Biblio

Web services are growing demand with fundamental advancements and have given more space to researchers for improving security of all real world applications. Accessing and get authenticated in many applications on web services, user discloses their password and other privacy data to the server for authentication purposes. These shared information should be maintained by the server with high security, otherwise it can be used for illegal purposes for any authentication breach. Protecting the applications from various attacks is more important. Comparing the security threats, insider attacks are most challenging to identify due to the fact that they use the authentication of legitimate users and their privileges to access the application and may cause serious threat to the application. Insider attacks has been studied in previous researchers with different security measures, however there is no much strong work proposed. Various security protocols were proposed for defending insider attackers. The proposed work focused on insider attack protection through Elgamal cryptography technique. The proposed work is much effective on insider attacks and also defends against various attacks. The proposed protocol is better than existing works. The key computation cost and communication cost is relatively low in this proposed work. The proposed work authenticates the application by parallel process of two way authentication mechanism through Elgamal algorithm.

Nowadays, smart cities (SCs) use technologies and different types of data collected to improve the lifestyles of their citizens. Indeed, connected smart vehicles are technologies used for an SC’s intelligent traffic monitoring systems (ITMSs). However, most proposed monitoring approaches do not consider realtime monitoring. This paper presents real-time data processing for an intelligent traffic monitoring dashboard using the Hadoop ecosystem dashboard components. Many data are available due to our proposed monitoring approach, such as the total number of vehicles on different routes and data on trucks within a radius (10KM) of a specific point given. Based on our generated data, we can make real-time decisions to improve circulation and optimize traffic flow.

XAI with natural language processing aims to produce human-readable explanations as evidence for AI decision-making, which addresses explainability and transparency. However, from an HCI perspective, the current approaches only focus on delivering a single explanation, which fails to account for the diversity of human thoughts and experiences in language. This paper thus addresses this gap, by proposing a generative XAI framework, INTERACTION (explain aNd predicT thEn queRy with contextuAl CondiTional varIational autO-eNcoder). Our novel framework presents explanation in two steps: (step one) Explanation and Label Prediction; and (step two) Diverse Evidence Generation. We conduct intensive experiments with the Transformer architecture on a benchmark dataset, e-SNLI [1]. Our method achieves competitive or better performance against state-of-the-art baseline models on explanation generation (up to 4.7% gain in BLEU) and prediction (up to 4.4% gain in accuracy) in step one; it can also generate multiple diverse explanations in step two.

In this modern era, web security is often required to beware from fraudulent activities. There are several hackers try to build a program that can interact with web pages automatically and try to breach the data or make several junk entries due to that web servers get hanged. To stop the junk entries; CAPTCHA is a solution through which bots can be identified and denied the machine based program to intervene with. CAPTCHA stands for Completely Automated Public Turing test to tell Computers and Humans Apart. In the progression of CAPTCHA; there are several methods available such as distorted text, picture recognition, math solving and gaming based CAPTCHA. Game based turing test is very much popular now a day but there are several methods through which game can be cracked because game is not intellectual. So, there is a required of intrinsic CAPTCHA. The proposed system is based on Intrinsic Decision based Situation Reaction Challenge. The proposed system is able to better classify the humans and bots by its intrinsic problem. It has been considered as human is more capable to deal with the real life problems and machine is bit poor to understand the situation or how the problem can be solved. So, proposed system challenges with simple situations which is easier for human but almost impossible for bots. Human is required to use his common sense only and problem can be solved with few seconds.

Phishing emails are becoming more and more sophisticated, making current detection techniques ineffective. The reporting of phishing emails from users is, thus, crucial for organizations to detect phishing attacks and mitigate their effect. Despite extensive research on how the believability of a phishing email affects detection rates, there is little to no research about the relationship between the believability of a phishing email and the associated reporting rate. In this work, we present a controlled experiment with 446 subjects to evaluate how the reporting rate of a phishing email is linked to its believability and detection rate. Our results show that the reporting rate decreases as the believability of the email increases and that around half of the subjects who detect the mail as phishing, have an intention to report the email. However, the group intending to report an email is not a subset of the group detecting the mail as phishing, suggesting that reporting is still a concept misunderstood by many.

In this work different Meta-heuristic Techniques have been endeavored for addressing the Security Constrained Optimal Power Flow (SCOPF) and Optimal Power Flow (OPF)problem for minimizing the total fuel cost of the system. Here four meta-heuristics i.e. Genetic Algorithm (GA), Big Bang-Big Crunch Algorithm (BBBC), Shuffled Frog Leap Algorithm (SFLA) and Jaya Algorithms (JA) have been discussed. The problem was simulated on IEEE 30 bus standard test system under MATLAB environment. The simulation results show that JA outperforms GA, SFLA, and BBBC in terms of overall cost and computational time.

Recent concepts in defense herald an increasing degree of automation of future military systems, with an emphasis on accelerating sensing-to-decision loops at the tactical edge, reducing their network communication footprint, and improving the inference quality of intelligent components in the loop. These requirements pose resource management challenges, calling for operating-system-like constructs that optimize the use of limited computational resources at the tactical edge. This paper describes these challenges and presents IoBT-OS, an operating system for the Internet of Battlefield Things that aims to optimize decision latency, improve decision accuracy, and reduce corresponding resource demands on computational and network components. A simple case-study with initial evaluation results is shown from a target tracking application scenario.

DDoS is a major issue in network security and a threat to service providers that renders a service inaccessible for a period of time. The number of Internet of Things (IoT) devices has developed rapidly. Nevertheless, it is proven that security on these devices is frequently disregarded. Many detection methods exist and are mostly focused on Machine Learning. However, the best method has not been defined yet. The aim of this paper is to find the optimal volumetric DDoS attack detection method by first comparing different existing machine learning methods, and second, by building an adaptive lightweight heuristics model relying on few traffic attributes and simple DDoS detection rules. With this new simple model, our goal is to decrease the classification time. Finally, we compare machine learning methods with our adaptive new heuristics method which shows promising results both on the accuracy and performance levels.

Fully homomorphic encryption technologies allow you to operate on encrypted data without disclosing it, therefore they have a lot of potential for solving personal data storage and processing issues. Because of the increased interest in these technologies, various software tools and libraries that allow completely homomorphic encryption have emerged. However, because this subject of cryptography is still in its early stages, standards and recommendations for the usage of completely homomorphic encryption algorithms are still being developed. The paper presents the main areas of application of homomorphic encryption. The analysis of existing developments in the field of homomorphic encryption is carried out. The analysis showed that existing library implementations do not support the division and subtraction operation. The analysis revealed the need to develop a library of fully homomorphic encryption, which allows performing all mathematical operations on them (addition, difference, multiplication and division), as well as the relevance of developing its own implementation of a library of homomorphic encryption on integers. Then, implement the development of a fully homomorphic encryption library in C++ and on an ESP 32 microcontroller. The ability to perform four operations (addition, difference, multiplication and division) on encrypted data will expand the scope of application of homomorphic encryption. A method of homomorphic division and subtraction is proposed that allows performing the division and subtraction operation on homomorphically encrypted data. The level of security, the types of operations executed, the maximum length of operands, and the algorithm's running time are all described as a consequence of numerical experimentation with parameters.

Wireless-fidelity (Wi-Fi) and Bluetooth are examples of modern wireless communication technologies that employ radio waves as the primary channel for data transmission. but it ought to find alternatives over the limitation and interference in the radio frequency (RF) band. For viable alternatives, visible light communication (VLC) technology comes to play as Light Fidelity (Li-Fi) which uses visible light as a channel for delivering very high-speed communication in a Wi-Fi way. In terms of availability, bandwidth, security and efficiency, Li-Fi is superior than Wi-Fi. In this paper, we present a Li-Fi-based indoor communication system. prototype model has been proposed for single user scenario using visible light portion of electromagnetic spectrum. This system has been designed for audio data communication in between the users in transmitter and receiver sections. LED and photoresistor have been used as optical source and receiver respectively. The electro-acoustic transducer provides the required conversion of electrical-optical signal in both ways. This system might overcome problems like radio-frequency bandwidth scarcity However, its major problem is that it only works when it is pointed directly at the target.

The design of efficient and secure cryptographic algorithms is a fundamental problem of cryptography. Due to the tight cost and constrained resources devices such as Radio-Frequency IDentification (RFID), wireless sensors, smart cards, health-care devices, lightweight cryptography has received a great deal of attention. Recent research mainly focused on designing optimized cryptographic algorithms which trade offs between security performance, time consuming, energy consumption and cost. In this paper, we present two chaotic stream ciphers based on chaos and we report the results of a comparative performance evaluation study. Compared to other crypto-systems of the literature, we demonstrate that our designed stream ciphers are suitable for practical secure applications of the Internet of Things (IoT) in a constrained resource environment.

This work proposed a unified approach to increase the explainability of the predictions made by Convolution Neural Networks (CNNs) on medical images using currently available Explainable Artificial Intelligent (XAI) techniques. This method in-cooperates multiple techniques such as LISA aka Local Interpretable Model Agnostic Explanations (LIME), integrated gradients, Anchors and Shapley Additive Explanations (SHAP) which is Shapley values-based approach to provide explanations for the predictions provided by Blackbox models. This unified method increases the confidence in the black-box model’s decision to be employed in crucial applications under the supervision of human specialists. In this work, a Chest X-ray (CXR) classification model for identifying Covid-19 patients is trained using transfer learning to illustrate the applicability of XAI techniques and the unified method (LISA) to explain model predictions. To derive predictions, an image-net based Inception V2 model is utilized as the transfer learning model.

Internet speeds and technological advancements have made individuals increasingly concerned about their personal information being compromised by criminals. There have been a slew of new steganography and data concealment methods suggested in recent years. Steganography is the art of hiding information in plain sight (text, audio, image and video). Unauthorized users now have access to steganographic analysis software, which may be used to retrieve the carrier files valuable secret information. Unfortunately, because to their inefficiency and lack of security, certain steganography techniques are readily detectable by steganalytical detectors. We present a video steganography technique based on the linear block coding concept that is safe and secure. Data is protected using a binary graphic logo but also nine uncompressed video sequences as cover data and a secret message. It's possible to enhance the security by rearranging pixels randomly in both the cover movies and the hidden message. Once the secret message has been encoded using the Hamming algorithm (7, 4) before being embedded, the message is even more secure. The XOR function will be used to add the encoded message's result to a random set of values. Once the message has been sufficiently secured, it may be inserted into the video frames of the cover. In addition, each frame's embedding region is chosen at random so that the steganography scheme's resilience can be improved. In addition, our experiments have shown that the approach has a high embedding efficiency. The video quality of stego movies is quite close to the original, with a PSNR (Pick Signal to Noise Ratio) over 51 dB. Embedding a payload of up to 90 Kbits per frame is also permissible, as long as the quality of the stego video is not noticeably degraded.

Detection of malware and security attacks is a complex process that can vary in its details and analysis activities. As part of the detection process, malware scanners try to categorize a malware once it is detected under one of the known malware categories (e.g. worms, spywares, viruses, etc.). However, many studies and researches indicate problems with scanners categorizing or identifying a particular malware under more than one malware category. This paper, and several others, show that machine learning can be used for malware detection especially with ensemble base prediction methods. In this paper, we evaluated several custom-built ensemble models. We focused on multi-label malware classification as individual or classical classifiers showed low accuracy in such territory.This paper showed that recent machine models such as ensemble and deep learning can be used for malware detection with better performance in comparison with classical models. This is very critical in such a dynamic and yet important detection systems where challenges such as the detection of unknown or zero-day malware will continue to exist and evolve.

Requirement Elicitation is a key phase in software development. The fundamental goal of security requirement elicitation is to gather appropriate security needs and policies from stakeholders or organizations. The majority of systems fail due to incorrect elicitation procedures, affecting development time and cost. Security requirement elicitation is a major activity of requirement engineering that requires the attention of developers and other stakeholders. To produce quality requirements during software development, the authors suggested a methodology for effective requirement elicitation. Many challenges surround requirement engineering. These concerns can be connected to scope, preconceptions in requirements, etc. Other difficulties include user confusion over technological specifics, leading to confusing system aims. They also don't realize that the requirements are dynamic and prone to change. To protect the privacy of medical images, the proposed image cryptosystem uses a CCM-generated chaotic key series to confuse and diffuse them. A hexadecimal pre-processing technique is used to increase the security of color images utilising a hyper chaos-based image cryptosystem. Finally, a double-layered security system for biometric photos is built employing chaos and DNA cryptography.

This paper presents a MATLAB Graphical User Interface (GUI) based tool that determines the performance evaluation metrics of the physically unclonable functions (PUFs). The PUFs are hardware security primitives which can be utilized in several hardware security applications like integrated circuits protection, device authentication, secret key generation, and hardware obfuscation. Like any other technology approach, PUFs evaluation requires testing different performance metrics, each of which can be determined by at least one mathematical equation. The proposed tool (PUFs Tool) reads the PUF instances’ output and then computes and generates the values of the main PUFs’ performance metrics: uniqueness, reliability, uniformity, and bit-aliasing. In addition, it generates a bar code for each PUF instance considered in the evaluation process. The PUFs Tool is designed and developed using the app designer of MATLAB software 2021b.

The growing amount of data and advances in data science have created a need for a new kind of cloud platform that provides users with flexibility, strong security, and the ability to couple with supercomputers and edge devices through high-performance networks. We have built such a nation-wide cloud platform, called "mdx" to meet this need. The mdx platform's virtualization service, jointly operated by 9 national universities and 2 national research institutes in Japan, launched in 2021, and more features are in development. Currently mdx is used by researchers in a wide variety of domains, including materials informatics, geo-spatial information science, life science, astronomical science, economics, social science, and computer science. This paper provides an overview of the mdx platform, details the motivation for its development, reports its current status, and outlines its future plans.

Micro grid is a small-scale power supply network designed to provide electricity to small community with integrated renewable energy sources. A micro grid can be integrated to the utility grid. Due to lack of computerized analysis, mechanical switches causing slow response time, poor visibility and situational awareness blackouts are caused due to cascading of faults. This paper presents a brief survey on communication technologies used in smart grid and its extension to micro grid. By integration of communication network, device control, information collection and remote management an intelligent power management system can be achieved

The security of embedded systems is particularly crucial given the prevalence of embedded devices in daily life, business, and national defense. Firmware for embedded systems poses a serious threat to the safety of society, business, and the nation because of its robust concealment, difficulty in detection, and extended maintenance cycle. This technology is now an essential part of the contemporary experience, be it in the smart office, smart restaurant, smart home, or even the smart traffic system. Despite the fact that these systems are often fairly effective, the rapid expansion of embedded systems in smart cities have led to inconsistencies and misalignments between secured and unsecured systems, necessitating the development of secure, hacker-proof embedded systems. To solve this issue, we created a sizable, original, and objective dataset that is based on the latest Linux vulnerabilities for identifying the embedded system vulnerabilities and we modified a cutting-edge machine learning model for the Linux Kernel. The paper provides an updated EVDD and analysis of an extensive dataset for embedded system based vulnerability detection and also an updated state of the art deep learning model for embedded system vulnerability detection. We kept our dataset available for all researchers for future experiments and implementation.

Propagation delay in blockchain networks is a major impairment of message transmission and validation in the bitcoin network. The transaction delay caused by message propagation across long network chains can cause significant threats to the bitcoin network integrity by allowing miners to find blocks during the message consensus process. Potential threats of slow transaction dissemination include double-spending, partitions, and eclipse attacks. In this paper, we propose a method for minimizing propagation delay by reducing non-compulsory message broadcasts during transaction dissemination in the underlying blockchain network. Our method will decrease the propagation delay in the bitcoin network and consequently mitigate the security threats based on message dissemination delay. Our results show improvement in the delay time with more effect on networks with a large number of nodes.

We introduce AdaMix, an adaptive differentially private algorithm for training deep neural network classifiers using both private and public image data. While pre-training language models on large public datasets has enabled strong differential privacy (DP) guarantees with minor loss of accuracy, a similar practice yields punishing trade-offs in vision tasks. A few-shot or even zero-shot learning baseline that ignores private data can outperform fine-tuning on a large private dataset. AdaMix incorporates few-shot training, or cross-modal zero-shot learning, on public data prior to private fine-tuning, to improve the trade-off. AdaMix reduces the error increase from the non-private upper bound from the 167–311% of the baseline, on average across 6 datasets, to 68-92% depending on the desired privacy level selected by the user. AdaMix tackles the trade-off arising in visual classification, whereby the most privacy sensitive data, corresponding to isolated points in representation space, are also critical for high classification accuracy. In addition, AdaMix comes with strong theoretical privacy guarantees and convergence analysis.

A simulation-based optimization framework is developed to con-currently design the system and control parameters to meet de-sired performance and operational resiliency objectives. Leveraging system information from both data and models of varying fideli-ties, a rigorous probabilistic approach is employed for co-design experimentation. Significant economic benefits and resilience im-provements are demonstrated using co-design compared to existing sequential designs for cyber-physical systems.

Network attacks become more complicated with the improvement of technology. Traditional statistical methods may be insufficient in detecting constantly evolving network attack. For this reason, the usage of payload-based deep packet inspection methods is very significant in detecting attack flows before they damage the system. In the proposed method, features are extracted from the byte distributions in the payload and these features are provided to characterize the flows more deeply by using N-Gram analysis methods. The proposed procedure has been tested on IDS 2012 and 2017 datasets, which are widely used in the literature.

Protecting an identity of IPv6 packet against Denial-of-Service (DoS) attack, depend on the proposed methods of cryptography and steganography. Reliable communication using the security aspect is the most visible issue, particularly in IPv6 network applications. Problems such as DoS attacks, IP spoofing and other kinds of passive attacks are common. This paper suggests an approach based on generating a randomly unique identities for every node. The generated identity is encrypted and hided in the transmitted packets of the sender side. In the receiver side, the received packet verified to identify the source before processed. Also, the paper involves implementing nine experiments that are used to test the proposed scheme. The scheme is based on creating the address of IPv6, then passing it to the logistics map then encrypted by RSA and authenticated by SHA2. In addition, network performance is computed by OPNET modular. The results showed better computation power consumption in case of lost packet, average events, memory and time, and the better results as total memory is 35,523 KB, average events/sec is 250,52, traffic sent is 30,324 packets/sec, traffic received is 27,227 packets/sec, and lose packets is 3,097 packets/sec.

A novel secure physical layer key generation method for Connected and Autonomous Vehicles (CAVs) against an attacker is proposed under fading and Additive White Gaussian Noise (AWGN). In the proposed method, a random sequence key is added to the demodulated sequence to generate a unique pre-shared key (PSK) to enhance security. Extensive computer simulation results proved that an attacker cannot extract the same legitimate PSK generated by the received vehicle even if identical fading and AWGN parameters are used both for the legitimate vehicle and attacker.