ICISSP 2025 Abstracts

Area 1 - Management and Operations

Full Papers

Paper Nr:	21
Title:	Cybersecurity Challenges in Critical Infrastructure: A Perspective on Regulations and Competence in Luxembourg
Authors:	Maxime Naval, Erik Perjons and Simon Hacks
Abstract:	Critical infrastructure (CI) faces a growing threat of cyber-attacks as digitalization expands across industries, necessitating robust cyber-security measures. This study focuses on the challenges of securing CI in Luxembourg, exploring both regulatory and organizational aspects. Semi-structured interviews with chief information security officers (CISOs) within Luxembourg’s CI sectors were conducted to gather insights. Thematic analysis revealed six key challenge themes: Regulatory Compliance, Industry Landscape and Adaptation, Resource Management, External Collaboration and Support, IT Infrastructure Management, and Operational Governance. The findings underscore the need for a comprehensive, multi-faceted approach involving international regulation alignment, streamlined reporting, enhanced national cyber-security support, government initiatives, and ongoing harmonization efforts across nations to address cyber-security challenges in critical infrastructure effectively.
Download

Paper Nr:	29
Title:	Prioritization of Exploit Codes on GitHub for Better Vulnerability Triage
Authors:	Kentaro Kita, Yuta Gempei, Tomoaki Mimoto, Takamasa Isohara, Shinsaku Kiyomoto and Toshiaki Tanaka
Abstract:	Analyzing exploit codes is essential for assessing the severity of vulnerabilities and developing effective defense measures against future exploits. Whereas ExploitDB and Metasploit are two major sources of exploit codes, GitHub has been rapidly growing into a promising platform for sharing exploit codes. However, prioritizing GitHub exploit codes to be analyzed in depth is challenging, owing to its large collection of codes and the absence of mechanisms for guaranteeing the validity of codes published by users. To address this problem, this paper proposes a scheme to prioritize GitHub exploit codes based on their source codes and repository metadata. First, we show that GitHub often contains different but semantically similar exploit codes targeting the same vulnerability, and such duplicated codes can be efficiently removed with code clone detection techniques. Second, we leverage a feature of GitHub that it plays the role of a social networking platform. By mining a graph that represents relationships among GitHub users, our scheme prioritizes exploit codes by taking both the reputation from users and security community’s attention to targeted vulnerabilities into consideration.
Download

Paper Nr:	46
Title:	Revisiting Permission Piggybacking of Third-Party Libraries in Android Apps
Authors:	Kris Heid, Elena Julia Sonntag and Jens Heider
Abstract:	Permissions have been employed to let the user decide on components an app can interact with. However, apps typically consist of the main app along with several libraries to support the developer with various functionality and tasks. The fact that libraries inherit the permissions of the main app gives these libraries often more rights than needed for their core functionality. Many libraries do permission piggybacking and thus probe available permissions without requesting permissions themselves and adapt their behavior accordingly. Especially, advertisement and tracking libraries show high interest to collect as much user data as possible through this technique. Many works have previously addressed this problem but no solution has made its way into Android. This work delivers a novel analysis technique agnostic to the Android API level without manual mapping effort like previous works. Our results show, that permission piggybacking remains a problem to be urgently addressed.
Download

Paper Nr:	86
Title:	Evaluating Explainable AI for Deep Learning-Based Network Intrusion Detection System Alert Classification
Authors:	Rajesh Kalakoti, Risto Vaarandi, Hayretdin Bahşi and Sven Nõmm
Abstract:	A Network Intrusion Detection System (NIDS) monitors networks for cyber attacks and other unwanted activities. However, NIDS solutions often generate an overwhelming number of alerts daily, making it challenging for analysts to prioritize high-priority threats. While deep learning models promise to automate the prioritization of NIDS alerts, the lack of transparency in these models can undermine trust in their decision-making. This study highlights the critical need for explainable artificial intelligence (XAI) in NIDS alert classification to improve trust and interpretability. We employed a real-world NIDS alert dataset from Security Operations Center (SOC) of TalTech (Tallinn University Of Technology) in Estonia, developing a Long Short-Term Memory (LSTM) model to prioritize alerts. To explain the LSTM model’s alert prioritization decisions, we implemented and compared four XAI methods: Local Interpretable Model-Agnostic Explanations (LIME), SHapley Additive exPlanations (SHAP), Integrated Gradients, and DeepLIFT. The quality of these XAI methods was assessed using a comprehensive framework that evaluated faithfulness, complexity, robustness, and reliability. Our results demonstrate that DeepLIFT consistently outperformed the other XAI methods, providing explanations with high faithfulness, low complexity, robust performance, and strong reliability. In collaboration with SOC analysts, we identified key features essential for effective alert classification. The strong alignment between these analyst-identified features and those obtained by the XAI methods validates their effectiveness and enhances the practical applicability of our approach.
Download

Paper Nr:	92
Title:	Robust Blockchain-Based Federated Learning
Authors:	Aftab Akram, Clémentine Gritti, Mohd Hazali Mohamed Halip, Nur Diyana Kamarudin, Marini Mansor, Syarifah Bahiyah Rahayu and Melek Önen
Abstract:	In Federated Learning (FL), clients collaboratively train a global model by updating it locally. Secure Aggregation (SA) techniques ensure that individual client updates remain protected, allowing only the global model to be revealed while keeping the individual updates private. These updates are usually protected through expensive cryptographic techniques such as homomorphic encryption or multi-party computation. We propose a new solution that leverages blockchain technology, specifically the Secret Network (SN), to provide privacy-preserving aggregation with aggregate integrity through Smart Contracts in Trusted Execution Environments (TEEs). Moreover, FL systems face the risk of Byzantine clients submitting poisoned updates, which can degrade the model performance. To counter this, we integrate three state-of-the-art robust aggregation techniques within the Smart Contract, namely Krum, Trim Mean and Median. Furthermore, we have evaluated the performance of our framework which remains efficient in terms of computation and communication costs. We have also exhibited similar accuracy results compared to state-of-the art scheme named SABLE.
Download

Paper Nr:	145
Title:	ConCERTS: An IoT Cybersecurity Research Range for Education, Experimentation, and Security Research
Authors:	Dave McKay, Matthew Bush, Marko Kovacevic and Atefeh Mashatan
Abstract:	Internet-of-Things (IoT) connected devices in enterprise and residential environments are weak points in network security. Security testing over a variety of IoT network configurations is hampered by device, infrastructure, and architectural heterogeneity that is often associated with IoT deployments. Though IoT testing environments have been developed, they often lack the flexibility, control, and visibility required for varied and repeatable education, research, and testing scenarios. This paper aims to address this gap by both exploring the shortcomings of existing IoT test environments and proposing ConCERTS - a Configurable Cybersecurity Education Range and Testing Stack as a novel architectural approach for IoT testbeds and cybersecurity research ranges.
Download

Paper Nr:	150
Title:	CDAC: Content-Driven Access Control Architecture for Smart Farms
Authors:	Ghadeer I. Yassin and Lakshmish M. Ramaswamy
Abstract:	One of the smart farms’ pivotal components involves leveraging vast quantities of imagery data to inform decision-making and improve farm outcomes. With the increasing integration of image data in smart farms, ensuring secure and efficient access to these data sets is crucial. This paper proposes a novel Content-Driven Access Control (CDAC) architecture designed specifically for smart farming environments, where access requests to image data are evaluated based on the visual content of the images. The CDAC architecture employs a novel technique to assess the relevance of access requests to specific image contents by enriching access control requests with useful image content information with the help of an edge machine learning classification model that provides a fast and small-weight solution to classify images near their source in the smart farm. This approach goes beyond traditional access control methods by considering the information within images, allowing for more granular and content-aware permissions. To validate the effectiveness of the CDAC architecture, a series of experiments were conducted using a dataset of agricultural images. Results demonstrate that the proposed architecture is a valuable solution for regulating access to smart farm images based on the visual content of the images. Additionally, the architecture is proven suitable for deployment on smart farm edge devices.
Download

Paper Nr:	151
Title:	Enabling Trusted Data Sharing in Data Spaces: PROTON - A Privacy-by-Design Approach to Data Products
Authors:	Laura Schuiki, Christoph Stach, Corinna Giebler, Eva Hoos and Bernhard Mitschang
Abstract:	In the current era of data-driven innovation, the value of data can be significantly enhanced by facilitating its dissemination. In this context, the data mesh concept has gained popularity in recent years. Data Mesh includes domain experts who design so-called data products. It is imperative that all parties involved have trust in these data products. This applies in particular to data subjects who share their data, data owners who create the data products, and data consumers who use them. To establish such trust, privacy approaches are key. Due to the decentralized and distributed nature of data mesh, however, traditional privacy strategies cannot be applied. To address this issue, we present PROTON, a concept that facilitates the handling of PRivacy-cOmpliant daTa prOducts by desigN. PROTON is based on three pillars: a comprehensive description model for privacy requirements, an extended creation process that adheres to these requirements when compiling data products, and a refined access process for verifying compliance prior to data sharing. The practical applicability of PROTON is illustrated by means of a real-world application scenario that has been devised in collaboration with domain experts from our industry partner.
Download

Paper Nr:	156
Title:	Characterising and Categorising Anonymization Techniques: A Literature-Based Approach
Authors:	Andrea Fieschi, Pascal Hirmer, Christoph Stach and Bernhard Mitschang
Abstract:	Anonymization plays a crucial role in protecting personal data and ensuring information security. However, selecting the appropriate anonymization technique is a challenging task for developers, data scientists, and security practitioners due to the vast array of techniques available in both research and practice. This paper aims to assist users by offering a method for structuring a framework that helps them make informed decisions about the most appropriate anonymization techniques for their specific use cases. To achieve this, we first conduct a systematic literature review following the PRISMA guidelines to capture the current state of the art in anonymization techniques. Based on the findings from this review, we propose a conceptual organisation of anonymization techniques, designed to help users navigate the complex landscape of anonymization and choose techniques that align with their security requirements.
Download

Short Papers

Paper Nr:	17
Title:	A Customizable Security Risk Assessment Framework Using Multi-Attribute Decision Making for IoT Systems
Authors:	Mofareh Waqdan, Habib Louafi and Malek Mouhoub
Abstract:	The advent of the Internet of Things (IoT) has transformed how we conduct our daily lives and engage with technology. The seamless integration of connected devices, from household to industrial equipment, has ushered in a new era of interconnectivity. Nevertheless, this swift expansion of the IoT also presents novel security concerns that must be addressed. We present a customizable framework for assessing the risk of deploying and utilizing IoT devices in various environments. We dynamically calculate risk scores for different devices, considering their importance to the system and their vulnerabilities, among other parameters. The framework we propose improves on existing research by considering the important parameters of the devices, their vulnerabilities and how they impact the overall risk assessment. The importance of these devices and the severity of vulnerabilities are incorporated in the framework using well-known Multi-Attribute Decision Making (MADM) methods, namely, Simple Additive Weighting (SAW) and Weighting Product (WP). The risk is assessed on a setup comprised of a set of IoT devices widely deployed in healthcare systems, such as emergency rooms.
Download

Paper Nr:	18
Title:	A Value-Driven Approach to the Online Consent Conundrum: A Study with the Unemployed
Authors:	Paul van Schaik and Karen Renaud
Abstract:	Online services are required to gain informed consent from users to collect, store and analyse their personal data, both intentionally divulged and derived during their use of the service. There are many issues with these forms: they are too long, too complex and demand the user’s attention too frequently. Many users consent without reading so do not know what they are agreeing to. As such, granted consent is effectively uninformed. In this paper, we report on two studies we carried out to arrive at a value-driven approach to inform efforts to reduce the length of consent forms. The first study interviewed unemployed users to identify the values they want these forms to satisfy. The second survey study helped us to quantify the values and value creators. To ensure that we understood the particular valuation of the unemployed, we compared their responses to those of an employed demographic and observed no significant differences between their prioritisation on any of the values. However, we did find substantial differences between values and value creators, with effort minimisation being most valued by our participants.
Download

Paper Nr:	24
Title:	Qualitative In-Depth Analysis of GDPR Data Subject Access Requests and Responses from Major Online Services
Authors:	Daniela Pöhn and Nils Gruschka
Abstract:	The European General Data Protection Regulation (GDPR) grants European users the right to access their data processed and stored by organizations. Although the GDPR contains requirements for data processing organizations (e. g., understandable data provided within a month), it leaves much flexibility. In-depth research on how online services handle data subject access request is sparse. Specifically, it is unclear whether online services comply with the individual GDPR requirements, if the privacy policies and the data subject access responses are coherent, and how the responses change over time. To answer these questions, we perform a qualitative structured review of the processes and data exports of significant online services to (1) analyze the data received in 2023 in detail, (2) compare the data exports with the privacy policies, and (3) compare the data exports from November 2018 and November 2023. The study concludes that the quality of data subject access responses varies among the analyzed services, and none fulfills all requirements completely.
Download

Paper Nr:	25
Title:	Designing Data Trustees: A Prototype in the Building Sector
Authors:	Michael Steinert, Anna Maria Schleimer, Marcel Altendeitering and David Hick
Abstract:	There are still major concerns about the sharing and use of personal data, even though it has great value for society. This is particularly evident in the context of buildings, where data on citizens’ energy consumption offers great potential for optimization and resource conservation. However, building owners are reluctant to share their data due to concerns about control or misuse. Unlike business relationships in data ecosystems, where companies can establish technological trust mechanisms such as authorization and policy management, individuals require other parties to do so. The EU Data Governance Act proposes the use of neutral intermediaries called data trustees. However, the concrete design of data trustees for personal data remains open. To address this, we propose a prototype based on design science research methodology and data space technologies. The prototype demonstrates a data trustee for trusted sharing and use of personal data, with the added capability of leveraging decentralized service providers to offer value-added services, such as the generation of energy certificates. These decentralized services extend the functionality of the data trustee by providing adaptable, advanced solutions that benefit multiple stakeholders. In addition, the study contributes require-ments and lessons learned for future implementations.
Download

Paper Nr:	33
Title:	Evaluating Keystroke Dynamics Performance in e-Commerce
Authors:	Xiaofei Wang, Andy Meneely and Daqing Hou
Abstract:	The traditional username and password authentication mechanisms are vulnerable to various attacks, such as brute force, rainbow tables, and password theft. Multi-factor authentication is becoming the standard practice across the software industry, and keystroke dynamics can be a useful way to augment existing authentication mechanisms. This paper introduces a keystroke dynamics-based system implemented using the Django framework to collect and analyze keystroke data across three e-Commerce web services: air ticketing, online shopping, and car rental systems. Our system asked users to type their own information and also type several other users’ information, using common and service-specific input fields. We collected data from 62 participants where each contributes 10 records for each service as both genuine and imposter users. Through detailed feature extraction and machine learning-based analysis with three binary classifiers, we evaluate the efficacy of keystroke dynamics in distinguishing genuine from imposter users. Our results indicate that different input fields have differentiated effects on verifying users, and appropriate field selection strategies can improve the performance of classification methods.
Download

Paper Nr:	34
Title:	Analyzing a Concurrent Self-Modifying Program: Application to Malware Detection
Authors:	Walid Messahel and Tayssir Touili
Abstract:	We tackle the analysis problem of multi-threaded parallel programs that contain self modifying code, i.e., code that have the ability to reconstruct itself during the execution time. This kind of code is usually used to hide malicious portions of codes so that they cannot be detected by anti-viruses. In (Messahel and Touili, 2024), we introduced a new model called Self Modifying Dynamic Pushdown Network (SM-DPN) to model such programs. A SM-DPN is a network of Self-Modifying Pushdown Systems, i.e., Pushdown Systems that can modify their instructions on the fly during execution. We proposed an algorithm to perform the backward reachability analysis of SM-DPNs. However, in (Messahel and Touili, 2024), no concrete example was provided. In this paper, we go one step further. We consider a case study and show concretely how this approach and this model can be applied to represent and analyse an example of a multi-threaded self modifying code infected with a malware.
Download

Paper Nr:	35
Title:	To Be or Not to Be (in the EU): Measurement of Discrepancies Presented in Cookie Paywalls
Authors:	Andreas Stenwreth, Simon Täng and Victor Morel
Abstract:	Cookie paywalls allow visitors to access the content of a website only after making a choice between paying a fee (paying option) or accepting tracking (cookie option). The practice has been studied in previous research in regard to its prevalence and legal standing, but the effects of the clients’ device and geographic location remain unexplored. To address these questions, this study explores the effects of three factors: 1) the clients’ browser, 2) the device type (desktop or mobile), and 3) the geographic location on the presence and behavior of cookie paywalls and the handling of users’ data. Using an automatic crawler on our dataset composed of 804 websites that present a cookie paywall, we observed that the presence of a cookie paywall was most affected by the geographic location of the user. We further showed that both the behavior of a cookie paywall and the processing of user data are impacted by all three factors, but no patterns of significance could be found. Finally, an additional type of paywall was discovered on ∼11% of the studied websites, coined the “double paywall”, which consists of a cookie paywall complemented by another paywall once tracking is accepted.
Download

Paper Nr:	45
Title:	PenQuestEnv: A Reinforcement Learning Environment for Cyber Security
Authors:	Sebastian Eresheim, Simon Gmeiner, Alexander Piglmann, Thomas Petelin, Robert Luh, Paul Tavolato and Sebastian Schrittwieser
Abstract:	We present PenQuestEnv, a reinforcement learning environment for the digital board game PenQuest. PenQuest is a cyber security strategic attack and defense simulation game that enables players to carry out cyber attacks and defenses in specific scenarios, without the need for technical know-how. Its two-player setup is highly customizable and allows to model a versatile set of scenarios in which players need to find optimal strategies to achieve their goals. This environment enables the training of reinforcement learning agents for finding optimal attack and defense strategies in a variety of different scenarios and multiple different game options. With this work we intend to ignite future research on multipurpose cyber security strategies, where a single agent is capable of finding optimal strategies against a versatile set of opponents in different scenarios.
Download

Paper Nr:	75
Title:	A Reflection on Process-Oriented Industrial IoT Security Management
Authors:	Markus Hornsteiner, Linda Koelbel, Daniel Oberhofer and Stefan Schoenig
Abstract:	The increasing adoption of the Industrial Internet of Things (IIoT) brings significant cybersecurity challenges due to the complexity and interconnectedness of industrial systems. This paper explores how business process management (BPM) can be applied to overcome these challenges by embedding security considerations into each phase of the BPM lifecycle: discovery, modeling, execution, and monitoring. Bringing together different research directions, including process mining, BPMN extensions and security compliance monitoring, this work provides a comprehensive overview of existing approaches to improve IIoT security. The paper presents opportunities for integrating security-aware processes into IIoT environments and provides insights into how organizations can use BPM to ensure continuous security enforcement and compliance. The study highlights current gaps and outlines opportunities for future development in the integration of BPM and IIoT security.
Download

Paper Nr:	77
Title:	CampusQuest: Motivating Computer Science Students for Cybersecurity from Day One
Authors:	Luca Pöhler, Marko Schuba, Tim Höner, Sacha Hack and Georg Neugebauer
Abstract:	The increasing significance of information technology (IT) security in modern life and the rising number of cybersecurity regulations and legislation are creating a high demand for IT security experts, which is currently unmet, resulting in numerous vacancies. To address this shortage of skilled professionals, it is crucial to cultivate early interest among students. In the present study, the game-based system CampusQuest is introduced as a tool to engage students in cybersecurity from the outset and to stimulate their ambition in this field. The system is based on the concept of solving challenges, similar to the format of so-called Capture the Flag competitions. However, the challenges have been adapted to align with the specific context of a university campus, combining various additional elements. CampusQuest incorporates physical elements into the challenges, which are distributed permanently across the campus and motivate individuals to participate. Additionally, the system has been enhanced with a mechanism to prevent the dissemination of solutions. The system has been implemented in a prototype form and currently comprises eleven challenges of varying degrees of difficulty, which is designed to facilitate the introduction of the subject to first-year students.
Download

Paper Nr:	78
Title:	Knowledge Modelling for Automated Risk Assessment of Cybersecurity and Indirect Patient Harms in Medical Contexts
Authors:	Samuel M. Senior, Laura Carmichael, Steve Taylor, Mike Surridge and Xavier Vilalta
Abstract:	The use of connected medical and in vitro diagnostic devices (CMD&IVD) as part of individual care and self-care practices is growing. Significant attention is needed to ensure that CMD&IVD remain safe and secure throughout their lifecycles — as if a cybersecurity incident were to occur involving these devices, it is possible that in some cases harm may be brought to the person using them. For the effective safety management of these devices, risk assessment is needed that covers both the cybersecurity and patient safety domains. To this end, we present knowledge modelling of indirect patient harms (e.g., misdiagnosis, delayed treatment etc.) resulting from cybersecurity compromises, along with a methodology for encoding these into a previously developed automated cybersecurity risk assessment tool, to begin to bridge the gap between automated risk assessment related to cybersecurity and patient safety.
Download

Paper Nr:	97
Title:	An Alternative Approach to Federated Learning for Model Security and Data Privacy
Authors:	William Briguglio, Waleed A. Yousef, Issa Traoré, Mohammad Mamun and Sherif Saad
Abstract:	Federated learning (FL) enables machine learning on data held across multiple clients without exchanging private data. However, exchanging information for model training can compromise data privacy. Further, participants may be untrustworthy and can attempt to sabotage model performance. Also, data that is not independently and identically distributed (IID) impede the convergence of FL techniques. We present a general framework for federated learning via aggregating multivariate estimated densities (FLAMED). FLAMED aggregates density estimations of clients’ data, from which it simulates training datasets to perform centralized learning, bypassing problems arising from non-IID data and contributing to addressing privacy and security concerns. FLAMED does not require a copy of the global model to be distributed to each participant during training, meaning the aggregating server can retain sole proprietorship of the global model without the use of resource-intensive homomorphic encryption. We compared its performance to standard FL approaches using synthetic and real datasets and evaluated its resilience to model poisoning attacks. Our results indicate that FLAMED effectively handles non-IID data in many settings while also being more secure.
Download

Paper Nr:	101
Title:	USB-IDS-TC: A Flow-Based Intrusion Detection Dataset of DoS Attacks in Different Network Scenarios
Authors:	Marta Catillo, Antonio Pecchia and Umberto Villano
Abstract:	Network intrusion detection systems (NIDS) play a key role for cybersecurity. Most of the times, NIDS are built on machine learning/deep learning (ML/DL) models that are trained and tested on public intrusion detection datasets. This paper presents the novel USB-IDS-TC dataset, conceived to explore the dependence of ML/DL-based NIDS on the network used to collect the training traffic data. In this new publicly-available dataset, DoS attacks have been conducted in different network scenarios, in the belief that the network has a non-negligible effect on the detection capability of the NIDS as indicated by our initial analysis. Differently from existing datasets that collect the data in a single scenario, USB-IDS-TC allows studying the dependence of the attacks, traffic features and ML/DL models on the network, in order to strive for generalizable and widely-applicable NIDS.
Download

Paper Nr:	115
Title:	Cyber Threat Modeling of an LLM-Based Healthcare System
Authors:	Neha Nagaraja and Hayretdin Bahsi
Abstract:	With the rapid advancement of large language models (LLMs) and their integration into the healthcare system, it is critical to understand their resiliency against cyber-attacks since sensitive data handling is paramount. Threat modeling is most important, as addressing cybersecurity early in system development is essential for safe and reliable deployment. While traditional threat modeling practices are well-established, applying these frameworks to systems integrating LLM, especially in healthcare, presents unique challenges. It is essential to examine conventional cyber threats, adversarial threats, and threats specific to LLM in tandem to build robust defense mechanisms. This paper adapts the STRIDE methodology to assess threats in LLM-powered healthcare systems holistically, identifying components and their data flows and mapping potential threats introduced by each component. It provides practical guidance for understanding the threats early in development and demonstrates effective system modeling tailored to healthcare settings.
Download

Paper Nr:	122
Title:	Systematisation of Security Risk Knowledge Across Different Domains: A Case Study of Security Implications of Medical Devices
Authors:	Laura Carmichael, Steve Taylor, Samuel M. Senior, Mike Surridge, Gencer Erdogan and Simeon Tverdal
Abstract:	Shared terminology and understanding are vital for effective cybersecurity risk management for connected medical and in vitro diagnostic device systems, given that such processes are collaborative and require cross-domain expertise particularly, e.g., in the areas of patient safety, cyber-physical security, and privacy. However, fostering effective, interdisciplinary risk communication can be challenging — especially where, e.g., different terms are used with the same meaning, or the same risk management terms are interpreted differently across domains. In this paper, we focus on the systematisation of security risk knowledge across different domains related to the cybersecurity of connected medical and in vitro diagnostic device systems. This work relates to knowledge base extensions for a specified cybersecurity risk assessment tool—Spyderisk—as part of the NEMECYS project.
Download

Paper Nr:	124
Title:	Data Collection in Cyber Exercises Through Monitoring Points: Observing, Steering, and Scoring
Authors:	Tobias Pfaller, Florian Skopik, Lenhard Reuter and Maria Leitner
Abstract:	Cyber security exercises are an essential means to train people and increase their skill levels in IT operations, cyber incident response, and forensic investigations. Unfortunately, carrying out high-quality exercises requires tremendous human effort in planning, deploying, executing and evaluating well-planned cyber exercise scenarios. While planning a scenario is often only a one time effort, and deployment can be highly automatized today, their repeated execution and evaluation is a resource-intensive task. Usually human experts manually observe the participants to recognize any difficulties in carrying out the exercise and to keep track of the participants’ progress. This is an essential prerequisite to not only support participants during the exercise, but also to drive the scenario further through timely injects, and provide feedback after the exercise. All this manual effort makes exercises a costly activity, reduces scalability and hinders their wide adoption. We argue that with automating observations, recognizing participant progress with only little to no human effort, and even steering the delivery of customized injects, cyber exercises could be carried out much more cost-effective. In this paper, we therefore introduce the concept of monitoring points which enable the scenario-dependent collection of technical data and the calculation of behavior and progress metrics to rate participants in exercises. This is the foundational basis for steering an exercise on the one side, and evaluation on the other side. We showcase our concept and implementation in course of a demonstrator consisting of a cyber exercise comprising 14 participants and discuss its applicability.
Download

Paper Nr:	143
Title:	Topology-Driven Defense: Detecting Model Poisoning in Federated Learning with Persistence Diagrams
Authors:	Narges Alipourjeddi and Ali Miri
Abstract:	Federated Learning (FL) has emerged as a transformative approach for training machine learning models across decentralized data sources while keeping client data localized. Despite its advantages, FL systems remain vulnerable to various attacks and anomalies, including model poisoning attacks, which compromise the integrity of the global model. In this paper, we introduce a novel approach for detecting such attacks by leveraging persistence diagrams derived from topological data analysis (TDA). Our method provides a comprehensive solution for identifying anomalies in the training process by computing persistence diagrams in high-dimensional spaces, effectively addressing the challenges of analyzing complex neural network architectures. Through extensive experiments, we demonstrate that our approach achieves high accuracy in detecting and mitigating attacks, even under non-IID and highly unbalanced data distribution scenarios. We evaluate our method across various datasets and attack scenarios, and the results validate its robustness and effectiveness, establishing it as a promising solution for enhancing the security of federated learning environments.
Download

Paper Nr:	149
Title:	Current Research, Challenges, and Future Directions in Stalkerware Detection Techniques for Mobile Ecosystems
Authors:	Mounika Bonam, Pranathi Rayavaram, Maryam Abbasalizadeh, Claire Seungeun Lee, April Pattavina and Sashank Narain
Abstract:	Stalkerware, a form of surveillance software misused for intimate partner violence (IPV), poses a growing threat to mobile ecosystems. Despite advancements in detection techniques, the development and usage of Stalkerware mobile apps continue to evolve, evading current tools and antivirus solutions. This Systematization of Knowledge (SoK) paper synthesizes existing research, focusing on static, dynamic, and ML-based detection methods for mobile platforms. Key insights highlight gaps in detection techniques, challenges in distinguishing dual-purpose apps, and the limited efficacy of antivirus tools. This paper provides an in-depth review of current efforts, limitations, and actionable insights to effectively address Stalkerware’s persistent threat. Furthermore, it proposes recommendations for future research and collaboration among security companies, developers, and victim support services.
Download

Paper Nr:	154
Title:	CyberWise: Virtual Security Learning Platform
Authors:	Payton Howard, Mark Ferraro and Sajal Bhatia
Abstract:	Security awareness training is a crucial aspect of ensuring and upholding the confidentiality, integrity, and availability of systems. This project addresses the need for improved security awareness training among staff and faculty members at the university. Our learning platform, CyberWise, leverages a virtual machine in conjunction with a Blackboard course to provide hands-on training modules for email security, secure browsing techniques, viruses, and password best practices. Participants in the CyberWise learning platform engage in realistic scenarios designed to improve learning comprehension about security best practices. The results of CyberWise demonstrated significant improvements in participants’ confidence and skills in key areas of cybersecurity. Participants also indicated a high likelihood of applying the training to their daily work, with 90% feeling very or extremely likely to do so. CyberWise contributes to the field of cybersecurity by providing an effective, hands-on solution for security awareness training that allows staff and faculty members of the university to learn about security-related topics in an environment that looks and feels familiar to them. The interactive and simulation-based approach used in CyberWise not only serves to enhance user engagement, but also ensures a better application of security best practices compared to traditional training methods. This project underscores the value of immersive and practical training environments in the development of a robust security culture within higher educational institutions.
Download

Paper Nr:	161
Title:	FEST: A Unified Framework for Evaluating Synthetic Tabular Data
Authors:	Weijie Niu, Alberto Huertas Celdran, Karoline Siarsky and Burkhard Stiller
Abstract:	Synthetic data generation, leveraging generative machine learning techniques, offers a promising approach to mitigating privacy concerns associated with real-world data usage. Synthetic data closely resemble real-world data while maintaining strong privacy guarantees. However, a comprehensive assessment framework is still missing in the evaluation of synthetic data generation, especially when considering the balance between privacy preservation and data utility in synthetic data. This research bridges this gap by proposing FEST, a systematic framework for evaluating synthetic tabular data. FEST integrates diverse privacy metrics (attack-based and distance-based), along with similarity and machine learning utility metrics, to provide a holistic assessment. We develop FEST as an open-source Python-based library and validate it on multiple datasets, demonstrating its effectiveness in analyzing the privacy-utility trade-off of different synthetic data generation models. The source code of FEST is available on Github.
Download

Paper Nr:	23
Title:	Got Ya!: Sensors for Identity Management Specific Security Situational Awareness
Authors:	Daniela Pöhn and Heiner Lüken
Abstract:	Security situational awareness refers to identifying, mitigating, and preventing digital cyber threats by gathering information to understand the current situation. With awareness, the basis for decisions is present, particularly in complex situations. However, while logging can track the successful login into a system, it typically cannot determine if the login was performed by the user assigned to the account. An account takeover, for example, by a successful phishing attack, can be used as an entry into an organization’s network. All identities within an organization are managed in an identity management system. Thereby, these systems are an interesting goal for malicious actors. Even within identity management systems, it is difficult to differentiate legitimate from malicious actions. We propose a security situational awareness approach specifically to identity management. We focus on protocol-specifics and identity-related sources in a general concept before providing the example of the protocol OAuth with a proof-of-concept implementation.
Download

Paper Nr:	38
Title:	Real-Time Detection of Multi-File DOM-Based XSS Vulnerabilities Using Static Analysis: A Developer-Oriented Approach for Securing Web Applications
Authors:	Akira Kanaoka and Shu Hiura
Abstract:	This paper introduces a static analysis method for real-time detection of DOM-Based Cross-Site Scripting (XSS) vulnerabilities that occur across multiple files in web applications. As modular development in JavaScript becomes increasingly common, the risk of DOM-Based XSS vulnerabilities grows due to complex interactions between separate files. Existing detection methods often struggle to comprehensively identify these vulnerabilities. Our approach focuses on real-time detection during the development process by expanding static analysis to cover multiple files. We implemented this method as an extension for Visual Studio Code (VSCode), offering developers immediate feedback on potential security risks. In addition to proposing and evaluating our method, we also address the lack of suitable datasets for evaluation by creating a neutral and comprehensive dataset that includes multi-file DOM-Based XSS vulnerabilities. The evaluation shows that our method enhances the accuracy of DOM-Based XSS detection, contributing to improved security in web applications.
Download

Paper Nr:	39
Title:	Managing a Ransomware Attack: The Resilience of a Swedish Municipality – A Case Study
Authors:	Anton Holmström
Abstract:	As cyber threats grow in complexity, organizations must rethink their approach to information security, moving beyond technical solutions to focus on building organizational resilience. Previous research has primarily relied on a technical perspective, often overlooking the broader interdependencies between different organizational departments. This case study examines how a ransomware attack impacted a Swedish municipality by conducting semi-structured interviews with key individuals from IT, social services, and management, supplemented by internal documentation, police reports, and news coverage. The findings underscore the crucial role of cross-departmental collaboration and coordination in managing cyber incidents. Specifically, the study highlights how IT, social services, and management were interdependent in handling the crisis, demonstrating the need for their inclusion in the overall information security planning. This case provides valuable insights into the challenges public-sector organizations face during a cyberattack, offering a detailed understanding of how one municipality responded, recovered, and adapted to such an incident.
Download

Paper Nr:	42
Title:	Assessing Sweden's Current Cybersecurity Landscape: Implications of NATO Membership
Authors:	Nike Henriksén, Isak Lexert, Jakob Bergquist Dahn and Simon Hacks
Abstract:	Sweden’s recent NATO membership marks a significant shift in the country’s national security strategy, particularly concerning cybersecurity. This study has assessed the current cybersecurity landscape in Sweden by conducting interviews with experts within the public sector and through document analysis. The interviewees included academics, researchers, and government officials from the municipal level to parliament. The study concludes how the threat environment has evolved following Sweden’s NATO membership. The study has identified key cyber threats facing Sweden, primarily from state-sponsored actors such as Advanced Persistent Threat (APT) groups and cybercriminal organizations targeting critical infrastructure. The study has also found disparities in cybersecurity preparedness between Sweden’s military and civilian sectors. The study emphasizes the need to strengthen civilian cybersecurity to reach a similar preparedness as the military to adapt to NATO’s requirements and standards.
Download

Paper Nr:	57
Title:	A Novel Pairing-Free ECC-Based Ciphertext-Policy Attribute-Based Proxy Re-Encryption for Secure Cloud Storage
Authors:	Shivangi Shukla and Sankita J. Patel
Abstract:	Proxy re-encryption (PRE) is a cryptographic primitive enabling data owner to delegate ciphertext access rights without leaking underlying plaintext to honest-but-curious cloud servers. The delegation of ciphertext access rights enhances the efficiency of outsourced data on cloud servers. Ciphertext-policy attribute-based proxy re-encryption (CP-ABPRE) employs PRE in attribute-based encryption to enable ciphertext transformation from specified access policy to new access policy without leaking underlying plaintext. However, current state-of-the-art schemes incorporate expensive bilinear pairing operations to transform ciphertext access policy. The escalating adoption of cloud computing in real-time applications demands a pairing-free CP-ABPRE mechanism for resource-limited users in the network. The agenda of this paper, for the first time, is to design a novel pairing-free elliptic curve cryptography (ECC) based ciphertext-policy attribute-based proxy re-encryption, abbreviated as ECC-CP-ABPRE scheme. It incorporates linear secret sharing scheme (LSSS) for the expressiveness of access policies. To reduce overall communication and computational overheads, ECC-CP-ABPRE scheme replaces expensive bilinear pairing operations with scalar multiplication on elliptic curve. The security analysis illustrates that ECC-CP-ABPRE scheme is secure under collusion attack and ensures data confidentiality. Furthermore, the performance evaluation demonstrates that ECC-CP-ABPRE scheme incurs significant reduction in computational and communication overheads than existing CP-ABPRE schemes.
Download

Paper Nr:	60
Title:	Defending Against Phishing Attacks on Cloud-Systems: What Has Been Studied?
Authors:	Carlos Eduardo Araújo Cardoso Cidrão, Oskar Hermansson and Simon Hacks
Abstract:	Phishing attacks, a cybercrime where attackers deceive victims into revealing personal and financial information, present significant threats to cloud-based systems. Securing these environments has become paramount with the growing adoption of cloud services. This study addresses the research question: ”What is the overall perception of strategies in scientific publications to counter phishing attacks targeting cloud services?” Using a systematic literature review approach, the research synthesized findings from 13 selected scientific articles, focusing on technical and social defense strategies against phishing. The study highlights the human factor as a critical vulnerability despite existing technical solutions like advanced authentication, IDS (Intrusion Detection System), and machine learning. Effective defense requires combining technical measures with user education and adapting to evolving phishing strategies. It calls for greater integration of social aspects into technical solutions and targeted research on cloud-specific defenses and AI’s role in phishing mitigation.
Download

Paper Nr:	81
Title:	A Conceptual SOC Framework for Air Traffic Management Systems
Authors:	Wesley Murisa and Marijke Coetzee
Abstract:	Air Traffic Management (ATM) systems were originally developed without incorporating essential security controls such as confidentiality, integrity, and availability. Integrating external systems into ATM systems has further heightened their vulnerability to cybersecurity threats. A Security Operations Centre (SOC) can help mitigate these risks by offering threat visibility and facilitating incident response. However, the successful implementation of a SOC in the aviation sector requires a framework tailored to its specific needs, which is currently lacking in existing literature. This study addresses this gap by reviewing SOC frameworks from other industries to identify foundational elements for an ATM-specific SOC framework. Key pillars—People, Processes, Technology, Compliance, and Governance—common to SOCs across various sectors were adapted to fit the distinctive requirements of ATM. The resulting conceptual framework consists of five core components and three success factors, all designed to meet the unique cybersecurity demands of the aviation sector.
Download

Paper Nr:	84
Title:	CASTL: A Composable Source Code Query Language for Security and Vulnerability Analysis
Authors:	Blake Johnson and Rahul Simha
Abstract:	This paper describes CASTL (Composable Auditing and Security Tree-optimized Language), a new source code query language focused on security analysis. The widespread implementation of static analysis for vulnerability identification suggests the need for capable, approachable code query languages for security analysts. Languages customized for the unique properties of code can be more expressive and performant than generic solutions. CASTL features a familiar SQL-style syntax, with inputs and outputs consisting of sets of abstract syntax trees (ASTs). This abstraction enables the advantages of (1) composability (the output of one query can become the input to another), (2) direct querying of the code’s structure and metadata; (3) tree-specific language optimizations for performance; and (4) applicability to any AST-based language. Complex queries can be expressed in a compact, straightforward manner. Common vulnerabilities, including buffer overflows, ingestion, and server side request forgery (SSRF) (Christey and Martin, 2007) translate into simple, readable CASTL queries. We describe CASTL and its capabilities, compare it to alternatives, finding potential advantages in clarity and compactness, discuss features and optimizations improving effectiveness and efficiency, and finally describe an example implementation applying CASTL to millions of Java source files.
Download

Paper Nr:	105
Title:	Design of an Intelligent Trust Management Architecture for 5G Service Deployment
Authors:	Samra Bouakkaz, Luis Suárez, Nora Cuppens and Frédéric Cuppens
Abstract:	The security of 5G networks relies on trust, but managing this is challenging due to their dynamic nature and lack of a unified trust framework. Current research focuses on trust evaluation mechanisms, neglecting a comprehensive architecture. Hyperscale Cloud Providers (HCPs) are crucial in securing 5G network deployment, especially with virtualization. To enhance cloud service adoption, HCPs must demonstrate trust and security while addressing end-user and industry concerns. This paper’s primary contribution is the design of a comprehensive intelligent trust management architecture rather than focusing solely on specific implementations for particular 5G use cases. It serves as a blueprint for integrating and managing various trust evaluation methods within a single framework, making it flexible and adaptable for successful 5G service deployment. We instantiate our architecture within 5G networks to tailor it to specific methods and techniques best suited for different scenarios. Furthermore, we animate its dynamic adaptation to various 5G use cases, showcasing real-time changes in trust levels and strategies to ensure secure and reliable service delivery.
Download

Paper Nr:	107
Title:	Iterative Learning-Based Intrusion Detection System for Performance Enhancement in Imbalanced Data Environments
Authors:	Yu-Ran Jeon and Il-Gu Lee
Abstract:	To defend against advanced cyberattacks, various anomaly detection methods have been developed, including signature-based, machine learning (ML)-based, and tool-based approaches across multiple fields. The ML-based anomaly detection method analyzes the patterns of the input data and identifies malicious behavior using classifiers. However, the ML-based anomaly detection method faces the challenge of accurately distinguishing malicious behavior from benign behavior, and its performance is reduced in real-world environments because of the discrepancies between training and deployment environments. In this study, cybersecurity challenges were analyzed, focusing on intrusion detection systems (IDS) and the influence of ML performance degradation in imbalanced data environments. To counteract this performance degradation, an optimal iterative learning-based IDS is proposed that improves efficiency by approximately 24% compared to a conventional model.
Download

Paper Nr:	123
Title:	Exploring the Accuracy and Privacy Tradeoff in AI-Driven Healthcare Through Differential Privacy
Authors:	Surabhi Nayak and Sara Nayak
Abstract:	With the increased integration of emerging AI capabilities into the healthcare landscape, the potential for user privacy violations, ethical concerns and eventual harm to the users are some of the foremost concerns that threaten the successful and safe adoption of these capabilities. Due to these risks - misuse of this highly sensitive data, inappropriate user profiling, lack of sufficient consent and user unawareness are all factors that must be kept in mind to implement ‘privacy-by-design’ when building these features, for a medical purpose. This paper aims to look at the top-most privacy and ethical concerns in this space, and provides recommendations to help mitigate some of these risks. We also present a technical implementation of differential privacy in an attempt to demonstrate how the addition of noise to health data can significantly improve its privacy, while retaining its utility.
Download

Paper Nr:	133
Title:	Compliance Standards and Frameworks and Its Implications on Cybersecurity: A NIS2 Study Within the Swedish Automotive Industries
Authors:	Adenike Adesina, Elias Seid, Fredrik Blix and Oliver Popov
Abstract:	Cybersecurity standards and regulations are pivotal in guiding organizations toward mitigating cyber risks and enhancing their overall security posture. The European Union’s NIS2 Directive, which introduces stringent and comprehensive security requirements, exemplifies a Current regulatory framework designed to address evolving cyber threats. This study critically examines the regulatory, governance, cybersecurity, and compliance challenges introduced by NIS2 within the Swedish automotive industry. It further explores the strategic integration of NIS2 with existing regulatory frameworks to streamline compliance approaches and foster long-term resilience. The findings reveal the increasing complexity and financial implications of compliance, while also identifying significant opportunities to bolster cybersecurity resilience. This paper underscores the necessity for organizations to adopt proactive and adaptive strategies in response to the dynamic European regulatory landscape. While the focus is on the Swedish automotive sector, the study provides valuable insights that may inform future research into the broader implications of NIS2 across diverse industries and regions within the European Union.
Download

Paper Nr:	135
Title:	SABEC: Secure and Adaptive Blockchain-Enabled Coordination Protocol for Unmanned Aerial Vehicles(UAVs) Network
Authors:	Hulya Dogan and Anton Setzer
Abstract:	The rapid advancement of drone swarm technology has unlocked a multitude of applications across diverse industrial sectors, including surveillance, delivery services, disaster management, and environmental monitoring. Despite these promising prospects, ensuring secure and efficient communication and coordination among drones within a swarm remains a significant challenge. Key obstacles include maintaining efficiency, facilitating the seamless sharing of sensing data, and achieving robust consensus in the presence of Byzantine drones—malicious or faulty UAVs capable of disrupting swarm operations and leading to catastrophic outcomes. To address these challenges, we introduce SABEC (Secure and Adaptive Blockchain-Enabled Coordination Protocol), an innovative blockchain-based approach designed to manage multi-drone collaboration during swarm operations. SABEC improves the security of the consensus achievement process by integrating an efficient blockchain into the UAV network, coupled with a practical and dynamic consensus mechanism. The protocol incentivizes network devices through a scoring system, requiring UAVs to solve intricate problems employing the Proof of Work (PoW) with Fuzzy C-Modes clustering algorithm. Leader UAVs are dynamically selected within clusters based on a predefined threshold, tasked with transmitting status control information about neighbouring UAVs to a cloud server. The server consolidates these data through a robust consensus mechanism, relaying them to the network coordination tier where decision-making consensus is reached, and the data are immutably stored on the blockchain. To facilitate the dynamic and adaptive construction of configurable trusted networks, SABEC employs a consensus protocol based on the blockchain-assisted storage. Comparative experiments conducted using NS3 simulation software demonstrate SABEC's significant advantages over traditional routing and consensus protocols in terms of packet delivery rate, coordination overhead, and average end-to-end delay. These improvements collectively enhance the fault tolerance of UAV networks, ensuring high availability and reliability even in the presence of adversarial nodes. By augmenting the security of consensus achievement, SABEC substantially improves connectivity, security and efficiency within intelligent systems, thereby elevating the potential and stability of multi-drone applications in real-world scenarios.
Download

Paper Nr:	148
Title:	Secure Opportunistic Routing Protocol in VANETs
Authors:	Eqbal Darraji, Iain Phillips and Asma Adnane
Abstract:	In this paper, we introduce a new trusted opportunistic routing protocol called Trusted Context-aware Opportunistic Routing (TCOR) which produces a secured routing for VANET and it is incorporated with a recommendation mechanism (TCOR-Rec). The proposed secure routing protocol aims to address the inherent limitations in VANET routing, particularly the challenges associated with mobility metrics and the incorporation of trust metrics. By leveraging a comprehensive trust framework that integrates both direct and indirect observation-based reputation systems, the protocol enhances the robustness and reliability of the routing process. In addition, a similarity-based evaluation method is employed to assess the validity of recommendation messages, facilitating the selection of the most trusted and reliable path. OMNET++ is used to implement and simulate TCOR, which has proved its efficiency in comparison with other routing protocols (COR opportunistic protocol, AODV and trusted AODV). To simulate an adequate VANET environment and evaluate the protocols under realistic conditions, different metrics and network parameters such as the network traffic pattern, mobility pattern, and the fading propagation model have been used. The results have shown that TCOR and TCOR-Rec outperform traditional routing protocols by approximately 9% and 15%, respectively, in terms of packet delivery when the attacker nodes are involved in the network.
Download

Paper Nr:	155
Title:	GAI-Driven Offensive Cybersecurity: Transforming Pentesting for Proactive Defence
Authors:	Mounia Zaydi and Yassine Maleh
Abstract:	Generative Artificial Intelligence (GAI), particularly Large Language Models (LLMs) like ShellGPT (SGPT), offers transformative potential in automating penetration testing (pentesting) tasks, enabling organizations to strengthen their cybersecurity defenses. This paper discusses the integration of GAI into pentesting workflows, covering phases such as reconnaissance, exploitation, and post-exploitation. GAI reduces manual effort by automating key tasks, such as dynamic payload generation and adaptive exploitation, which in turn accelerates the assessments and enhances the accuracy of vulnerability detection. Our case study will show how GAI-driven automation improves the efficiency of pentesting while reducing costs, thus making advanced security assessments available to organizations of all sizes. GAI integration will also overcome the pitfalls of traditional approaches that are intensive and expensive, hence putting small-scale organizations at risk. Application of GAI in virtualized environments provides a means to construct dynamic synthetic testbeds that further improve assessment robustness. These results prove that GAI can revolutionize pentesting into a scalable, adaptive, and cost-effective process. It concludes by emphasizing the role of GAI in democratizing proactive cybersecurity measures, making comprehensive security testing possible even for resource-constrained organizations.
Download

Area 2 - Technologies and Foundations

Full Papers

Paper Nr:	50
Title:	Flow Exporter Impact on Intelligent Intrusion Detection Systems
Authors:	Daniela Pinto, João Vitorino, Eva Maia, Ivone Amorim and Isabel Praça
Abstract:	High-quality datasets are critical for training machine learning models, as inconsistencies in feature generation can hinder the accuracy and reliability of threat detection. For this reason, ensuring the quality of the data in network intrusion detection datasets is important. A key component of this is using reliable tools to generate the flows and features present in the datasets. This paper investigates the impact of flow exporters on the performance and reliability of machine learning models for intrusion detection. Using HERA, a tool designed to export flows and extract features, the raw network packets of two widely used datasets, UNSW-NB15 and CIC-IDS2017, were processed from PCAP files to generate new versions of these datasets. These were compared to the original ones in terms of their influence on the performance of several models, including Random Forest, XGBoost, LightGBM, and Explainable Boosting Machine. The results obtained were significant. Models trained on the HERA version of the datasets consistently outperformed those trained on the original dataset, showing improvements in accuracy and indicating a better generalisation. This highlighted the importance of flow generation in the model’s ability to differentiate between benign and malicious traffic.
Download

Paper Nr:	53
Title:	VBSF: A Visual-Based Spam Filtering Technique for Obfuscated Emails
Authors:	Ali Hossary and Stefano Tomasin
Abstract:	Recent spam email techniques exploit visual effects in text messages, such as poisoning text, obfuscating words, and hidden text salting techniques. These effects were able to evade spam detection techniques based on the text. In this paper, we overcome this limitation by introducing a novel visual-based spam detection architecture, denoted as visual based spam filter (VBSF). The multi-step process mimics the human eye’s natural way of processing visual information, automatically rendering incoming emails and capturing their content as it appears on a user screen. Then, two different processing pipelines are applied in parallel. The first pipeline pertains to the perceived textual content, as it includes optical character recognition (OCR) to extract rendered textual content, followed by naïve Bayes (NB) and decision tree (DT) content classifiers. The second pipeline focuses on the appearance of the email, as it analyzes and classifies the images of rendered emails through a specific convolutional neural network. Lastly, a meta classifier integrates text- and image-based classifier outputs exploiting the stacking ensemble learning method. The performance of the proposed VBSF is assessed, showing that It achieves an accuracy of more than 98%, which is higher than the compared existing techniques on the designed dataset.
Download

Paper Nr:	59
Title:	Gram Root Decomposition over the Polynomial Ring: Application to Sphericalization of Discrete Gaussian
Authors:	Hiroki Okada and Tsuyoshi Takagi
Abstract:	Efficient construction of lattice-based cryptography is often based on the polynomial ring. Furthermore, many advanced lattice-based cryptosystems require the analysis of the discrete Gaussian under convolutions and linear transformations. In this paper, we present an efficient Gram root decomposition algorithm of the polynomial ring and an application to sphericalization of the discrete Gaussian. Let r be a polynomial of spherical discrete Gaussian coefficients and e be a fixed polynomial. Then, the coefficient vector of r · e is (statistically close to) non-spherical discrete Gaussian whose (scaled) covariance matrix is Ge := EE⊺, where E is composed of rotations of the coefficient vector of e. Given Ge, our algorithm outputs polynomials ζ1,...,ζl s.t. ∑l i=1 Gζi +Ge is a scalar matrix. The objective of this algorithm is similar to the (ring version of) integral Gram root decomposition proposed by Ducas et al. (Eurocrypt 2020). Notably, our algorithm ensures the bounds of the norm of ζi and the minimum eigenvalue of Gζi , whereas Ducas et al.’s algorithm does not ensure such bounds. Owing to the bounds, we can obtain a polynomial (r0e + ∑l i=1 riζi) whose coefficients are spherical discrete Gaussians, where ri are polynomials with discrete Gaussian coefficients; i.e., we can “cancel out” the dependence between the coefficients.
Download

Paper Nr:	61
Title:	Privacy- & Utility-Preserving Data Releases over Fragmented Data Using Individual Differential Privacy
Authors:	Luis Del Vasto-Terrientes, Sergio Martínez and David Sánchez
Abstract:	Data fragmentation is the process of splitting data into either attributes or records across multiple databases, thereby improving operational efficiency, minimizing processing requirements, and enhancing data privacy. However, under this approach, data aggregation becomes complex, particularly in environments where adherence to regulatory compliance is essential for organizational data analysis and decision-making tasks. Since the dataset held by each party may contain sensitive information, simply joining local datasets and releasing the aggregated result will inevitably reveal such sensitive information to other parties. Differential Privacy (DP) has become the de facto standard for data protection due to its rigorous notion of privacy. However, the strong privacy guarantees it offers result in a deterioration of data utility in several scenarios, such as data releases in either centralized or fragmented data scenarios. This paper explores the application of Individual Differential Privacy (iDP)—a formulation of DP conceived to better preserve data utility while still providing strong privacy guarantees to individuals—for data releases in either horizontally or vertically fragmented scenarios. In combination with individual ranking (IR) microaggregation, an iDP-IR privacy-preserving data release system is presented, in which multiple data owners can safely share datasets. Our experiments on the Adult and Wine Quality datasets demonstrate that the proposed system for fragmented data can provide reasonable information loss with robust ε privacy values.
Download

Paper Nr:	65
Title:	A Deontic Logic Model of Attribute-Based Information Flows in Database-Defined Networks with Application to Healthcare Monitoring
Authors:	Benjamin Aziz, Ukamaka Oragwu and Safa Tharib
Abstract:	This paper addresses the increasing demand for robustness and reliability in modern software-defined networks, particularly in the context of critical business applications such as the healthcare domain. Traditional network architectures are vulnerable to both unintentional and intentional failures, leading to significant financial losses, especially in the healthcare sector. The paper propose a formal model for attribute-based information flow control in database-defined networks, which leverages attributes to evaluate compliance with desired network conditions, such as the quality of connectivity. Additionally, the paper employs deontic logic to define permissible, prohibited and obligatory changes to network configuration tables. The paper demonstrate how this model can enhance the management of body-area networks and ensure quality of service in healthcare monitoring. The findings suggest a promising direction for improving network reliability and security.
Download

Paper Nr:	79
Title:	Securing the Device Lifecycle Management: A Scalable and Cost-Efficient Public Key Infrastructure Through Microservices
Authors:	Sara Sumaidaa, Hamda Almenhali, Rajkumar Ramasamy, Oleksii Voronin, Mohammed Alazzani and Kyusuk Han
Abstract:	Ensuring the secure operation of infrastructure and devices throughout their lifecycle is crucial. This includes secure key provisioning, certificate management, and software updates, all essential for effective device life-cycle management. Despite the development and deployment of numerous architectures, minimizing the financial strain associated with their administration remains a challenge. Although cloud-based approaches are widely adopted, certain environments, such as industrial plants, cannot fully benefit from these solutions due to limited network connectivity. Establishing connectivity for Public Key Infrastructure (PKI) or over-the-air software updates in such settings can be particularly complex due to stringent security requirements. To address this challenge, we propose a cost-effective solution using a microservice model to consolidate software management, certificate management, and key provisioning in a single centralized location. This approach is well-suited for environments with limited network connectivity. By adopting this framework, we ensure scalability, flexibility, and streamlined management, providing an efficient solution to manage devices in diverse environments.
Download

Paper Nr:	103
Title:	Exploit the Leak: Understanding Risks in Biometric Matchers
Authors:	Dorine Chagnon, Axel Durbet, Paul-Marie Grollemund and Kevin Thiry-Atighehchi
Abstract:	In a biometric authentication or identification system, the matcher compares a stored and a fresh template to determine whether there is a match. This assessment is based on both a similarity score and a predefined threshold. For better compliance with privacy legislation, the matcher can be built upon a privacy-preserving distance. Beyond the binary output (‘yes’ or ‘no’), most schemes may perform more precise computations, e.g., the value of the distance. Such precise information is prone to leakage even when not returned by the system. This can occur due to a malware infection or the use of a weakly privacy-preserving distance, exemplified by side channel attacks or partially obfuscated designs. This paper provides an analysis of information leakage during distance evaluation. We provide a catalog of information leakage scenarios with their impacts on data privacy. Each scenario gives rise to unique attacks with impacts quantified in terms of computational costs, thereby providing a better understanding of the security level.
Download

Paper Nr:	118
Title:	Enhanced Predictive Clustering of User Profiles: A Model for Classifying Individuals Based on Email Interaction and Behavioral Patterns
Authors:	Peter Wafik, Alessio Botta, Luigi Gallo, Gennaro Esposito Mocerino, Cornelia Herbert, Ivan Annicchiarico, Alia El Bolock and Slim Abdennadher
Abstract:	This study introduces a predictive framework to address a gap in user profiling, integrating advanced clustering, dimensionality reduction, and deep learning techniques to analyze the relationship between user profiles and email phishing susceptibility. Using data from the Spamley platform (Gallo et al., 2024), the proposed framework combines deep clustering and predictive models, achieving a Silhouette Score of 0.83, a Davies-Bouldin Index of 0.42, and a Calinski-Harabasz Index of 1676.2 with k-means and Self-Organizing Maps (SOM) for clustering user profiles. The results further highlight the effectiveness of Linear Support Vector Machines (SVM) and neural network models in classifying cluster membership, providing valuable decision-making insights. These findings demonstrate the efficacy of advanced non-linear methods for clustering complex user profile features, as well as the overall success of the semi-supervised model in enhancing clustering accuracy and predictive performance. The framework lays a strong foundation for future research on tailored anti-phishing strategies and enhancing user resilience.
Download

Paper Nr:	127
Title:	X-Ray Radiation Effects on SRAM-Based TRNG and PUF
Authors:	Martin Holec, Jan Bělohoubek, Pavel Rous, Tomáš Pokorný, Róbert Lórencz and František Steiner
Abstract:	The security primitives, such as True-Random-Number-Generator (TRNG) or Physically-Unclonable-Function (PUF), are widely used in many cryptographic devices. Properties of these primitives affect the security, reliability, and longevity of the whole device. In this work, we evaluate the influence of the total ionizing X-ray dose on hardware structures underlying conventional SRAM-based security primitives – PUF and TRNG. In contrast with other works, we aim with conventional CMOS circuits, we employ lower total ionizing dose (TID) levels, and we also take annealing into account. We quantify the induced changes in SRAM cell entropy, provide a quality analysis of related physical effects, summarize potential effects on both security primitives. Besides analyzing the experimental data, we explain experimental data by comparison to the electrical-level (SPICE) model of SRAM cells taking X-ray-induced effects – flicker noise and threshold shift – into account. Our comparative analysis points to inconsistencies and deficiencies in related literature and provides a view into effects affecting observed entropy. The novelty of our work is in the comparative analysis of experimental data combined with low-level electrical model, which is the enabler of the qualitative analysis. Our results form the basis for future work.
Download

Paper Nr:	140
Title:	Management of Customized Privacy Policies
Authors:	Jens Leicht and Maritta Heisel
Abstract:	While privacy policies are well established to express data processing practices, customizable privacy policies are a researched but not established practice to empower data subjects. One of the hurdles, hindering the acceptance of customizable policies, is the management of large amounts of privacy policies, when each data subject has their own policy. We propose a Privacy Policy Management (PPM) system, which handles customized policies and distributes them to all data processors. In addition, our PPM keeps track of where and why data are being transferred. This information can be provided to the data subjects, so that they can see that the data controller complies to the policy agreed upon. The log of data transfers can also be used by data protection authorities, to check the GDPR-compliance of the data controller or for investigations in case of a data breach. We discuss the architecture of our PPM, how it operates, and integrate it into the Privacy Policy Compliance Guidance framework.
Download

Paper Nr:	141
Title:	Precise Detection of Security Checks in Program Binaries
Authors:	Koyel Pramanick and Prasad A. Kulkarni
Abstract:	Security checks are added to protect vulnerable code constructs, including certain indirect jumps and memory references, from external attacks. Detecting the presence of security checks that guard vulnerable code constructs provides an important means to evaluate the security properties of given binary software. Previous research has attempted to find such security checks guarding potential vulnerable codes in software binaries. Unfortunately, these techniques do not attempt to separate the original program code from the security check code, leading to many false positives. The security check patterns detected by such techniques are also inaccurate as they may be interspersed with program instructions. In this work, we develop a novel program slicing based technique to partition the original program code from any non-program instructions, including the added security checks. We define program code as instructions in the binary software that are needed to compute the original and expected program outputs. Our technique can more accurately identify the embedded security checks in program binaries with fewer false positives. Our technique can also find more precise security check code patterns in the given binary. Overall, our work can enable tools and humans to more effectively perform independent security evaluations of binary software.
Download

Short Papers

Paper Nr:	20
Title:	Quantum-Resilient IoT: Integrating Hardware-Based Post-Quantum Cryptography for Robust Device Security
Authors:	Stephan Spitz, Alexander Lawall and Michal Andrzejczak
Abstract:	The evolution of quantum computers necessitates the reevaluation of cryptographic standards, especially within the Internet of Things (IoT) infrastructures, where long-term security is critical. Current cryptographic algorithms, such as RSA, are vulnerable to quantum attacks, highlighting the need for post-quantum cryptographic (PQC) solutions. This paper explores the integration of PQC Cores into System-on-a-Chip (SoC) architectures to enhance the security of IoT devices. The foundation is a crypto-agile Root-of-Trust (RoT), these integrated PQC solutions provide robust lifecycle management, secure boot processes, and protection against quantum-based threats. The paper discusses the architectural considerations for integrating PQC, including secure boot, lifecycle management, and the role of RoT in ensuring device integrity and secure communications. The research findings emphasize the importance of PQC in safeguarding IoT infrastructures from emerging quantum threats and demonstrate how hardware-based PQC implementations offer superior security compared to software-based counterparts, particularly in the context of side-channel attack mitigation.
Download

Paper Nr:	28
Title:	Approximations of the Sigmoid Function Beyond the Approximation Domains for Privacy-Preserving Neural Networks
Authors:	Shusaku Uemura, Kazuhide Fukushima and Shinsaku Kiyomoto
Abstract:	Artificial intelligence and data analysis have recently attracted attention, but privacy is a serious problem when sensitive data are analyezed. Privacy-preserving neural networks (PPNN) solve this problem, since they can infer without knowing any information about the input. The PPNN promotes the analyses of sensitive or confidential data and collaboration among companies by combining their data without explicitly sharing them. Fully homomorphic encryption is a promising method for PPNN. However, there is a limitation that PPNN cannot easily evaluate non-polynomial functions. Thus, polynomial approximations of activation functions are required, and much research has been conducted on this topic. The existing research focused on some fixed domain to improve their approximation accuracy. In this paper, we compared seven ways in total for several degrees of polynomials to approximate a commonly used sigmoid function in neural networks. We focused on the approximation errors beyond the domain used to approximate, which have been dismissed but may affect the accuracy of PPNN. Our results reveal the differences of each method and each degree, which help determine the suitable method for PPNN. We also found a difference in the behavior of the approximations beyond the domain depending on the parity of the degrees, the cause of which we clarified.
Download

Paper Nr:	30
Title:	A Targeting Attack by Dynamic Fake QR Code Using Invisible Laser Irradiation
Authors:	Dai Itakura, Taiga Manabe, Yuki Kamata, Ayana Oku, Hiroshi Yamamoto, Yoshihisa Takayama and Toshihiro Ohigashi
Abstract:	In this study, we propose a method to generate a fake QR code that can lead to a malicious website at any particular time by laser irradiation of a QR code. First, we explain the fake QR code. Subsequently, we will examine the configuration of a fake QR code that dynamically changes the probability of induction to a malicious website by laser irradiation, considering that the camera treats the area as a bright area when the area is imaged with high illumination by the laser. We show its feasibility by experimentation. We focus on the attackable distance, which is critical in evaluating the threat level. The feasibility is then shown and the threat level is evaluated by the attackable distance. Specifically, we examine the conditions necessary to achieve long laser irradiation distances. Consequently, a demonstration experiment shows that it is possible to fake a QR code by laser irradiation over a long distance of approximately 100 meters. Finally, we discuss countermeasures against laser irradiation for fake operation.
Download

Paper Nr:	36
Title:	Logic Locking for Random Forests: Securing HDL Design and FPGA Accelerator Implementation
Authors:	Rupesh Raj Karn, Johann Knechtel and Ozgur Sinanoglu
Abstract:	Logic locking has garnered significant attention due to its promising role in safeguarding intellectual property against potent threats across the integrated circuit supply chain. The locking mechanism introduces additional logic elements, so-called key-gates into a circuit, effectively securing the original design with a confidential key. This work utilizes locking to secure the hardware design of random-forest (RF) machine learning models. With the correct key, the design produces accurate inference outcomes; otherwise, it generates incorrect inferences. We explore field-programmable gate array (FPGA) implementation options to realize such locked inference accelerators. We propose an end-to-end methodology, spanning from the high-level RF hardware design, locking of those designs, to the FPGA implementation and performance evaluation. Our study employs Intel’s DE-10 standard FPGA, and we utilize multiple real-world datasets to illustrate the effectiveness of our approach.
Download

Paper Nr:	49
Title:	Objective- and Utility-Based Negotiation for Access Control
Authors:	Aditya Sissodiya, Ulf Bodin and Olov Schelén
Abstract:	Access control in modern digital ecosystems is challenging due to dynamic resources and diverse stakeholders. Traditional mechanisms struggle to adapt, causing inefficiencies and inequities. We propose a novel algorithm that automates access control policy negotiation via objective optimization and utility-based methods. It enables stakeholders to jointly select policies aligned with their preferences, provided a suitable policy exists. Suggested criteria guide the evaluation of predefined policies, and a mathematical formulation quantifies stakeholder preferences with utility functions, using optimization to achieve consensus. The algorithm’s multilinear scalability is demonstrated through time and space complexity analysis. An evaluation tool supports practical testing, and the approach enhances efficiency and trust by ensuring equitable data access within digital ecosystems.
Download

Paper Nr:	74
Title:	Evaluating the Efficacy of LINDDUN GO for Privacy Threat Modeling for Local Renewable Energy Communities
Authors:	Oliver Langthaler, Günther Eibl, Lars-Kevin Klüver and Andreas Unterweger
Abstract:	While security is considered an essential aspect of the design and implementation of many systems, privacy is often overlooked, especially in early planning phases. Although methodologies for the identification of privacy threats have been proposed, the number of studies outlining their practical application is limited. As a consequence, practical experience with these methods is sparse. This raises questions about their practicality and applicability for the energy domain. As a first step towards the assessment of the practical properties, we apply a lightweight version of the most prominent methodology, LINDDUN GO, to an intelligent charging use case for local renewable energy communities that is based on load forecasting. We find that one of the main advantages of LINDDUN GO is the completeness of the analysis, which was able to identify not only a built-in privacy deficiency but also unforeseen privacy threats for the considered use case. However, we also found that LINDDUN GO is not applicable for all privacy categories: Detectability was not assessable since it required detailed information that was not contained in our data flow graph in the design phase. In contrast, non-compliance was treated too generically, its intention is more to complete the list of important topics.
Download

Paper Nr:	82
Title:	Improving Locally Differentially Private Graph Statistics Through Sparseness-Preserving Noise-Graph Addition
Authors:	Sudipta Paul, Julián Salas and Vicenç Torra
Abstract:	Differential privacy allows to publish graph statistics in a way that protects individual privacy while still allowing meaningful insights to be derived from the data. The centralized privacy model of differential privacy assumes that there is a trusted data curator, while the local model does not require such a trusted authority. Local differential privacy is commonly achieved through randomized response (RR) mechanisms. This does not preserve the sparseness of the graphs. As most of the real-world graphs are sparse and have several nodes, this is a drawback of RR-based mechanisms, in terms of computational efficiency and accuracy. We thus, propose a comparative analysis through experimental analysis and discussion, to compute statistics with local differential privacy, where, it is shown that preserving the sparseness of the original graphs is the key factor to gain that balance between utility and privacy. We perform several experiments to test the utility of the protected graphs in terms of several sub-graph counting i.e. triangle, and star counting and other statistics. We show that the sparseness preserving algorithm gives comparable or better results in comparison to the other state of the art methods and improves computational efficiency.
Download

Paper Nr:	89
Title:	Secure Visual Data Processing via Federated Learning
Authors:	Pedro Santos, Tânia Carvalho, Filipe Magalhães and Luís Antunes
Abstract:	As the demand for privacy in visual data management grows, safeguarding sensitive information has become a critical challenge. This paper addresses the need for privacy-preserving solutions in large-scale visual data processing by leveraging federated learning. Although there have been developments in this field, previous research has mainly focused on integrating object detection with anonymization or federated learning. However, these pairs often fail to address complex privacy concerns. On the one hand, object detection with anonymiza-tion alone can be vulnerable to reverse techniques. On the other hand, federated learning may not provide sufficient privacy guarantees. Therefore, we propose a new approach that combines object detection, federated learning and anonymization. Combining these three components aims to offer a robust privacy protection strategy by addressing different vulnerabilities in visual data. Our solution is evaluated against traditional centralized models, showing that while there is a slight trade-off in accuracy, the privacy benefits are substantial, making it well-suited for privacy sensitive applications.
Download

Paper Nr:	90
Title:	Leash: A Transparent Capability-Based Sandboxing Supervisor for Unix
Authors:	Mahya Soleimani Jadidi and Jonathan Anderson
Abstract:	In computer security, the principle of least privileges or denial by default is a practical approach to mitigate the risk against potential attacks. However, providing least-privileged applications is a challenge without source code modification, system privilege, or configuration changes. In this paper, we introduce Leash, a transparent application sandboxing supervisor for Unix systems designed based on FreeBSD’s Capsicum framework. Leash provides required resources to programs based on sandbox restrictions and policies predefined by the user without requiring root privilege. The approach is transparent to the code and the user, eliminating the need for any source code modification and deep knowledge about the underlying security framework. We evaluated this system by sandboxing a set of widely used Unix utilities and real-world installer scripts. Leash is designed to be expandable for becoming a general-purpose sandboxing service for Unix. Our evaluations show that the system achieves robust security while maintaining efficient performance.
Download

Paper Nr:	91
Title:	Flexible Noise Based Robustness Certification Against Backdoor Attacks in Graph Neural Networks
Authors:	Hiroya Kato, Ryo Meguro, Seira Hidano, Takuo Suganuma and Masahiro Hiji
Abstract:	Graph neural networks (GNNs) are vulnerable to backdoor attacks. Although empirical defense methods against such attacks are effective to some extent, they may be bypassed by adaptive attacks. Thus, recently, robustness certification that can certify the model robustness against any type of attack has been proposed. However, existing certified defenses have two shortcomings. The first one is that they add uniform defensive noise to the entire dataset, which degrades the robustness certification. The second one is that unnecessary computational costs for data with different sizes are required. To address them, in this paper, we propose flexible noise based robustness certification against backdoor attacks in GNNs. Our method can flexibly add defensive noise to binary elements in an adjacency matrix with two different probabilities. This leads to improvements in the model robustness because the defender can choose appropriate defensive noise depending on datasets. Additionally, our method is applicable to graph data with different sizes of adjacency matrices because a calculation in our certification depends only on the size of attack noise. Consequently, computational costs for the certification are reduced compared with a baseline method. Our experimental results on four datasets show that our method can improve the level of robustness compared with a baseline method. Furthermore, we demonstrate that our method can maintain a higher level of robustness with larger sizes of attack noise and poisoning.
Download

Paper Nr:	95
Title:	Security Analysis of a Color Image Encryption Scheme Based on a Fractional-Order Hyperchaotic System
Authors:	George Teşeleanu
Abstract:	In 2022, Hosny et al. introduce an image encryption scheme that employs a fractional-order chaotic system. Their approach uses the hyper-chaotic system to generate the system’s main parameter, namely a secret permutation which is dependent on the size and the sum of the pixels of the source image. According to the authors, their scheme offers adequate security (i.e. 498 bits) for transmitting color images over unsecured channels. Nevertheless, in this paper we show that the scheme’s security is independent on the secret parameters used to initialize the hyper-chaotic system. More precisely, we provide a chosen plaintext/ciphertext attack whose complexity is O(6(WH)2) and needs WH oracle queries, where W and H are the width and the height of the encrypted image. For example, for an image of size 4000×3000 (12 megapixels image) we obtain a security margin of 49.61 bits, which is 10 times lower than the claimed bound.
Download

Paper Nr:	99
Title:	Security Analysis of Biased Basis for Efficient BB84
Authors:	Hiroki Yamamuro, Shohei Beppu, Kazuhide Fukushima and Shinsaku Kiyomoto
Abstract:	Quantum key distribution (QKD) is a secure protocol for exchanging a secret key that is based on the principles of quantum physics and fulfills information-theoretical security requirements. The first QKD protocol, BB84, was proposed in 1984. Bit information is sent via four types of quantum states, combining two types of the bits and bases in BB84. However, half of the bits are discarded after the basis information is exchanged since a sender and receiver select a basis equally likely. Lo et al. (J. Cryptol.’05) proposed Efficient BB84, in which basis selection is biased to improve the efficiency. The biased basis selection increases the probability that the selected bases match, which results in fewer bits being discarded. This letter describes an attack method against Efficient BB84 that exploits the bias in basis selection and analyzes the security of the method. An eavesdropper intercepts the first part of the quantum states, performs measurements in the basis with high selection probability, and obtains bit information without being detected. We then evaluate the extent to which the obtained bit information compromises the security of the secret key.
Download

Paper Nr:	114
Title:	Using Compact DNSSEC and Self-Signed Certificate to Improve Security and Privacy for Second-Level Domain Resolution
Authors:	Lanlan Pan, Ruonan Qiu and Minghui Yang
Abstract:	DNS is vulnerable to domain hijack attacks and user privacy leakage. DNSSEC is to defend against the domain hijack attack. However, full zone DNSSEC increases the risk of DDoS attacks. In this paper, we propose a secure resolution scheme with compact DNSSEC and self-signed certificates to improve security and privacy for SLD. The compact DNSSEC enhances the security of the NS of SLD. Based on the cooperation of DANE and compact DNSSEC, the authoritative server of SLD can use the self-signed certificates to provide a secure resolution service to mitigate user privacy leakage. Our scheme can reduce the operational burden of full zone DNSSEC and mitigate the DDoS risk for the authoritative server of SLD.
Download

Paper Nr:	142
Title:	Analytical Evaluation of Time-Based Cryptography
Authors:	Mohammed Ramadan, Pranit Gadekar, Veit Hagenmeyer and Ghada Elbez
Abstract:	Recent requirements for secure and timely applications have allowed considerable improvements in time-based cryptographic approaches (TBC) to represent the most critical step toward considering time as an essential factor in modern cryptographic protocols. This paper analyzes the performance and security of TLPs and VDFs, highlighting their trade-offs in efficiency and verifiability, focusing on time-lock puzzles (TLPs) and verifiable delay functions (VDFs). Among all TBC approaches, TLP and VDF are relevant in enforcing timed access and verifiable delay in secure systems due to their resistance against parallel computation and predictable delay. Additionally, we present the security analysis, computational efficiency, and implementation of TLP and VDF basic schemes with practical applications, showing that TLPs are simple but suffer from computation delays. In contrast, VDFs are computationally intensive to be evaluated but efficiently verifiable. Subsequently, we deliver recommendations, analysis, and prospective trend scenarios for assessing security analysis and complexity requirements.
Download

Paper Nr:	144
Title:	Memory-Saving Oblivious RAM for Trajectory Data via Hierarchical Generation of Dummy Access over Untrusted Cloud Environment
Authors:	Taisho Sasada and Bernard Ousmane Sane
Abstract:	The proliferation of smartphones and IoT devices has led to a rapid increase in the generation of trajectory data. Managing this continuously generated data poses a significant burden. To alleviate this burden, cloud databases have become widespread, leading to increased storage of data on servers managed by other individuals and organizations (third parties). However, if there are adversaries among these third parties, viewing the data contents could lead to personal information leaks and privacy violations. Therefore, there are expectations for the use of encrypted databases that allow searching and managing data while it remains encrypted (in ciphertext form), without revealing the contents. Since data owners (clients) encrypt their data before storing it, third parties cannot view the actual content. However, it is known that merely encrypting the data is not sufficient for security, as a vulnerability has been identified where the original data can be inferred from access patterns to the encrypted database even without seeing the actual data content. In this paper, we propose an anonymization method for access patterns on trajectory data in encrypted databases. For anonymization, we apply Oblivious Random Access Memory (ORAM), which generates dummy accesses alongside data aggregation and updates to make the original accesses unidentifiable. Trajectory data is often aggregated and updated on a trajectory basis rather than by individual points. Therefore, directly generating dummy accesses at the point level using ORAM leads to overhead in encrypted memory. In our proposed method, we separate the data storage memory into upper and lower levels to make access patterns unidentifiable at the trajectory level rather than the point level. The lower memory contains single points, while the upper memory contains multiple points (capable of representing part or all of a trajectory), and dummy accesses are generated using ORAM to make upper memory accesses mutually unidentifiable.
Download

Paper Nr:	14
Title:	A Secret Key Spreading Protocol for Extending ETSI Quantum Key Distribution
Authors:	Thomas Prévost, Bruno Martin and Olivier Alibart
Abstract:	This paper presents an information theoretic secure secret key transfer protocol by Quantum Key Distribution (QKD) in the case of multi-hops quantum links between the two correspondents. We aim to transmit a secret between two parties using existing quantum infrastructure in the case where half of the intermediate routers are evil. We recursively divide the secret into Shamir’s shares, which are transmitted through different routes. This protocol has been successfully verified with ProVerif, which grants the secrecy of the transmitted key. We also propose an on-the-fly route discovery algorithm, in case the network is too large for each node to know all possible routes, and provide a formal verification of this algorithm using Maude.
Download

Paper Nr:	22
Title:	A2CT: Automated Detection of Function and Object-Level Access Control Vulnerabilities in Web Applications
Authors:	Michael Schlaubitz, Onur Veyisoglu and Marc Rennhard
Abstract:	In view of growing security risks, automated security testing of web applications is getting more and more important. There already exist capable tools to detect common vulnerability types such as SQL injection or cross-site scripting. Access control vulnerabilities, however, are still a vulnerability category that is much harder to detect in an automated fashion, while at the same time representing a highly relevant security problem in practice. In this paper, we present A2CT, a practical approach for the automated detection of access control vulnerabilities in web applications. A2CT supports most web applications and can detect vulnerabilities in the context of all HTTP request types (GET, POST, PUT, PATCH, DELETE). To demonstrate the practical usefulness of A2CT, an evaluation based on 30 publicly available web applications was done. Overall, A2CT managed to uncover 14 previously unknown vulnerabilities in two of these web applications, which resulted in six published CVE records. To encourage further research, the source code of A2CT is made available under an open-source license.
Download

Paper Nr:	27
Title:	(Deep) Learning About Elliptic Curve Cryptography
Authors:	Diana Maimuţ, Cristian Matei and George Teşeleanu
Abstract:	Motivated by the interest in elliptic curves both from a theoretical (algebraic geometry) and applied (cryptography) perspective, we conduct a preliminary study on the underlying mathematical structure of these mathematical structures. Hence, this paper mainly focuses on investigating artificial intelligence techniques to enhance the efficiency of Schoof’s algorithm for point counting across various elliptic curve distributions, achieving varying levels of success.
Download

Paper Nr:	37
Title:	Is My Data in Your Retrieval Database? Membership Inference Attacks Against Retrieval Augmented Generation
Authors:	Maya Anderson, Guy Amit and Abigail Goldsteen
Abstract:	Retrieval Augmented Generation (RAG) systems have shown great promise in natural language processing. However, their reliance on data stored in a retrieval database, which may contain proprietary or sensitive information, introduces new privacy concerns. Specifically, an attacker may be able to infer whether a certain text passage appears in the retrieval database by observing the outputs of the RAG system, an attack known as a Membership Inference Attack (MIA). Despite the significance of this threat, MIAs against RAG systems have yet remained under-explored. This study addresses this gap by introducing an efficient and easy-to-use method for conducting MIA against RAG systems. We demonstrate the effectiveness of our attack using two benchmark datasets and multiple generative models, showing that the membership of a document in the retrieval database can be efficiently determined through the creation of an appropriate prompt in both black-box and gray-box settings. Moreover, we introduce an initial defense strategy based on adding instructions to the RAG template, which shows high effectiveness for some datasets and models. Our findings highlight the importance of implementing security countermeasures in deployed RAG systems and developing more advanced defenses to protect the privacy and security of retrieval databases.
Download

Paper Nr:	44
Title:	Exploring Attack Paths Using Graph Theory: Case - Microsoft Entra ID Pass-Through Authentication
Authors:	Nestori Syynimaa
Abstract:	Graphs have been used to describe attack paths since the 1990s. They are powerful ways to present complex problems in a relatively simple way. Microsoft Entra ID is an identity and access management (IAM) solution most private and public sector organisations use. As an IAM, it supports multiple authentication methods. One little-researched authentication method is pass-through authentication (PTA). This paper presents the findings of a study researching PTA for novel vulnerabilities. The findings reveal vulnerabilities that enable novel PTA-related attacks, allowing threat actors to gain remote, persistent, and undetectable access to the target organisation’s Entra ID. Threat actors could exploit these vulnerabilities to create backdoors, harvest credentials, and perform DoS attacks. The found attack paths were depicted in the PTA Attack Graph, which is the main contribution of this paper.
Download

Paper Nr:	64
Title:	Towards Efficient Cloud Data Processing: A Comprehensive Guide to CKKS Parameter Selection
Authors:	Modjtaba Gharibyar, Clemens Krüger and Dominik Schoop
Abstract:	Cloud computing offers scalability, cost efficiency, and the ability to process large data volumes. However, security and privacy concerns deter many organizations from migrating sensitive data to the cloud. Traditional encryption protects data at rest and in transit but requires decryption for processing, exposing plaintext to cloud providers or attackers. Fully homomorphic encryption (FHE) addresses this issue by enabling computations directly on encrypted data. Among available FHE schemes, CKKS stands out for its relatively good performance but requires careful parameter tuning to balance security, precision, memory use, and runtime efficiency. This paper explores CKKS’s practical application by analyzing the impact of parameter configurations on these aspects, demonstrated through prototypical statistical computations. It also provides key criteria for selecting and optimizing parameters to meet desired security and performance levels. The findings simplify CKKS parameter management for non-experts, offering practical guidance for user-friendly implementation.
Download

Paper Nr:	70
Title:	On the Effect of Dataset Size and Composition for Privacy Evaluation
Authors:	Danai Georgiou, Carlos Franzreb and Tim Polzehl
Abstract:	Speaker anonymization is the practice of concealing a speaker’s identity and is commonly used for privacy protection in voice biometrics. As proposed by the Voice Privacy Challenge (VPC), Automatic Speaker Verification (ASV) currently represents the de facto standard for privacy evaluation; it includes extracting speaker embeddings from speech samples, which are compared with a trained PLDA back-end model. We implement this ASV system to systematically explore the influence of two factors on the ASV performance: a) the amount of speakers to be evaluated, and b) the amount of utterances per speaker to be compared. The experimentation encompasses the privacy evaluation of the StarGANv2-VC and the kNN-VC on the LibriSpeech dataset. The experimental results indicate that the validity and reliability of privacy scores inherently depend on the evaluation dataset. It is, furthermore, demonstrated that limiting the number of speakers and utterances per speaker can reduce the evaluation time by 99%, while maintaining the reliability of the scores at a comparative level.
Download

Paper Nr:	102
Title:	EK-Means: Towards Making Ensemble K-Means Work for Image-Based Data Analysis Without Prior Knowledge of K
Authors:	Danping Niu, Yuan Ping, Yujian Liu, Fanxi Wei and Wenhong Wu
Abstract:	Despite its widespread application, K-means is significantly constrained by its dependence on the prior knowledge and its limitations in handling irregular data patterns, which restrict its performance in practical scenarios such as malware detection. To address these shortcomings, a novel EK-means algorithm is proposed. It introduces a dynamic cluster adaptation strategy (DCAS) to leverage similarity and separation measures in the pre-clustering phase to enable adaptive splitting and merging of clusters. The continuous refinement of cluster compactness and centroid representativeness in this approach facilitates the discovery of clusters with arbitrary shapes and the automatic discovery of the true number of clusters. Experimental results show that EK-means achieves high clustering accuracy across multiple datasets, including Fashion-MNIST, Virus MNIST, BIG 2015, and Malimg. It notably excels in malware detection tasks, outperforming some existing mainstream K-means enhancement methods.
Download

Paper Nr:	106
Title:	User Authentication on Remote Connections with Siamese Networks Using Keyboard Usage Behavior and Corresponding Noise Performances
Authors:	Mehmet Fide and Emin Anarim
Abstract:	The investigation into user authentication via analysis of keyboard usage behaviors has garnered considerable attention in the literature, resulting in numerous published works on the subject. Continually, novel metric-based or artificial intelligence-based authenticators are introduced, with their respective advantages being documented. However, none of these studies have evaluated the performance of these authenticators when the system is accessed from a remote computer or through a cloud-based environment. This study aims to address this gap by observing users’ keyboard usage behaviors through a remote terminal over a network. Utilizing the Carnegie Mellon University (CMU) dataset, features were transmitted over a local network using various protocols to assess the impact of delay variations on the performance of three newly proposed classifiers in addition to the 17 existing classifiers in the literature. Furthermore, to bolster the practical findings, a mathematical model incorporating network delays as input was proposed, and the performances of the studied classifiers were compared at different signal-to-noise ratios.
Download

Paper Nr:	111
Title:	De-Anonymization of Health Data: A Survey of Practical Attacks, Vulnerabilities and Challenges
Authors:	Hamza Aguelal and Paolo Palmieri
Abstract:	Health data ranks among the most sensitive personal information disclosing serious details about individuals. Although anonymization is used, vulnerabilities persist, leading to de-anonymization and privacy risks highlighted by regulations like the General Data Protection Regulation (GDPR). This survey examines de-anonymization attacks on health datasets, focusing on methodologies employed, data targeted, and the effectiveness of current anonymization practices. Unlike previous surveys that lack consensus on essential empirical questions, we provide a comprehensive summary of practical attacks, offering a more logical perspective on real-world risk. Our investigation systematically categorizes these practical attacks, revealing insights into success rates, generality and reproducibility, new analytics used, and the specific vulnerabilities they exploit. The study covers health-related datasets, including medical records, genomic data, electrocardiograms (ECGs), and neuroimaging, highlighting the need for more robust anonymization. Significant challenges remain in the literature despite existing reviews. We advocate for stronger data safeness by improving anonymization methods and advancing research on de-anonymization and assessment within healthcare.
Download

Paper Nr:	113
Title:	Privacy Preservation for Machine Learning in IIoT Data via Manifold Learning and Elementary Row Operations
Authors:	E. Fatih Yetkin and Tuğçe Ballı
Abstract:	Modern large-scale production sites are highly data-driven and need large computational power due to the amount of the data collected. Hence, relying only on in-house computing systems for computational workflows is not always feasible. Instead, cloud environments are often preferred due to their ability to provide scalable and on-demand access to extensive computational resources. While cloud-based workflows offer numerous advantages, concerns regarding data privacy remain a significant obstacle to their widespread adoption, particularly in scenarios involving sensitive data and operations. This study aims to develop a computationally efficient privacy protection (PP) approach based on manifold learning and the elementary row operations inspired from the lower-upper (LU) decomposition. This approach seeks to enhance the security of data collected from industrial environments, along with the associated machine learning models, thereby protecting sensitive information against potential threats posed by both external and internal adversaries within the collaborative computing environment.
Download

Paper Nr:	146
Title:	Connected Vehicles Data Classification and the Influence of a Sustainable Data Governance for Optimal Utilisation of In-Vehicle Data
Authors:	Ali Karimi, Asma Adnane, Iain W. Phillips and Elhadj Benkhelifa
Abstract:	The growth of connected vehicles and their associated services has endowed them with the remarkable ability to rapidly generate vast volumes of data. This proliferation has led to an increasing demand for effective data governance solutions. This paper delves into the exploration of currently available in-vehicle data, meticulously assessing the aspects of data velocity and heterogeneity. By scrutinising these factors, the paper aims to pinpoint and address critical gaps in how to deal with in-vehicle data, ultimately striving to create a seamless platform for managing and harnessing in-vehicle data. This project explores approaches for various connected vehicle communications, including V2V, V2I, and V2X, to define data feeds in the connected vehicle data landscape. The results of the study could influence the design of in-vehicle data governance by providing information on a stronger integrated framework, helping data owners and users make informed decisions about managing their data assets.
Download

Paper Nr:	159
Title:	Device-Bound vs. Synced Credentials: A Comparative Evaluation of Passkey Authentication
Authors:	Andre Büttner and Nils Gruschka
Abstract:	With passkeys, the FIDO Alliance introduces the ability to sync FIDO2 credentials across a user’s devices through passkey providers. This aims to mitigate user concerns about losing their devices and promotes the shift toward password-less authentication. As a consequence, many major online services have adopted passkeys. However, credential syncing has also created a debate among experts about their security guarantees. In this paper, we categorize the different access levels of passkeys to show how syncing credentials impacts their security and availability. Moreover, we use the established framework from Bonneau et al.’s Quest to Replace Passwords and apply it to different types of device-bound and synced passkeys. By this, we reveal relevant differences, particularly in their usability and security, and show that the security of synced passkeys is mainly concentrated in the passkey provider. We further provide practical recommendations for end users, passkey providers, and relying parties.
Download

Area 3 - Applications and Services

Full Papers

Paper Nr:	15
Title:	A Hybrid Approach for Detecting SQL-Injection Using Machine Learning Techniques
Authors:	Hari Krishna, Jared Oluoch and Junghwan Kim
Abstract:	SQL injection is a common web hacking technique that allows hackers to gain unauthorized access to a database. These database breaches may have far-reaching financial consequences to individuals, organizations, and the society. This paper introduces an innovative approach that combines Naive Bayes, Long Short-Term Memory (LSTM), and Random Forest to enhance the detection and mitigation of SQL injections. By extracting and analyzing data through the sequential application of Naive Bayes and LSTM algorithms, the proposed methodology uniquely synthesizes their outputs to inform a Random Forest classifier, aiming to optimize accuracy in identifying potential threats. The efficacy of this approach is validated through comprehensive testing, yielding a significant improvement in detection accuracy compared to conventional methods. Findings demonstrate the potential of integrating diverse machine learning techniques for cybersecurity applications and pave the way for future advancements in the automated detection of SQL injection and other similar cyber threats. The implications of this research extend to developing more secure web environments, ultimately contributing to the broader field of information security.
Download

Paper Nr:	26
Title:	CyLLM-DAP: Cybersecurity Domain-Adaptive Pre-Training Framework of Large Language Models
Authors:	Khang Mai, Razvan Beuran and Naoya Inoue
Abstract:	Recently, powerful open-source models LLMs, such as Llama 3, have become alternatives to commercial ones, especially in sensitive or regulated industries. In cybersecurity, most LLM utilization relies on custom fine-tuning or post-training methods, such as prompt engineering. Although domain-adaptive pre-training has been proven to improve the model’s performance in the specialized domain, it is less used in cybersecurity due to the cumbersome implementation effort. This paper introduces CyLLM-DAP, a framework for expediting the domain specialization process of LLMs in cybersecurity by simplifying data collecting, preprocessing, and pre-training stages in low-resource settings. We demonstrate how CyLLM-DAP can be utilized to collect, process data, and develop cybersecurity-specific LLMs (CyLLMs) based on state-of-the-art open-source models (Llama 3 and Mistral v0.3). The effectiveness of domain-adaptive pre-training is confirmed via two experiments for text classification and Q&A tasks. Our evaluation results show that, when compared with general base or instruct models, injecting the LLMs with cybersecurity knowledge allows the models to generally perform better in every fine-tuning epoch for the text classification task; and brings a performance gain of up to 4.75% for the Q&A task (comparable to domain-adaptive pre-training in other domains). The framework, the generated CyLLMs, and the data are publicly available for use in cybersecurity applications.
Download

Paper Nr:	47
Title:	Assessing the Effectiveness of an LLM-Based Permission Model for Android
Authors:	Roberto Milanese, Michele Guerra, Michele Daniele, Giovanni Fabbrocino and Fausto Fasano
Abstract:	With the widespread use of mobile apps, users are frequently required to make decisions about app permissions. However, most people lack the knowledge to fully understand the consequences of their choices. Apps often request access to sensitive data, sometimes in the background and without clear justification, making users the weakest link in the security chain. This inadvertently exposes them to privacy breaches and malicious activities. Despite improvements, Android’s permission system remains inadequate in helping users make informed, real-time decisions. In this paper, we investigate the feasibility of an approach to address this critical gap that leverages the power of Large Language Models (LLMs) and Multi-Modal Large Language Models (MLLMs). We propose a system that dynamically evaluates permission requests by analyzing the full context of the UI on mobile app screens. Unlike traditional permission models, which rely on static rules or user input, our approach integrates seamlessly into existing systems, interpreting the relationships between UI elements and requested permissions to make aware, real-time decisions about whether the request is necessary or potentially harmful. Our evaluation on 123,552 UI screens from 70 popular Android apps revealed promising results, reaching 81% accuracy. By reducing the cognitive load on users and offering real-time protection against security threats or supporting a more informed choice by the user, our system can enhance existing permission models, providing a step towards smarter and safer mobile ecosystems. This solution paves the way for integrating intelligent permission systems that proactively shield users from risks while ensuring data security without overwhelming them with complex decisions.
Download

Paper Nr:	58
Title:	Scrooge: Detection of Changes in Web Applications to Enhance Security Testing
Authors:	Fabio Büsser, Jan Kressebuch, Martín Ochoa, Valentin Zahnd and Ariane Trammell
Abstract:	Due to the complexity of modern web applications, security testing is a time-consuming process that heavily relies on manual interaction with various analysis tools. This process often needs to be repeated for newer versions of previously tested applications, as new functionalities frequently introduce security vulnerabilities. This paper introduces scrooge, a tool that automates change detection in web application functionality to enhance the efficiency and focus of the security testing process. We evaluate scrooge on various platforms, demonstrating its ability to reliably detect a range of changes. Scrooge successfully identifies different types of changes, showcasing its applicability across diverse scenarios with high accuracy.
Download

Paper Nr:	80
Title:	Privacy Policies in Medium-Sized European Town Administrations: A Comparative Analysis of English and German-Speaking Countries
Authors:	Henry Hosseini
Abstract:	The General Data Protection Regulation (GDPR) has been in force since May 2018. Organizations and individuals must comply with this legislation if they collect or process the personal information of residents of the European Union. Prior research has focused on the examination of the privacy policies of the most frequently visited websites or mobile applications with the highest number of installations. The present study assesses the privacy policies of a less explored field: medium-sized town administrations. For this purpose, we analyzed and evaluated 644 privacy policies collected in Austria, Germany, and Ireland, focusing on their coverage of different data practice categories and GDPR-related dictionary phrases. We employed semi-automated data collection methods, deep learning and NLP techniques, and manual labor to perform this analysis. Our findings provide insight into the privacy policy landscape of medium-sized town administrations, where Austria and Germany exhibit a higher average coverage of GDPR data practice categories than Ireland.
Download

Paper Nr:	98
Title:	HybridMTD: Enhancing Robustness Against Adversarial Attacks with Ensemble Neural Networks and Moving Target Defense
Authors:	Kimia Tahayori, Sherif Saad, Mohammad Mamun and Saeed Samet
Abstract:	Adversarial attacks compromise the integrity of machine learning models, posing significant risks in critical fields like autonomous driving, healthcare, and finance, where accuracy and security are paramount. Existing defenses against these attacks primarily involve adversarial training or architectural modifications to the models. However, many of these approaches are model-specific, limiting their applicability to other models and potentially degrading overall performance, including accuracy and generalization. Thus, there is a pressing need to explore model-agnostic defense strategies that do not rely on adversarial training, offering more adaptable and reliable solutions across various models. This study aims to evaluate the effectiveness of HybridMTD. This novel defense strategy integrates Moving Target Defense (MTD) with ensemble neural network models to enhance robustness against adversarial attacks without requiring adversarial training or internal changes to model architectures. By dynamically selecting a subset of models from a diverse pool for each evaluation and utilizing majority voting, HybridMTD increases unpredictability and strengthens the resilience of the defense mechanism. We conducted extensive experiments across four datasets—MNIST (image), Twitter Sentiment (text), KDD (tabular), and MIT-BIH (signals)—and assessed HybridMTD against seven advanced attacks, including evasion and poisoning attacks. The results consistently show that HybridMTD outperforms traditional MTD strategies and single-model methods, maintaining high accuracy and robustness across diverse attack types and datasets. This research underscores the potential of HybridMTD as an effective defense strategy, significantly improving model security and laying the foundation for further exploration of advanced defense mechanisms.
Download

Paper Nr:	132
Title:	Telosian: Reducing False Positives in Real-Time Cyber Anomaly Detection by Fast Adaptation to Concept Drift
Authors:	Iker Antonio Olarra Maldonado, Erik Meeuwissen, Puck de Haan and Rob van der Mei
Abstract:	We propose Telosian∗, an unsupervised anomaly detection model that dynamically adapts to concept drift. Telosian uses a novel update scheme that measures drift and adapts the model accordingly. We show that our update is faster than existing methods and results in an increased detection performance by reducing false positives. In practice this will also reduce the workload of security teams. Moreover, through our experiments, we show the importance of considering concept drift when deploying models. Further, the proposed model is designed to be easily implemented in practice, taking into account the ease of deployment and reducing operational costs without sacrificing detection performance. Additionally, we provide clear guidelines on how such an implementation should be done. Moreover, we investigate the presence of drift in popular datasets and conclude that the amount of drift is limited. We call on the academic community to develop more (cyber security) datasets that capture drift.
Download

Paper Nr:	152
Title:	Large Language Models in Cybersecurity: State-of-the-Art
Authors:	Farzad Nourmohammadzadeh Motlagh, Mehrdad Hajizadeh, Mehryar Majd, Pejman Najafi, Feng Cheng and Christoph Meinel
Abstract:	The rise of Large Language Models (LLMs) has revolutionized our comprehension of intelligence bringing us closer to Artificial Intelligence. Since their introduction, researchers have actively explored the applications of LLMs across diverse fields, significantly elevating capabilities. Cybersecurity, traditionally resistant to data-driven solutions and slow to embrace machine learning, stands out as a domain. This study examines the existing literature, providing a thorough characterization of both defensive and adversarial applications of LLMs within the realm of cybersecurity. Our review not only surveys and categorizes the current landscape but also identifies critical research gaps. By evaluating both offensive and defensive applications, we aim to provide a holistic understanding of the potential risks and opportunities associated with LLM-driven cyberse-curity.
Download

Paper Nr:	164
Title:	SGX-PrivInfer: A Secure Collaborative System for Quantifying and Mitigating Attribute Inference Risks in Social Networks
Authors:	Hervais Simo and Michael Kreutzer
Abstract:	The growing popularity of Online Social Networks (OSNs) over the past decade has led to a significant portion of the global population sharing diverse personal information online, including relationship status, political affiliations, and religious views. However, research has shown that adversaries, such as third-party application providers and law enforcement agencies, can aggregate and correlate seemingly innocuous, publicly available data across various platforms. This process can uncover sensitive insights about individuals, often far beyond what users intend or realize they are disclosing. To mitigate this challenge, it is essential to provide OSN users with enhanced transparency and control over their digital footprints and the associated risks of attribute inference, as emphasized by regulations like the EU General Data Protection Regulation (GDPR). Innovative solutions in this domain often rely on Privacy Inference Detection Technologies (PIDTs), which empower users to understand and manage such risks. However, existing PIDTs raise significant privacy concerns, as they typically require highly sensitive data to be transferred to cloud services for analysis, exposing it to potential misuse or unauthorized access. To address these limitations, we introduce SGX-PrivInfer, a novel architecture that enables OSN users to collaboratively and securely detect and quantify attribute inference risks based on public profile data aggregated from multiple OSN domains. SGX-PrivInfer leverages Trusted Execution Environments (TEEs) to safeguard the confidentiality of both user data and the underlying attribute inference models, even in the presence of curious adversaries, such as cloud service providers. In its current design, we utilize Intel SGX as the implementation of TEEs to achieve these security guarantees. Our performance evaluation, conducted on real-world OSN datasets, demonstrates that SGX-PrivInfer is both practical and capable of supporting real-time processing. To the best of our knowledge, SGX-PrivInfer is the first architecture and implementation of a PIDT that offers strong security guarantees, data protection, and accountability, all backed by Intel SGX’s hardware-enforced isolation and integrity mechanisms.
Download

Short Papers

Paper Nr:	19
Title:	The Dual-Edged Sword: The Impact of Large Language Models in Network Infrastructure Security
Authors:	David Debono and Anastasia Sare
Abstract:	Large Language Models (LLMs) have become essential tools for network infrastructure and security engineers, assisting in a wide range of daily administrative tasks. However, the widespread use of these models without adequate cybersecurity expertise could potentially compromise network security. This study examines the compliance of various LLMs, including GPT-3.5, GPT-4, Microsoft Copilot, and Gemini, with CIS benchmarks. We evaluate the capabilities and limitations of these models in adhering to MySQL and MongoDB CIS benchmarks on a Linux system using both qualitative and quantitative metrics. Four distinct test cases were developed to assess the performance of GPT-3.5 and GPT-4. The first test evaluated the models' compliance and knowledge of security standards without explicitly mentioning the standards. The second test assessed the models' zero-shot knowledge when CIS benchmarks were explicitly referenced, while the third test examined the effectiveness of follow-up prompts based on the results of the second test. In the fourth test, GPT-4 was provided with the actual standard in PDF format. Additionally, the zero-shot capabilities of Gemini and Microsoft Copilot were also evaluated. Among the models tested, GPT-4 demonstrated the highest compliance with CIS benchmarks, particularly in zero-shot learning and assisted scenarios. However, challenges were noted with certain configurations, and the use of prompt engineering techniques proved crucial in maximizing compliance. With a maximum score of 76.3% compliance, the findings suggest that while LLMs can assist in providing secure configurations aligned with international standards, expert knowledge and supervision remain essential to mitigate potential vulnerabilities.
Download

Paper Nr:	31
Title:	Investigating the Effectiveness of Zero–Trust Architecture for Satellite Cybersecurity
Authors:	Masrur Masqub Utsash, Georgios Kavallieratos, Konstantinos Antonakopoulos and Sokratis Katsikas
Abstract:	The increasing adoption of edge computing platforms poses significant challenges to traditional perimeter-based security architectures. Zero–Trust architecture has gained traction and is now widely utilized as the preferred security architecture in critical infrastructures. However, even though the advantages of using such architecture towards improving the cybersecurity posture of satellites have been analyzed, very little has been done in demonstrating such advantages by experimenting with an implementation of the architecture. In this paper, we experimentally investigate the effectiveness of Zero–Trust architecture in improving satellite cybersecurity by analyzing two critical attacks against satellites. We describe the experimental setup and the experimentation process, and we present and discuss our findings, that demonstrate that zero-trust architecture is successful in mitigating attacks that would otherwise disrupt the operations of the satellite.
Download

Paper Nr:	51
Title:	Defense Against Backdoor Attacks on Image Retrieval Models Through Strategic Manipulations
Authors:	Hung-Lei Lee, Chun-Shien Lu and Jia-Ching Wang
Abstract:	This research introduces a novel defense mechanism for image retrieval models that effectively mitigates risks associated with backdoor attacks through targeted image transformations. By utilizing strategic techniques such as the removal of lines or columns of pixels and horizontal flipping, and dynamically adjusting transformations based on saliency maps generated by the RISE technique, our method disrupts potential triggers embedded within the images. These adaptations are refined through extensive testing to ensure they maintain the Mean Average Precision (MAP) of clean samples without adversely affecting system functionality. Preliminary experimental results demonstrate that our defense effectively counteracts advanced image retrieval backdoor attacks, significantly enhancing the security of image retrieval systems. This approach allows the image retrieval system to operate efficiently, preserving high accuracy and functionality under normal operating conditions, and effectively neutralizing threats without extensive retraining or system redesign.

Paper Nr:	52
Title:	RiVS: Reputation in VoIP Systems
Authors:	Bruno Freitas Cruz and Bruno Sousa
Abstract:	Voice-over-IP (VoIP) technology revolutionised telecommunications through inexpensive and flexible communications. Its growing user base worldwide across various sectors, including business, healthcare, and telecommunications, originates from the rising demand for VoIP services, which exposes VoIP systems to multiple threats. RiVS combines a reputation system based on the Alpha-Beta distribution to further enhance the security of VoIP systems to protect against toll fraud, authentication attacks, and Spam over Internet Telephony (SPIT). RiVS is integrated with the Asterisk server (known as IP PBX or VoIP server) operating as an intermediary between the VoIP server and the reputation system. RiVS is able to parse user authentication or call attempts to determined if they should be flagged, dropped, or allowed through the system. The reputation system keeps records of positive and negative actions. Experimental procedures were conducted to evaluate system resources usage and response time. With results showing actions performed promptly with few system resources, for consideration of cloud and on-premises deployments.
Download

Paper Nr:	63
Title:	Cybersecurity Fundamentals Training Among Middle School Students: Building a Strong Foundation
Authors:	Qingsong Zhao, Urska Cvek and Kevin Zhao
Abstract:	Cyber threats and cybercrimes pose serious challenges for individuals and organizations. Cybersecurity awareness (CSA) training helps mitigate these risks, but its effectiveness depends on accurately assessing participants' CSA levels. Without a solid understanding of cybersecurity fundamentals (CSF), trainees often overestimate their awareness. This study investigates the impact of foundational cybersecurity knowledge on self-assessment accuracy in a CSA training program. Conducted during a summer camp for 61 middle school students, the research involved five phases of targeted instruction and evaluations. We developed a comprehensive program with pre-, mid-, and post-training evaluations to measure participants' awareness. The findings reveal that while students initially overestimated their CSA, training improved both their quiz scores and self-assessment accuracy. This study provides valuable insights into the design of effective CSA training programs and self-assessment tools, offering practical guidelines for middle school students and broader audiences.
Download

Paper Nr:	69
Title:	Autonomous Cyber Defence by Quantum-Inspired Deep Reinforcement Learning
Authors:	Wenbo Feng, Sanyam Vyas and Tingting Li
Abstract:	With the rapid advancement of computing technologies, the frequency and complexity of cyber-attacks have escalated. Autonomous Cyber Defence (ACD) has emerged to combat these threats, aiming to train defensive agents that can autonomously respond to cyber incidents at machine speed and scale, similar to human defenders. One of the main challenges in ACD is enhancing the training efficiency of defensive agents in complex network environments, typically using Deep Reinforcement Learning (DRL). This work addresses this challenge by employing quantum-inspired methods. When coupled with Quantum-Inspired Experience Replay (QER) buffers and the Quantum Approximate Optimization Algorithm (QAOA), we demonstrate an improvement in training the defence agents against attacking agents in real-world scenarios. While QER and QAOA show great potential for enhancing agent performance, they introduce substantial computational demands and complexity, particularly during the training phase. To address this, we also explore a more practical and efficient approach by using QAOA with Prioritised Experience Replay (PER), achieving a balance between computational feasibility and performance.
Download

Paper Nr:	71
Title:	Distributed Machine Learning and Multi-Agent Systems for Enhanced Attack Detection and Resilience in IoT Networks
Authors:	Gustavo Funchal, Tiago Pedrosa, Fernando de la Prieta and Paulo Leitão
Abstract:	The exponential growth of connected devices, including sensors, mobile devices, and various Internet of Things (IoT) devices, has resulted in a substantial increase in data generation. Traditionally, data analysis involves transferring data to cloud computing systems, leading to latency issues and excessive network traffic. Edge computing emerges as a promising solution by bringing processing closer to the data sources. However, edge computing faces challenges, particularly in terms of limited computational power, which can create constraints in the execution of machine learning (ML) tasks. This paper aims to analyze strategies for distributing ML tasks among multiple nodes based on multi-agent systems (MAS) technology to have a collaborative approach and compare these strategies to provide an overview of best practices for achieving the optimal performance in intrusion detection for Industrial Internet of Things (IIoT). In this way, the well-known CICIoT2023 data set was used, and centralized and distributed ML techniques were implemented, and evaluated. The distributed edge ML approach achieved promising results, presenting an improvement of between 7.73% and 32.18% in the correction of wrong predictions of detection of attacks on IoT devices, significantly improving the precision and recall of the applied techniques.
Download

Paper Nr:	100
Title:	The Digital Loophole: Evaluating the Effectiveness of Child Age Verification Methods on Social Media
Authors:	Fatmaelzahraa Eltaher, Rahul Krishna Gajula, Luis Miralles-Pechuán, Christina Thorpe and Susan Mckeever
Abstract:	Social media platforms are an integral part of daily life for nearly five billion people worldwide. However, the growing presence of underage users on these platforms raises significant concerns regarding children’s exposure to harmful content and its impact on their mental health. This paper examines the effectiveness of age verification measures implemented on leading platforms Facebook, YouTube, Instagram, TikTok, Snapchat, and X. We evaluate the age verification processes required for account creation by simulating the registration steps for minors on these platforms. We also compare these methods to best practices in online age assurance in finance, betting and public transportation sectors. IEEE provides a standard for evaluating the age assurance of a platform or service. Our study benchmarks each platform’s approach against the IEEE standard for robustness. Our research identifies gaps that allow underage users to easily bypass existing age restrictions, with particular practices such as allowing disposable emails and basic browser refreshes further weakening self-declared age checks. The findings highlight the need for more robust age verification measures by social media applications to support their stated age limit policies. This work emphasises the urgent need for stronger and more reliable age verification methods to align the digital age of consent across EU member states and beyond with the minimum age requirements on social media.
Download

Paper Nr:	104
Title:	Adaptive Ensemble Defense: Mitigating NLP Adversarial Attacks with Data-Augmented Voting Mechanisms
Authors:	Amira Abdelbaky, Sherif Saad and Mohammad Mamun
Abstract:	Natural Language Processing (NLP) applications have become essential in today’s digital landscape, enabling systems to interpret, generate, and interact through human language. Despite their usefulness, NLP models are highly vulnerable to adversarial attacks, where subtle input modifications can result in incorrect predictions, compromising their reliability in real-world applications. This paper introduces a novel, model-agnostic defense strategy aimed at mitigating evasion adversarial attacks using a dynamic ensemble of data augmentation techniques with a weighted voting mechanism. Our approach generates multiple input transformations via diverse augmenters, with the final prediction based on a confidence-weighted aggregation of each transformation’s outcome. This inference-time defense approach eliminates the need for costly retraining often required by adversarial training methods. We evaluate the effectiveness of our method against four models —BERTIMDB, BERTSST−2, RoBERTaIMDB, and RoBERTaSST−2— to evaluate the efficacy of the proposed defense against different NLP attacks. The models achieved an attack mitigation success rate of 76.08%, 75.29%, 70.98%, and 67.45%, respectively. Results demonstrate that this scalable and flexible technique effectively enhances model robustness, allowing for adjustments in transformation parameters, weight assignments, and augmentation methods, making it adaptable to dynamic threat landscapes and paving the way for a moving target defense strategy.

Paper Nr:	108
Title:	Hybrid Classical Quantum Learning Model Framework for Detection of Deepfake Audio
Authors:	Atul Pandey and Bhawana Rudra
Abstract:	Artificial intelligence (AI) has simplified individual tasks compared to earlier times. However, it also enables the creation of fake images, audio, and videos that can be misused to tarnish the reputation of a person on social media. The rapid advancement of deepfake technology presents significant challenges in detecting such fabricated content. Therefore, in this paper, we particularly focus on the deepfake audio detection. Many Classical models exist to detect deepfake audio, but they often overlook critical audio features, and training these models can be computationally resource-intensive. To address this issue, we used a real-time AI-generated fake speech dataset, which includes all the necessary features required to train models and used Quantum Machine Learning (QML) techniques, which follow principles of quantum mechanics to process the data simultaneously. We propose a hybrid Classical-Quantum Learning Model that takes advantage of Classical and Quantum Machine Learning. The hybrid model is trained on a real-time AI-generated fake speech dataset, and we compare the performance with existing Classical and Quantum models in this area. Our results show that the hybrid Classical-Quantum model gives an accuracy of 98.81% than the Quantum Support vector Machine (QSVM) and Quantum Neural Network (QNN).
Download

Paper Nr:	126
Title:	Comprehensive Feature Selection for Machine Learning-Based Intrusion Detection in Healthcare IoMT Networks
Authors:	Muaan Ur Rehman, Rajesh Kalakoti and Hayretdin Bahşi
Abstract:	The rapid growth of the Internet of Medical Things (IoMT) has increased the vulnerability of healthcare networks to cyberattacks. While Machine learning (ML) techniques can effectively detect these threats, their success depends on the quality and quantity of features used for training to improve detection efficiency in IoMT environments, which are typically resource-constrained. In this paper, we aim to identify the best-performing feature sets for IoMT networks, as measured by classification performance metrics such as F1-score and accuracy, while considering the trade-offs between resource requirements and detection effectiveness. We applied an ML workflow that benchmarks various filter-based feature selection methods for ML-based intrusion detection. To test and train our binary and multi-class models, we used two well-developed IoMT datasets (CICIoMT2024 and IoMT-TrafficData). We applied filter-based feature reduction techniques (Fisher Score, Mutual Information, and Information Gain) for different machine learning models, i.e., Extreme Gradient Boosting (XGBoost), K-Nearest Neighbors (KNN), Decision Tree (DT), and Random Forest (RF). Our study demonstrates that 3-4 features can achieve optimal F1-score and accuracy in binary classification, whereas 7-8 features give reasonable performance in most of the multi-class classification tasks across both datasets. The combination of Information Gain and XGBoost with 15 features provides excellent results in binary and multi-class classification settings. Key features—protocol types, traffic metrics, temporal patterns, and statistical measures—are essential for accurate IoMT attack classification.
Download

Paper Nr:	163
Title:	Exploring Efficiency of Machine Learning in Profiling of Internet of Things Devices for Malicious Activity Detection
Authors:	Daniil Legkodymov and Dmitry Levshun
Abstract:	Security of Internet of Things devices is becoming an increasingly important task. The number of devices connected to the network is constantly growing, as is the threat of cyberattacks. One of the key solutions for this issue is profiling of such devices to improve the protection of systems they are used in. This work presents an approach for profiling of Internet of Things devices to detect malicious activity. Using machine learning, this approach allows identifying network events that may indicate cyberattacks. We describe all the main steps of the developed approach, including the processes of collecting and preprocessing data, selecting and training models, as well as testing and evaluating the effectiveness of the proposed solution. The results obtained demonstrate the applicability of our solution to ensure the security of systems with Internet of Things devices, as well as to reduce the security risks associated with such devices.
Download

Paper Nr:	41
Title:	Dynamic-Differential Privacy based on Feature Selection with Improved Usability and Security
Authors:	Sun-Jin Lee, Hye-Yeon Shim, Jung-Hwa Rye and Il-Gu Lee
Abstract:	With the advent of the digital transformation era, the introduction of machine learning (ML) in all industries has accelerated. ML is highly utilized because it can provide various services, such as prediction and classification. However, because the data used in the learning process contain personal information, innumerable people could be harmed if the data are leaked. Differential privacy (DP) techniques have been studied to improve data security. They are improved by adding noise from the data. However, owing to the reduced classification performance of legitimate users, they are difficult to apply in areas that require accurate prediction. This study proposes the dynamic DP based on feature selection (D-DPFS) model. D-DPFS can improve usability and security by applying DP only to privacy-related features. Experiment results indicate that D-DPFS increases the prediction accuracy to 96.37% from a usability perspective. Additionally, for users who have predefined data to prevent information leakage, security was improved by adjusting the number of features to which DP was applied according to the number of privacy features.
Download

Paper Nr:	43
Title:	Attackers’ Profiling Based on Multi-Attack Patterns in SSH Service
Authors:	Kriti Majumdar, Nitesh Kumar, Anand Handa and Sandeep K. Shukla
Abstract:	In the realm of cyber security, profiling attackers’ behaviors provides critical insights that can enhance defensive strategies and improve the security of network services. This paper introduces a methodology for profiling attackers through the analysis of multi-attack patterns on Secure Shell (SSH) services. We develop a comprehensive framework that utilizes both predefined rule-based techniques and advance machine learning techniques to classify attack types and link them to specific attacker profiles. By analyzing logs from SSH services that comprise various SSH attack incidents, we identify common and distinct behavioral patterns that help in predicting future attacks and identifying the likely attributes of attackers. Our attacker profiling system addresses the five key ‘wh’ questions: who is causing the attack, when the attack occurred, how the attack was executed, from where the attack originated, and what type of attack was carried out. The results demonstrate that our approach is highly effective not only at detecting security threats but also at profiling them, which allows for the the development of specific and effective countermeasures. This methodology significantly enhances the ability to anticipate and mitigate a wide range of attack vectors, strengthening overall cybersecurity resilience.
Download

Paper Nr:	96
Title:	LLM-Based Fine-Grained ABAC Policy Generation
Authors:	Khang Mai, Nakul Ghate, Jongmin Lee and Razvan Beuran
Abstract:	The central practice in the development of Attribute-Based Access Control (ABAC) is policy generation, for which supervised machine-learning approaches can achieve state-of-the-art performance. However, the scarcity of training data poses challenges for supervised solutions, limiting their practical application. Recently, large language models (LLMs) have demonstrated extraordinary proficiency in various language processing tasks, offering the potential for policy mining in scenarios with only a few training examples. This paper presents an LLM-based generation of fine-grained ABAC policies. The approach utilizes multiple LLMs in a mixture-of-agents mechanism to consider the ABAC scenario from diverse perspectives. Multi-turn interaction and retrieval augmented generation are combined to generate and prepare adequate LLM prompting context. In the evaluation, we conduct experiments within an Industrial Control System (ICS) network, ensuring that the ABAC policies align with specific security guidelines. We explore the feasibility of utilizing policies generated by LLMs directly in the access control decision-making process. By leveraging ground truth data, we implement an optimization module that refines the priority values of these policies, ultimately achieving an impressive F1 score of 0.994, showing that LLMs have the potential to generate fine-grained ABAC policies for real IT networks.
Download

Paper Nr:	112
Title:	Navigating the Security Challenges of LLMs: Positioning Target-Side Defenses and Identifying Research Gaps
Authors:	Malte Josten, Matthias Schaffeld, René Lehmann and Torben Weis
Abstract:	Large Language Models (LLMs) have revolutionized various domains with their ability to generate human-like text, yet their misuse has introduced significant cybersecurity risks. Malicious actors exploit LLMs to create personalized phishing attacks, spread misinformation, and develop sophisticated malware, reducing the expertise and resources needed to execute such threats. The unrestricted accessibility of some LLMs further amplifies these risks, as they can circumvent existing safeguards and enhance a range of attack vectors. Current countermeasures primarily focus on restricting harmful content generation, but challenges persist, especially with unregulated or open-source LLMs. To address these limitations, a shift toward target-side detection and mitigation strategies is critical. We examine prevalent LLM-based attack methods and their implications for cybersecurity, emphasizing the need for robust defenses. We propose five core criteria—adaptability, compatibility, efficiency, effectiveness, and usability—for designing and evaluating countermeasures. An assessment of state-of-the-art solutions reveals significant gaps in adaptability and usability, highlighting areas for improvement. By addressing these challenges, we aim to guide the development of comprehensive security measures that safeguard the benefits of LLMs while mitigating their potential for misuse, ensuring digital trust and resilience in the face of evolving threats.
Download

Paper Nr:	129
Title:	Randomizing Forger Selection to Improve Decentralization in Proof of Stake Consensus Protocol
Authors:	Syed Badruddoja, Sasi Kiran Kanduri and Ram Dantu
Abstract:	In proof-of-stake consensus protocols, the inherent design often favors wealthier participants, perpetuating a cycle where the rich become richer, thereby consolidating control over validation and block creation. This dynamic discourages broader participation, as lower-stake nodes are discouraged from contributing to block creation and transaction processing, undermining the fundamental principle of equitable decentralization. This research introduces a hash power-based consensus protocol that provides opportunities to low-stakes validators. We extend an existing work of hash-power-based consensus protocol to increase randomization of validator selection. Moreover, we raise the decentralization factor by extending a ’hash power’ metric, which is calculated from the minted and native stakes of a participant. The proposed consensus algorithm enhances the network’s forgers and validators selection mechanism, raising the entropy of the validator selection to 0.80 and fairness to 0.45, which is a significant improvement to coinage-based validator selection.
Download

Paper Nr:	130
Title:	Evaluating and Defending Backdoor Attacks in Image Recognition Systems
Authors:	Syed Badruddoja, Bashar Najah Allwza and Ram Dantu
Abstract:	Machine learning algorithms face significant challenges from model poisoning attacks, posing a severe threat to their reliability and security. Understanding a model poison attack requires statistical analysis through evaluation with multi-parameter attributes. Currently, there are many evaluation strategies for such attacks. However, they often lack comprehensive evaluation and analysis. Moreover, The defense strategies are outdated and require retraining of models with fresh data. We perform a systematic evaluation of backdoor model poisoning attacks using the MNIST digit recognition dataset with respect to the size of the sample and pixel. The observed analysis of our results demonstrates that successful attacks require the manipulation of a minimum of 20 pixels and 1,000 samples. To counter this, we propose a novel defense mechanism utilizing morphological filters. Our method effectively mitigates the impact of poisoned data without requiring any retraining of the model. Furthermore, our approach achieves a prediction accuracy of 96% while avoiding any backdoor trigger-based prediction.
Download