In december 2021 we had two more conference participations by our partners. Colleagues from ISEP presented a paper on “Comparative Analysis of Machine Learning Techniques for IoT Intrusion Detection” at the 14th International Symposium on Foundations & Practice of Security on the 9th of December in Paris. In the same week, during the 16th International Conference for Internet Technology and Secured Transactions, our colleagues from VTT presented a “Review on Cybersecurity Threats Related to Cyber Ranges”.
The conference proceedings will be linked here once they are published.
Title: Comparative Analysis of Machine Learning Techniques for IoT Intrusion Detection
Authors: João Vitorino, Rui Andrade, Isabel Praça, Orlando Sousa and Eva Maia
Abstract: The digital transformation faces tremendous security challenges. In particular, the growing number of cyber-attacks targeting Internet of Things (IoT) systems restates the need for a reliable detection of malicious network activity. This paper presents a comparative analysis of supervised, unsupervised and reinforcement learning techniques on nine malware captures of the IoT-23 dataset, considering both binary and multi-class classification scenarios. The developed models consisted of Support Vector Machine (SVM), Extreme Gradient Boosting (XGBoost), Light Gradient Boosting Machine (LightGBM), Isolation Forest (iForest), Local Outlier Factor (LOF) and a Deep Reinforcement Learning (DRL) model based on a Double Deep Q-Network (DDQN), adapted to the intrusion detection context. The best performance was achieved by LightGBM, closely fol- lowed by SVM. Nonetheless, iForest displayed good results against unknown at- tacks and the DRL model demonstrated the possible benefits of employing this methodology to continuously improve the detection. Overall, the obtained results indicate that the analyzed techniques are well suited for IoT intrusion detection.
Title: Review on Cybersecurity Threats Related to Cyber Ranges
Authors: Sami Noponen, Juha Pärssinen and Jarno Salonen
Abstract: Cyber ranges are often used to enhance the cybersecurity posture of a company by training relevant skills. These environments are traditionally used to host exercises that simulate cybersecurity scenarios, improve the cybersecurity skills of employees and enhance the security of networks and processes. By using digital twins, it is possible to organise cyber range trainings also to the critical infrastructure sector. However, in the aforementioned sector it is important to consider the cybersecurity of these environments themselves as they often may handle company-specific confidential information. This study presents several cybersecurity related threats and challenges that cyber ranges may face during different phases of use. Cyber threats may be exposed to the actual systems that the ranges are meant to protect if these issues are not taken into consideration and mitigated. Malicious attackers may use the information in the cyber range to learn the weaknesses in the actual system. We approach the subject by reviewing the relevant literature, which is currently very limited especially when looking at the cybersecurity issues of cyber ranges. We divide the subject into the different phases of cyber range development and use, and also discuss relevant cloud security issues. Finally, we present actions to mitigate the identified cybersecurity threats and issues in cyber ranges when using them for training and awareness activities.