ENS

7th International Workshop on Emerging Network Security
  • Date
    Jul 30, 2024
  • Location
    SR07
  • Duration
    13:00 — 18:30
Workshops Lettering

Workshop Chairs

Workshop Chairs Logo Workshop Chairs Logo Workshop Chairs Logo Workshop Chairs Logo Workshop Chairs Logo
  • → Wojciech Mazurczyk
  • → Pascal Bisson
  • → Krzysztof Cabaj
  • → Edgardo Montes de Oca
  • → Ilsun You

Detail ENS 01/05

7th International Workshop on Emerging Network Security to be held in the conjunction with the ARES Workshops EU Projects Symposium 2024 at the 19th International Conference on Availability, Reliability and Security
With the great success and development of 5G & beyond systems and other emerging concepts (e.g. 6G) a continued effort toward rich ubiquitous communication infrastructure, promising wide range of high-quality services is desired. It is envisioned that communication in emerging networks will offer significantly greater data bandwidth and almost infinite capability of networking resulting in unfaltering user experiences for, among others: virtual/augmented reality, massive content streaming, telepresence, user-centric computing, crowded area services, smart personal networks, Internet of Things (IoT), smart buildings and smart cities.

The communication in 5G networks and beyond is currently in the center of attention of industry, academia, and government worldwide. Emerging network concepts drive many new requirements for different network capabilities. As future networks aim at utilizing many promising network technologies, such as Software Defined Networking (SDN), Network Functions Virtualization (NFV), Information Centric Network (ICN), Network Slicing or Cloud Computing and supporting a huge number of connected devices integrating above mentioned advanced technologies and innovating new techniques will surely bring tremendous challenges for security, privacy and trust. Therefore, secure network architectures, mechanisms, and protocols are required as the basis for emerging networks to address these issues and follow security-by-design approach. Finally, since in current and future networks even more user data and network traffic will be transmitted, big data security solutions should be considered in order to address the magnitude of the data volume and ensure data security and privacy.

From this perspective, the ENS 2024 workshop aims at collecting the most relevant ongoing research efforts in emerging network security field. It also serves as a forum for 5G & beyond projects in order to disseminate their security-related results and boost cooperation, also foster development of the 5G and beyond Security Community made of 5G security experts and practitioners who pro-actively discuss and share information to collectively progress and align on the field. Last but not least it also aims to bridge 5G & Beyond community with other communities (e.g. AI) that are key to support full attainment of 5G & Beyond but also 6G promises and so for those technologies to release their full potential.

The ENS workshop builds upon three successful editions of the 5G-NS (5G Networks Security) workshop organized previously in co-location with the ARES conference since 2018.

Keynote ENS:
Enhancing Network Cybersecurity with Novel Trustworthy AI Solutions

This presentation will focus on novel trustworthy AI solutions in the field of network intrusion detection (NIDS), The research and development work, particularly in the context of EU-funded projects like H2020 STARLIGHT, HE AI4Cyber, H2020 SPARTA, H2020 APPRAISE, H2020 ELEGANT, H2020 SIMARGL and others has led to significant advancements in NIDS and the security of AI systems.

The core of this presentation details the development of AI-based intrusion detection technologies that leverage flow-based data for real-time threat analysis. These systems are designed with modularity and scalability in mind, utilizing tools like Apache Spark and Kafka for efficient data handling and processing.

Another major focus is on explainability in AI, crucial for gaining user trust and enhancing system transparency. Methodologies for integrating explainable AI (xAI) techniques with existing AI models will be presented, which are critical for sectors requiring an understanding of AI decision-making processes. The practical implementation of these technologies in various industrial and academic projects will be discussed, showcasing their effectiveness in live environments and their adaptability to different types of cyberthreats. The presentation concludes with insights into future research directions and opportunities for further innovation in AI-driven cybersecurity solutions, aiming to improve their reliability, security, and user trust.

About the speaker:
Marek Pawlicki Ph.D. Eng. holds an adjunct position at the Bydgoszcz University of Science and Technology. He has been involved in a number of international projects related to cybersecurity, critical infrastructure protection, software quality etc. (e.g. H2020 SPARTA, H2020 SIMARGL, H2020 PREVISION, H2020 MAGNETO, H2020 Q-Rapids, H2020 SocialTruth). He is an author of over 80 peer-reviewed scientific publications. His interests pertain to the application of machine learn- ing in several domains, including cybersecurity.

Topics of interest for current and emerging networks (5G & Beyond, 6G, …) include, but are not limited to 02/05

  • Security Architecture and Technologies
  • Security Management and its automation
  • Attack & Threat Detection
  • DDoS Detection & Mitigation
  • Security Frameworks for Various Applications & Scenarios
  • Access Control Security
  • Security Protocols
  • Security Management and Orchestration of NFV and SDN Elements
  • Software Defined Security
  • Security as a Service
  • Trusted Computing with NFV and SDN
  • Physical Layer Security
  • Wireless Communications Security
  • SDN/NFV Security
  • Core Network Security
  • Terminal and Edge Computing
  • Security of MEC Infrastructure
  • Malware Attack Detection and Prevention Techniques
  • Information Sharing and Data Protection
  • Big Data Security and Analytics
  • AI-enabled Security
  • Cloud Technologies Security
  • Privacy Preservation and Enhancement
  • Intrusion Detection and Content Access Control
  • Trust Management in Heterogeneous
  • Identity Management and Trustworthiness
  • Intelligent Security Provisioning
  • Trust Collaboration
  • Liability in Current and Emerging Networks
  • Compliance with legislation and regulation that apply IoT security and trust
  • 5G/6G, etc. and Artificial Intelligence
  • Named Data Networking

Workshop Chairs 03/05

Workshop Chairs

Workshop Chairs Logo
Wojciech Mazurczyk
Warsaw University of Technology, Poland (SILVANUS Project)
wojciech.mazurczyk@pw.edu.pl
Workshop Chairs Logo
Pascal Bisson
Thales, France (5GDrones & INSPIRE-5Gplus H2020 Project, 5G IA SEC WG chair)
pascal.bisson@thalesgroup.com
Workshop Chairs Logo
Krzysztof Cabaj
Warsaw University of Technology, Poland (SILVANUS Project)
krzysztof.cabaj@pw.edu.pl
Workshop Chairs Logo
Edgardo Montes de Oca
Montimage, France (Networld Europe steering board member, H2020 INSPIRE-5Gplus and SANCUS projects)
edgardo.montesdeoca@montimage.com
Workshop Chairs Logo
Ilsun You
Kookmin University, South Korea
ilsunu@gmail.com

Program Committee

Mustafa Albado | DELL, Ireland
Chafika Benzaid | University of Oulu, Finland
Daniele Bringhenti | Politecnico di Torino, Italy
Luca Caviglione | IMATI CNR, Italy
Michal Choras | ITTI Ltd., Poland
Marcin Gregorczyk | Warsaw University of Technology, Poland
Gilles Guette | Rennes University, France
Georgios Karopoulos | European Commission, Joint Research Centre (JRC), Greece
Zbigniew Kotulski | Warsaw University of Technology, Poland
Rafal Kozik | Bydgoszcz University of Science and Technology, Poland
Sławomir Kukliński | Warsaw University of Technology, Poland
Thomas Lagkas | Democritus University of Thrace, Greece
Diego R. Lopez | Telefónica I+D, Spain
Amitabh Mishra | University of Delaware, USA
Marek Pawlicki | Bydgoszcz University of Science and Technology, Poland
Pawel Rajba | University of Wroclaw, Poland
Leonardo Regano | Università degli Studi di Cagliari, Italy
Stavros Shiaeles | University of Portsmouth, UK
Jani Suomalainen | VTT, Finland
Roberta Terruggia | Ricerca sul Sistema Energetico, Italy
Hui Tian | National Huaqiao University, China
Reza Tourani | Saint Louis University, US

Submission 04/05

Submission Guidelines

The submission guidelines valid for the workshop are the same as for the ARES conference.
More Information

Important Dates

Extended Submission Deadline May 14, 2024
Author Notification Jun 02, 2024
Proceedings Version Jun 18, 2024
ARES EU Projects Symposium Jul 30, 2024
Conference Jul 30 — Aug 02, 2024

Accepted Paper

SoK: A Taxonomy for Hardware-Based Fingerprinting in the Internet of Things
Christian Spinnler (Siemens AG, FAU Erlangen-Nürnberg, Germany), Torsten Labs (Siemens AG, Germany), Norman Franchi (FAU Erlangen-Nürnberg, Chair of Electrical Smart City Systems, AIN, Germany)
Full Paper
In IoT applications, embedded devices acquire and transmit data to control and optimize industrial processes. In order to trust this data, the trustworthiness of the data acquisition system, such as the sensors and the integrated signal processing components, is a crucial requirement. Software authenticity is provided with concepts like measured boot. Expanding authenticity to hardware components requires and motivates new approaches like hardware fingerprinting.

In this paper, we review and systematize current research and trends in hardware fingerprinting. We provide insights to current research directions by reviewing multiple survey and review papers and derive a common definition for fingerprinting based on the reviewed literature.

We identify three different fingerprinting techniques: Hardware Fingerprinting, Behavior Fingerprinting and Radio Frequency Fingerprinting, which can be used for multiple application scenarios. By decomposing a common embedded system architecture, we provide four trust domains from which we can create a hardware fingerprint: Main Processing Domain, On-Device Communication Domain, Peripheral Domain and Environmental Domain.

With this in mind, a new fingerprinting taxonomy is developed, taking into account different data sources and evaluation techniques. We distinguish between intrinsic and extrinsic data sources and direct and indirect data evaluation.

In order to get an understanding of the scope of the fingerprinting techniques w.r.t. their trust domain and application scenarios, a new categorization model is created which binds the data sources to a physical asset of the device, thus making it possible to determine to what extend a device's components can be trusted and in which applications it may be applicable.
Workshop ENS
Forensic Investigation of An Android Jellybean-based Car Audio Video Navigation System
Yejin Yoon (Dankook University, South Korea), Jeehun Jung (Dankook University, South Korea), Seong-Je Cho (Dankook University, South Korea), Jongmoo Choi (Dankok University, South Korea), Minkyu Park (Konkuk University, South Korea), Sangchul Han (Konkuk University, South Korea)
Full Paper
Recently, in-vehicle infotainment (IVI) systems, also called car audio video navigation (AVN) systems hold a wealth of digital data valuable for forensic investigations, encompassing navigation history, call logs, and Bluetooth connections. They serve as central hubs for entertainment, communication, and navigation, storing crucial evidence for accidents, thefts, and cybercrimes. Therefore, forensic investigations of IVI systems are becoming increasingly important. In this paper, we conduct a forensic analysis of an Android Jellybean-based AVN system installed in Kia K5 2017. We first efficiently collect system logs as well as navigation logs using the log menu of an engineering mode provided by the car manufacturer company. Therefore, our data collection method does not require a chip-off technique or rooting of the AVN system. Next, we analyze the collected logs systematically and the differences between the two types of log data. Our forensic investigation method can provide insights into occupant activities and reconstruct events leading to incidents and car crimes.
Workshop ENS
Identity and Access Management Architecture in the SILVANUS Project
Pawel Rajba (Warsaw University of Technology, Poland), Natan Orzechowski (Warsaw University of Technology, Poland), Karol Rzepka (Warsaw University of Technology, Poland), Przemysław Szary (Warsaw University of Technology, Poland), Dawid Nastaj (Warsaw University of Technology, Poland), Krzysztof Cabaj (Warsaw University of Technology, Poland)
Full Paper
SILVANUS is a scientific collaboration EU-funded project with the goal to mitigate the growing impact of wildfires caused by global climate change by implementing a comprehensive global fire prevention strategy. Due to the significant complexity and collaborative nature of the project which involves more than 50 parties, it is a challenge to ensure unified and governed security especially that the platform is based on heterogeneous and multi-component architecture. To ensure that the expectations are delivered, different architecture perspectives need to be considered and one of these is identity and access management.

In this paper we describe the identity and access management architecture perspective of the SILVANUS project. We start with the high level overview supported by requirements expresses as policies, introduce the identity governance and administration as well as access management areas, and then analyze the next level of the IAM architectuer based on XACML concept. We also cover IAM processes and monitoring which are inherent constituents of the complete solution. Finally, in certain aspects we consider different maturity levels and position appropriately the current development stage.
Workshop ENS
Future-proofing Secure V2V Communication against Clogging DoS Attacks
Hongyu Jin (KTH Royal Institute of Technology, Sweden), Zhichao Zhou (KTH Royal Institute of Technology, Sweden), Panos Papadimitratos (KTH Royal Institute of Technology, Sweden)
Full Paper
Clogging Denial of Service (DoS) attacks have disrupted or disabled various networks, in spite of security mechanisms. External adversaries can severely harm networks, especially when high-overhead security mechanisms are deployed in resource-constrained systems. This can be especially true in the emerging standardized secure Vehicular Communication (VC) systems: mandatory message signature verification can be exploited to exhaust resources and prevent validating information that is, critical, often, for transportation safety. Although efficient message verification schemes and better provisioned devices could serve as potential remedies, we point out the limitations of existing solutions, challenges to address for scalable and resilient secure VC systems, and, most notably, the need for integrating defense mechanisms against clogging DoS attacks. We position that the existing secure VC protocols are vulnerable to clogging DoS attacks and recommend symmetric key chain based pre-validation with mandatory signature verification to thwart clogging DoS attacks, while maintaining all key security properties, including non-repudiation to enable accountability.
Workshop ENS
Introducing a Multi-Perspective xAI Tool for Better Model Explainability
Marek Pawlicki (Bydgoszcz University of Science and Technology, Poland), Damian Puchalski (ITTI Sp. z o.o., Poland), Sebastian Szelest (ITTI Sp. z o.o., Poland), Aleksandra Pawlicka (ITTI Sp. z o.o., Poland), Rafal Kozik (Bydgoszcz University of Science and Technology, Poland), Michał Choraś (Bydgoszcz University of Science and Technology, Poland)
Full Paper
This paper introduces an innovative tool equipped with a multiperspective, user-friendly dashboard designed to enhance the explainability of AI models, particularly in cybersecurity. By enabling users to select data samples and apply various xAI methods, the tool provides insightful views into the decision-making processes

of AI systems. These methods offer diverse perspectives and deepen the understanding of how models derive their conclusions, thus demystifying the "black box" of AI. The tool’s architecture facilitates easy integration with existing ML models, making it accessible to users regardless of their technical expertise. This approach promotes transparency and fosters trust in AI applications by aligning decision-making with domain knowledge and mitigating potential biases.
Workshop ENS
Leveraging Overshadowing for Time-Delay Attacks in 4G/5G Cellular Networks: An Empirical Assessment
Virgil Hamici-Aubert (IMT Atlantique, IRISA, UMR CNRS 6074, France), Julien Saint-Martin (IMT Atlantique, IRISA, UMR CNRS 6074, France), Renzo E. Navas (IMT Atlantique, IRISA, UMR CNRS 6074, France), Georgios Z. Papadopoulos (IMT Atlantique, IRISA, UMR CNRS 6074, France), Guillaume Doyen (IMT Atlantique, IRISA, UMR CNRS 6074, France), Xavier Lagrange (IMT Atlantique, IRISA, UMR CNRS 6074, France)
Full Paper
Ensuring both reliable and low-latency communications over 4G or 5G Radio Access Network (RAN) is a key feature for services such as smart power grids and the metaverse. However, the lack of appropriate security mechanisms at the lower-layer protocols of the RAN--a heritage from 4G networks--opens up vulnerabilities that can be exploited to conduct stealthy Reduction-of-Quality attacks against the latency guarantees. This paper presents an empirical assessment of a proposed time-delay attack that leverages overshadowing to exploit the reliability mechanisms of the Radio Link Control (RLC) in Acknowledged Mode. By injecting falsified RLC Negative Acknowledgements, an attacker can maliciously trigger retransmissions at the victim User Equipment (UE), degrading the uplink latency of application flows. Extensive experimental evaluations on open-source and commercial off-the-shelf UEs demonstrate the attack's effectiveness in increasing latency, network load, and buffer occupancy. The attack impact is quantified by varying the bitrate representing different applications and the number of injected negative acknowledgments controlling the attack intensity. This work studies a realistic threat against the latency quality of service in 4G/5G RANs and highlights the urgent need to revisit protocol security at the lower-RAN layers for 5G (and beyond) networks.
Workshop ENS
Enhancing Network Security Through Granular Computing: A Clustering-by-Time Approach to NetFlow Traffic Analysis
Mikołaj Komisarek (ITTI Sp. z o.o., Poland), Marek Pawlicki (Bydgoszcz University of Science and Technology, Poland), Salvatore D'Antonio (Naples University Parthenope, Italy), Rafał Kozik (Bydgoszcz University of Science and Technology, Poland), Aleksandra Pawlicka (Warsaw University, POLAND, Poland), Michał Choraś (Bydgoszcz University of Science and Technology, Poland)
Full Paper
This paper presents a study of the effect of the size of the time window from which network features are derived on the predictive ability of a Random Forest classifier implemented as a network intrusion detection component. The network data is processed using granular computing principles, gradually increasing the time windows to allow the detection algorithm to find patterns in the data at different levels of granularity. Experiments were conducted iteratively with time windows ranging in size from 2 to 1024 seconds. Each iteration involved time-based clustering of the data, followed by splitting into training and test sets at a ratio of 67% - 33%. The

Random Forest algorithm was applied as part of a 10-fold cross-validation. Assessments included standard detection metrics: accuracy, precision, F1 score, BCC, MCC and recall. The results show a statistically significant improvement in the detection of cyber attacks in network traffic with a larger time window size (p-value 0.001953125). These results highlight the effectiveness of using longer time intervals in network data analysis, resulting in increased anomaly detection.
Workshop ENS
Trustworthy AI-based Cyber-Attack Detector for Network Cyber Crime Forensics
Damian Puchalski (ITTI Sp. z o.o., Poland), Marek Pawlicki (Bydgoszcz University of Science and Technology, Poland), Rafał Kozik (Bydgoszcz University of Science and Technology, Poland), Rafał Renk (ITTI Sp. z o.o., Poland), Michał Choraś (Bydgoszcz University of Science and Technology, Poland)
Full Paper
In recent years, the increasing sophistication and proliferation of cyberthreats have underscored the necessity for robust network security measures, as well as a comprehensive approach to cyberprotection at large. As cyberthreats are continuously more and more complex, and their detection, response and mitigation often involve dealing with big data, the need for novel solutions is present also in cyber-criminal law enforcement (LEA) and network forensics contexts. Traditional, anomaly-based or signature-based intrusion detection systems (IDS) often face challenges in adapting to the evolving cyberattack landscape. On the other hand, Machine Learning (ML) has emerged as a promising approach, proving its ability to detect complex patterns in big data, including applications such as intrusion detection and classification of threats in the network environment, with high accuracy and precision (reduced rate of false positives). In this paper we present the Trustworthy Cyberattack Detector tool (TCAD), benefiting from the machine learning algorithms for the detection and classification of cyberattacks. TCAD can be used for monitoring the network in real-time and for offline analysis of collected network data. We believe that the TCAD can be successfully applied for the task of detecting and classifying evidence during criminal investigations related to network cyber attacks, but also can be helpful for the correlation of discovered network-based events over time with other collected non-network evidence.
Workshop ENS
Register here!
Join us at ARES 2024 in Vienna, Austria