Im Dezember 2021 haben zwei unserer projektpartner an weiteren Konferenzen teilgenommen. Kollegen von ISEP präsentierten am 9. Dezember in Paris auf dem 14th International Symposium on Foundations & Practice of Security die Publikation “Comparative Analysis of Machine Learning Techniques for IoT Intrusion Detection”. In der gleichen Woche präsentierten unsere Kollegen von VTT auf der 16th International Conference for Internet Technology and Secured Transactions einen “Review on Cybersecurity Threats Related to Cyber Ranges“.
Die Tagungsbände werden hier verlinkt, sobald sie veröffentlicht sind.
Titel: Comparative Analysis of Machine Learning Techniques for IoT Intrusion Detection
Autoren: João Vitorino, Rui Andrade, Isabel Praça, Orlando Sousa and Eva Maia
Zusammenfassung: The digital transformation faces tremendous security challenges. In particular, the growing number of cyber-attacks targeting Internet of Things (IoT) systems restates the need for a reliable detection of malicious network activity. This paper presents a comparative analysis of supervised, unsupervised and reinforcement learning techniques on nine malware captures of the IoT-23 dataset, considering both binary and multi-class classification scenarios. The developed models consisted of Support Vector Machine (SVM), Extreme Gradient Boosting (XGBoost), Light Gradient Boosting Machine (LightGBM), Isolation Forest (iForest), Local Outlier Factor (LOF) and a Deep Reinforcement Learning (DRL) model based on a Double Deep Q-Network (DDQN), adapted to the intrusion detection context. The best performance was achieved by LightGBM, closely fol- lowed by SVM. Nonetheless, iForest displayed good results against unknown at- tacks and the DRL model demonstrated the possible benefits of employing this methodology to continuously improve the detection. Overall, the obtained results indicate that the analyzed techniques are well suited for IoT intrusion detection.
Titel: Review on Cybersecurity Threats Related to Cyber Ranges
Autoren: Sami Noponen, Juha Pärssinen and Jarno Salonen
Zusammenfassung: Cyber ranges are often used to enhance the cybersecurity posture of a company by training relevant skills. These environments are traditionally used to host exercises that simulate cybersecurity scenarios, improve the cybersecurity skills of employees and enhance the security of networks and processes. By using digital twins, it is possible to organise cyber range trainings also to the critical infrastructure sector. However, in the aforementioned sector it is important to consider the cybersecurity of these environments themselves as they often may handle company-specific confidential information. This study presents several cybersecurity related threats and challenges that cyber ranges may face during different phases of use. Cyber threats may be exposed to the actual systems that the ranges are meant to protect if these issues are not taken into consideration and mitigated. Malicious attackers may use the information in the cyber range to learn the weaknesses in the actual system. We approach the subject by reviewing the relevant literature, which is currently very limited especially when looking at the cybersecurity issues of cyber ranges. We divide the subject into the different phases of cyber range development and use, and also discuss relevant cloud security issues. Finally, we present actions to mitigate the identified cybersecurity threats and issues in cyber ranges when using them for training and awareness activities.