Publications & Demonstrators

All accepted publications from SPARTA partners under its funding as well as videos presenting some of the work done under SPARTA

Publications

Analysis of a Laser-induced Instructions Replay Fault Model in a 32-bit Microcontroller

V. Khuat, J. M. Dutertre and J. L. Danger

In this paper, we present a method to obtain a new Laser Fault Injection (LFI)-induced fault model: replay of instructions on a 32-bit Microcontroller (MCU). This method allows a potential adversary to replay a block of two or four instructions with a fault rate up to 100%. These faults are...More>>

Domains: Laser Fault Injection

The double-edged sword of AI: Ethical Adversarial Attacks to counter artificial intelligence for crime

Choraś, M., Woźniak, M.

Artificial intelligence (AI) has found a myriad of applications in many domains of technology, and more importantly, in improving people’s lives. Sadly, AI solutions have already been utilized for various violations and theft, even receiving the name AI or Crime (AIC). This poses a challenge: are cybersecurity experts thus justified...More>>

Domains: AI, AIC, Ethical Adversarial Attacks

Experimental Analysis of the Electromagnetic Instruction Skip Fault Model and Consequences for Software Countermeasures

Jean-Max Dutertrea, Alexandre Menu, Olivier Potin, Jean-Baptiste Rigaud and Jean-Luc Danger

Microcontrollers storing valuable data or using security functions are vulnerable to fault injection attacks. Among the various types of faults, instruction skips induced at runtime proved to be effective against identification routines or encryption algorithms. Until recently, most research works assessed a fault model that consists in a single instruction...More>>

Domains: Hardware attacks, EM fault injection, Fault model

The proposition of balanced and explainable surrogate method for network intrusion detection in streamed real difficult data

Mateusz Szczepanski, Mikołaj Komisarek, Marek Pawlicki,Rafał KozikMichał Choraś

Handling the data imbalance problem is one of the crucial steps in a machine learning pipeline. The research community is well aware of the effects of data imbalance on machine learning algorithms. At the same time, there is a rising need for explainability of AI, especially in difficult, high-stake domains...More>>

Domains: Machine learning, Explainability, Data imbalance

Preprocessing Pipelines Including Block-Matching Convolutional Neural Network for Image Denoising to Robustify Deep Reidentification against Evasion Attacks

Marek Pawlicki, Ryszard S. Choraś

Artificial neural networks have become the go-to solution for computer vision tasks, including problems of the security domain. One such example comes in the form of reidentification, where deep learning can be part of the surveillance pipeline. The use case necessitates considering an adversarial setting—and neural networks have been shown...More>>

Domains: deep learning; computer vision; adversarial attacks; adversarial defences

Hybroid: Toward Android Malware Detection and Categorization with Program Code and Network Traffic

Mohammad Reza Norouzian, Peng Xu, Claudia Eckert, and Apostolis Zarras

Android malicious applications have become so sophisticated that they can bypass endpoint protection measures. Therefore, it is safe to admit that traditional anti-malware techniques have become cumbersome, thereby raising the need to develop efficient ways to detect Android malware. In this paper, we present Hybroid, a hybrid Android malware detection...More>>

Domains: Android, malware detection, F1-score, AUC

Development of the Information Security Management System Standard for Public Sector Organisations in Estonia

Mari Seeba, Raimundas Matulevičius, and Ilmar Toom

Standardisation gives us a common understanding or processes to do something in a commonly accepted way. In information security management, it means to achieve the appropriate security level in the context of known and unknown risks. Each government’s goal should be to provide digital services to its citizens with the...More>>

Domains: ISMS, Public Sector Organisations

Security Risk Estimation and Management in Autonomous Driving Vehicles

Abasi-amefon O. Affia, Raimundas Matulevičius, and Rando Tõnisson

Autonomous vehicles (AV) are intelligent information systems that perceive, collect, generate and disseminate information to improve knowledge to act autonomously and provide its required services of mobility, safety, and comfort to humans. This paper combines the security risk management (ISSRM) and operationally critical threat, asset, and vulnerability evaluation (OCTAVE allegro) methods...More>>

Domains: Autonomous vehicles, Self-driving cars, Security risk management, ISSRM, OCTAVE, Intelligent information systems

Information Security Analysis in the Passenger-Autonomous Vehicle Interaction

Mariia Bakhtina, Raimundas Matulevičius

Autonomous vehicles (AV) are becoming a part of humans’ everyday life. There are numerous pilot projects of driverless public buses; some car manufacturers deliver their premium-level automobiles with advanced self-driving features. Thus, assuring the security of a Passenger–Autonomous Vehicle interaction arises as an important research topic, as along with opportunities,...More>>

Domains: Autonomous vehicles