Change search
Link to record
Permanent link

Direct link
Alternative names
Publications (10 of 49) Show all publications
Wilson, T. J., Bergman, J., Jackson, A. & Popov, O. B. (2024). Preventing Machines From Lying: Why Interdisciplinary Collaboration is Essential for Understanding Artefactual or Artefactually Dependent Expert Evidence. Journal of Criminal Law
Open this publication in new window or tab >>Preventing Machines From Lying: Why Interdisciplinary Collaboration is Essential for Understanding Artefactual or Artefactually Dependent Expert Evidence
2024 (English)In: Journal of Criminal Law, ISSN 0022-0183Article in journal (Refereed) Epub ahead of print
Abstract [en]

This article demonstrates a significantly different approach to managing probative risks arising from the complex and fast changing relationship between law and computer science. Law's historical problem in adapting to scientific and technologically dependent evidence production is seen less as a socio-techno issue than an ethical failure within criminal justice. This often arises because of an acceptance of epistemological incomprehension between lawyers and scientists. Something compounded by the political economy of criminal justice and safeguard evasion within state institutions. What is required is an exceptionally broad interdisciplinary collaboration to enable criminal justice decision-makers to understand and manage the risk of further ethical failure. If academic studies of law and technology are to address practitioner concerns, it is often necessary, however, to step down the doctrinal analysis to a specific jurisdictional level.

Keywords
Explaining/understating AI/ML-assisted decisions, interdisciplinary methodology in law and technology studies, neoliberalism, ethics and criminal justice systems
National Category
Social Sciences Interdisciplinary Law and Society
Identifiers
urn:nbn:se:su:diva-226528 (URN)10.1177/00220183231226087 (DOI)001147232400001 ()2-s2.0-85183011804 (Scopus ID)
Available from: 2024-02-14 Created: 2024-02-14 Last updated: 2024-02-26
Seid, E., Popov, O. & Blix, F. (2024). Security Attack Behavioural Pattern Analysis for Critical Service Providers. Journal of Cybersecurity and Privacy (JCP), 4(1), 55-75
Open this publication in new window or tab >>Security Attack Behavioural Pattern Analysis for Critical Service Providers
2024 (English)In: Journal of Cybersecurity and Privacy (JCP), E-ISSN 2624-800X, Vol. 4, no 1, p. 55-75Article in journal (Refereed) Published
Abstract [en]

Identifying potential system attacks that define security requirements is crucial to building secure cyber systems. Moreover, the attack frequency makes their subsequent analysis challenging and arduous in cyber–physical systems (CPS). Since CPS include people, organisations, software, and infrastructure, a thorough security attack analysis must consider both strategic (social and organisa- tional) aspects and technical (software and physical infrastructure) aspects. Studying cyberattacks and their potential impact on internal and external assets in cyberspace is essential for maintaining cyber security. The importance is reflected in the work of the Swedish Civil Contingencies Agency (MSB), which receives IT incident reports from essential service providers mandated by the NIS direc- tive of the European Union and Swedish government agencies. To tackle this problem, a multi-realm security attack event monitoring framework was proposed to monitor, model, and analyse security events in social(business process), cyber, and physical infrastructure components of cyber–physical systems. This paper scrutinises security attack patterns and the corresponding security solutions for Swedish government agencies and organisations within the EU’s NIS directive. A pattern analysis was conducted on 254 security incident reports submitted by critical service providers. A total of five critical security attacks, seven vulnerabilities (commonly known as threats), ten attack patterns, and ten parallel attack patterns were identified. Moreover, we employed standard mitigation techniques obtained from recognised repositories of cyberattack knowledge, namely, CAPEC and Mitre, in order to conduct an analysis of the behavioural patterns.

Keywords
Security pattern, IT-incidents, societal safety, cyber–physical systems, essential services, NIS-directive, socio-technical system, cyberattack
National Category
Computer Sciences
Research subject
Computer and Systems Sciences
Identifiers
urn:nbn:se:su:diva-225867 (URN)10.3390/jcp4010004 (DOI)
Note

Special Issue, Secure Software Engineering

Available from: 2024-01-24 Created: 2024-01-24 Last updated: 2024-01-24Bibliographically approved
Bergman, J. & Popov, O. B. (2023). Exploring Dark Web Crawlers: A Systematic Literature Review of Dark Web Crawlers and Their Implementation. IEEE Access, 11, 35914-35933
Open this publication in new window or tab >>Exploring Dark Web Crawlers: A Systematic Literature Review of Dark Web Crawlers and Their Implementation
2023 (English)In: IEEE Access, E-ISSN 2169-3536, Vol. 11, p. 35914-35933Article, review/survey (Refereed) Published
Abstract [en]

Strong encryption algorithms and reliable anonymity routing have made cybercrime investigation more challenging. Hence, one option for law enforcement agencies (LEAs) is to search through unencrypted content on the Internet or anonymous communication networks (ACNs). The capability of automatically harvesting web content from web servers enables LEAs to collect and preserve data prone to serve as potential leads, clues, or evidence in an investigation. Although scientific studies have explored the field of web crawling soon after the inception of the web, few research studies have thoroughly scrutinised web crawling on the “dark web”, or ACNs, such as I2P, IPFS, Freenet, and Tor. The current paper presents a systematic literature review (SLR) that examines the prevalence and characteristics of dark web crawlers. From a selection of 58 peer-reviewed articles mentioning crawling and the dark web, 34 remained after excluding irrelevant articles. The literature review showed that most dark web crawlers were programmed in Python, using either Selenium or Scrapy as the web scraping library. The knowledge gathered from the systematic literature review was used to develop a Tor-based web crawling model into an already existing software toolset customised for ACN-based investigations. Finally, the performance of the model was examined through a set of experiments. The results indicate that the developed crawler was successful in scraping web content from both clear and dark web pages, and scraping dark marketplaces on the Tor network. The scientific contribution of this paper entails novel knowledge concerning ACN-based web crawlers. Furthermore, it presents a model for crawling and scraping clear and dark websites for the purpose of digital investigations. The conclusions include practical implications of dark web content retrieval and archival, such as investigation clues and evidence, and related future research topics.

Keywords
Cybercrime, digital forensics, systematic literature review, dark web crawling, Tor
National Category
Computer Sciences
Identifiers
urn:nbn:se:su:diva-217299 (URN)10.1109/ACCESS.2023.3255165 (DOI)000972255300001 ()2-s2.0-85149895587 (Scopus ID)
Available from: 2023-05-24 Created: 2023-05-24 Last updated: 2023-05-24Bibliographically approved
Bergman, J. & Popov, O. B. (2023). Recognition of tor malware and onion services. Journal of Computer Virology and Hacking Techniques
Open this publication in new window or tab >>Recognition of tor malware and onion services
2023 (English)In: Journal of Computer Virology and Hacking Techniques, E-ISSN 2263-8733Article in journal (Refereed) Epub ahead of print
Abstract [en]

The transformation of the contemporary societies through digital technologies has had a profound effect on all human activities including those that are in the realm of illegal, unlawful, and criminal deeds. Moreover, the affordances provided by the anonymity creating techniques such as the Tor protocol which are beneficial for preserving civil liberties, appear to be highly profitable for various types of miscreants whose crimes range from human trafficking, arms trading, and child pornography to selling controlled substances and racketeering. The Tor similar technologies are the foundation of a vast, often mysterious, sometimes anecdotal, and occasionally dangerous space termed as the Dark Web. Using the features that make the Internet a uniquely generative knowledge agglomeration, with no borders, and permeating different jurisdictions, the Dark Web is a source of perpetual challenges for both national and international law enforcement agencies. The anonymity granted to the wrong people increases the complexity and the cost of identifying both the crimes and the criminals, which is often exacerbated with lack of proper human resources. Technologies such as machine learning and artificial intelligence come to the rescue through automation, intensive data harvesting, and analysis built into various types of web crawlers to explore and identify dark markets and the people behind them. It is essential for an effective and efficient crawling to have a pool of dark sites or onion URLs. The research study presents a way to build a crawling mechanism by extracting onion URLs from malicious executables by running them in a sandbox environment and then analysing the log file using machine learning algorithms. By discerning between the malware that uses the Tor network and the one that does not, we were able to classify the Tor using malware with an accuracy rate of 91% with a logistic regression algorithm. The initial results suggest that it is possible to use this machine learning approach to diagnose new malicious servers on the Tor network. Embedding this kind of mechanism into the crawler may also induce predictability, and thus efficiency in recognising dark market activities, and consequently, their closure. 

Keywords
Tor, Malware, Machine learning, Forensics
National Category
Computer Sciences
Identifiers
urn:nbn:se:su:diva-217293 (URN)10.1007/s11416-023-00476-z (DOI)000978451300001 ()2-s2.0-85153934241 (Scopus ID)
Available from: 2023-05-24 Created: 2023-05-24 Last updated: 2023-08-16
Seid, E., Popov, O. & Blix, F. (2023). Towards Security Attack Event Monitoring for Cyber Physical-Systems. In: Paolo Mori; Gabriele Lenzini; Steven Furnell (Ed.), Proceedings of the 9th International Conference on Information Systems Security and Privacy (ICIISSP 2023): . Paper presented at The 9th International Conference on Information Systems Security and Privacy (ICIISSP 2023), 22–24 February 2023, Lisbon, Portugal (pp. 723-733). SciTePress
Open this publication in new window or tab >>Towards Security Attack Event Monitoring for Cyber Physical-Systems
2023 (English)In: Proceedings of the 9th International Conference on Information Systems Security and Privacy (ICIISSP 2023) / [ed] Paolo Mori; Gabriele Lenzini; Steven Furnell, SciTePress , 2023, p. 723-733Conference paper, Published paper (Refereed)
Abstract [en]

In today’s software systems, security is one of the major issues that need to be considered when designing Cyber Physical-Systems(CPS). CPS are engineered systems built from, and depend upon, the seamless integration of computational algorithms and physical components. Security breaches are on the rise, and CPS are challenged by catastrophic damage, which resulted in billions of losses. Security Solutions to the Cyber Physical-Systems that we have are likely to become obsolete. Even though security agents issue new sets of vulnerability indicators and patches to address the security breach, these vulnerability indicators change over time, which is a perpetual process. We argue that any security solution for the Cyber Physical-Systems should be adaptive, based on the type of attacks and their frequency. The security solution should monitor its environment continuously to defend itself from a cyber-attack by modifying its defensive mechanism. We propose a framework for modelling, analyzing and monitoring security attacks (events) in the social, cyber and physical infrastructure realms of CPS. The framework is evaluated using security attack scenarios from a recognized security knowledge repository.

Place, publisher, year, edition, pages
SciTePress, 2023
Series
Proceedings of the International Conference on Information Systems Security and Privacy (ICISSP), E-ISSN 2184-4356
Keywords
Cyber Physical-Systems, Industrial Internet of Things, Security Requirements, Goal Model, Attack Pattern, Domain Assumption
National Category
Computer Sciences
Research subject
Computer and Systems Sciences
Identifiers
urn:nbn:se:su:diva-222629 (URN)10.5220/0011803400003405 (DOI)978-989-758-624-8 (ISBN)
Conference
The 9th International Conference on Information Systems Security and Privacy (ICIISSP 2023), 22–24 February 2023, Lisbon, Portugal
Available from: 2023-10-13 Created: 2023-10-13 Last updated: 2023-10-16Bibliographically approved
Popov, O. & Sukhostat, L. (Eds.). (2022). Cybersecurity for Critical Infrastructure Protection Via Reflection of Industrial Control Systems. IOS Press
Open this publication in new window or tab >>Cybersecurity for Critical Infrastructure Protection Via Reflection of Industrial Control Systems
2022 (English)Conference proceedings (editor) (Other academic)
Place, publisher, year, edition, pages
IOS Press, 2022. p. 202
Series
NATO Science for Peace and Security Series - D: Information and Communication Security, ISSN 1874-6268, E-ISSN 1879-8292 ; 62
National Category
Computer Sciences
Research subject
Computer and Systems Sciences
Identifiers
urn:nbn:se:su:diva-218293 (URN)978-1-64368-332-4 (ISBN)978-1-64368-333-1 (ISBN)
Available from: 2023-06-19 Created: 2023-06-19 Last updated: 2023-10-11Bibliographically approved
Maratsi, M. I., Popov, O., Alexopoulos, C. & Charalabidis, Y. (2022). Ethical and Legal Aspects of Digital Forensic Algorithms: The case of Digital Evidence Acquisition. In: Luís Amaral; Delfina Soares; Lei Zheng; Mário Peixoto; Cristina Braga (Ed.), ICEGOV '22: Proceedings of the 15th International Conference on Theory and Practice of Electronic Governance. Paper presented at ICEGOV 2022: 15th International Conference on Theory and Practice of Electronic Governance, Guimarães, Portugal, 4-7 October, 2022 (pp. 32-40). Association for Computing Machinery (ACM)
Open this publication in new window or tab >>Ethical and Legal Aspects of Digital Forensic Algorithms: The case of Digital Evidence Acquisition
2022 (English)In: ICEGOV '22: Proceedings of the 15th International Conference on Theory and Practice of Electronic Governance / [ed] Luís Amaral; Delfina Soares; Lei Zheng; Mário Peixoto; Cristina Braga, Association for Computing Machinery (ACM) , 2022, p. 32-40Conference paper, Published paper (Refereed)
Abstract [en]

The first step that forensic examiners perform is identifying and acquiring data. Both are among the most critical segments in the forensic process since they are sine qua non for completing the examination and analysis phases. The evidence acquisition must be managed deliberately, ethically, and legally. On many occasions, the outcome of the investigation depends mainly on the relevance and precision of the evidence acquired. The goal of this research is to identify both legal and ethical issues that forensic investigators face during evidence acquisition and to design a framework using design science which recognises and resolves the problems identified. The framework must preserve the forensic soundness of the investigation, overall integrity, effectiveness, and efficiency. The elicitation of the requirements for the framework is based on a literature review and ex-ante expert interviews, while the validation and evaluation of the framework stem from ex-post expert interviews. The designed framework aims to minimise hazardous practices that lead to negative consequences and to effectively align the new technologies in digital forensics with human expertise for improved results during the phase of digital evidence acquisition.

Place, publisher, year, edition, pages
Association for Computing Machinery (ACM), 2022
Keywords
Digital forensics, cyber forensics, security, privacy, cybersecurity, data acquisition, ethical aspects, legal aspects, artificial intelligence, framework
National Category
Computer Sciences
Research subject
Computer and Systems Sciences
Identifiers
urn:nbn:se:su:diva-213552 (URN)10.1145/3560107.3560114 (DOI)2-s2.0-85142603622 (Scopus ID)978-1-4503-9635-6 (ISBN)
Conference
ICEGOV 2022: 15th International Conference on Theory and Practice of Electronic Governance, Guimarães, Portugal, 4-7 October, 2022
Available from: 2023-01-09 Created: 2023-01-09 Last updated: 2023-07-27Bibliographically approved
Iqbal, A., Olegard, J. & Popov, O. (2022). On the Beckhoff PLC Security and Forensic Analysis Using Digital Forensic Evidence-Based Threat (DFET) Modelling. In: Oliver B. Popov; Lyudmila Sukhostat (Ed.), Cybersecurity for Critical Infrastructure Protection via Reflection of Industrial Control Systems: (pp. 108-124). IOS Press
Open this publication in new window or tab >>On the Beckhoff PLC Security and Forensic Analysis Using Digital Forensic Evidence-Based Threat (DFET) Modelling
2022 (English)In: Cybersecurity for Critical Infrastructure Protection via Reflection of Industrial Control Systems / [ed] Oliver B. Popov; Lyudmila Sukhostat, IOS Press , 2022, p. 108-124Chapter in book (Refereed)
Abstract [en]

With the increasing advent of smart buildings and smart cities, the use of Operational Technology (OT) and Industrial control systems (ICSs) has been rising. Recent trends of cyber attacks on OT demand more attention for forensic and security analysis of such environments. As such, in this paper, we examine a widely used PLC, the Beckhoff CX9020 PLC, from a digital forensic perspective. First, we configure the PLC to log as much activity as possible using the available options. Next, we test a set of basic cyber attacks on the PLC. Finally, we devise forensic acquisition and analysis of the system.

Place, publisher, year, edition, pages
IOS Press, 2022
Series
NATO Science for Peace and Security Series - D: Information and Communication Security, ISSN 1874-6268, E-ISSN 1879-8292 ; 62
Keywords
Digital forensics, threat modeling, DFET modeling, industrial control systems, cybersecurity
National Category
Information Systems
Research subject
Computer and Systems Sciences
Identifiers
urn:nbn:se:su:diva-213554 (URN)10.3233/NICSP220040 (DOI)978-1-64368-332-4 (ISBN)978-1-64368-333-1 (ISBN)
Available from: 2023-01-09 Created: 2023-01-09 Last updated: 2023-01-10Bibliographically approved
Popov, O. (2022). Some Aspects of Cybersecurity for Critical Infrastructure Protection Via Reflection of Industrial Control Systems. In: Oliver Popov; Lyudmila Sukhostat (Ed.), Cybersecurity for Critical Infrastructure Protection Via Reflection of Industrial Control Systems: . Paper presented at Cybersecurity for Critical Infrastructure Protection Via Reflection of Industrial Control Systems (pp. 5-9). IOS Press
Open this publication in new window or tab >>Some Aspects of Cybersecurity for Critical Infrastructure Protection Via Reflection of Industrial Control Systems
2022 (English)In: Cybersecurity for Critical Infrastructure Protection Via Reflection of Industrial Control Systems / [ed] Oliver Popov; Lyudmila Sukhostat, IOS Press , 2022, p. 5-9Conference paper, Published paper (Other academic)
Abstract [en]

The Relevance of Cybersecurity

The history and omnipresence of the Internet permeates every sector of human activity today. Its inception echoes the nature of many revolutionary technological innovations, conceived via the intellectual vision found in academic communities and with its basis in government funded projects blended with potential benefits for various military advancements, particularly at the height of the cold war. The information revolution sparked by the Internet generated numerous information services, which evolved to became the critical information infrastructure that is the functional backbone of contemporary society. The sheer enthusiasm found in academic communities for the technology soon met with multiple technical, societal, and policy-making issues, including internal and external regulations and ethical challenges. Many of these, echoed in areas such as governance, sustainability, resilience, security, and privacy, have become perpetual, as indeed they should, in view of the two main directions, human and technological, the values of which and the need for rational balance must be reconsidered by each generation.

Place, publisher, year, edition, pages
IOS Press, 2022
Series
NATO Science for Peace and Security Series - D: Information and Communication Security, ISSN 1874-6268, E-ISSN 1879-8292 ; 62
Keywords
Cybersecurity, critical infrastructure protection, Industrial Control Systems, Cyberthreats, Cyberatacks
National Category
Computer Sciences
Research subject
Computer and Systems Sciences
Identifiers
urn:nbn:se:su:diva-222628 (URN)978-1-64368-333-1 (ISBN)978-1-64368-332-4 (ISBN)
Conference
Cybersecurity for Critical Infrastructure Protection Via Reflection of Industrial Control Systems
Available from: 2023-10-13 Created: 2023-10-13 Last updated: 2023-10-16Bibliographically approved
Bergman, J. & Popov, O. (2022). The Digital Detective's Discourse - A toolset for forensically sound collaborative dark web content annotation and collection. The Journal of Digital Forensics, Security and Law, 17(1), Article ID 5.
Open this publication in new window or tab >>The Digital Detective's Discourse - A toolset for forensically sound collaborative dark web content annotation and collection
2022 (English)In: The Journal of Digital Forensics, Security and Law, ISSN 1558-7215, E-ISSN 1558-7223, Vol. 17, no 1, article id 5Article in journal (Refereed) Published
Abstract [en]

In the last decade, the proliferation of machine learning (ML) algorithms and their application on big data sets have benefited many researchers and practitioners in different scientific areas. Consequently, the research in cybercrime and digital forensics has relied on ML techniques and methods for analyzing large quantities of data such as text, graphics, images, videos, and network traffic scans to support criminal investigations. Complete and accurate training data sets are indispensable for efficient and effective machine learning models. An essential part of creating complete and accurate data sets is annotating or labelling data. We present a method for law enforcement agency investigators to annotate and store specific dark web content. Using a design science strategy, we design and develop tools to enable and extend web content annotation. The annotation tool was implemented as a plugin for the Tor browser. It can store web content, thus automatically creating a dataset of dark web data pertinent to criminal investigations. Combined with a central storage management server, enabling annotation sharing and collaboration, and a web scraping program, the dataset becomes multifold, dynamic, and extensive while maintaining the forensic soundness of the data saved and transmitted. To manifest our toolset's fitness of purpose, we used our dataset as training data for ML based classification models. A five cross-fold validation technique was used to evaluate the classifiers, which reported an accuracy score of 85 - 96%. In the concluding sections, we discuss the possible use-cases of the proposed method in real-life cybercrime investigations, along with ethical concerns and future extensions.

Keywords
digital forensics, dark web, annotation, cybercrime, Tor
National Category
Computer and Information Sciences
Identifiers
urn:nbn:se:su:diva-203570 (URN)10.15394/jdfsl.2022.1740 (DOI)000768186200001 ()
Available from: 2022-04-05 Created: 2022-04-05 Last updated: 2022-04-05Bibliographically approved
Organisations
Identifiers
ORCID iD: ORCID iD iconorcid.org/0000-0001-6176-6817

Search in DiVA

Show all publications