTICLE | doi:10.20944/preprints202006.0065.v1
Subject: Mathematics & Computer Science, Information Technology & Data Management Keywords: Cyber Attacks; Network Security; Network Performance; Network Traffic; Anomaly Detection; Signature Detection
Online: 7 June 2020 (07:58:18 CEST)
This paper incorporates the definition of Intrusion Detection Systems and the methodologies utilised by these systems. As well as this, this research paper also encompasses a taxonomy and a survey of IDS and the specific strategies and principles. Finally, this paper also includes a discussion amongst other authors for instance what the authors differ and agree on, along with the previously related studies.
ARTICLE | doi:10.20944/preprints201803.0247.v1
Subject: Mathematics & Computer Science, Information Technology & Data Management Keywords: security; social sentiment sensor; hackers; social media; statistics; L1 regression; twitter; cyber attacks
Online: 29 March 2018 (07:47:48 CEST)
In recent years, online social media information has been subject of study in several data science fields due to its impact on users as a communication and expression channel. Data~gathered from online platforms such as Twitter has the potential to facilitate research over social phenomena based on sentiment analysis, which usually employs Natural Language Processing and Machine Learning techniques to interpret sentimental tendencies related to users opinions and make predictions about real events. Cyber attacks are not isolated from opinion subjectivity on online social networks. Various security attacks are performed by hacker activists motivated by reactions from polemic social events. In this paper, a methodology for tracking social data that can trigger cyber attacks is developed. Our main contribution lies in the monthly prediction of tweets with content related to security attacks and the incidents detected based on ℓ1 regularization.
REVIEW | doi:10.20944/preprints202203.0087.v1
Subject: Mathematics & Computer Science, Information Technology & Data Management Keywords: Internet of Things; cyber-attacks; anomalies; machine learning; deep learning; IoT data analytics; intelligent decision-making; security intelligence
Online: 7 March 2022 (02:39:58 CET)
The Internet of Things (IoT) is one of the most widely used technologies today, and it has a significant effect on our lives in a variety of ways, including social, commercial, and economic aspects. In terms of automation, productivity, and comfort for consumers across a wide range of application areas, from education to smart cities, the present and future IoT technologies hold great promise for improving the overall quality of human life. However, cyber-attacks and threats greatly affect smart applications in the environment of IoT. The traditional IoT security techniques are insufficient with the recent security challenges considering the advanced booming of different kinds of attacks and threats. Utilizing artificial intelligence (AI) expertise, especially machine and deep learning solutions, is the key to delivering a dynamically enhanced and up-to-date security system for the next-generation IoT system. Throughout this article, we present a comprehensive picture on IoT security intelligence, which is built on machine and deep learning technologies that extract insights from raw data to intelligently protect IoT devices against a variety of cyber-attacks. Finally, based on our study, we highlight the associated research issues and future directions within the scope of our study. Overall, this article aspires to serve as a reference point and guide, particularly from a technical standpoint, for cybersecurity experts and researchers working in the context of IoT.
REVIEW | doi:10.20944/preprints202209.0230.v1
Subject: Engineering, Electrical & Electronic Engineering Keywords: artificial intelligence; autonomous vehicles; connected vehicles; CAV; security; cyber-attacks; In-tra-/inter-vehicle system; cloud; sustainable city application
Online: 15 September 2022 (11:04:34 CEST)
Connected and Autonomous Vehicle (CAV) combines technologies of autonomous vehicle (AV) and connected vehicles (CV) to develop quicker, more reliable and safer traffic. Artificial Intelligence (AI) based CAV solutions play significant roles in sustainable city. The convergence imposes stringent security requirements for CAV safety and reliability. In practice, vehicles are developed with increased automation and connectivity. Increased automation increases the reliance on the sensor-based technologies and decreases the reliance on driver; increased connectivity increases the exposures of vehicles vulnerability and increases the risk for an adversary to implement a cyber-attack. Much work has been dedicated to identifying the security vulnerabilities and recommending mitigation techniques associated with different sensors, controllers, and connection mechanisms, respectively. However, there is an absence of comprehensive and in-depth studies to identify how the cyber-attacks exploit the vehicles vulnerabilities to negatively impact the performance and operations of CAV. In this survey, we set out to thoroughly review the security issues introduced by AV and CV technologies, analyze how the cyber-attacks impact the performance of CAV, and summarize the solutions correspondingly. The impact of cyber-attacks on the performance of CAV is elaborated from both viewpoints of intra-vehicle system and inter-vehicle system. We pointed out that securing the perception and operations of CAV would be the top requirement to enable CAV to be applied safely and reliably in practice. Also, we suggested to utilize cloud and new AI methods to defend against smart cyber-attacks on CAV.
ARTICLE | doi:10.20944/preprints202010.0018.v1
Subject: Keywords: Wireless networks, security vulnerabilities, privacy challenges, active attacks, passive attacks
Online: 1 October 2020 (13:59:25 CEST)
In recent years, wireless networks have undoubtedly become a convenient way to connect to the Internet and provide connection to everyone in any corner of the world. In fact, in this era, people are connected to the internet almost everyday and wireless networks give us this privilege in a seamless manner. A wireless network normally consists of access points and nodes where the access points are responsible to amplify the wireless signals, while the nodes are the gadgets that are receiving these signals. However, with such great convenience provided, many challenges are also faced by the users and stakeholders. With no physical connection to devices, wireless networks are evidently more vulnerable to invisible cyber attacks. In this research paper, it the security issues that cause issues in the wireless networks are discussed. Furthermore, an analytical review of privacy challenges found in these networks is performed; these challenges are segregated into security issues and privacy issues. The paper will then present the methods used in conducting a survey and gathering the research results along with further discussion on the results obtained through this study. Finally, a suitable solution is proposed to prevent and overcome the intrusions faced in terms of security and privacy in wireless network scenarios through detection and response mechanism for mitigation of the problems.
ARTICLE | doi:10.20944/preprints201903.0104.v1
Subject: Engineering, Control & Systems Engineering Keywords: cyber risk; Internet of Things; cyber risk impact assessment; cyber risk estimation; cyber risk insurance
Online: 8 March 2019 (08:50:49 CET)
In this paper we present an understanding of cyber risks in the Internet of Things (IoT), we explain why it is important to understand what IoT cyber risks are and how we can use risk assessment and risk management approaches to deal with these challenges. We introduce the most effective ways of doing Risk assessment and Risk Management of IoT risk. As part of our research, we also developed methodologies to assess and manage risk in this emerging environment. This paper will take you through our research and we will explain: what we mean by the IoT; what we mean by risk and risk in the IoT; why risk assessment and risk management are important; the IoT risk management for incident response and recovery; what open questions on IoT risk assessment and risk management remain.
REVIEW | doi:10.20944/preprints201909.0117.v1
Subject: Mathematics & Computer Science, Information Technology & Data Management Keywords: blockchain; cybersecurity; attacks; threats; vulnerability
Online: 11 September 2019 (05:40:01 CEST)
Blockchain technology has become one of the most popular technologies for maintaining digital transactions. From the foundation of Bitcoin to the now predominant smart contract, blockchain technology promises to induce a shift in thought about digital transactions in many fields, such as energy, healthcare, Internet of Things, cybersecurity, financial services and the supply chain. Despite blockchain technology offers many cryptography advantages such as immutability, digital signature and hashing; it has suffered from several critical cybersecurity threats and vulnerabilities. In this paper, we build upon the previous studies on vulnerabilities and investigates over 60 real cybersecurity incidents that have been happening on the blockchain networks between 2009 and 2019. We categorise those incidents against the key cybersecurity vulnerabilities in blockchain technologies; and have developed a taxonomy that captures five types of cybersecurity threats and vulnerabilities based on five main players in blockchain. The outcome of this research prompted concerns and research direction in developing countermeasures to alleviate these risks.
ARTICLE | doi:10.20944/preprints201903.0110.v1
Subject: Mathematics & Computer Science, Information Technology & Data Management Keywords: IoT Cyber Risk, IoT risk analysis, IoT cyber insurance, IoT MicroMort, Cyber Value-at-Risk
Online: 8 March 2019 (15:24:59 CET)
This paper is focused on mapping the current evolution of Internet of Things (IoT) and its associated cyber risks for the Industry 4.0 (I4.0) sector. We report the results of a qualitative empirical study that correlates academic literature with 14 - I4.0 frameworks and initiatives. We apply the grounded theory approach to synthesise the findings from our literature review, to compare the cyber security frameworks and cyber security quantitative impact assessment models, with the world leading I4.0 technological trends. From the findings, we build a new impact assessment model of IoT cyber risk in Industry 4.0. We therefore advance the efforts of integrating standards and governance into Industry 4.0 and offer a better understanding of economics impact assessment models for I4.0.
ARTICLE | doi:10.20944/preprints202207.0176.v1
Subject: Engineering, Other Keywords: Lateral Movement; Sysmon; Dataset; Attacks; Network Security; Hacking
Online: 12 July 2022 (08:23:10 CEST)
This work attempts to answer in a clear way the following key questions regarding the optimal initialization of the Sysmon tool, towards the identification of Lateral Movement in the MS Windows ecosystem. First, from an expert’s standpoint and with reference to the relevant literature, what are the criteria of determining the possibly optimal initialization features of the Sysmon’s event monitoring tool, which are also applicable as custom rules within the config.xml configuration file? Second, based on the identified features, how can a functional configuration file, able to identify as many LM variants as possible, be generated? To answer these questions, we relied on the MITRE ATT&CK knowledge base of adversary tactics and techniques, and focused on the execution of the nine commonest LM methods. The conducted experiments, performed on a properly configured testbed, suggested a great number of interrelated networking features, that were implemented as custom rules in the Sysmon’s config.xml file. Moreover, by capitalizing on the rich corpus of the 870K Sysmon logs collected, we create and evaluate in terms of TP and FP rates an extensible Python .evtx file analyzer, dubbed PeX, which can be used towards automatizing the parsing and scrutiny of such voluminous files. Both the .evtx logs dataset and the developed PeX tool are provided publicly for further propelling future research in this interesting and rapidly evolving field.
ARTICLE | doi:10.20944/preprints202009.0249.v1
Online: 11 September 2020 (08:20:18 CEST)
The world is currently experiencing COVID-19, one of the worst pandemics that have happened in this century, affecting 10.7 million people worldwide. It has caused massive growth in the number of employees working from home. However, employees have minimal cybersecurity resources unlike organizations with security teams protecting them against attacks. Hence, cybersecurity plays an important role as users can be easily targeted by cybercriminals. This paper examines how cyberattacks have increased during this pandemic and shows how greatly they have affected health organizations, individuals and social networking applications. Results of the attacks include data breaches, false announcements and operations being disrupted. Attacks occurring during this pandemic and how they were handled are also critically discussed. The existing contributions do touch on related attacks but do not provide in-depth solutions regarding the issues. Even though there are many works and findings that were done previously, technology is ever evolving. Therefore, we need to be well versed with current and future issues and provide the latest mechanisms to prevent cybersecurity threats from occurring. On our share, we intend to present our findings on the challenges being faced by the population and its increasing threats as well as presenting unique solutions that can help organizations or related persons understand or spread awareness on the importance of cybersecurity. Through the research performed in this paper, it is found that there are many ways these issues can be alleviated. However, the issue is that there is significant lack of action and investment in terms of actual implementation and application of the available solutions.
ARTICLE | doi:10.20944/preprints202009.0110.v1
Online: 5 September 2020 (03:59:03 CEST)
The rapid growth of network services, Internet of Things devices and online users on the Internet have led to an increase in the amount of data transmitted daily. As more and more information is stored and transmitted on the Internet, cybercriminals are trying to gain access to the information to achieve their goals, whether it is to sell it on the dark web or for other malicious intent. Through thorough literature study relating to the causes and issues that are brought from the security and privacy segment of wireless networks, it is observed that there are various factors that can cause the networks to be an insecure; especially factors that revolve around cybercriminals with their growing expertise and the lack of preparation and efforts to combat them by relevant bodies. The aim of this paper is to showcase major and frequent security as well as privacy issues in wireless networks along with specialized solutions that can assist the related organizations or the public to fathom how great of an impact these challenges can bring if every related stakeholder took a step in reducing them. Through this paper it is discovered that there are many ways these challenges can be mitigated, however, the lack of implementation of privacy and security solutions is still largely present due to the absence of practical application of these solutions by responsible parties in real world scenarios.
ARTICLE | doi:10.20944/preprints202011.0508.v2
Subject: Mathematics & Computer Science, Algebra & Number Theory Keywords: Deep Learning; Convolutional Neural Network; IoT Networks; Cyber-attack detection; Cyber-attack Classification
Online: 17 December 2020 (12:14:00 CET)
With the rapid expansion of intelligent resource-constrained devices and high-speed communication technologies, Internet of Things (IoT) has earned a wide recognition as the primary standard for low-power lossy networks (LLNs). Nevertheless, IoT infrastructures are vulnerable to cyber-attacks due to the constraints in computation, storage, and communication capacity of the endpoint devices. From one side, the majority of newly developed cyber-attacks are formed by slightly mutating formerly established cyber-attacks to produce a new attack tending to be treated as a normal traffic through the IoT network. From the other side, the influence of coupling the deep learning techniques with cybersecurity field has become a recent inclination of many security applications due to their impressive performance. In this paper, we provide a comprehensive development of a new intelligent and autonomous deep learning-based detection and classification system for cyber-attacks in IoT communication networks leveraging the power of convolutional neural networks, abbreviated as (IoT-IDCS-CNN). The proposed IoT-IDCS-CNN makes use of the high-performance computing employing the robust CUDA based Nvidia GPUs and the parallel processing employing the high-speed I9-Cores based Intel CPUs. In particular, the proposed system is composed of three subsystems: Feature Engineering subsystem, Feature Learning subsystem and Traffic classification subsystem. All subsystems are developed, verified, integrated, and validated in this research. To evaluate the developed system, we employed the NSL-KDD dataset which includes all the key attacks in the IoT computing. The simulation results demonstrated more than 99.3% and 98.2% of cyber-attacks’ classification accuracy for the binary-class classifier (normal vs anomaly) and the multi-class classifier (five categories) respectively. The proposed system was validated using k-fold cross validation method and was evaluated using the confusion matrix parameters (i.e., TN, TP, FN, FP) along with other classification performance metrics including precision, recall, F1-score, and false alarm rate. The test and evaluation results of the IoT-IDCS-CNN system outperformed many recent machine-learning based IDCS systems in the same area of study.
REVIEW | doi:10.20944/preprints202110.0312.v1
Subject: Social Sciences, Organizational Economics & Management Keywords: Cyber Security; Internet of Things
Online: 21 October 2021 (14:01:19 CEST)
Nowadays, people live amidst the smart home domain, business opportunities in the industrial smart city and health care, though, along with concerns about security. Security is central for IoT systems to protect sensitive data and infrastructure, whilst security issues become increasingly expensive, in particular in Industrial Internet of Things (IIoT) domains. Nonetheless, there are some key challenges for dealing with those security issues in IoT domains: Applications operate in distributed environments such as Blockchain, varied smart objects are used, and sensors are limited in what comes to machine resources. In this way, traditional security does not fit in IoT systems. In this vein, the issue of cyber security has become paramount to the Internet of Things (IoT) and Industrial Internet of Things (IIoT) in mitigating cyber security risk for organizations and end users. New cyber security technologies / applications present improvements for IoT security management. Nevertheless, there is a gap on the effectiveness of IoT cyber risk solutions. This review article discusses the, trends around opportunities and threats in cyber security for IIoT.
ARTICLE | doi:10.20944/preprints201902.0088.v1
Subject: Mathematics & Computer Science, Information Technology & Data Management Keywords: side-channel cache attacks; cache misses; AES; cloud computing
Online: 11 February 2019 (10:40:08 CET)
In recent years, CPU caches have revealed themselves as one of the most powerful sources of information leakage. This information leakage affects any implementation whose memory accesses, to data or instructions, depend on sensitive information such as private keys. In most cases, side-channel cache attacks do not require any specific permission and just need access to a shared cache. This fact, combined with the spread of cloud computing, where the infrastructure is shared between different customers, have made these attacks quite popular. In this paper, we present a novel approach to exploit the information obtained from the CPU cache. First, we introduce a non-access attack that provides a 97\% reduction in the number of encryptions required to obtain a 128-bit AES key. Next, this attack is adapted and extended in what we call the encryption-by-decryption cache attack or EBD, to obtain a 256-bit AES key. When EBD is applied to AES-256, we are able to obtain the 256 bits of the key with less than 10000 encryptions. These results make EBD, to the best of our knowledge, the first practical attack on AES-256 and also demonstrate that AES-256 is only about 3 times more complex to attack than AES-128 via cache attacks. In both cases the target is the AES T-table-based implementation, and we also demonstrate that our approach works in a cross-VM scenario.
ARTICLE | doi:10.20944/preprints201903.0109.v2
Subject: Engineering, Control & Systems Engineering Keywords: Cyber risk; Internet of Things cyber risk; Digital Economy Risk Assessment; Economic Impact Assessment.
Online: 9 April 2019 (12:26:13 CEST)
We present an updated design process for adapting and integrating existing cyber risk assessment approaches for impact assessment for the risk from IoT to the digital economy. The new design process includes a set of changes to the original standards (e.g. NIST) that are adapted for the IoT cyber risk in this paper. This paper also presents a new framework for impact assessment of IoT cyber risk, specific for the digital economy.
ARTICLE | doi:10.20944/preprints201903.0094.v1
Subject: Engineering, Control & Systems Engineering Keywords: Internet of Things; Cyber Physical Systems; Digital Economy; Industrial Internet of Things; Industry 4.0; empirical analysis; cyber risk assessment; cyber risk target state
Online: 7 March 2019 (12:25:15 CET)
The world is currently experiencing the fourth industrial revolution driven by the newest wave of digitisation in the manufacturing sector. The term Industry 4.0 (I4.0) represents at the same time: a paradigm shift in industrial production, a generic designation for sets of strategic initiatives to boost national industries, a technical term to relate to new emerging business assets, processes and services, and a brand to mark a very particular historical and social period. I4.0 is also referred to as Industrie 4.0 the New Industrial France, the Industrial Internet, the Fourth Industrial Revolution and the digital economy. These terms are used interchangeably in this text. The aim of this article is to discuss major developments in this space in relation to the integration of new developments of IoT and cyber physical systems in the digital economy, to better understand cyber risks and economic value and risk impact. The objective of the paper is to map the current evolution and its associated cyber risks for the digital economy sector and to discuss the future developments in the Industrial Internet of Things and Industry 4.0.
ARTICLE | doi:10.20944/preprints201903.0080.v1
Subject: Engineering, Control & Systems Engineering Keywords: Internet of Things; Micro Mart model; Goal-Oriented Approach; transformation roadmap; Cyber risk regulations; empirical analysis; cyber risk self-assessment; cyber risk target state
Online: 6 March 2019 (11:47:04 CET)
The Internet-of-Things (IoT) enables enterprises to obtain profits from data but triggers data protection questions and new types of cyber risk. Cyber risk regulations for the IoT however do not exist. The IoT risk is not included in the cyber security assessment standards, hence, often not visible to cyber security experts. This is concerning, because companies integrating IoT devices and services need to perform a self-assessment of its IoT cyber security posture. The outcome of such self-assessment needs to define a current and target state, prior to creating a transformation roadmap outlining tasks to achieve the stated target state. In this article, a comparative empirical analysis is performed of multiple cyber risk assessment approaches, to define a high-level potential target state for company integrating IoT devices and/or services. Defining a high-level potential target state represent is followed by a high-level transformation roadmap, describing how company can achieve their target state, based on their current state. The transformation roadmap is used to adapt IoT risk impact assessment with a Goal-Oriented Approach and the Internet of Things Micro Mart model.
ARTICLE | doi:10.20944/preprints201811.0045.v1
Subject: Engineering, Electrical & Electronic Engineering Keywords: Cyber-Physical Systems; Automotive; Cyber-Physical Attack; Integrity; Sensor Attack Detection; Speed Estimation; Deep learning
Online: 2 November 2018 (10:16:50 CET)
The violation of data integrity in automotive Cyber-Physical Systems (CPS) may lead to dangerous situations for drivers and pedestrians in terms of safety. In particular, cyber-attacks on the sensor could easily degrade data accuracy and consistency over any other attack, we investigate attack detection and identification based on a deep learning technology on wheel speed sensors of automotive CPS. For faster recovery of a physical system with detection of the cyber-attacks, estimation of a specific value is conducted to substitute false data. To the best of our knowledge, there has not been a case of joining sensor attack detection and vehicle speed estimation in existing literatures. In this work, we design a novel method to combine attack detection and identification, vehicle speed estimation of wheel speed sensors to improve the safety of CPS even under the attacks. First, we define states of the sensors based on the cases of attacks that can occur in the sensors. Second, Recurrent Neural Network (RNN) is applied to detect and identify wheel speed sensor attacks. Third, in order to estimate the vehicle speeds accurately, we employ Weighted Average (WA), as one of the fusion algorithms, in order to assign a different weight to each sensor. Since environment uncertainty while driving has an impact on different characteristics of vehicles and cause performance degradation, the recovery mechanism needs the ability adaptive to changing environments. Therefore, we estimate the vehicle speeds after assigning a different weight to each sensor depending on driving situations classified by analyzing driving data. Experiments including training, validation, and test are carried out with actual measurements obtained while driving on the real road. In case of the fault detection and identification, classification accuracy is evaluated. Mean Squared Error (MSE) is calculated to verify that the speed is estimated accurately. The classification accuracy about test additive attack data is 99.4978%. MSE of our proposed speed estimation algorithm is 1.7786. It is about 0.2 lower than MSEs of other algorithms. We demonstrate that our system maintains data integrity well and is safe relatively in comparison with systems which apply other algorithms.
ARTICLE | doi:10.20944/preprints202111.0335.v1
Subject: Keywords: Christian Community; Church Attacks; Minority Victimization; Forced Religion Conversion; Violent Extremism.
Online: 18 November 2021 (17:08:39 CET)
Aim of this study was to examine the psycho-emotional and economic resilience of the widows of the Christians male victims of the suicide attacks on Roman Catholic and Christ churches in Youhanabad Lahore. A qualitative case study was conducted of the widows of to understand how they recovered from the loss. The study exuded that how the widows recovered from the loss of their husband’s with the help of their in-laws. Second, how widows met their economic needs by doing menial jobs, and with the help of aid provided by in-laws. Third, the help provided by the Churches. Living in a society with a Muslim concentration also affects the widows into Forced religion conversion. Furthermore, due to lesser check and balance on male orphans, they also get involved in various criminals’ activities to support their families. The conclusion was the factors helped the widows overcome the psycho-emotional loss and recover economically.
REVIEW | doi:10.20944/preprints202003.0139.v1
Subject: Mathematics & Computer Science, Other Keywords: education; cyber threats; gamification; phishing; survey; taxonomies
Online: 8 March 2020 (16:14:56 CET)
Phishing is a set of devastating techniques which lure target users to provide critical resources. They are successful because they rely on human weaknesses. Gamification which is a recent and non-traditional learning method with purpose to motivate and engage user to carry out activities, is more and more applied to prevent such cyber threats. This paper provides the first survey of gamified solutions dedicated to educate against phishing from 2007 to 2019. The investigation is conducted on eight proposals in terms of core concepts, game mechanics and learning process. We provide three taxonomies of dimensions to systematically characterize researches on gamified solutions, discuss lacks of surveyed works and opens further orientations to enhance this research area. Some key results are: solutions do not consider elementary level of knowledge and do no offer basic notions; solutions are not adapted to general audience and therefore not reliably applicable in different contexts; platforms partially educate about phishing; learners are evaluated predictably and within a short period. This study constitutes a cornerstone to understand and enhance research on phishing education.
ARTICLE | doi:10.20944/preprints202007.0476.v1
Subject: Engineering, Electrical & Electronic Engineering Keywords: IoT; Security; Smart IoT; Rank Attacks; RPL; Version Number Attack; attack model
Online: 21 July 2020 (10:54:38 CEST)
The rapid growth of the smart Internet of Things (IoT) and massive propagation of wireless technologies revealed the recent opportunities for development in various domains of real life such as smart cities and E-Health applications. A slight defense against different forms of attacks is offered for the current secure and lightweight Routing Protocol for Low Power and Lossy Networks (RPL) of IoT resource-constrained devices. Data packets are highly likely to be exposed while transmitting them during data packets routing. The RPL rank and version number attacks, which are two forms of RPL attacks, can have critical consequences for RPL networks. The studies conducted on these attacks have several security defects and performance shortcomings. The research proposes a Secure RPL Routing Protocol (SRPL-RP) for rank and version number attacks. It mainly detects, mitigates and isolates attacks in the RPL networks. The detection is based on a comparison of ranks strategy. The mitigation uses threshold and attacks status tables, and the isolation adds them to a blacklist table and alerts relevant nodes to skip them. SRPL-RP supports diverse types of network topologies and is comprehensively analyzed with multiple studies such as Standard RPL with Attacks, SBIDS and RPL+ Shield. The analysis results showed that the SRPL-RP achieves great improvements with Packet Delivery Ratio (PDR) of 98.48%, control message value of 991 packets/second, and average energy consumption of 1231.75 joules. It provides a better accuracy rate with 98.17% under the attacks.
Subject: Engineering, Automotive Engineering Keywords: functional dependency; network-based linear dependency modelling; internet of things; micro mort model; goal-oriented approach; transformation roadmap; cyber risk regulations; empirical analysis; cyber risk self-assessment; cyber risk target state.
Online: 25 December 2020 (11:35:48 CET)
The Internet-of-Things (IoT) triggers new types of cyber risks. Therefore, the integration of new IoT devices and services requires a self-assessment of IoT cyber security posture. By security posture this article refers to the cybersecurity strength of an organisation to predict, prevent and respond to cyberthreats. At present, there is a gap in the state-of-the-art, because there are no self-assessment methods for quantifying IoT cyber risk posture. To address this gap, an empirical analysis is performed of 12 cyber risk assessment approaches. The results and the main findings from the analysis is presented as the current and a target risk state for IoT systems, followed by conclusions and recommendations on a transformation roadmap, describing how IoT systems can achieve the target state with a new goal-oriented dependency model. By target state, we refer to the cyber security target that matches the generic security requirements of an organisation. The research paper studies and adapts four alternatives for IoT risk assessment and identifies the goal-oriented dependency modelling as a dominant approach among the risk assessment models studied. The new goal-oriented dependency model in this article enables the assessment of uncontrollable risk states in complex IoT systems and can be used for a quantitative self-assessment of IoT cyber risk posture.
Subject: Earth Sciences, Atmospheric Science Keywords: smartphones; balloons, internet of things; cyber-physical systems
Online: 8 September 2021 (12:34:09 CEST)
A smartphone plummeted from a stratospheric height of 36 km (~119,000 feet), providing a complete record of its rapid descent and abrupt deceleration when it hit the ground. The smartphone was configured to collect internal sensor data at high rates. We discuss the state-of-the-art of smartphone environmental and sensing capabilities at the closing of year 2020 and present a flexible mobile sensor data model. The associated open-source application programing interface (API) and python software development kit (SDK) used in this work is transportable to any hardware platform and operating system.
BRIEF REPORT | doi:10.20944/preprints202106.0621.v1
Online: 25 June 2021 (12:13:47 CEST)
as the growth and popularity of technology has become simultaneous ascend in both impacts and numbers of cyber criminals thanks to the web. For many years, the organization has strived in ways of preventing any attacks from cyber-criminal with advanced techniques. Cybercriminals and intruders are developing a more advanced way to breach the security surface of an organization. Advanced Persistent Threats are also known as APT are new and a lot more sophisticated version for multistep attack scenarios that are known and are targeted just to achieve a goal most commonly undercover activities. this report, there will cover everything I know that tells us about APT with more word and brief explanations
REVIEW | doi:10.20944/preprints202102.0082.v1
Subject: Mathematics & Computer Science, Information Technology & Data Management Keywords: identity theft; cyber-crime; identity fraud; types; techniques
Online: 2 February 2021 (10:31:24 CET)
Online identity-based theft is known to be one of the most serious and growing threats to victims, such as individuals and organizations, over the last 10 years due to the enormous economic damage these crimes have caused. The availability of personal information on the Internet has increased the chances of this cyber-crime. Online identity theft crime is the result of a combination of cyber-crimes on the one hand and lack of awareness and training of users on the other hand to protect personal data on the other. Education and awareness, which also contributes to early detection, is the strongest tool for consumers to safeguard themselves from online identity fraud. This paper provides a comprehensive explanation of online identity theft, the various approaches that thieves use to attack individuals and organizations and the types of fraud involved in this cyber-crime. The aim of this research is to evaluate the need for a reformulation of the concept of identity theft in order to be compatible with the evolution of behaviors and fraud.
ARTICLE | doi:10.20944/preprints201806.0425.v2
Subject: Mathematics & Computer Science, Information Technology & Data Management Keywords: Adversarial Deduplication; Machine Learning Classifiers; Cyber Threat Intelligence
Online: 23 July 2018 (12:21:00 CEST)
In traditional databases, the entity resolution problem (which is also known as deduplication), refers to the task of mapping multiple manifestations of virtual objects to its corresponding real-world entity. When addressing this problem, in both theory and practice, it is widely assumed that such sets of virtual object appear as the result of clerical errors, transliterations, missing or updated attributes, abbreviations, and so forth. In this paper, we address this problem under the assumption that this situation is caused by malicious actors operating in domains in which they do not wish to be identified, such as hacker forums and markets in which the participants are motivated to remain semi-anonymous (though they wish to keep their true identities secret, they find it useful for customers to identify their products and services). We are therefore in the presence of a different, even more challenging problem that we refer to as adversarial deduplication. In this paper, we study this problem via examples that arise from real-world data on malicious hacker forums and markets arising from collaborations with a cyber threat intelligence company focusing on understanding this kind of behavior. We argue that it is very difficult---if not impossible---to find ground truth data on which to build solutions to this problem, and develop a set of preliminary experiments based on training machine learning classifiers that leverage text analysis to detect potential cases of duplicate entities. Our results are encouraging as a first step towards building tools that human analysts can use to enhance their capabilities towards fighting cyber threats.
ARTICLE | doi:10.20944/preprints201804.0144.v1
Subject: Mathematics & Computer Science, Information Technology & Data Management Keywords: big data; SIEM; correlation analysis; cyber crime profiling
Online: 11 April 2018 (08:39:02 CEST)
The number of SIEM introduction is increasing in order to detect threat patterns in a short period of time with a large amount of structured/unstructured data, to precisely diagnose crisis to threats, and to provide an accurate alarm to an administrator by correlating collected information. However, it is difficult to quickly recognize and handle with various attack situations using a solution equipped with complicated functions during security monitoring. In order to overcome this situation, new detection analysis process has been required, and there is an effort to increase response speed during security monitoring and to expand accurate linkage analysis technology. In this paper, reflecting these requirements, we design and propose profiling auto-generation model that can improve the efficiency and speed of attack detection for potential threats requirements. we design and propose profiling auto-generation model that can improve the efficiency and speed of attack detection for potential threats.
ARTICLE | doi:10.20944/preprints201706.0113.v1
Subject: Engineering, Control & Systems Engineering Keywords: conceptual modeling; cyber-physical systems; cyber-physical gap; Object-Process Methodology; model-based systems engineering; Three Mile Island 2 Accident
Online: 26 June 2017 (04:59:29 CEST)
: The cyber-physical gap (CPG) is the difference between the 'real' state of the world and the way the system perceives it. This discrepancy often stems from the limitations of sensing and data collection technologies and capabilities, and is an inevitable issue in any cyber-physical system (CPS). Ignoring or misrepresenting such limitations during system modeling, specification, design, and analysis can potentially result in systemic misconceptions, disrupted functionality and performance, system failure, severe damage, and potential detrimental impacts on the system and its environment. We propose CPG-Aware Modeling & Engineering (CPGAME), a conceptual model-based approach for capturing, explaining, and mitigating the CPG, on top of and in sync with the conventional system model, and as an inherent systems engineering activity. This approach enhances the systems engineer’s ability to cope with CPGs, mitigate them by design, and prevent erroneous decisions, actions, and hazardous implications. CPGAME is a generic, conceptual approach, specified and demonstrated with Object Process Methodology (OPM). OPM is a holistic conceptual modeling paradigm for multidisciplinary, complex, dynamic systems, which is also ISO-19450. We analyze the 1979 Three Miles Island 2 nuclear accident as a prime example of the disastrous consequences of unmitigated CPGs in complex systems.
ARTICLE | doi:10.20944/preprints202206.0429.v1
Subject: Mathematics & Computer Science, Information Technology & Data Management Keywords: Botnets; Bots; bot controller; botnet detection; network; botnet architecture; botnet attacks; detection techniques
Online: 30 June 2022 (14:09:31 CEST)
Botnets, a prominent threat to IoT security. ‘botnet’ this word is the composition of robot and network. A network of robots used to commit cybercrime. A bot means a compromised end-host or a device which is a member of a botnet.  Governments have become a popular target for malicious attacks. This is due to them holding mass confidential data on their network.
REVIEW | doi:10.20944/preprints202206.0134.v1
Subject: Engineering, Other Keywords: smart factory; advanced manufacturing; intelligent manufacturing; Cyber Manufacturing; Cyber Physical Systems; Internet of Things; Industry 4.0; Artificial Intelligence; data driven manufacturing
Online: 9 June 2022 (04:05:14 CEST)
In a dynamic and rapidly changing world, customers’ often conflicting demands plus fluid economic requirements, often driven by geo-politics, have continued to evolve, out-striping the capability of existing production systems. With its inherent shortcomings, the traditional factory has proven to be incapable of addressing these modern-day manufacturing challenges. Recent advancements in Industry 4.0 have catalyzed the development of new manufacturing paradigms (or smart factory visions) under different monikers (e.g., Smart factory, Intelligent factory, Digital factory, Cloud-based factory etc.) would help fix these challenges. Due to a lack of consensus on a general nomenclature for these manufacturing paradigms, the term Future Factory (or Factory of the Future) is here used as a collective euphemism, without prejudice. The Future Factory constitutes a creative convergence of multiple technologies, techniques and capabilities that represent a significant change in current production capabilities, models, and practices. It is a data-driven manufacturing approach and system that harnesses intelligence from multiple information streams i.e., assets (including people), processes, and subsystems to help create new forms of production efficiency and flexibility. Serving both as a review monograph and reference companion, this paper details the meanings, characteristics, and technological underpinnings of the Future Factory. It also elucidates on the architectural models that guide the structured deployment of these modern factories with particular emphasis on three advanced communication technologies capable of speeding up advancements in the field. It not only highlights the relevance of communication between assets but also lays out mechanisms to achieve these interactions using the Administration shell. Finally, the paper also discusses the key enabling technologies that are typically embedded into bare bone factories to help improve their visibility, resilience, intelligence, and capacity, in addition to how these technologies are being deployed and to what effect. At the onset of the study, we were interested in developing a monograph which would serve as a comprehensive but concise review of general principles, fundamental concepts, major characteristics, key building blocks and implementation guidelines for the Future Factory within the overall context of the manufacturing ecosystem, in the age of Industry 4.0. Our hope is that this paper would enrich the extant literature on advanced manufacturing, help shape policy and research, and provide insights on how some of the identified pathways can be diffused into industry.
Online: 9 May 2020 (04:35:03 CEST)
As organizations are vulnerable to cyber attacks, their protection becomes a significant issue. Capability Maturity Models can enable organizations to benchmark current maturity levels against best practices. Although many maturity models have been already proposed in the literature, a need for models that integrate several regulations exists. This article presents a light web-based model that can be used as a cybersecurity assessment tool for Higher Education Institutes (HEIs) of the UK. The novel Holistic Cybersecurity Maturity Assessment Framework incorporates all security and privacy regulations and best practices that HEIs must be compliant to and can be used as a self-assessment or a cybersecurity audit tool.
ARTICLE | doi:10.20944/preprints201811.0323.v1
Subject: Mathematics & Computer Science, Information Technology & Data Management Keywords: cyber-physical systems; WBAN security; biometric authentication; medical systems
Online: 14 November 2018 (08:03:19 CET)
A Wireless Body Area Network (WBAN) is a network of wirelessly connected sensing and actuating devices. WBANs used for recording biometric information and administering medication are classified as part of a Cyber Physical System (CPS). Preserving user security and privacy is a fundamental concern of WBANs, which introduces the notion of using biometric readings as a mechanism for authentication. Extensive research has been conducted regarding the various methodologies (e.g. ECG, EEG, gait, head/arm motion, skin impedance). This paper seeks to analyze and evaluate the most prominent biometric authentication techniques based on accuracy, cost, and feasibility of implementation. We suggest several authentication schemes which incorporate multiple biometric properties.
ARTICLE | doi:10.20944/preprints201810.0468.v1
Subject: Engineering, Electrical & Electronic Engineering Keywords: cyber physical systems; dual output inverter; rapid control prototype
Online: 22 October 2018 (05:27:36 CEST)
This paper presents a configuration of dual output single phase current source inverter with 6 switches for microgrid applications. The inverter is capable of delivering power to two independent set of loads of equal voltages or different voltages at the load end. The control strategy is based on Integral Sliding Mode Control (ISMC). The remote monitoring of the inverter is performed with cyber infrastructure. The cyber physical test bench is developed based on Reconfigurable I/O processor (NI MyRIO-1900) for control and monitoring of the inverter. The inverter prototype is tested in cyber physical test bench in laboratory conditions. The performance of the inverter is analyzed and monitored through the remote system. Also, the inverter is analyzed with different voltage conditions.
REVIEW | doi:10.20944/preprints201610.0092.v2
Subject: Engineering, Electrical & Electronic Engineering Keywords: communication standards; cyber security; intrusion detection system; smart grid; topology control; Wireless sensor networks
Online: 27 October 2016 (11:26:10 CEST)
An existing power grid is going through a massive transformation. Smart grid technology is a radical approach for improvisation in prevailing power grid. Integration of electrical and communication infrastructure is inevitable for the deployment of Smart grid network. Smart grid technology is characterized by full duplex communication, automatic metering infrastructure, renewable energy integration, distribution automation and complete monitoring and control of entire power grid. Wireless sensor networks (WSNs) are small micro electrical mechanical systems which are accomplished to collect and communicate the data from surroundings. WSNs can be used for monitoring and control of smart grid assets. Security of wireless sensor based communication network is a major concern for researchers and developers. The limited processing capabilities of wireless sensor networks make them more vulnerable to cyber-attacks. The countermeasures against cyber-attacks must be less complex with an ability to offer confidentiality, data readiness and integrity. The address oriented design and development approach for usual communication network requires a paradigm shift to design data oriented WSN architecture. WSN security is an inevitable part of smart grid cyber security. This paper is expected to serve as a comprehensive assessment and analysis of communication standards, cyber security issues and solutions for WSN based smart grid infrastructure.
ARTICLE | doi:10.20944/preprints201901.0311.v2
Subject: Mathematics & Computer Science, Other Keywords: optical networks; jamming attacks; machine learning; detection and prevention; routing and spectrum assignment; security
Online: 18 June 2019 (07:26:54 CEST)
Optical networks are prone to power jamming attacks intending service disruption. This paper presents a Machine Learning (ML) framework for detection and prevention of jamming attacks in optical networks. We evaluate various ML classifiers for detecting out-of-band jamming attacks with varying intensities. Numerical results show that artificial neural network is the fastest ($10^6$ detection per second) for inference and most accurate ($\approx 100 \%$) in detecting power jamming attacks as well as identifying the optical channels attacked. We also discuss and study a novel prevention mechanism when the system is under active jamming attacks. For this scenario, we propose a novel resource reallocation scheme that utilizes the statistical information of attack detection accuracy to lower the probability of successful jamming of lightpaths while minimizing lightpaths' reallocations. Simulation results show that the likelihood of jamming a lightpath reduces with increasing detection accuracy, and localization reduces the number of reallocations required.
ARTICLE | doi:10.20944/preprints201811.0531.v1
Subject: Engineering, Electrical & Electronic Engineering Keywords: Internet of things; sensor node; LPWAN; attacks; vulnerabilities; IoT; analysis; risk; assessment; low power.
Online: 21 November 2018 (15:55:11 CET)
LoRa and its upper layers definition LoRaWAN is one of the most promising LPWAN technologies for implementing the Internet of Things (IoT). Although being a popular technology, several works in the literature have revealed various weaknesses regarding the security of LoRaWAN v1.0 (the official 1st draft). By using all these recommendations from the academia and industry, the LoRa-Alliance has worked on the v1.0 to develop an enhanced version and provide more secure and trustable architecture. The result of these efforts ended-up with LoRaWAN v1.1, which was released on Oct 11, 2017. This manuscript aims at demystifying the security aspects and provide a comprehensive Security Risk Analysis related to latest version of LoRaWAN. Besides, it provides several remedies to the recognized vulnerabilities. To the best of authors’ knowledge, this work is one of its first kind by providing a detailed security analysis related to latest version of LoRaWAN. According to our analysis, end-device physical capture, rogue gateway and replay attacks are found to be threating for safety operation of the network. Eventually, v1.1 of LoRaWAN is found to be less vulnerable to attacks compared to v1.0, yet possesses several security implications that need to be addressed and fixed for the upcoming releases.
Subject: Social Sciences, Accounting Keywords: cyber-physical systems; digital twin; subject orientation; agent-based systems
Online: 7 December 2020 (09:00:51 CET)
Cyber-Physical Systems form the new backbone of digital ecosystems. Their design can be coupled with engineering activities to facilitate dynamic adaptation and (re-)configuration. Behavior-oriented technologies enable highly distributed and while coupled operation of systems. Utilizing them for digital twins as self-contained design entities with federation capabilities makes them promising candidates to develop and run highly functional CPS. In this paper we discuss mapping CPS components to behavior-based digital twin constituents mirroring integration and implementation through subject-oriented models. These models, inspired by agent-oriented system thinking can be executed and increase transparency at design and runtime. Patterns recognizing environmental factors and operation details facilitate configuration of CPS. Subject-oriented runtime support enable dynamic adaptation and federated use.
ARTICLE | doi:10.20944/preprints202004.0167.v1
Subject: Keywords: cyber physical systems; industry 4.0; human machine interaction; sustainable production
Online: 10 April 2020 (07:46:10 CEST)
In current efforts to digitize manufacturing and move it into the fourth stage of the industrial revolution, a wide range of integration solutions is being considered to enable manufacturing to adapt to change. In transforming a factory into a self-organized, autonomous factory, companies are currently struggling with rapidly changing requirements and production factors, among other things. This is a particular problem for the human being as an actor within the factory, as the amount of new technologies and protocols increases the training effort. Proprietary interfaces of the control providers, a wide range of different communication protocols, complicate the understanding of the production processes, the evaluation and testability of new use cases and increase the danger of creating silos of knowledge as well as building collaboration barriers. As a solution to these problems, we propose an open software platform and define a way to model use case driven domain specific asset representation (DSA) that focuses on the human being and his needs for representing the factory in a way that it meets his requirements for the current production needs. We therefore conducted research on google scholar on human factors in industry 4.0 and used technologies as well as already existing platforms and their architecture.
ARTICLE | doi:10.20944/preprints201903.0111.v1
Subject: Engineering, Control & Systems Engineering Keywords: Industry 4.0., Internet of Things, case study, cyber security framework
Online: 8 March 2019 (15:27:11 CET)
This research article reports the results of a qualitative case study that correlates academic literature with five Industry 4.0 cyber trends, seven cyber risk frameworks and two cyber risk models. While there is a strong interest in industry and academia to standardise existing cyber risk frameworks, models and methodologies, an attempt to combine these approaches has not been done until present. We apply the grounded theory approach to derive with integration criteria for the reviewed frameworks, models and methodologies. Then, we propose a new architecture for the integration of the reviewed frameworks, models and methodologies. We therefore advance the efforts of integrating standards and governance into Industry 4.0 and offer a better understanding of a holistic economic impact assessment model for IoT cyber risk.
ARTICLE | doi:10.20944/preprints202201.0454.v1
Subject: Mathematics & Computer Science, Other Keywords: Ransomware; Behavior analysis; Cyber Security; Machine Learning; Ensemble model; Supervised classification
Online: 31 January 2022 (11:49:48 CET)
Ransomware is one of the most dangerous types of malware, which is frequently intended to spread through a network to damage the designated client by encrypting the client’s vulnerable data. Conventional signature-based ransomware detection technique falls behind because it can only detect known anomalies. When it comes to new and non-familiar ransomware traditional system unveils huge shortcomings. For detecting unknown patterns and sorts of new ransomware families,behavior-based anomaly detection approaches are likely to be the most efficient approach. In the wake of this alarming condition, this paper presents an ensemble classification model consisting of three widely used machine learning techniques that include Decision Tree (DT), RandomForest (RF), and K-nearest neighbor (KNN). To achieve the best outcome ensemble soft voting and hard voting techniques are used while classifying ransomware families based on attack attributes. Performance analysis is done by comparing our proposed ensemble models with standalone models on behavioral attributes based ransomware dataset..
ARTICLE | doi:10.20944/preprints202107.0120.v1
Subject: Engineering, Other Keywords: Information security; Cybercrime; cyber awareness; cybersecurity basics; cybersecurity hygiene; Blockchain technology
Online: 5 July 2021 (16:34:35 CEST)
The ignorance of or lack of knowledge about cybersecurity aspects causes a critical problem regarding confidentiality and privacy. This security problem will continue to exist even if the user possesses less expertise in information security. The modern IT technologies are well developed, and almost everyone uses the features of IT technologies and services within the Internet. However, people are being affected due to cybersecurity threats. People can adhere to the recommended cybersecurity guidelines, rules, adopted standards, and cybercrime preventive measures. However, it is not possible to entirely avoid cybercrimes. Cybercrimes often lead to sufficient business losses and spread forbidden themes (hatred, terrorism, child porn, etc.). Therefore, to reduce the risk of cybercrimes, a web-based Blockchain-enabled cybersecurity awareness program (WBCA) process is introduced in this paper. The proposed web-based cybersecurity awareness program trains users to improve their security skills. The proposed program helps with understanding the common behaviors of cybercriminals and improves user knowledge of cybersecurity hygiene, best cybersecurity practices, modern cybersecurity vulnerabilities, and trends. Furthermore, the proposed WBCA uses the Blockchain technology to protect the model from the potential threats. The proposed model is validated and tested using real-world cybersecurity topics with real users and cybersecurity experts. We anticipate that the proposed program can be extended to other domains, such as national or corporate courses, to increase the cybersecurity awareness level of users.
ARTICLE | doi:10.20944/preprints202005.0384.v1
Subject: Engineering, Industrial & Manufacturing Engineering Keywords: 5G Wireless Technology; Artificial Intelligence; Blockchain; Cloud Computing; Cyber-Physical System
Online: 24 May 2020 (16:10:26 CEST)
The landscape of centralized cloud computing is now changing to distributed and decentralized clouds with promising impacts on energy consumption, resource availability, resilience, and customer experience. This research highlights the impacts of emerging IT trends, namely, 5G wireless technology, blockchain, and industrial Artificial Intelligence (AI) in development and realization of the next generation of cloud computing. Integration of these technologies in cyber-physical system and cloud manufacturing paradigms is explained and a unified edge-fog-cloud architecture is proposed for successful implementation in manufacturing systems.
ARTICLE | doi:10.20944/preprints201905.0099.v1
Subject: Engineering, Industrial & Manufacturing Engineering Keywords: Real-Time Networks; Scheduling; Time-Triggered; SMT Solvers; Cyber-Physical Systems
Online: 8 May 2019 (11:53:33 CEST)
Future cyber-physical systems may extend over broad geographical areas, like cities or regions, thus requiring the deployment of large real-time networks. A strategy to guarantee predictable communication over such networks is to synthesize an offline time-triggered communication schedule. However, this synthesis problem is computationally hard (NP-complete), and existing approaches do not scale satisfactorily to the required network sizes. This article presents a segmented offline synthesis method which substantially reduces this limitation, being able to generate time-triggered schedules for large hybrid (wired and wireless) networks. We also present a series of algorithms and optimizations that increase the performance and compactness of the obtained schedules while solving some of the problems inherent to segmented approaches. We evaluate our approach on a set of realistic large-size multi-hop networks, significantly larger than those considered in the existing literature. The results show that our segmentation reduces the synthesis time up to two orders of magnitude.
REVIEW | doi:10.20944/preprints201804.0066.v1
Subject: Mathematics & Computer Science, Information Technology & Data Management Keywords: cyber physical systems; cybercrime; risk mitigation; risk management; industrial control systems
Online: 5 April 2018 (06:10:06 CEST)
Cyber Physical Systems (CPS) is the integration of computation and physical process that makes a complete system such as the physical components, networked systems, embedded computers and software and linking together of devices and sensors for information sharing. Cyber Physical Systems are Smart Systems that comprises of the merging and integration of Industry Control Systems, Critical Infrastructures, Internet of Things (IoT) and Embedded Systems. Major industries such as the Chemical and Industrial Plants, Aviation Systems, National Grid, the Stock Exchange, Military Systems, and others depends heavily on these Cyber Physical Systems for financial and economic growth. The benefits of CPS nationally and globally are in the areas of Manufacturing, Energy, Transport, Healthcare and Communication. Cyber Physical Systems incorporates Physical systems, Digital systems and Human elements on network infrastructures to provide interactive systems. However, these three key components the Physical systems, Digital systems and Human elements may have inherent threats and vulnerabilities on them that may run the risk of being compromise, exploited, attacked or hacked. Cybercriminals in their quest to bring down these systems and may cause disruption of services either for fame, revenge, political motive, economic war, cyber terrorism and cyber war. The study seeks to review the risks that are associated with these three key components Physical systems, Digital systems and Human elements. The study considered four main risk mitigation goals for this purpose, and these are Business Value, Organizational Requirements, Threat Agent and Impact based on the review results. We used Analytical Hierarchical Process (AHP) to determine the relative importance of these goals that contributes to developing cybercrime and rich in CPS. For the results, the prioritized goals are then used to assess the risks using a semi-quantitative approach to determine the net threat level.
ARTICLE | doi:10.20944/preprints202208.0197.v1
Subject: Mathematics & Computer Science, Artificial Intelligence & Robotics Keywords: Deep neural networks; Adversarial Attacks; Poisoning; Backdoors; Trojans; Taxonomy; Ontology; Knowledge Base; Explainable AI; Green AI
Online: 10 August 2022 (09:39:07 CEST)
Deep neural networks (DNN) have successfully delivered a cutting-edge performance in several fields. With the broader deployment of DNN models on critical applications, the security of DNNs becomes an active and yet nascent area. Attacks against DNNs can have catastrophic results, according to recent studies. Poisoning attacks, including backdoor and Trojan attacks, are one of the growing threats against DNNs. Having a wide-angle view of these evolving threats is essential to better understand the security issues. In this regard, creating a semantic model and a knowledge graph for poisoning attacks can reveal the relationships between attacks across intricate data to enhance the security knowledge landscape. In this paper, we propose a DNN Poisoning Attacks Ontology (DNNPAO) that would enhance knowledge sharing and enable further advancements in the field. To do so, we have performed a systematic review of the relevant literature to identify the current state. We collected 28,469 papers from IEEE, ScienceDirect, Web of Science, and Scopus databases, and from these papers, 712 research papers were screened in a rigorous process, and 55 poisoning attacks in DNNs were identified and classified. We extracted a taxonomy of the poisoning attacks as a scheme to develop DNNPAO. Subsequently, we used DNNPAO as a framework to create a knowledge base. Our findings open new lines of research within the field of AI security.
ARTICLE | doi:10.20944/preprints202209.0103.v1
Subject: Mathematics & Computer Science, Artificial Intelligence & Robotics Keywords: Portable Document Format (PDF); machine learning; detection; optimizable decision tree; Ada-Boost; PDF malware; evasion attacks; cybersecurity
Online: 7 September 2022 (05:33:40 CEST)
Portable Document Format (PDF) files are one of the most universally used file types. This has fascinated hackers to develop methods to use these normally innocent PDF files to create security threats via infection vectors PDF files. This is usually realized by hiding embedded malicious code in the victims’ PDF documents to infect their machines. This, of course, results in PDF Malware and requires techniques to identify benign files from malicious files. Research studies indicated that machine-learning methods provide efficient detection techniques against such malware. In this paper, we present a new detection system that can analyze PDF documents in order to identify benign PFD files from malware PFD files. The proposed system makes use of the AdaBoost decision tree with optimal hyperparameters, which is trained and evaluated on a modern-inclusive dataset, viz. Evasive-PDFMal2022. The investigational assessment demonstrates a lightweight-accurate PDF detection system, achieving a 98.84% prediction accuracy with a short prediction interval of 2.174 μSec. To this end, the proposed model outperforms other state-of-the-art models in the same study area. Hence, the proposed system can be effectively utilized to uncover PDF malware at high detection performance and low detection overhead.
Subject: Mathematics & Computer Science, Information Technology & Data Management Keywords: Intrusion Detection Systems; IDS; Cyber Security; Information Technology; Security Systems; Systems Security
Online: 15 June 2022 (09:28:49 CEST)
Intrusion Detection Systems (IDS) plays a part in modern cyber security, as a result of the increasing need for cyber security systems in the “real” world due to the increasing number of cyber attacks, more sophisticated systems are required in order to prevent these attacks - an IDS can provide this protection. Due to the sophistication of these systems, they must be properly understood, developed and analyzed - research papers can be used as a tool to improve IDS systems. This paper is composed of two main sections: a survey and a taxonomy, providing information, reviews and interpretations from relevant papers, a timeline of important papers, a discussion on the future of IDS and a classification on IDS and how to apply this.
ARTICLE | doi:10.20944/preprints201808.0482.v1
Subject: Engineering, Industrial & Manufacturing Engineering Keywords: inverse problem; industrial tomography; machine learning, sensors, cyber-physical system, Industry 4.0
Online: 29 August 2018 (05:56:49 CEST)
The article presents a cyber-physical system for acquiring, processing and reconstructing images from measurement data. The technology was based on process tomography, intelligent measurement sensors, machine learning, Big Data, Cloud Computing, Internet of Things as a solution for Industry 4.0. Industrial tomography enables observation of physical and chemical phenomena without the need of internal penetration and allows real-time monitoring of production processes. The application includes specialized intelligent devices for tomographic measurements and dedicated algorithms for solving the inverse problem. The work focuses mainly on electrical tomography and image reconstruction using deterministic methods and machine learning, the reconstruction results were compared, different measurement models were used. The researches were carried out for synthetic data and laboratory measurements. The main advantage of the proposed system is the possibility of spatial data analysis and their high processing speed. The presented research results show that the process tomography gives the possibility to analyse the processes taking place inside the facility without disturbing the production, analysis and detection of obstacles, defects and various anomalies. Knowing the characteristics of a given solution, the application allows you to choose the appropriate method to reconstruct the image.
ARTICLE | doi:10.20944/preprints201706.0119.v1
Subject: Engineering, Electrical & Electronic Engineering Keywords: emulation; network threat; network attack; network services; network topology; cyber defence exercises
Online: 27 June 2017 (05:16:41 CEST)
This paper outlines a tool developed with the purpose of creating a simple configurable emulated network environment that can be used in cyber defence exercises. Research has been conducted into the various related subject areas: cyber defence exercises, network threats, network emulation, network traffic replay, network topologies, and common network services. From this research a requirements specification was produced to encapsulate the features required to create this tool. A network, containing many of the aspects researched, was designed and implemented using Netkit-NG to act as a blueprint for the tool and to further knowledge in the construction of an emulated network. Following this the tool was developed and tested to ensure requirements were met.
REVIEW | doi:10.20944/preprints201808.0053.v1
Subject: Engineering, Electrical & Electronic Engineering Keywords: Smart grid; Monitoring System; Distribution System State Estimation, Information and Communication Technology, Distribution Management Systems, Distributed Energy Sources, Cyber-Physical Systems, Energy Management System, Energy Storage Systems, Cyber Security
Online: 2 August 2018 (17:25:01 CEST)
Electric power systems are experiencing relevant changes involving the growing penetration of distributed generation and energy storage systems, the introduction of electric vehicles, the management of responsive loads, the proposals for new energy markets and so on. Such evolution is pushing for a paradigm shift: the management must move from traditional planning and manual intervention to full “smartization” of medium and low voltage networks. Peculiarities and criticalities of future power distribution networks originate from the complexity of the system that includes both the physical aspects of electric networks and the cyber aspects, like data elaboration, feature extraction, communication, supervision and control; only fully integrated advanced monitoring systems can foster this transition towards network automation. The design and development of such future networks require distinct kinds of expertise in the industrial and information engineering fields. In this context, this paper provides a comprehensive review of current challenges and multidisciplinary interactions in the development of smart distribution networks.
ARTICLE | doi:10.20944/preprints202008.0603.v1
Subject: Engineering, Electrical & Electronic Engineering Keywords: secure boot; cyber-physical system security; embedded systems; FPGA; hardware primitives; IoT security
Online: 27 August 2020 (08:49:02 CEST)
Reconfigurable computing is becoming ubiquitous in the form of consumer-based Internet of Things (IoT) devices. Reconfigurable computing architectures have found their place in safety-critical infrastructures such as the automotive industry. As the target architecture evolves, it also needs to be updated remotely on the target platform. This process is susceptible to remote hijacking, where the attacker can maliciously update the reconfigurable hardware target with tainted hardware configuration. This paper proposes an architecture of establishing Root of Trust at the hardware level using cryptographic co-processors and Trusted Platform Modules (TPMs) and enable over the air updates. The proposed framework implements secure boot protocol on Xilinx based FPGAs. The project demonstrates the configuration of the bitstream, boot process integration with TPM and secure over-the-air updates for the hardware reconfiguration.
ARTICLE | doi:10.20944/preprints202005.0213.v1
Subject: Engineering, Construction Keywords: BIM; construction; critical infrastructure; cybersecurity; cyber-physical systems; digital twin; EPCIP; Industry 4.0
Online: 12 May 2020 (12:44:01 CEST)
The umbrella concept for the current efforts to digitize construction is known as Construction 4.0. One of its key concepts is cyber-physical systems. The construction industry is not only creating increasingly valuable digital assets (in addition to physical ones) but also the buildings and built infrastructures are increasingly monitored and controlled using digital technology. Both make construction a vulnerable target of cyber-attacks. While the damage to digital assets, such as designs and cost calculations, may result in economic damage, attacks on digitally-controlled physical assets may damage the well-being of occupants and, in worst-case scenarios, even damage (or death) to the users. The problem is amplified by the emerging cyber-physical nature of the systems, where the human checks may be left out. We propose that construction learns from the work done in the context of critical infrastructures (CI). First, a lot of CI is construction-related, and the process of designing and building it must be secured accordingly. Second, while most assets may not be critical in the CI sense, they are critical to the operations of a business and the lives of citizens. In the end, we recommend some steps so that well-established processes of critical infrastructure protection trickle down to make Construction 4.0 and the built environment more cyber-secure. With that in mind, we describe the possible inclusion of Construction 4.0 considerations into existing critical infrastructure protection (CIP) frameworks with minimum frictions. We also propose some suggestions regarding possible future courses of action to improve the increasingly vulnerable cyber-security environment of the built environment across all life cycle phases - design, construction, operation, maintenance, and end of life.
Subject: Engineering, Industrial & Manufacturing Engineering Keywords: Cloud manufacturing, Computer Numerical Control (CNC), Control as a Service, Cyber-physical system
Online: 28 May 2019 (10:25:13 CEST)
Cloud-based CNC is an emerging paradigm of Industry 4.0 where computer numerical control (CNC) functionalities are moved to the cloud and provided to manufacturing machines as a service. Among many benefits, C-CNC allows manufacturing machines to leverage advanced control algorithms running on cloud computers to boost their performance at low cost, without need for major hardware upgrades. However, a fundamental challenge of C-CNC is how to guarantee safety and reliability of machine control given variable Internet quality of service, especially on public Internet networks. We propose a three-tier redundant architecture to address this challenge. We then prototype tier one of the architecture on a 3D printer successfully controlled via C-CNC over public Internet connections, and discuss follow-on research opportunities.
ARTICLE | doi:10.20944/preprints202007.0409.v1
Subject: Engineering, Electrical & Electronic Engineering Keywords: Demand Side Management; Demand Response; Cyber-Physical Systems; Dynamic Pricing; Load Forecasting; Attack Detection
Online: 19 July 2020 (11:14:01 CEST)
Demand-Side Management (DSM) is an essential tool to ensure power system reliability and stability. In future smart grids, certain portions of a customer’s load usage could be under the automatic control of a cyber-enabled DSM program, which selectively schedules loads as a function of electricity prices to improve power balance and grid stability. In this scenario, the security of DSM cyberinfrastructure will be critical as advanced metering infrastructure and communication systems are susceptible to cyber-attacks. Such attacks, in the form of false data injections, can manipulate customer load profiles and cause metering chaos and energy losses in the grid. The feedback mechanism between load management on the consumer side and dynamic price schemes employed by independent system operators can further exacerbate attacks. To study how this feedback mechanism may worsen attacks in future cyber-enabled DSM programs, we propose a novel mathematical framework for (i) modeling the nonlinear relationship between load management and real-time pricing, (ii) simulating residential load data and prices, (iii) creating cyber-attacks, and (iv) detecting said attacks. In this framework, we first develop time-series forecasts to model load demand and use them as inputs to an elasticity model for the price-demand relationship in the DSM loop. This work then investigates the behavior of such a feedback loop under intentional cyber-attacks. We simulate and examine load-price data under different DSM-participation levels with three types of random additive attacks: ramp, sudden, and point attacks. We conduct two investigations for the detection of DSM attacks. The first studies a supervised learning approach, with various classification models, and the second studies the performance of parametric and nonparametric change point detectors. Results conclude that higher amounts of DSM participation can exacerbate ramp and sudden attacks leading to better detection of such attacks, especially with supervised learning classifiers. We also find that nonparametric detection outperforms parametric for smaller user pools, and random point attacks are the hardest to detect with any method.
ARTICLE | doi:10.20944/preprints201612.0135.v1
Subject: Engineering, Industrial & Manufacturing Engineering Keywords: context sensitivity; cyber physical systems; flexible manufacturing system; process optimization; self-learning systems; SOA
Online: 28 December 2016 (11:13:22 CET)
Highly flexible manufacturing systems require continuous run-time (self-) optimization of processes with respect to various parameters, e.g. efficiency, availability, energy consumption etc. A promising approach for achieving (self-) optimization in manufacturing systems is the usage of the context sensitivity approach. Thereby the Cyber-Physical Systems play an important role as sources of information to achieve context sensitivity. In this paper it is demonstrated how context sensitivity can be used to realize a holistic solution for (self-) optimization of discrete flexible manufacturing systems, by making use of Cyber-Physical System integrated in manufacturing systems/processes. A generic approach for context sensitivity, based on self-learning algorithms, is proposed aiming at a various manufacturing systems. The new solution is propos encompassing run-time context extractor and optimizer. Based on the self-learning module both context extraction and optimizer are continuously learning and improving their performance. The solution is following Service Oriented Architecture principles. The generic solution is developed and then applied to two very different manufacturing processes. This paper proposes a holistic solution to achieve context sensitivity for Flexible Manufacturing Systems, whereby the knowledge created by applying the context sensitivity approach can be used for (self-) optimization of manufacturing processes.
ARTICLE | doi:10.20944/preprints202207.0039.v1
Subject: Engineering, Electrical & Electronic Engineering Keywords: Autonomous vehicles (A.V.); Anomaly Detection (A.D.); Deep Learning (DL), Symmetry; Long Short-Term Memory (LSTM); False Data Injection (FDI) Attacks
Online: 4 July 2022 (08:14:45 CEST)
Nowadays, technological advancement has transformed traditional vehicles into Au-tonomous Vehicles (A.V.s). In addition, in our daily lives, A.V.s play an important role since they are considered an essential component of smart cities. A.V. is an intelligent vehicle capable of main-taining safe driving by avoiding crashes caused by drivers. Unlike traditional vehicles, which are fully controlled and operated by humans, A.V.s collect information about the outside environment using sensors to ensure safe navigation. Furthermore, A.V.s reduce environmental impact because they usually use electricity to operate instead of fossil fuel, thus decreasing the greenhouse gasses. However, A.V.s could be threatened by cyberattacks, posing risks to human life. For example, re-searchers reported that Wi-Fi technology could be vulnerable to cyberattacks through Tesla and BMW AVs. Therefore, more research is needed to detect cyberattacks targeting the components of A.V.s to mitigate their negative consequences. This research will contribute to the security of A.V.s by detecting cyberattacks at the early stages. First, we inject False Data Injection (FDI) attacks into an A.V. simulation-based system developed by MathWorks. Inc. Second, we collect the dataset generated from the simulation model after integrating the cyberattack. Third, we implement an intelligent symmetrical anomaly detection method to identify FDI attacks targeting the control system of the A.V. through a compromised sensor. We use long short-term memory (LSTM) deep networks to detect FDI attacks in the early stage to ensure the stability of the operation of A.V.s. Our method classifies the collected dataset into two classifications: normal and anomaly data. The ex-perimental result shows that our proposed model's accuracy is 99.95%. To this end, the proposed model outperforms other state-of-the-art models in the same study area.
ARTICLE | doi:10.20944/preprints202004.0362.v1
Subject: Mathematics & Computer Science, Other Keywords: Internet of Things (IoT); security goals; security guidelines; IoT assets; IoT security level certificates; countermeasures; IoT attacks; secure IoT frameworks
Online: 20 April 2020 (12:04:32 CEST)
Internet of Things (IoT) provides a huge business value for customers, organizations, and governments due to the developments of so many applications in different sectors like energy and healthcare. Nevertheless, as a new emerging technology, IoT faces several security concerns that are more challenging than conventional Internet because of its limited resources as well as its complex ecosystem. Toward this end, we first highlight IoT security challenges and briefly discuss its security goals like confidentiality and integrity. Second, we discuss the most common attacks against IoT, along with their violated security goals. We also review the existing frameworks of security and privacy guidelines for IoT and illustrate their shortcomings. Third, we propose a novel framework for securing IoT objects, the key objective of which is to assign different Security Level Certificates (SLCs) for IoT objects based on their hardware capabilities and protection measures. Objects with SLCs, therefore, will be able to communicate with each other or with the Internet in a secure manner. The proposed framework is composed of five main phases. In phase 1, we classify IoT assets into four components: (i) physical objects, (ii) protocols, (iii) data at rest, and (iv) software, which includes operating systems, middlewares, and applications. We also classify IoT objects into five categories based on their hardware capabilities. In phase 2, we propose security and privacy guidelines for previously mentioned IoT assets, along with their protection measures. In phase 3, we classify protection measures into five SLCs, and then we assign different SLCs for IoT objects. In phase 4: we develop a communication plan between objects based on their SLCs. In phase 5, we propose a four-step method to seamlessly integrate our objects with legacy objects ( objects are not developed according to our framework). Fourth, the feasibility and application of this framework are illustrated using smart homes as a case study. Finally, we investigate how our framework would lessen several attacks and threats against IoT like routing attacks and physical damage. We also provide qualitative arguments to show that this framework could be utilized to solve some of IoT security challenges such as tight resource constrains. Moreover, we discuss the shortcomings of our suggested framework.
REVIEW | doi:10.20944/preprints202208.0483.v1
Subject: Engineering, Other Keywords: Digital Twins; Cyber-Physical Systems; Control; Communication; Computation; 5G; Artificial Intelligence; Machine Learning; Computational Intelligence
Online: 29 August 2022 (09:51:49 CEST)
Cyber-Physical Systems (CPS) are integrations of computation and physical processes. Physical processes are monitored and controlled by embedded computers and networks, which frequently have feedback loops where physical processes affect computations and vice versa. To ease the analysis of a system, the costly physical plants can be replaced by high-fidelity virtual models that provide a framework for Digital-Twins (DT). This paper aims to briefly review the state-of-the-art and recent developments in DT and CPS. Three main components in CPS, including communication, control, and computation, are reviewed. Besides, the main tools and methodologies required for implementing practical DT are discussed by following the main applications of DT in the fourth industrial revolution through aspects of smart manufacturing, sixth wireless generation (6G), health, production, energy, and so on. Finally, the main limitations and ideas for future remarks are talked about followed by a short guideline for real-world application of DT towards CPS.
Subject: Mathematics & Computer Science, Algebra & Number Theory Keywords: Artificial intelligence; machine learning; real-time probabilistic data; for cyber risk; super forecasting; red teaming;
Online: 12 April 2021 (12:18:14 CEST)
Multiple governmental agencies and private organisations have made commitments for the colonisation of Mars. Such colonisation requires complex systems and infrastructure that could be very costly to repair or replace in cases of cyber-attacks. This paper surveys deep learning algorithms, IoT cyber security and risk models, and established mathematical formulas to identify the best approach for developing a dynamic and self-adapting system for predictive cyber risk analytics supported with Artificial Intelligence and Machine Learning and real-time intelligence in edge computing. The paper presents a new mathematical approach for integrating concepts for cognition engine design, edge computing and Artificial Intelligence and Machine Learning to automate anomaly detection. This engine instigates a step change by applying Artificial Intelligence and Machine Learning embedded at the edge of IoT networks, to deliver safe and functional real- time intelligence for predictive cyber risk analytics. This will enhance capacities for risk analytics and assists in the creation of a comprehensive and systematic understanding of the opportunities and threats that arise when edge computing nodes are deployed, and when Artificial Intelligence and Machine Learning technologies are migrated to the periphery of the internet and into local IoT networks.
REVIEW | doi:10.20944/preprints202006.0139.v1
Subject: Mathematics & Computer Science, Information Technology & Data Management Keywords: Cybersecurity; machine learning; data science; decision making; cyber-attack; security modeling; intrusion detection; threat intelligence
Online: 11 June 2020 (12:12:50 CEST)
In a computing context, cybersecurity is undergoing massive shifts in technology and its operations in recent days, and data science is driving the change. Extracting security incident patterns or insights from cybersecurity data and building corresponding data-driven model, is the key to make a security system automated and intelligent. To understand and analyze the actual phenomena with data, various scientific methods, machine learning techniques, processes, and systems are used, which is commonly known as data science. In this paper, we focus and briefly discuss cybersecurity data science, where the data is being gathered from relevant cybersecurity sources, and the analytics complement the latest data-driven patterns for providing more effective security solutions. The concept of cybersecurity data science allows making the computing process more actionable and intelligent as compared to traditional ones in the domain of cybersecurity. We then discuss and summarize a number of associated research issues and future directions. Furthermore, we provide a machine learning-based multi-layered framework for the purpose of cybersecurity modeling. Overall, our goal is not only to discuss cybersecurity data science and relevant methods but also to focus the applicability towards data-driven intelligent decision making for protecting the systems from cyber-attacks.
ARTICLE | doi:10.20944/preprints202002.0295.v1
Subject: Engineering, Electrical & Electronic Engineering Keywords: cyber-power network; distribution system reliability; FMEA; reliability assessment; risk priority number (RPN); Smart Grid
Online: 20 February 2020 (08:33:27 CET)
Reliability assessment in traditional power distribution systems has played a key role in power system planning, design, and operation. Recently, new information and communication technologies have been introduced in power systems automation and asset management, making the distribution network even more complex. In order to achieve efficient energy management, the distribution grid has to adopt a new configuration and operational conditions that are changing the paradigm of the actual electrical system. Therefore, the emergence of the cyber-physical systems concept to face future energetic needs requires alternative approaches for evaluating the reliability of modern distribution systems, especially in the smart grids environment. In this paper, a reliability approach that makes use of failure modes of power and cyber network main components is proposed to evaluate risk analysis in smart electrical distribution systems. We introduce the application of Failure Modes and Effects Analysis (FMEA) method in future smart grid systems in order to establish the impact of different failure modes on their performance. A smart grid test system is defined and failure modes and their effects for both power and the cyber components are presented. Preventive maintenance tasks are proposed and systematized to minimize the impact of high-risk failures and increase reliability.
ARTICLE | doi:10.20944/preprints202209.0058.v2
Subject: Mathematics & Computer Science, Other Keywords: Internet of Things; Incremental Machine Learning; Intrusion Detection System; Online Machine Learning; Cyber-Security; Ensemble Learning
Online: 7 September 2022 (11:47:23 CEST)
Computers have evolved over the years and as the evolution continues, we have been ushered into an era where high-speed internet has made it possible for devices in our homes, hospital, energy and industry to communicate with each other. This era is what is known as the Internet of Things (IoT). IoT has several benefits in the health, energy, transportation and agriculture sectors of a country’s economy. These enormous benefits coupled with the computational constraint of IoT devices which makes it difficult to deploy enhanced security protocols on them make IoT devices a target of cyber-attacks. One approach that has been used in traditional computing over the years to fight cyber-attacks is Intrusion Detection System (IDS). However, it is practically impossible to deploy IDS meant for traditional computers in IoT environments because of the computational constraint of these devices. In this regard, this study proposes a lightweight IDS for IoT devices using an incremental ensemble learning technique. We used Gaussian Naive Bayes and Hoeffding tree to build our incremental ensemble model. The model was then evaluated on the TON IoT dataset. Our proposed model was compared with other state-of-the-art methods proposed and evaluated using the same dataset. The experimental results show that the proposed model achieved an average accuracy of 99.98\%. We also evaluated the memory consumption of our model which showed that our model achieved a lightweight model status of 650.11KB as the highest memory consumption and 122.38KB as the lowest memory consumption.
REVIEW | doi:10.20944/preprints202209.0032.v1
Subject: Mathematics & Computer Science, Information Technology & Data Management Keywords: cybersecurity; machine learning; deep learning; artificial intelligence; data-driven decision making; automation; cyber analytics; intelligent systems;
Online: 2 September 2022 (03:32:48 CEST)
Due to the digitization and Internet of Things revolutions, the present electronic world has a wealth of cybersecurity data. Efficiently resolving cyber anomalies and attacks is becoming a growing concern in today's cyber security industry all over the world. Traditional security solutions are insufficient to address contemporary security issues due to the rapid proliferation of many sorts of cyber-attacks and threats. Utilizing artificial intelligence knowledge, especially machine learning technology, is essential to providing a dynamically enhanced, automated, and up-to-date security system through analyzing security data. In this paper, we provide an extensive view of machine learning algorithms, emphasizing how they can be employed for intelligent data analysis and automation in cybersecurity through their potential to extract valuable insights from cyber data. We also explore a number of potential real-world use cases where data-driven intelligence, automation, and decision-making enable next-generation cyber protection that is more proactive than traditional approaches. The future prospects of machine learning in cybersecurity are eventually emphasized based on our study, along with relevant research directions. Overall, our goal is to explore not only the current state of machine learning and relevant methodologies but also their applicability for future cybersecurity breakthroughs.
ARTICLE | doi:10.20944/preprints202103.0406.v1
Subject: Mathematics & Computer Science, Algebra & Number Theory Keywords: cyber security; secure development; prototyping; web security; internet of things; software security; digitalization; socio-technical security
Online: 16 March 2021 (09:24:24 CET)
Secure development is a proactive approach to cyber security. Rather than building a technological solution and then securing it in retrospect, secure development strives to embed good security practices throughout the development process and thereby reduces risk. Unfortunately, evidence suggests secure development is complex, costly, and limited in practice. This article therefore introduces security-focused prototyping as a natural precursor to secure development that embeds security at the beginning of the development process, can be used to discover domain specific security requirements, and can help organisations navigate the complexity of secure development such that the resources and commitment it requires are better understood. Two case studies–one considering the creation of a bespoke web platform and the other considering the application layer of an Internet of Things system–verify the potential of the approach and its ability to discover domain specific security requirements in particular. Future work could build on this work by conducting case studies to further verify the potential of security-focused prototyping and even investigate its capacity to be used as a tool capable of reducing a broader, socio-technical, kind of risk.
Subject: Engineering, Control & Systems Engineering Keywords: Industrial Internet of Things; Cyber Physical Systems; Internet of Everything; Industry 4.0; Digital Industry; Digital Economy
Online: 14 September 2020 (05:47:48 CEST)
This article conducts a literature review of current and future challenges in the use of artificial intelligence (AI) in cyber physical systems. The literature review is focused on identifying a conceptual framework for increasing resilience with AI through automation supporting both, a technical and human level. The methodology applied resembled a literature review and taxonomic analysis of complex internet of things (IoT) interconnected and coupled cyber physical systems. There is an increased attention on propositions on models, infrastructures and frameworks of IoT in both academic and technical papers. These reports and publications frequently represent a juxtaposition of other related systems and technologies (e.g. Industrial Internet of Things, Cyber Physical Systems, Industry 4.0 etc.). We review academic and industry papers published between 2010 and 2020. The results determine a new hierarchical cascading conceptual framework for analysing the evolution of AI decision-making in cyber physical systems. We argue that such evolution is inevitable and autonomous because of the increased integration of connected devices (IoT) in cyber physical systems. To support this argument, taxonomic methodol- ogy is adapted and applied for transparency and justifications of concepts selection decisions through building summary maps that are applied for designing the hierarchical cascading conceptual framework.
ARTICLE | doi:10.20944/preprints201910.0032.v1
Subject: Mathematics & Computer Science, Information Technology & Data Management Keywords: computerized revenue collection; machine learning; cyber security; software defined networks; object-oriented programming; online database management
Online: 3 October 2019 (01:45:11 CEST)
The need for the most accurate and flexible system of revenue collection from internal sources has become a matter of extreme urgency and importance in e-governance. This need underscores the eagerness on the part of the Government to look for a new principle and policy of revenue collection or to become aggressive and innovative in the mode of collecting revenue from existing sources using the present system. The Boards of some Governments in Africa, even up to the moment are facing a lot of setbacks in performing their tasks due to the manual system of revenue collection from the public. This can be improved through an effective collection of revenue using the most accurate and flexible system. Tax is usually collected in the form of specific sales tax, general sales tax, corporate income tax, individual income tax, property tax and inheritance tax. Problems such as high cost of collection, fraud, underpayment, leakage in revenue, poor access to information, poor tracking of defaulters is at the increase. As a result of this, there is need to computerize the revenue collection system. Computerized systems have proven to introduce massive efficiencies and quick collection of revenue from the public. This research work demonstrates how to design and implement an automated system of revenue collection and how to maintain a secured database for collected tax information. This research delves into the study of how machine learning algorithms and Software-defined Networks improve the security of such automated systems.
ARTICLE | doi:10.20944/preprints202205.0352.v1
Subject: Mathematics & Computer Science, Applied Mathematics Keywords: Quality real-time systems; Automated Machine Learning; Real-time embedded control systems; Cyber-physical systems; Neural Networks
Online: 25 May 2022 (11:17:19 CEST)
A correct system design can be systematically obtained from a specification model of a real-time system that integrates hybrid measurements in a realistic industrial environment, this has been carried out through complete Matlab / Simulink / Stateflow models. However, there is a widespread interest in carrying out that modeling by resorting to Machine Learning models, which can be understood as Automated Machine Learning for Real-time systems that present some degree of hybridization. An induction motor controller which must be able to maintain a constant air flow through a filter is one of these systems and it is discussed in the paper as a study case of closed-loop control system. The article discusses a practical application of ML methods that demonstrates how to replace such closed loop in industrial control systems with a Simulink block generated from neural networks to show how the proposed procedure can be applied to derive complete hybrid system designs with artificial neural networks (ANN). In the proposed ANN-based method to design a real-time hybrid system with continuous and discrete components, we use a typical design of a neural network, in which we define the usual phases: training, validation, and testing. The generated output of the model is made up of reference variables values of the cyber-physical system, which represent the functional and dynamic aspects of model. They are used to feed Simulink/Stateflow blocks in the real target system.
CONCEPT PAPER | doi:10.20944/preprints202107.0557.v1
Subject: Social Sciences, Other Keywords: Industry 4.0; Cyber-Physical Systems (CPS); Internet of Things (IoT); Human factors; Automated production Systems; Social interactions; Social Networks
Online: 26 July 2021 (09:47:59 CEST)
Since the 1970s, the application of microprocessor in industrial machinery and the development of computer systems have transformed the manufacturing landscape. The rapid integration and automation of production systems have outpaced the development of suitable human design criteria, creating a deepening gap where human factor was seen as an important source of errors and disruptions. Today the situation seems different: the scientific and public debate about the concept of Industry 4.0 has raised the awareness about the central role humans have to play in manufacturing systems, to the design of which they must be considered from the very beginning. The future of industrial systems, as represented by Industry 4.0, will rely on the convergence of several research fields such as Intelligent Manufacturing Systems (IMS), Cyber-Physical Systems (CPS), Internet of things (IoT), but also socio-technical fields such as social approaches within technical systems. This article deals with different Human dimensions associated with CPS and IoT and focuses on their conceptual evolution of automatization to improve the sociability of such automated production systems and consequently puts again the human in the loop. Hereby, our aim is to take stock of current research trends, and to show the importance of integrating human operators as a part of a socio-technical system based autonomous and intelligent products or resources. As results, different models of sociability as way to integrate human into the broad sense and/or the development of future automated production systems, were identified from the literature and analysed.
ARTICLE | doi:10.20944/preprints201804.0228.v1
Subject: Engineering, Electrical & Electronic Engineering Keywords: smart grid, cyber physical co-simulation, information and communication technology, 4g long term evolution - lte, network reconfiguration, fault management
Online: 17 April 2018 (16:36:34 CEST)
Simulation tools capturing the interactions of communication and electrical system operation represent a powerful support for fully assessing the potential benefits and impacts of ICT in future smart power distribution network. A strong interest is upon the possibility of exploiting the last generation communication systems for supporting the transition of distribution network towards a smart grid scenario. Having in mind the above, the authors propose a numerical co-simulation tool useful to thoroughly understand the impact of the communication networks on the performance of whole power system dynamics. The co-simulation tool has been purposely developed to simulate the highly time-critical smart grid application of fault management and network reconfiguration and permits reproducing and evaluating the behavior of the public mobile telecommunication system 4G Long Term Evolution (LTE), as communication technology for smart grid applications. Results of the paper demonstrates that LTE provides good performances for supporting the data communication required to perform fault location, extinction and a subsequent network reconfiguration in smart power distribution networks.
ARTICLE | doi:10.20944/preprints201907.0311.v1
Subject: Engineering, Automotive Engineering Keywords: Cyber-Physical Systems; reliability assessment; Internet-of-Things; LiDAR sensor; driving assistance; obstacle recognition; reinforcement learning; Artificial Intelligence-based modelling
Online: 28 July 2019 (12:38:28 CEST)
Currently, the most important challenge in any assessment of state-of-the-art sensor technology and its reliability is to achieve road traffic safety targets. The research reported in this paper is focused on the design of a procedure for evaluating the reliability of Internet-of-Things (IoT) sensors and the use of a Cyber-Physical System (CPS) for the implementation of that evaluation procedure to gauge reliability. An important requirement for the generation of real critical situations under safety conditions is the capability of managing a co-simulation environment, in which both real and virtual data sensory information can be processed. An IoT case study that consists of a LiDAR-based collaborative map is then proposed, in which both real and virtual computing nodes with their corresponding sensors exchange information. Specifically, the sensor chosen for this study is a Ibeo Lux 4-layer LiDAR sensor with IoT added capabilities. Implementation is through an artificial-intelligence-based modeling library for sensor data-prediction error, at a local level, and a self-learning-based decision-making model supported on a Q-learning method, at a global level. Its aim is to determine the best model behavior and to trigger the updating procedure, if required. Finally, an experimental evaluation of this framework is also performed using simulated and real data
REVIEW | doi:10.20944/preprints201901.0285.v1
Subject: Engineering, Control & Systems Engineering Keywords: cyber physical systems; industry 4.0; MDE; lifetime verification & validation; dependability; correctness; flexibility; real-time self-adaptation, self-management; self-healing
Online: 29 January 2019 (04:45:47 CET)
Cyber Physical Systems (CPS) has been a popular research area in the last decade. The dependability of CPS is still a critical issue, and rare survey has been published in this domain. CPS is a dynamic complex system, which involves various multidisciplinary technologies. To avoid human error and to simplify management, self-management CPS (SCPS) is a wise choice. And to achieve dependable self-management, systematic solution is necessary to verify the design and to guarantee the safety of self-adaptation decision, as well as to maintain the health of SCPS. This survey first recalls the concepts of dependability, and proposes a generic environment-in-loop processing flow of self-management CPS, and then analyzes the error sources and challenges of self-management through the formal feedback flow. Focus on reducing the complexity, we first survey the self-adaptive architecture approaches and applied dependability means; then we introduce a hybrid multi-role self-adaptive architecture, and discuss the supporting technologies for dependable self-management at the architecture level. Focus on dependable environment-centered adaption, we investigate the verification and validation (V&V) methods for making safe self-adaptation decision and the solutions for processing decision dependably. For system-centered adaption, the comprehensive self-healing methods are summarized. Finally, we analyze the missing pieces of the technology puzzle and the future directions. In this survey, the technical trends for dependable CPS design and maintenance are discussed, an all-in-one solution is proposed to integrate these technologies and build a dependable organic SCPS. To the best of our knowledge, this is the first comprehensive survey on dependable SCPS building and evaluation.
ARTICLE | doi:10.20944/preprints202110.0364.v1
Subject: Engineering, Energy & Fuel Technology Keywords: Artificial Intelligence; Machine Learning; Explainable Artificial Intelligence; Soft Sensors; Industry 4.0; Smart Manufacturing; Cyber-Physical System; Crude Oil Distillation; Debutanization; LPG Purification
Online: 25 October 2021 (15:43:08 CEST)
Refineries execute a series of interlinked processes, where the product of one unit serves as the input to another process. Potential failures within these processes affect the quality of the end products, operational efficiency, and revenue of the entire refinery. In this context, implementation of a real-time cognitive module, referring to predictive machine learning models, enables to provide equipment state monitoring services and to generate decision-making for equipment operations. In this paper, we propose two machine learning models: 1) to forecast the amount of pentane (C5) content in the final product mixture; 2) to identify if C5 content exceeds the specification thresholds for the final product quality. We validate our approach by using a use case from a real-world refinery. In addition, we develop a visualization to assess which features are considered most important during feature selection, and later by the machine learning models. Finally, we provide insights on the sensor values in the dataset, which help to identify the operational conditions for using such machine learning models.
ARTICLE | doi:10.20944/preprints201707.0044.v1
Subject: Engineering, Control & Systems Engineering Keywords: cyber physical systems; industry 4.0; MDE; hardware and software co-design; lifetime verification & validation; dependability; correctness; flexibility; self-management; self-adapting; self-healing
Online: 17 July 2017 (10:27:33 CEST)
Though Cyber Physical Systems (CPS) become very popular in last the decade, dependability of CPS is still a critical issue and related survey is rare. We try to spell out the jigsaw of technologies and figure out the technical trends of dependable self-managing CPS. This survey first recalls the motivation and the similar concepts. By analyzing four generic architectures, we summarize the common characteristics and related assurance technologies, and propose a more generic environment-in-loop processing flow of CPS and a formal interaction flow between physical space and cyber space. Further, the similarity between correctness and dependability is formally analyzed and the new five research questions of dependable self-managing CPS are presented. Then we review the critical technologies and related correctness verification & validation (V&V) methods, the architectures for dependable self-managing CPS. Further, the detail dependability management and V&V technologies are surveyed, which covers the areas of running-time fault management methods and whole life cycle V&V technologies, maintenance and available tool sets. For holistic CPS development, Modeling techniques and MDE (model driven engineering) based V&V methods are analyzed in detail. Then we complete the jigsaw of technologies and figure out the missing part. Further, we propose the technical challenges and the further direction. To our best knowledge, this is the first comprehensive survey on dependable self-managing CPS development and evaluation.
ARTICLE | doi:10.20944/preprints201705.0123.v1
Subject: Mathematics & Computer Science, General & Theoretical Computer Science Keywords: Mobile device threats; mobile device malware; reverse proxy server; cyber security; android security; ios security; abuse of local area network; DNS spoofing; DNS hijacking
Online: 16 May 2017 (13:23:18 CEST)
Mobile devices have become tools we spend our free time where we carry them with us every moment, they allow us to interact with the environment, we immortalize the moment when necessary. These devices which we spend most of our daily life become very common in recent years and even there are unique business areas emerged. It was announced that the number of people using smartphones is over than 2.5 billion in the first quarter of 2016. As people become more addicted to mobile technology, they become the target of malevolent people. A huge increase in the number of mobile malware is observed as the number of the users increase. Billions of users at risk day by day due to the development of the methods. We have addressed the recent methods used and the types of malware that target mobile devices in our study. We have mentioned the proxy server and reverse proxy server operation logic. We discuss the method of turning mobile devices into reverse proxy servers, risks involved and protection methods.
Subject: Social Sciences, Education Studies Keywords: digital competence; teacher education; privacy; cyber security; Internet; teachers; university; initial training; Competencia digital; formación del profesorado; privacidad; seguridad cibernética; Internet; docentes; universidad; formación inicial
Online: 17 October 2019 (12:22:39 CEST)
The use of technologies and the Internet poses problems and risks related to digital security. This article presents the results of a study on the evaluation of the digital competence of future teachers in the DigCompEdu European framework. 317 undergraduate students from Spain and Portugal answered a questionnaire with 59 items, validated by experts, in order to assess the level and predominant competence profile in initial training (including knowledge, uses and interactions and attitudinal patterns). The results show that 47% of the participants belong to the profile of teachers at medium digital risk, evidencing habitual practices that involve risks such as sharing information and digital content inappropriately, not using strong passwords, and ignoring concepts such as identity, digital “footprint” and digital reputation. The average valuations of each item in the seven categories show that future teachers have an average competence in the area of digital security. They have good attitudes toward security but less knowledge and fewer skills and practices related to the safe and responsible use of the Internet. Future lines of work are proposed, aimed at responding to the demand for a better prepared and more digitally competent citizenry. The demand for education in security, privacy and digital identity is becoming increasingly important, and these elements form an essential part of initial training.
Subject: Engineering, Automotive Engineering Keywords: Industry 4.0; Supply Chain Design; Transformational Design Roadmap; IIoT Supply Chain Model; Decision Support for Information Management, Artificial Intelligence and Machine Learning (AI/ML), dynamic self-adapting system, cognition engine, predictive cyber risk analytics.
Online: 23 December 2020 (17:20:35 CET)
Digital technologies have changed the way supply chain operations are structured. In this article, we conduct systematic syntheses of literature on the impact of new technologies on supply chains and the related cyber risks. A taxonomic/cladistic approach is used for the evaluations of progress in the area of supply chain integration in the Industrial Internet of Things and Industry 4.0, with a specific focus on the mitigation of cyber risks. An analytical framework is presented, based on a critical assessment with respect to issues related to new types of cyber risk and the integration of supply chains with new technologies. This paper identifies a dynamic and self-adapting supply chain system supported with Artificial Intelligence and Machine Learning (AI/ML) and real-time intelligence for predictive cyber risk analytics. The system is integrated into a cognition engine that enables predictive cyber risk analytics with real-time intelligence from IoT networks at the edge. This enhances capacities and assist in the creation of a comprehensive understanding of the opportunities and threats that arise when edge computing nodes are deployed, and when AI/ML technologies are migrated to the periphery of IoT networks.
ARTICLE | doi:10.20944/preprints202110.0431.v1
Subject: Engineering, Other Keywords: Resilience; Risky-Opportunity Analysis Method (ROAM); Socio-Ecological Transition; Socio-Technical Transition; Cyber-Physic-Social Systems; Change Management; Risk Management; Critical Infrastructure Resilience; Critical Entities Digitization; Risky-Opportunity (RO); Payment Service Providers (PSP); Stress; Strain
Online: 28 October 2021 (10:13:39 CEST)
Socio-ecologic, socio-economic, and socio-technical transitions are opportunities that require fundamental changes in the system. These will encounter matters associated with security, service adoption by end-users, infrastructure and availability. The purpose of this study is to examine and overcome the risks to take advantage of opportunities through the novel Risky-Opportunity Analysis Method (ROAM). A novel quantitative method is designed to determine when, after making some changes, the risks become acceptable so that the opportunity does not deviate from the objectives. The approach provided a quantitative evaluation of the possible changes in parallel with digitization, towards providing a green Service Supply Chain (SSC). The result of ROAM shows that the most cost-effective change to increase the resilience of the system is a solution (SMS) which is different from that identified by a TOPSIS multi-criteria method. Real-word decisions in change management should tackle the complexity of systems and uncertainty of events during and after transition through a careful analysis of the alternatives. A case-study was carried out to evaluate the alternatives of an ancillary service in the Payment Service Providers (PSP). The comparison of the ROAM results with the traditional TOPSIS of the case-study unveils the priority of the ROAM in practice when the alternatives are Risky-Opportunities. The existing risk assessment tools do not take advantage of risky opportunities. To this aim, the current article introduces the term Risky-Opportunity, and two indexes Stress and Strain of the alternatives that are designed to be employed in the new quantitative ROAM approach.