For most people, cybersecurity is a hard to grasp notion. Traditionally, cybersecurity has been considered as a technical challenge and still many specialists view it equivalent with information security, with the notions of confidentiality, integrity and availability as starting points of thinking. And although others searched for a broader perspective, the complexity and ambiguity of the notion still thwarts a common understanding. While developing and executing a MSc cybersecurity program for professionals, the lack of a common understanding of what cybersecurity entails was again observed. Stimulated by this, we started to look for and define a new, transdisciplinary conceptualization of cybersecurity that everyone can agree upon. It resulted in two scientific papers published. This paper describes the outcomes of the continuation of our research journey. It turned out that the earlier introduced description of two key notions, namely that of cyberspace and that of cybersecurity, can still be considered as adequate starting points. Here, we describe a set of additional mental models that elaborates them and provides more detail to the meaning of the two key notions. In practice, it turned out that the additional mental models strongly support the description and analysis of existing and upcoming cybersecurity challenges and helps to understand how everybody, in his or her various roles, can or should contribute to reducing the related cyber risks to adequate levels. We further discovered that for certain cybersecurity challenges, especially those related to efficient cyber risk mitigation, we could not yet identify an adequate sub-set of mental models. This defines the agenda for near future cybersecurity research.@en

The 2013 National Security Agency revelations of pervasive monitoring have led to an "encryption rush" across the computer and Internet industry. To push back against massive surveillance and protect users' privacy, vendors, hosting and cloud providers have widely deployed encryption on their hardware, communication links, and applications. As a consequence, most web connections nowadays are encrypted. However, there is still a significant part of Internet traffic that is not encrypted. It has been argued that both costs and complexity associated with obtaining and deploying X.509 certificates are major barriers for widespread encryption, since these certificates are required to establish encrypted connections. To address these issues, the Electronic Frontier Foundation, Mozilla Foundation, the University of Michigan and a number of partners have set up Let's Encrypt (LE), a certificate authority that provides both free X.509 certificates and software that automates the deployment of these certificates. In this paper, we investigate if LE has been successful in democratizing encryption: we analyze certificate issuance in the first year of LE and show from various perspectives that LE adoption has an upward trend and it is in fact being successful in covering the lower-cost end of the hosting market.@en

Decision trees are one of the most popular structures for decision-making and the representation of a set of rules. However, when a rule set is represented as a decision tree, some quirks in its structure may negatively affect its performance. For example, duplicate sub-trees and rule filters, that need to be evaluated more than once, could negatively affect the efficiency. This paper presents a novel algorithm based on Shannon’s expansion, which guarantees that the same rule filter is not evaluated more than once, even if repeated in other rules. This fact increases efficiency during the evaluation process using the induced decision tree. Experiments demonstrated the viability of the proposed algorithm in processing-intensive scenarios, such as in intrusion detection and data stream analysis.@en

Persuasion is a human activity of influence. In marketing, persuasion can help customers find solutions to their problems, make informed choices, or convince someone to buy a useful (or useless) product or service. In computer crimes, persuasion can trick users into revealing sensitive information, or even performing actions that benefit attackers. Phishing is one of the most common and dangerous forms of persuasion-based attacks, as it exploits human vulnerabilities rather than technical ones. Therefore, an intelligent system capable of detecting and classifying persuasion attempts might be useful in protecting users. In this work, an approach that uses Machine Learning to analyze messages based on principles of persuasion and different data representations is presented. The aim of this research is to detect which data representation and which classification algorithm obtain the best results in detecting each principle of persuasion as a prior step to detecting phishing attacks. The results obtained indicate that among the combinations tested, there is one combination of data representation and classification algorithm that performs best. The related classification models obtained can detect the principles of persuasion at a rate that varies between 0.78 and 0.86 of AUC-ROC.@en

We live in a world that is being driven by data. This leads to challenges of extracting and analyzing knowledge from large volumes of data. An example of such a challenge is intrusion detection. Intrusion detection data sets are characterized by huge volumes, which affects the learning of the classifier. So there is a need to reduce the size of the training sets. Fortunately, inspection and analysis of available intrusion detection data sets showed that many instances are very similar and do not provide relevant information to the classification process. This prompted to look for possibilities to use a fast algorithm that, as much as possible, removes similar instances in intrusion detection data sets while enforcing the detection rate. In this work, a new fast instance reduction algorithm is presented. The proposed algorithm provides greater efficiency during the training stage, without significantly affecting the efficacy during the intrusion detection task.@en

Every day the number of devices interacting through telecommunications networks grows resulting into an increase in the volume of data and information generated. At the same time, a growing number of information security incidents is being observed including the occurrence of unauthorized accesses, also named intrusions. As a consequence of these two developments, Information and Communications services providers require automated processes to detect and solve such intrusions, and this should done quickly in order to keep the related cybersecurity risks at acceptable levels. However, the presence of large volumes of data negatively interferes with the performance of classifiers used in intrusion detection tasks, which limits their applicability in practical cases. The research reported in this paper focuses on proposing a novel feature selection algorithm for intrusion detection scenarios. To this end, an extensive literature review was executed to first discover issues in the feature selection algorithms reported. Based on the insights obtained, the new multi-measure feature selection algorithm was designed that uses qualitative information provided by multiple feature selection measures, and reduces the dimensionality of the training data set. The algorithm proposed was next extensively tested using various data sets. It provides greater efficacy than other feature selection algorithms used for intrusion detection purposes. We finalize by providing some ideas on future research in order to further improve the algorithm.@en

Cyber operations are relatively a new phenomenon of the last two decades. During that period, they have increased in number, complexity, and agility, while their design and development have been processes well kept under secrecy. As a consequence, limited data(sets) regarding these incidents are available. Although various academic and practitioner public communities addressed some of the key points and dilemmas that surround cyber operations (such as attack, target identification and selection, and collateral damage), still methodologies and models are needed in order to plan, execute, and assess them in a responsibly and legally compliant way. Based on these facts, it is the aim of this article to propose a model that i)) estimates and classifies the effects of cyber operations, and ii) assesses proportionality in order to support targeting decisions in cyber operations. In order to do that, a multi-layered fuzzy model was designed and implemented by analysing real and virtual realistic cyber operations combined with interviews and focus groups with technical – military experts. The proposed model was evaluated on two cyber operations use cases in a focus group with four technical – military experts. Both the design and the results of the evaluation are revealed in this article.@en

Low-voltage distribution grids experience a rising penetration of inverter-based, distributed generation. In order to not only contribute to but also solve voltage problems, these inverters are increasingly asked to participate in intelligent grid controls. Communicating inverters implement distributed voltage droop controls. The impact of cyber-attacks to the stability of such distributed grid controls is poorly researched and therefore addressed in this article. We characterize the potential impact of several attack scenarios by employing the positivity and diagonal dominance properties. In particular, we discuss measurement falsification scenarios where the attacker corrupts voltage measurement data received by the voltage droop controllers. Analytical, control-theoretic methods for assessing the impact on system stability and voltage magnitude are presented and validated via simulation.@en

In the last few years, the telecommunications scenario has experienced an increase in the volume of information generated, as well as in the execution of malicious activities. In order to complement Intrusion Detection Systems (IDSs), data mining techniques have begun to play a fundamental role in data analysis. On the other hand, the presence of useless information and the amount of data generated by telecommunication services (leading to a huge dimensional problem), can affect the performance of traditional IDSs. In this sense, a data preprocessing strategy is necessary to reduce data, but reducing data without affecting the accuracy of IDSs represents a challenge. In this paper, we propose a new data preprocessing strategy which reduces the number of features and instances in the training collection without greatly affecting the achieved accuracy of IDSs. Finally, our proposal is evaluated using four different rule-based classifiers, which are tested on real scan and backscatter data collected by a network telescope.@en

Cyber Operations stopped being utopia or Sci-Fi based scenarios: they became reality. When planning and conducting them, military actors encounter difficulties since they lack methodologies and models that support their actions and assess their effects. To address these issues by tackling the underlying scientific and practical gap, this article proposes an assessment methodology for the intended and unintended effects of Cyber Operations, labeled as Military Advantage, Collateral Damage and Military Disadvantage, and aims at supporting the targeting process when engaging targets in Cyber Operations. To arrive at this methodology, an extensive review on literature, military doctrine and methodologies was conducted combined with two series of interviews with military commanders and field work in joint military exercises. The assessment methodology is proposed considering multidimensional factors, phases and steps in a technical - military approach. For validation, one realistic Cyber Operation case study was conducted in a focus group with nine military experts plus four face-to-face meetings with another four military experts.@en

Connected- en de autonoom rijdende auto’s communiceren constant met hun omgeving. Deze rijdende computers zijn nooit ontworpen om kwaadwillende hackers buiten te houden. Het is tijd om de ICT architectuur in onze auto’s grondig te herzien om ervoor te zorgen dat de fysieke consumentenveiligheid gegarandeerd wordt. Onderzoek vanuit de Cyber Security Academy in samenwerking met Universiteit Delft en Universiteit Leiden laat zien welke stappen er genomen kunnen worden om de cyber security van personenauto’s te verbeteren.@en

Cyber operations lack models, methodologies, and mechanisms to describe relevant data and knowledge. This problem is directly reflected when cyber operations are conducted and their effects assessed, and it can produce dissonance and disturbance in corresponding decision-making processes and communication between different military actors. To tackle these issues, this article proposes a knowledge model for cyber operations implemented as a computational ontology following a design science approach grounded on extensive technical-military research. This model classifies the essential entities of cyber operations and is exemplified in three case studies. Validation results show that this model can be used to describe cyber operations clearly and concisely. @en

For most people, cybersecurity is a difficult notion to grasp. Traditionally, cybersecurity has been considered a technical challenge, and still many specialists understand it as information security, with the notions of confidentiality, integrity, and availability as its foundation. Although many have searched for different and broader perspectives, the complexity and ambiguity of the notion still thwarts a common understanding. While the author was developing and executing a MSc cybersecurity program for professionals with a wide variety of backgrounds and widely differing views on cybersecurity, the lack of a common understanding of cybersecurity was clearly evident. Based on these observations, the author began seeking and defining a new, transdisciplinary conceptualization of cybersecurity that can be widely agreed upon. It resulted in the publication of three scientific papers. This paper is an amalgam of the contents of the three supplemented with some extensions. It turned out that the previously introduced description of two key notions, cyberspace and cybersecurity, is still an adequate starting point. Described here is a set of additional mental models elaborating on these key notions and providing more detail on their meanings. The research suggests that this set of mental models strongly supports the description and analysis of current cybersecurity challenges and helps people understand how everyone, in his or her various roles, can contribute to reducing the related cyber risks. These claims are supported by presenting the modeling and analysis approaches of various MSc-thesis research projects executed by students when working on practical cybersecurity problems both within and outside their organisations. The author further discovered that, for a limited set of cybersecurity challenges, it was not yet possible to identify adequate mental models; this defines the agenda for future research.@en

Today’s increasing connectivity creates cyber risks at personal, organizational up to societal level. Societal cyber risks require mitigation by all kinds of actors where government should take the lead due to its responsibility to protect its citizens. Since no formal global governance exists, the governmental responsibility should start at the national level of every country. To achieve successful management of global cyber risks, appropriate alignment between these sovereignly developed strategies is required, which concerns a complex challenge. To create alignment, getting insight into differences between national cyber strategies, is the first step. This, in turn, requires an appropriate analysis approach that helps to identify the key differences. In this article, we introduce such an analysis approach based on social contract theory. The resulting analysis model consists of both a direct and an indirect type of social cyber contract between governments, citizens and corporations, within and between sovereign nations. To show its effectiveness, the proposed social cyber contract model is validated through an illustrated case examining various constitutional rights to privacy, their embedding in the national cyber strategies and how their differences could cause potential barriers for alignment across sovereignties.@en

Telecommunications services have become a constant in people’s lives. This has inspired fraudsters to carry out malicious activities causing economic losses to people and companies. Early detection of signs that suggest the possible occurrence of malicious activity would allow analysts to act in time and avoid unintended consequences. Modeling the behavior of users could identify when a significant change takes place. Following this idea, an algorithm for online behavior change detection in telecommunication services is proposed in this paper. The experimental results show that the new algorithm can identify behavioral changes related to unforeseen events.@en

In cloud computing, the paradigm of data outsourcing introduces security challenges, which requires an independent auditing service to check the data integrity in the cloud. Many existing integrity checking protocols cannot be applied to the auditing service because they can only deal with static data, but it is natural for the client to dynamically update their remotely stored data. Thus, an efficient and secure auditing protocol enabling data dynamics is desired to convince the client that the data are correctly stored in the cloud. In this work, we propose a privacy-preserving public auditing cloud storage protocol enabling data dynamics in the standard model. Inspired by a recent homomorphic network coding signature scheme, we employ a data integrity auditing protocol based on the strong RSA assumption, and extend it to enable a third party auditor to audit client's data without learning the data content. Then we further extend our auditing protocol to support the data dynamic operations (modification, insertion and deletion), which achieves high security level in the standard model. At last we prove the security and justify the performance of our proposed protocol through concrete experiments and comparisons with the state of the art.@en

This paper presents the first bibliometric mapping analysis of the field of computer and information ethics (C&IE). It provides a map of the relations between 400 key terms in the field. This term map can be used to get an overview of concepts and topics in the field and to identify relations between information and communication technology concepts on the one hand and ethical concepts on the other hand. To produce the term map, a data set of over thousand articles published in leading journals and conference proceedings in the C&IE field was constructed. With the help of various computer algorithms, key terms were identified in the titles and abstracts of the articles and co-occurrence frequencies of these key terms were calculated. Based on the co-occurrence frequencies, the term map was constructed. This was done using a computer program called VOSviewer. The term map provides a visual representation of the C&IE field and, more specifically, of the organization of the field around three main concepts, namely privacy, ethics, and the Internet.@en