Erisa Karafili’s paper “A Formal Approach to Analyzing Cyber-Forensics Evidence” was accepted at the European Symposium on Research in Computer Security (ESORICS) 2018. This was a joint collaboration with King’s College London and the University of Verona.

Title: A Formal Approach to Analyzing Cyber-Forensics Evidence

Authors: Erisa Karafili, Matteo Cristani, Luca Viganò

Abstract: The frequency and harmfulness of cyber-attacks are increasing every day, and with them also the amount of data that the cyber-forensics analysts need to collect and analyze. In this paper, we propose a formal analysis process that allows an analyst to filter the enormous amount of evidence collected and either identify crucial information about the attack (e.g., when it occurred, its culprit, its target) or, at the very least, perform a pre-analysis to reduce the complexity of the problem in order to then draw conclusions more swiftly and efficiently. We introduce the Evidence Logic EL for representing simple and derived pieces of evidence from different sources. We propose a procedure, based on monotonic reasoning, that rewrites the pieces of evidence with the use of tableau rules, based on relations of trust between sources and the reasoning behind the derived evidence, and yields a consistent set of pieces of evidence. As proof of concept, we apply our analysis process to a concrete cyber-forensics case study.

(The paper can be found here.)

This work was funded from the European Union’s Horizon 2020 research and innovation program under the Marie Sklodowska-Curie grant agreement No 746667.

Erisa Karafili's paper "Access Control and Quality Attributes of Open Data: Applications and Techniques" was accepted at the first Quality of Open Data Workshop, at BIS 2018. This work was in collaboration with School of Business and Economics, Loughborough University.

Title: Access Control and Quality Attributes of Open Data: Applications and Techniques

Authors: Erisa Karafili, Konstantina Spanaki, Emil C Lupu

Abstract: Open Datasets provide one of the most popular ways to acquire insight and information about individuals, organizations and multiple streams of knowledge. Exploring Open Datasets by applying comprehensive and rigorous techniques for data processing can provide the ground for innovation and value for everyone if the data are handled in a legal and controlled way. In our study, we propose an argumentation and abductive reasoning approach for data processing which is based on the data quality background. Explicitly, we draw on the literature of data management and quality for the attributes of the data, and we extend this background through the development of our techniques. Our aim is to provide herein a brief overview of the data quality aspects, as well as indicative applications and examples of our approach. Our overall objective is to bring serious intent and propose a structured way for access control and processing of open data with a focus on the data quality aspects.

(The paper can be found here.)

This work was funded from the European Union’s Horizon 2020 research and innovation program under the Marie Sklodowska-Curie grant agreement No 746667.

The paper “A Logic-Based Reasoner for Discovering Authentication Vulnerabilities Between Interconnected Accounts” was accepted at the International Workshop on Emerging Technologies for Authorization and Authentication (ETAA@ESORICS 2018). This work was in collaboration with the Information Security Group, Royal Holloway, University of London.

Title: A Logic-Based Reasoner for Discovering Authentication Vulnerabilities Between Interconnected Accounts

Authors: Erisa Karafili, Daniele Sgandurra, Emil Lupu

Abstract: With users being more reliant on online services for their daily activities, there is an increasing risk for them to be threatened by cyber-attacks harvesting their personal information or banking details. These attacks are often facilitated by the strong interconnectivity that exists between online accounts, in particular due to the presence of shared (e.g., replicated) pieces of user information across different accounts. In addition, a significant proportion of users employs pieces of information, e.g. used to recover access to an account, that are easily obtainable from their social networks accounts, and hence are vulnerable to correlation attacks, where a malicious attacker is either able to perform password reset attacks or take full control of user accounts.

This paper proposes the use of verification techniques to analyse the possible vulnerabilities that arises from shared pieces of information among interconnected online accounts. Our primary contributions include a logic-based reasoner that is able to discover vulnerable online accounts, and a corresponding tool that provides modelling of user accounts, their interconnections, and vulnerabilities. Finally, the tool allows users to perform security checks of their online accounts and suggests possible countermeasures to reduce the risk of compromise.

This work was funded from the European Union’s Horizon 2020 research and innovation program under the Marie Sklodowska-Curie grant agreement No 746667.

The paper “Helping forensic analysts to attribute cyber-attacks: an argumentation-based reasoner" was accepted at the International Conference on Principles and Practice of Multi-Agent Systems (PRIMA 2018) . This work was in collaboration with the University of Cyprus.

Title: Helping forensic analysts to attribute cyber-attacks: an argumentation-based reasoner

Authors: Erisa Karafili, Linna Wang, Antonis C. Kakas, Emil Lupu

Abstract: Discovering who performed a cyber-attack or from where it originated is essential in order to determine an appropriate response and future risk mitigation measures. In this work, we propose a novel argumentation-based reasoner for analyzing and attributing cyber-attacks that combines both technical and social evidence. Our reasoner helps the digital forensics analyst during the analysis of the forensic evidence by providing to the analyst the possible culprits of the attack, new derived evidence, hints about missing evidence, and insights about other paths of investigation. The proposed reasoner is flexible, deals with conflicting and incomplete evidence, and was tested on real cyber-attacks cases.

(The paper can be found here.)

This work was funded from the European Union’s Horizon 2020 research and innovation program under the Marie Sklodowska-Curie grant agreement No 746667.

Dr Karafili gave an invited talk at the Computer Science Department, Swansea University, UK. The title of her talk was: “Helping Forensic Analysts to Analyze and Attribute Cyber-Attacks”. In this talk, she presented part of the work conducted in AF-Cyber.

Dr Karafili appeared in the "Explainable AI" article by David Silverman, for Imperial College London. Dr Karafili explains briefly the main goal of AF-Cyber and the impact it has in our everyday life, and how AI techniques, like argumentation reasoning, helps in tackling cybersecurity problems.

You can find the article here: https://www.imperial.ac.uk/enterprise/long-reads/explainable-ai/

Dr Karafili was part of the "Human-Like Computing" Third Wave of AI Workshop (3AI-HLC) at Imperial College London.

She presented her work "Helping Forensic Analysts to Attribute Cyber-Attacks" during the poster session.

Title: Helping Forensic Analysts to Attribute Cyber-Attacks

Authors: Erisa Karafili, Linna Wang, Antonis Kakas, Emil Lupu

The work Dr Karafili has conducted in collaboration with Dr Spanaki and Dr Despoudi, was accepted at the "European Operations Management Association Conference" EurOMA 2019.

In this work Dr Karafili applied techniques from knowledge representation and AI to solve security problems in Agricultural and Industrial environments. This work was a joint collaboration with the School of Business and Economics, Loughborough University and Aston Business School, Aston University.

Title: Data Sharing in Agriculture 4.0: Applications of AI for Access Control Decisions

Authors: Konstantina Spanaki, Erisa Karafili, Stella Despoudi

Dr Karafili gave an invited talk at the Security Group Department of Mathematics and Computer Science, TU Eindhoven, The Netherlands. The title of her talk was: “Investigating Cyber-attacks: Two solutions for analyzing and attributing cyber-attacks”. In this talk, she presented part of the work conducted in AF-Cyber.

Dr Karafili gave an invited talk at the Center for Information Security and Trust (CIST), Computer Science Department, IT University of Copenhagen, Denmark . The title of her talk was: “Two Solutions to Assist Forensic Analysts during the Investigation of Cyber-Attacks ”. In this talk, she presented part of the work conducted in AF-Cyber.

The paper “An argumentation-based reasoner to assist digital investigation and attribution of cyber-attacks" was accepted at EU DFRWS 2020.

Title: An argumentation-based reasoner to assist digital investigation and attribution of cyber-attacks

Authors: Erisa Karafili, Linna Wang, Emil Lupu

Abstract: We expect an increase in the frequency and severity of cyber-attacks that comes along with the need for efficient security coun- termeasures. The process of attributing a cyber-attack helps to construct efficient and targeted mitigating and preventive security measures. In this work, we propose an argumentation-based reasoner (ABR) as a proof-of-concept tool that can help a forensics analyst during the analysis of forensic evidence and the attribution process. Given the evidence collected from a cyber-attack, our reasoner can assist the analyst during the investigation process, by helping him/her to analyze the evidence and identify who per- formed the attack. Furthermore, it suggests to the analyst where to focus further analyses by giving hints of the missing evidence or new investigation paths to follow. ABR is the first automatic reasoner that can combine both technical and social evidence in the analysis of a cyber-attack, and that can also cope with incomplete and conflicting information. To illustrate how ABR can assist in the analysis and attribution of cyber-attacks we have used examples of cyber-attacks and their analyses as reported in publicly available reports and online literature. We do not mean to either agree or disagree with the analyses presented therein or reach attribution conclusions.

This work was funded from the European Union’s Horizon 2020 research and innovation program under the Marie Sklodowska-Curie grant agreement No 746667.

You can find the paper here.