Cyber Science 2023 Accepted Papers

2023 Theme: Multidisciplinary & Multidimensional Cybersecurity

Section 1: Data Science and Artificial Intelligence

Exploring the Performance of Machine Learning Models and Predictive Factors for Fetal Death: Preliminary Results

Maria Eduarda Ferro de Mello, Élisson da Silva Rocha, Flávio Leandro de Morais, Barbara Figueiroa, Marília Santana da Silva, Waldemar Brandão Neto, Theo Lynn and Patricia Takako Endo

Abstract: Fetal death is a significant public health issue that affects millions of parents and families worldwide. Developing predictive models and identifying factors associated with fetal death can aid in reducing its occurrence and improving healthcare services for affected parents and families. This study investigates the effectiveness of machine learning models in predicting fetal death and identifying significant predictive factors. The study utilized a dataset from the Programa Mãe Coruja Pernambucana (PMCP) that includes sociodemographic, prenatal, maternal and family health history data. The data underwent pre-processing and was explored using four tree-based machine learning models, each of which was evaluated based on their performance and feature importance. The attributes that significantly impacted the learning process were the first prenatal week, maternal age, and months between pregnancies. The application of predictive models for fetal deaths in this context can enhance the ability to detect such occurrences thus representing a pivotal support tool for the PMCP to identify mothers with high risk of adverse outcomes and promote targeted interventions of monitoring during pregnancy, and ultimately increase the likelihood of positive outcomes for mothers and babies.

GNSS Jamming Clustering using Unsupervised Learning and Radio Frequency Signals

Carolyn Swinney and John Woods

Abstract: Global Navigation Satellite Systems (GNSS) provide vital position and timing information to receivers on the ground. This service is relied upon worldwide for many industries including telecommunications, online banking and developing technologies such as driver less cars. GNSS signals are vulnerable to interference and low-cost devices called jammers purchased easily online create an interference signal so that the genuine signal cannot reach the receiver. Incidents of this nature are increasing in frequency with a report showing European interference incidents to have increased 20 times in the two-year period from 2018 to 2020. Timely identification of unwanted signals is paramount in dealing with this global issue. This paper shows that clustering graphical representations of the signal and utilising convolutional neural network (CNN) feature extraction with transfer learning produces a higher V-measure score than without the feature extraction. Further, CNN feature extraction reduces the processing time of the clustering. Overall, this paper shows that GPS jammer detection classes can be clustered using an unsupervised learning algorithm such as k-means clustering.

Using Data Analytics to Derive Business Intelligence: A Case Study

Ugochukwu Orji, Ezugwu Assumpta, Modesta Ezema, Chikodili Ugwuishiwu, Elochukwu Ukwandu and Uchechukwu Agomuo

Abstract: The data revolution experienced in recent times has thrown up new challenges and opportunities for businesses of all sizes in diverse industries. Big data analytics is already at the forefront of innovations to help make meaningful business decisions from the abundance of raw data available today. Business intelligence and analytics (BIA) has become a huge trend in today’s IT world as companies of all sizes are looking to improve their business processes and scale up using data-driven solutions. This paper aims to demonstrate the data analytical process of deriving business intelligence via the historical data of a fictional bike-share company seeking to find innovative ways to convert their casual riders to annual paying registered members. The dataset used is freely available as “Chicago Divvy Bicycle Sharing Data” on Kaggle. The authors used the R-Tidyverse library in RStudio to analyze the data and followed the six data analysis steps of; ask, prepare, process, analyze, share, and act to recommend some actionable approaches the company could adopt to con-vert casual riders to paying annual members. The findings from this research serve as a valuable case example, of a real-world deployment of BIA technologies in the industry, and a demonstration of the data analysis cycle for data practitioners, re-searchers, and other potential users.

Section 2: Blockchain, Cyber Threat Intel and Malware Analysis

Evaluation Factors for Blockchain Identity Management Systems

Bandar Alamri, Katie Crowley and Ita Richardson

Abstract: Every system has specific functions to run appropriately tomeet system requirements. Thus, Blockchain (BC) Identity Management (IdM) systems built for applications, such as Health Internet of Things (HIoT), should consider IdM technical aspects and HIoT application’s requirements, standardisation and regulations. BC is the foundation of BC-IdM systems, and thus it is at the core of this study. The evaluation factors are essential in determining the reliability and suitability of such systems, particularly in security systems designed to be security guards, such as IdM systems. In addition, cybersecurity risk management for such systems should evaluate the security, technical, application requirements, and organisational aspects to mitigate security risks and ensure functional systems. In this article, we conducted a literature review on BC-IdM systems and identified the components of the BC-IdM ecosystem and the evaluation factors for BC-based IdM systems. The evaluation factors are divided into four main criteria: security and privacy, technical, application, and external factors. Moreover, a case study of BC-IdM in HIoT systems is discussed to show the application evaluation factors.

A Hybrid Personal Cyber Threat Intelligence Sharing Protocol Using Steganography and Secret Sharing

Arman Zand and Eckhard Pfluegel

Abstract: Cyber Threat Intelligence (CTI) sharing allows organisations, communities and individuals the responding to emerging threats quickly, provided secure and reliable communication can be ensured. However, privacy constraints, restrictive sharing policies, concerns about trust misuse, and the lack of sophisticated and trustworthy tools limit the quality and quantity of information that can be exchanged. This paper proposes a novel cryptographic protocol for sharing personal CTI information by private individuals based on hybrid information hiding and sharing techniques. Messages can be sent via an intermediary so that a passive monitoring attacker is misled, interpreting the intermediary as the dealer of a secret sharing scheme. Recipients can reconstruct the information as part of the secret sharing scheme. However, the true nature of the original messages being cover objects and pre-defined shares remains hidden. The protocol has been implemented, and our proof-of-concept system has been assessed for robustness and performance. Our evaluation shows that the system is efficient, secure and practical. Hence, our approach could be a valuable tool for real-world personal CTI sharing as an effective method to manage confidentiality, trust and risk of CTI owned by private individuals.

The Impact of Network Configuration on Malware Behaviour

Peyman Pahlevani, Marios Anagnostopoulos, Hafizur Rahman Anik and Hamad Rafi Iqbal

Abstract: Malware pose a serious threat against the Internet and the users. One way to examine and understand the malware’s behaviour, with the purpose to detect and mitigate this issue, is by dynamically analyse them within a controlled and isolated environment, i.e., sandbox. Sandbox is a mechanism where suspicious programs and binaries are executed and monitored in isolation without the danger to spread to real and operational systems. However, as the sandbox technology evolves also do the malware’s sophistication. For this purpose, the malware’s author deploy evasion techniques with the aim to keep the malware dormant under specific environmental factors and thus hinder the malware’s analysis. To this day, there has been no investigation on the impact of the network topology on the malware’s activity. To this direction, in our work, we utilize the Cuckoo Sandbox to study three different categories of malware, e.g., Backdoor, Net-worm and Trojan in four different network configurations. We examine different features of the malware’s behaviour to showcase the effect of each configuration on the reported activated features. We observe that allowing Internet provides the best results in terms of threat score, which is expected given that the malware have full connectivity to perform their intended actions unrestricted. On the other, by limiting the Internet connection and allow only DNS resolutions for specific domains in an allow-list, generally activates the most amount of signatures of volatility category, while the configuration with Internet triggers all possible signature categories.

Section 3: Cybersecurity, Usability and Ethics

Behavior change approaches for cyber security and the need for ethics

Konstantinos Mersinas and Maria Bada

Abstract: Humans are reportedly exploited as the main attack vector for security breaches. In order to minimize the susceptibility of humans to security at-tacks, it is not sufficient for individuals to just be aware, but they need to change their behavior as well. Such behavior change, that is, the modification of user behavior, can occur via targeted interventions, which are gradually being introduced in cyber security. In this paper, we identify and categorize the main approaches used to change user behavior and portray the main limitations of these approaches. Other fields, like health sciences, psychology and economics, have been traditionally more mature in ethics-related considerations. We suggest that although individual behavior change is increasingly being embraced by security practitioners and professionals, ethical aspects of the accompanied interventions are by large neglected in the field. We explore the ethical traditions of utilitarian, deontological and virtue ethics and their relations with security. We posit that ethical frameworks are needed for cyber behavior change interventions as a means to enhance security hygiene on both an individual and an organizational level.

Cyber Security Training: Improving Platforms Through Usability Studies

Mubashrah Saddiqa, Rasmus Broholm and Jens Myrup Pedersen

Abstract: The combination of technological advancements and gaps in cyber aware-ness is behind the increasing problem of cyber-attacks. Cyber-attacks are no longer just a concern for businesses and governments; they are also a concern for the public, especially the young, who are true digital natives. In this age of rapid technological advancement and access to various forms of social media and games, it is critical for the youth and private companies to acquire IT skills to protect their digital privacy. As new IT subjects are introduced in Middle School and Secondary Education, teachers will need access to hands-on environments with relevant exercises within the concepts of cybersecurity education (such as web exploitation, forensics, cryptography, binary, etc.) based on students’ level of understanding. In this paper, we study how to de-sign a cyber training platform to assist teachers in accessing relevant exercises for cybersecurity education. As a case study, we are testing the Haaukins cybersecurity training platform, along with the connected learning material platform that will guide how to use cybersecurity training platform along with supporting learning material. The usability of these two platforms has been investigated in a cybersecurity educational environment with high school teachers. The results show that the use cases assist teachers in providing training environments for students by utilizing ready-to-use exercises relevant to cybersecurity subjects and by providing access to learning material covering a wide range of cybersecurity topics aimed at students at a be-ginner and intermediate level.

Rethinking Independence in Safety Systems

Vahiny Gnanasekaran, Tor Olav Grøtan, Maria Bartnes and Poul Heegaard

Abstract: The independence principle in safety systems ensures that the rest of the OT system possesses the ability to resume normal operation or revert to a safe state during a failure. The principle was previously sustained by isolating systems, mechanical sensors, and the fact that failures occur randomly and sporadically. However, IT/OT integration, the surge of outsourced IT/OT services, and cyberattacks are forcing the previous requirements to become superseded by rapid optimization and digitization of the safety functions, without addressing the consequences from a non-technical context. This paper presents challenges in the independence principle from primarily the non-technical (organizational and process) factors, in conjunction with the relevant technical aspects. The main contribution is to identify important future, research directions regarding the independence principle in safety systems. Different perspectives, such as resilience, robustness, anti-fragility, and digital sovereignty are introduced to highlight the challenges in retaining the independence principle.

Section 4: Regional and National Cybersecurity

Understanding the United States Republicans’ susceptibility to Political Misinformation

Rachel Bleiman

Abstract: Political misinformation is a danger to society, and echo chambers exacerbate the spread and exposure to misinformation, creating harms as severe as those associated with the January 6 insurrection. Thus, it is important to understand who is most susceptible to believing it. The current study builds on previous work from Rhodes (2021) and aims to explore whether certain groups within the republican party are more susceptible to believing political misinformation than other groups within the republican party. Findings indicate that republicans who identify as having a ‘strong’ political affiliation are significantly more likely to believe political misinformation than those republicans who identify as having a ‘not very strong’ political affiliation. While Rhodes (2021) found that echo chambers did not impact the entirety of republicans in their sample, the current study examined whether echo chambers interacted significantly with the strength of political affiliation. However, no significant interaction was found, indicating that echo chambers impacted neither ‘strong’ republicans nor ‘not very strong’ republicans. The results provide implications for which groups of people are most susceptible to believing political misinformation and should be the priority in directing ways to mitigate their believability.

Awareness of Cybercrimes among Postgraduate Facebook Users in a State university of Sri Lanka

Maneka Wijesekera, Thepul Ginige and Dr. Rushan Abeygunawardana

Abstract: Today social media mainly Facebook has become the greatest method of communication through the world by connecting people. Accordingly, the academic student has been using Facebook for exchanging information with friends, family, and relatives. However inappropriate usage of social media causes cybercrime. Therefore, this study purposes to investigate the Awareness of cybercrimes among postgraduate Facebook users in a state university in Sri Lanka. To do this study, a google form questionnaire was disseminated to the willingness students and the full answered 291 responses was analyzed by using SPSS. The study used an Independent Sample T-Test method of data analysis to understand the cybercrime awareness on Facebook by determining the variance between the mean gender of the student. According to the results of the analysis indicated that there is a significance in the difference between the gender in all dimensions on the dependent variable. However, there was no significant difference between the gender and age on Facebook. Relatively, the result of the study showed that the respondents were confident in protecting themselves from cybercrime on Facebook. Finally, the output of this study will be used as input for academics, students, and researchers by integrating the social interaction and attitude of social media users.

Vulnerabilities that threaten web applications in Afghanistan

Sayed Mansoor Rahimy, Said Rahim Manandoy and Dr. Sayed Hassan Adelyar Adelyar

Abstract: Familiarizing web developers with different types of vulnerabilities lead to the creation of secure web applications. In the last few decades there has been considerable interest in web hacking which leads to different types of web attacks that can cause financial damages, privacy loss, data loss and life-threatening situations. The aim of this study is to discover the most common web vulnerabilities that exist in Afghanistan’s web applications. We conducted this study by using Netsparker, Skipfish, and Acunetix web vulnerability scanners with the standard web vulnerability assessment (WVA) method. The result shows that almost all the web applications in Afghanistan are vulnerable to different types of cyber-attacks. A total of 997 instances of various types of vulnerabilities detected on 109 web applications from three different domains. This study presents 25 common vulnerabilities, which is more than prior studies. The results of this study familiarize web developers to the most common vulnerabilities that can exist in a typical web application. Therefore, this study will encourage them to take these vulnerabilities into considerations during software development life cycle.

Section 5: Critical Infrastructure Cybersecurity

A method for threat modelling of industrial control systems

Lars Halvdan Flå and Martin Gilje Jaatun

Abstract: In this paper we propose a new method for threat modelling of industrial control systems (ICS). The method intends to be flexible and easy to use. Model elements inspired by IEC62443 and Data Flow Diagrams (DFD) are used to create a model of the ICS under consideration. Starting from this model, threats are identified by investigating how the confidentiality, integrity and availability of different functions in the ICS can be attacked. Finally, decisions on how the threats should be handled are made. We briefly illustrate the use of the method on a simplified and fictitious power grid substation case.

A Checklist for Supply Chain Security for Critical Infrastructure Operators

Martin Gilje Jaatun and Hanne Sæle

Abstract: Critical infrastructure applications do not emerge fully formed, but generally rely on components and services from third-party vendors. This paper presents a brief survey on good practice for security requirements to be put on vendors delivering products and services to power Distribution System Operators and other critical infrastructure providers.

Taxonomy of Emerging Security Risks in Digital Railway

Mohammed Nasser Al-Mhiqani, Uchenna Ani, Jeremy Watson and Hongmei He

Abstract: The railway industry has embraced digitisation and interconnectivity by introducing Information and Communication Technologies into traditional operational technology infrastructure. This convergence has brought numerous advantages, including improved visibility, reliability, operational efficiency, and better passenger experience. But it is also introducing new cyber risks and amplifying existing ones in Digital Railways (DRs) and the entire supply chain. The threat and vulnerability landscape has become wider than ever. To better understand the scope of security risks, impacts to normal operations, and appropriate solutions, a security taxonomy that covers the broader views and contexts around DRs can help. Recorded attacks show that railway systems/networks are clearly intolerant to network interference, and require strong security, resilience, and safety. Cyber-attack impacts on DRs can take economic or financial, reputational, environmental, and/or physical dimensions, and can target rail OT data and functionality, rail IT data and functionality, rail IT and OT workforce, and rail orgaisational structures, cultures, and exploit policies, especially when they are either weak or non-existent. Attacks can come from a range of malicious threat actors driven by their diverse motives. DR is a socio-technical system that is complex, large, and distributed, comprising of technologies, humans, organisational structures, policies elements and attributes, etc. Thus, a socio-technical security approach is required to effectively mitigate cyber threat impacts. DRs stakeholders must collaborate to make the system functions to work properly, so that a successful implementation of change, security, resilience, and safety operations de-pends on the ‘joint optimisation’ of the system’s organisational/operational, technology, physical, and human or people security controls.

Section 6: Cybersecurity Research and Innovation

Adoption of cybersecurity innovations – a survey

Arnstein Vestad and Bian Yang

Abstract: Adoption of cybersecurity capabilities in an organization can be seen as examples of adoption of technological innovations. While regulators use rules, standards and codes of practice to influence the state of cybersecurity in regulated organiza-tions – other factors, such as technological complexity, organizational size, man-agement support have been shown to influence technological adoption. Limited empirical research exists on factors influencing cybersecurity implementation in organizations. Existing models have focused on productivity or leisure applica-tions – adoption of security innovations is fundamentally different because their adoption is founded on the intention to prevent incidents in the future with lim-ited direct positive gain. A literature survey on existing research on adoption of security innovations is presented and suggestions for further research in more quantitative measures for the drivers of organizational cybersecurity technology adoption is suggested.

An experimental study on achieving best performance and quality through property optimisation in LAN and WLAN for mission-critical applications

Tonderai Chidawanyika and Deepthi Ratnayake

Abstract: Voice Over Internet Protocol (VoIP) properties are vital for its reliability in mis-sion-critical applications. This research aims to find network topology, call sig-naling and voice codecs property combinations that meet reliability targets of VoIP communication in a Small Office Home Office (SOHO) environment where network resources may be limited but reliable and secured operation is es-sential. Local Area Network (LAN) and Wireless LAN (WLAN) scenarios are evaluated using Quality of Service (QoS) and Mean Opinion Score (MOS) measurements to find which property combinations satisfy predefined classes; best-quality and best-performance. The research extended Roslin et al. [1] on LAN VoIP to WLANs, and validated Khiat et al. [2]’s and Guy [3]’s work that argued SIP was effective in optimal set up. This research found that VoIP com-binations offer some desirable characteristics, but at the cost of other properties required, leading to categorisation being based on interpretation of the results, concluding that though, not ideal for mission-critical applications, combinations functions well replicating real-world scenarios. Analysis also established VoIP’s scalability for application-based configurations, impact of VoIP’s modularity and ease-of-configuration in achieving user expectations. Further property testing can solidify VoIP’s capabilities to function for mission critical environments.

Section 7: Cyber Fraud, Privacy and Education

Love at First Sleight: A Review of Scammer Techniques in Online Romance Fraud

Marc Kydd, Lynsay Shepherd, Andrea Szymkowiak and Graham Johnson

Abstract: Romance fraud, where a scammer exploits a victim for monetary gain under the guise of `true love’, is a relatively new form of cybercrime which has become increasingly prevalent. Attempts to tackle romance fraud have been made by law enforcement and dating platforms. The latter commonly utilise awareness campaigns, informing users about the risks associated with online dating and how to spot warning signs. However, such campaigns tend to be overly generic, repeatedly giving the same advice. Other campaigns provide vague or outdated advice, which leaves readers unable to protect themselves. This paper presents a state-of-the-art review of the varying approaches that scammers can take on the path to exploiting their victims both in selecting a suitable target and keeping them engaged as part of the scam. Findings highlight that methods by which scammers target, select, and exploit victims of romance fraud can vary greatly. Rather than following a strict structure as depicted in awareness campaigns, romance fraud is a continually evolving, and unique form of cybercrime with multiple variations at each stage of the process. These variations also lay the foundations for future studies on the overlap of cybercrime and abuse, and the role of organised crime in romance fraud.

Privacy and Security Training Platform for a Diverse Audience

Mubashrah Saddiqa, Kristian Helmer Kjær Larsen, Robert Nedergaard Nielsen, Lene Tolstrup Sørensen and Jens Myrup Pedersen

Abstract: In the field of information technology, cybersecurity and privacy are critical concepts. The importance of privacy, ethics, and social media awareness education has grown in recent years because of the widespread use of social media platforms such as Facebook, Instagram, Twitter, and LinkedIn. It becomes crucial that more people from both technical and non-technical backgrounds must enter the field of cybersecurity to address future challenges. In this paper, we study how to incorporate concepts like privacy, ethics, and social media use into Capture the Flag (CTF) challenges/tasks to make cybersecurity interesting and appealing to a wider audience covering technical savvy, technical non-savvy, men, and women. The workshops have been conducted in Danish high schools, which is the foundation of how students have been separated into technical and non-technical students. This has allowed for the investigation of both students’ and teachers’ reactions to exercises that integrated non-technical concepts into cybersecurity training. The study has been done by observing how students interact with both the platform and the exercises, online questionnaires, and short interviews with teachers and students during the workshops. According to the findings, participants from a variety of educational backgrounds found broader cybersecurity concepts appealing and interesting. Furthermore, participant feedback is used to create new CTF challenges.

The Relevance of Social Engineering Competitions in Cybersecurity Education

Aunshul Rege, Rachel Bleiman and Katorah Williams

Abstract: Current cybersecurity education programs, curricula, and competitions are predominantly technical in nature, emphasizing coding, penetration testing, forensics and the like. As important as these technically focused aspects are, they are just a one-sided disciplinary contribution to the cybersecurity discourse. Often downplayed is the human-sociobehavioral aspect of cyberattacks, specifically social engineering (SE). Cybercriminals use SE, or psychological persuasion techniques, to trick authorized personnel into getting access to information and systems, which results in millions of dollars in damages. This paper provides a competition case study where students are exposed to the relevance of SE in cyberattacks. The SE-PTC (penetration testing competition) was grounded in the liberal arts, which offered a timely and unique platform for students to learn about SE topics, such as OSINT, phishing, and vishing, in a hands-on, engaging, and ethical manner. This paper details the virtual SE-PTC event which took place virtually in summer 2021 and hosted 1 high school, 8 undergraduate, and 5 graduate teams. It details students’ experiences, preparations, group formation and dynamics, strategies and adaptations, and learning benefits. It also shares insights from government, industry, and nonprofit representatives who engaged in the competition and their thoughts on training the next generation workforce in SE. The success and positive student responses from the SEPTC provide a proof of concept, demonstrating that experiential learning can be used to teach students about SE.

Section 8: Extended Abstracts

On Reviewing the NTFS Time Information Forgery and Detection

ALJI Mohamed and CHOUGDALI Khalid

Lab. Sciences de l’Ingenieur, National School of Applied Sciences, Kenitra, Moroco

Abstract: The present extended abstract aims at snapshotting the progress on reviewing the NTFS time information from a tampering perspective and detection efforts. We describe how we elected a small set of research papers for a review study and how we identified research patterns and gaps that remains to be fulfilled.

Security Risks of Smart Streets

Meha Shukla

University College London (UCL), London, UK

Abstract: “Smart cities”, now referred to as connected places, is changing how people interact with the built environments. While the redesign of streets to include digital elements may make a city infrastructure more efficient, it may also create new opportunities that puts the urban street ecosystem into the spot-light of cybercrime. In the public spaces owned by Local Authorities (LAs), many of the delivery, operations, management, and maintenance of the smart infrastructure services is outsourced to private operators. The purpose of this research is to explore how local authorities in the UK mitigate as well as gov-ern the cyber and resilience risks of the connected place ecosystem. To ex-plore the real-time challenges faced by the LAs, the security specifications in the procurement contracts for EV charging smart services were assessed against the guidance for managing security and resilience risks specified in the connected place principles rolled out by National Cyber Security Centre (NCSC). This research began in Jan 2021 and is expected to be completed by Dec 2023. The initial observations indicate that the UK Government under-stands the urgent requirements to protect the smart infrastructure services, however, there needs to be improvements in operational governance, ac-countability, and assurance within the commissioning process.