lateral movement
Mind the Gap: Missing Cyber Threat Coverage in NIDS Datasets for the Energy Sector
Tory, Adrita Rahman, Hasan, Khondokar Fida, Rahman, Md Saifur, Koroniotis, Nickolaos, Moni, Mohammad Ali
Network Intrusion Detection Systems (NIDS) developed using publicly available datasets predominantly focus on enterprise environments, raising concerns about their effectiveness for converged Information Technology (IT) and Operational Technology (OT) in energy infrastructures. This study evaluates the representativeness of five widely used datasets: CIC-IDS2017, SWaT, WADI, Sherlock, and CIC-Modbus2023 against network-detectable MITRE ATT&CK techniques extracted from documented energy sector incidents. Using a structured five-step analytical approach, this article successfully developed and performed a gap analysis that identified 94 network observable techniques from an initial pool of 274 ATT&CK techniques. Sherlock dataset exhibited the highest mean coverage (0.56), followed closely by CIC-IDS2017 (0.55), while SWaT and WADI recorded the lowest scores (0.38). Combining CIC-IDS2017, Sherlock, and CIC-Modbus2023 achieved an aggregate coverage of 92%, highlighting their complementary strengths. The analysis identifies critical gaps, particularly in lateral movement and industrial protocol manipulation, providing a clear pathway for dataset enhancement and more robust NIDS evaluation in hybrid IT/OT energy environments.
Classification of Driver Behaviour Using External Observation Techniques for Autonomous Vehicles
-- Road traffic accidents remain a significant global concern, with human error, particularly distracted and impaired driving, among the leading causes. This study introduces a novel driver behavio u r classification system that uses external observation techniques to detect indicators of distraction and impairment. The proposed framework employs advanced computer vision methodologies, including real - time object tracking, lateral displacement analysi s, and lane position monitoring. The system iden tifies unsafe driving behaviour s such as excessive lateral movement and erratic trajectory patterns by implementing the YOLO object detection model and custom lane estimation algorithms. Unlike systems reliant on inter - vehicular communication, this vision - based approach enables behaviour al analysis of non - connected vehicles. Experimental evaluations on diverse video datasets demonstrate the framework ' s reliability and adaptability across varying road and environmental conditions. Road traffic accidents remain a significant global concern, with human error, particularly distracted and impaired driving, among the leading causes [1]. According to the World Health Organization's Global Status Report on Road Safety 2023, road traffic deaths reached an estimated 1.19 million people in 2021, with speeding, drunk driving, distracted driving, and unsafe vehicl es being primary contributors [1].
CyGATE: Game-Theoretic Cyber Attack-Defense Engine for Patch Strategy Optimization
Jiang, Yuning, Oo, Nay, Meng, Qiaoran, Lin, Lu, Niyato, Dusit, Xiong, Zehui, Lim, Hoon Wei, Sikdar, Biplab
--Modern cyber attacks unfold through multiple stages, requiring defenders to dynamically prioritize mitigations under uncertainty. While game-theoretic models capture attacker-defender interactions, existing approaches often rely on static assumptions and lack integration with real-time threat intelligence, limiting their adaptability. This paper presents Cy-GATE, a game-theoretic framework modeling attacker-defender interactions, using large language models (LLMs) with retrieval-augmented generation (RAG) to enhance tactic selection and patch prioritization. Applied to a two-agent scenario, CyGATE frames cyber conflicts as a partially observable stochastic game (POSG) across Cyber Kill Chain stages. Both agents use belief states to navigate uncertainty, with the attacker adapting tactics and the defender re-prioritizing patches based on evolving risks and observed adversary behavior . The framework's flexible architecture enables extension to multi-agent scenarios involving coordinated attackers, collaborative defenders, or complex enterprise environments with multiple stakeholders. The evolving cybersecurity landscape presents increasingly sophisticated threats that necessitate adaptive, proactive defense strategies. Patch management, a cornerstone of cyber defense, requires intelligent prioritization of vulnerabilities under resource constraints such as maintenance windows and operational cost [1] [2] . However, traditional scoring systems like common vulnerability scoring system (CVSS) [3] fail to capture the evolving nature of cyber threats, where attackers adapt their strategies based on defender actions. Game theory provides a structured framework for modeling attacker-defender interactions [4], with chained or multistage games particularly suited to representing complex attack progressions along the Cyber Kill Chain (CKC) [5][6][7]. These models allow defenders to reason about long-term risks and preempt cascading compromises. Despite these advancements, existing models remain constrained by fixed strategies, static payoff structures, and minimal integration of threat intelligence, failing to dynamically prioritize vulnerabilities based on evolving exploitation trends [8]. Traditional game-theoretical approaches typically use predefined rules to analyze strategies, hence are limited in dynamic cyber environments where adversaries continuously adapt, operate under uncertainty, and employ unpredictable tactics [9].
Autonomous Navigation of 4WIS4WID Agricultural Field Mobile Robot using Deep Reinforcement Learning
Baby, Tom, Gohil, Mahendra Kumar, Bhattacharya, Bishakh
In the futuristic agricultural fields compatible with Agriculture 4.0, robots are envisaged to navigate through crops to perform functions like pesticide spraying and fruit harvesting, which are complex tasks due to factors such as non-geometric internal obstacles, space constraints, and outdoor conditions. In this paper, we attempt to employ Deep Reinforcement Learning (DRL) to solve the problem of 4WIS4WID mobile robot navigation in a structured, automated agricultural field. This paper consists of three sections: parameterization of four-wheel steering configurations, crop row tracking using DRL, and autonomous navigation of 4WIS4WID mobile robot using DRL through multiple crop rows. We show how to parametrize various configurations of four-wheel steering to two variables. This includes symmetric four-wheel steering, zero-turn, and an additional steering configuration that allows the 4WIS4WID mobile robot to move laterally. Using DRL, we also followed an irregularly shaped crop row with symmetric four-wheel steering. In the multiple crop row simulation environment, with the help of waypoints, we effectively performed point-to-point navigation. Finally, a comparative analysis of various DRL algorithms that use continuous actions was carried out.
A Two-Level Stochastic Model for the Lateral Movement of Vehicles Within Their Lane Under Homogeneous Traffic Conditions
Neis, Nicole, Beyerer, Juergen
The lateral position of vehicles within their lane is a decisive factor for the range of vision of vehicle sensors. This, in turn, is crucial for a vehicle's ability to perceive its environment and gain a high situational awareness by processing the collected information. When aiming for increasing levels of vehicle autonomy, this situational awareness becomes more and more important. Thus, when validating an autonomous driving function the representativeness of the submicroscopic behavior such as the lateral offset has to be ensured. With simulations being an essential part of the validation of autonomous driving functions, models describing these phenomena are required. Possible applications are the enhancement of microscopic traffic simulations and the maneuver-based approach for scenario-based testing. This paper presents a two-level stochastic approach to model the lateral movement of vehicles within their lane during road-following maneuvers under homogeneous traffic conditions. A Markov model generates the coarse lateral offset profile. It is superposed with a noise model for the fine movements. Both models are set up using real-world data. The evaluation of the model shows promising qualitative and quantitative results, the potential for enhancements and extreme low computation times (10000 times faster than real time).
Knowledge-Informed Auto-Penetration Testing Based on Reinforcement Learning with Reward Machine
Li, Yuanliang, Dai, Hanzheng, Yan, Jun
Automated penetration testing (AutoPT) based on reinforcement learning (RL) has proven its ability to improve the efficiency of vulnerability identification in information systems. However, RL-based PT encounters several challenges, including poor sampling efficiency, intricate reward specification, and limited interpretability. To address these issues, we propose a knowledge-informed AutoPT framework called DRLRM-PT, which leverages reward machines (RMs) to encode domain knowledge as guidelines for training a PT policy. In our study, we specifically focus on lateral movement as a PT case study and formulate it as a partially observable Markov decision process (POMDP) guided by RMs. We design two RMs based on the MITRE ATT\&CK knowledge base for lateral movement. To solve the POMDP and optimize the PT policy, we employ the deep Q-learning algorithm with RM (DQRM). The experimental results demonstrate that the DQRM agent exhibits higher training efficiency in PT compared to agents without knowledge embedding. Moreover, RMs encoding more detailed domain knowledge demonstrated better PT performance compared to RMs with simpler knowledge.
Predictive Context-Awareness for Full-Immersive Multiuser Virtual Reality with Redirected Walking
Lemic, Filip, Struye, Jakob, Van Onsem, Thomas, Famaey, Jeroen, Perez, Xavier Costa
The advancement of Virtual Reality (VR) technology is focused on improving its immersiveness, supporting multiuser Virtual Experiences (VEs), and enabling users to move freely within their VEs while remaining confined to specialized VR setups through Redirected Walking (RDW). To meet their extreme data-rate and latency requirements, future VR systems will require supporting wireless networking infrastructures operating in millimeter Wave (mmWave) frequencies that leverage highly directional communication in both transmission and reception through beamforming and beamsteering. We propose the use of predictive context-awareness to optimize transmitter and receiver-side beamforming and beamsteering. By predicting users' short-term lateral movements in multiuser VR setups with Redirected Walking (RDW), transmitter-side beamforming and beamsteering can be optimized through Line-of-Sight (LoS) "tracking" in the users' directions. At the same time, predictions of short-term orientational movements can be utilized for receiver-side beamforming for coverage flexibility enhancements. We target two open problems in predicting these two context information instances: i) predicting lateral movements in multiuser VR settings with RDW, and ii) generating synthetic head rotation datasets for training orientational movements predictors. Our experimental results demonstrate that Long Short-Term Memory (LSTM) networks feature promising accuracy in predicting lateral movements, and context-awareness stemming from VEs further enhances this accuracy. Additionally, we show that a TimeGAN-based approach for orientational data generation can create synthetic samples that closely match experimentally obtained ones.
CyGIL: A Cyber Gym for Training Autonomous Agents over Emulated Network Systems
Li, Li, Fayad, Raed, Taylor, Adrian
Given the success of reinforcement learning (RL) in various domains, it is promising to explore the application of its methods to the development of intelligent and autonomous cyber agents. Enabling this development requires a representative RL training environment. To that end, this work presents CyGIL: an experimental testbed of an emulated RL training environment for network cyber operations. CyGIL uses a stateless environment architecture and incorporates the MITRE ATT&CK framework to establish a high fidelity training environment, while presenting a sufficiently abstracted interface to enable RL training. Its comprehensive action space and flexible game design allow the agent training to focus on particular advanced persistent threat (APT) profiles, and to incorporate a broad range of potential threats and vulnerabilities. By striking a balance between fidelity and simplicity, it aims to leverage state of the art RL algorithms for application to real-world cyber defence.
A Complete Guide To Data Science Career Path
India is rising and shining bright when it comes to adopting new and emerging technologies. Enterprises from almost all major industry verticals are hiring data science experts to help them garner actionable insights from big data. The analytics sector has witnessed a sharp increase in demand for highly-skilled professionals who understand both the business world as well as the tech world. Organisations today are on a constant lookout for such professionals who can fill this ever-growing dearth in talent. The stark reality, however, is that there is a lot of confusion regarding this profession among aspiring professionals.
Detecting random filenames using (un)supervised machine learning
Combining both n-grams and random forest models to detect malicious activity. An essential part of Managed Detection and Response at Fox-IT is the Security Operations Center. This is our frontline for detecting and analyzing possible threats. Our Security Operations Center brings together the best in human and machine analysis and we continually strive to improve both. For instance, we develop machine learning techniques for detecting malicious content such as DGA domains or unusual SMB traffic.