Publications
-
Masouros, Dimosthenis; Soudris, Dimitrios; Gardikis, Georgios; Katsarou, Victoria; Christopoulou, Maria & Xilouris, George
[Show all 23 contributors for this article]
(2023).
Towards Privacy-First Security Enablers for 6G Networks: The PRIVATEER Approach.
In Silvano, Cristina; Pilato, Christian & Reichenbach, Marc (Ed.),
Embedded Computer Systems: Architectures, Modeling, and Simulation
23rd International Conference, SAMOS 2023, Samos, Greece, July 2–6, 2023, Proceedings.
Springer.
ISSN 978-3-031-46077-7.
doi:
10.1007/978-3-031-46077-7_25.
Show summary
The advent of 6G networks is anticipated to introduce a myriad of new technology enablers, including heterogeneous radio, RAN softwarization, multi-vendor deployments, and AI-driven network management, which is expected to broaden the existing threat landscape, demanding for more sophisticated security controls. At the same time, privacy forms a fundamental pillar in the EU development activities for 6G. This decentralized and globally connected environment necessitates robust privacy provisions that encompass all layers of the network stack.
In this paper, we present PRIVATEER’s approach for enabling “privacy-first” security enablers for 6G networks. PRIVATEER aims to tackle four major privacy challenges associated with 6G security enablers, i.e., i) processing of infrastructure and network usage data, ii) security-aware orchestration, iii) infrastructure and service attestation and iv) cyber threat intelligence sharing. PRIVATEER addresses the above by introducing several innovations, including decentralised robust security analytics, privacy-aware techniques for network slicing and service orchestration and distributed infrastructure and service attestation mechanisms.
-
(2023).
Towards data-driven autonomous cyber defence for military unmanned vehicles - threats & attacks.
MILCOM IEEE Military Communications Conference.
ISSN 2155-7578.
doi:
10.1109/MILCOM55135.2022.10017692.
Full text in Research Archive
Show summary
Unmanned vehicles with varying degrees of autonomy will likely change the way military operations can be conducted, but they also introduce risks that require new ways of thinking security. In particular, the safety ramifications of cyber attacks should be seen as equally critical as the loss of classified data. Developing a cyber defence capability that can detect and manage these potentially harmful events also without human intervention thus becomes a fundamental requirement. In this paper, we commence such work by exploring how to disrupt the functionality of an actual military unmanned ground vehicle given an internal attacker, and how the resulting data can be used to design an an effective detection capability.
-
Lidahl Gjerstad, Julie; Kadiric, Fikret; Grov, Gudmund; Lund, Espen Kjellstadli & Asprusten, Markus Leira
(2023).
LADEMU: a modular & continuous approach for generating labelled APT datasets from emulations.
In Tsumoto, Shusaku; Ohsawa, Yukio; Chen, Lei; Van den Poel, Dirk; Hu, Xiaohua; Motomura, Yoichi; Takagi, Takuya; Wu, Lingfei; Xie, Ying; Abe, Akihiro & Raghavan, Vijay (Ed.),
2022 IEEE International Conference on Big Data
.
IEEE (Institute of Electrical and Electronics Engineers).
ISSN 978-1-6654-8045-1.
doi:
10.1109/BigData55660.2022.10020549.
Full text in Research Archive
-
Eriksson, Håkon Svee & Grov, Gudmund
(2023).
Towards XAI in the SOC – a user centric study of explainable alerts with SHAP and LIME.
In Tsumoto, Shusaku; Ohsawa, Yukio; Chen, Lei; Van den Poel, Dirk; Hu, Xiaohua; Motomura, Yoichi; Takagi, Takuya; Wu, Lingfei; Xie, Ying; Abe, Akihiro & Raghavan, Vijay (Ed.),
2022 IEEE International Conference on Big Data
.
IEEE (Institute of Electrical and Electronics Engineers).
ISSN 978-1-6654-8045-1.
p. 2595–2600.
doi:
10.1109/BigData55660.2022.10020248.
Full text in Research Archive
-
Grov, Gudmund; Ireland, Andrew & Llano, Maria Teresa
(2021).
Reasoned Modelling: Harnessing the Synergies Between Reasoning and Modelling.
In Michaelson, Gregory (Eds.),
Mathematical Reasoning: The History and Impact of the DReaM Group.
Springer Nature.
ISSN 978-3-030-77879-8.
p. 105–127.
doi:
10.1007/978-3-030-77879-8_6.
Show summary
Conventional formal modelling requires a designer to have expertise in formal reasoning as well as design. We describe an approach to formal modelling called reasoned modelling that aims to allow the designer to focus on their design, with the low-level formal reasoning hidden from view. The approach builds directly upon the ideas of proof plans in that we make explicit use of modelling knowledge and patterns. This enables us to harness the synergies that exist between modelling and reasoning. A number of aspects of reasoned modelling have been investigated. Here we summarise the key contributions that have been previously published. First, when faced with low-level reasoning failures, we illustrate how modelling knowledge can be used to constrain the search for high-level design guidance. Second, we describe how common patterns of refinement can be used to help guide a designer. Third, we outline how common patterns of modelling can be used in suggesting design abstractions. Finally, as is the case with proof plans, reasoned modelling requires a mechanism for instantiating patterns. We describe how automated theory formation was used to instantiate patterns that arose within reasoned modelling.
-
Asprusten, Markus Leira; Gjerstad, Julie Lidahl; Grov, Gudmund; Kjellstadli, Espen Hammer; Flood, Robert & Clausen, Henry
(2021).
A containerised approach to labelled C&C traffic .
Norsk Informasjonssikkerhetskonferanse (NISK).
ISSN 1893-6563.
Full text in Research Archive
Show summary
A challenge for data-driven methods for intrusion detection is the availability of high quality and realistic data, with ground truth at suitable level of granularity to train machine learning models. Here, we explore a container-based approach for simulating and labelling C&C traffic of real malware through a proof-of-concept implementation.
-
Clausen, Henry; Grov, Gudmund & Aspinall, David
(2021).
Cbam: A contextual model for network anomaly detection.
Computers.
ISSN 2073-431X.
10(6),
p. 1–28.
doi:
10.3390/computers10060079.
Full text in Research Archive
Show summary
Anomaly-based intrusion detection methods aim to combat the increasing rate of zeroday attacks, however, their success is currently restricted to the detection of high-volume attacks
using aggregated traffic features. Recent evaluations show that the current anomaly-based network
intrusion detection methods fail to reliably detect remote access attacks. These are smaller in volume
and often only stand out when compared to their surroundings. Currently, anomaly methods
try to detect access attack events mainly as point anomalies and neglect the context they appear
in. We present and examine a contextual bidirectional anomaly model (CBAM) based on deep
LSTM-networks that is specifically designed to detect such attacks as contextual network anomalies.
The model efficiently learns short-term sequential patterns in network flows as conditional event
probabilities. Access attacks frequently break these patterns when exploiting vulnerabilities, and
can thus be detected as contextual anomalies. We evaluated CBAM on an assembly of three datasets
that provide both representative network access attacks, real-life traffic over a long timespan, and
traffic from a real-world red-team attack. We contend that this assembly is closer to a potential
deployment environment than current NIDS benchmark datasets. We show that, by building a deep
model, we are able to reduce the false positive rate to 0.16% while effectively detecting six out of
seven access attacks, which is significantly lower than the operational range of other methods. We
further demonstrate that short-term flow structures remain stable over long periods of time, making
the CBAM robust against concept drift.
-
Clausen, Henry; Grov, Gudmund; Sabate, Marc & Aspinall, David
(2021).
Better Anomaly Detection for Access Attacks Using Deep Bidirectional LSTMs.
In Renault, Eric; Boumerdassi, Selma & Mühlethaler, Paul (Ed.),
Machine Learning for Networking
Third International Conference, MLN 2020, Paris, France, November 24–26, 2020, Revised Selected Papers.
Springer.
ISSN 978-3-030-70866-5.
p. 1–18.
doi:
https:/doi.org/10.1007/978-3-030-70866-5_1.
Show summary
Recent evaluations show that the current anomaly-based network intrusion detection methods fail to detect remote access attacks reliably [10]. Here, we present a deep bidirectional LSTM approach that is designed specifically to detect such attacks as contextual network anomalies. The model efficiently learns short-term sequential patterns in network flows as conditional event probabilities to identify contextual anomalies. To verify our improvements on current detection rates, we re-implemented and evaluated three state-of-the-art methods in the field. We compared results on an assembly of datasets that provides both representative network access attacks as well as real normal traffic over a long timespan, which we contend is closer to a potential deployment environment than current NIDS benchmark datasets. We show that by building a deep model, we are able to reduce the false positive rate to 0.16% while detecting effectively, which is significantly lower than the operational range of other methods. Furthermore, we reduce overall misclassification by more than 100% from the next best method.
-
-
-
Lin, Yuhui; Bundy, Alan; Grov, Gudmund & Maclean, Ewen
(2019).
Automating Event-B invariant proofs by rippling and proof patching.
Formal Aspects of Computing.
ISSN 0934-5043.
p. 1–35.
doi:
10.1007/s00165-018-00476-7.
View all works in Cristin
Published
June 10, 2021 10:45 AM
- Last modified
Nov. 28, 2023 3:51 PM