Dimitri Percia David

Andrei Kucharavy, Zachary Schillaci, Loïc Maréchal et al.

Generative Language Models gained significant attention in late 2022 / early 2023, notably with the introduction of models refined to act consistently with users' expectations of interactions with AI (conversational models). Arguably the focal point of public attention has been such a refinement of the GPT3 model -- the ChatGPT and its subsequent integration with auxiliary capabilities, including search as part of Microsoft Bing. Despite extensive prior research invested in their development, their performance and applicability to a range of daily tasks remained unclear and niche. However, their wider utilization without a requirement for technical expertise, made in large part possible through conversational fine-tuning, revealed the extent of their true capabilities in a real-world environment. This has garnered both public excitement for their potential applications and concerns about their capabilities and potential malicious uses. This review aims to provide a brief overview of the history, state of the art, and implications of Generative Language Models in terms of their principles, abilities, limitations, and future prospects -- especially in the context of cyber-defense, with a focus on the Swiss operational environment.

Alexander Glavackij, Dimitri Percia David, Alain Mermoud et al.

Because of the considerable heterogeneity and complexity of the technological landscape, building accurate models to forecast is a challenging endeavor. Due to their high prevalence in many complex systems, S-curves are a popular forecasting approach in previous work. However, their forecasting performance has not been directly compared to other technology forecasting approaches. Additionally, recent developments in time series forecasting that claim to improve forecasting accuracy are yet to be applied to technological development data. This work addresses both research gaps by comparing the forecasting performance of S-curves to a baseline and by developing an autencoder approach that employs recent advances in machine learning and time series forecasting. S-curves forecasts largely exhibit a mean average percentage error (MAPE) comparable to a simple ARIMA baseline. However, for a minority of emerging technologies, the MAPE increases by two magnitudes. Our autoencoder approach improves the MAPE by 13.5% on average over the second-best result. It forecasts established technologies with the same accuracy as the other approaches. However, it is especially strong at forecasting emerging technologies with a mean MAPE 18% lower than the next best result. Our results imply that a simple ARIMA model is preferable over the S-curve for technology forecasting. Practitioners looking for more accurate forecasts should opt for the presented autoencoder approach.

Maxime Würsch, Andrei Kucharavy, Dimitri Percia David et al.

The cybersecurity landscape evolves rapidly and poses threats to organizations. To enhance resilience, one needs to track the latest developments and trends in the domain. It has been demonstrated that standard bibliometrics approaches show their limits in such a fast-evolving domain. For this purpose, we use large language models (LLMs) to extract relevant knowledge entities from cybersecurity-related texts. We use a subset of arXiv preprints on cybersecurity as our data and compare different LLMs in terms of entity recognition (ER) and relevance. The results suggest that LLMs do not produce good knowledge entities that reflect the cybersecurity context, but our results show some potential for noun extractors. For this reason, we developed a noun extractor boosted with some statistical analysis to extract specific and relevant compound nouns from the domain. Later, we tested our model to identify trends in the LLM domain. We observe some limitations, but it offers promising results to monitor the evolution of emergent trends.

Alexander Sternfeld, Andrei Kucharavy, Dimitri Percia David et al.

Forecasting transformative technologies remains a critical but challenging task, particularly in fast-evolving domains such as Information and Communication Technologies (ICTs). Traditional expert-based methods struggle to keep pace with short innovation cycles and ambiguous early-stage terminology. In this work, we propose a novel, data-driven pipeline to monitor the emergence of transformative technologies by identifying patterns of technological convergence. Our approach leverages advances in Large Language Models (LLMs) to extract semantic triples from unstructured text and construct a large-scale graph of technology-related entities and relations. We introduce a new method for grouping semantically similar technology terms (noun stapling) and develop graph-based metrics to detect convergence signals. The pipeline includes multi-stage filtering, domain-specific keyword clustering, and a temporal trend analysis of topic co-occurence. We validate our methodology on two complementary datasets: 278,625 arXiv preprints (2017--2024) to capture early scientific signals, and 9,793 USPTO patent applications (2018-2024) to track downstream commercial developments. Our results demonstrate that the proposed pipeline can identify both established and emerging convergence patterns, offering a scalable and generalizable framework for technology forecasting grounded in full-text analysis.

Anita Mezzetti, Dimitri Percia David, Thomas Maillart et al.

The cybersecurity technological landscape is a complex ecosystem in which entities -- such as companies and technologies -- influence each other in a non-trivial manner. Measuring the influence between entities is a tenet for informed technological investments in critical infrastructure. To study the mutual influence of companies and technologies from the cybersecurity field, we consider a bi-partite graph that links both sets of entities. Each node in this graph is weighted by applying a recursive algorithm based on the method of reflection. This endeavor helps to measure the impact of an entity on the cybersecurity market. Our results help researchers measure more precisely the magnitude of influence of each entity, and allows decision-makers to devise more informed investment strategies, according to their portfolio preferences. Finally, a research agenda is suggested, with the aim of allowing tailor-made investments by arbitrarily calibrating specific features of both types of entities.

Chi Thang Duong, Dimitri Percia David, Ljiljana Dolamic et al.

Mapping the technology landscape is crucial for market actors to take informed investment decisions. However, given the large amount of data on the Web and its subsequent information overload, manually retrieving information is a seemingly ineffective and incomplete approach. In this work, we propose an end-to-end recommendation based retrieval approach to support automatic retrieval of technologies and their associated companies from raw Web data. This is a two-task setup involving (i) technology classification of entities extracted from company corpus, and (ii) technology and company retrieval based on classified technologies. Our proposed framework approaches the first task by leveraging DistilBERT which is a state-of-the-art language model. For the retrieval task, we introduce a recommendation-based retrieval technique to simultaneously support retrieving related companies, technologies related to a specific company and companies relevant to a technology. To evaluate these tasks, we also construct a data set that includes company documents and entities extracted from these documents together with company categories and technology labels. Experiments show that our approach is able to return 4 times more relevant companies while outperforming traditional retrieval baseline in retrieving technologies.

Dimitri Percia David, Alain Mermoud, Sébastien Gillard

Cyber-security breaches inflict significant costs on organizations. Hence, the development of an information-systems defense capability through cyber-security investment is a prerequisite. The question of how to determine the optimal amount to invest in cyber-security has been widely investigated in the literature. In this respect, the Gordon-Loeb model and its extensions received wide-scale acceptance. However, such models predominantly rely on restrictive assumptions that are not adapted for analyzing dynamic aspects of cyber-security investment. Yet, understanding such dynamic aspects is a key feature for studying cyber-security investment in the context of a fast-paced and continuously evolving technological landscape. We propose an extension of the Gordon-Loeb model by considering multi-period and relaxing the assumption of a continuous security-breach probability function. Such theoretical adaptations enable to capture dynamic aspects of cyber-security investment such as the advent of a disruptive technology and its investment consequences. Such a proposed extension of the Gordon-Loeb model gives room for a hypothetical decrease of the optimal level of cyber-security investment, due to a potential technological shift. While we believe our framework should be generalizable across the cyber-security milieu, we illustrate our approach in the context of critical-infrastructure protection, where security-cost reductions related to risk events are of paramount importance as potential losses reach unaffordable proportions. Moreover, despite the fact that some technologies are considered as disruptive and thus promising for critical-infrastructure protection, their effects on cyber-security investment have been discussed little.

Gerrit Holtrup, William Lacube, Dimitri Percia David et al.

Fifth generation mobile networks (5G) are currently being deployed by mobile operators around the globe. 5G acts as an enabler for various use cases and also improves the security and privacy over 4G and previous network generations. However, as recent security research has revealed, the standard still has security weaknesses that may be exploitable by attackers. In addition, the migration from 4G to 5G systems is taking place by first deploying 5G solutions in a non-standalone (NSA) manner where the first step of the 5G deployment is restricted to the new radio aspects of 5G, while the control of the user equipment is still based on 4G protocols, i.e. the core network is still the legacy 4G evolved packet core (EPC) network. As a result, many security vulnerabilities of 4G networks are still present in current 5G deployments. This paper presents a systematic risk analysis of standalone and non-standalone 5G networks. We first describe an overview of the 5G system specification and the new security features of 5G compared to 4G. Then, we define possible threats according to the STRIDE threat classification model and derive a risk matrix based on the likelihood and impact of 12 threat scenarios that affect the radio access and the network core. Finally, we discuss possible mitigations and security controls. Our analysis is generic and does not account for the specifics of particular 5G network vendors or operators. Further work is required to understand the security vulnerabilities and risks of specific 5G implementations and deployments.