Full Program
Summary:
In the evaluation of modern security, the Composite Target of Evaluation (TOE) plays an important role as interconnected systems require global security assessments. Traditional certification is at odds with time-based threats and changing vulnerabilities. To address this issue, we propose a dynamic risk assessment using human-in-the-loop reinforcement learning and explainable AI for composite cybersecurity certifications. Our approach transforms a composite TOE into individual ones by associating its vulnerabilities with its assets for effective risk assessment through a Deep Q-Network model. The explainable AI justifies the model outcomes, while HITL experts validate and refine the decisions to ensure they align with real-world context. In this paper, we evaluated our method on the CVEFree dataset and results showed that the model enhances vulnerability prioritization in total rewards, improving from -131 to 22,362. Explainable AI aids in the identification of influential features, making the process of issuing a cybersecurity certification more reliable.
Author(s):
Nihala Basheer
Anglia Ruskin University
United Kingdom
Nihala Basheer graduated M.Sc. in cyber security with Distinction. She is currently working as a Research Assistant at the School of Computing and Information Science, Anglia Ruskin University, UK.
With her recent academic achievements, Nihala brings a solid theoretical foundation.
Nihala's research interest is in Machine learning specifically deep learning methods and their application for AI enabled security solution. Her recent work focuses on developing innovative techniques for malware detection and classification, vulnerability predication and Responsible AI.
Shareeful Islam
Anglia Ruskin University
United Kingdom
Dr. Shareeful Islam is an Associate Professor in Cybersecurity at the Faculty of Science and Engineering, Anglia Ruskin University(ARU), UK. He is currently visiting professor LUT School of Engineering Sciences, Lappeenranta, Finland and previously worked as a visiting professor at the National Institute of Informatics (NII), Japan, and a visiting researcher at SBA Research, Austria. He has over 22 years of experience in teaching , administration and research. He secured ca 1.1M£ funding mostly from the national and EU funding agency including Horizon Europe, Innovate UK, and Chist-Era with experienced with lead and manage project. He has successfully supervised to timely completion 11 PhDs and MPhils and currently leading Horizon project for ARU. He has published more than 100 papers in different top ranked journals and conferences. His research interest includes cybersecurity risk management, Responsible AI, AI-enabled cyber security and regulatory compliance.
Spyridon Papastergiou
Maggioli, SPA
Greece
Spyros Papastergiou has received his B.Sc. in Computer Science, M.S. degrees in Advanced Information Systems (Network Information Systems) and Ph.D. in Security, Privacy and Interoperability of m/e-services from the University of Piraeus, Greece in 2004, 2005 and 2009 respectively. He is a Senior Researcher at Security Labs Consulting Ltd. His research focuses on the protection of the Critical Infrastructures (CIs) from malicious intrusions and security breaches as well as the risk and threat assessment, automation of risk management tool, and evaluation of critical business operations and he has authored over 40 publications in the above fields. SAURON, Operando, Cybersec4Europe, SATIE, BeSecureFeelSecure, CyberSANE, AI4HEALTHSEC, CYRENE, SECANT, SECOPERA, SEPTON, LAZARUS, Cybersecdome, CUSTODES). Also, he has active participation in three National Cyber Defence Exercises (“PANOPTIS 2010″, “PANOPTIS 2011″ and “PANOPTIS 2013″) organized by the Hellenic National Defense General Staff. Also, he is a member of the List of Experts “M-CEI-17-C01” of the European Union Agency for Network and Information Security.
Elenie Maria Kalogeraki
Security Lab Consulting
Ireland
Eleni Maria Kalogeraki is a Business Intelligence and Information Security researcher. She has almost completed her PhD on Critical Infrastructure Protection at the Dept. of Informatics of the University of Piraeus and she is a member of the university’s Cybersecurity Research Lab (CSRL). She holds a M.Sc. Degree in Informatics from the University of Piraeus and a B.Sc. Degree in Public Administration from the Panteion University of Social and Political Sciences. Currently, she is a security consultant at Security Labs Consulting (SLC) Limited providing advisory and research services on topics of Cybersecurity Management, Risk Assessment, conformity assessment, IT security evaluation and system validation in the context of EU projects. During her career, she has been involved in more than 11 European Research and Innovation projects (e.g., CYRENE, AI4HS, BeSecureFeelSecure, CyberSANE, SATIE, Cybersec4Europe, SAURON, MITIGATE), applied in various industries, such as Maritime Transport, Energy, Health, Aviation, Privacy Sector.Ms Kalogeraki has authored more than 20 publications in cybersecurity research areas, Critical Infrastructure Protection, standardization, certification, and knowledge management. Throughout her career, she has worked in the private sector as an economist and business analyst (i.e., oil accounting, risk tolerance consulting, etc.) and has held Teaching Assistant positions in the Education Sector (i.e., Hellenic National School of Public Administration).
