Posts

Paper presentations at the FPS2021 and ICITST-2021

In december 2021 we had two more conference participations by our partners. Colleagues from ISEP presented a paper on “Comparative Analysis of Machine Learning Techniques for IoT Intrusion Detection” at the 14th International Symposium on Foundations & Practice of Security on the 9th of December in Paris. In the same week, during the 16th International Conference for Internet Technology and Secured Transactions, our colleagues from VTT presented a “Review on Cybersecurity Threats Related to Cyber Ranges”.

The conference proceedings will be linked here once they are published.


Title: Comparative Analysis of Machine Learning Techniques for IoT Intrusion Detection

Authors: João Vitorino, Rui Andrade, Isabel Praça, Orlando Sousa and Eva Maia

Abstract: The digital transformation faces tremendous security challenges. In particular, the growing number of cyber-attacks targeting Internet of Things (IoT) systems restates the need for a reliable detection of malicious network activity. This paper presents a comparative analysis of supervised, unsupervised and reinforcement learning techniques on nine malware captures of the IoT-23 dataset, considering both binary and multi-class classification scenarios. The developed models consisted of Support Vector Machine (SVM), Extreme Gradient Boosting (XGBoost), Light Gradient Boosting Machine (LightGBM), Isolation Forest (iForest), Local Outlier Factor (LOF) and a Deep Reinforcement Learning (DRL) model based on a Double Deep Q-Network (DDQN), adapted to the intrusion detection context. The best performance was achieved by LightGBM, closely fol- lowed by SVM. Nonetheless, iForest displayed good results against unknown at- tacks and the DRL model demonstrated the possible benefits of employing this methodology to continuously improve the detection. Overall, the obtained results indicate that the analyzed techniques are well suited for IoT intrusion detection.


Title: Review on Cybersecurity Threats Related to Cyber Ranges

Authors: Sami Noponen, Juha Pärssinen and Jarno Salonen

Abstract: Cyber ranges are often used to enhance the cybersecurity posture of a company by training relevant skills. These environments are traditionally used to host exercises that simulate cybersecurity scenarios, improve the cybersecurity skills of employees and enhance the security of networks and processes. By using digital twins, it is possible to organise cyber range trainings also to the critical infrastructure sector. However, in the aforementioned sector it is important to consider the cybersecurity of these environments themselves as they often may handle company-specific confidential information. This study presents several cybersecurity related threats and challenges that cyber ranges may face during different phases of use. Cyber threats may be exposed to the actual systems that the ranges are meant to protect if these issues are not taken into consideration and mitigated. Malicious attackers may use the information in the cyber range to learn the weaknesses in the actual system. We approach the subject by reviewing the relevant literature, which is currently very limited especially when looking at the cybersecurity issues of cyber ranges. We divide the subject into the different phases of cyber range development and use, and also discuss relevant cloud security issues. Finally, we present actions to mitigate the identified cybersecurity threats and issues in cyber ranges when using them for training and awareness activities. 

Call for Papers: Symposium on Security and Privacy in Speech Communication

Call for papers to be presented at the

1st Symposium on Security and Privacy in Speech Communication

Virtual, November 10-12, 2021

 

The first edition of the SPSC Symposium aims at laying the first building blocks required to address the question how researchers and practitioners might bridge the gap between social perceptions and their technical counterparts with respect to what it means for our voices and speech to be secure and private.

The symposium brings together researchers and practitioners across multiple disciplines – more specifically: signal processing, cryptography, security, human-computer interaction, law, and anthropology. By integrating different disciplinary perspectives on speech-enabled technology and applications, the SPSC Symposium opens opportunities to collect and merge input regarding technical and social practices, as well as a deeper understanding of the situated ethics at play.The SPSC Symposium addresses interdisciplinary topics.

For more details, see CFP.


Topics of Interest:
Topics regarding the technical perspective include but are not limited to:
  • Speech Communication
  • Cyber security
  • Machine Learning
  • Natural Language Processing
Topics regarding the societal view include but are not limited to:
  • Human-Computer Interfaces (Speech as Medium)
  • Ethics & Law
  • Digital Humanities
We welcome contributions on related topics, as well as progress reports, project disseminations, or theoretical discussions and “work in progress”.  There also is a dedicated PhD track. In addition, guests from academia, industry and public institutions as well as interested students are welcome to attend the conference without having to make their own contribution. All accepted submissions will appear in the conference proceedings published in ISCA Archive.

Submission:
Papers intended for the SPSC Symposium should be up to four pages of text. An optional fifth page can be used for references only. Paper submissions must conform to the format defined in the paper preparation guidelines and as detailed in the author’s kit. Papers must be submitted via the online paper submission system. The working language of the conference is English, and papers must be written in English.

Reviews:
All submissions share the same registration deadline (with one week of submission updates afterwards). At least three single-blind reviews are provided, we aim to get feedback from interdisciplinary experts for each submission.

Important dates:
Paper submission opens:           April 10, 2021
Paper submission deadline:     June 30, 2021
Author notification:                      September 5, 2021
Final paper submission:              October 5, 2021
SPSC Symposium:                          November 10-12, 2021

Contact:
For further details contact mail@spsc-symposium2021.de!

Poster Presentation at Machine Learning in Certified Systems Workshop

Members of the CyberFactory#1 project consortium participated in the Machine Learning in Certified Systems Workshop organised by the DEEL project. Ana Pereira from the University of Applied Sciences Berlin (HTW) presented a poster on “Safety Hazards Analysis and Mitigation Strategies for Machine Learning-Based Safety-Critical Systems”.

Abstract:

Machine Learning (ML) is increasingly applied for the control of safety-critical Cyber-Physical Systems (CPS). As a consequence, the safety of machine learning became a focus area for research in recent years. Applying a classic technique of safety engineering, our work provides a methodological analysis of the safety hazards that could be introduced along the ML lifecycle, and that could compromise the safe operation of ML-based CPS. The comprehensive analysis presented here intends to be used as a basis for holistic approaches for safety engineering of ML-based CPS in safety-critical applications, and aims to support the use of ML-based control systems in highly safety-critical applications and their certification.

The poster was created by Ana Pereira and Carsten Thomas from the University of Applied Sciences Berlin (HTW).

You can download the poster here.

Challenges of Machine Learning Applied to Safety-Critical Cyber-Physical Systems

Abstract

Machine Learning (ML) is increasingly applied for the control of safety-critical Cyber-Physical Systems (CPS) in application areas that cannot easily be mastered with traditional control approaches, such as autonomous driving. As a consequence, the safety of machine learning became a focus area for research in recent years. Despite very considerable advances in selected areas related to machine learning safety, shortcomings were identified on holistic approaches that take an end-to-end view on the risks associated to the engineering of ML-based control systems and their certification. Applying a classic technique of safety engineering, our paper provides a comprehensive and methodological analysis of the safety hazards that could be introduced along the ML lifecycle, and could compromise the safe operation of ML-based CPS. Identified hazards are illustrated and explained using a real-world application scenario—an autonomous shop-floor transportation vehicle. The comprehensive analysis presented in this paper is intended as a basis for future holistic approaches for safety engineering of ML-based CPS in safety-critical applications, and aims to support the focus on research onto safety hazards that are not yet adequately addressed.

Access to Document

Link

Authors

Ana Pereira and Carsten Thomas (Hochschule für Technik und Wirtschaft Berlin)