The aviation industry needs led to an increase in the number of aircraft in the sky. When the number of flights within an airspace increases, the chance of a mid-air collision increases. Systems such as the Traffic Alert and Collision Avoidance System (TCAS) and Airborne Collision Avoidance System (ACAS) are currently used to alert pilots for potential mid-air collisions. The TCAS and the ACAS use algorithms to perform Aircraft Trajectory Predictions (ATPs) to detect potential conflicts between aircrafts. In this paper, three different aircraft trajectory prediction algorithms named Deep Neural Network (DNN), Random Forest (RF) and Extreme Gradient Boosting were implemented and evaluated in terms of their accuracy and robustness to predict the future aircraft heading. These algorithms were as well evaluated in the case of adversarial samples. Adversarial training is applied as defense method in order to increase the robustness of ATPs algorithms against the adversarial samples. Results showed that, comparing the three algorithm’s performance, the extreme gradient boosting algorithm was the most robust against adversarial samples and adversarial training may benefit the robustness of the algorithms against lower intense adversarial samples. The contributions of this paper concern the evaluation of different aircraft trajectory prediction algorithms, the exploration of the effects of adversarial attacks, and the effect of the defense against adversarial samples with low perturbation compared to no defense mechanism.
DOCUMENT
Adversarial thinking is essential when dealing with cyber incidents and for finding security vulnerabilities. Capture the Flag (CTF) competitions are used all around the world to stimulate adversarial thinking. Jeopardy-style CTFs, given their challenge-and-answer based nature, are used more and more in cybersecurity education as a fun and engaging way to inspire students. Just like traditional written exams, Jeopardy-style CTFs can be used as summative assessment. Did a student provide the correct answer, yes or no. Did the participant in the CTF competition solve the challenge, yes or no. This research project provides a framework for measuring the learning outcomes of a Jeopardy-style CTF and applies this framework to two CTF events as case studies. During these case studies, participants were tested on their knowledge and skills in the field of cybersecurity and queried on their attitude towards CTF education. Results show that the main difference between traditional written exam and a Jeopardy-style CTF is the way in which questions a re formulated. CTF education is stated to be challenging and fun because questions are formulated as puzzles that need to be solved in a gamified and competitive environment. Just like traditional written exams, no additional insight into why the participant thinks the correct answer is the correct answer has been observed or if the participant really did learn anything new by participating. Given that the main difference between a traditional written exam and a Jeopardy-style CTF is the way in which questions are formulated, learning outcomes can be measured in the same way. We can ask ourselves how many participants solved which challenge and to which measurable statements about “knowledge, skill and attitude” in the field of cybersecurity each challenge is related. However, when mapping the descriptions of the quiz-questions and challenges from the two CTF events as case studies to the NICE framework on Knowledge, Skills and Abilities in cybersecurity, the NICE framework did not provide us with detailed measurable statements that could be used in education. Where the descriptions of the quiz-questions and challenges were specific, the learning outcomes of the NICE framework are only formulated in a quite general matter. Finally, some evidence for Csíkszentmihályi’s theory of Flow has been observed. Following the theory of Flow, a person can become fully immersed in performing a task, also known as “being in the zone” if the “challenge level” of the task is in line with the person’s “skill level”. The persons mental state towards a task will be different depending on the challenge level of the task and required skill level for completing it. Results show that participants state that some challenges were difficult and fun, where other challenges were easy and boring. As a result of this9 project, a guide / checklist is provided for those intending to use CTF in education.
DOCUMENT
We present a novel architecture for an AI system that allows a priori knowledge to combine with deep learning. In traditional neural networks, all available data is pooled at the input layer. Our alternative neural network is constructed so that partial representations (invariants) are learned in the intermediate layers, which can then be combined with a priori knowledge or with other predictive analyses of the same data. This leads to smaller training datasets due to more efficient learning. In addition, because this architecture allows inclusion of a priori knowledge and interpretable predictive models, the interpretability of the entire system increases while the data can still be used in a black box neural network. Our system makes use of networks of neurons rather than single neurons to enable the representation of approximations (invariants) of the output.
LINK
De African Digital Rights Network (ADRN) heeft een nieuw rapport gepubliceerd waarin de toevoer en verspreiding van digitale surveillance technologie in Afrika in kaart is gebracht. Onderzoeker Anand Sheombar van het lectoraat Procesinnovatie & Informatiesystemen is betrokken bij het ADRN-collectief en heeft samen met de Engelse journalist Sebastian Klovig Skelton, door middel van desk research de aanvoerlijnen vanuit Westerse en Noordelijke landen geanalyseerd. De bevindingen zijn te lezen in dit Supply-side report hoofdstuk van het rapport. APA-bronvermelding: Klovig Skelton, S., & Sheombar, A. (2023). Mapping the supply of surveillance technologies to Africa Supply-side report. In T. Roberts (Ed.), Mapping the Supply of Surveillance Technologies to Africa: Case Studies from Nigeria, Ghana, Morocco, Malawi, and Zambia (pp. 136-167). Brighton, UK: Institute of Development Studies.
MULTIFILE
This paper investigates the prospective application of arbitration by Transnational Private Regulation (TPR). It builds on the study of TPR developed by Fabrizio Cafaggi et al. TPR addresses the ever-increasing transfer of regulatory power from national to global levels, and from public to private regulators. TPR entails private regulatory co-operation be-yond the jurisdictional boundaries of States through voluntary standards. The regimes of TPR are built by a variety of actors, such as companies, NGOs, independent experts, and epistemic communities. Examples of TPR can be found in food safety, forestry management, trade, and derivatives, among other fields. More specifically, they concern private actors engaging in transnational coordination of standard setting such as the Forest Stewardship Council (FSC) that was developed to foster responsible management of the world’s forests. There are four main characteristics of TPR: legitimacy, quality, effectiveness, and enforcement. I will describe those four characteristics in brief here. First, the legitimacy of TPR is built around consent through voluntary entry, participation, and exit of regulated entities. Important to this contribution is that the legitimacy of TPR goes beyond its legal dimension, measured by purely legal standards. Hence, the legitimacy of TPR is largely determined by standards developed by social and economic institutions relevant to specific TPR regimes. The role of those institutions in standard settings is higher in private TPR regimes than private-public TPR regimes, where some forms of compliance are mandatory. Second, the quality of TPR corresponds to the ex ante and ex post evaluation cycle of regulatory processes. It is also linked with the transparency of TPR. Third, the effectiveness of TPR is measured according to the extent to which the objectives of TPR (or selected TPR regimes) are met. And finally, enforcement of TPRis understood as ‘ensuring compliance with commitments’. Enforcement of TPR can take place through courts, administrative agencies, and private dispute resolution—including the arbitration at the core of this contribution. Cafaggi’s study identified rather selective use of arbitration in TPR, but also recommended changes to make arbitration law more adaptable to TPR. Furthermore, the study recommended that more specialized dispute resolution institutions are created to exclusively serve TPR. Against this background, I shift the main focus of analysis from TPR to arbitration. Whereas Cafaggi argued that arbitration may be suitable for TPR as a means of private enforcement, in this paper I go even further, arguing that arbitration as a means of informal, out-of-court dispute resolution is well suited to strengthen the normativity of TPR. This is so because private arbitration actors (including, inter alia, arbitrators and arbitral institutions) are already equipped with the tools necessary to facilitate cross-border TPR, which is done through informal standards and procedures with origins in the communitarian values and reputational mechanisms used by different communities before the development of modern States. The roots of most private justice regimes—including arbitration—are informed by communitarian values such as collaboration, participation, and personal trust. Those values, together with other core characteristics of arbitration correspond to all core characteristics of TPR, making both systems comparable and complementary. The analytical framework incorporated in this paper follows the four core characteristics of TPR. Hence, the paper is organized into five sections. The first section contains the introduction. In the second section, I analyze the legitimacy of arbitration vis-à-vis the legitimacy of TPR. In the third section, I investigate the accountability of arbitration as a means of quality signaling vis-à-vis TPR. In the fourth section, I focus on the remedies available to arbitrators in a view of TPR’s effectiveness. Finally, in the fifth section, I analyze enforcement through arbitration and its impact on the exclusiveness versus complementarity of TPR regimes. Conclusions follow, including recommendations for future research. Part of topic "The blurring distinction between public and private in international dispute resolution"
MULTIFILE
From the article: This paper describes the external IT security analysis of an international corporate organization, containing a technical and a social perspective, resulting in a proposed repeatable approach and lessons learned for applying this approach. Part of the security analysis was the utilization of a social engineering experiment, as this could be used to discover employee related risks. This approach was based on multiple signals that indicated a low IT security awareness level among employees as well as the results of a preliminary technical analysis. To carry out the social engineering experiment, two techniques were used. The first technique was to send phishing emails to both the system administrators and other employees of the company. The second technique comprised the infiltration of the office itself to test the physical security, after which two probes were left behind. The social engineering experiment proved that general IT security awareness among employees was very low. The results allowed the research team to infiltrate the network and have the possibility to disable or hamper crucial processes. Social engineering experiments can play an important role in conducting security analyses, by showing security vulnerabilities and raising awareness within a company. Therefore, further research should focus on the standardization of social engineering experiments to be used in security analyses and further development of the approach itself. This paper provides a detailed description of the used methods and the reasoning behind them as a stepping stone for future research on this subject. van Liempd, D., Sjouw, A., Smakman, M., & Smit, K. (2019). Social Engineering As An Approach For Probing Organizations To Improve It Security: A Case Study At A Large International Firm In The Transport Industry. 119-126. https://doi.org/10.33965/es2019_201904l015
MULTIFILE
This research investigates the integration of stakeholders' values into the digital frameworks of Collective Management Organizations (CMOs) within the Dutch music copyright system. Utilizing Q methodology, the study captures diverse perspectives from composers, lyricists, publishers, and CMO representatives on values, value tensions, norms, and system requirements. A pilot study with four experts tested data collection methods and refined the study design for a larger, follow-up study involving 30 participants. Preliminary findings, based on factor analysis of participant rankings of 30 statements, reveal two distinct perspectives: one focused on "Fairness and Accountability," emphasizing trust-building and equitable treatment, and the other on "Technological Efficiency and Transparency," prioritizing clear information, verification mechanisms, and advanced IT systems. Qualitative insights from participant interviews provide nuanced understanding, highlighting the importance of transparency in royalty processes, balanced application of technology, and equitable royalty distribution in the digital age. This research contributes to the modernization of copyright management systems offering a conceptual model adaptable to other creative (Intellectual Property) industries
MULTIFILE
This paper introduces a novel distributed algorithm designed to optimize the deployment of access points within Mobile Ad Hoc Networks (MANETs) for better service quality in infrastructure less environments. The algorithm operates based on local, independent execution by each network node, thus ensuring a high degree of scalability and adaptability to changing network conditions. The primary focus is to match the spatial distribution of access points with the distribution of client devices while maintaining strong connectivity to the network root. Using autonomous decision-making and choreographed path-planning, this algorithm bridges the gap between demand-responsive network service provision and the maintenance of crucial network connectivity links. The assessment of the performance of this approach is motivated by using numerical results generated by simulations.
DOCUMENT
This essay explores the notion of resilience by providing a theoretical context and subsequently linking it to the management of safety and security. The distinct worlds of international security, industrial safety and public security have distinct risks as well as distinct ‘core purposes and integrities’ as understood by resilience scholars. In dealing with risks one could argue there are three broad approaches: cost-benefit analysis, precaution and resilience. In order to distinguish the more recent approach of resilience, the idea of adaptation will be contrasted to mitigation. First, a general outline is provided of what resilience implies as a way to survive and thrive in the face of adversity. After that, a translation of resilience for the management of safety and security is described. LinkedIn: https://www.linkedin.com/in/juul-gooren-phd-cpp-a1180622/
DOCUMENT
The growing sophistication, frequency and severity of cyberattacks targeting all sectors highlight their inevitability and the impossibility of completely protecting the integrity of critical computer systems. In this context, cyber-resilience offers an attractive alternative to the existing cybersecurity paradigm. We define cyber-resilience as the capacity to withstand, recover from and adapt to the external shocks caused by cyber-risks. This article seeks to provide a broader organizational understanding of cyber-resilience and the tensions associated with its implementation. We apply Weick's (1995) sensemaking framework to examine four foundational tensions of cyber-resilience: a definitional tension, an environmental tension, an internal tension, and a regulatory tension. We then document how these tensions are embedded in cyber-resilience practices at the preparatory, response and adaptive stages. We rely on qualitative data from a sample of 58 cybersecurity professionals to uncover these tensions and how they reverberate across cyber-resilience practices.
DOCUMENT
