Publications
161 results found
Larus J, Hankin C, 2018, Regulating Automated Decision Making, COMMUNICATIONS OF THE ACM, Vol: 61, Pages: 5-5, ISSN: 0001-0782
Martin G, Ghafur S, Kinross J, et al., 2018, WannaCry-a year on, BMJ: British Medical Journal, Vol: 361, ISSN: 0959-8138
Li T, Hankin C, 2017, Effective Defence Against Zero-Day Exploits Using Bayesian Networks, The 11th International Conference on Critical Information Infrastructures Security
Martin G, Martin P, Hankin C, et al., 2017, Cybersecurity and healthcare: how safe are we?, BMJ-British Medical Journal, Vol: 358, ISSN: 1756-1833
Martin G, Kinross J, Hankin C, 2017, Effective cybersecurity is fundamental to patient safety, British Medical Journal, Vol: 357, ISSN: 1468-5833
Kodagoda N, Pontis S, Simmie D, et al., 2016, Using Machine Learning to Infer Reasoning Provenance From User Interaction Log Data: Based on the Data/Frame Theory of Sensemaking, JOURNAL OF COGNITIVE ENGINEERING AND DECISION MAKING, Vol: 11, Pages: 23-41, ISSN: 1555-3434
Thapen N, Simmie D, Hankin CL, 2016, The early bird catches the term: combining twitter and news data for event detection and situational awareness, Journal of Biomedical Semantics, Vol: 7, ISSN: 2041-1480
Background: Twitter updates now represent an enormous stream of information originating from a wide variety offormal and informal sources, much of which is relevant to real-world events. They can therefore be highly useful forevent detection and situational awareness applications.Results: In this paper we apply customised filtering techniques to existing bio-surveillance algorithms to detectlocalised spikes in Twitter activity, showing that these correspond to real events with a high level of confidence. Wethen develop a methodology to automatically summarise these events, both by providing the tweets which bestdescribe the event and by linking to highly relevant news articles. This news linkage is accomplished by identifyingterms occurring more frequently in the event tweets than in a baseline of activity for the area concerned, and usingthese to search for news. We apply our methods to outbreaks of illness and events strongly affecting sentiment andare able to detect events verifiable by third party sources and produce high quality summaries.Conclusions: This study demonstrates linking event detection from Twitter with relevant online news to providesituational awareness. This builds on the existing studies that focus on Twitter alone, showing that integratinginformation from multiple online sources can produce useful analysis.
Li T, Hankin C, 2016, A Model-based Approach to Interdependency between Safety and Security in ICS., ICS-CSR 2015, Publisher: BCS
Wide use of modern ICT technologies brings not only communication efficiency, but also security vulnerabilities into industrial control systems. Traditional physically-isolated systems are now required to take cyber security into consideration, which might also lead to system failures. However, integrating security and safety analysis has always been a challenging issue and the various interdependencies between them make it even more difficult, because they might mutually enhance, or undermine. The paper proposes an integrating framework to (i) formalise the desired and undesired properties to be safe(unsafe) or secure(insecure), including the dependencies between them, (ii) evaluate if a query state reaches a safe(unsafe) or secure(insecure) state, and further quantify how safe or secure the state is. In this way,we can accurately capture the benign and harmful relations between safety and security, particularly detecting and measuring conflicting impacts on them. Finally, this framework is implemented by answer set programming to enable automatic evaluation, which is demonstrated by a case study on pipeline transportation.
Khouzani MHR, Malacaria P, Hankin C, et al., 2016, Efficient numerical frameworks for multi-objective cyber security planning, 21st European Symposium on Research in Computer Security (ESORICS), Publisher: Springer International Publishing AG, Pages: 179-197, ISSN: 0302-9743
We consider the problem of optimal investment in cyber-security by an enterprise. Optimality is measured with respect to the overall (1) monetary cost of implementation, (2) negative side-effects of cyber-security controls (indirect costs), and (3) mitigation of the cyber-security risk. We consider “passive” and “reactive” threats, the former representing the case where attack attempts are independent of the defender’s plan, the latter, where attackers can adapt and react to an implemented cyber-security defense. Moreover, we model in three different ways the combined effect of multiple cyber-security controls, depending on their degree of complementarity and correlation. We also consider multi-stage attacks and the potential correlations in the success of different stages. First, we formalize the problem as a non-linear multi-objective integer programming. We then convert them into Mixed Integer Linear Programs (MILP) that very efficiently solve for the exact Pareto-optimal solutions even when the number of available controls is large. In our case study, we consider 27 of the most typical security controls, each with multiple intensity levels of implementation, and 37 common vulnerabilities facing a typical SME. We compare our findings against expert-recommended critical controls. We then investigate the effect of the security models on the resulting optimal plan and contrast the merits of different security metrics. In particular, we show the superior robustness of the security measures based on the “reactive” threat model, and the significance of the hitherto overlooked role of correlations.
Fielder A, Li T, Hankin C, 2016, Modelling Cost-effectiveness of Defenses in Industrial Control Systems, International Conference on Computer Safety, Reliability and Security, Publisher: Springer, Pages: 187-200, ISSN: 0302-9743
Industrial Control Systems (ICS) play a critical role in controlling industrialprocesses. Wide use of modern IT technologies enables cyber attacks todisrupt the operation of ICS. Advanced Persistent Threats (APT) are the mostthreatening attacks to ICS due to their long persistence and destructive cyberphysicaleffects to ICS. This paper considers a simulation of attackers and defendersof an ICS, where the defender must consider the cost-efficiency of implementingdefensive measures within the system in order to create an optimaldefense. The aim is to identify the appropriate deployment of a specific defensivestrategy, such as defense-in-depth or critical component defense. The problemis represented as a strategic competitive optimisation problem, which is solvedusing a co-evolutionary particle swarm optimisation algorithm. Through the developmentof optimal defense strategy, it is possible to identify when each specificdefensive strategies is most appropriate; where the optimal defensive strategy dependson the resources available and the relative effectiveness of those resources.
Fielder A, Li T, Hankin C, 2016, Defense-in-depth vs. Critical Component Defense for Industrial Control Systems, International Symposium for ICS & SCADA Cyber Security, Publisher: BCS Learning & Development Ltd.
Originally designed as self-contained and isolated networks, Industrial Control Systems (ICS) have evolved tobecome increasingly interconnected with IT systems and other wider networks and services, which enablescyber attacks to sabotage the normal operation of ICS. This paper proposes a simulation of attackers anddefenders, who have limited resources that must be applied to either advancing the technology they haveavailable to them or attempting to attack (defend) the system. The objective is to identify the appropriatedeployment of specific defensive strategy, such as Defense-in-depth and Critical Component Defense.The problem is represented as a strategic competitive optimisation problem, which is solved using a coevolutionaryParticle Swarm Optimisation problem. Through the development of optimal defense strategies,it is possible to identify when each specific defensive strategies is most appropriate; where the optimaldefensive strategy depends on the kind of attacker the system is expecting and the structure of the network.
Hankin CL, Fielder A, Malacaria P, et al., 2016, Decision support approaches for cyber security investment, Decision Support Systems, Vol: 86, Pages: 13-23, ISSN: 0167-9236
When investing in cyber security resources, information security managers have to follow effective decision-making strategies. We refer to this as the cyber security investment challenge. In this paper, we consider three possible decision support methodologies for security managers to tackle this challenge. We consider methods based on game theory, combinatorial optimisation, and a hybrid of the two. Our modelling starts by building a framework where we can investigate the effectiveness of a cyber security control regarding the protection of different assets seen as targets in presence of commodity threats. As game theory captures the interaction between the endogenous organisation’s and attackers’ decisions, we consider a 2-person control game between the security manager who has to choose among different implementation levels of a cyber security control, and a commodity attacker who chooses among different targets to attack. The pure game theoretical methodology consists of a large game including all controls and all threats. In the hybrid methodology the game solutions of individual control-games along with their direct costs (e.g. financial) are combined with a knapsack algorithm to derive an optimal investment strategy. The combinatorial optimisation technique consists of a multi-objective multiple choice knapsack based strategy. To compare these approaches we built a decision support tool and a case study regarding current government guidelines. The endeavour of this work is to highlight the weaknesses and strengths of different investment methodologies for cyber security, the benefit of their interaction, and the impact that indirect costs have on cyber security investment. Going a step further in validating our work, we have shown that our decision support tool provides the same advice with the one advocated by the UK government with regard to the requirements for basic technical protection from cyber attacks in SMEs.
Hankin CL, Thapen N, Simmie D, et al., 2016, DEFENDER: Detecting and Forecasting Epidemics Using Novel Data-Analytics for Enhanced Response, PLOS One, Vol: 11, ISSN: 1932-6203
In recent years social and news media have increasingly been used to explain patterns indisease activity and progression. Social media data, principally from the Twitter network,has been shown to correlate well with official disease case counts. This fact has beenexploited to provide advance warning of outbreak detection, forecasting of disease levelsand the ability to predict the likelihood of individuals developing symptoms. In this paper weintroduce DEFENDER, a software system that integrates data from social and news mediaand incorporates algorithms for outbreak detection, situational awareness and forecasting.As part of this system we have developed a technique for creating a location network forany country or region based purely on Twitter data. We also present a disease nowcasting(forecasting the current but still unknown level) approach which leverages counts from multiplesymptoms, which was found to improve the nowcasting accuracy by 37 percent overa model that used only previous case data. Finally we attempt to forecast future levels ofsymptom activity based on observed user movement on Twitter, finding a moderate gain of5 percent over a time series forecasting model.
Probst CW, Hankin C, Hansen RR, 2016, Semantics, logics, and calculi: Essays dedicated to Hanne Riis Nielson and Flemming Nielson on the occasion of their 60th birthdays, Publisher: Springer, ISBN: 9783319278094
Thapen NA, Simmie DS, Hankin C, 2016, The early bird catches the term: combining twitter and news data for event detection and situational awareness., J. Biomed. Semant., Vol: 7, Pages: 61-61
Hankin C, 2015, Game theory and industrial control systems, Semantics, Logics, and Calculi: Essays Dedicated to Hanne Riis Nielson and Flemming Nielson on the Occasion of Their 60th Birthdays, Publisher: Springer, Pages: 178-190, ISBN: 9783319278094
Post-Stuxnet, the last couple of years has seen an increasing awareness of cyber threats to industrial control systems (ICS). We will review why these threats have become more prominent. We will explore the differences between Enterprise IT security and cyber security of ICS. Game Theory has been used to provide decision support in cyber security for a number of years. Recently, we have developed a hybrid approach using game theory and classical optimisation to produce decision support tools to help system administrators optimise their investment in cyber defence. We will describe how our game theoretic work might be used to provide novel approaches to protecting ICS against cyber attacks.
Vigliotti MG, Hankin C, 2015, Discovery of anomalous behaviour in temporal networks, SOCIAL NETWORKS, Vol: 41, Pages: 18-25, ISSN: 0378-8733
- Author Web Link
- Cite
- Citations: 17
Fielder A, Panaousis E, Malacaria P, et al., 2015, Comparing Decision Support Approaches for Cyber Security Investment
When investing in cyber security resources, information security managershave to follow effective decision-making strategies. We refer to this as thecyber security investment challenge. In this paper, we consider three possibledecision-support methodologies for security managers to tackle this challenge.We consider methods based on game theory, combinatorial optimisation and ahybrid of the two. Our modelling starts by building a framework where we caninvestigate the effectiveness of a cyber security control regarding theprotection of different assets seen as targets in presence of commoditythreats. In terms of game theory we consider a 2-person control game betweenthe security manager who has to choose among different implementation levels ofa cyber security control, and a commodity attacker who chooses among differenttargets to attack. The pure game theoretical methodology consists of a largegame including all controls and all threats. In the hybrid methodology the gamesolutions of individual control-games along with their direct costs (e.g.financial) are combined with a knapsack algorithm to derive an optimalinvestment strategy. The combinatorial optimisation technique consists of amulti-objective multiple choice knapsack based strategy. We compare theseapproaches on a case study that was built on SANS top critical controls. Themain achievements of this work is to highlight the weaknesses and strengths ofdifferent investment methodologies for cyber security, the benefit of theirinteraction, and the impact that indirect costs have on cyber securityinvestment.
Simmie D, Vigliotti MG, Hankin C, 2014, Ranking twitter influence by combining network centrality and influence observables in an evolutionary model, Journal of Complex Networks, Vol: 2, Pages: 495-517, ISSN: 2051-1310
Influential agents in networks play a pivotal role in information diffusion. Influence may rise or fall quickly over time and thus capturing this evolution of influence is of benefit to a varied number of application domains such as digital marketing, counter-terrorism or policing. In this paper, we investigate the influence of users in programming communities on Twitter. We propose a new model for capturing both time-invariant influence and also temporal influence. The unified model is a combination of network topological methods and observation of influence-relevant events in the network. We provide an application of Hidden Markov Models (HMM) for capturing this effect on the network. There are many possible combinations of influence factors, hence we required a ground-truth for model configuration. We performed a primary survey of our population users to elicit their views on influential users. The survey allowed us to validate the results of our classifier. We introduce a novel reward-based transformation to the Viterbi path of the observed sequences, which provides an overall ranking for users. Our results show an improvement in ranking accuracy over using solely topology-based methods for the particular area of interest we sampled. Utilizing the evolutionary aspect of the HMM, we attempt to predict future states using current evidence. Our prediction algorithm significantly outperforms a collection of naive models, especially in the short term (1-3 weeks).
Le Martelot E, Hankin C, 2014, Fast multi-scale detection of overlapping communities using local criteria, COMPUTING, Vol: 96, Pages: 1011-1027, ISSN: 0010-485X
- Author Web Link
- Cite
- Citations: 7
Fielder A, Panaousis E, Malacaria P, et al., 2014, Game Theory Meets Information Security Management, ICT SYSTEMS SECURITY AND PRIVACY PROTECTION, IFIP TC 11 INTERNATIONAL CONFERENCE, SEC 2014, Vol: 428, Pages: 15-29, ISSN: 1868-4238
- Author Web Link
- Cite
- Citations: 33
Panaousis E, Fielder A, Malacaria P, et al., 2014, Cybersecurity Games and Investments: A Decision Support Approach, DECISION AND GAME THEORY FOR SECURITY, GAMESEC 2014, Vol: 8840, Pages: 266-286, ISSN: 0302-9743
- Author Web Link
- Cite
- Citations: 22
Hankin C, Malacaria P, 2013, Payoffs, intensionality and abstraction in games, Pages: 69-82, ISSN: 0302-9743
We discuss some fundamental concepts in Game Theory: the concept of payoffs and the relation between rational solutions to games like Nash equilibrium and real world behaviour. We sketch some connections between Game Theory and Game Semantics by exploring some possible uses of Game Semantics strategies enriched with payoffs. Finally we discuss potential contributions of Abstract Interpretation to Game Theory in addressing the state explosion problem of game models of real world systems. © 2013 Springer-Verlag Berlin Heidelberg.
Hankin C, 2013, A short note on Simulation and Abstraction, Electronic Proceedings in Theoretical Computer Science, EPTCS, Vol: 129, Pages: 337-340, ISSN: 2075-2180
This short note is written in celebration of David Schmidt's sixtieth birthday. He has now been active in the program analysis research community for over thirty years and we have enjoyed many interactions with him. His work on characterising simulations between Kripke structures using Galois connections was particularly influential in our own work on using probabilistic abstract interpretation to study Larsen and Skou's notion of probabilistic bisimulation. We briefly review this work and discuss some recent applications of these ideas in a variety of different application areas.
Simmie D, Vigliotti MG, Hankin C, 2013, Ranking Twitter Influence by Combining Network Centrality and Influence Observables in an Evolutionary Model, 2013 INTERNATIONAL CONFERENCE ON SIGNAL-IMAGE TECHNOLOGY & INTERNET-BASED SYSTEMS (SITIS), Pages: 486-493
Le Martelot E, Hankin C, 2013, Fast Multi-Scale Detection of Relevant Communities in Large-Scale Networks, Computer Journal, Vol: 59, Pages: 1136-1150, ISSN: 0010-4620
Nowadays, networks are almost ubiquitous. In the past decade, community detection received anincreasing interest as a way to uncover the structure of networks by grouping nodes into communities more densely connected internally than externally.Yet most of the effective methods available do not consider the potential levels of organization, or scales, a network may encompass and are therefore limited. In this paper, we present a method compatible with global and local criteria that enablesfast multi-scale community detection on large networks. The method is derived in two algorithms, one for each type of criterion, and implemented with six known criteria. Uncovering communities at various scales is a computationally expensive task. Therefore, this work puts a strong emphasis on the reduction of computational complexity. Some heuristics are introduced for speed-up purposes.Experiments demonstrate the efficiency and accuracy of our method with respect to each algorithm and criterion by testing them against large generated multi-scale networks. This study also offers a comparison between criteria and between the global and local approaches. In particular, our results suggest that global criteria seem to be more robust to noise and thus more accurate than local criteria.
Martelot EL, Hankin C, 2013, Fast Multi-Scale Community Detection based on Local Criteria within a Multi-Threaded Algorithm, CoRR, Vol: abs/1301.0955
Yang F, Hankin CL, Nielson F, et al., 2012, Predictive Access Control for Distributed Computation, Science of Computer Programming, ISSN: 0167-6423
Martelot EL, Hankin C, 2012, Fast Multi-Scale Detection of Relevant Communities
Nowadays, networks are almost ubiquitous. In the past decade, communitydetection received an increasing interest as a way to uncover the structure ofnetworks by grouping nodes into communities more densely connected internallythan externally. Yet most of the effective methods available do not considerthe potential levels of organisation, or scales, a network may encompass andare therefore limited. In this paper we present a method compatible with globaland local criteria that enables fast multi-scale community detection. Themethod is derived in two algorithms, one for each type of criterion, andimplemented with 6 known criteria. Uncovering communities at various scales isa computationally expensive task. Therefore this work puts a strong emphasis onthe reduction of computational complexity. Some heuristics are introduced forspeed-up purposes. Experiments demonstrate the efficiency and accuracy of ourmethod with respect to each algorithm and criterion by testing them againstlarge generated multi-scale networks. This study also offers a comparisonbetween criteria and between the global and local approaches.
Le Martelot E, Hankin C, 2012, Multi-scale Community Detection using Stability as Optimisation Criterion in a Greedy Algorithm, 2011 International Conference on Knowledge Discovery and Information Retrieval (KDIR 2011)
Whether biological, social or technical, many real systems are represented as networks whose structure can be very informative regarding the original system's organisation. In this respect the field of community detection has received a lot of attention in the past decade. Most of the approaches rely on the notion of modularity to assess the quality of a partition and use this measure as an optimisation criterion. Recently stability was introduced as a new partition quality measure encompassing former partition quality measures such as modularity. The work presented here assesses stability as an optimisation criterion in a greedy approach similar to modularity optimisation techniques and enables multi-scale analysis using Markov time as resolution parameter. The method is validated and compared with other popular approaches against synthetic and various real data networks and the results show that the method enables accurate multi-scale network analysis.
This data is extracted from the Web of Science and reproduced under a licence from Thomson Reuters. You may not copy or re-distribute this data in whole or in part without the written consent of the Science business of Thomson Reuters.