|
|
 |
Hybrid Event
|
| Papers |
N. Sadat, N. Caporusso (Northern Kentucky University, Highland Heights, United States), M. Doan (IMT - Institute for Advanced Studies, Lucca, Italy), V. Ghimire, B. Dhungana, J. Shrestha Lama (Northern Kentucky University, Highland Heights, United States)
Analysis of the Content of ChatGPT's Memory: Types of Information, Security Implications, and User Perception 
OpenAI's new "memory" feature enables ChatGPT to provide more personalized and relevant interactions by storing user information from the prompts and using it across conversations. As this new functionality is relatively new, several aspects need to be addressed, including the type of information considered relevant by ChatGPT. Also, while offering improved responses, the memory feature poses privacy and security challenges. This paper reports a three-fold study investigating ChatGPT's memory feature in more detail. First, we utilized the Knowledge-Attitude-Behavior (KAB) model and distributed a survey to over 150 users to assess their awareness of ChatGPT's memory functionality, attitudes toward privacy implications, and the behavioral changes prompted by perceived risks. Secondly, memory content from over 50 user accounts was analyzed to evaluate the accuracy, relevance, and privacy of the stored data. Finally, we studied the distribution of the stored data across key categories to obtain insights into what kind of information ChatGPT considers relevant and stores. The findings reveal gaps in user understanding of the memory feature, the need for greater transparency, and the challenges of personalizing LLM agents while safeguarding privacy.
|
J. Pivar, D. Suša Vugec (Faculty of Economics & Business, Zagreb, Croatia)
Cyber Incident Landscape and Profiling: Exploring Patterns, Motives, and Impacts through EuRepoC Data"
Cyber incidents present a significant challenge faced by organizations and information systems. Given the increasing number of threats and attacks targeting critical data, the analysis and management of cyber incidents become crucial in mitigating negative consequences on business operations, privacy, and security. The goal of this paper is two-fold: i) to conduct the lanscape of cyber incidents in order to describe the structure of perpetrators, the temporal distribution of cyber incidents, motives, targets, and responses to cyber incidents, and ii) to detect clusters of cyber incidents for the purpose of profiling them. In order to to so, an analysis of data from the European Repository of Cyber Incidents – EuRepoC regarding cyber incidents since 2000 will be conducted using descriptive statistics and cluster analysis. The data contains 3394 incidents described in media articles. Cyber incidents are described using attributes grouped into six categories: Metadata, Technical Data, Political Data, Legal Data, Attribution Data, and Indices of Cyber Intensity and Impact, along with Indices of intensity and impact of cyber incidents.
|
I. Kovačević, F. Katulić, M. Mamut (CyberArrange Security Solutions j.d.o.o., Gabonjin, Croatia), S. Groš (University of Zagreb, Faculty of Electrical Engineering and Computing, Zagreb, Croatia)
Survey of Open Source Technologies for Building Cyber Ranges for Exercises and Trainings
Cyber ranges (CRs) are critical platforms for training and research in the field of cybersecurity. They provide simulated environments that replicate real-world network conditions and attack scenarios. This paper provides an overview of current open source technologies suitable for implementing CRs for exercises and trainings, including open source CRs, virtualization platforms, and orchestration tools. The study evaluates open source CRs based on capabilities, training methods, and provided simulation features. In addition, the paper discusses criteria for selecting technologies and their interoperability. The findings serve as a quick reference guide for organizations aiming to build customizable and cost effective CRs utilizing open source solutions.
|
A. Udal, J. Kaugerand, I. Astrov, H. Mõlder (Tallinn University of Technology, Tallinn, Estonia), K. Koit (Estonian Maritime Academy at Tallinn University of Technology, Tallinn, Estonia)
Model-Enhanced Control for Cyber-Physical Security: Simulation of Model-Based Navigation of an Environment-Coupled Watercraft Under Disrupted Global Positioning Conditions
One growing type of cyber-attacks is the jamming of Global Navigation Satellite Systems (GNSS). This seriously disrupts modern transport, which increasingly relies on GNSS data. One way to protect GNSS-dependent vehicles from cyber-physical attacks is the control based on mathematical models, which reduces the need for a constant stream of GNSS data.
In the marine technologies, the navigation based on hydrodynamic ship models has been underestimated so far. On-board model-based navigation can improve fuel efficiency, help choose optimal and safe movement trajectories, and ensure disturbance tolerance of watercraft control. In the present numerical study we use a practical 3-DOF (Degrees Of Freedom) model for a real catamaran autonomous vessel “Nymo”. To ensure the usability of model-based navigation in a real environment, the ship model is supplemented with models of environmental effects such as wind and sea currents. Discussed simulation examples evaluate the accuracy of model-based navigation when traveling distances of several kilometers in a situation where local compass readings are accurate, but global positioning coordinates are corrupted due to a cyber-attack or technical failure. In addition, calculation examples evaluate the maximum permissible environmental effects according to the performance of the ship's engines and analyze the effect of non-linear water resistance.
|
I. Cindrić, M. Jurčević (University of Zagreb Faculty of Electrical Engineering and Computing, Zagreb, Croatia), T. Hadjina (Končar - Digital Ltd., Zagreb, Croatia)
Operational Technology Sandbox Environment for Malware Detection
Operational Technology Sandbox Environment for Malware Detection
The paper discusses the drawbacks and challenges of using virtual environments to analyze malware and how these challenges can be circumvented using physical systems.
A sandbox environment is a restricted, controlled execution environment that prevents potentially malicious software from accessing system resources other than those for which the software is authorized. This can be used to analyze the behavior of a file and determine whether it contains malware.
A sandbox can be created with virtual environments, physical environments or a combination of both.
OT (Operational Technology) sandbox must contain processes that simulate a real industrial environment, e.g. industrial communication protocols, SCADA systems, end-point devices such as PLCs and/or relays, remote connections and network management devices.
Furthermore, to capture and analyze the traffic of such a system, various tools for network analysis, memory analysis, registry analysis, log analysis and process analysis must be used.
The paper also discusses the benefits of using a physical computer for sandbox environment.
We propose a solution that combines physical and software elements, both open-source and customized, to create an industrial sandbox environment that has the necessary characteristics of a real industrial environment in which malware can be tested
|
I. Tomicic (Faculty of Organization and Informatics, Varaždin, Croatia)
Penetration Testing Roadmap for NIS2 Compliance in SMEs
The Network and Information Security Directive 2 (NIS2), adopted by the European Union, introduces significant updates to cybersecurity requirements for essential and important entities, including Small and Medium-sized Enterprises (SMEs) in critical sectors. While penetration testing (pentesting) is a common practice in various compliance frameworks such as ISO 27001, NIS2 mandates a more nuanced approach tailored to the Directive’s emphasis on operational continuity, supply chain resilience, and sector-specific risk management. This paper proposes a comprehensive roadmap for SMEs to execute penetration tests aligned specifically with NIS2 requirements, distinguishing them from standard pentesting methodologies
|
G. Ajvazi, J. Ajdari, X. Zenuni (Faculty of Contemporary Sciences and Technologies, Tetovo, Macedonia)
AWS and Cloud Data Center Security: Challenges and Mitigation Strategies
Amazon Web Services is a leader in cloud solutions, but its broad use has created substantial security threats. These include cyber threats, misconfigurations, data breaches, insecure APIs, and risks associated with publicly available AMIs. Furthermore, regulatory compliance issues in industries such as finance, healthcare, and government impede secure operations.
Despite AWS's comprehensive security tools, there are still gaps in determining the effectiveness of mitigating actions for these vulnerabilities. This study investigates these difficulties, identifies their core causes, and evaluates the current risk-mitigation measures used in AWS systems.
The study assesses various methods, including encryption, multi-factor authentication, intrusion detection system, and AI-driven threat detection. It also looks into emerging ways for proactively managing hazards, such as combining blockchain technology with adaptive machine learning algorithms. This research aims to identify the main security concerns that AWS faces, evaluate the efficiency of current solutions, and investigate innovative risk-management measures.
The purpose is to identify major threats, assess how well current measures address them, and give actionable suggestions to IT experts. The research aims to improve AWS security standards by combining theoretical insights with real-world implementations, opening the way for resilient and flexible cloud systems that meet the demands of an increasingly digital world.
|
M. Korium , J. Moualeu, M. Ullah, A. Narayanan, P. Nardelli (LUT University, Lappeenranta, Finland)
Intrusion Detection System for Internet of Things Using Image Classification
The Internet of Things (IoT) is a fast-moving technology that is gradually being integrated into our daily lives. As communication protocols and network technologies evolve, the vulnerability of IoT devices to cyberattacks also increases, fueling the need to address this pressing problem. In this work, we propose an intrusion detection system based on a residual neural network with inductive transfer learning. This learning approach is designed to detect cyberattacks on IoT devices by visually encoding the CIC-IoT-2023 dataset from multivariate numerical data to visual formats (images). Extensive numerical experiments are carried out using the well-known dataset CICIoT-2023, which consists of 34 classes. Furthermore, the ensuing results demonstrate the effectiveness of our proposed solution, which achieves an accuracy of 99.35% with a latency of 70.9 ms, a detection time of 99.6 s for the entire dataset, and executes 316.82 predictions per second, outperforming existing solutions in terms of the ability to distinguish between the 34 classes of IoT cyberattacks while reducing overfitting.
|
D. Tuličić, P. Grd, I. Tomičić (Faculty of Organization and Informatics, Varaždin, Croatia)
Learning Digital Forensics through the Development of a Forensic Image Dataset and a Web Portal
In general, it can be accepted that digital forensics, as a part of forensic science, is a research-oriented discipline that requires a creative mindset and deep knowledge of computer systems. Creativity and knowledge enable investigators to always stay one step ahead of perpetrators of criminal offenses who use computer systems to commit crimes or when a computer contains evidence of traditional criminal activities. To encourage such a creative and investigative approach among students in the Digital Forensics course at the higher education institution, students were assigned the task of creating forensic images of simulated cases. These images were later exchanged and analyzed without prior knowledge of their authorship. Additionally, the goal of this approach was to establish a repository of forensic images at the higher education institution, which would be accessible to the broader educational and scientific community. At the end of the semester, an anonymous survey using a Likert scale was conducted to assess the effectiveness of the method. The results indicate that students perceive this approach as beneficial for understanding the methods and tools applied in digital investigations.
|
M. Dragošević, D. Topolčić, K. Hausknecht ( INsig2 d.o.o., Zagreb, Croatia), D. Delija (Tehničko veleučilište Zagreb, Zagreb, Croatia)
Enhancing Digital Forensics Through Machine Learning Algorithms for Detecting Illicit Bitcoin Transactions in Blockchain Analysis
The increased adoption of cryptocurrency poses new challenges in the battle against illicit activities on blockchain-based networks, especially in the Bitcoin network. Digital forensics has been pivotal in finding and analyzing different forms of illicit activities in blockchain networks and consequently provides useful tools for combating crimes associated with cryptocurrencies. The application of machine learning offers a promising avenue to automate and accelerate these forensic procedures, enabling faster and more accurate identification of illicit activities within blockchain networks. This paper addresses the problem of illicit Bitcoin transactions detection using machine learning algorithms on the Elliptic++ dataset, which is the largest labelled Bitcoin transaction dataset publicly available, to classify transactions for any illegal actions. Through feature selection and hyperparameter tuning, the performance of classifiers such as Logistic Regression, Random Forest, Multilayer Perceptron, XGBoost, and their ensemble combinations has been systematically evaluated and compared. Demonstrating high classification accuracy, these models can be deemed effective in detecting fraud on the Bitcoin network and helping forensic experts in advancing procedures within blockchain forensics.
|
N. Nelufule, D. Shadung, P. Senamela (Council for Scientific and Industrial Research - CSIR, Pretoria , South Africa)
Future Trends in AI for Cybersecurity and Digital Forensics: A Systematic Literature Survey
The Fourth Industrial Revolution has brought many opportunities, including the integration of artificial intelligence technologies into cybersecurity and digital forensics. This integration represents a transformative change in how organizations protect their digital assets and investigate their cybersecurity incidents. As cyber threats become increasingly sophisticated, traditional security measures often fail, necessitating the adoption of advanced AI-driven solutions. This paper presents a systematic literature survey that explored future trends in artificial intelligence applications in these critical domains, focusing on their potential to improve threat detection, automate incident response, and improve the efficiency of forensic investigations. The survey has identified some key challenges associated with the deployment of Artificial Intelligence technologies, including ethical considerations, data privacy issues, and the complexities of integration into existing systems. The findings from this survey paper have revealed a growing reliance on artificial intelligence for real-time threat detection and response, highlighting its effectiveness in identifying anomalies and predicting potential breaches before they escalate into significant incidents. The findings of this survey also emphasized the importance of developing robust frameworks to address the ethical implications of the use of artificial intelligence, which helps to ensure transparency and accountability in artificial intelligence-driven decision-making processes.
|
N. Nelufule (Council for Scientific and Industrial Research - CSIR, Pretoria , South Africa)
The Impact of Human Aspects of Information and Cybersecurity: A Systematic Literature Survey
In a rapidly evolving digital landscape, the importance of cybersecurity has increased. This is driven by the increasing frequency of sophisticated emerging cyberthreats. Despite the deployment of advanced security technologies in critical security environments, the human error continues to be one of the leading causes of cybersecurity breaches. Research findings have indicated that a significant percentage of cybersecurity incidents are linked to human errors, such as falling victim to phishing attacks, mishandling sensitive information, and neglecting basic cybersecurity protocols. This alarming trend underscores the need for organizations to prioritize the human factor in their cybersecurity frameworks. This survey paper explores the multifaceted impact of human aspects on information and cybersecurity, emphasizing the critical need to understand and address human behaviors, attitudes, and cultural dynamics that contribute to cybersecurity vulnerabilities. The primary objective of this survey paper is to illuminate the ways in which human behavior can affect cybersecurity outcomes, providing organizations with actionable insights to improve their cybersecurity strategies. One of the key findings of this survey paper is the profound influence of organizational culture on an employee behavior regarding cybersecurity practices. These organizational cultures highlight the importance of cultivating an environment in which cybersecurity is viewed as a collective responsibility rather than an individual burden.
|
E. MOLLAKUQE (Kadir Has Univeristy, istanbul, Turkey), R. Bunjaku (AAB College, PRISTINA, Kosovo)
Exploring Secure Programming through Functional Paradigms - a Study of Haskell and the Serpent Encryption Algorithm
This research explores the application of functional programming paradigms in Haskell to enhance the security and efficiency of cryptographic implementations, focusing specifically on the Serpent encryption algorithm. We conducted a comparative analysis of the Serpent algorithm's implementation in Haskell and C, evaluating performance metrics such as execution time, memory usage, and code simplicity. The Haskell implementation achieved an average execution time of 15.2 milliseconds for a 1 MB data block, compared to 22.4 milliseconds for the C implementation, demonstrating a 32% performance improvement. Additionally, memory usage was significantly lower, with the Haskell version consuming approximately 120 KB versus 180 KB for the C version. Security analysis revealed that the Haskell implementation exhibited a reduced vulnerability to common risks, including buffer overflows, with a vulnerability score of 2.5 out of 10 compared to 5.8 for the C implementation. Developers reported a clearer reasoning process regarding security properties due to Haskell's strong typing and immutability, which facilitated adherence to security protocols and improved user privacy. While challenges were encountered, including the complexity of Haskell's abstractions and the need for precise performance comparisons, the findings substantiate the hypotheses that functional programming enhances the security and efficiency of cryptographic applications. This study lays the groundwork for future research into the benefits of functional programming in secure software development.
|
M. Li, X. Ye, S. Manoharan (University of Auckland, Auckland, New Zealand)
Anonymizing Driver and Motor Vehicle Records for Secure Analysis
The collection and analysis of driver and motor vehicle records are vital for transportation research, policy-making, and safety improvements. However, these records often contain sensitive personal information, such as names, addresses, and vehicle identification numbers, which raises significant privacy concerns.
This paper explores techniques for anonymizing driver and motor vehicle data to protect privacy while supporting secure and effective analysis. The primary objective is to develop and implement a robust data anonymization methodology that fully anonymizes sensitive information while preserving data utility for analytical purposes. Simulated datasets serve as a testing environment for refining various anonymization techniques, including data masking, pseudonymization, and data swapping. Each method is applied to maximize data protection while maintaining analytical value. The findings demonstrate that sensitive data can be anonymized to meet privacy standards without sacrificing meaningful analysis. Additionally, it highlights the need to balance privacy with data accessibility for researchers and policymakers, along with addressing potential challenges and best practices in the field.
|
K. Boras (Faculty of Electrical Engineering and Computing, Zagreb, Croatia)
Post-Quantum Cryptography in Secure Instant Messaging Protocols
Classical cryptographic primitives such as RSA or Diffie-Hellman key exchange are based on computationally difficult mathematical problems for the solution of which no efficient algorithms are known. However, with the advent of practical quantum computers, quantum algorithms can be used to easily solve these problems and break the security of these algorithms. For this reason, post-quantum algorithms are being rapidly developed, evaluated, and optimized to resist quantum attacks in the hope that they will be used in secure instant messaging protocols such as the Signal protocol, in addition to other secure network protocols. This literature review provides an overview of efforts to develop quantum-resistant primitives for secure instant messaging protocols, with a particular focus on the Signal protocol.
|
M. Kuštelega, R. Mekovec (Sveučilište u Zagrebu Fakultet organizacije i informatike , Varaždin, Croatia)
Zabrinutost studenata za privatnost prilikom korištenja sustava za e-učenje
Sustavi za e-učenje prikupljaju ogromne količine podataka o korisnicima, stoga u kontekstu visokog obrazovanja, gdje se ovi sustavi koriste najviše, pitanja vezana uz korisničku zabrinutost za njihovu privatnost postaju sve relevantnija. Ovo istraživanje ima za cilj ispitati percipiranu zabrinutost studenata za njihovu privatnost prilikom korištenja sustava za e-učenje, promatrajući pritom njihovu percepciju kontrole nad osobnim podacima, rizika, povjerenja i ponašanje vezano uz zaštitu privatnosti. U istraživanju provedenom nad 172 ispitanika različitih studijskih usmjerenja na prijediplomskoj razini, korišten je SPICE upitnik za ispitivanje njihove percepcije korištenja Moodle sustava za e-učenje. Rezultati su pokazali da studenti imaju značajnu razinu povjerenja u visoko obrazovne institucije, pritom iskazujući umjerenu razinu zabrinutosti za privatnost. Nadalje, postoji snažna korelacija između percipiranih rizika privatnosti i zabrinutosti studenata za privatnost, kao i percipiranih rizika privatnosti i ponašanja studenata vezanih uz zaštitu privatnosti. Što se tiče razlika kod demografskih karakteristika značajnija razlika identificirana je kod spola gdje se pokazalo da u aspektu e učenja ispitanici ženskog spola iskazuju veće povjerenje u mogućnost kontrole nad privatnošću.
|
|
Basic information:
Chairs:
Stjepan Groš (Croatia), Tonimir Kišasondi (Croatia)
Steering Committee:
Marin Golub (Croatia), Krešimir Grgić (Croatia), Miljenko Mikuc (Croatia), Toni Perković (Croatia), Marin Vuković (Croatia), Drago Žagar (Croatia)
Program Committee:
Stjepan Groš (Croatia), Tihomir Katulić (Croatia), Tonimir Kišasondi (Croatia), Dejan Škvorc (Croatia), Boris Vrdoljak (Croatia)
Registration / Fees:
|
REGISTRATION / FEES
|
Price in EUR
|
EARLY BIRD
Up to 23 May 2025 |
REGULAR
From 24 May 2025 |
| Members of MIPRO and IEEE |
270 |
297 |
| Students (undergraduate and graduate), primary and secondary school teachers |
150 |
165 |
| Others |
300 |
330 |
The student discount doesn't apply to PhD students.
NOTE FOR AUTHORS: In order to have your paper published, it is required that you pay at least one registration fee for each paper. Authors of 2 or more papers are entitled to a 10% discount.
Contact:
Stjepan Gros
University of Zagreb
Faculty of Electrical Engineering and Computing
Unska 3
HR-10000 Zagreb, Croatia
E-mail: stjepan.gros@fer.hr
The best papers will get a special award.
Accepted papers will be published in the ISSN registered conference proceedings. Papers in English presented at the conference will be submitted for inclusion in the IEEE Xplore Digital Library.
Location:
 Opatija is the leading seaside resort of the Eastern Adriatic and one of the most famous tourist destinations on the Mediterranean. With its aristocratic architecture and style, Opatija has been attracting artists, kings, politicians, scientists, sportsmen, as well as business people, bankers and managers for more than 180 years.
The tourist offer in Opatija includes a vast number of hotels, excellent restaurants, entertainment venues, art festivals, superb modern and classical music concerts, beaches and swimming pools – this city satisfies all wishes and demands.
Opatija, the Queen of the Adriatic, is also one of the most prominent congress cities in the Mediterranean, particularly important for its ICT conventions, one of which is MIPRO, which has been held in Opatija since 1979, and attracts more than a thousand participants from over forty countries. These conventions promote Opatija as one of the most desirable technological, business, educational and scientific centers in South-eastern Europe and the European Union in general.
For more details, please visit www.opatija.hr and visitopatija.com.
|
|
|
|
| Currently there are no news |
|
|
|
|
|