Longitudinal risk-based security assessment of docker software container images

Mills, Alan; White, Jonathan; Legg, Phil

doi:10.1016/j.cose.2023.103478

All Outputs (7)

Vulnerability detection through machine learning-based fuzzing: A systematic review (2024)
Journal Article
Chafjiri, S. B., Legg, P., Hong, J., & Tsompanas, M. (2024). Vulnerability detection through machine learning-based fuzzing: A systematic review. Computers and Security, 143, Article 103903. https://doi.org/10.1016/j.cose.2024.103903

Modern software and networks underpin our digital society, yet the rapid growth of vulnerabilities that are uncovered within these threaten our cyber security posture. Addressing these issues at scale requires automated proactive approaches that can... Read More about Vulnerability detection through machine learning-based fuzzing: A systematic review.

TRIST: Towards a container-based ICS testbed for cyber threat simulation and anomaly detection (2024)
Conference Proceeding
Lo, C., Christie, J., Win, T. Y., Rezaeifar, Z., Khan, Z., & Legg, P. (in press). TRIST: Towards a container-based ICS testbed for cyber threat simulation and anomaly detection. In Springer Proceedings in Complexity book series

Cyber-attacks on Industrial Control Systems (ICS), as exemplified by the incidents at the Maroochy water treatment plant and the Ukraine's electric power grid, have demonstrated that cyber threats can inflict significant physical impacts. These incid... Read More about TRIST: Towards a container-based ICS testbed for cyber threat simulation and anomaly detection.

Privacy based triage of suspicious activity reports using offline large language models (2024)
Book Chapter
Legg, P., Ryder, N., Bourton, S., Johnson, D., & Walker, R. (in press). Privacy based triage of suspicious activity reports using offline large language models. In Advancements in Cyber Crime Investigations and Modern Data Analytics. CRC Press / Taylor and Francis

Suspicious Activity Reports (SAR) form a vital part of incident response and case management for the investigation of known or suspected money laundering. However, those submitting SARs, and those tasked with analysing SARs, often find the task overw... Read More about Privacy based triage of suspicious activity reports using offline large language models.

Cyber Funfair: Creating immersive and educational experiences for teaching Cyber Physical Systems Security (2024)
Conference Proceeding
Mills, A., White, J., & Legg, P. (2024). Cyber Funfair: Creating immersive and educational experiences for teaching Cyber Physical Systems Security. In SIGCSE 2024: Proceedings of the 55th ACM Technical Symposium on Computer Science Education (847-852). https://doi.org/10.1145/3626252.3630820

Delivering meaningful and inspiring cyber security education for younger audiences can often be a challenge due to limited expertise and resources. Key to any outreach activity is that it both develops a learner's curiosity, as well as providing educ... Read More about Cyber Funfair: Creating immersive and educational experiences for teaching Cyber Physical Systems Security.

Improving search space analysis of fuzzing mutators using cryptographic structures (2023)
Conference Proceeding
Chafjiri, S. B., Legg, P., Tsompanas, M., & Hong, J. (in press). Improving search space analysis of fuzzing mutators using cryptographic structures. In Lecture Notes in Network Security

This paper introduces a novel approach to enhance the performance of software fuzzing mutator tools, by leveraging cryptographic structures known as substitution-permutation networks and Feistel networks. By integrating these structures into the exis... Read More about Improving search space analysis of fuzzing mutators using cryptographic structures.

Evaluating data distribution strategies in federated learning: A trade-off analysis between privacy and performance for IoT security (2023)
Conference Proceeding
White, J., & Legg, P. (in press). Evaluating data distribution strategies in federated learning: A trade-off analysis between privacy and performance for IoT security.

Federated learning is an effective approach for training a global machine learning model. It uses locally acquired data without having to share local data with the centralised server. This method provides a machine learning model beneficial for all p... Read More about Evaluating data distribution strategies in federated learning: A trade-off analysis between privacy and performance for IoT security.

Longitudinal risk-based security assessment of docker software container images (2023)
Journal Article
Mills, A., White, J., & Legg, P. (2023). Longitudinal risk-based security assessment of docker software container images. Computers and Security, 135, Article 103478. https://doi.org/10.1016/j.cose.2023.103478

As the use of software containerisation has increased, so too has the need for security research on their usage, with various surveys and studies conducted to assess the overall security posture of software container images. To date, there has been v... Read More about Longitudinal risk-based security assessment of docker software container images.