CSA

5th Workshop on Recent Advances in Cyber Situational Awareness and Data-Centric Approaches
  • Date
    Aug 01, 2024
  • Location
    SR04
  • Duration
    08:45 — 16:15
Workshops Lettering

Workshop Chairs

Workshop Chairs Logo Workshop Chairs Logo Workshop Chairs Logo Workshop Chairs Logo Workshop Chairs Logo
  • → Salvador Llopis
  • → Marco Antonio Sotelo Monge
  • → Marta Irene García Cid
  • → Jorge Maestre Vidal
  • → Gregorio Martínez Perez

Accepted Paper

RMF: A Risk Measurement Framework for Machine Learning Models
Jan Schröder (Fraunhofer FOKUS and HTW Berlin, Germany), Jakub Breier (TTControl GmbH, Austria)
Full Paper
Machine learning (ML) models are used in many safety and security-critical applications nowadays. It is therefore of interest to measure the security of a system that uses ML as its component.

This paper deals with the field of ML, especially security on autonomous vehicles. For this purpose, the concept of a technical framework will be described, implemented, and evaluated in a case study. Based on ISO/IEC 27004:2016, risk indicators are utilized to measure and evaluate the extent of damage and the effort required by an attacker. It is not possible, as assumed, to determine a risk value that represents the attacker's effort. Therefore, four different values must be interpreted individually.
Workshop CSA
Analyzing Air-traffic Security using GIS-``blur'' with Information Flow Control in the IIIf
Florian Kammueller (Middlesex University London and TU Berlin, United Kingdom)
Full Paper
In this paper, we address security and privacy of air-traffic control systems. Classically these systems are closed proprietary systems. However, air-traffic monitoring systems like flight-radars are decentralized public applications risking loss of confidential information thereby creating security and privacy risks. We propose the use of the Isabelle Insider and Infrastructure framework (IIIf) to alleviate the security specification and verification of air traffic control systems. This paper summarizes the IIIf and then illustrates the use of the framework on the application of a flight path monitoring system. Using the idea of blurring visual data to obfuscate privacy critical data used in GIS systems, we observe that for dynamic systems like flightradars, implicit information flows exist. We propose information hiding as a solution. To show the security of this approach, we present the extension of the IIIf by a formal notion of indistinguishability and prove the central noninterference property for the flight path monitoring application with hiding.
Workshop CSA
Exploring the influence of the choice of prior of the Variational Auto-Encoder on cybersecurity anomaly detection
Tengfei Yang (Software Research Institute, Technological University of the Shannon:Midlands Midwest, Ireland), Yuansong Qiao (Software Research Institute, Technological University of the Shannon:Midlands Midwest, Ireland), Brian Lee (Software Research Institute, Technological University of the Shannon:Midlands Midwest, Ireland)
Full Paper
The Variational Auto-Encoder (VAE) is a popular generative model as the variance inference in the latent layer, the prior is an important element to improve inference efficient. This research explored the prior in the VAE by comparing the Normal family distributions and other location-scale family distributions in three aspects (performance, robustness, and complexity) in order to find a suitable prior for cybersecurity anomaly detection. Suitable distributions can improve the detection performance, which was verified at UNSW-NB15 and CIC-IDS2017.
Workshop CSA
A Technical Exploration of Strategies for Augmented Monitoring and Decision Support in Information Warfare
Frida Muñoz Plaza (Indra, Spain), Inés Hernández San Román (Indra, Spain), Marco Antonio Sotelo Monge (Indra, Spain)
Full Paper
The evolving landscape of global security has shifted away from the traditional dynamics of superpower confrontations towards a more complex interaction involving both state and non-state actors. This transition is fueled by factors like globalization, resource competition, and shifts in political and social frameworks, contributing to heightened levels of uncertainty. Simultaneously, there has been an 'information revolution' driven by technologies such as the Internet and mobile phones, ushering in an era dominated by computer-based decision-making. This evolving Information Environment encompasses various components, from the information itself to the actors and systems facilitating its utilization. The capability to influence perceptions, especially among local populations, holds significant strategic importance in military contexts. Additionally, the growing dependence on Information Technology (IT) introduces both opportunities for exploitation and vulnerabilities that require attention, particularly in the dissemination of information and disinformation campaigns via the Internet. In this paper, the authors explore technical enablers that can help to mitigate the downside effects of information warfare targeted against individuals engaged in information warfare campaigns. A three-fold analysis unveils alternatives for monitoring the cognitive domain capabilities, the analysis of external sources of information (e.g., OSINT sources), and analysis of cognitive patterns. The ultimate goal is to suggest defensive mechanisms to diminish the likelihood of success of an adversarial attack through deterrence from others' perceptions effectively
Workshop CSA
Evaluation of Cyber Situation Awareness - Theory, Techniques and Applications
Georgi Nikolov (Royal Military School Brussels, Belgium), Axelle Perez (Université libre de Bruxelles, Belgium), Wim Mees (Royal Military Academy Brussels, Belgium)
Full Paper
In recent years the technology field has grown exponentially, bringing with it new possibilities, but also new threats. This rapid advancement has created fertile grounds for new sophisticated cyber attacks, exhibiting a high degree of complexity. In an ever evolving cyber landscape, organizations need to dedicate valuable resources in enhancing their understanding of emergent threats for the purposes of identification, analysis and mitigation. To accomplish this task, they rely on Cyber Situation Awareness (CSA), a framework designed for the purposes of managing the virtual environment through the perception and comprehension of the behaviors therein, be that benign or malicious, followed by modeling the future state of the environment based on the gathered information. In this paper, we will discuss how exactly the theory of Situation Awareness has been applied to the cyber domain. Further on, we will present various techniques used for handling the large quantity of complex data and managing the dynamic nature of the environment by Cyber Situation Operation Centers (CSOC) and discuss in detail a number of methodologies that have been designed for the evaluation of the level of CSA. Finally, we will provide specific examples of simulated scenarios for the application of the CSA assessment techniques.
Workshop CSA
Unlocking the Potential of Knowledge Graphs: A Cyber Defense Ontology for a Knowledge Representation and Reasoning System
José María Jorquera Valero (University of Murcia, Spain), Antonio López Martínez (University of Murcia, Spain), Pedro Miguel Sánchez Sánchez (University of Murcia, Spain), Daniel Navarro Martínez (Indra Digital Labs, Spain), Rodrigo Varas López (Indra Digital Labs, Spain), Javier Ignacio Rojo Lacal (Indra Digital Labs, Spain), Antonio López Vivar (Indra Digital Labs, Spain), Marco Antonio Sotelo Monge (Indra Digital Labs, Spain), Manuel Gil Pérez (University of Murcia, Spain), Gregorio Martínez Pérez (University of Murcia, Spain)
Full Paper
In today's dynamic and complex warfare landscape, characterized by the convergence of traditional and emerging threats, the significance of cybersecurity in shaping modern conflicts cannot be overstated. Such trend presents a challenging paradigm shift in how military organizations approach mosaic warfare in the digital age since new attack vectors and targets appear in their landscapes. In this vein, it is pivotal for military teams to have a clear and concise roadmap for cybersecurity incidents linked to potential mosaic warfare. This manuscript introduces a novel approach to bolstering mosaic warfare strategies by integrating an advanced Knowledge Representation and Reasoning system and a tailored ontology. Motivated by the critical role of cybersecurity in contemporary warfare, the proposed system aims to enhance situational awareness, decision-making capabilities, and operational effectiveness in the face of evolving cyber threats. In this sense, this manuscript entails a new ontology that not only covers the cybersecurity realm but also introduces key concepts related to strategic and operational military levels at the same time. The ad-hoc ontology is also compared against other well-known ones, such as MITRE, NATO, or UCO approaches and manifests a significant performance by employing standardized quality metrics for ontologies. Lastly, a realistic mosaic warfare scenario is contextualized to demonstrate the deployment of the proposed system and how it can properly represent all information gathered from heterogeneous data sources.
Workshop CSA
NEWSROOM: Towards Automating Cyber Situational Awareness Processes and Tools for Cyber Defence
Markus Wurzenberger (AIT Austrian Institute of Technology GmbH, Austria), Stephan Krenn (AIT Austrian Institute of Technology GmbH, Austria), Max Landauer (AIT Austrian Institute of Technology, Austria), Florian Skopik (AIT Austrian Institute of Technology, Austria), Cora Perner (Airbus, Germany), Jarno Lötjönen (Jamk University of Applied Sciences, Finland), Jani Päijänen (Jamk University of Applied Sciences, Finland), Georgios Gardikis (Space Hellas S.A., Greece), Nikos Alabasis (Space Hellas S.A., Greece), Liisa Sakerman (Sihtasutus CR14, Estonia), Fredi Arro (Sihtasutus CR14, Estonia), Kristiina Omri (CybExer Technologies OÜ, Estonia), Aare Reintam (CybExer Technologies OÜ, Estonia), Juha Röning (University of Oulu, Finland), Kimmo Halunen (University of Oulu, Finland), Romain Ferrari (ThereSIS, Thales SIX GTS, France), Vincent Thouvenot (ThereSIS, Thales SIX GTS, France), Martin Weise (TU Wien, Austria), Andreas Rauber (TU Wien, Austria), Vasileios Gkioulos (Norwegian University of Science and Technology, Norway), Sokratis Katsikas (Norwegian University of Science and Technology, Norway), Luigi Sabetta (LeonardoLabs (Leonardo spa), Italy), Jacopo Bonato (LeonardoLabs (Leonardo spa), Italy), Rocío Ortíz (INDRA, Spain), Daniel Navarro (INDRA, Spain), Nikolaos Stamatelatos (Logstail, Greece), Ioannis Avdoulas (Logstail, Greece), Rudolf Mayer (University of Vienna, Austria), Andreas Ekelhart (University of Vienna, Austria), Ioannis Giannoulakis (Eight Bells Ltd, Cyprus), Emmanouil Kafetzakis (Eight Bells Ltd, Cyprus), Antonello Corsi (CY4GATE SpA, Italy), Ulrike Lechner (Universität der Bundeswehr München, Germany), Corinna Schmitt (Universität der Bundeswehr München, FI CODE, Germany)
Full Paper
Cyber Situational Awareness (CSA) is an important element in both cyber security and cyber defence to inform processes and activities on strategic, tactical, and operational level. Furthermore, CSA enables informed decision making. The ongoing digitization and interconnection of previously unconnected components and sectors equally affects the civilian and military sector. In defence, this means that the cyber domain is both a separate military domain as well as a cross-domain and connecting element for the other military domains comprising land, air, sea, and space. Therefore, CSA must support perception, comprehension, and projection of events in the cyber space for persons with different roles and expertise. This paper introduces NEWSROOM, a research initiative to improve technologies, methods, and processes specifically related to CSA in cyber defence. For this purpose, NEWSROOM aims to improve methods for attacker behavior classification, cyber threat intelligence (CTI) collection and interaction, secure information access and sharing, as well as human computer interfaces (HCI) and visualizations to provide persons with different roles and expertise with accurate and easy to comprehend mission- and situation-specific CSA. Eventually, NEWSROOM's core objective is to enable informed and fast decision-making in stressful situations of military operations. The paper outlines the concept of NEWSROOM and explains how its components can be applied in relevant application scenarios.
Workshop CSA
Evaluating the impact of contextual information on the performance of intelligent continuous authentication systems
Pedro Miguel Sánchez Sánchez (Department of Information and Communications Engineering, University of Murcia, Spain, Spain), Adrián Abenza Cano (Department of Information and Communications Engineering, University of Murcia, Spain, Spain), Alberto Huertas Celdrán (Communication Systems Group CSG, Department of Informatics, University of Zurich, Switzerland), Gregorio Martínez Pérez (Department of Information and Communications Engineering, University of Murcia, Spain, Spain)
Full Paper
Nowadays, the usage of computers ranges from activities that do not consider sensitive data, such as playing video games, to others managing confidential information, like military operations. Additionally, regardless of the actions performed by subjects, most computers store different pieces of sensitive data, making the implementation of robust security mechanisms a critical and mandatory task. In this context, continuous authentication has been proposed as a complementary mechanism to improve the limitations of conventional authentication methods. However, mainly driven by the evolution of Machine Learning (ML), a series of challenges related to authentication performance and, therefore, the feasibility of existing systems are still open. This work proposes the usage of contextual information related to the applications executed in the computers to create ML models able to authenticate subjects continuously. To evaluate the suitability of the proposed context-aware ML models, a continuous authentication framework for computers has been designed and implemented. Then, a set of experiments with a public dataset with 12 subjects demonstrated the improvement of the proposed approach compared to the existing ones. Precision, recall, and F1-Score metrics are raised from an average of 0.96 (provided by general ML models proposed in the literature) to 0.99-1.
Workshop CSA
On the Application of Natural Language Processing for Advanced OSINT Analysis in Cyber Defence
Florian Skopik (AIT Austrian Institute of Technology, Austria), Benjamin Akhras (AIT Austrian Institute of Technology, Austria), Elisabeth Woisetschlaeger (AIT Austrian Institute of Technology, Austria), Medina Andresel (AIT Austrian Institute of Technology, Austria), Markus Wurzenberger (AIT Austrian Institute of Technology, Austria), Max Landauer (AIT Austrian Institute of Technology, Austria)
Full Paper
Open Source Intelligence (OSINT), in addition to closed military sources, provides timely information on emerging cyber attack techniques, attacker groups, changes in IT products, policy updates, recent events, and much more. Often, dozens of analysts scour hundreds of sources to gather, categorize, cluster, and prioritize news items, delivering the most pertinent information to decision makers. However, the sheer volume of sources and news items is continually expanding, making manual searches increasingly challenging. Moreover, the format and presentation of this information vary widely, with each blog entry, threat report, discussion forum, and mailing list item appearing differently, further complicating parsing and extracting relevant data. The research projects NEWSROOM and EUCINF, under the European Defence Fund (EDF), focus on leveraging Natural Language Processing (NLP) and Artificial Intelligence (AI) to enhance mission-oriented cyber situational awareness. These EDF initiatives are instrumental in advancing Taranis AI, a tool designed to categorize news items using machine learning algorithms and extract pertinent entities like company names, products, CVEs, and attacker groups. This enables the indexing and labeling of content, facilitating the identification of relationships and grouping of news items related to the same events -- a crucial step in crafting cohesive "stories." These stories enable human analysts to swiftly capture the most significant current "hot topics", alleviating them from the task of consolidating or filtering redundant information from various sources. Taranis AI further enhances its capabilities by automatically generating summaries of reports and stories, and implementing a collaborative ranking system, among other features. This paper serves as an introduction to Taranis AI, exploring its NLP advancements and their practical applications. Additionally, it discusses lessons learned from its implementation and outlines future directions for research and development.
Workshop CSA
PQ-REACT: Post Quantum Cryptography Framework for Energy Aware Contexts
Marta Irene Garcia Cid (Indra, Spain), Kourtis Michail-Alexandros (National Centre for Scientific Research “DEMOKRITOS”, Greece), David Domingo (Indra Sistemas de Comunicaciones Seguras, Spain), Nikolay Tcholtchev (Fraunhofer Institute for Open Communication Systems, Germany), Vangelos K. Markakis (Hellenic Mediterranean University, Greece), Marcin Niemiec (AGH University, Poland), Juan Pedro Brito Mendez (Universidad Politécnica de Madrid, Spain), Laura Ortiz (Universidad Politécnica de Madrid, Spain), Vicente Martin (Universidad Politécnica de Madrid, Spain), Diego Lopez (Telefonica Investicacion y Desarrollo, Spain), George Xilouris (National Centre for Scientific Research “DEMOKRITOS”, Greece), Maria Gagliardi (Scuola Superiore Sant'Anna, Italy), Jose Gonzalez (MTU Autralo Alplha Lab, Estonia), Miguel Garcia (Splorotech S.L., Spain), Giovanni Comande (SMARTEX SRL, Italy), Nikolai Stoianov (Bulgarian Defence Institute, Bulgaria)
Full Paper
Public key cryptography is nowadays a crucial component of global communications which are critical to our economy, security and way of life. The quantum computers are expected to be a threat and the widely used RSA, ECDSA, ECDH, and DSA cryptosystems will need to be replaced by quantum safe cryptography. The main objective of the HORIZON Europe PQ-REACT project is to design, develop and validate a framework for a faster and smoother transition from classical to quantum safe cryptography for a wide variety of contexts and usage domains that could have a potential interest for defence purposes. This framework will include Post Quantum Cryptography (PQC) migration paths and cryptographic agility methods and will develop a portfolio of tools for validation of post quantum cryptographic systems using Quantum Computing. A variety of real-world pilots using PQC and Quantum Cryptography, i.e., Smart Grids, 5G and Ledgers will be deployed and a series of open calls for SMEs and other stakeholders will be launched to bring and test their PQC algorithms and external pilots on the PQ-REACT Quantum Computing Infrastructure.
Workshop CSA
Operation Assessment in cyberspace: Understanding the effects of Cyber Deception
Salvador Llopis Sanchez (Universitat Politecnica de Valencia, Spain), David Lopes Antunes (Universitat Politecnica de Valencia, Spain)
Full Paper
Cyber planners face a considerable challenge in finding holistic solutions for a cyber defence decision-support system - a core module of a cyber situation awareness capability. Due to a fast-evolving cyberspace, decision makers assisted by technical staff are prone to carry out qualitative assessments when planning and conducting cyber operations instead of exclusively relying on quantitative assessments to articulate cyber defence mechanisms. A hybrid setting combining both types of assessments would be key to have the ability to monitor progression, anticipate deviations from initial plans and evaluate effectiveness towards mission accomplishment. In line with this rationale, the authors propose a thorough analysis and tailorness of the operation assessment framework applied to the characteristics of the cyberspace in view of identifying a proper methodology able to regularly assess the situation and provide mitigation measures to fix goal alignment problems including measuring effects of cyber deception. Such goals are considered decisive conditions of the operation design. The results are expected to shed some light about measuring the required performance of action and effectiveness using mission impact and risk calculations among others.
Workshop CSA

Detail CSA 02/05

Topics of interest include, but are not limited to 03/05

  • Artificial Intelligence enabled Cybersecurity and viceversa
  • Automated Cyber response mechanisms
  • Big data on Cyber situational awareness
  • Cyber Threat Intelligence management
  • Cyber risk Identification and Assessment
  • Cybersecurity Education and Training activities
  • Gamification and Cyber ranges
  • Incident modeling and simulation
  • Digital twins applied to Cybersecurity
  • Incident response, reasoning and decision-making
  • Cyber Key Terrain identification and assessment
  • Mission planning, assessment and management in support of cybersecurity tasks
  • Cyber Resilience and recovery
  • Visual analytics, Cyber Common Operational Picture and presentation techniques
  • Secure communications
  • Command and Control systems
  • Quantum Technologies
  • Situation understanding of complex information environments
  • Zero Trust architectures and data-centric security

Workshop Chairs 04/05

Workshop Chairs

Workshop Chairs Logo
Salvador Llopis
Universitat Politecnica de Valencia, Spain
Workshop Chairs Logo
Marco Antonio Sotelo Monge
Indra, Spain
Workshop Chairs Logo
Marta Irene García Cid
Indra, Spain
Workshop Chairs Logo
Jorge Maestre Vidal
Indra, Spain
Workshop Chairs Logo
Gregorio Martínez Perez
Universidad de Murcia, Spain

Program Committee

Nikolai Stoianov | Bulgarian Defence Institute, Bulgaria
Victor Villagrá González | Universidad Politécnica de Madrid, Spain
Joaquin Garcia-Alfaro | Institut Mines-Telecom, Telecom SudParis, France
Alberto Huertas Celdran | University of Zurich, Switzerland
Patricia Arias Cabarcos | Karlsruhe Institute of Technology, Germany
Cataldo Basile | Politecnico di Torino, Italy
Roumen Daton Medenou | Indra, Digital Labs, Spain
Miguel Páramo Castrillo | Indra, Digital Labs, Spain
Lorenzo Fernández Maimó | Universidad de Murcia, Spain
Manuel Gil Pérez | Universidad de Murcia, Spain
Alessandro Brighente | University of Padua, Italy
Fabio De Gaspari | Sapienza University of Rome, Italy
Georgios Kambourakis | University of the Aegean, Greece

Submission 05/05

Important Dates

Extended Submission Deadline May 12, 2024
Author Notification Jun 02, 2024
Proceedings Version Jun 18, 2024
Conference Jul 30 — Aug 02, 2024
Join ARES 2025!

Join us at ARES 2025 in Ghent, Belgium