Francesco Schiliro

Nickolaos Koroniotis, Nour Moustafa, Benjamin Turnbull et al.

The Internet of Things (IoT) paradigm has displayed tremendous growth in recent years, resulting in innovations like Industry 4.0 and smart environments that provide improvements to efficiency, management of assets and facilitate intelligent decision making. However, these benefits are offset by considerable cybersecurity concerns that arise due to inherent vulnerabilities, which hinder IoT-based systems' Confidentiality, Integrity, and Availability. Security vulnerabilities can be detected through the application of penetration testing, and specifically, a subset of the information-gathering stage, known as vulnerability identification. Yet, existing penetration testing solutions can not discover zero-day vulnerabilities from IoT environments, due to the diversity of generated data, hardware constraints, and environmental complexity. Thus, it is imperative to develop effective penetration testing solutions for the detection of vulnerabilities in smart IoT environments. In this paper, we propose a deep learning-based penetration testing framework, namely Long Short-Term Memory Recurrent Neural Network-Enabled Vulnerability Identification (LSTM-EVI). We utilize this framework through a novel cybersecurity-oriented testbed, which is a smart airport-based testbed comprised of both physical and virtual elements. The framework was evaluated using this testbed and on real-time data sources. Our results revealed that the proposed framework achieves about 99% detection accuracy for scanning attacks, outperforming other four peer techniques.

Francesco Schiliro

The Internet of Things (IoT) has the potential to transform many industries. This includes harnessing real-time intelligence to improve risk-based decision making and supporting adaptive processes from core to edge. For example, modern police investigation processes are often extremely complex, data-driven and knowledge-intensive. In such processes, it is not sufficient to focus on data storage and data analysis; as the knowledge workers (e.g., police investigators) will need to collect, understand and relate the big data (scattered across various systems) to process analysis. In this thesis, we analyze the state of the art in knowledge-intensive and data-driven processes. We present a scalable and extensible IoT-enabled process data analytics pipeline to enable analysts ingest data from IoT devices, extract knowledge from this data and link them to process execution data. We focus on a motivating scenario in policing, where a criminal investigator will be augmented by smart devices to collect data and to identify devices around the investigation location, to communicate with them to understand and analyze evidence. We design and implement a system (namely iCOP, IoT-enabled COP) to assist investigators collect large amounts of evidence and dig for the facts in an easy way.