Cyber Science 2016 Conference Programme - C

Transcription

13 - 14 JUNE
LONDON, UNITED KINGDOM
2016
Cyber Science 2016
Conference Programme
Pioneering Research & Innovation
in Cyber Situational Awareness
#CyberScience @cmricorg
www.c-mric.org
C-MRiC.ORG
6/13/2016
1
Sponsors
2
Contents
Sponsors ................................................................................................................................................................ 1
Conference Venue ................................................................................................................................................. 3
Hotel Information / Address .................................................................................................................... 3
Directions ................................................................................................................................................... 3
Keynote Speakers .................................................................................................................................................. 5
Conference Chair ................................................................................................................................................... 9
Accepted Papers, Authors, Affiliations & Abstracts .............................................................................................. 10
CyberSA 2016 Accepted Papers ........................................................................................................................ 10
Social Media 2016 Accepted Papers ................................................................................................................. 16
Cyber Security 2016 Accepted Papers .............................................................................................................. 18
Cyber Incident 2016 Accepted Papers .............................................................................................................. 24
Best Paper Awards............................................................................................................................................... 26
Cyber SA 2016 – Joint Best Papers ................................................................................................................... 26
Social Media 2016 – Best Paper ....................................................................................................................... 26
Cyber Security 2016 – Best Paper ..................................................................................................................... 26
Cyber Incident 2016 – Best Paper..................................................................................................................... 26
Conference Presentation Programme .................................................................................................................. 27
International Journal on Cyber Situational Awareness (IJCSA) .............................................................................. 32
Upcoming Conferences ........................................................................................................................................ 33
Other Services ..................................................................................................................................................... 34
3
Conference Venue
Hotel Information / Address
The Stratton Suite - Holiday Inn London Mayfair, 3 Berkeley Street, W1J 8NE, London, United Kingdom
Central Reservations: +44 (0) 800 40 50 60, Web: http://www.hilondonmayfairhotel.co.uk/
At the very heart of the London borough of Westminster is Mayfair, one of the city's finest residential areas and one of London's
most attractive villages.
Class, sophistication, and finery are all synonymous with Mayfair, which takes its name from the fortnight-long May Fair, which
took place in the borough from 1686 until 1764. Situated between Oxford Street, Regent Street, Piccadilly and Park Lane,
Mayfair is home to some of the finest shopping establishments in the world.
Located at the centre of Mayfair, Holiday Inn London Mayfair, London, is ideally placed for both leisure and business visitors
and just seconds from Green Park Tube (Underground) Station. It’s within easy walking distance of all London’s major tourist
attractions and the business district. City Hall, Big Ben, Westminster Abbey, Palace of Westminster and Westminster Tube
Station are just streets away!
Directions
By Air



London Heathrow (LHR) Distance: 13 Mi /
20.9 Km East to hotel.
London Gatwick (LGW) Distance: 32 Mi /
51.5 Km North to hotel.
London City (LCY) Distance: 12 Mi / 19.3
Km West to hotel.
Underground Station Name: Green Park

About 2 minutes walk from Green Park
Underground Station.
By Car

Satellite Navigation W1J 8NE

From Piccadilly Turn into Stratton Street and follow it round
onto Berkeley

Street. Turn right and the hotel entrance is first on the left.

From Oxford Street or Bond Street Head south down New
Bond Street

Turn right at Bruton Street and then left into Berkeley Square.

Head south out of the square down Berkeley Street and the
hotel entrance is on the left.
By Train Station Name: Victoria

About 20 minutes walk from Victoria Train Station.
4
Figure 1: Map to the Conference Venue - Showing Underground Stations close to the venue
5
Keynote Speakers
Professor Ali Hessami FRSA – Chair, IEEE UK & RI Section
Professor Hessami is the current Chair of the IEEE United Kingdom and Republic of
Ireland, and Director of R&G and Innovation at Vega Systems, London, UK. He
contributed significant original material to CENELEC WGA10 Report TR-50451 on
Allocation of Safety Integrity & largely authored TR-50506-1 standard on the CrossAcceptance of Signalling Systems. He has chaired CENELEC Committees developing
the latest EN50128 & EN50129 revisions. He represents UK on CENELEC & IEC safety
systems, hardware & software standards committees whilst also an advisor to IEEE
Standards Association on European Policy matters. Ali chairs the SMC Chapter in the
UK&RI Section of IEEE. During December 2013, he was appointed as the Member of
Professor Ali Hessami
the Institution of Engineering & Technology (IET-UK) Council and as the Vice Chair of
the IEEE in the UK and Ireland. Ali is also policy advisor to the IEEE Standards
Association on European standardization and strategy related matters. Ali has now
assumed the leadership role of the UK & Ireland IEEE Section from January 2016.
Professor Frank Wang – School of Computing, University of
Kent, UK
Frank is a Professor of Future Computing, and a Fellow of British Computer Society.
He serves the High End Computing Panel for Science Foundation Ireland (SFI) and
the UK Government EPSRC e-Science Panel. Frank has attracted a number of
EC/EPSRC/DTI/Industrial grants, totalling a few million euros. He has been invited to
present keynote speeches and other invited talks at Princeton University (USA),
Carnegie Mellon University (USA), Oxford University (UK), Edinburgh University
(UK), CERN (the European Organization for Nuclear Research, Geneva), Hong Kong
Professor Frank Wang
University of Science & Technology (Hong Kong), Tsinghua University (Taiwan),
Jawaharlal Nehru University (India), Aristotle University (Greece), Helsinki
Technology University (Finland), Turkish Government The Ministry of Industry and
Commerce, University of Johannesburg (South Africa), Central Philippine University
(Philippine), and Princess Sumaya University for Technology (Jordan), etc. Prof Frank
Wang is Co-Editor-in-Chief of Encyclopaedia of Grid Computing and Co-Editor-inChief of International Journal of Grid and High Performance Computing.
6
Dr. Janne Hagen – Norwegian Water Resources and Energy
Directorate (NVE), Norway
Dr. Janne Hagen, from April employed at the Norwegian Water Resources and
Energy Directorate (NVE), has worked as researcher and consultant, most of the
time employed at the Norwegian Defence Research Establishment (FFI) conducting
research on societal security and protection of critical infrastructures. Since 2005
her scientific work turned towards cybersecurity, the last years covering
information operations, strategic communication and the vulnerability of the digital
society. She holds an associate professor position at the University of Stavanger.
Dr Janne Hagen
She has been member of several expert groups in Norway, including the Norwegian
Governmental Committee of Digital Vulnerabilities in Society that delivered an
Official Norwegian Report (NOU) to the Ministry of Justice and Public Security in
November 2015.
Dr. Thomas Owens – Brunel University, London, UK
Dr Owens is the co-editor of the book on Situational Awareness in Computer
Network Defense: Principle, Methods and Application, IGI Global, USA. He was the
project coordinator of the European Commission IST FP5 STREP Project
CONFLUENT, of the IST FP6 Integrated Project INSTINCT, and of the FP6 SSA Project
PARTAKE. He is currently Project Manager of the IST PSP Project DTV4All,
see www.psp-dtv4all.org As well as supervising many PhD students, he has
extensive experience in a very broad range of administrative and academic roles
including undergraduate courses director, postgraduate course director, chairman
of MSc examination boards, and elected member of Senate. In 1995/96 he acted as
Dr Thomas Owens
a teaching quality assessor of teaching in Electronic and Electrical Engineering in
three Welsh universities for the Higher Education Funding Council for Wales, and in
2007-9 as an external examiner of PhD students. In 2011-13 he was President of the
European Advisory Board of the Institute of Studies Brazil Europe, a joint EU Brazil
funded initiative. He was Visiting Professor, School of Information and Electronic
Engineering, Zhejiang Gongshang University, Hangzhou, China, 8th of September,
2012 to 23rd of September, 2012.
7
Dr. Cyril Onwubiko – Cyber Security Intelligence, Research
Series Limited, London, UK
Dr Onwubiko
is Director, Cyber Security Intelligence, at Research Series Limited
where he is responsible for directing strategy, IA governance and cyber security.
Prior
to
Research
Series,
he
had
worked in
the
Financial
Services,
Telecommunication, Health, Government and Public services Sectors. He is
experienced in Cyber Security, Security Information and Event Management, Data
Fusion, Intrusion Detection Systems and Computer Network Security; and vastly
knowledgeable in Information Assurance, Risk Assessment & Management.
Dr Cyril Onwubiko
He holds a PhD in Computer Network Security from Kingston University, London,
UK; MSc in Internet Engineering, from University of East London, London, UK, and
BSc, first class honours, in Computer Science & Mathematics. He has authored
several books including "Security Framework for Attack Detection in Computer
Networks" and "Concepts in Numerical Methods.", and edited books such as
"Situational Awareness in Computer Network Defense: Principles, Methods &
Applications", and Cyber Science 2015 – International Conference on Cyber Situational
Awareness, Data Analytics and Assessment. He has over 30 articles published in leading
and most prestigious academic journals and conferences.
Dr. Andrew Lenaghan – Oxford University Computer
Emergency Response Team (OxCERT), Oxford, UK
Dr Lenaghan works at the Oxford University Computer Emergency Response Team
(oXCERT) in the UK. Formerly, he was the information security officer for Flawless
Money Ltd, a member of the Information Systems Audit and Control Association
(ISACA), and regular contributor to the fraud subcommittee of the Electronic Money
Association. Most recently he has consulted on the IT governance and security
Dr Andrew Lenaghan
policy requirements for payment institutions and electronic money institution
seeking authorisation by the FSA. He holds degrees in Computer Science, Human
computer interaction (Lond.) and has a doctorate in computer vision and pattern
recognition from Kingston University.
8
Dr. Syed Naqvi – Cyber Security and Forensics, Birmingham
City University, Birmingham, UK
Dr Syed Naqvi is a Senior Lecturer in Cyber Security and Forensics at Birmingham
City University (BCU). He has a digital forensics practitioner background with firsthand experience of dealing with the challenges of this field. Prior to joining BCU in
August 2014, he worked at the Forensic Technology Solutions (FTS) arm of
PricewaterhouseCoopers Enterprise Advisory. His consultancy assignments included
antitrust investigations and litigation support services for corporate disputes. His
field experience includes evidence collection of several terabytes from various
digital storage media across the globe. This huge amount of digital evidence was
subsequently reviewed by using specialised data analytic technologies for litigation
Dr Syed Naqvi
support service. Syed has previously worked as a R&D Project Manager at CETIC
(Belgian Applied Research Centre in ICT) where he was the Principal Investigator of
Digital Forensics. He led the capacity building of Cyber Incident Response initiative.
His other major assignments at CETIC include: Project Manager of a European
Future Internet Security Research Experiment; Coordination of ICT Security activity
of national and European FP6/FP7 projects. Syed has held a Visiting Scientist
position at University of Washington at Seattle; and was a Research Fellow at
Rutherford Appleton Laboratory of the Science and Technology Facilities Council of
UK. He is an external reviewer of a number of international journals and has served
several scientific symposia as a technical program committee member.
Professor Olav Lysne – Centre for Resilient Networks and
Applications (CRNA), Simula, Norway
Olav Lysne is Director and founder of the Center for Resilient Networks and
Applications (CRNA) at Simula research laboratory, and professor in computer
science at Simula and the University of Oslo. He received the Master’s degree in
1988 and Dr. Scient. degree in 1992, both at the University of Oslo. The early
research contributions of Lysne were in the field of algebraic specification and term
rewriting, with a particular emphasis on automated deduction. While working in this
field he was a visiting researcher at Université de Paris-Sud. Later in his career he
has been working on resilient computer architecture for supercomputing and cloud
infrastructures, routing and switching techniques for IP-networks and measurement
Professor Olav Lysne
of national network infrastructures. Lysne was the leader of the Norwegian
Government’s Commission on digital vulnerability, which submitted its report to the
Minster of Justice in November 2015.
9
Dr. Nick Savage – School of
Portsmouth, Portsmouth, UK
Computing,
University of
Dr Savage is
the Head of the School of Computing at the University of Portsmouth
and he has a passion for investigating communication networks and security. He
obtained a first-class honours degree in Electronic and Computer Engineering, an
MA with Distinction in University Teaching and a PhD in Telecommunications from
the University of Portsmouth. He also has a MSc in Mathematics from the Open
University. His previous research on communication networks has been funded by
OFCOM and the EPSRC and has resulted in contributions to ITU recommendations.
He has over 50 publications in journals and conference proceedings and serves as a
referee for IET, IEEE and Elsevier journals. He has also chaired conferences, given
plenaries and chaired sessions at various computer networking and security
Dr Nick Savage
conferences around the world. He is currently leading researchers in the field of
communication networks and security. He is a member of Working Group 3 for the
EC NIS Platform, an Academic Advocate for the Information Systems Audit and
Control Association (ISACA) and a Chartered Engineer.
Conference Chair
Xavier Bellekens – Lecturer, University of Abertay, Dundee,
Scotland, UK
Mr Bellekens is a Lecturer in Ethical Hacking and Computer Security in the Division
of Computing and Mathematics at the University of Abertay, Dundee. He holds a
BSc in Computer Science from HENAM in Belgium and an MSc from the University of
Abertay, Dundee. He is currently completing his PhD in Electronic & Electrical
Engineering at the University of Strathclyde, Glasgow where he has also worked as a
Research Associate on WSN for Cyber-Physical Critical Systems.
His research
interests include Intrusion Detection Systems, the Internet of Things, eHealth
Xavier Bellekens
Situational Awareness and Digital Forensics. He has also chaired numerous sessions
and conferences in Computer Security and Digital Forensics around the world and
serves as a reviewer for numerous international journals and as TPC for a number of
leading international conferences.
10
Accepted Papers, Authors, Affiliations & Abstracts
CyberSA 2016 Accepted Papers
Yoram Golandsky
CybeRisk Security Solutions, Tel Aviv, Israel
Title: Cyber Crisis Management, Survival or Extinction?
Abstract: ‘Cyber Incidents’ are common in every domain where technology is prevalent. Recurring or sequential
incidents are not unusual and are often manageable. Whilst more rare, the incidents that reach crisis levels have
been shown to cause an unexpected amount of damage. Companies need to remain prepared for such cyber crises.
This entails not only building an Incident Response Team (IRT) and creating and testing an incident response plan,
but mainly establishing the capability to properly manage business crisis triggered by cyber-attacks.
Filippo Sanfilippo
Norwegian University of Science and Technology (NTNU), Dept. of Engineering Cybernetics, Norway
Title: A Multi-Sensor System for Enhancing Situational Awareness in Offshore Training
Abstract: Real offshore operational scenarios are particularly risky. Training programmes involving specifically
designed simulators constitute a promising approach for improving human reliability and safety in real
applications. One of the world’s most advanced providers of simulators for such demanding offshore operations is
the Offshore Simulator Centre AS (OSC). However, even though the OSC provides powerful simulation tools,
techniques for visualising operational procedures that can be used to further improve situational awareness (SA),
are still lacking. In this work, an integrated multi-sensor fusion system is integrated with the OSC. The proposed
system is designed to improve planning, execution and assessment of demanding maritime operations by adopting
newly-designed risk-evaluation tools. Different information from the simulator scene and from the real world can
be collected, such as audio, video, bio-metric data from eye trackers, other sensor data and annotations. This
integration is the base for research on novel SA assessment methodologies. A training methodology based on the
concept of briefing/de- briefing is adopted. By using this methodology, the efficiency of the proposed system is
validated in a conceptual case study that considers the training procedure performed by Statoil and partners for the
world’s first sub-sea gas compression plant, in Aasgard, Norway.
Roman Graf1, Florian Skopik1 and Kenny Whitebloom2
1
AIT Austrian Institute of Technology GmbH, Vienna, Austria
Digital Public Library of America (DPLA)
2
Title: A Decision Support Model for Situational Awareness in National Cyber Operations
Centers
11
Abstract: Advances in situational awareness technology have led to the creation of increasingly sophisticated tools
across different application domains, often involving non-textual, highly dimensional, and multimedia data.
Automated tools aim to address a number of situational awareness challenges, such as complex system topology,
rapidly changing technologies, high noise to signal ratio, and multi-faceted threats. These factors make real-time
situational awareness of cyber operations for the National Cyber Operations Centers very difficult to achieve.
Appropriate data analysis techniques, in combination with modern anomaly detection output data and user
knowledge, may provide solutions in real-time that could replace human input for many situational awareness
analysis tasks.
Philip Legg
Department of Computer Science and Creative Technologies, Faculty of Environment and Technology, University
of the West of England, Bristol, UK
Title: Enhancing Cyber Situation Awareness for Non-Expert Users using Visual Analytics
Abstract: Situation awareness is often described as the perception and comprehension of the current situation, and
the projection of future status. Whilst this may be understood in an organisational cybersecurity context, there is a
strong case to be made for effective cybersecurity situation awareness that is tailored to the needs of the NonExpert User (NEU). Our online usage habits are rapidly evolving with smartphones and tablets being widely used
to access resources online. In order for NEUs to remain safe online, there is a need to enhance awareness and
understanding of cybersecurity concerns, such as how devices may be acting online, and what data is being shared
between devices. In this paper, we explore the notion of personal situation awareness for NEUs. We conduct a
small-scale study to understand how NEUs perceive cybersecurity. We also propose how visual analytics could be
used to help encourage NEUs to actively monitor and observe their activity for greater online awareness. The
guidance developed through the course of this work can help practitioners develop tools that could help NEUs
better understand their online actions, with the aim to result in safer experiences when acting online.
Xavier Bellekens1, Preetila Seeam2, Quentin Franssen3, Andrew Hamilton4, Kamila
Nieradzinska4 and Amar Seeam5
1
Division of Computing and Mathematics, Abertay Dundee University
School of Management and Business, Aberystwyth University, (Mauritius Branch Campus), Mauritius
3
Cyber-Physical Security, Cyber Security Division, IT Risk and Assurance, Financial Service Advisory
4
Department of Electronic and Electrical Engineering, University of Strathclyde, Glasgow, G1 1XW, UK
5
School of Science and Technology, Middlesex University, (Mauritius Branch Campus), Vacoas, Mauritius
2
Title: Pervasive eHealth Services: A Security and Privacy Risk Awareness Survey
Abstract: The human factor is often recognised as a major aspect of cyber-security research. Risk and situational
perception are identified as key factors in the decision making process, often playing a lead role in the adoption of
security mechanisms. However, risk awareness and perception have been poorly investigated in the field of eHealth
wearables. Whilst end-users often have limited understanding of privacy and security of wearables, assessing the
perceived risks and consequences will help shape the usability of future security mechanisms. This paper present a
survey of the the risks and situational awareness in eHealth services. An analysis of the lack of security and privacy
measures in connected health devices is described with recommendations to circumvent critical situations.
12
Michael Davies and Menisha Patel
Department of Computer Science, University of Oxford, Oxford, England, UK
Title: Are we managing the risk of sharing Cyber Situational Awareness - A UK Public Sector
Case Study
Abstract: The development of effective cyber situational awareness is an important goal for organizations across
all sectors. The sharing of such information is seen as a key security enabler. This paper considers a case study of a
UK Public Sector organization. The aim is to establish if the decision to share cyber situational awareness has been
taken from an information risk management perspective, and if the organization is suitably well-placed to manage
the consequences of information loss, that has occurred as a result of the sharing process.
Samir Puuska, Matti J. Kortelainen, Viljami Venekoski and Jouko Vankka
Department of Military Technology, National Defence University, Helsinki, Finland
Title: Instant Message Classification in Finnish Cyber Security -Themed Free-Form
Discussion
Abstract: Instant messaging enables rapid collaboration between professionals during cyber security incidents.
However, monitoring discussion manually becomes challenging as the number of communication channels
increases. Failure to identify relevant information from the free-form instant messages may lead to reduced
situational awareness. In this paper, the problem was approached by developing a framework for classification of
instant message topics of cyber security--themed discussion in Finnish. The program utilizes open source software
components in morphological analysis, and subsequently converts the messages into Bag-of-Words representations
before classifying them into predetermined incident categories. We compared Support vector machines,
multinomial naive Bayes and complement naive Bayes classification methods with five-fold cross-validation. A
combination of SVM and CNB achieved classification accuracy of over 85 %, while multiclass SVM achieved 87
% accuracy. The implemented program recognizes cyber security -related messages in IRC chat rooms and
categorizes them accordingly.
Mahesh Bang and Himanshu Saraswat
Cisco Systems, India
Title: Building an effective and efficient continuous web application security program
Abstract: Most of organizations today either have some kind of web application security program or trying to
build/enhance. However most of these programs are not getting expected results to organization, neither long
lasting nor able to deliver value in continuous and efficient manner and also unable to enhance mind set of
developers to build/design secure web applications.
13
Shruti Kohli
BCRRE, University of Birmingham, Birmingham, Great Britain
Title: Developing Cyber Security Asset Management framework for UK Rail
Abstract: The sophistication and pervasiveness of cyber-attacks are constantly growing, driven partly by
technological progress, profitable applications in organized crime and state-sponsored innovation. The
modernization of rail control systems has resulted in an increasing reliance on digital technology and increased the
potential for security breaches and cyber-attacks. This research track showcases the need for developing the secure
reusable scalable framework for enhancing cyber security of rail assets. A Cyber security framework has been
proposed that is being developed to detect the tell-tale signs of cyber-attacks against industrial assets. This
framework will be based on the concepts of developing protection profiles for railway assets such as point machine
and evaluation assurance level in order to certify that chosen asset railway asset meet required security and safety
properties. The benefits of the selected framework. Endeavour is to make cyber health assessment of railway assets
to prevent cyber-attacks.
Joe Burton
Victoria University of Wellington, New Zealand
Title: Cyber Attacks and Maritime Situational Awareness: Evidence from Japan and Taiwan
Abstract: This paper argues that cyber-attacks are increasingly being seen as a threat to maritime situational
awareness in the Asia Pacific region, and highlights how the Japanese and Taiwanese governments have been
developing both offensive and defensive cyber operations to ameliorate vulnerabilities in their naval fleets vis a vis
their respective relationships with China. The paper begins by exploring traditional understandings of maritime
situational awareness and how changes in information communications technology have transformed the maritime
strategic environment in recent decades. The paper moves on to explore how Japan and Taiwan are developing new
capabilities in this area and new military doctrine to avoid disruptions to maritime operations. This section of the
paper also looks at the influence of Chinese and US cyber strategies on Taiwan’s and Japan’s changing cyber
doctrine. The final section of the paper presents a forward looking analysis of how cyber-attacks could affect
military responses to territorial dispute in the South China Sea in particular, and the normative dangers of cyber
militarization in the naval domain. The paper is based on field research conducted in Japan and Taiwan in 2014/15.
Radu-Stefan Pirscoveanu, Matija Stevanovic and Jens Myrup Pedersen
Department of Electronic Systems, Aalborg University, Denmark
Title: Clustering Analysis of Malware Behaviour using Self Organizing Map
Abstract: For the time being, malware behavioural classification is performed by means of Anti-Virus (AV)
generated labels. The paper investigates the inconsistencies associated with current practices by evaluating the
identified differences between current vendors. In this paper we rely on Self Organizing Map, an unsupervised
machine learning algorithm, for generating clusters that capture the similarities between malware behavior. A data
set of approximately 270,000 samples was used to generate the behavioral profile of malicious types in order to
compare the outcome of the proposed clustering approach with the labels collected from 57 Antivirus vendors
using VirusTotal. Upon evaluating the results, the paper concludes on shortcomings of relying on AV vendors for
14
labelling malware samples. In order to solve the problem, a cluster-based classification is proposed, which should
provide more accurate results based on the clusters created by competitive and cooperative algorithms like Self
Organizing Map that better describe the behavioural profile of malware.
Mohamed Chahine Ghanem and Deepthi N. Ratnayake
London Metropolitan University, London, UK
Title: Enhancing WPA2-PSK four-way handshaking after re-authentication to deal with deauthentication followed by brute-force attack A novel re-authentication protocol
Abstract: The nature of wireless network transmission and the emerging attacks are continuously creating or
exploiting more vulnerabilities. Despite the fact that the security mechanisms and protocols are constantly
upgraded and enhanced, the Small Office/Home Office (SOHO) environments that cannot afford a separate
authentication system, and generally adopt the IEEE 802.11 WPA2-PSK, are still exposed to some attack
categories such as de-authentication attacks that aim to push wireless client to re-authenticate to the Access Point
(AP) and try to capture the keys exchanged during the handshake to compromise the network security. This kind of
attack is impossible to detect or prevent in spite of having an Intrusion Detection and Prevention System (IDPS)
installed on the client or on the AP, especially when the attack is not repetitive and is targeting only one client. This
paper proposes a novel method which can mitigate and eliminate the risk of exposing the PSK to be captured
during the re-authentication process by introducing a novel re-authentication protocol relying on an enhanced fourway handshake which does not require any hardware upgrade or heavy-weight cryptography affecting the network
flexibility and performances.
Eliana Stavrou1 and Andreas Pitsillides2
1
Computing Department, UCLan Cyprus, Larnaca, Cyprus
Department of Computer Science, University of Cyprus, Nicosia, Cyprus
2
Title: Situation aware intrusion recovery policy in WSNs
Abstract: Wireless Sensor Networks (WSNs) have been gaining tremendous research attention the last few years
as they support a broad range of applications in the context of the Internet of Things. WSN-driven applications
greatly depend on the sensors’ observations to support decision-making and respond accordingly to reported critical
events. In case of compromisation, it is vital to recover compromised WSN services and continue to operate as
expected. To achieve an effective restoration of compromised WSN services, sensors should be equipped with the
logic to take recovery decisions and self-heal. Self-healing is challenging as sensors should be aware of a variety of
aspects in order to take effective decisions and maximize the recovery benefits. So far situation awareness has not
been actively investigated in an intrusion recovery context. This research work formulates situation aware intrusion
recovery policy design guidelines in order to drive the design of new intrusion recovery solutions that are operated
by an adaptable policy. An adaptable intrusion recovery policy is presented taking into consideration the proposed
design guidelines. The evaluation results demonstrate that the proposed policy can address advanced attack
strategies and aid the sensors to recover the network’s operation under different attack situations and intrusion
recovery requirements.
15
Jan Ahrend1, Marina Jirotka1 and Kevin Jones2
1
Department of Computer Science, University of Oxford, Oxford, England, UK
Airbus Group Innovations, Newport, England, UK
2
Title: On the Collaborative Practices of Cyber Threat Intelligence Analysts to Develop and
Utilize Tacit Threat and Defence Knowledge
Abstract: While the need for empirical investigations of cybersecurity analysts’ collaborative work practices is
widely acknowledged, research efforts are fairly limited. This paper aims to provide empirical evidence to support
a deeper consideration for the seemingly intangible collaborative practices that situational awareness in
cybersecurity relies on and add to our understanding of what it means to “do” threat intelligence. In particular, it
aims to unpack the informal forms of collaboration and coordination at work that build tacit knowledge about threat
actors and defenders and that span across time, people and tools to inform the translation of threat information into
actionable threat intelligence. In-depth semi-structured interviews and diary studies are conducted at three cyber
threat intelligence service providers (N=5) and analyzed using thematic analysis. This paper introduces the concept
of Threat and Defence Knowledge, tacit knowledge that analysts within an organization form over time and utilize
through informal ways of becoming aware of this knowledge, making it available and correlating it. We find that a
lack of accessibility to knowledge about relevant threat and defence factors can reduce analysts’ effectiveness at
arriving at actionable threat intelligence and hence reduce the ability to be alerted in advance about cyber threats, to
contain damage and obtain situational awareness. Perceived and potential shortcomings of the existing processes
and tools are presented, and practices to circumvent the existing systems investigated and implications for design
are considered.
Palvi Aggarwal1, Cleotilde Gonzalez2 and Varun Dutt1
1
Applied Cognitive Science Laboratory, Indian Institute of Technology Mandi, India
Dynamic Decision Making Laboratory, Carnegie Mellon University, Pittsburgh, USA
2
Title: Looking from the Hacker’s Perspective: Role of Deceptive Strategies in Cyber Security
Abstract: Cyber-attacks are increasing in the real-world and they cause widespread damage to cyber-infrastructure
and loss of information. Deception, i.e., the act of making someone believe something that is not true, could be a
way of countering cyber-attacks. In this paper, we propose a deception game, which we used to evaluate the
decision-making of a hacker in the presence of deception. In an experiment, using the deception game, we analyzed
the effect of two between-subjects factors (N = 100 participants): Amount of deception (high and low) and the
timing of deception (early and late). Results revealed that use of early deception made hackers trust the system’s
response and get deceived. However, the amount of deception did not influence hacker’s trust on the system’s
response. In addition, use of a deceptive strategy, i.e., when hackers moved from deception rounds to nondeception rounds, caused hackers to get deceived and not attack the system.
16
Zahid Maqbool1, V.S. Chandrasekhar Pammi2 and Varun Dutt1
1
Applied Cognitive Science Laboratory, Indian Institute of Technology, Mandi, India
Centre of Behavioral and Cognitive Sciences, University of Allahabad, India
2
Title: Cybersecurity: Effect of Information Availability in Dynamic Security Games
Abstract: Cyber-attacks, i.e., disruption of normal functioning of computers and loss of information, are becoming
widespread. Cyber security may be studied as a non-cooperative game as described by behavioural game theory.
However, current game-theoretic approaches have based their conclusions on Nash equilibriums, while
disregarding the role of information availability among hackers and analysts. In this study, we investigated how
information availability affected behaviour of analysts and hackers in 2x2 dynamic security games. In an
experiment involving dynamic security games, interdependence information available to hackers and analysts was
manipulated in two between-subjects conditions: Info and No-info. In Info condition, both players had complete
information about each other’s actions and payoffs, while this information was missing in No-Info condition.
Results showed that presence of information caused analysts and hackers to increase their proportion of defend and
attack actions, respectively. We highlight the relevance of our results to cyber-attacks in the real world.
Social Media 2016 Accepted Papers
Ryan Heartfield and George Loukas
Computing and Information Systems, University of Greenwich, UK
Title: Evaluating the reliability of users as human sensors of social media security threats
Abstract: While the human as a sensor concept has been utilised extensively for the detection of threats to safety
and security in physical space, especially in emergency response and crime reporting, the concept is largely
unexplored in the area of cyber security. Here, we evaluate the potential of utilising users as human sensors for the
detection of cyber threats, specifically on social media. For this, we have conducted an online test and
accompanying questionnaire-based survey, which was taken by 4,457 users. The test included eight realistic social
media scenarios (four attack and four non-attack) in the form of screenshots, which the participants were asked to
categorise as "likely attack" or "likely not attack". We present the overall performance of human sensors in our
experiment for each exhibit, and also apply logistic regression to evaluate the feasibility of predicting that
performance based on different characteristics of the participants. Such prediction would be useful where accuracy
of human sensors in detecting and reporting social media security threats is important. We identify features that are
good predictors of a human sensor's performance and evaluate them in both a theoretical ideal case and two more
realistic cases, the latter corresponding to limited access to a user's characteristics.
17
Paul Baxter and Trevor Wood
Cambridge Consultants
Title: Generating Insight from Data
Abstract: There are many different tools available for web analytics for business intelligence and empowerment.
To be useful for a user community, data analytics requires ascertaining the users’ needs to drive a combination of
appropriate analytical algorithms and effective visualization. Should any of these three be missing or tackled
without regard for the others, data analysis will be carried out without enabling the users to move from data to
action.
Using the example of the Transport for London (TfL) open data set on tube journeys we provide two examples of
the combination of algorithms, visualization and user requirements, one of which is described in detail here, while
the other is described at a summary level
Jennifer Cole, Chris Watkins and Dorothea Kleine
Department of Computer Science, Royal Holloway, University of London, Egham, UK
Title: Internet Discussion Forums: Maximizing Choice in Health-seeking Behaviour During
Public Health Emergencies
Abstract: This paper introduces a new approach for assessing how the technology affordances of internet
discussion forums may influence health-seeking behaviour. The approach combines theories from computer
science, behavioural science and development studies to explore the potential benefits of group decision making
and problem solving in online environments and relates these to Computer Science theories of Collective
Intelligence developed in particular by Pierre Levy. The approach seeks to test whether internet discussion forums
are able to provide the ‘clever mechanism’ considered necessary to harness the Wisdom of Crowds when the
optimal decision making processes are constrained. This will be cross-referenced against Amartya Sen’s
Maximization and the Act of Choice to show how discussion forums’ technology affordances may add value to the
choices available in sub-optimal conditions, suggesting a public health emergency as a possible case-study.
18
Cyber Security 2016 Accepted Papers
Muhammad Aminu Ahmad1, Steve Woodhead1 and Diane Gan2
1
Department of Engineering Science
Department of Computing and Information system
University of Greenwich, UK
2
Title: A Countermeasure Mechanism for Fast Scanning Malware
Abstract: This paper presents a cross-layer countermeasure mechanism to detect and contain self-propagating
malware. The mechanism uses a detection technique at the network layer and a data-link containment solution to
block traffic from an infected host. The concept has been demonstrated using a software prototype. An empirical
analysis of network worm propagation has been conducted to test the capabilities of the developed mechanism. The
results show that the developed mechanism is effective in containing self-propagating malware with almost no false
positives.
Kamile Nur Sevis1 and Ensar Seker2
1
National Common Criteria Evaluation Laboratory, TUBITAK (The Scientific and Technological Research Council of
Turkey), Kocaeli, TURKEY
2
Cyber Security Institute, TUBITAK (The Scientific and Technological Research Council of Turkey), Kocaeli,
TURKEY
Title: Cyber Warfare: Terms, Issues, Laws and Controversies
Abstract: Recent years have shown us the importance of cybersecurity. Especially, when the matter is national
security, it is even more essential and crucial. Increasing cyber-attacks, especially between countries in
governmental level, created a new term cyber warfare. Creating some rules and regulations for this kind of war is
necessary therefore international justice systems are working on it continuously. In this paper, we mentioned
fundamental terms of cybersecurity, cyber capabilities of some countries, some important cyber attacks in near
future, and finally, globally applied cyber warfare law for this attacks.
Tomáš Sochor, Matej Zuzčák and Petr Bujok
Department of Informatics and Computers, University of Ostrava, Ostrava, Czech Republic
Title: Statistical Analysis of Attacking Autonomous Systems
Abstract: The paper is devoted to the analysis of activities attacking against the research honeynet from various
autonomous systems (AS) in the Internet. Differences in behavior of attackers from different ASes as well as
activities done in the honeynet on individual probes. The probes are distributed across various network types –
academic, commercial VPS, ISP – in 2 central European countries, namely Czechia and Slovakia. Advanced
statistical methods were applied to extract a closer idea on attackers’ activities.
19
Thomas Mundt and Peter Wickboldt
Department of Computer Science, University of Rostock, Rostock, Germany
Title: Security in building automation systems - A first analysis
Abstract: The purpose of building automation systems is to support all house functions, such as controlling
lighting, air conditioning, heating, shading, access, and hence, increase comfort, save energy and provide easier
administration. Those systems are highly complex and ubiquitous as they have interfaces to many other networks
and systems in a building. This increases the risk that attackers use security gaps to affect the entire infrastructure.
In this paper we report about a security analysis of building automation systems.
Catrin Burrows and Pooneh Bagheri Zadeh
De Montfort University, UK
Title: A Mobile Forensic Investigation into Steganography
Abstract: Mobile devices are becoming a more popular tool to use in day to day life; this means that they can
accumulate a sizeable amount of information, which can be used as evidence if the device is involved in a crime.
Steganography is one way to conceal data, as it obscures the data as well as concealing that there is hidden content.
This paper investigates different steganography techniques, steganography artefacts created and the forensic
investigation tools used in detecting and extracting steganography in mobile devices. Steganography techniques are
used to generate different artefacts on two main mobile device platforms, Android and Apple devices. Furthermore
Forensic investigation tools are employed to detect and possibly reveal the hidden data. Finally a set of mobile
forensic investigation policy and guidelines are developed.
Cyril Onwubiko
Cyber Security Intelligence, E-Security Group, Research Series, London, UK
Title: Exploring Web Analytics to enhance Cyber Situational Awareness for the Protection of
Online Web Services
Abstract: Web Analytics is a tool for monitoring online interactions to digital services, typically focused on entity
profiling and analysis for market campaign, user behaviour, site performance and market intelligence. In this
research, web analytics is applied for intelligence-centric data gathering and analysis to enhanced cyber situational
awareness for monitoring critical online web services. A number of intelligence sources such as web logs, browser
fingerprints, mobile and tablet fingerprints and endpoint fingerprint are gathered, fused, analysed in real time for
enhanced situational awareness for the protection of online web services.
20
Mohammed Alzaylaee, Suleiman Yerima and Sakir Sezer
Centre for Secure Information Technologies (CSIT), Queen’s University Belfast, Belfast, Northern Ireland
Title: DynaLog: An automated dynamic analysis framework for characterizing Android
applications
Abstract: Android is becoming ubiquitous and currently has the largest share of the mobile OS market with
billions of application downloads from the official app market. It has also become the platform most targeted by
mobile malware that are becoming more sophisticated to evade state-of-the-art detection approaches. Many
Android malware families employ obfuscation techniques in order to avoid detection and this may defeat static
analysis based approaches. Dynamic analysis on the other hand may be used to overcome this limitation. Hence in
this paper we propose DynaLog, a dynamic analysis based framework for characterizing Android applications. The
framework provides the capability to analyse the behaviour of applications based on an extensive number of
dynamic features. It provides an automated platform for mass analysis and characterization of apps that is useful for
quickly identifying and isolating malicious applications. The DynaLog framework leverages existing open source
tools to extract and log high level behaviours, API calls, and critical events that can be used to explore the
characteristics of an application, thus providing an extensible dynamic analysis platform for detecting Android
malware. DynaLog is evaluated using real malware samples and clean applications demonstrating its capabilities
for effective analysis and detection of malicious applications.
Gaofeng Zhang1, Paolo Falcarin1, Elena Gómez-Martínez1, Christophe Tartary1, Shareeful
Islam1, Bjorn De Sutter2 and Jerome D’annoville3
1
University of East London, London, UK
Ghent University, Ghent, Belgium
3
Gemalto, Meudon, France
2
Title: Attack Simulation based Software Protection Assessment Method for Protection
Optimisation
Abstract: Software protection is an essential aspect of information security to withstand malicious activities on
software. In this regard, for developers and software companies, software protection assessment is a key function
for preserving their software assets. In this way, the assessment needs to evaluate multiple protection methods
together as protection solutions for their optimisation. Due to the complexity of protection solutions, existing
protection assessment methods need to be improved. Besides, the uncertain processes of various software attacks
are another challenges for existing assessment methods. To solve these issues, we present a novel attack simulation
based software protection assessment method to assess various protection solutions for protection optimisation.
Specially, relying on Petri Net based attack models, Monte Carlo based attack simulation simulates software
attacking processes to deal with the uncertainty. Then, based on this simulation, a novel protection comparison
model is proposed to compare different protection solutions with numeric confidences, which provides a
convenient approach to assess complicated protection solutions via the previous simulation. Based on this
comparison model, our novel protection assessment method is proposed to identify the premier protection solutions
from potential protection solutions for protection optimisation in specific software protection situations, which
includes various software attacks. We illustrate this method by means of a software protection assessment process
to demonstrate that our method can provide a suitable software protection assessment for developers and software
companies.
21
Egon Kidmose, Matija Stevanovic and Jens Myrup Pedersen
Department of Electronic Systems, Aalborg University, Denmark
Title: Correlating intrusion detection alerts on bot malware infections using neural network
Abstract: Millions of computers are infected with bot malware, form botnets and enable botmaster to perform
malicious and criminal activities. Intrusion Detection Systems are deployed to detect infections, but they raise
many correlated alerts for each infection, requiring a large manual investigation effort. This paper presents a novel
method with a goal of determining which alerts are correlated, by applying Neural Networks and clustering, thus
reducing the number of alerts to manually process. The main advantage of the method is that no domain knowledge
is required for designing feature extraction or any other part; as such knowledge is inferred by Neural Networks.
Evaluation has been performed with traffic traces of real bot binaries executed in a lab setup. The method is trained
on labelled Intrusion Detection System alerts and is capable of correctly predicting which of seven incidents an
alert pertains, 56.15% of the times. Based on the observed performance it is concluded that the task of
understanding Intrusion Detection System alerts can be handled by a Neural Network, showing the potential for
reducing the need for manual processing of alerts. Finally, it should be noted that, this is achieved without any
feature engineering and with no use of domain specific knowledge.
Reza Montasari1, Pekka Peltola2 and Victoria Carpenter3
1
Computing and Mathematics, University of Derby, Derby, UK
Nottingham Geospatial Institute, University of Nottingham, Nottingham, UK
3
Academic Development Directorate, York St John University, York, UK
2
Title: Gauging the Effectiveness of Computer Misuse Act in Dealing with Cybercrimes
Abstract: Computer and Internet technology has become a vital part of a daily life for many as it has brought many
enhancements to the quality of many individuals’ lives. Although advances in computer and Internet technology are
utilised by many people for various respectable reasons, at the same time it has become a tool in the hands of
cybercriminals for various nefarious reasons. Cybercrime has become a fast-growing type of crime where more and
more criminals exploit the speed, convenience and anonymity of the Internet to perpetrate various criminal
activities that have no border. This paper examines the phenomenon of cybercrime and the difficulties and
challenges that it presents due to the way that it is being regulated in England and Wales. A major focus will be
placed on the area of hacking. To this end, the effectiveness of the Computer Misuse Act in dealing with
cybercrimes both in the past and in the future will be examined.
22
Zbigniew Hulicki
Department of Telecommunication, AGH University of Science and Technology, Kraków, Poland
Title: The IM System with a Cryptographic Feature
Abstract: The paper does concern the IM (Instant Messaging) system with a cryptographic feature designed for the
portable subscriber appliances working with the Android operating system. Unlike the existing applications with a
text messaging function, the proposed system uses XML (Extensible Markup Language) tool to specify the
message structure and in order to ensure appropriate confidentiality of talks it does encrypt messages to be
transmitted between the end user and server system. The results of a preliminary performance evaluation of
encryption algorithms, used in the proposed system, will be discussed together with possible applications and
further modifications of that IM system.
Andrea Cullen and Lorna Armitage
School of Electrical Engineering and Computer Science, University of Bradford, Bradford, UK
Title: The Social Engineering Attack Spiral (SEAS)
Abstract: Cybercrime is on the increase and attacks are becoming ever more sophisticated. Organisations are
investing huge sums of money and vast resources in trying to establish effective and timely countermeasures. This
is still a game of catch up, where hackers have the upper hand and potential victims are trying to produce secure
systems hardened against what feels like are inevitable future attacks. The focus so far has been on technology and
not people and the amount of resource allocated to countermeasures and research into cyber security attacks
follows the same trend. This paper adds to the growing body of work looking at social engineering attacks and
therefore seeks to redress this imbalance to some extent. The objective is to produce a model for social engineering
that provides a better understanding of the attack process such that improved and timely countermeasures can be
applied and early interventions implemented.
Fara Yahya, Robert Walters and Gary Wills
University of Southampton, United Kingdom
Title: Goal-Based Security Components for Cloud Storage Security Framework: A
Preliminary Study
Abstract: There are a variety of ways to ensure the security of data in the cloud depending on the set of anticipated
concerns. Many cloud storage secure data either by encrypting data on transfer, or by encrypting data at rest. These
security protections seem very different, and currently there are no common goal-based security components for
comparing them. In this paper we investigate the security components forming security, which ensures data are
securely protected in cloud storage. We will show security components that were extracted by synthesising existing
security frameworks and industry accepted standards to satisfy the concerns for which there is little extant research.
The components are also mapped to security concerns happening in the cloud. A triangulation method was applied
to investigate the important security components. This exploratory research has been considered by security experts
and practitioners who confirmed the proposed framework.
23
Louai Maghrabi, Eckhard Pfluegel and Senna Fathima Noorji
Faculty of Science, Engineering & Computing, Kingston University, London, UK
Title: Designing Utility Functions for Game-Theoretic Cloud Security Assessment: A Case for
Using the Common Vulnerability Scoring System
Abstract: Abstract—In recent years, cloud computing has emerged as a key computing paradigm because of its
ubiquitous, convenient and scalable on-demand access to a shared pool of computing resources. Although the use
of the cloud has many advantages, a great number of security threats exist affecting assets that are present in a
cloud environment. In order to mitigate these threats, frameworks have been developed to asses the security of an
organisation, based on analysing risks to critical assets. However, these frameworks are not yet sufficiently
developed to specifically address risks in cloud environments. In this paper, we advocate the use of game theory to
improve the security assessment of cloud environments, in particular the risk analysis step in OCTAVE. We extend
previous game-theoretic models for security risk assessment within cloud environments by designing cost and
benefit functions that are to a large extent informed by the Common Vulnerability Scoring System (CVSS).
Dylan Smyth, Victor Cionca, Sean McSweeney and Donna O'Shea
Nimbus Centre, Cork Institute of Technology, Ireland
Title: Exploiting Pitfalls in Software-Defined Networking Implementation
Abstract: The centralised control provided by Software Defined Networking allows an increase in network
security as all the traffic can be vetted before leaving the attachment switch. Nevertheless, as in any complex
system, there are implementation and policy compromises which lead to security vulnerabilities. This paper
exploits such vulnerabilities to implement a suite of attacks, consisting of ARP cache poisoning, Man in the
Middle, a firewall and ACL bypassing port scan called Phantom Host Scan, and a Distributed Denial of Service
called Phantom Storm which induces the participation of legitimate hosts. These attacks were successfully
implemented in a Floodlight controlled network.
Boojoong Kang, Suleiman Yerima, Kieran Mclaughlin and Sakir Sezer
Queen’s University Belfast, Belfast, Northern Ireland, United Kingdom
Title: N-opcode Analysis for Android Malware Classification and Categorization
Abstract: Malware detection is a growing problem particularly on the Android mobile platform due to its
increasing popularity and accessibility to numerous third party app markets. This has also been made worse by the
increasingly sophisticated detection avoidance techniques employed by emerging malware families. This calls for
more effective techniques for detection and classification of Android malware. Hence, in this paper we present an
n-opcode analysis based approach that utilizes machine learning to classify and categorize Android malware. This
approach enables automated feature discovery that eliminates the need for applying expert or domain knowledge to
define the needed features. Our experiments on 2520 samples that were performed using up to 10-gram opcode
features showed that an f-measure of 98% is achievable using this approach.
24
Marcelo Fontenele and Lily Sun
School of Systems Engineering, University of Reading, United Kingdom
Title: Knowledge Management of Cyber Security Expertise: an ontological approach to talent
discovery
Abstract: Cyber security is a dynamic knowledge environment, where attracting talented people are paramount.
However, current initiatives disregard mechanisms able to search for suited individuals. Approaching cyber
security as an organisation can help to manage capabilities and improve domain-oriented talent discovery. This
paper presents an ontological approach to support talent discovery as a means of improving allocation of expertise
for cyber security projects. A case study is conducted among experts in a cyber security community. Our method is
capable of selecting, ranking and evaluating experts given a set of criteria specified in a project profile. The
approach combines values of quantitative and qualitative nature provided by the profile owner and derived from
external appraisals. Moreover, the ontology model delivers a systematic integration of talent practices, which
embeds a feedback loop that favours ongoing improvement. The model was successfully experimented and further
appraised in terms of acceptance by a board of experts.
Cyber Incident 2016 Accepted Papers
Abdulrahman Alruban, Nathan Clarke, Fudong Li and Steven Furnell
Centre for Security, Communications and Network Research, Plymouth University, Plymouth, UK
Title: Proactive Biometric-Enabled Forensic Imprinting
Abstract: Threats to enterprises have become widespread in the last decade. A major source of such threats
originates from insiders who have legitimate access to the organization’s internal systems and databases. Therefore,
preventing or responding to such incidents has become a challenging task. Digital forensics has grown into a defacto standard in the examination of electronic evidence; however, a key barrier is often being able to associate an
individual to the stolen data. Stolen credentials and the Trojan defense are two commonly cited arguments used.
This paper proposes a model that can more inextricably links the use of information (e.g. documents and emails) to
the individual users who use and access them through the use of steganography and transparent biometrics. The
initial experimental results of the proposed approach have shown that it is possible to correlate an individual’s
biometric feature vector with a digital object such as images and still successfully recover the sample even with
significant file modification. In addition, a reconstruction of the feature vector from these unmodified images was
possible by using those generated imprints with an accuracy of 100% in some scenarios.
25
Aisha Abubakar, Pooneh Bagheri Zadeh, Richard Howley and Helge Janicke
De Montfort University, Leicester, UK
Title: Root Cause Analysis (RCA) as a Preliminary Tool into the Investigation of Identity
Theft
Abstract: Identity theft is an old phenomenon, offences such as impersonation, falsification and misuse of identity
documents have been known for more than a century. However, the advent of technology changed the method used
for conducting this crime, whereby through the use of the Internet, personal information is stolen and misused by
criminals. The crime has its causes originating from human error and judgement to failure of computing and
networking systems that allow unauthorized access to personal information. In order to provide a better tool of
investigating this crime, there is the need to explore the causes of the crime thereby providing a better framework
for investigating Identity theft crimes. This study uses Root Cause Analysis (RCA) as a preliminary tool that serves
to provide a depicted identification of the causes of Identity theft paving the way into investigating the crime and
creating incident response plans.
Mary Geddes and Pooneh Bagheri Zadeh
De Montfort University, Leicester, UK
Title: Forensic Analysis of Private Browsing
Abstract: Private browsing is popular for many users who wish to keep the internet usage hidden from other users
on the same computer. This research will examine what artefacts are left on the users’ computer using digital
forensic tools. The results from this research will allow recommendations for forensic analysts on ways to analyse
private browsing artefacts.
Taolue Chen1, Tingting Han2, Florian Kammueller3, Ibrahim Nemli4 and Christian Probst4
1
Middlesex University London, United Kingdom
Birkbeck, University of London, United Kingdom
3
Middlesex University London, United Kingdom and TU Berlin
4
Technical University Denmark, Denmark
2
Title: Model Based Analysis of Insider Threats
Abstract: In order to detect malicious insider attacks it is important to model and analyse infrastructures and
policies of organisations and the insiders acting within them. We extend formal approaches that allow modelling
such scenarios by quantitative aspects to enable a precise analysis of security designs. Our framework enables
evaluating the risks of an insider attack to happen quantitatively. The framework first identifies an insider’s
intention to perform an inside attack, using Bayesian networks, and in a second phase computes the probability of
success for an inside attack by this actor, using probabilistic model checking. We provide prototype tool support
using Matlab for Bayesian networks and PRISM for the analysis of Markov decision processes, and validate the
framework with case studies.
26
Best Paper Awards
Best papers are selected for each conference based on the double or multiple blind peer reviews scores. Scores
are computed based on the average score, weighted against reviews by reviewers’ confidence. It is an excellent,
very rigorous and transparent process.
Cyber SA 2016 – Joint Best Papers
Paper Titled: Enhancing Cyber Situation Awareness for Non-Expert Users using Visual
Analytics
Philip Legg
Department of Computer Science and Creative Technologies, Faculty of Environment and Technology, University
of the West of England, Bristol, UK
Paper Titled: Instant Message Classification in Finnish Cyber Security -Themed Free-Form
Discussion
Department of Military Technology, National Defence University, Helsinki, Finland
Social Media 2016 – Best Paper
Paper Titled: Evaluating the reliability of users as human sensors of social media security
threats
Computing and Information Systems, University of Greenwich, UK
Cyber Security 2016 – Best Paper
Paper Titled: Attack Simulation based Software Protection Assessment Method for Protection
Optimisation
Gaofeng Zhang1, Paolo Falcarin1, Elena Gómez-Martínez1, Christophe Tartary1, Shareeful
Islam1, Bjorn De Sutter2 and Jerome D’annoville3
1
University of East London, London, UK
Ghent University, Ghent, Belgium
3
Gemalto, Meudon, France
2
Cyber Incident 2016 – Best Paper
Paper Titled: Proactive Biometric-Enabled Forensic Imprinting
Centre for Security, Communications and Network Research, Plymouth University, Plymouth, UK
27
Conference Presentation Programme
2016 International Conference on Cyber Situational Awareness,
Data Analytics and Assessment (CyberSA 2016)
In conjunction with
International Conference on Social Media, Wearable and Web Analytics
Cyber
Science
2016
(Social Media 2016)
International Conference on Cyber Security and Protection of Digital
Services (Cyber Security 2016)
International Conference on Cyber Incident Response, Coordination,
Containment & Control (Cyber Incident 2016)
Mayfair, London, United Kingdom. June 13 – 14, 2016
Monday, June 13, 2016
08:00 – 09:00
09:00 – 09:05
09:05 – 09:10
09:10 – 09:15
09:15 – 09:35
09:35 – 09:50
Day 1
Registration, Networking and Refreshments in the Stratton Suite
Opening: Welcome Session
Dr Cyril Onwubiko – Chair, Cyber Security Intelligence, Research Series, London, UK
Announcements & Introduction
Xavier Bellekens – Conference Chair
Keynote Introduction: IEEE UK&RI
Professor Ali Hessami – Chair, IEEE UK&RI and Director of R&D and Innovation at Vega Systems,
London, UK
Keynote: Cyber Science: Fact or Fiction?
Professor Frank Wang – Professor of Future Computing & Head of School of Computing,
University of Kent, Canterbury, UK & IEEE Computer Society Chair
Keynote: Cyber Security in SCADA, Utility, Energy and Critical Networks
Dr Janne Hagen – Norwegian Water Resources and Energy Directorate (NVE), Oslo, Norway
09:50 – 10:00
Coffee Break & Social Networking
10:00 – 10:20
Keynote: Systems Integration and Security for Internet of Things (IoT)
Dr Nick Savage – Head School of Computing, University of Portsmouth, Portsmouth, UK
10:20 – 10:40
Keynote: Trust and Verification in National Security: Can Electronic Equipment from Untrusted
Vendors be Verified?
Professor Olav Lysne – Director and founder of the Center for Resilient Networks and
Applications (CRNA) at Simula research laboratory, Oslo, Norway
10:40 – 10:50
CyberSA 2016
28
Track 1: Situation Awareness for Intelligence & Analytics
10:50 – 11:30
Enhancing Cyber Situation Awareness for Non-Expert Users using Visual Analytics
Philip Legg
On the Collaborative Practices of Cyber Threat Intelligence Analysts to Develop and Utilize Tacit
Threat and Defence Knowledge
Jan Ahrend, Marina Jirotka and Kevin Jones
A Multi-Sensor System for Enhancing Situational Awareness in Offshore Training
Filippo Sanfilippo
A Decision Support Model for Situational Awareness in National Cyber Operations Centers
Roman Graf, Florian Skopik and Kenny Whitebloom
11:30 – 11:40
Panel Session Questions
11:40 – 11:50
Social Media 2016
Track 1: Social Media for Enhanced Health Informatics and Health Situation Awareness
11:50 – 12:20
12:20 – 12:30
12:30 – 13:30
Evaluating the Reliability of Users as Human Sensors of Social Media Security Threats
Internet Discussion Forums: Maximizing Choice in Health-seeking Behaviour During Public
Health Emergencies
Jennifer Cole, Chris Watkins and Dorothea Kleine
Generating Insight from Data
Paul Baxter and Trevor Wood
Lunch
Cyber Security 2016
Track 1: Cyber Security Applications
13:30 – 14:30
14:30 – 14:40
14:40 – 14:50
Security in building automation systems - A first analysis
Thomas Mundt and Peter Wickboldt
DynaLog: An automated dynamic analysis framework for characterizing Android applications
Mohammed Alzaylaee, Suleiman Yerima and Sakir Sezer
Goal-Based Security Components for Cloud Storage Security Framework: A Preliminary Study
Fara Yahya, Robert Walters and Gary Wills
The IM System with a Cryptographic Feature
Zbigniew Hulicki
A Mobile Forensic Investigation into Steganography
Catrin Burrows and Pooneh Bagheri Zadeh [Abstract / WIP]
29
Cyber Incident 2016
Track 1: Digital Forensics & Biometrics
14:50 – 15:10
15:10 – 15:20
Proactive Biometric-Enabled Forensic Imprinting
Forensic Analysis of Private Browsing
Mary Geddes and Pooneh Bagheri Zadeh
Cyber Security 2016
Track 2: Cyber Security Threats and Threat Intelligence
15:20 – 15:50
15:50 – 16:00
16:00 – 16:10
16:10 – 16:40
16:40 – 16:50
16:50 – 17:00
17:00 – 17:30
17:30 – 17:40
17:40 – 17:50
17:50
N-opcode Analysis for Android Malware Classification and Categorization
Boojoong Kang, Suleiman Yerima, Kieran Mclaughlin and Sakir Sezer
Correlating Intrusion Detection Alerts on Bot Malware Infections using Neural Network
Egon Kidmose, Matija Stevanovic and Jens Myrup Pedersen
A Countermeasure Mechanism for Fast Scanning Malware
Muhammad Aminu Ahmad, Steve Woodhead and Diane Gan
CyberSA 2016
Track 2: Situation Awareness Applications for Wireless Security
Situation aware intrusion recovery policy in WSNs
Eliana Stavrou and Andreas Pitsillides
Enhancing WPA2-PSK four-way handshaking after re-authentication to deal with deauthentication followed by brute-force attack A novel re-authentication protocol
Mohamed Chahine Ghanem and Deepthi N. Ratnayake
Building an effective and efficient continuous web application security program
Mahesh Bang and Himanshu Saraswat
CyberSA 2016
Track 3: Situation Awareness Tools & Techniques
Looking from the Hacker’s Perspective: Role of Deceptive Strategies in Cyber Security
Palvi Aggarwal, Cleotilde Gonzalez and Varun Dutt
Clustering Analysis of Malware Behavior using Self Organizing Map
Radu-Stefan Pirscoveanu, Matija Stevanovic and Jens Myrup Pedersen
Cybersecurity: Effect of Information Availability in Dynamic Security Games
Zahid Maqbool, V.S. Chandrasekhar Pammi and Varun Dutt
Social Event: Drinks, Chat and Social Networking
30
2016 International Conference on Cyber Situational Awareness,
Data Analytics and Assessment (CyberSA 2016)
In conjunction with
Cyber
Science
2016
(Social Media 2016)
International Conference on Cyber Security and Protection of Digital
Services (Cyber Security 2016)
London, United Kingdom. June 13 – 14, 2016.
Tuesday, June 14, 2016
08:00 – 09:00
Day 2
Coffee/Tea, Networking and Refreshments in the Kensington & Chelsea Suite
09:00 – 09:10
Day 2 Opening & Welcome Session, Announcements & Introduction
Xavier Bellekens – Conference Chair
Keynote: Cyber Operations (CyberOps) Capability for the Mission
Dr Cyril Onwubiko – Chair, Cyber Security Intelligence, E-Security Group, Research Series, London,
UK
Keynote: Community Situation Awareness for Emerging Networks
Dr Thomas Owens – Directory of Quality (ECE) & Senior Lecturer in Communications, Brunel
University London, London, UK
09:10 – 09:30
09:30 – 09:50
09:50 – 10:00
10:00 – 10:20
Keynote: Situational Awareness for CERTs
Dr Andrew Lenaghan – OxCERT, Oxford University, Oxford, UK
10:20 – 10:40
Keynote: Role of Digital Forensics in the Emerging Dimensions of Cybercrime Investigations
Dr Syed Naqvi – Senior Lecturer Cyber Security and Forensics, Birmingham City University,
Birmingham, UK
10:40 – 10:50
CyberSA 2016
Track 4: Cyber Situational in Cyber Risk & Crisis Management
10:50 – 11:20
Cyber Crisis Management, Survival or Extinction?
Yoram Golandsky
Are we managing the risk of sharing Cyber Situational Awareness - A UK Public Sector Case Study
[Abstract / WIP]
Michael Davies and Menisha Patel
31
11:20 – 11:30
11:30 – 11:40
Pervasive eHealth Services A Security and Privacy Risk Awareness Survey
Xavier Bellekens, Preetila Seeam, Quentin Franssen, Andrew Hamilton, Kamila Nieradzinska and
Amar Seeam
Cyber Security 2016
Track 3: Cyber Security Theories, Laws and Policies
11: 40 – 12:20
Statistical Analysis of Attacking Autonomous Systems
Tomáš Sochor, Matej Zuzčák and Petr Bujok
Gauging the Effectiveness of Computer Misuse Act in Dealing with Cybercrimes
Reza Montasari, Pekka Peltola and Victoria Carpenter
The Social Engineering Attack Spiral (SEAS)
Andrea Cullen and Lorna Armitage
Cyber Warfare: Terms, Issues, Laws and Controversies
Kamile Nur Sevis and Ensar Seker
12:20 – 12:30
12:30 – 13:30
Lunch
Cyber Incident 2016
Track 2: Controls and Countermeasures to Cyber Threats (C3T)
13:30 – 13:50
Root Cause Analysis (RCA) as a Preliminary Tool into the Investigation of Identity Theft
Aisha Abubakar, Pooneh Bagheri Zadeh, Richard Howley and Helge Janicke
Model Based Analysis of Insider Threats [Abstract / WIP]
Taolue Chen, Tingting Han, Florian Kammueller, Ibrahim Nemli and Christian Probst
13:50 – 14:00
CyberSA 2016
Track 5: National Cyber Situation Awareness
14:00 – 14:30
Instant Message Classification in Finnish Cyber Security -Themed Free-Form Discussion
Cyber Attacks and Maritime Situational Awareness: Evidence from Japan and Taiwan
Joe Burton
14:30 – 14:40
Developing Cyber Security Asset Management framework for UK Rail
Shruti Kohli
14:40 – 14:50
Cyber Security 2016
32
Track 4: Cyber Security Applications, Tools and Techniques
14:50 – 15:20
15:20 – 15:30
Designing Utility Functions for Game-Theoretic Cloud Security Assessment: A Case for Using the
Common Vulnerability Scoring System
Louai Maghrabi, Eckhard Pfluegel and Senna Fathima Noorji
Attack Simulation based Software Protection Assessment Method for Protection Optimisation
Gaofeng Zhang, Paolo Falcarin, Elena Gómez-Martínez, Christophe Tartary, Shareeful Islam, Bjorn
De Sutter and Jerome D’annoville
Exploiting Pitfalls in Software-Defined Networking Implementation
Dylan Smyth, Victor Cionca, Sean McSweeney and Donna O'Shea
Track 5: Cyber Security for Web Analytics, Business Intelligence & Knowledge Management
15:30 – 15:50
Knowledge Management of Cyber Security Expertise: an ontological approach to talent discovery
Marcelo Fontenele and Lily Sun
Exploring Web Analytics to enhance Cyber Situational Awareness for the Protection of Online
Web Services
Cyril Onwubiko
15:50 – 16:00
16:00
Thanks & Closing Remarks: Dr Cyril Onwubiko on behalf of Centre for Multidisciplinary Research,
Innovation & Collaboration (C-MRiC.ORG) & IEEE TCS
16:00
Best Paper Awards & Group Conference Photographs
International Journal on Cyber Situational Awareness (IJCSA)
ISSN: (Print) 2057-2182 ISSN: (Online) 2057-2182
The International Journal on Cyber Situational Awareness
(IJCSA) is a comprehensive reference journal, dedicated to
disseminating the most innovative, systematic, topical and emerging
theory, methods and applications on Situational Awareness (SA) across
Cyber Systems, Cyber Security, Cyber Physical Systems, Computer
Network Defence, Enterprise Internet of Things (EIoT), Security
Analytics and Intelligence to students, scholars, and academia, as well
as industry practitioners, engineers and professionals.
http://www.c-mric.com/journals-ijcsa
Editor-in-Chief: Dr Cyril Onwubiko
Associate Editors:
Professor Frank Wang
Dr Thomas Owens
33
Upcoming Conferences
Joint and Co-located Conferences: Cyber Science 2016, June 13-14, London, UK
Cyber SA 2016
International Conference on Cyber Situational Awareness, Data Analytics and
Assessment (Cyber SA 2016)
Social Media 2016
(Social Media 2016)
Cyber Security
2016
International Conference on Cyber Security and Protection of Digital Services
(Cyber Security 2016)
Cyber Incident
2016
Joint and Co-located Conferences: Cyber Policy 2016, Oxford, UK
Business
Intelligence 2016
e-Policy 2016
GRC 2016
Privacy 2016
International Conference on ICT and Business Information Systems for
Business Intelligence (Business Intelligence 2016)
International Conference on Digital Society, Border Control and Cyber Policy
(e-Policy 2016)
International Conference on Governance, Risk Management, Compliance
(GRC 2016)
International Conference on Privacy, Data Protection and Information
Assurance (Privacy 2016)
Joint and Co-located Conferences: Counter Fraud 2016, Oxford, UK
Fraud-Detect 2016
International Conference on Web Fraud Detection, Financial and Fraud
Analysis (Fraud-Detect 2016)
Geo-IP 2016
Digital Forensics
2016
International Conference on Geolocation and CyberTravel for Law
Enforcement and Fraud Control (Geo-IP 2016)
International Conference on Digital Forensics, Readiness and Investigation
(Digital Forensics 2016)
Mobile
AppSecurity 2016
International Conference on Web and Mobile Application Security (Mobile
AppSecurity 2016)
34
Joint and Co-located Conferences: Security Management 2016, London, UK
Tools 2016
International Conference on Tools for Analytics, Visualisation and Data
Mining (Tools 2016)
SOC 2016
International Conference on Security Operation Centres, Automation,
Remediation and Optimisation (SOC 2016)
International Conference on Telecommunications, Computer Science and
Information Systems (Telecom 2016)
Telecom 2016
Joint and Co-located Conferences: Health Informatics 2016, London, UK
HealthCare 2016
Cloud-Ability 2016
Health IT 2016
e-Learning 2016
International Conference on ICT in HealthCare Management
(HealthCare 2016)
International Conference on Cloud-Based Computing Architectures,
Security and Reliability (Cloud-Ability 2016)
International Conference on Health Informatics and Computer Assisted
Medicine (Health IT 2016)
International Conference on Web-Based Learning, Interaction and
Accessibility (e-Learning 2016)
Other Services

Innovation, Research & Development ranging from national cyber security programmes,
enterprise security management, information assurance, protection strategy & consultancy

Training and technology-inspired programmes, and undertake independent bespoke technologybased & survey-based research engagements.

Security Testing and Lab Experimentations

Conference Organisation

Printing and Publications

Consultancy
Organiser / Contact Us
Centre for Multidisciplinary Research, Innovation and Collaboration (C-MRiC.ORG)
Centre for Multidisciplinary Research, Innovation and Collaboration (C-MRiC) is a nonprofit non-governmental
organisation.
The aim is to participate, encourage and promote collaborative
scientific, industrial and academic inter-workings among individual
researchers, practitioners, members of existing associations,
academia, standardisation bodies, and including government
departments and agencies.
The purpose is to build bridges between academia and industry, and
to encourage interplay of different cultures.
C-MRiC is committed to outstanding research and innovation through
collaboration, and to disseminate scientific and industrial
contributions through seminars and publications. Its products range
from conferences on advanced and emerging aspects of societal
issues, ranging from Cyber security to environmental pollution, and
from Health IT to Wearable, with the best of breeds of such
contributions featuring in our journal publications.
C-MRiC is reliant on individual and corporate voluntary and free
memberships to support its activities such as peer reviews, editorials, participating, organising and promoting
conference and journal publications.
We collaborate with academia, industries and government departments and agencies in a number of initiatives,
ranging from national cyber security, enterprise security, information assurance, protection strategy, climate control
to health and life sciences.
We participate in academic and industrial initiatives, national and international collaborative technology-inspired
programmes, and undertake independent bespoke technology-based & survey-based research engagements.
C-MRiC is free membership to both individuals and corporate entities; it is voluntary, open and professional.
Membership to C-MRiC entitles you free access to our publications, early sightings to research and innovations,
and allows you to submit, request and pioneer research, conference or journal project through us. Members are
selected based on expertise to support some of our activities on a voluntary basis, such as peer reviews, editorials,
participating, organising and promoting conference and journal publications.
Address: 1 Meadway, Woodford Green, Essex, IG8 7RF, UK
Email: submission@c-mric.org
Twitter:
Web: http://www.c-mric.org

Cyber Science 2016 Conference Programme - C

Transcription

Similar documents

ENCORE: Studio: When State Actors and Cybercriminals Join Hands

Register Now!

Web Safety

VOITTAVA KYBERSTRATEGIA Jarno Limnéll

I`m helping to end MS by participating in the 2016 Jayman BUILT MS

KennethGeers

The Board of Directors of Qatar Fuel (WOQOD) is pleased to invite

Supertel

It is a wonderful initiative to spread the message of

Cyber liability DL October 2012.indd