131 results found
Barrère M, Hankin C, Eliades DG, et al., 2019, Assessing cyber-physical security in industrial control systems, 6th International Symposium for ICS & SCADA Cyber Security Research 2019, Publisher: BCS Learning & Development, Pages: 49-58
Over the last years, Industrial Control Systems (ICS) have become increasingly exposed to a wide range of cyber-physical threats. Efficient models and techniques able to capture their complex structure and identify critical cyber-physical components are therefore essential. AND/OR graphs have proven very useful in this context as they are able to semantically grasp intricate logical interdependencies among ICS components. However, identifying critical nodes in AND/OR graphs is an NP-complete problem. In addition, ICS settings normally involve various cyber and physical security measures that simultaneously protect multiple ICS components in overlapping manners, which makes this problem even harder. In this paper, we present an extended security metric based on AND/OR hypergraphs which efficiently identifies the set of critical ICS components and security measures that should be compromised, with minimum cost (effort) for an attacker, in order to disrupt the operation of vital ICS assets. Our approach relies on MAX-SAT techniques, which we have incorporated in META4ICS, a Java-based security metric analyser for ICS. We also provide a thorough performance evaluation that shows the feasibility of our method. Finally, we illustrate our methodology through a case study in which we analyse the security posture of a realistic Water Transport Network (WTN).
Barrere Cambrun M, Hankin C, Nicolaou N, et al., MaxSAT Evaluation 2019 - Benchmark: Identifying Security-Critical Cyber-Physical Components in Weighted AND/OR Graphs, MaxSAT Evaluation 2019 (affiliated with SAT 2019)
This paper presents a MaxSAT benchmark focused on identifying critical nodes in AND/OR graphs. We use AND/OR graphs to model Industrial Control Systems (ICS) as they are able to semantically grasp intricate logical interdependencies among ICS components. However, identifying critical nodes in AND/OR graphs is an NP-complete problem. We address this problem by efficiently transforming the input AND/OR graph-based model into a weighted logical formula that is then used to build and solve a Weighted Partial MaxSAT problem. The benchmark includes 80 cases with AND/OR graphs of different size and composition as well as the optimal cost and solution for each case.
Zizzo G, Hankin C, Maffeis S, et al., 2019, Adversarial machine learning beyond the image domain, the 56th Annual Design Automation Conference 2019, Publisher: ACM Press
Machine learning systems have had enormous success in a wide range of fields from computer vision, natural language processing, and anomaly detection. However, such systems are vulnerable to attackers who can cause deliberate misclassification by introducing small perturbations. With machine learning systems being proposed for cyber attack detection such attackers are cause for serious concern. Despite this the vast majority of adversarial machine learning security research is focused on the image domain. This work gives a brief overview of adversarial machine learning and machine learning used in cyber attack detection and suggests key differences between the traditional image domain of adversarial machine learning and the cyber domain. Finally we show an adversarial machine learning attack on an industrial control system.
Barrère M, Hankin C, Nicolau N, et al., 2019, Identifying security-critical cyber-physical components in industrial control systems, Publisher: arxiv
In recent years, Industrial Control Systems (ICS) have become an appealingtarget for cyber attacks, having massive destructive consequences. Securitymetrics are therefore essential to assess their security posture. In thispaper, we present a novel ICS security metric based on AND/OR graphs thatrepresent cyber-physical dependencies among network components. Our metric isable to efficiently identify sets of critical cyber-physical components, withminimal cost for an attacker, such that if compromised, the system would enterinto a non-operational state. We address this problem by efficientlytransforming the input AND/OR graph-based model into a weighted logical formulathat is then used to build and solve a Weighted Partial MAX-SAT problem. Ourtool, META4ICS, leverages state-of-the-art techniques from the field of logicalsatisfiability optimisation in order to achieve efficient computation times.Our experimental results indicate that the proposed security metric canefficiently scale to networks with thousands of nodes and be computed inseconds. In addition, we present a case study where we have used our system toanalyse the security posture of a realistic water transport network. We discussour findings on the plant as well as further security applications of ourmetric.
Hankin CL, Serban O, Thapen N, et al., 2019, Real-time processing of social media with SENTINEL: a syndromic surveillance system incorporating deep learning for health classification, Information Processing and Management, Vol: 56, Pages: 1166-1184, ISSN: 0306-4573
Interest in real-time syndromic surveillance based on social media data has greatly increased in recent years.The ability to detect disease outbreaks earlier than traditional methods would be highly useful for publichealth officials. This paper describes a software system which is built upon recent developments in machinelearning and data processing to achieve this goal. The system is built from reusable modules integrated intodata processing pipelines that are easily deployable and configurable. It applies deep learning to the problemof classifying health-related tweets and is able to do so with high accuracy. It has the capability to detectillness outbreaks from Twitter data and then to build up and display information about these outbreaks,including relevant news articles, to provide situational awareness. It also provides nowcasting functionalityof current disease levels from previous clinical data combined with Twitter data.The preliminary results are promising, with the system being able to detect outbreaks of influenza-likeillness symptoms which could then be confirmed by existing official sources. The Nowcasting module showsthat using social media data can improve prediction for multiple diseases over simply using traditional datasources.
Fatourou P, Hankin C, 2019, Welcome to the Europe Region Special Section, COMMUNICATIONS OF THE ACM, Vol: 62, Pages: 30-30, ISSN: 0001-0782
Larus J, Hankin C, 2018, Regulating Automated Decision Making, COMMUNICATIONS OF THE ACM, Vol: 61, Pages: 5-5, ISSN: 0001-0782
Barrere Cambrun M, Hankin C, Barboni A, et al., CPS-MT: a real-time cyber-physical system monitoring tool for security Research, 24th IEEE International Conference on Embedded and Real-Time Computing Systems and Applications (RTCSA2018), Publisher: IEEE
Monitoring systems are essential to understand and control the behaviour of systems and networks. Cyber-physical systems (CPS) are particularly delicate under that perspective since they involve real-time constraints and physical phenomena that are not usually considered in common IT solutions. Therefore, there is a need for publicly available monitoring tools able to contemplate these aspects. In this poster/demo, we present our initiative, called CPS-MT, towards a versatile, real-time CPS monitoring tool, with a particular focus on security research. We first present its architecture and main components, followed by a MiniCPS-based case study. We also describe a performance analysis and preliminary results. During the demo, we will discuss CPS-MT’s capabilities and limitations for security applications.
Li T, Hankin C, Effective Defence Against Zero-Day Exploits Using Bayesian Networks, The 11th International Conference on Critical Information Infrastructures Security
Martin G, Kinross J, Hankin C, 2017, Effective cybersecurity is fundamental to patient safety, British Medical Journal, Vol: 357, ISSN: 1468-5833
Kodagoda N, Pontis S, Simmie D, et al., 2016, Using Machine Learning to Infer Reasoning Provenance From User Interaction Log Data: Based on the Data/Frame Theory of Sensemaking, JOURNAL OF COGNITIVE ENGINEERING AND DECISION MAKING, Vol: 11, Pages: 23-41, ISSN: 1555-3434
Thapen N, Simmie D, Hankin CL, 2016, The early bird catches the term: combining twitter and news data for event detection and situational awareness, Journal of Biomedical Semantics, Vol: 7, ISSN: 2041-1480
Background: Twitter updates now represent an enormous stream of information originating from a wide variety offormal and informal sources, much of which is relevant to real-world events. They can therefore be highly useful forevent detection and situational awareness applications.Results: In this paper we apply customised filtering techniques to existing bio-surveillance algorithms to detectlocalised spikes in Twitter activity, showing that these correspond to real events with a high level of confidence. Wethen develop a methodology to automatically summarise these events, both by providing the tweets which bestdescribe the event and by linking to highly relevant news articles. This news linkage is accomplished by identifyingterms occurring more frequently in the event tweets than in a baseline of activity for the area concerned, and usingthese to search for news. We apply our methods to outbreaks of illness and events strongly affecting sentiment andare able to detect events verifiable by third party sources and produce high quality summaries.Conclusions: This study demonstrates linking event detection from Twitter with relevant online news to providesituational awareness. This builds on the existing studies that focus on Twitter alone, showing that integratinginformation from multiple online sources can produce useful analysis.
Fielder A, Li T, Hankin C, Defense-in-depth vs. Critical Component Defense for Industrial Control Systems, International Symposium for ICS & SCADA Cyber Security, Publisher: BCS Learning & Development Ltd.
Originally designed as self-contained and isolated networks, Industrial Control Systems (ICS) have evolved tobecome increasingly interconnected with IT systems and other wider networks and services, which enablescyber attacks to sabotage the normal operation of ICS. This paper proposes a simulation of attackers anddefenders, who have limited resources that must be applied to either advancing the technology they haveavailable to them or attempting to attack (defend) the system. The objective is to identify the appropriatedeployment of specific defensive strategy, such as Defense-in-depth and Critical Component Defense.The problem is represented as a strategic competitive optimisation problem, which is solved using a coevolutionaryParticle Swarm Optimisation problem. Through the development of optimal defense strategies,it is possible to identify when each specific defensive strategies is most appropriate; where the optimaldefensive strategy depends on the kind of attacker the system is expecting and the structure of the network.
Li T, Hankin C, 2016, A Model-based Approach to Interdependency between Safety and Security in ICS., ICS-CSR 2015, Publisher: BCS
Wide use of modern ICT technologies brings not only communication efficiency, but also security vulnerabilities into industrial control systems. Traditional physically-isolated systems are now required to take cyber security into consideration, which might also lead to system failures. However, integrating security and safety analysis has always been a challenging issue and the various interdependencies between them make it even more difficult, because they might mutually enhance, or undermine. The paper proposes an integrating framework to (i) formalise the desired and undesired properties to be safe(unsafe) or secure(insecure), including the dependencies between them, (ii) evaluate if a query state reaches a safe(unsafe) or secure(insecure) state, and further quantify how safe or secure the state is. In this way,we can accurately capture the benign and harmful relations between safety and security, particularly detecting and measuring conflicting impacts on them. Finally, this framework is implemented by answer set programming to enable automatic evaluation, which is demonstrated by a case study on pipeline transportation.
Khouzani MHR, Malacaria P, Hankin C, et al., 2016, Efficient numerical frameworks for multi-objective cyber security planning, 21st European Symposium on Research in Computer Security (ESORICS), Publisher: Springer International Publishing AG, Pages: 179-197, ISSN: 0302-9743
We consider the problem of optimal investment in cyber-security by an enterprise. Optimality is measured with respect to the overall (1) monetary cost of implementation, (2) negative side-effects of cyber-security controls (indirect costs), and (3) mitigation of the cyber-security risk. We consider “passive” and “reactive” threats, the former representing the case where attack attempts are independent of the defender’s plan, the latter, where attackers can adapt and react to an implemented cyber-security defense. Moreover, we model in three different ways the combined effect of multiple cyber-security controls, depending on their degree of complementarity and correlation. We also consider multi-stage attacks and the potential correlations in the success of different stages. First, we formalize the problem as a non-linear multi-objective integer programming. We then convert them into Mixed Integer Linear Programs (MILP) that very efficiently solve for the exact Pareto-optimal solutions even when the number of available controls is large. In our case study, we consider 27 of the most typical security controls, each with multiple intensity levels of implementation, and 37 common vulnerabilities facing a typical SME. We compare our findings against expert-recommended critical controls. We then investigate the effect of the security models on the resulting optimal plan and contrast the merits of different security metrics. In particular, we show the superior robustness of the security measures based on the “reactive” threat model, and the significance of the hitherto overlooked role of correlations.
Fielder A, Li T, Hankin C, 2016, Modelling Cost-effectiveness of Defenses in Industrial Control Systems, International Conference on Computer Safety, Reliability and Security, Publisher: Springer, Pages: 187-200, ISSN: 0302-9743
Industrial Control Systems (ICS) play a critical role in controlling industrialprocesses. Wide use of modern IT technologies enables cyber attacks todisrupt the operation of ICS. Advanced Persistent Threats (APT) are the mostthreatening attacks to ICS due to their long persistence and destructive cyberphysicaleffects to ICS. This paper considers a simulation of attackers and defendersof an ICS, where the defender must consider the cost-efficiency of implementingdefensive measures within the system in order to create an optimaldefense. The aim is to identify the appropriate deployment of a specific defensivestrategy, such as defense-in-depth or critical component defense. The problemis represented as a strategic competitive optimisation problem, which is solvedusing a co-evolutionary particle swarm optimisation algorithm. Through the developmentof optimal defense strategy, it is possible to identify when each specificdefensive strategies is most appropriate; where the optimal defensive strategy dependson the resources available and the relative effectiveness of those resources.
Hankin CL, Thapen N, Simmie D, et al., 2016, DEFENDER: Detecting and Forecasting Epidemics Using Novel Data-Analytics for Enhanced Response, PLOS One, Vol: 11, ISSN: 1932-6203
In recent years social and news media have increasingly been used to explain patterns indisease activity and progression. Social media data, principally from the Twitter network,has been shown to correlate well with official disease case counts. This fact has beenexploited to provide advance warning of outbreak detection, forecasting of disease levelsand the ability to predict the likelihood of individuals developing symptoms. In this paper weintroduce DEFENDER, a software system that integrates data from social and news mediaand incorporates algorithms for outbreak detection, situational awareness and forecasting.As part of this system we have developed a technique for creating a location network forany country or region based purely on Twitter data. We also present a disease nowcasting(forecasting the current but still unknown level) approach which leverages counts from multiplesymptoms, which was found to improve the nowcasting accuracy by 37 percent overa model that used only previous case data. Finally we attempt to forecast future levels ofsymptom activity based on observed user movement on Twitter, finding a moderate gain of5 percent over a time series forecasting model.
Hankin CL, Fielder A, Malacaria P, et al., 2016, Decision Support Approaches for Cyber Security Investment, Decision Support Systems, Vol: 86, Pages: 13-23, ISSN: 1873-5797
When investing in cyber security resources, information security managers have to follow effective decision-making strategies. We refer to this as the cyber security investment challenge. In this paper, we consider three possible decision support methodologies for security managers to tackle this challenge. We consider methods based on game theory, combinatorial optimisation, and a hybrid of the two. Our modelling starts by building a framework where we can investigate the effectiveness of a cyber security control regarding the protection of different assets seen as targets in presence of commodity threats. As game theory captures the interaction between the endogenous organisation’s and attackers’ decisions, we consider a 2-person control game between the security manager who has to choose among different implementation levels of a cyber security control, and a commodity attacker who chooses among different targets to attack. The pure game theoretical methodology consists of a large game including all controls and all threats. In the hybrid methodology the game solutions of individual control-games along with their direct costs (e.g. financial) are combined with a knapsack algorithm to derive an optimal investment strategy. The combinatorial optimisation technique consists of a multi-objective multiple choice knapsack based strategy. To compare these approaches we built a decision support tool and a case study regarding current government guidelines. The endeavour of this work is to highlight the weaknesses and strengths of different investment methodologies for cyber security, the benefit of their interaction, and the impact that indirect costs have on cyber security investment. Going a step further in validating our work, we have shown that our decision support tool provides the same advice with the one advocated by the UK government with regard to the requirements for basic technical protection from cyber attacks in SMEs.
Probst CW, Hankin C, Hansen RR, 2016, Semantics, logics, and calculi: Essays dedicated to Hanne Riis Nielson and Flemming Nielson on the occasion of their 60th birthdays, Publisher: Springer, ISBN: 9783319278094
Thapen NA, Simmie DS, Hankin C, 2016, The early bird catches the term: combining twitter and news data for event detection and situational awareness., J. Biomedical Semantics, Vol: 7, Pages: 61-61
Hankin C, 2015, Game theory and industrial control systems, Semantics, Logics, and Calculi: Essays Dedicated to Hanne Riis Nielson and Flemming Nielson on the Occasion of Their 60th Birthdays, Publisher: Springer, Pages: 178-190, ISBN: 9783319278094
Post-Stuxnet, the last couple of years has seen an increasing awareness of cyber threats to industrial control systems (ICS). We will review why these threats have become more prominent. We will explore the differences between Enterprise IT security and cyber security of ICS. Game Theory has been used to provide decision support in cyber security for a number of years. Recently, we have developed a hybrid approach using game theory and classical optimisation to produce decision support tools to help system administrators optimise their investment in cyber defence. We will describe how our game theoretic work might be used to provide novel approaches to protecting ICS against cyber attacks.
Vigliotti MG, Hankin C, 2015, Discovery of anomalous behaviour in temporal networks, SOCIAL NETWORKS, Vol: 41, Pages: 18-25, ISSN: 0378-8733
Fielder A, Panaousis E, Malacaria P, et al., 2015, Comparing Decision Support Approaches for Cyber Security Investment
When investing in cyber security resources, information security managershave to follow effective decision-making strategies. We refer to this as thecyber security investment challenge. In this paper, we consider three possibledecision-support methodologies for security managers to tackle this challenge.We consider methods based on game theory, combinatorial optimisation and ahybrid of the two. Our modelling starts by building a framework where we caninvestigate the effectiveness of a cyber security control regarding theprotection of different assets seen as targets in presence of commoditythreats. In terms of game theory we consider a 2-person control game betweenthe security manager who has to choose among different implementation levels ofa cyber security control, and a commodity attacker who chooses among differenttargets to attack. The pure game theoretical methodology consists of a largegame including all controls and all threats. In the hybrid methodology the gamesolutions of individual control-games along with their direct costs (e.g.financial) are combined with a knapsack algorithm to derive an optimalinvestment strategy. The combinatorial optimisation technique consists of amulti-objective multiple choice knapsack based strategy. We compare theseapproaches on a case study that was built on SANS top critical controls. Themain achievements of this work is to highlight the weaknesses and strengths ofdifferent investment methodologies for cyber security, the benefit of theirinteraction, and the impact that indirect costs have on cyber securityinvestment.
Le Martelot E, Hankin C, 2014, Fast multi-scale detection of overlapping communities using local criteria, COMPUTING, Vol: 96, Pages: 1011-1027, ISSN: 0010-485X
Simmie D, Vigliotti MG, Hankin C, 2014, Ranking twitter influence by combining network centrality and influence observables in an evolutionary model, Journal of Complex Networks, Vol: 2, Pages: 495-517, ISSN: 2051-1310
© The authors 2014. Influential agents in networks play a pivotal role in information diffusion. Influence may rise or fall quickly over time and thus capturing this evolution of influence is of benefit to a varied number of application domains such as digital marketing, counter-terrorism or policing. In this paper, we investigate the influence of users in programming communities on Twitter. We propose a new model for capturing both time-invariant influence and also temporal influence. The unified model is a combination of network topological methods and observation of influence-relevant events in the network. We provide an application of Hidden Markov Models (HMM) for capturing this effect on the network. There are many possible combinations of influence factors, hence we required a ground-truth for model configuration. We performed a primary survey of our population users to elicit their views on influential users. The survey allowed us to validate the results of our classifier. We introduce a novel reward-based transformation to the Viterbi path of the observed sequences, which provides an overall ranking for users. Our results show an improvement in ranking accuracy over using solely topology-based methods for the particular area of interest we sampled. Utilizing the evolutionary aspect of the HMM, we attempt to predict future states using current evidence. Our prediction algorithm significantly outperforms a collection of naive models, especially in the short term (1-3 weeks).
Fielder A, Panaousis E, Malacaria P, et al., 2014, Game Theory Meets Information Security Management, ICT SYSTEMS SECURITY AND PRIVACY PROTECTION, IFIP TC 11 INTERNATIONAL CONFERENCE, SEC 2014, Vol: 428, Pages: 15-29, ISSN: 1868-4238
Panaousis E, Fielder A, Malacaria P, et al., 2014, Cybersecurity Games and Investments: A Decision Support Approach, DECISION AND GAME THEORY FOR SECURITY, GAMESEC 2014, Vol: 8840, Pages: 266-286, ISSN: 0302-9743
Hankin C, Malacaria P, 2013, Payoffs, intensionality and abstraction in games, Pages: 69-82, ISSN: 0302-9743
We discuss some fundamental concepts in Game Theory: the concept of payoffs and the relation between rational solutions to games like Nash equilibrium and real world behaviour. We sketch some connections between Game Theory and Game Semantics by exploring some possible uses of Game Semantics strategies enriched with payoffs. Finally we discuss potential contributions of Abstract Interpretation to Game Theory in addressing the state explosion problem of game models of real world systems. © 2013 Springer-Verlag Berlin Heidelberg.
This data is extracted from the Web of Science and reproduced under a licence from Thomson Reuters. You may not copy or re-distribute this data in whole or in part without the written consent of the Science business of Thomson Reuters.