More Like this

1. Data Analytics for Cyber Risk Analysis Utilizing Cyber Incident Datasets

   https://doi.org/10.1109/SIEDS52267.2021.9483743  

   Portalatin, Melissa; Keskin, Omer; Malneedi, Sneha; Raza, Owais; Tatar, Unal (July 2021, 2021 Systems and Information Engineering Design Symposium (SIEDS))

   The imperative factors of cybersecurity within institutions have become prevalent due to the rise of cyber-attacks. Cybercriminals strategically choose their targets and develop several different techniques and tactics that are used to exploit vulnerabilities throughout an entire institution. With the thorough analysis practices being used in recent policy and regulation of cyber incident reports, it has been claimed that data breaches have increased at alarming rates rapidly. Thus, capturing the trends of cyber-attacks strategies, exploited vulnerabilities, and reoccurring patterns as insight to better cybersecurity. This paper seeks to discover the possible threats that influence the relationship between the human component and cybersecurity posture. Along with this, we use the Vocabulary for Event Recording and Incident Sharing (VERIS) database to analyze previous cyber incidents to advance risk management that will benefit the institutional level of cybersecurity. We elaborate on the rising concerns of external versus internal factors that potentially put institutions at risk for exploiting vulnerabilities and conducting an exploratory data analysis that articulates the understanding of detrimental monetary and data loss in recent cyber incidents. The human component of this research attributes to the perceptive of the most common cause within cyber incidents, human error. With these concerns on the rise, we found contributing factors with the use of a risk-based approach and thorough analysis of databases, which will be used to improve the practical consensus of cybersecurity. Our findings can be of use to all institutions in search of useful insight to better their risk-management planning skills and failing elements of their cybersecurity. 

   more » « less
2. Privacy Preserving Cyber Threat Information Sharing and Learning for Cyber Defense

   https://doi.org/10.1109/CCWC.2019.8666477  

   Badsha, Shahriar; Vakilinia, Iman; Sengupta, Shamik (January 2019, 2019 IEEE 9th Annual Computing and Communication Workshop and Conference (CCWC))

   null (Ed.)
3. Quantifying Impact on Safety from Cyber-Attacks on Cyber-Physical Systems

   Vlahakis, Eleftherios; Provan, Gregory; Yang, Shanchieh; Athanasopoulos, Nikolaos (July 2023, International Federation of Automatic Control)

   We propose a novel framework for modeling attack scenarios in cyber-physical control systems: we represent a cyber-physical system as a constrained switching system, where a single model embeds the dynamics of the physical process, the attack patterns, and the attack detection schemes. We show that this is compatible with established results in hybrid automata, namely, constrained switching systems. The proposed attack modeling approach admits a large class of non-deterministic attack policies and permits the characterization of system safety as an asymptotic property. By calculating the maximal safe set, the resulting new impact metrics intuitively quantify the degradation of safety and the impact of cyber attacks on the safety properties of the system under attack. We showcase our results via an illustrative example. 

   more » « less
4. Modeling Human-Cyber Interactions in Safety-Critical Cyber-Physical/Industrial Control Systems

   https://doi.org/10.1109/MASS56207.2022.00106  

   Ngo, Steven; DeAngelis, Dave; Garcia, Luis (October 2022, 2022 IEEE 19th International Conference on Mobile Ad Hoc and Smart Systems (MASS))
5. Toward Automated Cyber Defense with Secure Sharing of Structured Cyber Threat Intelligence

   https://doi.org/10.1007/s10796-020-10103-7  

   Haque, Md. Farhan; Krishnan, Ram (December 2020, Information Systems Frontiers)

   null (Ed.)