CASE REPORT | doi:10.20944/preprints202308.1936.v1
Subject: Computer Science And Mathematics, Security Systems Keywords: cyberattack; technical cyberattack attribution; digital forensics; machine learning; cyber threat intelligence
Online: 29 August 2023 (09:59:53 CEST)
In addition to identifying and prosecuting cyber attackers, attack attribution activities can provide valuable information guiding the defenders’ security procedures and giving them greater confidence in incident response and remediation. However, technical analysis involved in cyberattack attribution requires high skills, experience, access to up-to-date Cyber Threat Intelligence, and significant investigators’ effort. Attribution results are not always reliable, and skilful attackers often work hard to cover their traces and mislead or confuse investigators. In this article, we present a tool designed to support technical attack attribution and implemented as a machine learning model extending the OpenCTI platform. We also discuss the tool’s performance in the investigation of a recent cyberattack.
ARTICLE | doi:10.20944/preprints202212.0259.v1
Subject: Engineering, Control And Systems Engineering Keywords: cyberattack; control variable; feedback system; cyberattack detection; process air conditioning station.; control performance assesment
Online: 14 December 2022 (14:58:55 CET)
The paper aims to study the workflow of the detection center of stealthy attacks on industrial installations that generate increase in energy consumption while avoiding triggering fault detection and damaging the installation. Such long-lasting attacks on industrial facilities make production more expensive and less competitive. We present the concept of the remote detection system of cyberattacks directed at maliciously changing the controlled variable in an industrial process air conditioning system. The monitored signals are gathered at the PLC-controlled installation and sent to the remote detection system, where the discrepancies of signals are analyzed based on the Control Performance Assessment indices. The results of performed tests prove the legitimacy of the adopted approach.
ARTICLE | doi:10.20944/preprints202308.0901.v1
Subject: Computer Science And Mathematics, Security Systems Keywords: cyber resilience; cyber security; cyber risk; cyberattack; cyber domains
Online: 11 August 2023 (05:30:17 CEST)
The rapid changes in technology on a global scale, combined with the widespread adoption of business operations in cyberspace, have intensified the need for robust protection against escalating risks posed by cyber threats. This research paper aims to identify fundamental cyber resilience management attributes that enable organizations to manage cybersecurity, sustain, and adapt amidst evolving cyber risks and threats. By integrating resilience theory and security theory, this study establishes the attributes for resilience within cyber domains, making a novel contribution to cyber resilience management in organizations. The study introduces a model featuring seven main variables: Rationale, Reliable, Readiness, Resistance, Robust, Rebound, Reflective, and sub-variables across the Physical, Logical, and Social cyber domains, providing a converged framework for achieving cyber resilience. The findings of the study highlight the significance of fundamental attributes for enhancing cyber resilience management in organizations, such as clarity in purpose, vision, and values for security management, an empowered culture, availability of resources, avoidance of single points of failure, development, and coordination of resources to respond to threats and risks, promotion of continual improvement, and the sharing of information and knowledge. In conclusion, this research paper presents a model for managing cybersecurity in organizations by identifying key attributes for achieving cyber resilience.
ARTICLE | doi:10.20944/preprints202308.0712.v1
Subject: Computer Science And Mathematics, Artificial Intelligence And Machine Learning Keywords: bot; CNN; cyberattack; deep-learning; malware; NLP; phishing; social networks; spam
Online: 9 August 2023 (08:57:50 CEST)
Social networks have captured the attention of many people worldwide. However, these services have also attracted a considerable number of malicious users whose purpose is to compromise digital assets of other members by using messages as an attack vector to execute different variants of cyberattacks against them. Therefore, this work presents an approach based on Natural Language Processing tools and a Convolutional Neural Network architecture to detect and classify, on social network messages, four types of cyberattacks, such as malware, phishing, spam, and even one whose purpose is deceiving the user into spreading malicious messages to other users, which in this work is identified as bot attacks. One notable feature of this work is that it analyzes textual content without depending on any characteristics from a specific social network, making its analysis independent from particular data sources. Finally, this work was tested on real data, demonstrating its results in two stages. The first detects the existence of any of the four cyberattacks within the message, obtaining an accuracy value of 0.91. After detecting a message as a cyberattack, the next stage is to classify it into one of the four types of cyberattack, achieving an accuracy value of 0.82.
BRIEF REPORT | doi:10.20944/preprints202306.1085.v1
Subject: Computer Science And Mathematics, Computer Science Keywords: Multi-stage attack; detection; Advanced Persistent Threats; cyberattack; defence mech- anisms
Online: 15 June 2023 (07:12:26 CEST)
The need for cohesive detection and defence methods against cyberattacks is significant now more than ever before to enforce security and privacy of user data and information. The inevitable increase in demand for home and flexible working from employees quite recently has meant there is a lack of awareness and training for cyberattacks. Hence, they have become prominent as attackers are aware of this and are benefitting from individuals’ lack of knowledge in how to better protect themselves and their confidential information. Employees are becoming more susceptible to such attacks and falling victim to these, resulting in economic losses for companies, data losses and decreased faith.