Roman Graf

Improved software vulnerability patching techniques using CVSS and game theory

Software vulnerability patching is a crucial part of vulnerability management and is informed by using effective vulnerability scoring techniques. The Common Vulnerability Scoring System (CVSS) provides an open framework for assessing the severity of software vulnerabilities based on metrics capturing their individual, intrinsic characteristics. In this paper, we enhance the use of CVSS for vulnerability scoring with the help of game theory by modelling an attacker-defender scenario and arguing that, under the assumption of rational behaviour of the players, an effective vulnerability patching strategy could be achieved with an optimal strategy, solving the game. We have implemented our strategies as new functionality in the software tool CAESAIR [1]. This research builds on our previous work [2], where we have used CVSS to inform the design of the utility functions, by performing the Nash equilibrium analysis of the game. Our findings may result in more accurate defence strategies for system administrators.

Correlating cyber incident information to establish situational awareness in Critical Infrastructures

Protecting Critical Infrastructures (CIs) against contemporary cyber attacks has become a crucial as well as complex task. Modern attack campaigns, such as Advanced Persistent Threats (APTs), leverage weaknesses in the organizations business processes and exploit vulnerabilities of several systems to hit their target. Although their life-cycle can last for months, these campaigns typically go undetected until they achieve their goal. They usually aim at performing data exfiltration, cause service disruptions and can also undermine the safety of humans. Novel detection techniques and incident handling approaches are therefore required, to effectively protect CIs networks and timely react to this type of threats. Correlating large amounts of data, collected from a multitude of relevant sources, is necessary and sometimes required by national authorities to establish cyber situational awareness, and allow to promptly adopt suitable countermeasures in case of an attack. In this paper we propose three novel methods for security information correlation designed to discover relevant insights and support the establishment of cyber situational awareness.

Cyber Threat Information Classification and Life Cycle Management using Smart Contracts.

Nowadays, cyber critical infrastructures (CIs) are increasingly targeted by highly sophisticated cyber attacks and should be protected. Advances in cyber situational awareness technology lead to the creation of increasingly complex tools. Human analysts face challenges finding relevant information in large, complex data sets, when exploring data to discover patterns and insights. To be effective in identifying and defeating future cyber-attacks, cyber analysts require novel tools for incident report classification and life cycle management that can automatically analyse and share result in secure way between CI stakeholders to achieve better situation comprehension. Our goal is to provide solutions in realtime that could replace human input for cyber incident classification and management tasks to eliminate irrelevant information and to focus on important information to promptly adopt suitable countermeasures in case of an attack. Another contribution relates to the provided support for document life cycle management that should reduce the number of manual operations and save storage space. In this paper we evaluate the application of so-called “smart contracts” to an incident classification system and assess its accuracy and performance. We demonstrate how the presented techniques can be applied to support incident handling tasks performed by security operation centers (SOCs).

An Expert System for Facilitating an Institutional Risk Profile Definition for Cyber Situational Awareness

Advances in cyber situational awareness technology lead to the creation of increasingly complex tools. Human analysts face challenges finding relevant information in large, complex data sets, when exploring data to discover patterns and insights. To be effective in identifying and defeating future cyber-attacks, cyber analysts require novel tools and models that can fill the gap between cyber data and situation comprehension. The research presented here is designed to develop a system that will warn a cyber analyst of file format endangerment that could impact cyber situational awareness. The expert system statistically determines an institutional risk profile based on collected expert knowledge in the form of risk profiles calculated by means of risk factors. The institutional risk profile indicates risks that could endanger digital content employed in analysis of cyber situational awareness. Based on the institutional risk profile, a cyber analyst can implement measures for stabilising and securing situational awareness. Each institution may have multiple risk profile definitions dependent on network, critical infrastructure, and the role of the cyber analyst. Another contribution relates to the provided support for visualisation and analysis of risk factors for individual dimensions. To facilitate decision-making, the aggregated information about the risk factors is presented as a multidimensional vector.

A decision support model for situational awareness in National Cyber Operations Centers

Advances in situational awareness technology have led to the creation of increasingly sophisticated tools across different application domains, often involving non-textual, highly dimensional, and multimedia data. Automated tools aim to address a number of situational awareness challenges, such as complex system topology, rapidly changing technologies, high noise to signal ratio, and multi-faceted threats. These factors make real-time situational awareness of cyber operations for the National Cyber Operations Centers very difficult to achieve. Appropriate data analysis techniques, in combination with modern anomaly detection output data and user knowledge, may provide solutions in real-time that could replace human input for many situational awareness analysis tasks.

Braille Vision Using Braille Display and Bio-inspired Camera

This paper presents a system for Braille learning support using real-time panoramic views generated from the novel smart panorama camera 360SCAN. The system makes use of the modern image processing libraries and state-of-the-art features extraction and clustering methods. We compare the real-time frames recorded by the bio-inspired camera to the reference images in order to determine particular figures. One contribution of the proposed method is that image edges can be transformed to the presentation on Braille display directly without any image processing. It is possible due to the bio-inspired construction of camera sensor. Another contribution is that our approach provides Braille users with images recorded from natural scenes. We conducted several experiments that verify the methods that demonstrate learning figures captured by the smart camera. Our goal is to process such images and present them on the Braille Display in a form appropriate for visually impaired people. All evaluations were performed in the natural environment with ambient illumination of 200 lux, which demonstrates high camera reliability in difficult light conditions. The system can be optimized by applying additional filters and features algorithms and by decreasing the rotational speed of the camera. The presented Braille learning support system is a building block for a rich and qualitative educational system for the efficient information transfer focused on visually impaired people.

Quality Assurance Tool Suite for Error Detection in Digital Repositories

Digitization workflows for automatic acquisition of image collections are susceptible to errors and require quality assurance. This paper presents the automated quality assurance tools aiming at detection of possible quality issues that supports decision making for document image collections. The main contribution of this research is the implementation of various image processing tools for different error detection scenarios and their combination in to a single tool suite. The tool suite includes: (1) The matchbox tool for accurate near-duplicate detection in document image collections, based on SIFT feature extraction. (2) The finger detection tool aims at automatic detection of fingers that mistakenly appear in scans from digitized image collections, which uses processing techniques for edge detection, local image information extraction and its analysis for reasoning on scan quality. (3) The cropping error detection tool supports the detection of common cropping problems such as text shifted to the edge of the image, unwanted page borders, or unwanted text from a previous page on the image. Another important contribution of this work is a definition of the quality assurance workflow and its automatic execution for error detection in digital document collections. The presented tool suite detects described errors and presents them for additional manual analysis and collection cleaning. A statistical overview of evaluated data and characteristics like performance and accuracy is delivered. The results of the analysis confirm our hypothesis that an automated approach is able to detect errors with reliable quality, thus making quality control for large digitisation projects a feasible and affordable process.

Duplicate detection approaches for quality assurance of document image collections

This paper presents an evaluation of different methods for automatic duplicate detection in digitized collections. These approaches are meant to support quality assurance and decision making for long term preservation of digital content in libraries and archives. In this paper we demonstrate advantages and drawbacks of different approaches. Our goal is to select the most efficient method which satisfies the digital preservation requirements for duplicate detection in digital document image collections. Workflows of different complexity were designed in order to demonstrate possible duplicate detection approaches. Assessment of individual approaches is based on workflow simplicity, detection accuracy and acceptable performance, since image processing methods typically require significant computation. Applied image processing methods create expert knowledge that facilitates decision making for long term preservation. We employ AI technologies like expert rules and clustering for inferring explicit knowledge on the content of the digital collection. A statistical analysis of the aggregated information and the qualitative analysis of the aggregated knowledge are presented in the evaluation part of the paper.

Quality control of real-time panoramic views from the smart camera 360SCAN

This paper presents a system for quality control of real-time panoramic views generated from the novel smart panorama camera 360SCAN. The system makes use of the modern image processing library OpenIMAJ and state-of-the-art features extraction and clustering methods. We compare a real-time frame collection recorded by the camera to a reference image collection in order to determine camera readiness. We conducted several experiments that verify the methods that demonstrate smart camera operational status and evaluate changes in the position or number of objects in the working location. All evaluations were performed in the natural environment with ambient illumination of 200 lux, which demonstrates high camera reliability in difficult light conditions. The system can be optimized for embedded applications by applying additional filters and features algorithms and by decreasing the rotational speed of the camera. The presented quality control system is a building block for a rich and qualitative expert system for the efficient control and support of the smart camera.

An expert system for quality assurance of document image collections

Digital preservation workflows for automatic acquisition of image collections are susceptible to errors and require quality assurance. This paper presents an expert system that supports decision making for page duplicate detection in document image collections. Our goal is to create a reliable inference engine and a solid knowledge base from the output of an image processing tool that detects duplicates based on methods of computer vision. We employ artificial intelligence technologies (i.e. knowledge base, expert rules) to emulate reasoning about the knowledge base similar to a human expert. A statistical analysis of the automatically extracted information from the image comparison tool and the qualitative analysis of the aggregated knowledge are presented.