Search Results (24)

Over the last 15 years, cyberattacks have moved from attacking IT systems to targeted attacks on Operational Technology (OT) systems, also known as Cyber–Physical Systems (CPS). The first targeted OT cyberattack was Stuxnet in 2010, at which time the term Advanced Persistent Threat (APT) appeared. An APT often refers to a sophisticated two-stage cyberattack requiring an extensive reconnaissance period before executing the actual attack. Following Stuxnet, a sizable number of APTs have been discovered and documented. APTs are difficult to detect due to the many steps involved, the large number of attacker capabilities that are in use, and the timeline. Such attacks are carried out over an extended time period, sometimes spanning several years, which means that they cannot be recognized using signatures, anomalies, or similar patterns. APTs require detection capabilities beyond what current detection paradigms are capable of, such as behavior-based, signature-based, protocol-based, or other types of Intrusion Detection and Prevention Systems (IDS/IPS). This paper describes steps towards improving the detection of APTs by means of APT group digital fingerprints. An APT group fingerprint is a digital representation of the attacker’s capabilities, their relations and dependencies, and their technical implementation for an APT group. The fingerprint is represented as a directed graph, which models the relationships between the relevant capabilities. This paper describes part of the analysis behind establishing the APT group digital fingerprint for the Russian Cyberspace Operations Group - Sandworm. Full article

The traditional manufacturing industry is facing the challenge of digital transformation, which involves the enhancement of intelligence and production efficiency. Many robotic applications have been discussed to enable collaborative robots to perform operations smartly rather than just automatically. This article tackles the issues of intelligent robots with cognitive and coordination capability by introducing cyber-physical integration technology. The authors propose a system architecture with open-source software and low-cost hardware based on the 5C hierarchy and then conduct experiments to verify the proposed framework. These experiments involve the collection of real-time data using a depth camera, object detection to recognize obstacles, simulation of collision avoidance for a robotic arm, and cyber-physical integration to perform a robotic task. The proposed framework realizes the scheme of the 5C architecture of Industry 4.0 and establishes a digital twin in cyberspace. By utilizing connection, conversion, calculation, simulation, verification, and operation, the robotic arm is capable of making independent judgments and appropriate decisions to successfully complete the assigned task, thereby verifying the proposed framework. Such a cyber-physical integration system is characterized by low cost but good effectiveness. Full article

At the Group of Seven (G7) summit held on 13–15 June in 2024, the Group’s leaders committed to establishing a collective cyber security framework and reinforcing the work of the cyber security working group to manage the risks targeting energy systems. Likewise, oil and electricity, and natural gas rely on complex and interdependent technologies and communication networks from production to consumption. The preparedness to handle cyber security threats in the energy infrastructures among decision makers, planners, and the industry in a concerted manner signifies that cyber security is becoming more appreciated. Therefore, considering the ambition and achievement of the G7 countries towards energy and cyber sovereignty, this paper’s focus and research question aims to explore the potential existence of the cyber governance alliance in the gas subsector within the G7. The objective of this paper is twofold. First, it explores the potential of the G7, the world’s seven largest advanced economies, to lead on a nascent cyber governance for risk management in the gas sector. The qualitative analysis conducted through the institutional analysis and design method examines up-to-date data involving mainly state actors. Second, by drawing on LNG, one of the world’s fastest growing energy types in the coming decades, the paper points out the need for further research on the transnational governance operating through public–private engagement to address the cyber risks to gas systems. While the paper makes an empirical contribution to the field of security governance and a practical contribution to security consulting, its limitations rely on the necessity to also conduct a quantitative enquiry, which would necessitate, among others, a review of the literature in the G7 countries, and a group of researchers from academia and practitioners to obtain a sense of the cyberspace in the energy reality. Full article

As cyberattacks become increasingly sophisticated with advancements in information and communication technology, the impact of cyberspace threats is growing in both civilian and defense sectors. The utilization of cyber capabilities in operations is on the rise, prompting major nations to continuously enhance their cyber capabilities. This study aims to establish a systematic approach to cyber operations training and propose a framework for the development of cyber training. A hybrid cyber training system is designed as a plan for temporal and spatial integration to simultaneously combine simulation-based training with real-world target training. To develop this concept, a literature review was conducted, expert consultations were held, and data were collected and analyzed through visits to relevant organizations and units. Additionally, the fundamental components of cyber training were examined from environmental, scenario-based, and operational perspectives, leading to the presentation of a development direction for effective cyber training. This study is anticipated to enhance response capabilities to evolving cyber threats and attacks, improve cyber operational proficiency, and secure cyber power to achieve dominance in cyberspace. Full article

Recent advances in the Internet and digital technology have brought a wide variety of activities into cyberspace, but they have also brought a surge in cyberattacks, making it more important than ever to detect and prevent cyberattacks. In this study, a method is proposed to detect anomalies in cyberspace by consolidating BGP (Border Gateway Protocol) data into numerical data that can be trained by machine learning (ML) through a tokenizer. BGP data comprise a mix of numeric and textual data, making it challenging for ML models to learn. To convert the data into a numerical format, a tokenizer, a preprocessing technique from Natural Language Processing (NLP), was employed. This process goes beyond merely replacing letters with numbers; its objective is to preserve the patterns and characteristics of the data. The Synthetic Minority Over-sampling Technique (SMOTE) was subsequently applied to address the issue of imbalanced data. Anomaly detection experiments were conducted on the model using various ML algorithms such as One-Class Support Vector Machine (One-SVM), Convolutional Neural Network–Long Short-Term Memory (CNN–LSTM), Random Forest (RF), and Autoencoder (AE), and excellent performance in detection was demonstrated. In experiments, it performed best with the AE model, with an F1-Score of 0.99. In terms of the Area Under the Receiver Operating Characteristic (AUROC) curve, good performance was achieved by all ML models, with an average of over 90%. Improved cybersecurity is expected to be contributed by this research, as it enables the detection and monitoring of cyber anomalies from malicious users through BGP data. Full article

The Construction 5.0 paradigm is the next phase in industrial development that aims to combine the skills of human experts in partnership with efficient and precise machines to achieve production solutions that are resource-efficient and preferred by clients. This study reviewed the evolution of the Construction 5.0 paradigm by defining its features and diverse nature. It introduced the architecture, model, and system of Construction 5.0 and its key enablers: Operator 5.0, Society 5.0, human-centricity, sustainability, and resilience. The study used the SEM method to evaluate the research model and investigate the causal relationships among the key enablers of the Construction 5.0 paradigm. Nine vital hypotheses were proposed and assessed comprehensively. The critical enablers’ variables were measured to examine the constructs’ reliability and validity. The key findings showed that Construction 5.0 prioritizes collaboration between humans and machines, merges cyberspace with physical space, and balances the three pillars of sustainability (economy, environment, and society), creating a relationship among Operator 5.0, Society 5.0, human-Ccentricity, sustainability, and resilience. The study also discussed the limitations and challenges and offered suggestions for future research. Overall, Construction 5.0 aims to achieve sustainable development and become a robust and resilient provider of prosperity in an industrial community of a shared future. The study expects to spark debate and promote pioneering research toward the Construction 5.0 paradigm. Full article

Cyberattack prevention factors have a significant impact on the perception of social and moral values in the business context. Despite leaders’ significant role in encouraging and enculturating cybersecurity practices in their organizations, there is a noticeable gap in the literature to highlight empirically how leaders and top management in organizations foster organizational cybersecurity. Therefore, this study aims to explore the role of cybersecurity leadership in financial organizations in preventing cyberattacks and investigate other human and non-technical factors related to the individual in financial organizations. Based on Protection Motivation Theory (PMT), the research framework was developed with the tallying of new variables focusing on the role of an organization’s cybersecurity leadership, training frequency, and the role of government frequent alerting. This research employed a quantitative research method. The data were collected through a questionnaire from 310 financial executive officers from selected banks in UAE that use digital technology to enhance their daily banking operations. Using Structural Equation Modelling (SEM), the results indicated (1) a significant association between all investigated independent variables and cybersecurity leadership through hypothesis (H8–H14); (2) cybersecurity leadership mediates the relationship between investigated independent variables and cyberattack prevention, from hypothesis (H15, and H16–H22); (3) no significant association between investigated independent variables and cyberattack prevention from hypothesis (H1–H6), except hypothesis (H4 and H7), which show a significant association. The coefficient of cybersecurity leadership in this study is viewed as a prevention element against cyberattacks based on the findings. With greater cybersecurity leadership success, the implementation of cyberattack prevention increases. This study emphasizes the importance of cybersecurity leadership in a cyberspace environment that protects against cyberattacks and promotes cybersecurity awareness within financial organizations and society in UAE. Full article

Digital technology is now a fundamental and indispensable component of daily life. While the great opportunities offered by cyberspace are undoubted, the growing security challenges and threats it brings should not be overlooked. Cyberspace, by its nature transnational and elusive regarding forms of control, is useful to terrorism because it allows not only the propaganda of fundamentalist doctrines but also the creation and manipulation of information; the apology and dissemination of information instrumental to the processes of radicalisation; the use of devices capable of transversally violating the security of technical and virtual infrastructures that are critical to the security of nations; the operational planning of terrorist activities; and the recruitment, financing, and training of recruits. The so-called “new terrorism”, religiously motivated, makes extensive use of the digital tool. After an excursus concerning the use of cyberspace by religious fundamentalist groups and the transformation of religiously motivated terrorism, this paper focuses on the analysis of the European legal response and on the need for global and shared European action. Full article

In this paper, considering the problem that the common defensive means in the current cyber confrontation often fall into disadvantage, honeypot technology is adopted to turn reactive into proactive to deal with the increasingly serious cyberspace security problem. We address the issue of common defensive measures in current cyber confrontations that frequently lead to disadvantages. To tackle the progressively severe cyberspace security problem, we propose the adoption of honeypot technology to shift from a reactive to a proactive approach. This system uses honeypot technology for active defense, tempting attackers into a predetermined sandbox to observe the attacker’s behavior and attack methods to better protect equipment and information security. During the research, it was found that due to the singularity of traditional honeypots and the limitations of low-interactivity honeypots, the application of honeypot technology has difficulty in achieving the desired protective effect. Therefore, the system adopts a highly interactive honeypot and a modular design idea to distinguish the honeypot environment from the central node of data processing, so that the honeypot can obtain more sufficient information and the honeypot technology can be used more easily. By managing honeypots at the central node, i.e., adding, deleting, and modifying honeypots and other operations, it is easy to maintain and upgrade the system, while reducing the difficulty of using honeypots. The high-interactivity honeypot technology not only attracts attackers into pre-set sandboxes to observe their behavior and attack methods, but also performs a variety of advanced functions, such as network threat analysis, virtualization, vulnerability perception, tracing reinforcement, and camouflage detection. We have conducted a large number of experimental comparisons and proven that our method has significant advantages compared to traditional honeypot technology and provides detailed data support. Our research provides new ideas and effective methods for network security protection. Full article

The remarkable development of the Internet has made our lives very convenient, such as through the ability to instantaneously transmit individual pictures. As a result, cyber-attacks are also being developed and increasing, and the computer/mobile devices we use can become infected with viruses in an instant. Rapid cyber situational awareness is essential to prepare for such cyber-attacks. Accelerating cyber situational awareness requires Cyber Common Operational Pictures, which integrate and contextualize numerous data streams and data points. Therefore, we propose a Cyber Common Operational Pictures framework and criteria for rapid cyber situation awareness. First, the system reaction speed based on the user’s request and the standard for easily recognizing the object shown on the screen are presented. Second, standards and frameworks for five types of visualization screens that can directly recognize and respond to cyber-attacks are presented. Third, we show how a system was constructed based on the proposed framework, as well as the results of an experiment on the response time of each visualization screen. As a result of the experiment, the response speed of the 5 visualization screens was about 0.11 s on average for inquiry (simple) and 1.07 s on average for inquiry (complex). This is consistent with the typical response times of the studies investigated in this paper. If CyCOP is developed in compliance with the framework items (UI, object symbol, object size, response speed) presented in this paper, rapid situational awareness is possible. This research can be used in cyber-attack and defense training in the military field. In the private sector, it can be used in cyber and network control. Full article

One of the promises of AI in the military domain that seems to guarantee its adoption is its broad applicability. In a military context, the potential for AI is present in all operational domains (i.e., land, sea, air, space, and cyber-space) and all levels of warfare (i.e., political, strategic, operational, and tactical). However, despite the potential, the convergence between needs and AI technological advances is still not optimal, especially in supervised machine learning for military applications. Training supervised machine learning models requires a large amount of up-to-date data, often unavailable or difficult to produce by one organization. An excellent way to tackle this challenge is federated learning by designing a data pipeline collaboratively. This mechanism is based on implementing a single universal model for all users, trained using decentralized data. Furthermore, this federated model ensures the privacy and protection of sensitive information managed by each entity. However, this process raises severe objections to the effectiveness and generalizability of the universal federated model. Usually, each machine learning algorithm shows sensitivity in managing the available data and revealing the complex relationships that characterize them, so the forecast has some severe biases. This paper proposes a holistic federated learning approach to address the above problem. It is a Federated Auto-Meta-Ensemble Learning (FAMEL) framework. FAMEL, for each user of the federation, automatically creates the most appropriate algorithm with the optimal hyperparameters that apply to the available data in its possession. The optimal model of each federal user is used to create an ensemble learning model. Hence, each user has an up-to-date, highly accurate model without exposing personal data in the federation. As it turns out experimentally, this ensemble model offers better predictability and stability. Its overall behavior smoothens noise while reducing the risk of a wrong choice resulting from under-sampling. Full article

Radar is widely employed in many applications, especially in autonomous driving. At present, radars are only designed as simple data collectors, and they are unable to meet new requirements for real-time and intelligent information processing as environmental complexity increases. It is inevitable that smart radar systems will need to be developed to deal with these challenges and digital twins in cyber-physical systems (CPS) have proven to be effective tools in many aspects. However, human involvement is closely related to radar technology and plays an important role in the operation and management of radars; thus, digital twins’ radars in CPS are insufficient to realize smart radar systems due to the inadequate consideration of human factors. ACP-based parallel intelligence in cyber-physical-social systems (CPSS) is used to construct a novel framework for smart radars, called Parallel Radars. A Parallel Radar consists of three main parts: a Descriptive Radar for constructing artificial radar systems in cyberspace, a Predictive Radar for conducting computational experiments with artificial systems, and a Prescriptive Radar for providing prescriptive control to both physical and artificial radars to complete parallel execution. To connect silos of data and protect data privacy, federated radars are proposed. Additionally, taking mines as an example, the application of Parallel Radars in autonomous driving is discussed in detail, and various experiments have been conducted to demonstrate the effectiveness of Parallel Radars. Full article

Protection against a growing number of increasingly sophisticated and complex cyberattacks requires the real-time acquisition of up-to-date information on identified threats and their potential impact on an enterprise’s operation. However, the complexity and variety of IT/OT infrastructure interdependencies and the business processes and services it supports significantly complicate this task. Hence, we propose a novel solution here that provides security awareness of critical infrastructure entities. Appropriate measures and methods for comprehensively managing cyberspace security and resilience in an enterprise are provided, and these take into account the aspects of confidentiality, availability, and integrity of the essential services offered across the underlying business processes and IT infrastructure. The abstraction of these entities as business objects is proposed to uniformly address them and their interdependencies. In this paper, the concept of modeling the cyberspace of interdependent services, business processes, and systems and the procedures for assessing and predicting their attributes and dynamic states are depicted. The enterprise can build a model of its operation with the proposed formalism, which takes it to the first level of security awareness. Through dedicated simulation procedures, the enterprise can anticipate the evolution of actual or hypothetical threats and related risks, which is the second level of awareness. Finally, simulation-driven analyses can serve in guiding operations toward improvement with respect to resilience and threat protection, bringing the enterprise to the third level of awareness. The solution is also applied in the case study of an essential service provider. Full article

Several advanced features exist in fifth-generation (5G) correspondence than in fourth-generation (4G) correspondence. Centric cloud-computing architecture achieves resource sharing and effectively handles big data explosion. For data security problems, researchers had developed many methods to protect data against cyber-attacks. Only a few solutions are based on blockchain (BC), but are affected by expensive storage costs, network latency, confidence, and capacity. Things are represented in digital form in the virtual cyberspace which is the major responsibility of the communication model based on cybertwin. A novel cybertwin-based UAV 6G network architecture is proposed with new concepts such as cloud operators and cybertwin in UAV. Here, IoE applications have to be energy aware and provide scalability with less latency. A novel Compute first networking (CFN) framework named secure blockchain-based UAV communication (BC-UAV) is designed which offers network services such as computing, caching, and communication resources. The focus of the blockchain was to improve the security in the cloud using hashing technique. Edge clouds support core clouds to quickly respond to user requests. Full article

As an infrastructure platform for launching large-scale cyber attacks, botnets are one of the biggest threats to cyberspace security today. With the development of network technology and changes in the network environment, network attack intelligence has become a trend, and botnet designers are also committed to developing more destructive intelligent botnets. The feasibility of implementing distributed intelligent computing based on botnet node resources is analyzed with regard to the aspects of program size, communication traffic and resource occupancy. AIBot, a botnet model that can perform intelligent computation in a distributed manner, is proposed from the attacker’s perspective, which hierarchically deploys distributed neural network models in the botnet, thereby organizing nodes to collaboratively perform intelligent computation tasks. AIBot enables the distributed execution of intelligent computing tasks on a cluster of bot nodes by decomposing the computational load of a deep neural network model. A general algorithm for the distributed deployment of neural networks in AIBot is proposed, and the overall operational framework for AIBot is given. Two classical neural network models, CNN and RNN, are used as examples to illustrate specific schemes for deploying and running distributed intelligent computing in AIBot. Experimental scenarios were constructed to experimentally validate and briefly evaluate the performance of the two AIBot attack modes, and the overall efficiency of AIBot was evaluated in terms of execution time. This paper studies new forms of botnet attack techniques from a predictive perspective, aiming to increase defenders’ understanding of potential botnet threats, in order to propose effective defense strategies and improve the botnet defense system. Full article