kth.sePublications
Change search
Link to record
Permanent link

Direct link
Publications (10 of 65) Show all publications
Carp, A., Brynielsson, J. & Tegen, A. (2023). Active Learning for Improvement of Classification of Cyberthreat Actors in Text Fragments. In: Proceedings - 22nd IEEE International Conference on Machine Learning and Applications, ICMLA 2023: . Paper presented at 22nd IEEE International Conference on Machine Learning and Applications, ICMLA 2023, Jacksonville, United States of America, Dec 15 2023 - Dec 17 2023 (pp. 1279-1286). Institute of Electrical and Electronics Engineers (IEEE)
Open this publication in new window or tab >>Active Learning for Improvement of Classification of Cyberthreat Actors in Text Fragments
2023 (English)In: Proceedings - 22nd IEEE International Conference on Machine Learning and Applications, ICMLA 2023, Institute of Electrical and Electronics Engineers (IEEE) , 2023, p. 1279-1286Conference paper, Published paper (Refereed)
Abstract [en]

In the domain of cybersecurity, machine learning can offer advanced threat detection. However, the volume of unlabeled data poses challenges for efficient data management. This study investigates the potential for active learning to reduce the effort required for manual data labeling. Through different query strategies, the most informative unlabeled data points were selected for labeling. The performance of different query strategies was assessed by testing a transformer model's ability to accurately distinguish tweets mentioning names of advanced persistent threats. The findings suggest that the K-means diversity-based query strategy outperformed both the uncertainty-based approach and the random data point selection, when the amount of labeled training data was limited. This study also evaluated the cost-effective active learning approach, which incorporates high-confidence data points into the training dataset. However, this was shown to be the least effective strategy.

Place, publisher, year, edition, pages
Institute of Electrical and Electronics Engineers (IEEE), 2023
Keywords
Active learning, advanced persistent threat, cybersecurity, natural language processing
National Category
Computer Sciences
Identifiers
urn:nbn:se:kth:diva-350002 (URN)10.1109/ICMLA58977.2023.00193 (DOI)2-s2.0-85190143463 (Scopus ID)
Conference
22nd IEEE International Conference on Machine Learning and Applications, ICMLA 2023, Jacksonville, United States of America, Dec 15 2023 - Dec 17 2023
Note

Part of ISBN 9798350345346

QC 20240705

Available from: 2024-07-05 Created: 2024-07-05 Last updated: 2024-08-01Bibliographically approved
Brynielsson, J., Cohen, M., Hansen, P., Lavebrink, S., Lindström, M. & Tjörnhammar, E. (2023). Comparison of Strategies for Honeypot Deployment. In: Prakash, BA Wang, D Weninger, T (Ed.), Proceedings Of The 2023 Ieee/Acm International Conference On Advances In Social Networks Analysis And Mining, Asonam 2023: . Paper presented at 15th IEEE/ACM Annual International Conference on Advances in Social Networks Analysis and Mining (ASONAM), NOV 06-09, 2023, Kusadasi, Turkey (pp. 612-619). Association for Computing Machinery (ACM)
Open this publication in new window or tab >>Comparison of Strategies for Honeypot Deployment
Show others...
2023 (English)In: Proceedings Of The 2023 Ieee/Acm International Conference On Advances In Social Networks Analysis And Mining, Asonam 2023 / [ed] Prakash, BA Wang, D Weninger, T, Association for Computing Machinery (ACM) , 2023, p. 612-619Conference paper, Published paper (Refereed)
Abstract [en]

Recent experimental studies have explored how well adaptive honeypot allocation strategies defend against human adversaries. As the experimental subjects were drawn from an unknown, nondescript pool of subjects using Amazon Mechanical Turk, the relevance to defense against real-world adversaries is unclear. The present study reproduces the experiments with more relevant experimental subjects. The results suggest that the strategies considered are less effective against attackers from the current population. In particular, their ability to predict the next attack decreased steadily over time, that is, the human subjects from this population learned to attack less and less predictably.

Place, publisher, year, edition, pages
Association for Computing Machinery (ACM), 2023
Series
Proceedings of the IEEE-ACM International Conference on Advances in Social Networks Analysis and Mining, ISSN 2473-9928
Keywords
Cybersecurity, honeypot, game theory, defense strategy, behavioral learning
National Category
Computer and Information Sciences
Identifiers
urn:nbn:se:kth:diva-345925 (URN)10.1145/3625007.3631602 (DOI)001191293500097 ()2-s2.0-85190627573 (Scopus ID)
Conference
15th IEEE/ACM Annual International Conference on Advances in Social Networks Analysis and Mining (ASONAM), NOV 06-09, 2023, Kusadasi, Turkey
Note

Part of proceedings ISBN: 979-840070409-3

QC 20240426

Available from: 2024-04-26 Created: 2024-04-26 Last updated: 2024-04-26Bibliographically approved
Hansen, P., García Lozano, M., Kamrani, F. & Brynielsson, J. (2023). Real-time estimation of heart rate in situations characterized by dynamic illumination using remote photoplethysmography. In: Proceedings: 2023 IEEE/CVF Conference on Computer Vision and Pattern Recognition Workshops, CVPRW 2023. Paper presented at 2023 IEEE/CVF Conference on Computer Vision and Pattern Recognition Workshops, CVPRW 2023, Vancouver, Canada, Jun 18 2023 - Jun 22 2023 (pp. 6094-6103). Institute of Electrical and Electronics Engineers (IEEE)
Open this publication in new window or tab >>Real-time estimation of heart rate in situations characterized by dynamic illumination using remote photoplethysmography
2023 (English)In: Proceedings: 2023 IEEE/CVF Conference on Computer Vision and Pattern Recognition Workshops, CVPRW 2023, Institute of Electrical and Electronics Engineers (IEEE) , 2023, p. 6094-6103Conference paper, Published paper (Refereed)
Abstract [en]

Remote photoplethysmography (rPPG) is a technique that aims to remotely estimate the heart rate of an individual using an RGB camera. Although several studies use the rPPG methodology, it is usually applied in a laboratory in a controlled environment, where both the camera and the subject are static, and the illumination is ideal for the task. However, applying rPPG in a real-life scenario is much more demanding, since dynamic illumination issues arise. The work presented in this paper introduces a framework to estimate the heart rate of an individual in real-time using an RGB camera in a situation characterized by dynamic illumination. Such situations occur, for example, when either the camera or the subject is moving, and/or the face visibility is limited. The framework uses a face detection program to extract regions of interest on an individual's face. These regions are combined and constitute the input to a convolutional neural network, which is trained to estimate the heart rate in real-time. The method is evaluated on three publicly available datasets, and an in-house dataset specifically collected for the purpose of this study, that includes motions and dynamic illumination. The method shows good performance on all four datasets, outperforming other methods.

Place, publisher, year, edition, pages
Institute of Electrical and Electronics Engineers (IEEE), 2023
National Category
Computer Systems
Identifiers
urn:nbn:se:kth:diva-337848 (URN)10.1109/CVPRW59228.2023.00649 (DOI)2-s2.0-85170820700 (Scopus ID)
Conference
2023 IEEE/CVF Conference on Computer Vision and Pattern Recognition Workshops, CVPRW 2023, Vancouver, Canada, Jun 18 2023 - Jun 22 2023
Note

Part of ISBN 9798350302493

QC 20231010

Available from: 2023-10-10 Created: 2023-10-10 Last updated: 2023-10-10Bibliographically approved
Varga, S., Sommestad, T. & Brynielsson, J. (2022). Automation of Cybersecurity Work. In: Artificial Intelligence and Cybersecurity: Theory and Applications (pp. 67-101). Springer Nature
Open this publication in new window or tab >>Automation of Cybersecurity Work
2022 (English)In: Artificial Intelligence and Cybersecurity: Theory and Applications, Springer Nature , 2022, p. 67-101Chapter in book (Other academic)
Abstract [en]

This chapter examines the conditions for automation of cybersecurity work roles, and the probabilities of them being automated. Further, variables that limit the automation potential for current cybersecurity roles are reviewed. Based on a well-established and widely adopted reference resource that lists typical skill requirements and duties of cybersecurity workers, an assessment of the susceptibility for automation of cybersecurity work was performed by an expert panel. All cybersecurity work descriptions were ranked in terms of proneness for automation according to four criteria: requirements for creativity, social interaction, physical work, and the existence of relevant statistical training data. It was found that technical roles, for example database administrators and data analysts, are easiest to automate. Roles associated with management and accountability, for example, legal advisors and cyber operations planners, are more difficult to automate. Finally, requirements for physical work is a negligible factor when it comes to cybersecurity work automation.

Place, publisher, year, edition, pages
Springer Nature, 2022
National Category
Communication Systems
Identifiers
urn:nbn:se:kth:diva-333031 (URN)10.1007/978-3-031-15030-2_4 (DOI)2-s2.0-85160502522 (Scopus ID)
Note

Part of ISBN 9783031150302 9783031150296

QC 20230725

Available from: 2023-07-25 Created: 2023-07-25 Last updated: 2023-07-25Bibliographically approved
Franke, U., Andreasson, A., Artman, H., Brynielsson, J., Varga, S. & Vilhelm, N. (2022). Cyber situational awareness issues and challenges. In: Ahmed A. Moustafa (Ed.), Cybersecurity and Cognitive Science: (pp. 235-265). Elsevier
Open this publication in new window or tab >>Cyber situational awareness issues and challenges
Show others...
2022 (English)In: Cybersecurity and Cognitive Science / [ed] Ahmed A. Moustafa, Elsevier , 2022, p. 235-265Chapter in book (Other academic)
Abstract [en]

Today, most enterprises are increasingly reliant on information technology to carry out their operations. This also entails an increasing need for cyber situational awareness—roughly, to know what is going on in the cyber domain, and thus be able to adequately respond to events such as attacks or accidents. This chapter argues that cyber situational awareness is best understood by combining three complementary points of view: the technological, the socio-cognitive, and the organizational perspectives. In addition, the chapter investigates the prospects for reasoning about adversarial actions. This part also reports on a small empirical investigation where participants in the Locked Shields cyber defense exercise were interviewed about their information needs with respect to threat actors. The chapter is concluded with a discussion regarding important challenges to be addressed along with suggestions for further research.

Place, publisher, year, edition, pages
Elsevier, 2022
Keywords
Adversarial behavior, Cognition, Cyber situational awareness, Organization, Technology
National Category
Computer and Information Sciences
Identifiers
urn:nbn:se:kth:diva-319570 (URN)10.1016/B978-0-323-90570-1.00015-2 (DOI)2-s2.0-85137911650 (Scopus ID)
Funder
Swedish Armed Forces
Note

Part of book: ISBN 978-0-323-90570-1, QC 20221214

Available from: 2022-12-13 Created: 2022-12-13 Last updated: 2022-12-14Bibliographically approved
Andreasson, A., Artman, H., Brynielsson, J. & Franke, U. (2021). A Census of Swedish Public Sector Employee Communication on Cybersecurity during the COVID-19 Pandemic. In: Proceedings of the International Conference on Cyber Situational Awareness, Data Analytics and Assessment, CyberSA 2021: . Paper presented at International Conference on Cyber Situational Awareness, Data Analytics and Assessment, CyberSA 2021, Dublin, Ireland, June 14-18, 2021 (pp. 1-8). Institute of Electrical and Electronics Engineers (IEEE)
Open this publication in new window or tab >>A Census of Swedish Public Sector Employee Communication on Cybersecurity during the COVID-19 Pandemic
2021 (English)In: Proceedings of the International Conference on Cyber Situational Awareness, Data Analytics and Assessment, CyberSA 2021, Institute of Electrical and Electronics Engineers (IEEE), 2021, p. 1-8Conference paper, Published paper (Refereed)
Abstract [en]

The COVID-19 pandemic has accelerated the digitalization of the Swedish public sector, and to ensure the success of this ongoing process cybersecurity plays an integral part. While Sweden has come far in digitalization, the maturity of cybersecurity work across entities covers a wide range. One way of improving cybersecurity is through communication, thereby enhancing employee cyber situation awareness. In this paper, we conduct a census of Swedish public sector employee communication on cybersecurity at the beginning of the COVID-19 pandemic using questionnaires. The study shows that public sector entities find the same sources of information useful for their cybersecurity work. We find that nearly two thirds of administrative authorities and almost three quarters of municipalities are not yet at the implemented cybersecurity level. We also find that 71 % of municipalities have less than one dedicated staff for cybersecurity.

Place, publisher, year, edition, pages
Institute of Electrical and Electronics Engineers (IEEE), 2021
Keywords
Cybersecurity, COVID-19, public sector, situation awareness
National Category
Computer and Information Sciences
Identifiers
urn:nbn:se:kth:diva-312759 (URN)10.1109/CyberSA52016.2021.9478241 (DOI)2-s2.0-85114209574 (Scopus ID)
Conference
International Conference on Cyber Situational Awareness, Data Analytics and Assessment, CyberSA 2021, Dublin, Ireland, June 14-18, 2021
Funder
Swedish Armed Forces
Note

Part of ISBN 978-1-6654-2529-2QC 20220524

Available from: 2022-05-23 Created: 2022-05-23 Last updated: 2022-06-25Bibliographically approved
Varga, S., Brynielsson, J. & Franke, U. (2021). Cyber-threat perception and risk management in the Swedish financial sector. Computers & security (Print), 105, Article ID 102239.
Open this publication in new window or tab >>Cyber-threat perception and risk management in the Swedish financial sector
2021 (English)In: Computers & security (Print), ISSN 0167-4048, E-ISSN 1872-6208, Vol. 105, article id 102239Article in journal (Refereed) Published
Abstract [en]

The financial sector relies heavily on information systems for business. This study sets out to investigate cyber situational awareness in the financial sector in Sweden, by examining what information elements that are needed for a common operational picture, and exploring how key actors perceive cyber-threats.

Data was collected through a survey and a series of interviews with key actors in the sector in conjunction with a national level crisis management exercise. The data was then analyzed and contrasted to theory. Conclusions were drawn and results discussed. Finally, possible mitigation actions were suggested.

It was found that actors in the Swedish financial sector have a well developed crisis management working concept. However, information about rational adversaries that cause prolonged disturbances is possibly not collected, analyzed and utilized systematically. Much effort is put into ensuring that timely and relevant information from organizations is shared in an efficient manner. The sector perceives cyber-threats against the underlying financial infrastructure, as well as for IT-service availability and data confidentiality, besides financial theft. The sector has particular concerns for the potential of reputational loss due to cyberattacks. There are also special concerns about the insider threat.

Respondents agree that riskmanagement has to account for cyber risk. A possible route to enhance risk management practices is to ensure that cyber personnel are integrated in crisis management teams.

Place, publisher, year, edition, pages
Elsevier, 2021
Keywords
Situation awareness; Common operational picture; Cyber security; Information assurance; Risk management; Financial sector
National Category
Computer and Information Sciences
Identifiers
urn:nbn:se:kth:diva-295001 (URN)10.1016/j.cose.2021.102239 (DOI)000643675100012 ()2-s2.0-85104154982 (Scopus ID)
Funder
Swedish Armed Forces
Note

QC 20210602

Available from: 2021-05-18 Created: 2021-05-18 Last updated: 2022-06-25Bibliographically approved
Aronsson, S., Artman, H., Brynielsson, J., Lindquist, S. & Ramberg, R. (2021). Design of simulator training: a comparative study of Swedish dynamic decision-making training facilities. Cognition, Technology and Work, 23(1), 117-130
Open this publication in new window or tab >>Design of simulator training: a comparative study of Swedish dynamic decision-making training facilities
Show others...
2021 (English)In: Cognition, Technology and Work, ISSN 1435-5558, Vol. 23, no 1, p. 117-130Article in journal (Refereed) Published
Abstract [en]

Simulator training is becoming increasingly important for training of time-critical and dynamic situations. Hence, how simulator training in such domains is planned, carried out and followed up becomes important. Based on a model prescribing such crucial aspects, ten decision-making training simulator facilities have been analyzed from an activity theoretical perspective. The analysis reveals several conflicts that exist between the training that is carried out and the defined training objectives. Although limitations in technology and organization are often alleviated by proficient instructors, it is concluded that there is a need for a structured approach to the design of training to be able to define the competencies and skills that ought to be trained along with relevant measurable training goals. Further, there is a need for a pedagogical model that takes the specifics of simulator training into account. Such a pedagogical model is needed to be able to evaluate the training, and would make it possible to share experiences and make comparisons between facilities in a structured manner.

Place, publisher, year, edition, pages
Springer Nature, 2021
National Category
Human Computer Interaction
Identifiers
urn:nbn:se:kth:diva-268300 (URN)10.1007/s10111-019-00605-z (DOI)000495969900001 ()2-s2.0-85075161552 (Scopus ID)
Note

QC 20220405

Available from: 2020-03-12 Created: 2020-03-12 Last updated: 2022-06-26Bibliographically approved
Andreasson, A., Artman, H., Brynielsson, J. & Franke, U. (2020). A Census of Swedish Government Administrative Authority Employee Communications on Cybersecurity during the COVID-19 Pandemic. In: 2020 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM): . Paper presented at 2020 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM). IEEE
Open this publication in new window or tab >>A Census of Swedish Government Administrative Authority Employee Communications on Cybersecurity during the COVID-19 Pandemic
2020 (English)In: 2020 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM), IEEE, 2020Conference paper, Published paper (Refereed)
Abstract [en]

Cybersecurity is the backbone of a successful digitalization of society, and cyber situation awareness is an essential aspect of managing it. The COVID-19 pandemic has sped up an already ongoing digitalization of Swedish government agencies, but the cybersecurity maturity level varies across agencies. In this study, we conduct a census of Swedish government administrative authority communications on cybersecurity to employees at the beginning of the COVID-19 pandemic. The census shows that the employee communications in the beginning of the pandemic to a greater extent have focused on first-order risks, such as video meetings and telecommuting, rather than on second-order risks, such as invoice fraud or social engineering. We also find that almost two thirds of the administrative authorities have not yet implemented, but only initiated or documented, their cybersecurity policies.

Place, publisher, year, edition, pages
IEEE, 2020
Keywords
Cybersecurity; COVID-19; government; situation awareness
National Category
Computer and Information Sciences
Identifiers
urn:nbn:se:kth:diva-294999 (URN)10.1109/ASONAM49781.2020.9381324 (DOI)000678816900115 ()2-s2.0-85103694467 (Scopus ID)
Conference
2020 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM)
Funder
Swedish Armed Forces
Note

QC 20210802

Available from: 2021-05-18 Created: 2021-05-18 Last updated: 2023-04-05Bibliographically approved
Garcia Lozano, M., Brynielsson, J., Franke, U., Rosell, M., Tjörnhammar, E., Varga, S. & Vlassov, V. (2020). Veracity assessment of online data. Decision Support Systems, 129, Article ID 113132.
Open this publication in new window or tab >>Veracity assessment of online data
Show others...
2020 (English)In: Decision Support Systems, ISSN 0167-9236, E-ISSN 1873-5797, Vol. 129, article id 113132Article in journal (Refereed) Published
Abstract [en]

Fake news, malicious rumors, fabricated reviews, generated images and videos, are today spread at an unprecedented rate, making the task of manually assessing data veracity for decision-making purposes a daunting task. Hence, it is urgent to explore possibilities to perform automatic veracity assessment. In this work we review the literature in search for methods and techniques representing state of the art with regard to computerized veracity assessment. We study what others have done within the area of veracity assessment, especially targeted towards social media and open source data, to understand research trends and determine needs for future research. The most common veracity assessment method among the studied set of papers is to perform text analysis using supervised learning. Regarding methods for machine learning much has happened in the last couple of years related to the advancements made in deep learning. However, very few papers make use of these advancements. Also, the papers in general tend to have a narrow scope, as they focus on solving a small task with only one type of data from one main source. The overall veracity assessment problem is complex, requiring a combination of data sources, data types, indicators, and methods. Only a few papers take on such a broad scope, thus, demonstrating the relative immaturity of the veracity assessment domain.

Place, publisher, year, edition, pages
Elsevier, 2020
Keywords
Veracity assessment, Credibility, Data quality, Online data, Social media, Fake news
National Category
Computer and Information Sciences
Identifiers
urn:nbn:se:kth:diva-268789 (URN)10.1016/j.dss.2019.113132 (DOI)000510956500001 ()2-s2.0-85076227196 (Scopus ID)
Note

QC 20200224

Available from: 2020-02-24 Created: 2020-02-24 Last updated: 2024-05-14Bibliographically approved
Organisations
Identifiers
ORCID iD: ORCID iD iconorcid.org/0000-0002-2677-9759

Search in DiVA

Show all publications