Kimmo K. Kaski

Joni Herttuainen, Vesa Kuikka, Kimmo K. Kaski

Cyberattacks on enterprise networks exploit complex dependencies among infrastructure, services, and applications, which challenge traditional analysis methods that focus on attack paths or network topology in isolation. In this study, we introduce a novel probabilistic multilayer modelling framework, based on influence propagation in networks, that integrates attack graphs with the communication network topology, enabling a service-centric impact analysis of cyberattacks. Our method captures both the vulnerability exploitability and network connectivity, allowing us to assess the likelihood of attack propagation and cumulative impacts across interconnected services. By integrating standard vulnerability metrics (such as CVSS) with the network-level connectivity probabilities, the framework provides a cohesive view of the dynamics of cyberattacks. We validate this approach using a realistic case study of an enterprise network, demonstrating its ability to determine critical nodes, vulnerabilities, and service dependencies that significantly influence attack outcomes. Our findings show that integrating network and attack graph perspectives offers more actionable insights into risk assessment and mitigation planning, advancing the analysis of cyberattacks in complex networked environments.

Alberto García-Rodríguez, Matias Núñez, Miguel Robles Pérez et al.

The 2030 Agenda for Sustainable Development of the United Nations outlines 17 goals for countries of the world to address global challenges in their development. However, the progress of countries towards these goal has been slower than expected and, consequently, there is a need to investigate the reasons behind this fact. In this study, we have used a novel data-driven methodology to analyze time-series data for over 20 years (2000-2022) from 107 countries using unsupervised machine learning (ML) techniques. Our analysis reveals strong positive and negative correlations between certain SDGs (Sustainable Development Goals). Our findings show that progress toward the SDGs is heavily influenced by geographical, cultural and socioeconomic factors, with no country on track to achieve all the goals by 2030. This highlights the need for a region-specific, systemic approach to sustainable development that acknowledges the complex interdependencies between the goals and the variable capacities of countries to reach them. For this our machine learning based approach provides a robust framework for developing efficient and data-informed strategies to promote cooperative and targeted initiatives for sustainable progress.

Alberto García-Rodríguez, Tzipe Govezensky, Julia Tagüeña et al.

The 2030 Agenda for Sustainable Development of the United Nations outlines 17 goals as global challenges for countries of the world to address in their development. However, the progress of countries towards these goals has been much slower than expected. In a previous study, we analyzed the data over two decades (2000--2022), using unsupervised machine learning techniques. Based on this study, we take into account three main factors to construct a mathematical model to simulate and predict the dynamical behavior of the SDGs. These factors are: (1) the distribution of amount of resources that each country uses to meet the goals, (2) the cooperation between countries, and (3) the correlations between the goals. In this work, we show that the model is capable of reproducing the real data and therefore could be used to simulate hypothetical scenarios that could help to improve actions towards optimal fulfillment of the goals.

Varpu Vehomäki, Kimmo K. Kaski

Understanding cyber security is increasingly important for individuals and organizations. However, a lot of information related to cyber security can be difficult to understand to those not familiar with the topic. In this study, we focus on investigating how large language models (LLMs) could be utilized in automatic text simplification (ATS) of Common Vulnerability and Exposure (CVE) descriptions. Automatic text simplification has been studied in several contexts, such as medical, scientific, and news texts, but it has not yet been studied to simplify texts in the rapidly changing and complex domain of cyber security. We created a baseline for cyber security ATS and a test dataset of 40 CVE descriptions, evaluated by two groups of cyber security experts in two survey rounds. We have found that while out-of-the box LLMs can make the text appear simpler, they struggle with meaning preservation. Code and data are available at https://version.aalto.fi/gitlab/vehomav1/simplification\_nmi.

Kosti Koistinen, Kirsi Hellsten, Joni Herttuainen et al.

Industrial Control Systems (ICS) underpin critical infrastructure and face growing cyber-physical threats due to the convergence of operational technology and networked environments. While machine learning-based anomaly detection approaches in ICS shows strong theoretical performance, deployment is often limited by poor explainability, high false-positive rates, and sensitivity to evolving system behavior, i.e., baseline drifting. We propose a Spatio-Temporal Attention Graph Neural Network (STA-GNN) for unsupervised and explainable anomaly detection in ICS that models both temporal dynamics and relational structure of the system. Sensors, controllers, and network entities are represented as nodes in a dynamically learned graph, enabling the model to capture inter-dependencies across physical processes and communication patterns. Attention mechanisms provide influential relationships, supporting inspection of correlations and potential causal pathways behind detected events. The approach supports multiple data modalities, including SCADA point measurements, network flow features, and payload features, and thus enables unified cyber-physical analysis. To address operational requirements, we incorporate a conformal prediction strategy to control false alarm rates and monitor performance degradation under drifting of the environment. Our findings highlight the possibilities and limitations of model evaluation and common pitfalls in anomaly detection in ICS. Our findings emphasise the importance of explainable, drift-aware evaluation for reliable deployment of learning-based security monitoring systems.