Beiträge

Präsentationen auf der FPS2021 und der ICITST-2021

/in /von

Im Dezember 2021 haben zwei unserer projektpartner an weiteren Konferenzen teilgenommen. Kollegen von ISEP präsentierten am 9. Dezember in Paris auf dem 14th International Symposium on Foundations & Practice of Security die Publikation “Comparative Analysis of Machine Learning Techniques for IoT Intrusion Detection”. In der gleichen Woche präsentierten unsere Kollegen von VTT auf der 16th International Conference for Internet Technology and Secured Transactions einen “Review on Cybersecurity Threats Related to Cyber Ranges“.

Die Tagungsbände werden hier verlinkt, sobald sie veröffentlicht sind.

Titel: Comparative Analysis of Machine Learning Techniques for IoT Intrusion Detection

Autoren: João Vitorino, Rui Andrade, Isabel Praça, Orlando Sousa and Eva Maia

Zusammenfassung: The digital transformation faces tremendous security challenges. In particular, the growing number of cyber-attacks targeting Internet of Things (IoT) systems restates the need for a reliable detection of malicious network activity. This paper presents a comparative analysis of supervised, unsupervised and reinforcement learning techniques on nine malware captures of the IoT-23 dataset, considering both binary and multi-class classification scenarios. The developed models consisted of Support Vector Machine (SVM), Extreme Gradient Boosting (XGBoost), Light Gradient Boosting Machine (LightGBM), Isolation Forest (iForest), Local Outlier Factor (LOF) and a Deep Reinforcement Learning (DRL) model based on a Double Deep Q-Network (DDQN), adapted to the intrusion detection context. The best performance was achieved by LightGBM, closely fol- lowed by SVM. Nonetheless, iForest displayed good results against unknown at- tacks and the DRL model demonstrated the possible benefits of employing this methodology to continuously improve the detection. Overall, the obtained results indicate that the analyzed techniques are well suited for IoT intrusion detection.

Titel: Review on Cybersecurity Threats Related to Cyber Ranges

Autoren: Sami Noponen, Juha Pärssinen and Jarno Salonen

Zusammenfassung: Cyber ranges are often used to enhance the cybersecurity posture of a company by training relevant skills. These environments are traditionally used to host exercises that simulate cybersecurity scenarios, improve the cybersecurity skills of employees and enhance the security of networks and processes. By using digital twins, it is possible to organise cyber range trainings also to the critical infrastructure sector. However, in the aforementioned sector it is important to consider the cybersecurity of these environments themselves as they often may handle company-specific confidential information. This study presents several cybersecurity related threats and challenges that cyber ranges may face during different phases of use. Cyber threats may be exposed to the actual systems that the ranges are meant to protect if these issues are not taken into consideration and mitigated. Malicious attackers may use the information in the cyber range to learn the weaknesses in the actual system. We approach the subject by reviewing the relevant literature, which is currently very limited especially when looking at the cybersecurity issues of cyber ranges. We divide the subject into the different phases of cyber range development and use, and also discuss relevant cloud security issues. Finally, we present actions to mitigate the identified cybersecurity threats and issues in cyber ranges when using them for training and awareness activities. 

https://pixabay.com/photos/writing-write-person-paperwork-828911/

Call for Papers: Symposium on Security and Privacy in Speech Communication

/in /von

Call for papers to be presented at the

1st Symposium on Security and Privacy in Speech Communication

Online, November 10-12, 2021

 

The first edition of the SPSC Symposium aims at laying the first building blocks required to address the question how researchers and practitioners might bridge the gap between social perceptions and their technical counterparts with respect to what it means for our voices and speech to be secure and private.

The symposium brings together researchers and practitioners across multiple disciplines – more specifically: signal processing, cryptography, security, human-computer interaction, law, and anthropology. By integrating different disciplinary perspectives on speech-enabled technology and applications, the SPSC Symposium opens opportunities to collect and merge input regarding technical and social practices, as well as a deeper understanding of the situated ethics at play.The SPSC Symposium addresses interdisciplinary topics.

For more details, see CFP.

Topics of Interest:
Topics regarding the technical perspective include but are not limited to:
  • Speech Communication
  • Cyber security
  • Machine Learning
  • Natural Language Processing
Topics regarding the societal view include but are not limited to:
  • Human-Computer Interfaces (Speech as Medium)
  • Ethics & Law
  • Digital Humanities
We welcome contributions on related topics, as well as progress reports, project disseminations, or theoretical discussions and “work in progress”.  There also is a dedicated PhD track. In addition, guests from academia, industry and public institutions as well as interested students are welcome to attend the conference without having to make their own contribution. All accepted submissions will appear in the conference proceedings published in ISCA Archive.
Submission:
Papers intended for the SPSC Symposium should be up to four pages of text. An optional fifth page can be used for references only. Paper submissions must conform to the format defined in the paper preparation guidelines and as detailed in the author’s kit. Papers must be submitted via the online paper submission system. The working language of the conference is English, and papers must be written in English.
Reviews:
All submissions share the same registration deadline (with one week of submission updates afterwards). At least three single-blind reviews are provided, we aim to get feedback from interdisciplinary experts for each submission.
Important dates:
Paper submission opens:           April 10, 2021
Paper submission deadline:     June 30, 2021
Author notification:                      September 5, 2021
Final paper submission:              October 5, 2021
SPSC Symposium:                          November 10-12, 2021
Contact:
For further details contact mail@spsc-symposium2021.de!

Posterpräsentation beim Machine Learning in Certified Systems Workshop

/in /von

Beim Machine Learning in Certified Systems Workshop, welcher vom DEEL project organisiert wurde, hat Ana Pereira von der Hochschule für Technik und Wirtschaft Berlin (HTW) ein Poster zum Thema “Safety Hazards Analysis and Mitigation Strategies for Machine Learning-Based Safety-Critical Systems” präsentiert.

Zusammenfassung:

Machine Learning (ML) is increasingly applied for the control of safety-critical Cyber-Physical Systems (CPS). As a consequence, the safety of machine learning became a focus area for research in recent years. Applying a classic technique of safety engineering, our work provides a methodological analysis of the safety hazards that could be introduced along the ML lifecycle, and that could compromise the safe operation of ML-based CPS. The comprehensive analysis presented here intends to be used as a basis for holistic approaches for safety engineering of ML-based CPS in safety-critical applications, and aims to support the use of ML-based control systems in highly safety-critical applications and their certification.

Das Poster wurde von Ana Pereira und Carsten Thomas von der Hochschule für Technik und Wirtschaft Berlin (HTW) erstellt.

Hier können Sie das Poster herunterladen.

Challenges of Machine Learning Applied to Safety-Critical Cyber-Physical Systems

/in /von

Abstract

Machine Learning (ML) is increasingly applied for the control of safety-critical Cyber-Physical Systems (CPS) in application areas that cannot easily be mastered with traditional control approaches, such as autonomous driving. As a consequence, the safety of machine learning became a focus area for research in recent years. Despite very considerable advances in selected areas related to machine learning safety, shortcomings were identified on holistic approaches that take an end-to-end view on the risks associated to the engineering of ML-based control systems and their certification. Applying a classic technique of safety engineering, our paper provides a comprehensive and methodological analysis of the safety hazards that could be introduced along the ML lifecycle, and could compromise the safe operation of ML-based CPS. Identified hazards are illustrated and explained using a real-world application scenario—an autonomous shop-floor transportation vehicle. The comprehensive analysis presented in this paper is intended as a basis for future holistic approaches for safety engineering of ML-based CPS in safety-critical applications, and aims to support the focus on research onto safety hazards that are not yet adequately addressed.

Access to Document

Link

Authors

Ana Pereira and Carsten Thomas (Hochschule für Technik und Wirtschaft Berlin)