Security Experts Research Articles

Expediting the design and development of secure cloud-based mobile apps

The adoption and popularity of mobile devices by end-users is partially driven by the increasing development and availability of mobile applications that can aid solving different problems and provide access to services in a wide range of domains or categories, namely healthcare, education, e-commerce or entertainment. While these applications use and benefit from the combination of a wide panoply of technologies from the Internet of Things, fog and cloud computing, data security and privacy are typically not fully taken into account before the creation of many mobile applications or during the software development phases. This paper presents an in-depth approach to modeling attacks on the specific cloud and mobile ecosystem, given its importance in the process of secure application development. Moreover, aiming at bridging the knowledge gap between developers and security experts, this paper presents an alpha version of the security by design for cloud and mobile ecosystem (secD4CloudMobile) framework. secD4CloudMobile is a set of tools that covers cloud and mobile security requirement elicitation (CMSRE), cloud and mobile security best practices guidelines (CMSBPG), cloud mobile attack modeling elicitation (CMAME), and cloud mobile security test specification and tools (CM2ST). The purpose of the framework is to provide cloud and mobile application developers useful readily applicable information and guidelines, striving to bring security engineering and software engineering closer, in a more accessible and automated manner, aiming at the incorporation of security by construction. Finally, the paper presents some preliminary results and discussion.

Explainable Spark-based PSO Clustering for Intrusion Detection

Given the exponential growth of available data in large networks, the existence of rapid, transparent and explainable intrusion detection systems has become of high necessity to effectively discover attacks in such huge networks. To deal with this challenge, we propose a novel explainable intrusion detection system based on Spark, Particle Swarm Optimization (PSO) clustering and eXplainable Artificial Intelligence (XAI) techniques. Spark is used as a parallel processing model for the effective processing of large-scale data, PSO is integrated for improving the quality of the intrusion detection system by avoiding sensitive initialization and premature convergence of the clustering algorithm and finally, XAI techniques are used to enhance interpretability and explainability of intrusion recommendations by providing both micro and macro explanations of detected intrusions. Experiments are conducted on several large collections of real datasets to show the effectiveness of the proposed intrusion detection system in terms of explainability, scalability and accuracy. The proposed system has shown high transparency in assisting security experts and decision-makers to understand and interpret attack behavior.

Unveiling suspicious phishing attacks: enhancing detection with an optimal feature vectorization algorithm and supervised machine learning

IntroductionThe dynamic and sophisticated nature of phishing attacks, coupled with the relatively weak anti-phishing tools, has made phishing detection a pressing challenge. In light of this, new gaps have emerged in phishing detection, including the challenges and pitfalls of existing phishing detection techniques. To bridge these gaps, this study aims to develop a more robust, effective, sophisticated, and reliable solution for phishing detection through the optimal feature vectorization algorithm (OFVA) and supervised machine learning (SML) classifiers.MethodsInitially, the OFVA was utilized to extract the 41 optimal intra-URL features from a novel large dataset comprising 2,74,446 raw URLs (134,500 phishing and 139,946 legitimate URLs). Subsequently, data cleansing, curation, and dimensionality reduction were performed to remove outliers, handle missing values, and exclude less predictive features. To identify the optimal model, the study evaluated and compared 15 SML algorithms arising from different machine learning (ML) families, including Bayesian, nearest-neighbors, decision trees, neural networks, quadratic discriminant analysis, logistic regression, bagging, boosting, random forests, and ensembles. The evaluation was performed based on various metrics such as confusion matrix, accuracy, precision, recall, F-1 score, ROC curve, and precision-recall curve analysis. Furthermore, hyperparameter tuning (using Grid-search) and k-fold cross-validation were performed to optimize the detection accuracy.Results and discussionThe findings indicate that random forests (RF) outperformed the other classifiers, achieving a greater accuracy rate of 97.52%, followed by 97.50% precision, and an AUC value of 97%. Finally, a more robust and lightweight anti-phishing model was introduced, which can serve as an effective tool for security experts, practitioners, and policymakers to combat phishing attacks.

تحديد عائد الاستثمارات الأمنية للشركات التقنية الناشئة

تعتبر الشركات الناشئة في مجال التكنولوجيا بالغة الأهمية في النهوض بالمبادرات الرقمية في العديد من البلدان التي تخضع لأجندة الدولة الذكية. وبالتالي ، فإن الشركات الناشئة في مجال التكنولوجيا هي بائعون وموردون للخدمات للمنظمات الكبيرة مثل القطاع الحكومي والشركات متعددة الجنسيات والمؤسسات المالية. على هذا النحو ، أصبحت الشركات الناشئة سريعًا نواقل هجوم للجناة الخبثاء للدخول عبر الأبواب الخلفية إلى المؤسسات الكبيرة. ومع ذلك ، لا تزال الشركات الناشئة حكيمة في إنفاقها على الأمن السيبراني لأن نجمها الشمالي هو توليد الإيرادات من خلال تقديم خدماتها والحد الأدنى من المنتجات القابلة للتطبيق (MVP) لعملائها. تقترح هذه الدراسة عائدًا معززًا على الاستثمار الأمني (ROSI) والذي يساعد الشركات الناشئة في مجال التكنولوجيا على حساب العائد على الاستثمار الأمني وتبرير ميزانيتها للإنفاق على الأمن السيبراني على الرغم من وجود نماذج حالية لحساب عائد الاستثمارات المخصصة لنفقات الأمن السيبراني ، إلا أنها معقدة نوعًا ما ولا تعطي وضوحًا للإدارة من حيث القيمة النقدية للإنفاق على الأمن السيبراني. علاوة على ذلك ، لا تلبي النماذج الحالية ديناميكيات وفروق الشركات الناشئة في مجال التكنولوجيا. يوفر النموذج المحسّن أيضًا للشركات الناشئة في مجال التكنولوجيا القدرة على تعديل استثماراتها في مجال الأمن السيبراني بشكل مناسب بناءً على حسابات قيم الحد الأدنى (الأدنى) والحد الأقصى (الأقصى) لمؤشر ROSI. تم التحقق من صحة نموذج ROSI المقترح والمحسّن من قبل 5 من خبراء الأمن السيبراني الذين اتفقوا على أهمية وضرورة النموذج الذي سيتم تطبيقه على الشركات الناشئة في مجال التكنولوجيا. تتيح نتائج دراسة الحالة الخاصة بشركة FinTech الناشئة حساب Min و Max ROSI لتبرير العائد على الاستثمارات الأمنية وتزويد الشركة الناشئة بالقدرة على ضبط الإنفاق على الأمن السيبراني وفقًا لذلك.

Early and Realistic Exploitability Prediction of Just-Disclosed Software Vulnerabilities: How Reliable Can It Be?

With the rate of discovered and disclosed vulnerabilities escalating, researchers have been experimenting with machine learning to predict whether a vulnerability will be exploited. Existing solutions leverage information unavailable when a CVE is created, making them unsuitable just after the disclosure. This paper experiments with early exploitability prediction models driven exclusively by the initial CVE record, i.e., the original description and the linked online discussions. Leveraging NVD and Exploit Database, we evaluate 72 prediction models trained using six traditional machine learning classifiers, four feature representation schemas, and three data balancing algorithms. We also experiment with five pre-trained large language models (LLMs). The models leverage seven different corpora made by combining three data sources, i.e., CVE description, Security Focus , and BugTraq . The models are evaluated in a realistic , time-aware fashion by removing the training and test instances that cannot be labeled “neutral” with sufficient confidence. The validation reveals that CVE descriptions and Security Focus discussions are the best data to train on. Pre-trained LLMs do not show the expected performance, requiring further pre-training in the security domain. We distill new research directions, identify possible room for improvement, and envision automated systems assisting security experts in assessing the exploitability.

Cyber Protection of Financial Data in Accounting: Implementation and Use of Cryptographic Techniques

"The primary objective of this study is to explore the effectiveness of cryptographic techniques in enhancing the cyber protection of financial data within accounting practices. As the digital landscape evolves, the security of financial information becomes increasingly critical. This research aims to assess the effectiveness of cryptographic methods and understand their impact on various facets of accounting systems. The study employs a two-pronged analytical approach: matrix analysis and Structural Equation Modeling (SEM). Through matrix analysis, focusing on substitution cyphers like the Hill cypher, the research provides a technical evaluation of encryption techniques. This analysis highlights the effectiveness of cryptographic methods in ensuring data confidentiality and integrity. The SEM analysis further reveals significant findings: Cryptographic techniques notably enhance perceived security (with a path coefficient β of 0.2 and a p-value of 0.03) and regulatory compliance (β = 0.5, p < 0.01). A positive impact on user satisfaction (β = 0.25, p = 0.04) is observed, albeit with challenges in implementation, particularly in training and technological infrastructure. The study concludes that cryptographic techniques are essential in safeguarding financial data in accounting. However, their effectiveness centres on strategic implementation, which includes considerations for user-centric design and adherence to evolving regulatory standards. The research highlights the importance of a balanced approach to cybersecurity, integrating advanced cryptographic methods with practical considerations for their implementation. This study contributes both qualitative insights and quantitative evidence, offering valuable guidance for practitioners, IT security experts, and policymakers in developing robust cyber protection strategies in the accounting sector."

Assessing the Vulnerabilities: Cybersecurity Challenges in Power System Infrastructure in Nigeria

This study examined the Cyber security Challenges in Power System Infrastructure in Nigeria. Four research questions guided the study which employed a survey research design. The population of the study was 46 respondents comprising 23 Technical Units Heads and 23 Heads of Cyber security Units from the (23) power-generating plants in Nigeria. The entire population was used hence, there was no sampling. The instrument used for data collection was a structured questionnaire titled: Cyber security Challenges in Power System Infrastructure Questionnaire (CCPSIQ) developed by the researchers. A reliability index of 0.89 was obtained using the Cronbach Alpha reliability method. The mean statistic was used to answer the research questions. The findings of the study revealed that the primary cyber threats targeting power system infrastructure in Nigeria including network-based attacks, insider threats, supply chain vulnerabilities, advanced persistent threats (APTs), physical attacks, zero-day exploits, data breaches, and ransom ware/extortion; it further reveal that cyber-attacks on power grid infrastructure in Nigeria lead to significant service disruptions, financial losses, equipment damage, safety compromises, erosion of customer confidence, regulatory non-compliance, increased vulnerability to future incidents, reputation damage, and prolonged recovery periods, underscoring the multifaceted impact of cyber threats on operational efficiency. The study recommended that: Collaboration among stakeholders, including government agencies, industry partners, and cyber security experts, is paramount to effectively address emerging threats and enhance cyber security resilience. By implementing proactive measures and fostering a culture of cyber security awareness, Nigeria can strengthen its power system infrastructure against cyber threats, safeguarding the reliability and security of critical services for its citizens.

The Most Important Types of Cyber Attacks that France is Expected to Face in the Future and the Cyber Security Measures it Must Implement to Protect Critical Infrastructure, Telecommunication Networks and Personal Data

As the digital landscape continues to evolve, nations like France find themselves on the frontline of an escalating cyber warfare scenario. This abstract provides an insightful overview of the most significant types of cyber attacks that France is expected to face in the future, offering a comprehensive analysis based on current trends and emerging technologies. The research delves into the realm of advanced persistent threats (APTs), examining the sophisticated techniques employed by state-sponsored actors and cybercriminal organizations to compromise critical infrastructure, sensitive data, and national security. It explores the evolving landscape of ransomware attacks, focusing on the potential impact on both public and private sectors, and the looming threat of extortion campaigns that could cripple essential services. Furthermore, the abstract sheds light on the rising concern of supply chain attacks, as interconnected global networks make businesses and government entities vulnerable to malicious actors seeking to exploit weaknesses in third-party systems. The research also explores the nuances of social engineering attacks, recognizing the human element as a critical vulnerability that threat actors may exploit through targeted phishing campaigns and manipulation tactics. In addition, the abstract touches upon the growing menace of Internet of Things (IoT) vulnerabilities, acknowledging the increased interconnectivity of devices and the potential for large-scale disruptions. It also considers the implications of emerging technologies such as artificial intelligence and quantum computing in shaping the future threat landscape. By examining these diverse aspects of cyber threats, this abstract aims to provide a forward-looking perspective on the challenges France is likely to encounter in the digital realm. As Cyber security becomes an integral component of national defense, understanding these anticipated threats is crucial for policymakers, security experts, and technology professionals seeking to fortify France’s resilience against the evolving nature of cyber attacks.

Securely Running High-Performance Workloads as Microservices in Cloud Environments

Over the past few years, the paradigm shift towards cloud computing has transformed and revolutionized how organizations manage high- performance workloads. The microservices architecture, renowned for its modularity and scalability, is increasingly being adopted to run these workloads in cloud environments. However, this transition is not without its challenges, particularly in security. This research article delves into the methods for securely running high-performance workloads as microservices in cloud environments, presenting the advantages and the challenges involved. The study aims to develop a comprehensive framework that not only addresses these security concerns but also optimizes performance, a crucial aspect in today's digital landscape. This research is a testament to our commitment to thoroughness and precision, as it combines both qualitative and quantitative approaches. Qualitative data were meticulously gathered through interviews with 15 cloud security experts, providing invaluable insights into prevalent security practices and challenges. Quantitative data, on the other hand, were collected from performance benchmarks that rigorously compared traditional monolithic applications with microservices- based applications in a cloud setting. The study employs robust statistical analysis tools such as SPSS and Grafana to analyze the collected data, ensuring the validity and reliability of our findings. Key interview findings highlighted critical security measures necessary for microservices, including service authentication, data encryption, and vulnerability management. The performance benchmarks revealed that microservices- based applications significantly outperformed monolithic applications, with notable improvements in CPU utilization, memory usage, and response time. For instance, the microservices architecture demonstrated a 21% reduction in CPU utilization and a 12% decrease in memory usage compared to its monolithic counterpart. The proposed framework integrates robust security practices, ensuring secure authentication, encrypted data transmission, and regular updates to mitigate vulnerabilities. This framework enhances security and optimizes resource allocation, leading to improved performance metrics.

A Novel Collaborative SRU Network With Dynamic Behaviour Aggregation, Reduced Communication Overhead and Explainable Features.

Leakage and tampering problems in collection and transmission of biomedical data have attracted much attention as these concerns instigates negative impression regarding privacy, security, and reputation of medical networks. This article presents a novel security model that establishes a threat-vector database based on the dynamic behaviours of smart healthcare systems. Then, an improved and privacy-preserved SRU network is designed that aims to alleviate fading gradient issue and enhance the learning process by reducing computational cost. Then, an intelligent federated learning algorithm is deployed to enable multiple healthcare networks to form a collaborative security model in a personalized manner without the loss of privacy. The proposed security method is both parallelizable and computationally effective since the dynamic behaviour aggregation strategy empowers the model to work collaboratively and reduce communication overhead by dynamically adjusting the number of participating clients. Additionally, the visualization of the decision process based on the explainability of features enhances the understanding of security experts by enabling them to comprehend the underlying data evidence and causal reasoning. Compared to existing methods, the proposed security method is capable of thoroughly analyzing and detecting severe security threats with high accuracy, reduce overhead and lower computation cost along with enhanced privacy of biomedical data.

Pre-Review Convolutional Neural Network for Detecting Object in Image Comprehensive Survey and Analysis

The Convolutional neural network (CNN) has significantly exposed a great performances and growing desire in the field of image processing within the research community, through relevant innovations in object detection by magnificent capacity in transfer learning and feature learning. With the advancement of CNN in object detection, huge amount of data is process with great speed. In respect to CNN, object detection has greatly advanced and become popular in the research community, security experts, traffic experts, and remote sensing community etc. In this review, comprehensive study of various CNN architecture for object detection in images based on conventional approached, novelty, and achievement were analysed in details. Therefore, it is an important review on how to achieve high performance in object detection via CNN. We first introduced the basic idea on CNN models and their improvement in detecting object. Secondly, we review CNN and its variant such as, ResNet, VGG, GoogleNet and other CNN architectures. Thirdly, we mention some performance metrics used for object detection. Lastly, we analyse some main contribution of CNN algorithm with their remarkable achievement and further analyse the challenge and its future direction

An Intelligence-Based Cybersecurity Approach: A Review

Nowadays, cybersecurity stands out as a prominent topic frequently discussed by companies aiming to safeguard their data from hacking attempts. The rise of cyberspace has fuelled the expansion of electronic systems, creating a virtual digital realm that links computers and smartphones within the Internet of Things framework. Thus, the purpose of this study is to present the progress made thus far in applying AI-based intrusion detection systems (IDSs) to address cybercrimes, demonstrating their efficacy in detecting and preventing cyberattacks. The review utilized 4 scholarly databases; ScienceDirect, IEEE-Explore, Web of science, and Springer. 437 studies were extracted from the 4 chosen databases out of which only 54 studies were found to be relevant, thus included. The review found AI-based intrusion detection systems (IDSs) to be more robust and flexible compared to other conventional IDSs. Interestingly, the study results highlight how AI-based intrusion detection systems such as; ANN-based intrusion detection systems, agent-based intrusion detection systems, and Genetic-fuzzy intrusion detection systems, and other machine learning detection systems can be used to assist security experts in analyzing, designing, and developing security frameworks for combating cybercrimes. Lastly, the study proposed some areas for future studies.

Don’t say peace: militarisation and the shrinking space for critical voices in the Swedish NATO debate

ABSTRACT Sweden, long known as a voice for peace on the international arena, has undergone a rapid and far-reaching domestic (re-)militarisation the last decade. Following Russia’s full-scale invasion of Ukraine, this process intensified with a surge in military spending and a radical shift from a longstanding position of non-alignment towards NATO membership. As ‘war’ moves to the center of Swedish public debate, military and security experts occupy most of the space, leaving little room for alternative and critical perspectives. Drawing from feminist scholars, we offer some reflections on Sweden’s (re-)militarisation and ask who gets to speak, who is silenced, and why? Focusing on the domestic public debate post February 2022, we argue that when war moves to the center of the debate, peace is considered an ‘issue for later’. As war is understood in narrow military terms, war expertise is limited to matters of warfare instead of being seen as a broader societal issue. Critical voices and peace advocates are considered naive, unrealistic, and even dangerous. Our reflections invite a discussion on how militarisation and the politics of war expertise affect democratic debate with potentially far-reaching consequences for domestic and international politics.

Numerical Analysis of Harmful Environmental Impact of Accidental Explosion at a Hydrogen Filling Station Environmental Impact of an Accident Hydrogen Explosion at a Gas Station

The purpose of this study is to evaluate numerically the consequences of a hydrogen-air mixture explosion at a vehicle hydrogen filling station. The physical process of the explosion, which takes place after the hydrogen gas release into the air due to the accidental destruction of a number of high-pressure storage cylinders, is considered. The blast pressure wave moves in all directions from the epicenter of the accident, gradually losing its intensity and having a negative shock impact on the service personnel of the filling station and the structures of the surrounding buildings. The scale of the accident depends on the number of destroyed cylinders, which determines the size of the hydrogen-air cloud and the power of the explosion. The degree of negative consequences for the environment depends on the maximum overpressure in the blast wave front. Numerical obtaining of spatial pressure distributions in the area of the accident based on a hydrogen explosion mathematical modeling makes it possible to separate zones that are dangerous to human health and building structures strength. The direct problem of gas dynamics of combustion products of a hemispherical cloud of a stoichiometric hydrogen-air mixture in the surface layer of the atmosphere is considered. The mathematical model of an instantaneous hydrogen explosion takes into account the three-dimensional and non-stationary nature of the propagation of the explosion wave, the compressibility of the gas flow, the complex terrain, the shape and initial concentration of the cloud of hydrogen combustion products, and their thermodynamic parameters. The model makes it possible to obtain three-dimensional fields of maximum overpressure, which are the basis for deterministic assessment of the consequences of an accident for human health and the integrity of structures in the area of the explosion. The presented computer technology allows security experts to identify potential dangerous zones by means of mathematical modeling, recommend effective protective measures to mitigate or even eliminate the negative consequences of the blast wave environmental impact.

Modeling security evaluation framework for IoHT-driven systems using integrated decision-making methodology

The intensification of the Internet of Health Things devices created security concerns due to the limitations of these devices and the nature of the healthcare data. While dealing with the security challenges, several authentication schemes, protocols, processes, and standards have been adopted. Consequently, making the right decision regarding the installation of a secure authentication solution or procedure becomes tricky and challenging due to the large number of security protocols, complexity, and lack of understanding. The major objective of this study is to propose an IoHT-based assessment framework for evaluating and prioritizing authentication schemes in the healthcare domain. Initially, in the proposed work, the security issues related to authentication are collected from the literature and consulting experts’ groups. In the second step, features of various authentication schemes are collected under the supervision of an Internet of Things security expert using the Delphi approach. The collected features are used to design suitable criteria for assessment and then Graph Theory and Matrix approach applies for the evaluation of authentication alternatives. Finally, the proposed framework is tested and validated to ensure the results are consistent and accurate by using other multi-criteria decision-making methods. The framework produces promising results such as 93%, 94%, and 95% for precision, accuracy, and recall, respectively in comparison to the existing approaches in this area. The proposed framework can be picked as a guideline by healthcare security experts and stakeholders for the evaluation and decision-making related to authentication issues in IoHT systems

Importance of cyber protection in the power grid in the face of an uncertain future

In the digital era, cybersecurity is transforming the behavior of human beings in the correct use of technology, which is why it has become a critical element in business strategy, thus giving rise to the present research, which identified the current situation of associated companies in the process of generation, transmission, distribution and public lighting of electricity in Costa Rica, in the field of cybersecurity, with special emphasis on the identification, analysis and evaluation of policies, standards, procedures, controls, regulations and infrastructure in the sector. The study approach was quantitative, descriptive, and exploratory; based on a sample of experts in information security, where a survey was used for data collection. In the findings obtained, the existence of personnel with the technical knowledge to deal with a computer incident was observed, but from the business perspective, the lack of an institutional guideline and country strategy for the protection of the electrical network was recognized. In conclusion, there is a latent risk in the infrastructure of the national power grid, which is evidenced by the lack of a clear national strategy that establishes a roadmap to protect the sector against a possible cyber-attack.

Browser Security

Web browsers play a crucial role in accessing and interacting with information on the internet. However, they also present significant security challenges due to their complexity and the diverse range of threats they face. This paper provides an overview of web browser security, focusing on the key challenges, vulnerabilities, and defences. It discusses common attack vectors, such as cross-site scripting (XSS) and cross-site request forgery (CSRF), as well as browser security features like sandboxing, secure storage, and Content Security Policy (CSP). Additionally, the paper explores emerging threats and future directions in web browser security, highlighting the importance of ongoing research and collaboration among browser vendors, developers, and security experts to ensure a more secure browsing experience for users.

An investigation on the behavioral intention of existing bank clients in a developing country to use mobile banking services

Mobile banking has become very important in today’s life as technological advancements have led bank clients to use banking services. Clients’ attitudes toward mobile banking services are based on their expectations is the background of this research. So, the main objective is to observe the purposeful conduct in mind of clients to adopt mobile banking services. This study also examines the influence of six variables on financial services clients’ desire to utilize mobile banking services, including perceived benefits, perceived ease of use, trust, security, perceived privacy, and technology expertise. Consequently, the goal of this study is to find out the crucial and deciding factors that may influence clients’ willingness to use mobile banking features in Bangladesh as a developing country. The sample shaped for this research is 310 respondents from Bangladesh a developing country. For analytical purposes, SEM has been used to test hypotheses. The results show that in Bangladesh, factors like perceived value, security, and technological aptitude greatly determine whether a customer will utilize mobile banking. Financial institutions have proven to be successful in serving clients through mobile phones. Clients have made good use of mobile banking only to save money, cost, and labor. The research suggests that mobile banking operations must be timely and accurate, the transaction process must be short, interactivity, convenience of usage, and so on. The findings have important implications for bank regulatory authority, management, bankers, and executives who wish to increase mobile banking usage to secure their long-term profitability.

Bon-APT: Detection, attribution, and explainability of APT malware using temporal segmentation of API calls

Advanced Persistent Threats (APTs) are highly sophisticated cyberattacks that are aimed at achieving strategic goals and are usually backed by a well-funded entity. In this paper, we tackle the challenges of detecting and attributing APTs by proposing Bon-APT, a temporal learning method that analyzes and segment the occurrences of API calls invoked during the dynamic analysis of the examined PE. Those segments can be used to profile the temporal behavior of an APT, provide insights into its modus operandi, and induce an accurate machine-learning based model for the detection and attribution of APTs. Moreover, Bon-APT provides a human comprehensible explainability regarding the relations among segments as well as the behavior of the APT in each of them. This not only improves transparency and reliability from a human expert perspective, but it can also enrich the security experts with new knowledge regarding APTs' behavior. To evaluate Bon-APT, we built a unique collection of 12,655 APTs, belonging to 188 different cyber-groups and 17 different nations, which, to the best of our knowledge, is the largest collection of its kind. We conducted four experiments to evaluate the proposed method and compared its performance to the performance of state-of-the-art methods on the tasks of APT detection and authorship attribution (for both group and nation). Bon-APT achieved promising results in each of the tasks while outperforming the state-of-the-art methods. Bon-APT also provides a simple and concise explanation regarding its decisions and the APT behavior, as well as an easy, straightforward visual and quantitative behavioral comparison.

Facilitating the Integrative Use of Security Knowledge Bases within a Modelling Environment

Security threat and risk assessment of systems requires the integrated use of information from multiple knowledge bases. Such use is typically carried out ad-hoc by security experts in an unstructured manner. Also, this ad-hoc use of information often lacks foundations that allow for rigorous, disciplined applications of policy enforcement and the establishment of a well-integrated body of knowledge. This hinders organisational learning as well as the maturation of the threat modelling discipline. In this article, we uncover a newly developed extension of a state-of-the-art modelling tool that allows users to integrate and curate security-related information from multiple knowledge bases. Specifically, we provide catalogues of threats and security controls based on information from CAPEC, ATT&CK, and NIST SP800-53. We demonstrate the ability to curate security information using the designed solution. We highlight the contribution to improving the communication of security information, including the systematic mapping between user-defined security guidance and information derived from knowledge bases. The solution is open source and relies on model-to-model transformations and extendable threat and security control catalogues. Accordingly, the solution allows prospective users to adapt the modelling environment to their needs as well as keep it current with respect to evolving knowledge bases.