Command and Control: Monitoring, defending and exploiting critical infrastructure

Puuska, Samir

dc.contributor.author	Puuska, Samir
dc.date.accessioned	2021-07-26T13:53:44Z
dc.date.available	2021-07-26T13:53:44Z
dc.date.issued	2021
dc.identifier.isbn	978-951-39-8755-8
dc.identifier.uri	https://jyx.jyu.fi/handle/123456789/77207
dc.description.abstract	For securing critical infrastructure, this thesis aims to develop a common operating picture system, establish methods for detecting targeted cyberattacks, and investigate exploits against machine learning -based decision making. A design-science research framework is used, in which the validity is assessed through practical applicability of the solution artifact, and through an iterative requirements–evaluation cycle in close cooperation with key stakeholders. The included studies address three topics: i) common operating picture systems, with emphasis on modeling and analysis methods, ii) neural network -based detection of encrypted malware command and control channels, and iii) one-pixel attacks targeting a neural network -based computer-aided cancer diagnosis. The studies made extensive use of raw data obtained through stakeholder collaboration. In addition, malware network traffic data generated through cybertraining activities on cyber-range environments, and tools used in targeted APT-malware attacks were utilized. A tissue sample -based tool, utilizing neural network technology, for computeraided diagnosis of breast cancer, and associated digitized light microscope samples were used in vulnerability research. The main results include ascertaining the applicability of the design-science research framework to the individual problem fields, and noting the necessity of raw data and stakeholder cooperation. Considering the results by topic, the required modeling and analysis methods could be implemented as a part of a common operating picture system, suitable neural network architectures with validation methods were created in malware traffic detection studies, and a method for producing hostile samples could be found in the study concerning one-pixel attacks. The practical results of the common operating picture -study include an VN TEAS report, produced to support state-level decision making, in which the results of the studies were utilized extensively. With regard to cyberattack detection methods, their suitability for SUNBURSTbackdoor detection was established. With regard to the one-pixel attack, the feasibility of the attack was demonstrated and the first publication considering the attack in a computer-aided diagnostic setting was produced.	en
dc.format.mimetype	application/pdf
dc.language.iso	eng
dc.publisher	Jyväskylän yliopisto
dc.relation.ispartofseries	JYU Dissertations
dc.relation.haspart	<b>Artikkeli I:</b> Puuska S. et al. (2015). Modelling and real-time analysis of critical infrastructure using discrete eventsystems on graph. <i>In 2015 IEEE International Symposium on Technologies for Homeland Security (HST), 2015, pp. 1–5.</i> DOI: <a href="https://doi.org/10.1109/THS.2015.7225330"target="_blank">10.1109/THS.2015.7225330</a>
dc.relation.haspart	<b>Artikkeli II:</b> Puuska S. et al. (2017) Integrated platform for critical infrastructure analysis and common operating picture solutions. In <i>2017 IEEE Internationa lSymposium on Technologies for Homeland Security (HST), 2017, 1–6.</i> DOI: <a href="https://doi.org/10.1109/THS.2017.8093737"target="_blank"> 10.1109/THS.2017.8093737</a>
dc.relation.haspart	<b>Artikkeli III:</b> Puuska S. et al. (2018). Nationwide critical infrastructure monitoring using a common operating picture framework. <i>International Journal of Critical Infrastructure Protection, vol. 20, 28–47.</i> DOI: <a href="https://doi.org/10.1016/j.ijcip.2017.11.005"target="_blank"> 10.1016/j.ijcip.2017.11.005</a>
dc.relation.haspart	<b>Artikkeli IV:</b> Kokkonen T. and Puuska S. (2018). Blue Team Communication and Reporting for Enhancing Situational Awareness from White Team Perspective in Cyber Security Exercises. In <i>Internet of Things, Smart Spaces, and Next Generation Networks and Systems, O. Galinina et al., Eds.. Cham: Springer International Publishing, 277–288.</i> DOI: <a href="https://doi.org/10.1007/978-3-030-01168-0_26"target="_blank"> 10.1007/978-3-030-01168-0_26</a>
dc.relation.haspart	<b>Artikkeli V:</b> Puuska S. et al. (2019). Anomaly-Based Network Intrusion Detection Using Wavelets and Adversarial Autoencoders. In <i>Innovative Security Solutions for Information Technology and Communications, J.-L. Lanet and C. Toma, Eds., Cham: Springer International Publishing, 234–246.</i> DOI: <a href="https://doi.org/10.1007/978-3-030-12942-2_18"target="_blank">10.1007/978-3-030-12942-2_18</a>
dc.relation.haspart	<b>Artikkeli VI:</b> Kokkonen T. et al. (2019). Network Anomaly Detection Based on WaveNet. In <i>Internet of Things, Smart Spaces, and Next Generation Networks and Systems, O. Galinina et al., Eds., Cham:Springer International Publishing, 424–433.</i> DOI: <a href="https://doi.org/10.1007/978-3-030-30859-9_36"target="_blank">10.1007/978-3-030-30859-9_36</a>
dc.relation.haspart	<b>Artikkeli VII:</b> Puuska S. et al. (2020). Statistical Evaluation of Artificial Intelligence -Based Intrusion Detection System. In <i>Trends and Innovations in Information Systems and Technologies, Á. Rocha et al., Eds. Cham: Springer International Publishing, 464–470.</i> DOI: <a href="https://doi.org/10.1007/978-3-030-45691-7_43"target="_blank">10.1007/978-3-030-45691-7_43</a>
dc.relation.haspart	<b>Artikkeli VIII:</b> Sipola T. et al. (2020). Model Fooling Attacks Against Medical Imaging: A Short Survey. <i>Information & Security: An International Journal, vol. 46, no. 2, 215–224.</i> DOI: <a href="https://doi.org/10.11610/isij.4615"target="_blank">10.11610/isij.4615</a>
dc.relation.haspart	<b>Artikkeli IX:</b> Korpihalkola J. et al. (2020). One-pixel Attack Deceives Automatic Detection of Breast Cancer. <i> Computers & Security, under review.</i>
dc.rights	In Copyright
dc.subject.other	critical infrastructure protection	en
dc.subject.other	mathematical modeling	en
dc.subject.other	advanced persistent threat	en
dc.subject.other	intrusion detection	en
dc.subject.other	one-pixel attack	en
dc.subject.other	computer-aided diagnosis	en
dc.subject.other	kriittinen infrastruktuuri	fi
dc.subject.other	matemaattinen mallinnus	fi
dc.subject.other	APT-uhka	fi
dc.subject.other	kyberhyökkäysten havaitseminen	fi
dc.subject.other	yhden pikselin hyökkäys	fi
dc.subject.other	tietokoneavusteinen diagnoosi	fi
dc.title	Command and Control: Monitoring, defending and exploiting critical infrastructure
dc.type	doctoral thesis
dc.identifier.urn	URN:ISBN:978-951-39-8755-8
dc.contributor.tiedekunta	Faculty of Information Technology	en
dc.contributor.tiedekunta	Informaatioteknologian tiedekunta	fi
dc.contributor.yliopisto	University of Jyväskylä	en
dc.contributor.yliopisto	Jyväskylän yliopisto	fi
dc.type.coar	http://purl.org/coar/resource_type/c_db06
dc.relation.issn	2489-9003
dc.rights.copyright	© The Author & University of Jyväskylä
dc.rights.accesslevel	openAccess
dc.type.publication	doctoralThesis
dc.subject.yso	neural networks (information technology)	en
dc.subject.yso	data security	en
dc.subject.yso	cyber attacks	en
dc.subject.yso	cyber security	en
dc.subject.yso	cancerous diseases	en
dc.subject.yso	neuroverkot	fi
dc.subject.yso	tietoturva	fi
dc.subject.yso	verkkohyökkäykset	fi
dc.subject.yso	kyberturvallisuus	fi
dc.subject.yso	syöpätaudit	fi
dc.format.content	fulltext
dc.rights.url	https://rightsstatements.org/page/InC/1.0/