Abstract

Abstract
Nowadays ransomware attacks have become one of the main problems organizations face. The threat of ransomware attacks, with their capacity to paralyze entire organizations, creates the need to develop a ransomware recovery utility function to help further prepare for the impact of such attacks and enhance the organization's knowledge and perception of risk. This work proposes a ransomware recovery utility function that aims to estimate the impact of a ransomware attack measured in manpower hours till recovery and taking into account different devices and different scenarios.

Abstract
The world economy depends on information systems. Business value resides in the data stored on Information Technology (IT) systems and on the processes run with those data. Malicious actors target these IT systems to extract value out of them using different cyberattacks. Denial of Service (DoS) attacks are a common and harmful method to render IT systems connected to the Internet and, consequently, business processes running on top of them, unavailable. Cybersecurity researchers in the industry and academia are in search of early warning and detection systems to detect and mitigate these DoS attacks. This article proposes a novel early detection strategy for DoS attacks based on the information provided by Horizontal Visibility Graphs (HVG) and Natural Visibility Graphs (VG) obtained out of the network flows monitored at the receiving end of the attack. From the primary results obtained, this strategy can detect a DoS attack under 70ms and 30 packets. These results point out that the application HVGs and VGs is a relevant and promising research direction to prevent or mitigate the impact of a DoS attack.

Abstract
Information systems depend on security mechanisms to detect and respond to cyber-attacks. One of the most frequent attacks is the Distributed Denial of Service (DDoS): it impairs the performance of systems and, in the worst case, leads to prolonged periods of downtime that prevent business processes from running normally. To detect this attack, several supervised Machine Learning (ML) algorithms have been developed and companies use them to protect their servers. A key stage in these algorithms is feature pre-processing, in which, input data features are assessed and selected to obtain the best results in the subsequent stages that are required to implement supervised ML algorithms. In this article, an innovative approach for feature selection is proposed: the use of Visibility Graphs (VGs) to select features for supervised machine learning algorithms used to detect distributed DoS attacks. The results show that VG can be quickly implemented and can compete with other methods to select ML features, as they require low computational resources and they offer satisfactory results, at least in our example based on the early detection of distributed DoS. The size of the processed data appears as the main implementation constraint for this novel feature selection method.

Abstract

Abstract
Clustering of source code is a technique that can help improve feedback in automated program assessment. Grouping code submissions that contain similar mistakes can, for instance, facilitate the identification of students' difficulties to provide targeted feedback. Moreover, solutions with similar functionality but possibly different coding styles or progress levels can allow personalized feedback to students stuck at some point based on a more developed source code or even detect potential cases of plagiarism. However, existing clustering approaches for source code are mostly inadequate for automated feedback generation or assessment systems in programming education. They either give too much emphasis to syntactical program features, rely on expensive computations over pairs of programs, or require previously collected data. This paper introduces an online approach and implemented tool-AsanasCluster-to cluster source code submissions to programming assignments. The proposed approach relies on program attributes extracted from semantic graph representations of source code, including control and data flow features. The obtained feature vector values are fed into an incremental k-means model. Such a model aims to determine the closest cluster of solutions, as they enter the system, timely, considering clustering is an intermediate step for feedback generation in automated assessment. We have conducted a twofold evaluation of the tool to assess (1) its runtime performance and (2) its precision in separating different algorithmic strategies. To this end, we have applied our clustering approach on a public dataset of real submissions from undergraduate students to programming assignments, measuring the runtimes for the distinct tasks involved: building a model, identifying the closest cluster to a new observation, and recalculating partitions. As for the precision, we partition two groups of programs collected from GitHub. One group contains implementations of two searching algorithms, while the other has implementations of several sorting algorithms. AsanasCluster matches and, in some cases, improves the state-of-the-art clustering tools in terms of runtime performance and precision in identifying different algorithmic strategies. It does so without requiring the execution of the code. Moreover, it is able to start the clustering process from a dataset with only two submissions and continuously partition the observations as they enter the system.