Detailed Program

Invited Talk - European Cybersecurity Skills Framework

Fabio Di Franco, ENISA, EU

IoT Security Seminar: Raising Awareness and Sharing Critical Knowledge

Why Mary Can Hack: Effectively Introducing High School Girls to Cybersecurity

DJM-CYBER: A Joint Master in Advanced Cybersecurity

A Study of Different Awareness Campaigns in a Company

Talk - Skill demand analysis for digital forensics and incident response

Radek Hranicky, Brno University of Technology, Czech Republic.

Talk - Project contributions: teaching and training material

Pavel Laskov, University of Liechtenstein, Liechtenstein.

Talk - Project contributions: technical and instructional infrastructure

John Sheppard, South East Technological University, Ireland.

Securing Data Exchange in the Convergence of Metaverse and IoT Applications

On Deploying Quantum-Resistant Cybersecurity in Intelligent Infrastructures

On Efficiency and Usability of Group Signatures on Smartphone and Single-board Platforms

Invited Speaker

Martin Schneider, Fraunhofer Fokus, Germany

Artificial Intelligence for next generation cybersecurity: The AI4CYBER framework

VeriDevOps Software Methodology: Security Verification and Validation for DevOps Practices

ELECTRON: An Architectural Framework for Securing the Smart Electrical Grid with Federated Detection, Dynamic Risk Assessment and Self-Healing

Risk Assessments in Virtual Power Plants with NESCOR Criteria, Practical Application, Advantages and Disadvantages

Explainable AI-based Intrusion Detection in the Internet of Things

Breaching the Defense: Investigating FGSM and CTGAN Adversarial Attacks on IEC 60870-5-104 AI-enabled Intrusion Detection Systems

Invited Talk - Cybersecurity Education for All

Kendra Walther, University of Southern California, USA

Curricula Designer with Enhanced ECSF Analysis

Interactive Environment for Effective Cybersecurity Teaching and Learning

Dynamic Cybersecurity Curriculum Optimization Method (DyCSCOM)

In this session, the participants will investigate an “incident” in a virtualized IT environment simulating a small enterprise. An incident scenario will be provided based on a typical pattern an external attack exploiting a database vulnerability. The participants will be guided step by step through the investigation process involving inspection of specific indicators of compromise relevant to this use case.

Data Loss Prevention Solution for Linux Endpoint Devices

A Decentralised Public Key Infrastructure for X-Road

Security level evaluation with F4SLE

The DYNABIC approach to resilience of critical infrastructures

HTTP/2 Attacks Generation using 5Greplay

Automatic Test Generation to Improve Scrum for Safety Agile Methodology

A deep learning anomaly detection framework with explainability and robustness

RESili8: Resilience for Cyber-Physical Energy Systems

Francesca Soro, Scientist, Austrian Institute of Technology

Incidence response and resilience actions in EPES/OT

Swarna Kumarswamy-Das, Cybersecurity Scientist, TNO

Overview of H2020 ELECTRON Project

Ilias Siniosoglou, University of Western Macedonia

Panel discussion

Panel discussing the main challenges regarding current and future cybersecurity in the Electrical Power and Energy Systems (EPES) sector.

Panelists

David Allison, Junior Scientist and PhD Candidate at Austrian Institute of Technology.

Yoram Meijaard, Cybersecurity Consultant, TNO

Ilias Siniosoglou, University of Western Macedonia

The Curation Mechanism for the Czech National Qualifications Framework in Cybersecurity

TASEP: A Collaborative Social Engineering Tabletop Role-Playing Game to Prevent Successful Social Engineering Attacks

Enhancing Cybersecurity Education in Europe: The REWIRE's Course Selection Methodology

CHESS Project Presentation and Discussion

Jan Hajny – CHESS, Brno University of Technology

Raimundas Matulevicius – CHESS, University of Tartu

Jan Willemson – CHESS, Cybernetica

Keynote - Trustworthy and Explainable AI (xAI) in Emerging Network Security Applications

Prof. Michal Choraś, Bydgoszcz University of Science and Technology, Poland

Invited Talk - Privacy and verifiability trade-offs in voting systems

Jan Willemson, Cybernetica, Estonia

CHESS topics panel discussion - Internet of Secure Things (IoST), Blockchain, Quantum-Resistant Cybersecurity

Lisa Moravek, Brno University of Technology, Czechia

Panel Discussion - Coltrane

Gregor Langner, Steven Furnell, Vittorio Scarano, Jerry Andrissen

Efficient approximation of Asymmetric Shapley Values using Functional Decomposition

Domain-Specific Evaluation of Visual Explanations for Application-Grounded Facial Expression Recognition

Human-in-the-Loop Integration of Domain-Knowledge Graphs for Explainable and Federated Deep Learning

The Tower of Babel in explainable Artificial Intelligence (xAI)

Talk - The PRAETORIAN Project: Current Challenges and Solutions

F rederic Guyomard

PRAETORIAN: A Framework for the Protection of Critical Infrastructures from advanced Combined Cyber and Physical Threats

A Concept-Based Validation Approach to Validate Security Systems for Protection of Interconnected Critical Infrastructures

Talk - Pandemic: Challenges and Opportunities for the Critical Infrastructures

Gilda De Marco

Confidential Quantum Computing

Modern NetFlow network dataset with labeled attacks and detection methods

ScasDK - A Development Kit for Security Assurance test in Multi-Network-Function 5G

Security Architecture in the SILVANUS project

C ACS: a cloud privacy-preserving attribute management system

RiBAC: Strengthening Access Control Systems for Pandemic Risk Reduction while Preserving Privacy

Trust Scheme Interoperability: Connecting Heterogeneous Trust Schemes

Key Management Systems for Large-Scale Quantum Key Distribution Networks

Quantum-resistant End-to-End Secure Messaging and Email Communication

Talk – INDUCE
Petra Kölndorfer

Discussion on methods for assessing cybersecurity awareness
Daniel Köhler

Hyper-Stacked: Scalable and Distributed Approach to AutoML for Big Data

Transformers are Short-text Classifiers

Reinforcement Learning with Temporal-Logic-Based Causal Diagrams

Talk

Pasquale D’Antonio

Identification and Evaluation of Cyber-Physical Threats on Interdependent Critical Infrastructures

Detecting a Complex Attack Scenario in an Airport: The PRAETORIAN Framework

Talk - Physical Security Platform for the Greek Ports

Yannis Papagiannopolous

CD-MAKE Keynote - Physics-inspired learning on graphs
The message-passing paradigm has been the “battle horse” of deep learning on graphs for several years, making graph neural networks a big success in a wide range of applications, from particle physics to protein design. From a theoretical viewpoint, it established the link to the Weisfeiler-Lehman hierarchy, allowing to analyse the expressive power of GNNs. We argue that the very “node-and-edge”-centric mindset of current graph deep learning schemes may hinder future progress in the field. As an alternative, we propose physics-inspired “continuous” learning models that open up a new trove of tools from the fields of differential geometry, algebraic topology, and differential equations so far largely unexplored in graph ML.

more...

Meeting point - 18.45

In front of the entrance of the auditorium

more...

ARES Keynote - Exploring the Cyber Threat Landscape: Analyzing the Past to Uncovering Future Trends
The Threat Landscape is Constantly Evolving – And So Must Security Solutions. Cyber-criminal organizations, new ransomware tactics, and the proliferation of IoT/OT/IoMT devices have rapidly changed the modern threat landscape. To devise effective security solutions, security practitioners and researchers must pay close attention to the continuously evolving cyber threats. In this presentation, I’ll explore the last 10 years of cyber threats and provide predictions for future trends. I’ll also identify opened research questions the industry is looking for that could help further enhance security measures and protect our networks against new and potential threats.

more...

Invited Talk - DocExploit´s Cybersecurity Suite or how to be aware of the security level of your code to build and maintain a more secure one?

Sabine Delaitre

PLC Logic-Based Cybersecurity Risks Identification for ICS

A Framework for Purpose-based Design and Classification of ICS Honeypots

Enabling Qualified Anonymity for Enhanced User Privacy in the Digital Era

Needle in the Haystack: Analyzing the Right of Access According to GDPR Article 15 Five Years after the Implementation

A Comprehensive Study on Third-Party User Tracking in Mobile Applications

A Qualitative Analysis of Illicit Arms Trafficking on Darknet Marketplaces

Cookiescanner: An Automated Tool for Detecting and Evaluating GDPR Consent Notices on Websites

Effect of Group Based Synchronization on User Anonymity in Mix Networks

TRUSTEE: Towards the creation of secure, trustworthy and privacy-preserving framework

User Acceptance Criteria for Privacy Preserving Machine Learning Techniques

Application of Secure Two-Party Computation in a Privacy-Preserving Android App

Keynote - What's wrong with Wolfie? Generative Artificial Intelligence and its implications for (Cyber) Security

Dr hab. Kacper Gradoń, Ph.D., D.Sc.

Tactics, Techniques and Procedures of Cybercrime: A Methodology and Tool for Cybercrime Investigation Process

Keynote - Jumping Jams: Effective Jamming in Channel Hopping-Based IoT Networks

Dr. Alessandro Brighente, Department of Mathematics, University of Padova, Padua, Italy

Security Analysis of the KNX Smart Building Protocol KNX Security

Approach to harmonisation of technological solutions, operating procedures, preparedness and cross-sectorial collaboration opportunities for first aid response in cross-border mass-casualty incidents

Towards the definition of cognitive warfare and cognitive biases: a systematic review

Automatic incident response solutions: a review of proposed solutions’ input and output

The Age of fighting machines: the use of cyber deception for Adversarial Artificial Intelligence in Cyber Defence

Securing cloud-based military systems with Security Chaos Engineering and Artificial Intelligence

A Forensic I/O Recorder for Industrial Control Systems Using PLCs and OPC UA

HoneyICS: A High-interaction Physics-aware Honeynet for Industrial Control Systems

Automated ICS template for STRIDE Microsoft Threat Modeling Tool

Invited Talk - Decentralized Trust for Industry 4.0

Aditya Raj

A BYOD security awareness survey among professionals

Privacy Impact Assessment of Cyber Attacks on Connected and Autonomous Vehicles

A Systematic Review of Threat Analysis and Risk Assessment Methodologies for Connected and Automated Vehicles

Securing the Flow: Security and Privacy Tools for Flow-based Programming

Bypassing antivirus detection: old-school malware, new tricks

An Improved Honeypot Model for Attack Detection and Analysis

Fingerprint forgery for the masses

Smartphones in a Microwave: Formal and Experimental Feasibility Study on Fingerprinting the Corona-Warn-App

Cheaper than you thought? A dive into the darkweb market of cyber-crime products

Malware Finances and Operations: a Data-Driven Study of the Value Chain for Infections and Compromised Access

Game Theoretic Modelling of a Ransom and Extortion Attack on Ethereum 2.0 Validators

FISMOS – An FPGA Implementation of a Security Module as Open Source

A Generic IoT Quantum-Safe Watchdog Timer Protocol

Securing Federated GANs: Enabling Synthetic Data for Health Registries Consortium

Announcement of IoT-SECFOR best paper award

Leveraging Knowledge Graphs For Classifying Incident Situations in ICT Systems

IoT Network Attack Detection: Leveraging Graph Learning for Enhanced Security

Investigating Impact of Fake-Type Content Poisoning Attack on NDN

Graph-Based Android Malware Detection and Categorization through BERT Transformer

Dynamic Intrusion Detection Framework for UAVCAN Protocol Using AI

Survey on Digital Twins: from concepts to applications

OpenScope-sec: An ADS-B Simulator to Support the Security Research

Towards Obfuscation of Programmable Logic Controllers

AI/ML-based real-time classification of Software Defined Networking traffic

Exploring Federated Learning for Speech-based Parkinson's Disease Detection

An inclusive Lifecycle Approach for IoT Devices Trust and Identity Management

Multi-Attribute Decision Making-based Trust Score Calculation in Trust Management in IoT

New Identity-Based Identification and Signature Schemes in the Standard Model

Implementing Data Sovereignty: Requirements & Challenges from Practice

Mitigating Privilege Misuse in Access Control through Anomaly Detection

Mitigating undesired interactions between liveness detection components in biometric authentication

Keynote - Error Rates in Multimedia Forensics

Prof. Martin Steinebach, Fraunhofer Institute, Germany

How to hide your VM from the big bad wolf? Co-location resistance vs. resource utilisation in VM placement strategies

Keynote - Who You Gonna Call? Unmasking AI Investigations through AI Forensics

Dr. Ibrahim (Abe) Baggili, Louisiana State University, Baton Rouge, LA, U.S.A.

Enabling the forensic study of application-level encrypted data in Android via a Frida-based decryption framework

Towards Grammatical Tagging for the Legal Language of Cybersecurity

Fairness of AI in Predicting the Risk of Recidivism: Review and Phase Mapping of AI Fairness Techniques

Mitigate Data Poisoning Attack by Partially Federated Learning

A case study with CICIDS2017 on the robustness of machine learning against adversarial attacks in intrusion detection

Center for Research-based Innovation, Norwegian Center for Cybersecurity in Critical Sectors (NORCICS)

Sokratis Katsikas, NORCICS Director

International Alliance for Strengthening Cybersecurity and Privacy in Healthcare (CybAlliance)

Sandeep Pirbhulal, Project Manager

Reinforcing Competence in Cybersecurity of Critical Infrastructures: A Norway – US Partnership (RECYCIN).

Saba Chockalingam, Project Manager

Adversarial Machine Learning Attacks on Multiclass Classification of IoT Network Traffic

Parameterizing poisoning attacks in federated learning-based intrusion detection

Keynote - The 3GPP Common API framework (CAPIF) – open-source implementation and innovation potential

Dr. Dimitris Tsolkas (National and Kapodistrian University of Athens (NKUA), Greece, and Fogus Innovations & Services P.C, SME, Greece.)

Real-world actor-based image steganalysis via classifier inconsistency detection

An Analysis of PhotoDNA

Proof-of-work based new encoding scheme for information hiding purposes

Network Covert Channels in Routing Protocols

Reconstructing Timelines: From NTFS Timestamps to File Histories

Digital Forensics Triage App for Android

Memory Forensics of the OpenDaylight Software-Defined Networking (SDN) Controller

Announcement of WSDF best paper award

Evaluation of Real-World Risk-Based Authentication at Online Services Revisited: Complexity Wins

Easier in Reverse: Simplifying URL Reading for Phishing URLs via Reverse Domain Name Notation

A Survey of Steganography Tools at Layers 2-4 and HTTP

RETRACT: Expressive Designated Verifier Anonymous Credentials

Practical Verifiable & Privacy-Preserving Double Auctions

Efficient Implementation of a Post-Quantum Anonymous Credential Protocol

Characterizing the MasterPrint threat on Android devices with capacitive sensors

Characterizing the Use of Code Obfuscation in Malicious and Benign Android Apps

SoK: Modeling Explainability in Security Analytics for Interpretability, Trustworthiness, and Usability

Universal Remote Attestation for Cloud and Edge Platforms

Automated Side-Channel Attacks using Black-Box Neural Architecture Search

Long-Term Analysis of the Dependability of Cloud-based NISQ Quantum Computers

SoK: A Systematic Review of TEE Usage for Developing Trusted Applications

You Only Get One-Shot: Eavesdropping Input Images to Neural Network by Spying SoC-FPGA Internal Bus

A hybrid anonymization pipeline to improve the privacy-utility balance in sensitive datasets for ML purposes

Evaluating Statistical Disclosure Attacks and Countermeasures for Anonymous Voice Calls

k-Anonymity on Metagenomic Features in Microbiome Databases

Mitigating Intersection Attacks in Anonymous Microblogging

Actions Speak Louder Than Passwords: Dynamic Identity for Machine-to-Machine Communication

Beware the Doppelgänger: Attacks against Adaptive Thresholds in Facial Recognition Systems

Cross-Domain Sharing of User Claims: A Design Proposal for OpenID Connect Attribute Authorities

Rogue key and impersonation attacks on FIDO2: From theory to practice

Adoption of Information Security Practices in Large-Scale Agile Software Development: A Case Study in the Finance Industry

A Practical Attack on the TLSH Similarity Digest Scheme

Linux-based IoT Benchmark Generator For Firmware Security Analysis Tools

SoK: Practical Detection of Software Supply Chain Attacks

A2P2 - An Android Application Patching Pipeline Based On Generic Changesets

Florian Draschbacher (Graz University of Technology and Secure Information Technology Center Austria, Austria)

Enabling Efficient Threshold Signature Computation via Java Card API

Antonín Dufka and Petr Švenda (Masaryk University, Czechia)

Nakula: Coercion Resistant Data Storage against Time-Limited Adversary

Hayyu Imanda and Kasper Rasmussen (University of Oxford, United Kingdom)

STIXnet: A Novel and Modular Solution for Extracting All STIX Objects in CTI Reports

Francesco Marchiori, Mauro Conti (University of Padova, Italy) and Nino Vincenzo Verde (Leonardo S.p.A., Italy)

Formal Security Analysis of Vehicle Diagnostic Protocols

Modeling Tor Network Growth by Extrapolating Consensus Data

Real-Time Defensive Strategy Selection via Deep Reinforcement Learning

The Effect of Length on Key Fingerprint Verification Security and Usability

An Exploratory Study on the Use of Threat Intelligence Sharing Platforms in Germany, Austria and Switzerland

Canary in Twitter Mine: Collecting Phishing Reports from Experts and Non-experts

Digital Twin-Enhanced Incident Response for Cyber-Physical Systems

Dizzy: Large-Scale Crawling and Analysis of Onion Services

We are thrilled to announce that the ARES 2023 Conference will host its first-ever Women* Session! This new event will bring together women* from the realms of technology, research, and cybersecurity to share their experiences, insights, and visions.

The ARES Women* Session provides a space for exchanging ideas, building connections, and empowering the presence of women* in an industry continuously striving for diversity and inclusivity.

Note: By 'Women*', we refer to all individuals who identify as women or define themselves as female. The session is open to all who identify and perceive themselves in this way.

ARES Keynote - Data security and privacy in emerging scenarios

The rapid advancements in Information and Communication Technologies (ICTs) have been greatly changing our society, with clear societal and economic benefits. Mobile technology, Cloud, Big Data, Internet of things, services and technologies that are becoming more and more pervasive and conveniently accessible, towards to the realization of a ‘smart’ society’. At the heart of this evolution is the ability to collect, analyze, process and share an ever-increasing amount of data, to extract knowledge for offering personalized and advanced services.

A major concern, and potential obstacle, towards the full realization of such evolution is represented by security and privacy issues. As a matter of fact, the (actual or perceived) loss of control over data and potential compromise of their confidentiality can have a strong detrimental impact on the realization of an open framework for enabling collection, processing, and sharing of data, typically stored or processed by external cloud services. In this talk, I will illustrate some security and privacy issues arising in emerging scenarios, focusing in particular on the problem of managing data while guaranteeing confidentiality and integrity of data stored or processed by external providers.

more...

CD-MAKE Keynote - Whiteboxing machine learning

The deployment of AI systems based on machine learning (ML) in real world scenarios faces a number of challenges due to its black box nature. The GDPR right to an explanation has given rise to frantic attempts to develop and design self-explanatory systems, meant to help people understand their decisions and behaviour. In this keynote I will explain (pun intended) why meaningful explanations require keen attention to the proxies used in ML research design. Once those confronted with the decisions or behaviour of ML systems have a better understanding of the pragmatic choices that must be made to allow a machine to learn, it will become easier to foresee what ML systems can and cannot do. Whiteboxing ML should focus on the proxies that stand for real world events, actions and states of affairs, highlighting that a proxy (dataset, variable, model) is not what it stands for.

more...

Standing Still is Not An Option: Alternative Baselines for Attainable Utility Preservation

Enhancing Trust in Machine Learning Systems by Formal Methods

Sustainability Effects of Robust and Resilient Artificial Intelligence

The Split Matters: Flat Minima Methods for Improving the Performance of GNNs

Using Machine Learning to Generate an ESG Dictionary

A Quic(k) Security Overview: A Literature Research on Implemented Security Recommendations

Secure Multi-User Contract Certificate Management for ISO 15118-20 Using Hardware Identities

Simulated environment for multiparty quantum digital signature across the network

An Analysis of Stack Exchange Questions: Identifying Challenges in Software Design and Development with a Focus on Data Privacy and Data Protection

JITScanner: Just-in-Time Executable Page Check in the Linux Operating System

Exploiting Digital Twin technology for Cybersecurity Monitoring in Smart Grids

Program Characterization for Software Exploitation Detection

Obfuscated Mobile Malware Detection by means of Dynamic Analysis and Explainable Deep Learning

Probabilistic framework based on Deep Learning for differentiating ultrasound movie view planes

Let me think! Investigating the effect of explanations feeding doubts about the AI advice

Memorization of Named Entities in Fine-tuned BERT Models

Event and Entity Extraction from Generated Video Captions

Fine-Tuning Language Models for Scientific Writing Support

Experiences with Secure Pipelines in Highly Regulated Environments

Creating a Decryption Proof Verifier for the Estonian Internet Voting System

Attack on "A Privacy-Preserving Online Ride-Hailing System Without Involving a Third Trusted Server"

Exploring NFT Validation through Digital Watermarking