Cybersecurity: trends, issues, and challenges,EURASIP Journal on Information Security

当前位置： X-MOL 学术 › EURASIP J. Info. Secur. › 论文详情

Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)

Cybersecurity: trends, issues, and challenges
EURASIP Journal on Information Security ( IF 2.5 ) Pub Date : 2018-07-20 , DOI: 10.1186/s13635-018-0080-0
Krzysztof Cabaj , Zbigniew Kotulski , Bogdan Księżopolski , Wojciech Mazurczyk

In today’s Internet-connected world where technologies underpin almost every facet of our society, cybersecurity and forensic specialists are increasingly dealing with wide ranging cyber threats in almost real-time conditions. The capability to detect, analyze, and defend against such threats in near real-time conditions is not possible without employment of threat intelligence, big data, and machine learning techniques. For example, when a significant amount of data is collected from or generated by different security monitoring solutions, intelligent and next-generation big-data analytical techniques are necessary to mine, interpret, and extract knowledge of these unstructured/structured (big) data. Thus, this gives rise to cyber threat intelligence and analytic solutions, such as big data, artificial intelligence, and machine learning, to perceive, reason, learn, and act against cyber adversary tactics, techniques, and procedures.

In this special issue, we are delighted to present a selection of six papers, which, in our opinion, will contribute to the enhancement of knowledge in cybersecurity. The collection of high-quality research papers provides a view on the latest research advances and results in the field of digital forensics and to present the development of tools and techniques which assist the investigation process of potentially illegal cyber activity. The fifth generation (5G) networks are still under construction, and their architecture is in a forming phase. There are several reports and white papers, especially these connected with the 5G Infrastructure Public Private Partnership (5G PPP), which attempt to precise 5G architectural requirements presenting them from different points of view, including techno-socio-economic aspects and technological constraints. All of them consider the network slicing as a central point, often strengthening slices with slice isolation.

The first paper “Towards constructive approach to end-to-end slice isolation in 5G networks” by Zbigniew Kotulski, Tomasz Wojciech Nowak, Mariusz Sepczuk, Marcin Tunia, Rafal Artych, Krzysztof Bocianiak, Tomasz Osko, and Jean-Philippe Wary [1] examines the isolation capabilities and selected approaches to its realization in network slicing context. As the 5G architecture is still evolving, the specification of isolated slice operation and management brings new requirements that need to be addressed, especially in a context of end-to-end (E2E) security. Its main purpose is presenting recent trends in slice isolation and a set of challenges faced in this field. These challenges could be a step from the concept of 5G networks to proof-of-concept solutions which provide E2E user’s security based on slice isolation. According to authors’ suggestions, the crucial features are proper slice design and establishment, security at interfaces, suitable access protocols, correct virtual resource sharing, and a dedicated adaptable management and orchestration architecture (MANO). Two main secure isolation challenges are presented in more details: a proper definition of isolation parameters and designing suitable MANO system.

The next article also focuses on 5G networks cybersecurity but from different perspective. The paper by Filipo Sharevski entitled “Towards 5G Cellular Network Forensics” [2] presents features of the 5G cellular networks which can be used during forensic process. At the first part of the paper, lawful interception (LI) and lawful access location service (LALS) mechanism of the LTE network are presented with details. These mechanisms, of course after obtaining a court warrant by the LEAs (Law Enforcing Agencies), allow access to the connections metadata, in the LTE called Interception Related Information (IRI), or even to the whole content of the communications. The second, most important part of the paper concerns how related functions can be implemented in the 5G network. Advantages of the 5G network are built using many techniques, to mentioned few, CUPS (Control and User Plane Separation), NFV (Network Functional Virtualization), network slicing, and CIoT (Cellular Internet-of-Things). These mechanisms are not developed with dedicated LI and LALS functionality, and to enable it, some additional efforts are needed. The author of the paper presents some ideas and/or solution to overcome this problem. The paper is very infesting, as these mechanisms are seldom described and utilized by the researchers.

In the article entitled “Foundations and applications of artificial Intelligence for zero-day and multi-step attack detection authored” by Pierre Parrend, Julio Navarro, Fabio Guigou, Aline Deruyver, and Pierre Collet [3], another analysis of multi-step attack is presented. In this paper, the authors provide a review of the two main approaches for tracking hard-to-find cyberattacks: statistical analysis and machine learning, which are the two domains of data analysis. The authors propose a comprehensive framework for the study of complex attacks and related analysis strategies through statistical tools, on the one side, and machine learning tools, one the other side. It puts these complex attacks in perspective with their core applications in the security domain: detection and investigation. Transaction traces analysis is a key utility for marketing, trend monitoring, and fraud detection purposes. A good source of such traces are Points-of-Sale (POS) which are devices representing the transactions’ checkout processes.

The data obtained from the traces is an effective source of information about shoppers, their purchases, and behaviors. The transaction traces can also be used for designing and verification of contextual risk management systems for card-present transactions.

In the paper “POS-originated transaction traces as a source of contextual information for risk management systems in EFT transactions” by Albert Sitek and Zbigniew Kotulski [4], the authors have presented a novel approach to collect detailed transaction traces directly from payment terminals. Thanks to that, it is possible to analyze each transaction’s step precisely, including its frequency and timing. The authors have used such an approach to analyze the collected data based on real-life experiment. They also presented important findings for designers of such payment systems to extend their functionalities.

The next paper is entitled “OMMA: open architecture for Operator-guided Monitoring of Multi-step Attacks” authored by Julio Navarro, Veronique Legrand, Aline Deruyver, and Pierre Parrend [5]. The authors propose the architecture of an engineering system called OMMA, Operator-guided Monitoring of Multi-step Attacks, for integration of multi-step attack detection methods working with heterogeneous sets of events. OMMA proposes a framework for merging different detection techniques in order to improve research collaborations and profit from past work. The main contribution of OMMA is that it offers to the research community an open platform where no matter which multi-step attack detection algorithm based on event correlation could be integrated.

Finally, the paper “Detection of Spoofed and Non-Spoofed DDoS Attacks and Discriminating them from Flash Crowds” by Gera Jaideep and Bhanu Prakash Battula [6] focuses on introducing a novel methodology that is able to detect different types of DDoS attacks. Moreover, the proposed solution is able to differentiate such attacks from the benign flash crowd effect (which currently is perceived as a very challenging task). The presented comprehensive methodology takes into account various network traffic dynamic parameters like source entropy and traffic entropy and investigates different thresholds in order to be capable of correctly recognizing spoofed and non-spoofed DDoS attacks and flash crowd scenario. To prove that their solution is effective and efficient, the authors provide in the paper also extensive results of experiments conducted with the use of NS-2 simulator.

To summarize, we believe that this special issue will contribute to enhancing knowledge in cybersecurity. In addition, we also hope that the presented results will stimulate further research in the important areas of information and network security. We also want to thank the Editors-in-Chief of the EURASIP Journal on Information Security, the researchers contributing to the special issue, and excellent reviewers for their great help and support that made this special issue possible.

1.
Z Kotulski, T.W Nowak, M Sepczuk, M Tunia, R Artych, K Bocianiak, T Osko and J-P Wary (2018). Towards constructive approach to end-to-end slice isolation in 5G networks. EURASIP Journal on Information Security, 2018, 2, Published on: 20 March 2018 https://doi.org/10.1186/s13635-018-0072-0.
2.
F Sharevski (2018). Towards 5G cellular network forensics. Eurasip Journal on Information Security, 2018, 8, Published on: 11 July 2018 https://doi.org/10.1186/s13635-018-0078-7.
3.
P Parrend, J Navarro, F Guigou, A Deruyver and P Collet (2018). Foundations and applications of artificial intelligence for zero-day and multi-step attack detection. EURASIP Journal on Information Security 2018,4, Published on: 24 April 2018 https://doi.org/10.1186/s13635-018-0074-y.
4.
A Sitek and Z Kotulski (2018). POS-originated transaction traces as a source of contextual information for risk management systems in EFT transactions. EURASIP Journal on Information Security 2018,5, Published on: 27 April 2018 https://doi.org/10.1186/s13635-018-0076-9.
5.
J Navarro, V Legrand, A Deruyver and P Parrend (2018). OMMA: open architecture for operator-guided monitoring of multi-step attacks. Eurasip Journal on Information Security, 2018,6. Published on: 2 May 2018 https://doi.org/10.1186/s13635-018-0075-x.
6.
G Jaideep and B.P Battula (2018). Detection of spoofed and non-spoofed DDoS attacks and discriminating them from flash crowds. Eurasip Journal on Information Security, 2018:9. Published on: 16 July 2018 https://doi.org/10.1186/s13635-018-0079-6.

Download references

Affiliations

Institute of Computer Sciences, WUT, Nowowiejska 15/19, 00-665, Warsaw, Poland
- Krzysztof Cabaj
Institute of Telecommunications, WUT, Nowowiejska 15/19, 00-665, Warsaw, Poland
- Zbigniew Kotulski
- & Wojciech Mazurczyk
Faculty of Mathematics, Physics and Computer Science, UMCS, pl. Marii Curie-Sk lodowskiej 5, 20-031, Lublin, Poland
- Bogdan Księżopolski

Authors

Krzysztof CabajView author publicationsYou can also search for this author in
- PubMed
- Google Scholar
Zbigniew KotulskiView author publicationsYou can also search for this author in
- PubMed
- Google Scholar
Bogdan KsiężopolskiView author publicationsYou can also search for this author in
- PubMed
- Google Scholar
Wojciech MazurczykView author publicationsYou can also search for this author in
- PubMed
- Google Scholar

Contributions

All authors actively participated in discussions, read and approved the final manuscript. All authors read and approved the final manuscript.

Corresponding author

Correspondence to Krzysztof Cabaj.

Competing interests

The authors declare that they have no competing interests.

Publisher’s Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Open Access This article is distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution, and reproduction in any medium, provided you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license, and indicate if changes were made.

Reprints and Permissions

Cite this article

Cabaj, K., Kotulski, Z., Księżopolski, B. et al. Cybersecurity: trends, issues, and challenges. EURASIP J. on Info. Security 2018, 10 (2018). https://doi.org/10.1186/s13635-018-0080-0

Download citation

Received: 11 July 2018
Accepted: 12 July 2018
Published: 20 July 2018
DOI: https://doi.org/10.1186/s13635-018-0080-0

中文翻译：

网络安全：趋势，问题和挑战

在当今互联网连接的世界中，技术几乎支撑着我们社会的方方面面，网络安全和法医专家越来越多地在几乎实时的条件下应对各种网络威胁。如果不使用威胁情报，大数据和机器学习技术，就无法在接近实时的条件下检测，分析和防御此类威胁。例如，当从不同的安全监控解决方案中收集或生成大量数据时，必须使用智能和下一代大数据分析技术来挖掘，解释和提取这些非结构化/结构化（大）数据的知识。因此，这带来了网络威胁情报和分析解决方案，例如大数据，人工智能和机器学习，

在本期特刊中，我们很高兴介绍六篇论文，我们认为这些论文将有助于增强网络安全知识。高质量的研究论文集提供了有关数字取证领域最新研究进展和成果的观点，并介绍了有助于调查潜在非法网络活动的工具和技术的发展。第五代（5G）网络仍在建设中，其架构处于形成阶段。有几份报告和白皮书，尤其是与5G基础设施公私合作伙伴关系（5G PPP）相关的报告和白皮书，它们试图从不同角度（包括技术，社会经济方面和技术限制）提出精确的5G架构要求，以呈现它们。

Zbigniew Kotulski，Tomasz Wojciech Nowak，Mariusz Sepczuk，Marcin Tunia，Rafal Artych，Krzysztof Bocianiak，Tomasz Osko和Jean-Philippe Wary [1]发表了第一篇论文“迈向5G网络端到端切片隔离的建设性方法”。在网络切片上下文中研究了隔离功能和实现隔离的选择方法。随着5G架构的不断发展，隔离片操作和管理的规范带来了需要解决的新要求，尤其是在端到端（E2E）安全的情况下。其主要目的是介绍切片隔离的最新趋势以及该领域面临的一系列挑战。这些挑战可能是从5G网络概念到概念验证解决方案的一步，该解决方案基于切片隔离为E2E用户提供安全性。根据作者的建议，关键功能包括适当的切片设计和建立，接口的安全性，适当的访问协议，正确的虚拟资源共享以及专用的可自适应管理和业务流程架构（MANO）。更详细地介绍了两个主要的安全隔离挑战：正确定义隔离参数和设计合适的MANO系统。

下一篇文章还从不同的角度关注5G网络的网络安全。Filipo Sharevski发表的题为“迈向5G蜂窝网络取证”的论文[2]介绍了可以在取证过程中使用的5G蜂窝网络的功能。在本文的第一部分，详细介绍了LTE网络的合法侦听（LI）和合法访问定位服务（LALS）机制。当然，这些机制在获得LEA（法律执行机构）的法院批准后，可以访问LTE中称为“侦听相关信息”（IRI）的连接元数据，甚至可以访问通信的全部内容。该论文的第二个最重要的部分涉及如何在5G网络中实现相关功能。5G网络的优势是使用多种技术构建的，仅举几例，CUPS（控制和用户平面分离），NFV（网络功能虚拟化），网络切片和CIoT（蜂窝物联网）。这些机制不是使用专用的LI和LALS功能开发的，要启用它，需要付出额外的努力。本文的作者提出了一些解决这个问题的想法和/或解决方案。由于研究人员很少描述和利用这些机制，因此论文引起了极大的反响。

在Pierre Parrend，Julio Navarro，Fabio Guigou，Aline Deruyver和Pierre Collet [3]撰写的标题为“零日和多步攻击检测的人工智能的基础和应用”的文章中，多步攻击的另一种分析被呈现。在本文中，作者回顾了跟踪难以发现的网络攻击的两种主要方法：统计分析和机器学习，这是数据分析的两个领域。作者一方面提出了一种综合框架，用于通过统计工具研究复杂的攻击及相关分析策略，另一方面通过机器学习工具进行研究。它将这些复杂的攻击与它们在安全领域中的核心应用（即检测和调查）结合在一起。交易跟踪分析是用于营销，趋势监视和欺诈检测目的的关键实用工具。这种跟踪的一个很好的来源是销售点（POS），它们是代表交易的结帐过程的设备。

从跟踪获得的数据是有关购物者，他们的购买和行为的有效信息来源。交易跟踪还可以用于设计和验证用于卡存在交易的上下文风险管理系统。

Albert Sitek和Zbigniew Kotulski [4]在论文“ POS起源的交易痕迹作为EFT交易中的风险管理系统的上下文信息的来源” [4]中，作者提出了一种新颖的方法，可以直接从支付终端收集详细的交易踪迹。因此，可以精确地分析每个事务的步骤，包括其频率和时间。作者已经使用这种方法基于现实生活的实验来分析收集的数据。他们还为此类支付系统的设计人员提供了重要的发现，以扩展其功能。

下一篇论文的标题为“ OMMA：用于操作员指导的多步攻击监控的开放式体系结构”，由Julio Navarro，Veronique Legrand，Aline Deruyver和Pierre Parrend撰写[5]。作者提出了一种称为OMMA的工程系统的体系结构，即操作员指导的多步攻击监视，用于集成处理异类事件的多步攻击检测方法。OMMA提出了一个框架，用于合并不同的检测技术，以改善研究合作并从过去的工作中获利。OMMA的主要贡献在于，它为研究社区提供了一个开放平台，无论基于事件相关性的多步攻击检测算法都可以集成到该平台中。

最后，Gera Jaideep和Bhanu Prakash Battula [6]撰写的论文“检测欺骗性和非欺骗性DDoS攻击并从闪存人群中区分出来” [6]着重介绍了一种能够检测不同类型的DDoS攻击的新颖方法。此外，提出的解决方案能够将此类攻击与良性闪存人群效应区分开来（目前，这种效应被认为是一项非常具有挑战性的任务）。所提出的综合方法论考虑了各种网络流量动态参数，如源熵和流量熵，并研究了不同的阈值，以便能够正确识别欺骗性和非欺骗性的DDoS攻击和闪存人群情况。为了证明他们的解决方案是有效和高效的，

总而言之，我们认为，这一特殊问题将有助于增强网络安全知识。此外，我们也希望提出的结果将刺激在信息和网络安全重要领域的进一步研究。我们还要感谢《EURASIP信息安全期刊》的总编辑，为该期特刊做出贡献的研究人员以及出色的审稿人，他们的大力帮助和支持使本期特刊得以实现。

1。
Z Kotulski，TW Nowak，M Sepczuk，M Tunia，R Artych，K Bocianiak，T Osko和JP Wary（2018）。迈向5G网络端到端切片隔离的建设性方法。EURASIP信息安全杂志，2018年第2期，发布于：2018年3月20日https://doi.org/10.1186/s13635-018-0072-0。
2。
F Sharevski（2018）。迈向5G蜂窝网络取证。《欧洲信息安全杂志》，2018年8月，发布于：2018年7月11日https://doi.org/10.1186/s13635-018-0078-7。
3。
P Parrend，J Navarro，F Guigou，A Deruyver和P Collet（2018）。零日和多步攻击检测的人工智能基础和应用。EURASIP信息安全杂志2018,4，出版于：2018年4月24日https://doi.org/10.1186/s13635-018-0074-y。
4。
Sitek和Z Kotulski（2018）。POS起源的交易跟踪是EFT交易中风险管理系统的上下文信息源。EURASIP信息安全杂志2018，5，发布于：2018年4月27日https://doi.org/10.1186/s13635-018-0076-9。
5，
J Navarro，V Legrand，A Deruyver和P Parrend（2018）。OMMA：开放式体系结构，用于由操作员指导的多步攻击监视。Eurasip信息安全期刊，2018,6。发布于：2018年5月2日https://doi.org/10.1186/s13635-018-0075-x。
6。
G Jaideep和BP Battula（2018）。检测欺骗性和非欺骗性的DDoS攻击，并将其与大量用户区分开。Eurasip信息安全杂志，2018：9。发布于：2018年7月16日https://doi.org/10.1186/s13635-018-0079-6。