Ian Welch

Jinting Zhu, Julian Jang-Jaccard, Amardeep Singh et al.

Ransomware defense solutions that can quickly detect and classify different ransomware classes to formulate rapid response plans have been in high demand in recent years. Though the applicability of adopting deep learning techniques to provide automation and self-learning provision has been proven in many application domains, the lack of data available for ransomware (and other malware)samples has been raised as a barrier to developing effective deep learning-based solutions. To address this concern, we propose a few-shot meta-learning based Siamese Neural Network that not only detects ransomware attacks but is able to classify them into different classes. Our proposed model utilizes the entropy feature directly extracted from ransomware binary files to retain more fine-grained features associated with different ransomware signatures. These entropy features are used further to train and optimize our model using a pre-trained network (e.g. VGG-16) in a meta-learning fashion. This approach generates more accurate weight factors, compared to feature images are used, to avoid the bias typically associated with a model trained with a limited number of training samples. Our experimental results show that our proposed model is highly effective in providing a weighted F1-score exceeding the rate>86% compared

Hooman Alavizadeh, Julian Jang-Jaccard, Simon Yusuf Enoch et al.

Cyberspace is full of uncertainty in terms of advanced and sophisticated cyber threats which are equipped with novel approaches to learn the system and propagate themselves, such as AI-powered threats. To debilitate these types of threats, a modern and intelligent Cyber Situation Awareness (SA) system need to be developed which has the ability of monitoring and capturing various types of threats, analyzing and devising a plan to avoid further attacks. This paper provides a comprehensive study on the current state-of-the-art in the cyber SA to discuss the following aspects of SA: key design principles, framework, classifications, data collection, and analysis of the techniques, and evaluation methods. Lastly, we highlight misconceptions, insights and limitations of this study and suggest some future work directions to address the limitations.

Mohammed Al-Shaboti, Aaron Chen, Ian Welch

The emerging Internet of Things (IoT) has lead to a dramatic increase in type, quantity, and the number of functions that can be offered in a smart environment. Future smart environments will be even richer in terms of the number of devices and functionality provided by them. This poses two major challenges a) an end user has to search through a vast number of IoT devices to identify the suitable devices that satisfy their preferences, and b) it is extremely difficult for users to manually define fine-grained security policies to support workflows involving multiple functions. This paper introduces an intelligent new approach to overcome these challenges by a) enabling users to describe their required functionalities in the form of activity workflow, b) automatically selecting a group of devices to satisfy users functional requirements and maximise their preferences over device usage, c) systematically generating local network access control policies to ensure enforce the principle of least privilege. We study different heuristic search algorithms to find the preferred devices for a given workflow. Experiments results show that the Genetic Algorithm is the best, among the algorithms that we test, as it offers a balance between efficiency and effectiveness.