scription

cyber-clustering-log

Query: clustering cyber log analysis Results: 50 Date: 2026-07-07T18:53:07.538Z


1. A Global Analysis of Cyber Threats to the Energy Sector: “Currents of Conflict” from a Geopolitical Perspective

Authors: Gustavo Sánchez, Ghada Elbez, Veit Hagenmeyer

Categories: cs.CR, cs.AI

Published: 2025-09-26

arXiv: 2509.22280v1

Link: arXiv | PDF

Abstract:

The escalating frequency and sophistication of cyber threats increased the need for their comprehensive understanding. This paper explores the intersection of geopolitical dynamics, cyber threat intelligence analysis, and advanced detection technologies, with a focus on the energy domain. We leverage generative artificial intelligence to extract and structure information from raw cyber threat descriptions, enabling enhanced analysis. By conducting a geopolitical comparison of threat actor origins and target regions across multiple databases, we provide insights into trends within the general threat landscape. Additionally, we evaluate the effectiveness of cybersecurity tools – with particular emphasis on learning-based techniques – in detecting indicators of compromise for energy-targeted attacks. This analysis yields new insights, providing actionable information to researchers, policy makers, and cybersecurity professionals.


2. Towards Automated Cyber Range Design: Characterizing and Matching Demands to Supplies

Authors: Ekzhin Ear, Jose L. C. Remy, Shouhuai Xu

Categories: cs.CR

Published: 2023-07-10

arXiv: 2307.04416v1

Link: arXiv | PDF

Abstract:

Cyber ranges mimic real-world cyber environments and are in high demand. Before building their own cyber ranges, organizations need to deeply understand what construction supplies are available to them. A fundamental supply is the cyber range architecture, which prompts an important research question: Which cyber range architecture is most appropriate for an organization’s requirements? To answer this question, we propose an innovative framework to specify cyber range requirements, characterize cyber range architectures (based on our analysis of 45 cyber range architectures), and match cyber range architectures to cyber range requirements.


3. Challenges in Digital Twin Development for Cyber-Physical Production Systems

Authors: Heejong Park, Arvind Easwaran, Sidharta Andalam

Categories: cs.SE

Published: 2021-02-04

arXiv: 2102.03341v1

Link: arXiv | PDF

Abstract:

The recent advancement of information and communication technology makes digitalisation of an entire manufacturing shop-floor possible where physical processes are tightly intertwined with their cyber counterparts. This led to an emergence of a concept of digital twin, which is a realistic virtual copy of a physical object. Digital twin will be the key technology in Cyber-Physical Production Systems (CPPS) and its market is expected to grow significantly in the coming years. Nevertheless, digital twin is still relatively a new concept that people have different perspectives on its requirements, capabilities, and limitations. To better understand an effect of digital twin’s operations, mitigate complexity of capturing dynamics of physical phenomena, and improve analysis and predictability, it is important to have a development tool with a strong semantic foundation that can accurately model, simulate, and synthesise the digital twin. This paper reviews current state-of-art on tools and developments of digital twin in manufacturing and discusses potential design challenges.


4. Security Modelling for Cyber-Physical Systems: A Systematic Literature Review

Authors: Shaofei Huang, Christopher M. Poskitt, Lwin Khin Shar

Categories: cs.CR

Published: 2024-04-11

arXiv: 2404.07527v3

Link: arXiv | PDF

Abstract:

Cyber-physical systems are at the intersection of digital technology and engineering domains, rendering them high-value targets of sophisticated and well-funded cybersecurity threat actors. Prominent cybersecurity attacks on CPS have brought attention to the vulnerability of these systems and the inherent weaknesses of critical infrastructure reliant on them. Security modelling for CPS is an important mechanism to systematically identify and assess vulnerabilities, threats, and risks throughout system life cycles, and to ultimately ensure system resilience, safety, and reliability. This survey delves into state-of-the-art research on CPS security modelling, encompassing both threat and attack modelling. While these terms are sometimes used interchangeably, they are different concepts. This paper elaborates on the differences between threat and attack modelling, examining their implications for CPS security. We conducted a systematic search that yielded 449 papers, from which 32 were selected and categorised into three clusters: those focused on threat modelling methods, attack modelling methods, and literature reviews. Specifically, we sought to examine what security modelling methods exist today, and how they address real-world cybersecurity threats and CPS-specific attacker capabilities throughout the life cycle of CPS, which typically span longer durations compared to traditional IT systems. This paper also highlights several limitations in existing research, wherein security models adopt simplistic approaches that do not adequately consider the dynamic, multi-layer, multi-path, and multi-agent characteristics of real-world cyber-physical attacks.


5. Assessing Cyber-Physical Security in Industrial Control Systems

Authors: Martín Barrère, Chris Hankin, Demetrios G. Eliades, Nicolas Nicolau, Thomas Parisini

Categories: cs.CR, cs.NI, eess.SY

Published: 2019-11-21

arXiv: 1911.09404v1

Link: arXiv | PDF

Abstract:

Over the last years, Industrial Control Systems (ICS) have become increasingly exposed to a wide range of cyber-physical threats. Efficient models and techniques able to capture their complex structure and identify critical cyber-physical components are therefore essential. AND/OR graphs have proven very useful in this context as they are able to semantically grasp intricate logical interdependencies among ICS components. However, identifying critical nodes in AND/OR graphs is an NP-complete problem. In addition, ICS settings normally involve various cyber and physical security measures that simultaneously protect multiple ICS components in overlapping manners, which makes this problem even harder. In this paper, we present an extended security metric based on AND/OR hypergraphs which efficiently identifies the set of critical ICS components and security measures that should be compromised, with minimum cost (effort) for an attacker, in order to disrupt the operation of vital ICS assets. Our approach relies on MAX-SAT techniques, which we have incorporated in META4ICS, a Java-based security metric analyser for ICS. We also provide a thorough performance evaluation that shows the feasibility of our method. Finally, we illustrate our methodology through a case study in which we analyse the security posture of a realistic Water Transport Network (WTN).


6. Advanced Symbolic Time Series Analysis in Cyber Physical Systems

Authors: Roland Ritt, Paul O’Leary, Christopher Josef Rothschedl, Matthew Harker

Categories: cs.CE

Published: 2018-02-02

arXiv: 1802.00617v1

Link: arXiv | PDF

Abstract:

This paper presents advanced symbolic time series analysis (ASTSA) for large data sets emanating from cyber physical systems (CPS). The definition of CPS most pertinent to this paper is: A CPS is a system with a coupling of the cyber aspects of computing and communications with the physical aspects of dynamics and engineering that must abide by the laws of physics. This includes sensor networks, real-time and hybrid systems. To ensure that the computation results conform to the laws of physics a linear differential operator (LDO) is embedded in the processing channel for each sensor. In this manner the dynamics of the system can be incorporated prior to performing symbolic analysis. A non-linear quantization is used for the intervals corresponding to the symbols. The intervals are based on observed modes of the system, which can be determined either during an exploratory phase or online during operation of the system. A complete processing channel is called a single channel lexical analyser; one is made available for each sensor on the machine being observed. The implementation of LDO in the system is particularly important since it enables the establishment of a causal link between the observations of the dynamic system and their cause. Without causality there can be no semantics and without semantics no knowledge acquisition based on the physical background of the system being observed. Correlation alone is not a guarantee for causality. This work was originally motivated from the observation of large bulk mate- rial handling systems. Typically, there are $n = 150\dots250$ sensors per machine, and data is collected in a multi rate manner; whereby general sensors are sampled with $f_s = 1Hz$ and vibration data being sampled in the kilo-hertz range.


7. Contrastive Pessimistic Likelihood Estimation for Semi-Supervised Classification

Authors: Marco Loog

Categories: stat.ML, cs.LG, stat.ME

Published: 2015-03-01

arXiv: 1503.00269v2

Link: arXiv | PDF

Abstract:

Improvement guarantees for semi-supervised classifiers can currently only be given under restrictive conditions on the data. We propose a general way to perform semi-supervised parameter estimation for likelihood-based classifiers for which, on the full training set, the estimates are never worse than the supervised solution in terms of the log-likelihood. We argue, moreover, that we may expect these solutions to really improve upon the supervised classifier in particular cases. In a worked-out example for LDA, we take it one step further and essentially prove that its semi-supervised version is strictly better than its supervised counterpart. The two new concepts that form the core of our estimation principle are contrast and pessimism. The former refers to the fact that our objective function takes the supervised estimates into account, enabling the semi-supervised solution to explicitly control the potential improvements over this estimate. The latter refers to the fact that our estimates are conservative and therefore resilient to whatever form the true labeling of the unlabeled data takes on. Experiments demonstrate the improvements in terms of both the log-likelihood and the classification error rate on independent test sets.


8. On Autonomous Agents in a Cyber Defence Environment

Authors: Mitchell Kiely, David Bowman, Maxwell Standen, Christopher Moir

Categories: cs.CR

Published: 2023-09-14

arXiv: 2309.07388v1

Link: arXiv | PDF

Abstract:

Autonomous Cyber Defence is required to respond to high-tempo cyber-attacks. To facilitate the research in this challenging area, we explore the utility of the autonomous cyber operation environments presented as part of the Cyber Autonomy Gym for Experimentation (CAGE) Challenges, with a specific focus on CAGE Challenge 2. CAGE Challenge 2 required a defensive Blue agent to defend a network from an attacking Red agent. We provide a detailed description of the this challenge and describe the approaches taken by challenge participants. From the submitted agents, we identify four classes of algorithms, namely, Single- Agent Deep Reinforcement Learning (DRL), Hierarchical DRL, Ensembles, and Non-DRL approaches. Of these classes, we found that the hierarchical DRL approach was the most capable of learning an effective cyber defensive strategy. Our analysis of the agent policies identified that different algorithms within the same class produced diverse strategies and that the strategy used by the defensive Blue agent varied depending on the strategy used by the offensive Red agent. We conclude that DRL algorithms are a suitable candidate for autonomous cyber defence applications.


9. Asymptotic Analysis of the Paradox in Log-Stretch Dip Moveout

Authors: Xin-She Yang, Binzhong Zhou

Categories: math.AP, physics.data-an, physics.geo-ph

Published: 2010-03-27

arXiv: 1003.5306v1

Link: arXiv | PDF

Abstract:

There exists a paradox in dip moveout (DMO) in seismic data processing. The paradox is why Notfors and Godfrey’s approximate time log-stretched DMO can produce better impulse responses than the full log DMO, and why Hale’s f-k DMO is correct although it was based on two inaccurate assumptions for the midpoint repositioning and the DMO time relationship? Based on the asymptotic analysis of the DMO algorithms, we find that any form of correctly formulated DMO must handle both space and time coordinates properly in order to deal with all dips accurately. The surprising improvement of Notfors and Godfrey’s log DMO on Bale and Jakubowicz’s full log DMO was due to the equivalent midpoint repositioning by transforming the time-related phase shift to the space-related phase shift. The explanation of why Hale’s f-k DMO is correct although it was based on two inaccurate assumptions is that the two approximations exactly cancel each other in the f-k domain to give the correct final result.


10. On Measuring and Quantifying Performance: Error Rates, Surrogate Loss, and an Example in SSL

Authors: Marco Loog, Jesse H. Krijthe, Are C. Jensen

Categories: cs.LG, cs.CV, stat.ML

Published: 2017-07-13

arXiv: 1707.04025v1

Link: arXiv | PDF

Abstract:

In various approaches to learning, notably in domain adaptation, active learning, learning under covariate shift, semi-supervised learning, learning with concept drift, and the like, one often wants to compare a baseline classifier to one or more advanced (or at least different) strategies. In this chapter, we basically argue that if such classifiers, in their respective training phases, optimize a so-called surrogate loss that it may also be valuable to compare the behavior of this loss on the test set, next to the regular classification error rate. It can provide us with an additional view on the classifiers’ relative performances that error rates cannot capture. As an example, limited but convincing empirical results demonstrates that we may be able to find semi-supervised learning strategies that can guarantee performance improvements with increasing numbers of unlabeled data in terms of log-likelihood. In contrast, the latter may be impossible to guarantee for the classification error rate.


11. Cyber Protection Applications of Quantum Computing: A Review

Authors: Ummar Ahmed, Tuomo Sipola, Jari Hautamäki

Categories: cs.CR, cs.ET

Published: 2024-06-19

arXiv: 2406.13259v3

Link: arXiv | PDF

Abstract:

Quantum computing is a cutting-edge field of information technology that harnesses the principles of quantum mechanics to perform computations. It has major implications for the cyber security industry. Existing cyber protection applications are working well, but there are still challenges and vulnerabilities in computer networks. Sometimes data and privacy are also compromised. These complications lead to research questions asking what kind of cyber protection applications of quantum computing are there and what potential methods or techniques can be used for cyber protection? These questions will reveal how much power quantum computing has and to what extent it can outperform the conventional computing systems. This scoping review was conducted by considering 815 papers. It showed the possibilities that can be achievedif quantum technologies are implemented in cyber environments. This scoping review discusses various domains such as algorithms and applications, bioinformatics, cloud and edge computing, the organization of complex systems, application areas focused on security and threats, and the broader quantum computing ecosystem. In each of these areas, there is significant scope for quantum computing to be implemented and to revolutionize the working environment. Numerous quantum computing applications for cyber protection and a number of techniques to protect our data and privacy were identified. The results are not limited to network security but also include data security. This paper also discusses societal aspects, e.g., the applications of quantum computing in the social sciences. This scoping review discusses how to enhance the efficiency and security of quantum computing in various cyber security domains. Additionally, it encourages the reader to think about what kind of techniques and methods can be deployed to secure the cyber world.


12. Message Passing for Analysis and Resilient Design of Self-Healing Interdependent Cyber-Physical Networks

Authors: Ali Behfarnia, Ali Eslami

Categories: cs.SI

Published: 2016-06-03

arXiv: 1606.00955v2

Link: arXiv | PDF

Abstract:

Coupling cyber and physical systems gives rise to numerous engineering challenges and opportunities. An important challenge is the contagion of failure from one system to another, that can lead to large scale cascading failures. On the other hand, self-healing ability emerges as a valuable opportunity where the overlay cyber network can cure failures in the underlying physical network. To capture both self-healing and contagion, we introduce a factor graph representation of inter-dependent cyber-physical systems in which factor nodes represent various node functionalities and the edges capture the interactions between the nodes. We develop a message passing algorithm to study the dynamics of failure propagation and healing in this representation. Through applying a fixed-point analysis to this algorithm, we investigate the network reaction to initial disruptions. Our analysis provides simple yet critical guidelines for choosing network parameters to achieve resiliency against cascading failures.


13. Kinetic and Cyber

Authors: Alexander Kott, Norbou Buchler, Kristin E. Schaefer

Categories: cs.CY, cs.HC

Published: 2015-11-11

arXiv: 1511.03531v1

Link: arXiv | PDF

Abstract:

We compare and contrast situation awareness in cyber warfare and in conventional, kinetic warfare. Situation awareness (SA) has a far longer history of study and applications in such areas as control of complex enterprises and in conventional warfare, than in cyber warfare. Far more is known about the SA in conventional military conflicts, or adversarial engagements, than in cyber ones. By exploring what is known about SA in conventional, also commonly referred to as kinetic, battles, we may gain insights and research directions relevant to cyber conflicts. We discuss the nature of SA in conventional (often called kinetic) conflict, review what is known about this kinetic SA (KSA), and then offer a comparison with what is currently understood regarding the cyber SA (CSA). We find that challenges and opportunities of KSA and CSA are similar or at least parallel in several important ways. With respect to similarities, in both kinetic and cyber worlds, SA strongly impacts the outcome of the mission. Also similarly, cognitive biases are found in both KSA and CSA. As an example of differences, KSA often relies on commonly accepted, widely used organizing representation - map of the physical terrain of the battlefield. No such common representation has emerged in CSA, yet.


14. Fundamental Concepts of Cyber Resilience: Introduction and Overview

Authors: Igor Linkov, Alexander Kott

Categories: cs.CR

Published: 2018-06-07

arXiv: 1806.02852v1

Link: arXiv | PDF

Abstract:

Given the rapid evolution of threats to cyber systems, new management approaches are needed that address risk across all interdependent domains (i.e., physical, information, cognitive, and social) of cyber systems. Further, the traditional approach of hardening of cyber systems against identified threats has proven to be impossible. Therefore, in the same way that biological systems develop immunity as a way to respond to infections and other attacks, so too must cyber systems adapt to ever-changing threats that continue to attack vital system functions, and to bounce back from the effects of the attacks. Here, we explain the basic concepts of resilience in the context of systems, discuss related properties, and make business case of cyber resilience. We also offer a brief summary of ways to assess cyber resilience of a system, and approaches to improving cyber resilience.


15. Detecting cyber threats through social network analysis: short survey

Authors: Lyudmyla Kirichenko, Tamara Radivilova, Anders Carlsson

Categories: cs.SI, cs.CR, cs.CY

Published: 2018-05-17

arXiv: 1805.06680v1

Link: arXiv | PDF

Abstract:

This article considers a short survey of basic methods of social networks analysis, which are used for detecting cyber threats. The main types of social network threats are presented. Basic methods of graph theory and data mining, that deals with social networks analysis are described. Typical security tasks of social network analysis, such as community detection in network, detection of leaders in communities, detection experts in networks, clustering text information and others are considered.


16. Cyber risk and the cross-section of stock returns

Authors: Daniel Celeny, Loïc Maréchal

Categories: q-fin.PM

Published: 2024-02-07

arXiv: 2402.04775v2

Link: arXiv | PDF

Abstract:

We extract firms’ cyber risk with a machine learning algorithm measuring the proximity between their disclosures and a dedicated cyber corpus. Our approach outperforms dictionary methods, uses full disclosure and not devoted-only sections, and generates a cyber risk measure uncorrelated with other firms’ characteristics. We find that a portfolio of US-listed stocks in the high cyber risk quantile generates an excess return of 18.72% p.a. Moreover, a long-short cyber risk portfolio has a significant and positive risk premium of 6.93% p.a., robust to all factors’ benchmarks. Finally, using a Bayesian asset pricing method, we show that our cyber risk factor is the essential feature that allows any multi-factor model to price the cross-section of stock returns.


17. Towards Autonomous Cyber Operation Agents: Exploring the Red Case

Authors: Li Li, Jean-Pierre S. El Rami, Ryan Kerr, Adrian Taylor, Grant Vandenberghe

Categories: cs.CR

Published: 2023-09-05

arXiv: 2309.02247v2

Link: arXiv | PDF

Abstract:

Recently, reinforcement and deep reinforcement learning (RL/DRL) have been applied to develop autonomous agents for cyber network operations(CyOps), where the agents are trained in a representative environment using RL and particularly DRL algorithms. The training environment must simulate CyOps with high fidelity, which the agent aims to learn and accomplish. A good simulator is hard to achieve due to the extreme complexity of the cyber environment. The trained agent must also be generalizable to network variations because operational cyber networks change constantly. The red agent case is taken to discuss these two issues in this work. We elaborate on their essential requirements and potential solution options, illustrated by some preliminary experimentations in a Cyber Gym for Intelligent Learning (CyGIL) testbed.


18. A Novel Mutual Insurance Model for Hedging Against Cyber Risks in Power Systems Deploying Smart Technologies

Authors: Pikkin Lau, Lingfeng Wang, Wei Wei, Zhaoxi Liu, Chee-Wooi Ten

Categories: cs.GT, eess.SY

Published: 2024-03-17

arXiv: 2403.11054v1

Link: arXiv | PDF

Abstract:

In this paper, a novel cyber-insurance model design is proposed based on system risk evaluation with smart technology applications. The cyber insurance policy for power systems is tailored via cyber risk modeling, reliability impact analysis, and insurance premium calculation. A stochastic Epidemic Network Model is developed to evaluate the cyber risk by propagating cyberattacks among graphical vulnerabilities. Smart technologies deployed in risk modeling include smart monitoring and job thread assignment. Smart monitoring boosts the substation availability against cyberattacks with preventive and corrective measures. The job thread assignment solution reduces the execution failures by distributing the control and monitoring tasks to multiple threads. Reliability assessment is deployed to estimate load losses convertible to monetary losses. These monetary losses would be shared through a mutual insurance plan. To ensure a fair distribution of indemnity, a new Shapley mutual insurance principle is devised. Effectiveness of the proposed Shapley mutual insurance design is validated via case studies. The Shapley premium is compared with existent premium designs. It is shown that the Shapley premium has high indemnity levels closer to those of Tail Conditional Expectation premium. Meanwhile, the Shapley premium is nearly as affordable as the coalitional premium and keeps a relatively low insolvency probability.


19. Analysis and Design of Uncertain Cyber-Physical Systems

Authors: Alessandro Pinto

Categories: eess.SY

Published: 2023-07-31

arXiv: 2308.00052v1

Link: arXiv | PDF

Abstract:

Several sources of uncertainty have to be taken into account in the analysis and design of CPS. The set of parameters used in the model of the physical plant of a CPS may be uncertain due, for example, to manufacturing processes that are precise up to some bounded tolerance. Physical quantities are sensed by electronic components that add noise to the sensed signals. Abstraction of the physical world, which is often necessary to limit the complexity of the models used in analysis and at run-time in decision-making, leads to non-determinism. The cyber side of a CPS, which includes both hardware and software components, exposes several types of uncertainty such as failures, latency, and implementation errors. Design processes and tools allow engineers to minimize the impact of these types of uncertainty, and to deliver systems which can be operated with an acceptable level of risk. In the past several years, cyber-physical systems have evolved, primarily due to pervasive connectivity, miniaturization, cost-effectiveness of hardware, and advances in the area of Artificial Intelligence. This new class of applications features an environment that is much more complex to model than traditional physical systems due not only to their scale, but also to new sources and types of uncertainty. Consider, for example, the typical case of echo chambers which is attributed to the effect that machine learning algorithms have on the bias of people. Such behavior is not easily predictable because of high uncertainty in the environment (people), which is only approximately represented by machine learning models, but that is inherently due to lack of knowledge. New models and analysis methods are therefore needed to capture different types of uncertainties, and to analyze these new classes of systems.


20. Event and Activity Recognition in Video Surveillance for Cyber-Physical Systems

Authors: Swarnabja Bhaumik, Prithwish Jana, Partha Pratim Mohanta

Categories: cs.CV, cs.LG, cs.RO

Published: 2021-11-03

arXiv: 2111.02064v1

Link: arXiv | PDF

Abstract:

This chapter aims to aid the development of Cyber-Physical Systems (CPS) in automated understanding of events and activities in various applications of video-surveillance. These events are mostly captured by drones, CCTVs or novice and unskilled individuals on low-end devices. Being unconstrained, these videos are immensely challenging due to a number of quality factors. We present an extensive account of the various approaches taken to solve the problem over the years. This ranges from methods as early as Structure from Motion (SFM) based approaches to recent solution frameworks involving deep neural networks. We show that the long-term motion patterns alone play a pivotal role in the task of recognizing an event. Consequently each video is significantly represented by a fixed number of key-frames using a graph-based approach. Only the temporal features are exploited using a hybrid Convolutional Neural Network (CNN) + Recurrent Neural Network (RNN) architecture. The results we obtain are encouraging as they outperform standard temporal CNNs and are at par with those using spatial information along with motion cues. Further exploring multistream models, we conceive a multi-tier fusion strategy for the spatial and temporal wings of a network. A consolidated representation of the respective individual prediction vectors on video and frame levels is obtained using a biased conflation technique. The fusion strategy endows us with greater rise in precision on each stage as compared to the state-of-the-art methods, and thus a powerful consensus is achieved in classification. Results are recorded on four benchmark datasets widely used in the domain of action recognition, namely CCV, HMDB, UCF-101 and KCV. It is inferable that focusing on better classification of the video sequences certainly leads to robust actuation of a system designed for event surveillance and object cum activity tracking.


21. Informing Autonomous Deception Systems with Cyber Expert Performance Data

Authors: Maxine Major, Brian Souza, Joseph DiVita, Kimberly Ferguson-Walter

Categories: cs.CR, cs.AI

Published: 2021-08-31

arXiv: 2109.00066v1

Link: arXiv | PDF

Abstract:

The performance of artificial intelligence (AI) algorithms in practice depends on the realism and correctness of the data, models, and feedback (labels or rewards) provided to the algorithm. This paper discusses methods for improving the realism and ecological validity of AI used for autonomous cyber defense by exploring the potential to use Inverse Reinforcement Learning (IRL) to gain insight into attacker actions, utilities of those actions, and ultimately decision points which cyber deception could thwart. The Tularosa study, as one example, provides experimental data of real-world techniques and tools commonly used by attackers, from which core data vectors can be leveraged to inform an autonomous cyber defense system.


22. Towards Systematically Deriving Defence Mechanisms from Functional Requirements of Cyber-Physical Systems

Authors: Cheah Huei Yoong, Venkata Reddy Palleti, Arlindo Silva, Christopher M. Poskitt

Categories: cs.CR

Published: 2020-07-07

arXiv: 2007.03651v2

Link: arXiv | PDF

Abstract:

The threats faced by cyber-physical systems (CPSs) in critical infrastructure have motivated the development of different attack detection mechanisms, such as those that monitor for violations of invariants, i.e. properties that always hold in normal operation. Given the complexity of CPSs, several existing approaches focus on deriving invariants automatically from data logs, but these can miss possible system behaviours if they are not represented in that data. Furthermore, resolving any design flaws identified in this process is costly, as the CPS is already built. In this position paper, we propose a systematic method for deriving invariants before a CPS is built by analysing its functional requirements. Our method, inspired by the axiomatic design methodology for systems, iteratively analyses dependencies in the design to construct equations and process graphs that model the invariant relationships between CPS components. As a preliminary study, we applied it to the design of a water treatment plant testbed, implementing checkers for two invariants by using decision trees, and finding that they could detect some examples of attacks on the testbed with high accuracy and without false positives. Finally, we explore how developing our method further could lead to more robust CPSs and reduced costs by identifying design weaknesses before systems are implemented.


23. Cluster environments around quasars at 0.5 < z < 0.8

Authors: M. Wold, M. Lacy, P. B. Lilje, S. Serjeant

Categories: astro-ph

Published: 1999-10-14

arXiv: astro-ph/9910261v1

Link: arXiv | PDF

Abstract:

We have observed the galaxy environments around two complete samples of radio-loud (steep-spectrum) and radio-quiet quasars (RLQ and RQQ) at 0.5 < z < 0.8 that are matched in B-luminosity, and find that the environments of both quasar populations are pratically indistinguishable. A few objects are found in relatively rich clusters, but on average, they seem to prefer galaxy groups or cluster of approximatly Abell class 0. By combining the RLQ sample with samples from the literature, we detect a weak, but significant, positive correlation between environmental richness and quasar radio luminosity. This may give us clues about what determines a quasar’s radio luminosity.


24. Self-Repairing Hardware Architecture for Safety-Critical Cyber-Physical-Systems

Authors: Shawkat Khairullah, Carl Elks

Categories: cs.DC

Published: 2019-10-30

arXiv: 1910.14127v2

Link: arXiv | PDF

Abstract:

Digital embedded systems in safety-critical cyber-physical-systems (CPSs) require high levels of resilience and robustness against different fault classes. In recent years, self-healing concepts based on biological physiology have received attention for the design and implementation of reliable systems. However, many of these approaches have not been architected from the outset with safety in mind, nor have they been targeted for the safety-related automation industry where the significant need exists. This study presents a new self-healing hardware architecture inspired by integrating biological concepts, fault tolerance techniques, and IEC 61131-3 operational schematics to facilitate adaption in automation and critical infrastructure. The proposed architecture is organised in two levels: the critical functions layer used for providing the intended service of the application and the healing layer that continuously monitors the correct execution of that application and generates health syndromes to heal any failure occurrence inside the functions layer. Finally, two industrial applications have been mapped on this architecture to date, and the authors believe the nexus of its concepts can positively impact the next generation of critical CPSs in industrial automation.


25. Cyberbullying Indicator as a Precursor to a Cyber Construct Development

Authors: Salman Khalifa Al-Romaihi, Richard Adeyemi Ikuesan

Categories: cs.CR, cs.CY

Published: 2022-03-31

arXiv: 2203.16869v1

Link: arXiv | PDF

Abstract:

The current global pandemic occasioned by the SARS-CoV-2 virus has been attributed, partially, to the growing range of cyber vises within the cyber ecosystem. One area of such impact is the increasing tendencies of cyber-bullying among students. Cyberbullying – the act of subjugating others using a cyber platform – is a growing concern among educators, especially in High-S chools. Whilst studies have been carried out towards understanding this menace, the approach towards id entifying indicators of cyberbullying is largely missing in the literature. To address this research gap, this study proposed a cyberbullying framework based on the identification of some observable behavioral indicators. Using a self-administered measurement instrument from 30-respondents, the study observed the probability of a cyberbully construct, as a potential measure of the presence of cyberbullying; a probability that has been largely ignored in extant literature. This observation presents a veritable tool for the development of an active and integrated learning platform void of abuse among students. Furthermore, within the cyber education ecosystem, a cyberbullying construct would provide a mechanism for the development of an appropriate online learning platform, which would be useful to the information system and cyber education research communities.


26. Large Language Model-Based Reward Design for Deep Reinforcement Learning-Driven Autonomous Cyber Defense

Authors: Sayak Mukherjee, Samrat Chatterjee, Emilie Purvine, Ted Fujimoto, Tegan Emerson

Categories: cs.LG, cs.AI, cs.MA

Published: 2025-11-20

arXiv: 2511.16483v1

Link: arXiv | PDF

Abstract:

Designing rewards for autonomous cyber attack and defense learning agents in a complex, dynamic environment is a challenging task for subject matter experts. We propose a large language model (LLM)-based reward design approach to generate autonomous cyber defense policies in a deep reinforcement learning (DRL)-driven experimental simulation environment. Multiple attack and defense agent personas were crafted, reflecting heterogeneity in agent actions, to generate LLM-guided reward designs where the LLM was first provided with contextual cyber simulation environment information. These reward structures were then utilized within a DRL-driven attack-defense simulation environment to learn an ensemble of cyber defense policies. Our results suggest that LLM-guided reward designs can lead to effective defense strategies against diverse adversarial behaviors.


27. Overview of Cyber Science and Technology Programs at the U.S. Army Research Laboratory

Authors: Alexander Kott

Categories: cs.CR

Published: 2017-01-03

arXiv: 1702.04652v1

Link: arXiv | PDF

Abstract:

This paper provides an overview of research programs in cyber security performed by the U.S Army Research Laboratory. Although ARL is the U.S. Army’s corporate laboratory that focuses on fundamental and early applied research, the fundamental science endeavors are closely integrated with extensive operationally-oriented programs. One example is the Cyber Collaborative Research Alliance (CRA) that brings together ARL scientists with academic researchers from dozens of U.S. universities. ARL cyber scientists are largely driven by challenges unique to the ground operations of the Army; this paper outlines a few of these challenges and the ways in which they are addressed by ARL research efforts. The long-term campaign of cyber research is guided by the vision of the future Army battlefield. In the year 2040, it will be a highly converged virtual-physical space, where cyber operations will be an integral part of the battle.


28. Implicitly Constrained Semi-Supervised Linear Discriminant Analysis

Authors: Jesse H. Krijthe, Marco Loog

Categories: stat.ML, cs.LG

Published: 2014-11-17

arXiv: 1411.4521v1

Link: arXiv | PDF

Abstract:

Semi-supervised learning is an important and active topic of research in pattern recognition. For classification using linear discriminant analysis specifically, several semi-supervised variants have been proposed. Using any one of these methods is not guaranteed to outperform the supervised classifier which does not take the additional unlabeled data into account. In this work we compare traditional Expectation Maximization type approaches for semi-supervised linear discriminant analysis with approaches based on intrinsic constraints and propose a new principled approach for semi-supervised linear discriminant analysis, using so-called implicit constraints. We explore the relationships between these methods and consider the question if and in what sense we can expect improvement in performance over the supervised procedure. The constraint based approaches are more robust to misspecification of the model, and may outperform alternatives that make more assumptions on the data, in terms of the log-likelihood of unseen objects.


29. Towards semi-classical analysis for sub-elliptic operators

Authors: Veronique Fischer

Categories: math.FA, math-ph, math.AP, math.OA

Published: 2021-11-18

arXiv: 2111.09854v1

Link: arXiv | PDF

Abstract:

We discuss the recent developments of semi-classical and micro-local analysis in the context of nilpotent Lie groups and for sub-elliptic operators. In particular, we give an overview of pseudo-differential calculi recently defined on nilpotent Lie groups as well as of the notion of quantum limits in the Euclidean and nilpotent cases.


30. Learning Cyber Defence Tactics from Scratch with Multi-Agent Reinforcement Learning

Authors: Jacob Wiebe, Ranwa Al Mallah, Li Li

Categories: cs.CR, cs.AI, cs.LG

Published: 2023-08-25

arXiv: 2310.05939v1

Link: arXiv | PDF

Abstract:

Recent advancements in deep learning techniques have opened new possibilities for designing solutions for autonomous cyber defence. Teams of intelligent agents in computer network defence roles may reveal promising avenues to safeguard cyber and kinetic assets. In a simulated game environment, agents are evaluated on their ability to jointly mitigate attacker activity in host-based defence scenarios. Defender systems are evaluated against heuristic attackers with the goals of compromising network confidentiality, integrity, and availability. Value-based Independent Learning and Centralized Training Decentralized Execution (CTDE) cooperative Multi-Agent Reinforcement Learning (MARL) methods are compared revealing that both approaches outperform a simple multi-agent heuristic defender. This work demonstrates the ability of cooperative MARL to learn effective cyber defence tactics against varied threats.


31. A Scalable Automatic Model Generation Tool for Cyber-Physical Network Topologies and Data Flows for Large-Scale Synthetic Power Grid Models

Authors: Samantha Israel, Sanjana Kunkolienkar, Ana Goulart, Kate Davis, Thomas Overbye

Categories: eess.SY

Published: 2025-04-08

arXiv: 2504.06396v1

Link: arXiv | PDF

Abstract:

Power grids and their cyber infrastructure are classified as Critical Energy Infrastructure/Information (CEII) and are not publicly accessible. While realistic synthetic test cases for power systems have been developed in recent years, they often lack corresponding cyber network models. This work extends synthetic grid models by incorporating cyber-physical representations. To address the growing need for realistic and scalable models that integrate both cyber and physical layers in electric power systems, this paper presents the Scalable Automatic Model Generation Tool (SAM-GT). This tool enables the creation of large-scale cyber-physical topologies for power system models. The resulting cyber-physical network models include power system switches, routers, and firewalls while accounting for data flows and industrial communication protocols. Case studies demonstrate the tool’s application to synthetic grid models of 500, 2,000, and 10,000 buses, considering three distinct network topologies. Results from these case studies include network metrics on critical nodes, hops, and generation times, showcasing effectiveness, adaptability, and scalability of SAM-GT.


32. Six Potential Game-Changers in Cyber Security: Towards Priorities in Cyber Science and Engineering

Authors: Alexander Kott, Ananthram Swami, Patrick McDaniel

Categories: cs.CR

Published: 2015-11-02

arXiv: 1511.00509v1

Link: arXiv | PDF

Abstract:

The fields of study encompassed by cyber science and engineering are broad and poorly defined at this time. As national governments and research communities increase their recognition of the importance, urgency and technical richness of these disciplines, a question of priorities arises: what specific sub-areas of research should be the foci of attention and funding? In this paper we point to an approach to answering this question. We explore results of a recent workshop that postulated possible game-changers or disruptive changes that might occur in cyber security within the next 15 years. We suggest that such game-changers may be useful in focusing attention of research communities on high-priority topics. Indeed, if a drastic, important change is likely to occur, should we not focus our research efforts on the nature and ramifications of the phenomena pertaining to that change? We illustrate each of the game-changers examples of related current research, and then offer recommendations for advancement of cyber science and engineering with respect to each of the six game-changers.


33. D0 Regional Analysis Center Concepts

Authors: L. Lueking, representing the D0 Remote Analysis Task Force

Categories: cs.DC

Published: 2003-06-19

arXiv: cs/0306115v1

Link: arXiv | PDF

Abstract:

The D0 experiment is facing many exciting challenges providing a computing environment for its worldwide collaboration. Transparent access to data for processing and analysis has been enabled through deployment of its SAM system to collaborating sites and additional functionality will be provided soon with SAMGrid components. In order to maximize access to global storage, computational and intellectual resources, and to enable the system to scale to the large demands soon to be realized, several strategic sites have been identified as Regional Analysis Centers (RAC’s). These sites play an expanded role within the system. The philosophy and function of these centers is discussed and details of their composition and operation are outlined. The plan for future additional centers is also addressed.


34. Analysis of Agglomerative Clustering

Authors: Marcel R. Ackermann, Johannes Blömer, Daniel Kuntze, Christian Sohler

Categories: cs.DS, cs.CG, cs.LG

Published: 2010-12-16

arXiv: 1012.3697v4

Link: arXiv | PDF

Abstract:

The diameter $k$-clustering problem is the problem of partitioning a finite subset of $\mathbb{R}^d$ into $k$ subsets called clusters such that the maximum diameter of the clusters is minimized. One early clustering algorithm that computes a hierarchy of approximate solutions to this problem (for all values of $k$) is the agglomerative clustering algorithm with the complete linkage strategy. For decades, this algorithm has been widely used by practitioners. However, it is not well studied theoretically. In this paper, we analyze the agglomerative complete linkage clustering algorithm. Assuming that the dimension $d$ is a constant, we show that for any $k$ the solution computed by this algorithm is an $O(\log k)$-approximation to the diameter $k$-clustering problem. Our analysis does not only hold for the Euclidean distance but for any metric that is based on a norm. Furthermore, we analyze the closely related $k$-center and discrete $k$-center problem. For the corresponding agglomerative algorithms, we deduce an approximation factor of $O(\log k)$ as well.


35. End-To-End Anomaly Detection for Identifying Malicious Cyber Behavior through NLP-Based Log Embeddings

Authors: Andrew Golczynski, John A. Emanuello

Categories: cs.AI, cs.CR

Published: 2021-08-27

arXiv: 2108.12276v1

Link: arXiv | PDF

Abstract:

Rule-based IDS (intrusion detection systems) are being replaced by more robust neural IDS, which demonstrate great potential in the field of Cybersecurity. However, these ML approaches continue to rely on ad-hoc feature engineering techniques, which lack the capacity to vectorize inputs in ways that are fully relevant to the discovery of anomalous cyber activity. We propose a deep end-to-end framework with NLP-inspired components for identifying potentially malicious behaviors on enterprise computer networks. We also demonstrate the efficacy of this technique on the recently released DARPA OpTC data set.


36. CyGIL: A Cyber Gym for Training Autonomous Agents over Emulated Network Systems

Authors: Li Li, Raed Fayad, Adrian Taylor

Categories: cs.CR, cs.AI, cs.LG

Published: 2021-09-07

arXiv: 2109.03331v1

Link: arXiv | PDF

Abstract:

Given the success of reinforcement learning (RL) in various domains, it is promising to explore the application of its methods to the development of intelligent and autonomous cyber agents. Enabling this development requires a representative RL training environment. To that end, this work presents CyGIL: an experimental testbed of an emulated RL training environment for network cyber operations. CyGIL uses a stateless environment architecture and incorporates the MITRE ATT&CK framework to establish a high fidelity training environment, while presenting a sufficiently abstracted interface to enable RL training. Its comprehensive action space and flexible game design allow the agent training to focus on particular advanced persistent threat (APT) profiles, and to incorporate a broad range of potential threats and vulnerabilities. By striking a balance between fidelity and simplicity, it aims to leverage state of the art RL algorithms for application to real-world cyber defence.


Authors: Osman Yagan, Dajun Qian, Junshan Zhang, Douglas Cochran

Categories: physics.data-an, cs.SI, physics.soc-ph

Published: 2012-01-12

arXiv: 1201.2698v2

Link: arXiv | PDF

Abstract:

We consider a cyber-physical system consisting of two interacting networks, i.e., a cyber-network overlaying a physical-network. It is envisioned that these systems are more vulnerable to attacks since node failures in one network may result in (due to the interdependence) failures in the other network, causing a cascade of failures that would potentially lead to the collapse of the entire infrastructure. The robustness of interdependent systems against this sort of catastrophic failure hinges heavily on the allocation of the (interconnecting) links that connect nodes in one network to nodes in the other network. In this paper, we characterize the optimum inter-link allocation strategy against random attacks in the case where the topology of each individual network is unknown. In particular, we analyze the “regular” allocation strategy that allots exactly the same number of bi-directional inter-network links to all nodes in the system. We show, both analytically and experimentally, that this strategy yields better performance (from a network resilience perspective) compared to all possible strategies, including strategies using random allocation, unidirectional inter-links, etc.


38. Macrostate Data Clustering

Authors: Daniel Korenblum, David Shalloway

Categories: physics.data-an, physics.comp-ph

Published: 2003-06-19

arXiv: physics/0306145v1

Link: arXiv | PDF

Abstract:

We develop an effective nonhierarchical data clustering method using an analogy to the dynamic coarse graining of a stochastic system. Analyzing the eigensystem of an interitem transition matrix identifies fuzzy clusters corresponding to the metastable macroscopic states (macrostates) of a diffusive system. A “minimum uncertainty criterion” determines the linear transformation from eigenvectors to cluster-defining window functions. Eigenspectrum gap and cluster certainty conditions identify the proper number of clusters. The physically motivated fuzzy representation and associated uncertainty analysis distinguishes macrostate clustering from spectral partitioning methods. Macrostate data clustering solves a variety of test cases that challenge other methods.


39. The energy revolution: cyber physical advances and opportunities for smart local energy systems

Authors: Nandor Verba, Elena Gaura, Stephen McArthur, George Konstantopoulos, Jianzhoug Wu, Zhong Fan, Dimitrios Athanasiadis, Pablo Rodolfo Baldivieso Monasterios, Euan Morris, Jeffrey Hardy

Categories: eess.SY

Published: 2021-06-29

arXiv: 2106.16157v1

Link: arXiv | PDF

Abstract:

We have designed a two-stage, 10-step process to give organisations a method to analyse small local energy systems (SLES) projects based on their Cyber Physical System components in order to develop future-proof energy systems. SLES are often developed for a specific range of use cases and functions, and these match the specific requirements and needs of the community, location or site under consideration. During the design and commissioning, new and specific cyber physical architectures are developed. These are the control and data systems that are needed to bridge the gap between the physical assets, the captured data and the control signals. Often, the cyber physical architecture and infrastructure is focused on functionality and the delivery of the specific applications. But we find that technologies and approaches have arisen from other fields that, if used within SLES, could support the flexibility, scalability and reusability vital to their success. As these can improve the operational data systems then they can also be used to enhance predictive functions If used and deployed effectively, these new approaches can offer longer term improvements in the use and effectiveness of SLES, while allowing the concepts and designs to be capitalised upon through wider roll-out and the offering of commercial services or products.


40. CybORG: A Gym for the Development of Autonomous Cyber Agents

Authors: Maxwell Standen, Martin Lucas, David Bowman, Toby J. Richer, Junae Kim, Damian Marriott

Categories: cs.CR

Published: 2021-08-20

arXiv: 2108.09118v1

Link: arXiv | PDF

Abstract:

Autonomous Cyber Operations (ACO) involves the development of blue team (defender) and red team (attacker) decision-making agents in adversarial scenarios. To support the application of machine learning algorithms to solve this problem, and to encourage researchers in this field to attend to problems in the ACO setting, we introduce CybORG, a work-in-progress gym for ACO research. CybORG features a simulation and emulation environment with a common interface to facilitate the rapid training of autonomous agents that can then be tested on real-world systems. Initial testing demonstrates the feasibility of this approach.


41. An Energy Management System Approach for Power System Cyber-Physical Resilience

Authors: Katherine Davis

Categories: eess.SY

Published: 2021-10-07

arXiv: 2110.03451v1

Link: arXiv | PDF

Abstract:

Power systems are large scale cyber-physical critical infrastructure that form the basis of modern society. The reliability and resilience of the grid is dependent on the correct functioning of related subsystems, including computing, communications, and control. The integration is widespread and has a profound impact on the operation, reliability, and efficiency of the grid. Technologies comprising these infrastructure can expose new sources of threats. Mapping these threats to their grid resilience impacts to stop them early requires a timely and detailed view of the entire cyber-physical system. Grid resilience must therefore be seen and addressed as a cyber-physical systems problem. This short position paper presents several key preliminaries, supported with evidence from experience, to enable cyber-physical situational awareness and intrusion response through a cyber-physical energy management system.


42. Learning-Assisted Secure End-to-End Network Slicing for Cyber-Physical Systems

Authors: Qiang Liu, Tao Han, Nirwan Ansari

Categories: cs.NI

Published: 2019-10-29

arXiv: 1910.13537v1

Link: arXiv | PDF

Abstract:

There is a pressing need to interconnect physical systems such as power grid and vehicles for efficient management and safe operations. Owing to the diverse features of physical systems, there is hardly a one-size-fits-all networking solution for developing cyber-physical systems. Network slicing is a promising technology that allows network operators to create multiple virtual networks on top of a shared network infrastructure. These virtual networks can be tailored to meet the requirements of different cyber-physical systems. However, it is challenging to design secure network slicing solutions that can efficiently create end-to-end network slices for diverse cyber-physical systems. In this article, we discuss the challenges and security issues of network slicing, study learning-assisted network slicing solutions, and analyze their performance under the denial-of-service attack. We also present a design and implementation of a small-scale testbed for evaluating the network slicing solutions.


43. Intelligent Autonomous Agents are Key to Cyber Defense of the Future Army Networks

Authors: Alexander Kott

Categories: cs.CR

Published: 2018-12-18

arXiv: 1812.08014v1

Link: arXiv | PDF

Abstract:

Intelligent autonomous agents will be widely present on the battlefield of the future. The proliferation of intelligent agents is the emerging reality of warfare, and they will form an ever growing fraction of total military assets. By necessity, intelligent autonomous cyber defense agents are likely to become primary cyber fighters on the future battlefield. Initial explorations have identified the key functions, components and their interactions for a potential reference architecture of such an agent. However, it is beyond the current state of AI to support an agent that could operate intelligently in an environment as complex as the real battlefield. A number of difficult challenges are yet to be overcome. At the same time, a growing body of research in Government and academia demonstrates promising steps towards solving some of the challenges. The industry is beginning to embrace approaches that may contribute to technologies of autonomous intelligent agents for cyber defense of the Army networks.


44. Beyond the IT Checklist: Engineering a Reasonable Standard of Care for Cyber Safety

Authors: Matthew E. Jablonski, Linton Wells, Kathryn B. Laskey, F. Brett Berlin

Categories: cs.CR

Published: 2026-06-11

arXiv: 2606.13612v1

Link: arXiv | PDF

Abstract:

Current U.S. cyber policy, centered on security, often treats documentation of controls and incident reports as a proxy for safety in the built environment. This paper argues that such an approach is inadequate for cyber-physical systems, where digital failures can produce kinetic harm. We construct and code a corpus of critical infrastructure policy documents (N=292, 2000-2025) to examine how “reasonable care” is operationalized across the NIST SP 800-160 Vol.~2 resilience lifecycle. The resulting maps show that obligations are concentrated in the Anticipate phase and emphasize administrative compliance, while Withstand and Recover phases rely heavily on delegated references to IT-focused control catalogs that are poorly aligned with physics-based hazards. We identify three major disconnects: miscalibrated delegated standards, recovery defined as notification rather than engineered navigation, and uneven adaptation requirements across sectors. We then propose a modernized standard of care anchored in hazard-specific traceability, structured assurance cases, and cyber resiliency engineering. Finally, we recommend that federal policy pair these engineering obligations with targeted incentives so that resilient architectures for critical infrastructure become a viable business decision rather than an unfunded expectation.


45. A Model-Based, Decision-Theoretic Perspective on Automated Cyber Response

Authors: Lashon B. Booker, Scott A. Musman

Categories: cs.AI

Published: 2020-02-20

arXiv: 2002.08957v1

Link: arXiv | PDF

Abstract:

Cyber-attacks can occur at machine speeds that are far too fast for human-in-the-loop (or sometimes on-the-loop) decision making to be a viable option. Although human inputs are still important, a defensive Artificial Intelligence (AI) system must have considerable autonomy in these circumstances. When the AI system is model-based, its behavior responses can be aligned with risk-aware cost/benefit tradeoffs that are defined by user-supplied preferences that capture the key aspects of how human operators understand the system, the adversary and the mission. This paper describes an approach to automated cyber response that is designed along these lines. We combine a simulation of the system to be defended with an anytime online planner to solve cyber defense problems characterized as partially observable Markov decision problems (POMDPs).


46. Digital Adoption and Cyber Security: An Analysis of Canadian Businesses

Authors: Joann Jasiak, Peter MacKenzie, Purevdorj Tuvaandorj

Categories: econ.GN

Published: 2025-04-16

arXiv: 2504.12413v2

Link: arXiv | PDF

Abstract:

This paper examines how Canadian firms balance the benefits of technology adoption against the rising risk of cyber security breaches. We merge data from the 2021 Canadian Survey of Digital Technology and Internet Use and the 2021 Canadian Survey of Cyber Security and Cybercrime to investigate the trade-off firms face when pursuing digitalization to enhance productivity and efficiency, balanced against the potential increase in cyber security risk. The analysis explores the extent of digital technology adoption, differences across industries, the subsequent associations with efficiency, and associated cyber security vulnerabilities. We build aggregate variables, such as the Business Digital Usage Score and a cyber security incidence variable to quantify each firm’s digital engagement and cyber security risk. A survey-weight-adjusted Lasso estimator is employed, and a debiasing method for high-dimensional logit models is introduced to identify the predictors of technological efficiency and cyber risk. The analysis reveals a digital divide linked to firm size, industry, and workforce composition. While rapid expansion of tools such as cloud services or artificial intelligence can raise efficiency, it simultaneously heightens exposure to cyber threats, particularly among larger enterprises.


47. Enhancing Cyber-Resilience in Self-Healing Cyber-Physical Systems with Implicit Guarantees

Authors: Randolph Loh, Vrizlynn L. L. Thing

Categories: cs.CR, cs.RO, eess.SY

Published: 2023-05-15

arXiv: 2305.08335v1

Link: arXiv | PDF

Abstract:

Self-Healing Cyber-Physical Systems (SH-CPS) effectively recover from system perceived failures without human intervention. They ensure a level of resilience and tolerance to unforeseen situations that arise from intrinsic system and component degradation, errors, or malicious attacks. Implicit redundancy can be exploited in SH-CPS to structurally adapt without the need to explicitly duplicate components. However, implicitly redundant components do not guarantee the same level of dependability as the primary component used to provide for a given function. Additional processes are needed to restore critical system functionalities as desired. This work introduces implicit guarantees to ensure the dependability of implicitly redundant components and processes. Implicit guarantees can be obtained through inheritance and decomposition. Therefore, a level of dependability can be guaranteed in SH-CPS after adaptation and recovery while complying with requirements. We demonstrate compliance with the requirement guarantees while ensuring resilience in SH-CPS.


48. Design and Evaluation of A Cyber-Physical Resilient Power System Testbed

Authors: Abhijeet Sahu, Patrick Wlazlo, Zeyu Mao, Hao Huang, Ana Goulart, Katherine Davis, Saman Zonouz

Categories: eess.SY

Published: 2020-11-27

arXiv: 2011.13552v1

Link: arXiv | PDF

Abstract:

A power system is a complex cyber-physical system whose security is critical to its function. A major challenge is to model and analyze its communication pathways with respect to cyber threats. To achieve this, the design and evaluation of a cyber-physical power system (CPPS) testbed called Resilient Energy Systems Lab (RESLab) is presented that captures realistic cyber, physical, and protection system features. RESLab is architected to be a fundamental tool for studying and improving the resilience of complex CPPS to cyber threats. The cyber network is emulated using Common Open Research Emulator (CORE) that acts as a gateway for the physical and protection devices to communicate. The physical grid is simulated in the dynamic time frame using PowerWorld Dynamic Studio (PWDS). The protection components are modeled with both PWDS and physical devices including the SEL Real-Time Automation Controller (RTAC). Distributed Network Protocol 3 (DNP3) is used to monitor and control the grid. Then, exemplifying the design and validation of these tools, this paper presents four case studies on cyber-attack and defense using RESLab, where we demonstrate false data and command injection using Man-in-the-Middle and Denial of Service attacks and validate them on a large-scale synthetic electric grid.


49. Towards a Manifesto for Cyber Humanities: Paradigms, Ethics, and Prospects

Authors: Giovanni Adorni, Emanuele Bellini

Categories: cs.CY, cs.AI, cs.DL

Published: 2025-08-03

arXiv: 2508.02760v1

Link: arXiv | PDF

Abstract:

The accelerated evolution of digital infrastructures and algorithmic systems is reshaping how the humanities engage with knowledge and culture. Rooted in the traditions of Digital Humanities and Digital Humanism, the concept of “Cyber Humanities” proposes a critical reconfiguration of humanistic inquiry for the post-digital era. This Manifesto introduces a flexible framework that integrates ethical design, sustainable digital practices, and participatory knowledge systems grounded in human-centered approaches. By means of a Decalogue of foundational principles, the Manifesto invites the scientific community to critically examine and reimagine the algorithmic infrastructures that influence culture, creativity, and collective memory. Rather than being a simple extension of existing practices, “Cyber Humanities” should be understood as a foundational paradigm for humanistic inquiry in a computationally mediated world. Keywords: Cyber Humanities, Digital Humanities, Transdisciplinary Epistemology, Algorithmic Reflexivity, Human-centered AI, Ethics-by-Design, Knowledge Ecosystems, Digital Sovereignty, Cognitive Infrastructures


50. Recurrent Neural Network Language Models for Open Vocabulary Event-Level Cyber Anomaly Detection

Authors: Aaron Tuor, Ryan Baerwolf, Nicolas Knowles, Brian Hutchinson, Nicole Nichols, Rob Jasper

Categories: cs.NE, cs.CR

Published: 2017-12-02

arXiv: 1712.00557v1

Link: arXiv | PDF

Abstract:

Automated analysis methods are crucial aids for monitoring and defending a network to protect the sensitive or confidential data it hosts. This work introduces a flexible, powerful, and unsupervised approach to detecting anomalous behavior in computer and network logs, one that largely eliminates domain-dependent feature engineering employed by existing methods. By treating system logs as threads of interleaved “sentences” (event log lines) to train online unsupervised neural network language models, our approach provides an adaptive model of normal network behavior. We compare the effectiveness of both standard and bidirectional recurrent neural network language models at detecting malicious activity within network log data. Extending these models, we introduce a tiered recurrent architecture, which provides context by modeling sequences of users’ actions over time. Compared to Isolation Forest and Principal Components Analysis, two popular anomaly detection algorithms, we observe superior performance on the Los Alamos National Laboratory Cyber Security dataset. For log-line-level red team detection, our best performing character-based model provides test set area under the receiver operator characteristic curve of 0.98, demonstrating the strong fine-grained anomaly detection performance of this approach on open vocabulary logging sources.