In the area of control systems, the concept of intelligent control refers to the use of AI techniques to control dynamic systems in process engineering. For example, industrial control systems, robots, unmanned vehicles, among others. One of these techniques is Artificial Neural Networks (ANNs). Traditional applications of ANNs (e.g., identification of objects in images) have been successfully exploited through Adversarial Machine Learning techniques. However, it is not clear if these techniques can be applied against ANNs in control systems and what the consequences of such attacks would be. The latter would be the research questions to be addressed in this project.

Malicious domains refer to web domains that are intentionally created or compromised with the purpose of carrying out malicious activities. These activities can include spreading malware, phishing attacks, distributing malicious content, and conducting various forms of cybercrime.

The goal of this project is to categorize malicious domains in the Costa Rican TLD according to the aforementioned purposes. In this way, exposing the types of (cyber)crimes leveraging .cr domains.

A generic definition of a smart city [1] implies modern technologies typically deployed by public bodies in urban areas with the intent of improving the inhabitants’ quality of life. Deploying such technologies can be costly, requiring the installation of, e.g., monitoring sensors throughout the city, followed by management efforts throughout their lifetime. This is also a limiting approach, since you can only offer the smart city services supported by the sensors that you have deployed. There are numerous situations when a collaborative approach would work better. We can easily imagine a scenario in which there is a need for a certain service (we call this a collaborative service), in a certain area of a city, in a specific time frame, that is not entirely covered by the smart city technology fabric (even if it is, additional information could intuitively increase the usefulness of the service).

Cookies are small pieces of data stored on a user’s web browser by websites they visit. These data files are designed to hold information about the user’s interactions with the website, allowing the site to recognize and remember the user on subsequent visits.

Cookies serve various purposes, such as:

1. Session Management: Cookies help maintain user sessions, allowing websites to remember users as they navigate different pages or perform actions on a site.
2. Personalization: Websites use cookies to remember user preferences and settings, providing a more personalized and efficient browsing experience.
3. Tracking and Analytics: Cookies are often used for tracking user behavior and gathering analytics data. This information helps website owners understand how users interact with their site.
4. Authentication: Cookies can store authentication information, allowing users to stay logged in across multiple visits without having to re-enter their credentials.

It’s important to note that while cookies offer functionality and convenience, concerns have been raised about privacy and security. Some cookies, particularly third-party cookies, can be used for tracking users across different websites, leading to debates around user privacy and the need for regulations to protect individuals online [1].

Security weaknesses in software are the main technical problem in cybersecurity. Its timely identification is key to developing software capable of resisting cyberattacks. Static source code analysis (with large numbers of false positives) and dynamic application analysis (with limited coverage of possible execution paths) have been attempted for decades. This project consists of a type of static analysis that, instead of analyzing the source code, will analyze a textual description of the code generated automatically through AI techniques (e.g., https://denigma.app/). Basically, the idea is to explore to what extent such explanations are useful from a security point of view to detect weaknesses.

Applying security patches is a fundamental stage in vulnerability management. However, it is one of the most complex stages to execute because it generally involves the temporary suspension of services while the patch is applied and, in addition, there is a risk of breaking compatibility with other associated systems. These issues are even more relevant when it comes to critical systems that offer 24/7 service. The idea of this project is to define a methodology to apply security patches, minimizing service suspension time and ensuring compatibility between multiple systems that must be updated.