kth.sePublications
Change search
Refine search result
1 - 7 of 7
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Rows per page
  • 5
  • 10
  • 20
  • 50
  • 100
  • 250
Sort
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
Select
The maximal number of hits you can export is 250. When you want to export more records please use the Create feeds function.
  • 1.
    Engström, Viktor
    et al.
    KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Network and Systems Engineering. KTH, School of Electrical Engineering and Computer Science (EECS), Centres, Centre for Cyber Defence and Information Security CDIS.
    Lagerström, Robert
    KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Network and Systems Engineering.
    Two decades of cyberattack simulations: A systematic literature review2022In: Computers & security (Print), ISSN 0167-4048, E-ISSN 1872-6208, Vol. 116, p. 102681-102681, article id 102681Article in journal (Refereed)
    Abstract [en]

    Cyberattack simulations appear across multiple computer security domains and are interpreted in many different but equally viable ways. However, this makes the topic appear fragmented and inconsistent, making it challenging to identify and communicate relevant research. Therefore, this article contributes to a unified baseline by presenting the results of a systematic literature review. The review targeted attack simulations published between 1999 and 2019, specifically those exploring which specific steps result in successful attacks. The search initially produced 647 articles, later reduced to 11 key contributions. Despite being scattered across application domains, their general aims, contributions, and problem statements were remarkably similar. This was despite them generally not citing each other or a common body of work. However, the attack simulations differed in implementation details, such as modeling techniques, attacker decision-making, and how time is incorporated. How to construct a fully unified view of the entire topic is still somewhat unclear, particularly from the 11 articles. However, the results presented here should help orient practitioners and researchers interested in attack simulations regarding both present and future work. Particularly since, despite the seemingly implausible sample, the cumulative evidence suggests that attack simulations have yet to be pursued as a distinct research topic.

  • 2.
    Hammar, Kim
    et al.
    KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Network and Systems Engineering. KTH, School of Electrical Engineering and Computer Science (EECS), Centres, Centre for Cyber Defence and Information Security CDIS.
    Stadler, Rolf
    KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Network and Systems Engineering. KTH, School of Electrical Engineering and Computer Science (EECS), Centres, Centre for Cyber Defence and Information Security CDIS.
    A System for Interactive Examination of Learned Security Policies2022In: Proceedings of the IEEE/IFIP Network Operations and Management Symposium 2022: Network and Service Management in the Era of Cloudification, Softwarization and Artificial Intelligence, NOMS 2022 / [ed] Varga, P Granville, LZ Galis, A Godor, I Limam, N Chemouil, P Francois, J Pahl, M, IEEE, 2022Conference paper (Refereed)
    Abstract [en]

    We present a system for interactive examination of learned security policies. It allows a user to traverse episodes of Markov decision processes in a controlled manner and to track the actions triggered by security policies. Similar to a software debugger, a user can continue or or halt an episode at any time step and inspect parameters and probability distributions of interest. The system enables insight into the structure of a given policy and in the behavior of a policy in edge cases. We demonstrate the system with a network intrusion use case. We examine the evolution of an IT infrastructure's state and the actions prescribed by security policies while an attack occurs. The policies for the demonstration have been obtained through a reinforcement learning approach that includes a simulation system where policies are incrementally learned and an emulation system that produces statistics that drive the simulation runs.

  • 3.
    Hammar, Kim
    et al.
    KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Network and Systems Engineering. KTH, School of Electrical Engineering and Computer Science (EECS), Centres, Centre for Cyber Defence and Information Security CDIS.
    Stadler, Rolf
    KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Network and Systems Engineering. KTH, School of Electrical Engineering and Computer Science (EECS), Centres, Centre for Cyber Defence and Information Security CDIS.
    An Online Framework for Adapting Security Policies in Dynamic IT Environments2022In: 2022 18Th International Conference On Network And Service Management (CNSM 2022): INTELLIGENT MANAGEMENT OF DISRUPTIVE NETWORK TECHNOLOGIES AND SERVICES / [ed] Charalambides, M Papadimitriou, P Cerroni, W Kanhere, S Mamatas, L, IEEE , 2022Conference paper (Refereed)
    Abstract [en]

    We present an online framework for learning and updating security policies in dynamic IT environments. It includes three components: a digital twin of the target system, which continuously collects data and evaluates learned policies; a system identification process, which periodically estimates system models based on the collected data; and a policy learning process that is based on reinforcement learning. To evaluate our framework, we apply it to an intrusion prevention use case that involves a dynamic IT infrastructure. Our results demonstrate that the framework automatically adapts security policies to changes in the IT infrastructure and that it outperforms a stateof-the-art method.

  • 4.
    Hammar, Kim
    et al.
    KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Network and Systems Engineering. KTH, School of Electrical Engineering and Computer Science (EECS), Centres, Centre for Cyber Defence and Information Security CDIS.
    Stadler, Rolf
    KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Network and Systems Engineering. KTH, School of Electrical Engineering and Computer Science (EECS), Centres, Centre for Cyber Defence and Information Security CDIS.
    Intrusion Prevention Through Optimal Stopping2022In: IEEE Transactions on Network and Service Management, E-ISSN 1932-4537, Vol. 19, no 3, p. 2333-2348Article in journal (Refereed)
    Abstract [en]

    We study automated intrusion prevention using reinforcement learning. Following a novel approach, we formulate the problem of intrusion prevention as an (optimal) multiple stopping problem. This formulation gives us insight into the structure of optimal policies, which we show to have threshold properties. For most practical cases, it is not feasible to obtain an optimal defender policy using dynamic programming. We therefore develop a reinforcement learning approach to approximate an optimal threshold policy. We introduce T- SPSA, an efficient reinforcement learning algorithm that learns threshold policies through stochastic approximation. We show that T- SPSA outperforms state-of-the-art algorithms for our use case. Our overall method for learning and validating policies includes two systems: a simulation system where defender policies are incrementally learned and an emulation system where statistics are produced that drive simulation runs and where learned policies are evaluated. We show that this approach can produce effective defender policies for a practical IT infrastructure.

  • 5.
    Hammar, Kim
    et al.
    KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Network and Systems Engineering. KTH, School of Electrical Engineering and Computer Science (EECS), Centres, Centre for Cyber Defence and Information Security CDIS.
    Stadler, Rolf
    KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Network and Systems Engineering. KTH, School of Electrical Engineering and Computer Science (EECS), Centres, Centre for Cyber Defence and Information Security CDIS.
    Learning Near-Optimal Intrusion Responses Against Dynamic Attackers2024In: IEEE Transactions on Network and Service Management, E-ISSN 1932-4537, Vol. 21, no 1, p. 1158-1177Article in journal (Refereed)
    Abstract [en]

    We study automated intrusion response and formulate the interaction between an attacker and a defender as an optimal stopping game where attack and defense strategies evolve through reinforcement learning and self-play. The game-theoretic modeling enables us to find defender strategies that are effective against a dynamic attacker, i.e., an attacker that adapts its strategy in response to the defender strategy. Further, the optimal stopping formulation allows us to prove that best response strategies have threshold properties. To obtain near-optimal defender strategies, we develop Threshold Fictitious Self-Play (T-FP), a fictitious self-play algorithm that learns Nash equilibria through stochastic approximation. We show that T-FP outperforms a state-of-the-art algorithm for our use case. The experimental part of this investigation includes two systems: a simulation system where defender strategies are incrementally learned and an emulation system where statistics are collected that drive simulation runs and where learned strategies are evaluated. We argue that this approach can produce effective defender strategies for a practical IT infrastructure.

  • 6.
    Karlsson, Gunnar
    KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Network and Systems Engineering. KTH, School of Electrical Engineering and Computer Science (EECS), Centres, Centre for Cyber Defence and Information Security CDIS.
    From Campus to Boot Camp-Lessons from Extramural Teaching in Cybersecurity2024In: EDUCON 2024 - IEEE Global Engineering Education Conference, Proceedings, Institute of Electrical and Electronics Engineers (IEEE) , 2024Conference paper (Refereed)
    Abstract [en]

    Work life is rapidly developing owing to digitalization and new work practices. As a consequence, intensive training is needed for working people to acquire new skills and knowledge. Such training might require larger efforts of weeks or months of full time work in order for professionals to get started on new roles at work. For this type of education, the boot camp format may be suitable. It is characterized by a focus on essentials in contents, scheduled work time, and social interaction and support amongst the course participants. This paper presents learning from boot camp training of conscript soldiers and it extends the experiences to training of working professionals. The novelty of the endeavor for the university is that the courses are given on a remote site by instructors without expert knowledge in the field; the university provides curated contents, formal examination and support to the instructors. This setup works well and has been in production for four years with minimal adjustments. It builds on good communication with the instructors, on teaching material structured for independent study, and on peer support among the students. We contrast the format with the popular massive open online courses and discuss how the boot camp format scales in terms of number of courses and course participants with respect to resources, primarily the time of the responsible teachers. The conclusion is that boot camp training should be considered for professional education and that it might not be more demanding for the teachers than any other course format.

  • 7.
    Karlsson, Gunnar
    et al.
    KTH, School of Electrical Engineering and Computer Science (EECS), Centres, Centre for Cyber Defence and Information Security CDIS.
    Lundén, Paola
    Research Institutes of Sweden (RISE).
    Agile Education Imagined: A report from the Cybercampus workshop onAgile Education2023Report (Other (popular science, discussion, etc.))
    Abstract [en]

    Cybercampus Sweden is a national initiative to provide education, research, innovation and advice in cybersecurity and cyber-defense. This brochure addresses needs for cybersecurity training and education. The contents are fictitious courses created from the outcomes of a planning workshop on agile education, conducted by the planning project for Cybercampus Sweden, held on October 17, 2022.

    Download full text (pdf)
    Agile Education Imagined - A fictitious Course Brochure
1 - 7 of 7
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf