Biblio

Reported vulnerabilities have grown significantly over the recent years, with SQL injection (SQLi) being one of the most prominent, especially in web applications. For these, such increase can be explained by the integration of multiple software parts (e.g., various plugins and modules), often developed by different organizations, composing thus web application variants. Machine Learning has the potential to be a great ally on finding vulnerabilities, aiding experts by reducing the search space or even by classifying programs on their own. However, previous work usually does not consider SQLi or utilizes techniques hard to scale. Moreover, there is a clear gap in vulnerability detection with machine learning for PHP, the most popular server-side language for web applications. This paper presents a Deep Learning model able to classify PHP slices as vulnerable (or not) to SQLi. As slices can belong to any variant, we propose the use of an intermediate language to represent the slices and interpret them as text, resorting to well-studied Natural Language Processing (NLP) techniques. Preliminary results of the use of the model show that it can discover SQLi, helping programmers and precluding attacks that would eventually cost a lot to repair.

In light of the progress achieved by the technology sector in the areas of internet speed and cloud services development, and in addition to other advantages provided by the cloud such as reliability and easy access from anywhere and anytime, most data owners find an opportunity to take advantage of the cloud to store data. However, data owners find a challenge that was and is still facing them in the field of outsourcing, which is protecting sensitive data from leakage. Researchers found that partitioning data into partitions, based on data sensitivity, can be used to protect data from leakage and to increase performance by storing the partition, which contains sensitive data in an encrypted form. In this paper, we review the methods used in designing partitions and dividing data approaches. A hybrid data partitioning approach is proposed to improve these techniques. We consider the frequency attack types used to guess the sensitive data and the most important properties that must be available in order for the encryption to be strong against frequency attacks.

Converging Information Technology (IT) and Operations Technology (OT) in modern factories remains a challenging task. Several approaches such as Cloud, Fog or Edge computing aim to provide possible solutions for bridging OT that requires strict real-time processing with IT that targets computing functionality. In this context, this paper contributes to ongoing Fog computing research by presenting three industrial use cases with a specific focus on consolidation of functionality. Each use case exemplifies scenarios on how to use the computational resources closer to the edge of the network provided by a Fog Computing Platform (FCP). All use-cases utilize the same proposed FCP, which allows drawing a set of requirements on future FCPs, e.g. hardware, virtualization, security, communication and resource management. The central element of the FCP is the Fog Node (FN), built upon commercial off-the-shelf (COTS) multicore processors (MCPs) and virtualization support. Resource management tools, advanced security features and state of the art communication protocols complete the FCP. The paper concludes by outlining future research challenges by comparing the proposed FCP with the identified requirements.

Phishing is an act of creating a website similar to a legitimate website with a motive of stealing user's confidential information. Phishing fraud might be the most popular cybercrime. Phishing is one of the risks that originated a couple of years back but still prevailing. This paper discusses various phishing attacks, some of the latest phishing evasion techniques used by attackers and anti-phishing approaches. This review raises awareness of those phishing strategies and helps the user to practice phishing prevention. Here, a hybrid approach of phishing detection also described having fast response time and high accuracy.

This paper presents an initial architecture to manage End-to-End Network Slices which, once deployed, are associated with Security Service Level Agreement(s) to increase the security on the virtual deployed resources and create End-to-End Secure Network Slices. Moreover, the workflows regarding the Network Slicing provisioning and the whole SSLA Lifecycle management is detailed.

Wireless Sensor Network (WSN)is a predominant technology that is widely used in many applications such as industrial sectors, defense, environment, habitat monitoring, medical fields etc., These applications are habitually delegated for observing sensitive and confidential raw data such as adversary position, movement in the battle field, location of personnel in a building, changes in environmental condition, regular medical updates from patient side to doctors or hospital control rooms etc., Security becomes inevitable in WSN and providing security is being truly intricate because of in-built nature of WSN which is assailable to attacks easily. Node involved in WSN need to route the data to the neighboring nodes wherein any attack in the node could lead to fiasco. Of late trust mechanisms have been considered to be an ideal solution that can mitigate security problems in WSN. This paper aims to investigate various existing trust-based Secure Routing (SR) protocols and mechanisms available for the wireless sensing connection. The concept of the present trust mechanism is also analyzed with respect to methodology, trust metric, pros, cons, and complexity involved. Finally, the security resiliency of various trust models against the attacks is also analyzed.

With a storage space limit on the sensors, WSN has some drawbacks related to bandwidth and computational skills. This limited resources would reduce the amount of data transmitted across the network. For this reason, data aggregation is considered as a new process. Iterative filtration (IF) algorithms, which provide trust assessment to the various sources from which the data aggregation has been performed, are efficient in the present data aggregation algorithms. Trust assessment is done with weights from the simple average method to aggregation, which treats attack susceptibility. Iteration filter algorithms are stronger than the ordinary average, but they do not handle the current advanced attack that takes advantage of false information with many compromise nodes. Iterative filters are strengthened by an initial confidence estimate to track new and complex attacks, improving the solidity and accuracy of the IF algorithm. The new method is mainly concerned with attacks against the clusters and not against the aggregator. In this process, if an aggregator is attacked, the current system fails, and the information is eventually transmitted to the aggregator by the cluster members. This problem can be detected when both cluster members and aggregators are being targeted. It is proposed to choose an aggregator which chooses a new aggregator according to the remaining maximum energy and distance to the base station when an aggregator attack is detected. It also save time and energy compared to the current program against the corrupted aggregator node.

In recent years, cross-domain roaming through Wi-Fi is ubiquitous, and the number of roaming users has increased dramatically. It is essential to authenticate users belonging to different institutes to ensure network privacy and security. Existing systems, such as eduroam, have centralized and hierarchical structure on indorse accounts that create privacy and security issues. We have proposed UniRoam, a blockchain-based cross-domain authentication scheme that provides accountability and anonymity without any trusted authority. Unlike traditional centralized approaches, UniRoam provides access authentication for its servers and users to provide anonymity and accountability without any privacy leakage issues efficiently. By using the sovrin identifier as an anonymous identity, we integrate our system with Hyperledger and Intel SGX to authenticate users that preserves both anonymity and trust when the user connects to the network. Therefore, UniRoam is highly “faulted-tolerant” to deal with different attacks and provides an effective solution that can be deployed easily in different environments.

In recent years, there has been a significant increase in network intrusion attacks which raises a great concern from the privacy and security aspects. Due to the advancement of the technology, cyber-security attacks are becoming very complex such that the current detection systems are not sufficient enough to address this issue. Therefore, an implementation of an intelligent and effective network intrusion detection system would be crucial to solve this problem. In this paper, we use deep learning techniques, namely, Convolutional Neural Networks (CNN) and Recurrent Neural Networks (RNN) to design an intelligent detection system which is able to detect different network intrusions. Additionally, we evaluate the performance of the proposed solution using different evaluation matrices and we present a comparison between the results of our proposed solution to find the best model for the network intrusion detection system.

This paper introduces a technique that enhances the capabilities of an intrusion detection system (IDS) in a wireless body area network (WBAN). This technique involves adopting two known machine-learning algorithms: artificial neural network (ANN) and the J48 form of decision trees. The enhanced technique reduces the security threats to a WBAN, such as denial-of-service (DoS) attacks. It is essential to manage noise, which might affect the data gathered by the sensors. In this paper, noise in data is measured because it can affect the accuracy of the machine learning algorithms and demonstrate the level of noise at which the machine-learning model can be trusted. The results show that J48 is the best model when there is no noise, with an accuracy reaching 99.66%, as compared to the ANN algorithm. However, with noisy datasets, ANN shows more tolerance to noise.

The Ad-hoc vehicle networks (VANETs) recently stressed communications and networking technologies. VANETs vary from MANETs in tasks, obstacles, system architecture and operation. Smart vehicles and RSUs communicate through unsafe wireless media. By nature, they are vulnerable to threats that can lead to life-threatening circumstances. Due to potentially bad impacts, security measures are needed to recognize these VANET assaults. In this review paper of VANET security, the new VANET approaches are summarized by addressing security complexities. Second, we're reviewing these possible threats and literature recognition mechanisms. Finally, the attacks and their effects are identified and clarified and the responses addressed together.

Underwater communication is vital for a variety of defence and scientific purposes. Current optical and sonar based carriers can deliver high capacity data rates, but their range and reliability is hampered by heavy propagation loss. A vertical Molecular Communication via Buoyancy (MCvB) channel is experimentally investigated here, where the dominant propagation force is buoyancy. Sequential puffs representing modulated symbols are injected and after the initial loss of momentum, the signal is driven by buoyancy forces which apply to both upwards and downwards channels. Coupled with the complex interaction of turbulent and viscous diffusion, we experimentally demonstrate that sequential symbols exhibit a Gaussian velocity spatial distribution. Our experimental results use Particle Image Velocimetry (PIV) to trace molecular clusters and infer statistical characteristics of their velocity profile. We believe our experimental paper's results can be the basis for long range underwater vertical communication between a deep sea vehicle and a surface buoy, establishing a covert and reliable delay-tolerant data link. The statistical distribution found in this paper is akin to the antenna pattern and the knowledge can be used to improve physical security.

This study focuses on identifying the factors contributing to a sense of personal responsibility that could improve understanding of insecure cybersecurity behavior and guide research toward more effective messaging targeting non-adopting populations. Towards that, we ran a 2(account type) x2(usage scenario) x2(message type) between-group study with 237 United States adult participants on Amazon MTurk, and investigated how the non-adopting population allocates blame, and under what circumstances they blame the end user among the parties who hold responsibility: the software companies holding data, the attackers exposing data, and others. We find users primarily hold service providers accountable for breaches but they feel the same companies should not enforce stronger security policies on users. Results indicate that people do hold end users accountable for their behavior in the event of a breach, especially when the users' behavior affects others. Implications of our findings in risk communication is discussed in the paper.

The Internet of Things (IoT) is a system paradigm that recently introduced, which includes different smart devices and applications, especially, in smart cities, e.g.; manufacturing, homes, and offices. To improve their awareness capabilities, it is attractive to add more sensors to their framework. In this paper, we propose adding a new sensor as a wearable sensor connected wirelessly with a neural network located on the base station (WSNB). WSNB enables the added sensor to refine their labels through active learning. The new sensors achieve an average accuracy of 93.81%, which is 4.5% higher than the existing method, removing human support and increasing the life cycle for the sensors by using neural network approach in the base station.

The rapid deployment of digital systems into all aspects of daily life requires embedding social constructs into the digital world. Because of the complexity of these systems, there is a need for technical support to understand their actions. Social concepts, such as explainability, accountability, and responsibility rely on a notion of actual causality. Encapsulated in the Halpern and Pearl’s (HP) definition, actual causality conveniently integrates into the socio-technical world if operationalized in concrete applications. To the best of our knowledge, theories of actual causality such as the HP definition are either applied in correspondence with domain-specific concepts (e.g., a lineage of a database query) or demonstrated using straightforward philosophical examples. On the other hand, there is a lack of explicit automated actual causality theories and operationalizations for helping understand the actions of systems. Therefore, this paper proposes a unifying framework and an interactive platform (Actual Causality Canvas) to address the problem of operationalizing actual causality for different domains and purposes. We apply this framework in such areas as aircraft accidents, unmanned aerial vehicles, and artificial intelligence (AI) systems for purposes of forensic investigation, fault diagnosis, and explainable AI. We show that with minimal effort, using our general-purpose interactive platform, actual causality reasoning can be integrated into these domains.

Robotics Mobile Ad-hoc Networks (MANETs) are comprised of stations having mobility with no central authority and control. The stations having mobility in Robotics MANETs work as a host as well as a router. Due to the unique characteristics of Robotics MANETs such type of networks are vulnerable to different security attacks. Ad-hoc On-demand Distance Vector (AODV) is a routing protocol that belongs to the reactive category of routing protocols in Robotics MANETs. However, it is more vulnerable to the Black hole (BH) attack that is one of the most common attacks in the Robotics MANETs environment. In this attack during the route disclosure procedure a malicious station promotes itself as a most brief path to the destination as well as after that drop every one of the data gotten by the malicious station. Meanwhile the packets don't reach to its ideal goal, the BH attack turns out to be progressively escalated when a heap of malicious stations attack the system as a gathering. This research analyzed different BH finding as well as removal mechanisms for AODV routing protocol.

Modern industrial control systems (ICS) act as victims of cyber attacks more often in last years. These cyber attacks often can not be detected by classical information security methods. Moreover, the consequences of cyber attack's impact can be catastrophic. Since cyber attacks leads to appearance of anomalies in the ICS and technological equipment controlled by it, the task of intrusion detection for ICS can be reformulated as the task of industrial process anomaly detection. This paper considers the applicability of generative adversarial networks (GANs) in the field of industrial processes anomaly detection. Existing approaches for GANs usage in the field of information security (such as anomaly detection in network traffic) were described. It is proposed to use the BiGAN architecture in order to detect anomalies in the industrial processes. The proposed approach has been tested on Secure Water Treatment Dataset (SWaT). The obtained results indicate the prospects of using the examined method in practice.

The implication of Cyber-Physical Systems (CPS) in critical infrastructures (e.g., smart grids, water distribution networks, etc.) has introduced new security issues and vulnerabilities to those systems. In this paper, we demonstrate that black-box system identification using Support Vector Regression (SVR) can be used efficiently to build a model of a given industrial system even when this system is protected with a watermark-based detector. First, we briefly describe the Tennessee Eastman Process used in this study. Then, we present the principal of detection scheme and the theory behind SVR. Finally, we design an efficient black-box SVR algorithm for the Tennessee Eastman Process. Extensive simulations prove the efficiency of our proposed algorithm.

Blockchain technology is the cornerstone of digital trust and systems' decentralization. The necessity of eliminating trust in computing systems has triggered researchers to investigate the applicability of Blockchain to decentralize the conventional security models. Specifically, researchers continuously aim at minimizing trust in the well-known Public Key Infrastructure (PKI) model which currently requires a trusted Certificate Authority (CA) to sign digital certificates. Recently, the Automated Certificate Management Environment (ACME) was standardized as a certificate issuance automation protocol. It minimizes the human interaction by enabling certificates to be automatically requested, verified, and installed on servers. ACME only solved the automation issue, but the trust concerns remain as a trusted CA is required. In this paper we propose decentralizing the ACME protocol by using the Blockchain technology to enhance the current trust issues of the existing PKI model and to eliminate the need for a trusted CA. The system was implemented and tested on Ethereum Blockchain, and the results showed that the system is feasible in terms of cost, speed, and applicability on a wide range of devices including Internet of Things (IoT) devices.

In the context of insiders, preventive security measures have a high likelihood of failing because insiders ought to have sufficient privileges to perform their jobs. Instead, in this paper, we propose to treat the insider threat by a detective measure that holds an insider accountable in case of violations. However, to enable accountability, we need to create causal models that support reasoning about the causality of a violation. Current security models (e.g., attack trees) do not allow that. Still, they are a useful source for creating causal models. In this paper, we discuss the value added by causal models in the security context. Then, we capture the interaction between attack trees and causal models by proposing an automated approach to extract the latter from the former. Our approach considers insider-specific attack classes such as collusion attacks and causal-model-specific properties like preemption relations. We present an evaluation of the resulting causal models’ validity and effectiveness, in addition to the efficiency of the extraction process.
 

This paper shows how the Xtensa architecture can be attacked with Return-Oriented-Programming (ROP). The presented techniques include possibilities for both supported Application Binary Interfaces (ABIs). Especially for the windowed ABI a powerful mechanism is presented that not only allows to jump to gadgets but also to manipulate registers without relying on specific gadgets. This paper purely focuses on how the properties of the architecture itself can be exploited to chain gadgets and not on specific attacks or a gadget catalog.

Budding technologies like IoT requires minimum latency for performing real-time applications. The IoT devices collect a huge amount of big data and stores in the cloud environment, because of its on-demand services and scalability. But processing the needed information of the IoT devices from the cloud computing environment is found to be time-sensitive one. To eradicate this issue fog computing environment was created which acts an intermediate between the IoT devices and cloud computing environment. The fog computing performs intermediate computation and storage which is needed by IoT devices and it eliminates the drawbacks of latency and bandwidth limitation faced by directly using cloud computing for storage and accessing. The fog computing even though more advantageous it is more exposed to security issues by its architecture. This paper concentrates more on the security issues met by fog computing and the present methods used by the researchers to secure fog with their pros and cons.

With the expansion of Internet of Things (IoT) that relies on heterogeneous, dynamic, and massively deployed devices, device management (DM) (i.e., remote administration such as firmware update, configuration, troubleshooting and tracking) is required for proper quality of service and user experience, deployment of new functions, bug corrections and security patches distribution. Existing industrial DM platforms and approaches do not suit IoT devices and are already showing their limits with a few static home devices (e.g., routers, TV Decoders). Indeed, undetected buggy firmware deployment and manual target device identification are common issues in existing systems. Besides, these platforms are manually operated by experts (e.g., system administrators) and require extensive knowledge and skills. Such approaches cannot be applied on massive and diverse devices forming the IoT. To tackle these issues, our work in an industrial research context proposes to apply autonomic computing to DM platforms operation and impact tracking. Specifically, our contribution relies on automated device targeting (i.e., aiming only suitable devices) and impact-aware DM (i.e., error and anomalies detection preceding patch generalization on all suitable devices of a given fleet). Our solution is composed of three coordinated autonomic loops and allows more accurate and faster irregularity diagnosis, vertical scaling along with simpler IoT DM platform administration. For experimental validation, we developed a prototype that demonstrates encouraging results compared to simulated legacy telecommunication operator approaches (namely Orange).

In this study, it was aimed to recognize the emotional state from facial images using the deep learning method. In the study, which was approved by the ethics committee, a custom data set was created using videos taken from 20 male and 20 female participants while simulating 7 different facial expressions (happy, sad, surprised, angry, disgusted, scared, and neutral). Firstly, obtained videos were divided into image frames, and then face images were segmented using the Haar library from image frames. The size of the custom data set obtained after the image preprocessing is more than 25 thousand images. The proposed convolutional neural network (CNN) architecture which is mimics of LeNet architecture has been trained with this custom dataset. According to the proposed CNN architecture experiment results, the training loss was found as 0.0115, the training accuracy was found as 99.62%, the validation loss was 0.0109, and the validation accuracy was 99.71%.

One important aspect in protecting Cyber Physical System (CPS) is ensuring that the proper control and measurement signals are propagated within the control loop. The CPS research community has been developing a large set of check blocks that can be integrated within the control loop to check signals against various types of attacks (e.g., false data injection attacks). Unfortunately, it is not possible to integrate all these “checks” within the control loop as the overhead introduced when checking signals may violate the delay constraints of the control loop. Moreover, these blocks do not completely operate in isolation of each other as dependencies exist among them in terms of their effectiveness against detecting a subset of attacks. Thus, it becomes a challenging and complex problem to assign the proper checks, especially with the presence of a rational adversary who can observe the check blocks assigned and optimizes her own attack strategies accordingly. This paper tackles the inherent state-action space explosion that arises in securing CPS through developing DeepBLOC (DB)-a framework in which Deep Reinforcement Learning algorithms are utilized to provide optimal/sub-optimal assignments of check blocks to signals. The framework models stochastic games between the adversary and the CPS defender and derives mixed strategies for assigning check blocks to ensure the integrity of the propagated signals while abiding to the real-time constraints dictated by the control loop. Through extensive simulation experiments and a real implementation on a water purification system, we show that DB achieves assignment strategies that outperform other strategies and heuristics.