Biblio

Video Surveillance plays a pivotal role in today's world. The technologies have been advanced too much when artificial intelligence, machine learning and deep learning pitched into the system. Using above combinations, different systems are in place which helps to differentiate various suspicious behaviors from the live tracking of footages. The most unpredictable one is human behaviour and it is very difficult to find whether it is suspicious or normal. Deep learning approach is used to detect suspicious or normal activity in an academic environment, and which sends an alert message to the corresponding authority, in case of predicting a suspicious activity. Monitoring is often performed through consecutive frames which are extracted from the video. The entire framework is divided into two parts. In the first part, the features are computed from video frames and in second part, based on the obtained features classifier predict the class as suspicious or normal.

Information security is everyone's concern. Computer systems are used to store sensitive data. Any weakness in their reliability and security makes them vulnerable. The Common Vulnerability Scoring System (CVSS) is a commonly used scoring system, which helps in knowing the severity of a software vulnerability. In this research, we show the effectiveness of common machine learning algorithms in predicting the computer operating systems security using the published vulnerability data in Common Vulnerabilities and Exposures and National Vulnerability Database repositories. The Random Forest algorithm has the best performance, compared to other algorithms, in predicting the computer operating system vulnerability severity levels based on precision, recall, and F-measure evaluation metrics. In addition, a predictive model was developed to predict whether a newly discovered computer operating system vulnerability would allow attackers to cause denial of service to the subject system.

The concept of the adversary model has been widely applied in the context of cryptography. When designing a cryptographic scheme or protocol, the adversary model plays a crucial role in the formalization of the capabilities and limitations of potential attackers. These models further enable the designer to verify the security of the scheme or protocol under investigation. Although being well established for conventional cryptanalysis attacks, adversary models associated with attackers enjoying the advantages of machine learning techniques have not yet been developed thoroughly. In particular, when it comes to composed hardware, often being security-critical, the lack of such models has become increasingly noticeable in the face of advanced, machine learning-enabled attacks. This paper aims at exploring the adversary models from the machine learning perspective. In this regard, we provide examples of machine learning-based attacks against hardware primitives, e.g., obfuscation schemes and hardware root-of-trust, claimed to be infeasible. We demonstrate that this assumption becomes however invalid as inaccurate adversary models have been considered in the literature.

Two-factor authentication (2FA) systems implement by verifying at least two factors. A factor is something a user knows (password, or phrase), something a user possesses (smart card, or smartphone), something a user is (fingerprint, or iris), something a user does (keystroke), or somewhere a user is (location). In the existing 2FA system, a user is required to act in order to implement the second layer of authentication which is not very user-friendly. Smart devices (phones, laptops, tablets, etc.) can receive signals from different radio frequency technologies within range. As these devices move among networks (Wi-Fi access points, cellphone towers, etc.), they receive broadcast messages, some of which can be used to collect information. This information can be utilized in a variety of ways, such as establishing a connection, sharing information, locating devices, and, most appropriately, identifying users in range. The principal benefit of broadcast messages is that the devices can read and process the embedded information without being connected to the broadcaster. Moreover, the broadcast messages can be received only within range of the wireless access point sending the broadcast, thus inherently limiting access to those devices in close physical proximity and facilitating many applications dependent on that proximity. In the proposed research, a new factor is used - something that is in the user's environment with minimal user involvement. Data from these broadcast messages is utilized to implement a 2FA scheme by determining whether two devices are proximate or not to ensure that they belong to the same user.

The following topics are dealt with: diseases; medical signal processing; learning (artificial intelligence); security of data; blood; patient treatment; patient monitoring; bioelectric phenomena; biomedical electrodes; biological tissues.

A novel deep neural network is proposed, for accurate and robust crowd counting. Crowd counting is a complex task, as it strongly depends on the deployed camera characteristics and, above all, the scene perspective. Crowd counting is essential in security applications where Internet of Things (IoT) cameras are deployed to help with crowd management tasks. The complexity of a scene varies greatly, and a medium to large scale security system based on IoT cameras must cater for changes in perspective and how people appear from different vantage points. To address this, our deep architecture extracts multi-scale features with a pyramid contextual module to provide long-range contextual information and enlarge the receptive field. Experiments were run on three major crowd counting datasets, to test our proposed method. Results demonstrate our method supersedes the performance of state-of-the-art methods.

We study the optimal control problem of the maximum a posteriori (MAP) state sequence detection of an adversary using smart meter data. The privacy leakage is measured using the Bayesian risk and the privacy-enhancing control is achieved in real-time using an energy storage system. The control strategy is designed to minimize the expected performance of a non-causal adversary at each time instant. With a discrete-state Markov model, we study two detection problems: when the adversary is unaware or aware of the control. We show that the adversary in the former case can be controlled optimally. In the latter case, where the optimal control problem is shown to be non-convex, we propose an adaptive-grid approximation algorithm to obtain a sub-optimal strategy with reduced complexity. Although this work focuses on privacy in smart meters, it can be generalized to other sensor networks.

The mechanism of peers randomly choosing logical neighbors without any knowledge about underlying physical topology can cause a delay overhead in information propagation which makes the system vulnerable to double spend attacks. This paper introduces a proximity-aware extensions to the current Bitcoin protocol, named Master Node Based Clustering (MNBC). The ultimate purpose of the proposed protocol is to improve the information propagation delay in the Bitcoin network.

Robot Operating System (ROS) is becoming more and more important and is used widely by developers and researchers in various domains. One of the most important fields where it is being used is the self-driving cars industry. However, this framework is far from being totally secure, and the existing security breaches do not have robust solutions. In this paper we focus on the camera vulnerabilities, as it is often the most important source for the environment discovery and the decision-making process. We propose an unsupervised anomaly detection tool for detecting suspicious frames incoming from camera flows. Our solution is based on spatio-temporal autoencoders used to truthfully reconstruct the camera frames and detect abnormal ones by measuring the difference with the input. We test our approach on a real-word dataset, i.e. flows coming from embedded cameras of self-driving cars. Our solution outperforms the existing works on different scenarios.

Increased peripheral performance is causing strain on the memory subsystem of modern processors. For example, available DRAM throughput can no longer sustain the traffic of a modern network card. Scrambling to deliver the promised performance, instead of transferring peripheral data to and from DRAM, modern Intel processors perform I/O operations directly on the Last Level Cache (LLC). While Direct Cache Access (DCA) instead of Direct Memory Access (DMA) is a sensible performance optimization, it is unfortunately implemented without care for security, as the LLC is now shared between the CPU and all the attached devices, including the network card.In this paper, we reverse engineer the behavior of DCA, widely referred to as Data-Direct I/O (DDIO), on recent Intel processors and present its first security analysis. Based on our analysis, we present NetCAT, the first Network-based PRIME+PROBE Cache Attack on the processor's LLC of a remote machine. We show that NetCAT not only enables attacks in cooperative settings where an attacker can build a covert channel between a network client and a sandboxed server process (without network), but more worryingly, in general adversarial settings. In such settings, NetCAT can enable disclosure of network timing-based sensitive information. As an example, we show a keystroke timing attack on a victim SSH connection belonging to another client on the target server. Our results should caution processor vendors against unsupervised sharing of (additional) microarchitectural components with peripherals exposed to malicious input.

The objective of this paper is to propose a model of a distributed intrusion detection system based on the multi-agent paradigm and the distributed file system (HDFS). Multi-agent systems (MAS) are very suitable to intrusion detection systems as they can address the issue of geographic data security in terms of autonomy, distribution and performance. The proposed system is based on a set of autonomous agents that cooperate and collaborate with each other to effectively detect intrusions and suspicious activities that may impact geographic information systems. Our system allows the detection of known and unknown computer attacks without any human intervention (Security Experts) unlike traditional intrusion detection systems that rely on knowledge bases as a mechanism to detect known attacks. The proposed model allows a real time detection of known and unknown attacks within large networks hosting geographic data.

Android Operating System becomes a major target for malicious attacks. Static analysis approach is widely used to detect malicious applications. Most of existing studies on static analysis frameworks are limited to certain features. This paper presents an Android Static Analysis Framework (ASAF) which models the overall static analysis phases and approaches for Android applications. ASAF can be implemented for different purposes including Android malicious apps detection. The proposed framework utilizes a parsing tool, Android Static Parse (ASParse) which is also introduced in this paper. Through the extendibility of the ASParse tool, future research studies can easily extend the parsed features and the parsed files to perform parsing based on their specific requirements and goals. Moreover, a case study is conducted to illustrate the implementation of the proposed ASAF.

Wireless Sensor Network (WSN) is a heterogeneous type of network consisting of scattered sensor nodes and working together for data collection, processing, and transmission functions[1], [2]. Because WSN is widely used in vital matters, aspects of its security must also be considered. There are many types of attacks that might be carried out to disrupt WSN networks. The methods of attack that exist in WSN include jamming attack, tampering, Sybil attack, wormhole attack, hello flood attack, and, blackhole attack[3]. Blackhole attacks are one of the most dangerous attacks on WSN networks. Enhanced Check Agent method is designed to detect black hole attacks by sending a checking agent to record nodes that are considered black okay. The implementation will be tested right on a wireless sensor network using ZigBee technology. Network topology uses a mesh where each node can have more than one routing table[4]. The Enhanced Check Agent method can increase throughput to 100 percent.

The concept of federation in 5G and NFV networks aims to provide orchestration of services across multiple administrative domains. Edge robotics, as a field of robotics, implements the robot control on the network edge by relying on low-latency and reliable access connectivity. In this paper, we propose a solution that enables Edge robotics service to expand its service footprint or access coverage over multiple administrative domains. We propose application of Distributed ledger technologies (DLTs) for the federation procedures to enable private, secure and trusty interactions between undisclosed administrative domains. The solution is applied on a real-case Edge robotics experimental scenario. The results show that it takes around 19 seconds to deploy & federate a Edge robotics service in an external/anonymous domain without any service down-time.

In many applications, software protection can not be sufficient to provide high security needed by some critical applications. A noteworthy example are the bitcoin wallets. Designed the most secure piece of software, their security can be compromised by a simple piece of malware infecting the device storing keys used for signing transactions. Secure hardware devices such as Trusted Platform Module (TPM) offers the ability to create a piece of code that can run unmolested by the rest of software applications hosted in the same machine. This has turned out to be a valuable approach for preventing several malware threats. Unfortunately, their restricted functionalities make them inconsistent with the use of multi and threshold signature mechanisms which are in the heart of real world cryptocurrency wallets implementation. This paper proposes an efficient multi-signature scheme that fits the requirement of the TPM. Based on discrete logarithm and pairings, our scheme does not require any interaction between signers and provide the same benefits as the well established BLS signature scheme. Furthermore, we proposed a formal model of our design and proved it security in a semi-honest model. Finally, we implemented a prototype of our design and studied its performance. From our experimental analysis, the proposed design is highly efficient and can serve as a groundwork for using TPM in future cryptocurrency wallets.

Distributed training is a novel approach to accelerating training of Deep Neural Networks (DNN), but common training libraries fall short of addressing the distributed nature of heterogeneous processors or interruption by other workloads on the shared processing nodes. This paper describes distributed training of DNN on computational storage devices (CSD), which are NAND flash-based, high-capacity data storage with internal processing engines. A CSD-based distributed architecture incorporates the advantages of federated learning in terms of performance scalability, resiliency, and data privacy by eliminating the unnecessary data movement between the storage device and the host processor. The paper also describes Stannis, a DNN training framework that improves on the shortcomings of existing distributed training frameworks by dynamically tuning the training hyperparameters in heterogeneous systems to maintain the maximum overall processing speed in term of processed images per second and energy efficiency. Experimental results on image classification training benchmarks show up to 3.1x improvement in performance and 2.45x reduction in energy consumption when using Stannis plus CSD compare to the generic systems.

Verifiability is one of the parameters in e-voting that can increase confidence in voting technology with several parties ensuring that voters do not change their votes. Voting has become an important part of the democratization system, both to make choices regarding policies, to elect representatives to sit in the representative assembly, and to elect leaders. the more voters and the wider the distribution, the more complex the social life, and the need to manage the voting process efficiently and determine the results more quickly, electronic-based voting (e-Voting) is becoming a more promising option. The level of confidence in voting depends on the capabilities of the system. E-voting must have parameters that can be used as guidelines, which include the following: Accuracy, Invulnerability, Privacy and Verifiability. The implementation of the simple verifiability metric to measure the degree of verifiability in the e-voting protocol, the researchers can calculate the degree of verifiability in the e-voting protocol and the researchers have been able to assess the proposed e-voting protocol with the standard of the best degree of verifiability is 1, where the value of 1 is is absolutely verified protocol.

In this paper, an Intrusion Detection System (IDS) in the Controller Area Network (CAN) bus of modern vehicles has been proposed. NESLIDS is an anomaly detection algorithm based on the supervised Deep Neural Network (DNN) architecture that is designed to counter three critical attack categories: Denial-of-service (DoS), fuzzy, and impersonation attacks. Our research scope included modifying DNN parameters, e.g. number of hidden layer neurons, batch size, and activation functions according to how well it maximized detection accuracy and minimized the false positive rate (FPR) for these attacks. Our methodology consisted of collecting CAN Bus data from online and in real-time, injecting attack data after data collection, preprocessing in Python, training the DNN, and testing the model with different datasets. Results show that the proposed IDS effectively detects all attack types for both types of datasets. NESLIDS outperforms existing approaches in terms of accuracy, scalability, and low false alarm rates.

Due to the difficulty of obtaining a database of original images that are required in the classification process to detect tampering, this paper presents a technique for detecting image tampering such as image steganography in the spatial domain. The system depends on deriving the auto-correlation function of the image histogram, then applying a high-pass filter with a threshold. This technique can be used to decide which image is cover or a stego image, without adopting the original image. The results have eventually revealed the validity of this system. Although this study has focused on least-significant-bit (LSB) steganography, we expect that it could be extended to other types of image tapering.

Social Internet of Things (SIoT) is an extension of Internet of Things (IoT) that converges with Social networking concepts to create Social networks of interconnected smart objects. This convergence allows the enrichment of the two paradigms, resulting into new ecosystems. While IoT follows two interaction paradigms, human-to-human (H2H) and thing-to-thing (T2T), SIoT adds on human-to-thing (H2T) interactions. SIoT enables smart “Social objects” that intelligently mimic the social behavior of human in the daily life. These social objects are equipped with social functionalities capable of discovering other social objects in the surroundings and establishing social relationships. They crawl through the social network of objects for the sake of searching for services and information of interest. The notion of trust and trustworthiness in social communities formed in SIoT is still new and in an early stage of investigation. In this paper, our contributions are threefold. First, we present the fundamentals of SIoT and trust concepts in SIoT, clarifying the similarities and differences between IoT and SIoT. Second, we categorize the trust management solutions proposed so far in the literature for SIoT over the last six years and provide a comprehensive review. We then perform a comparison of the state of the art trust management schemes devised for SIoT by performing comparative analysis in terms of trust management process. Third, we identify and discuss the challenges and requirements in the emerging new wave of SIoT, and also highlight the challenges in developing trust and evaluating trustworthiness among the interacting social objects.

Computer networks and surging advancements of innovative information technology construct a critical infrastructure for network transactions of business entities. Information exchange and data access though such infrastructure is scrutinized by adversaries for vulnerabilities that lead to cyber-attacks. This paper presents an agent-based system modelling to conceptualize and extract explicit and latent structure of the complex enterprise systems as well as human interactions within the system to determine common vulnerabilities of the entity. The model captures emergent behavior resulting from interactions of multiple network agents including the number of workstations, regular, administrator and third-party users, external and internal attacks, defense mechanisms for the network setting, and many other parameters. A risk-based approach to modelling cybersecurity of a business entity is utilized to derive the rate of attacks. A neural network model will generalize the type of attack based on network traffic features allowing dynamic state changes. Rules of engagement to generate self-organizing behavior will be leveraged to appoint a defense mechanism suitable for the attack-state of the model. The effectiveness of the model will be depicted by time-state chart that shows the number of affected assets for the different types of attacks triggered by the entity risk and the time it takes to revert into normal state. The model will also associate a relevant cost per incident occurrence that derives the need for enhancement of security solutions.

Cloud-based payments, virtual car keys, and digital rights management are examples of consumer electronics applications that use secure software. White-box implementations of the Advanced Encryption Standard (AES) are important building blocks of secure software systems, and the attack of Billet, Gilbert, and Ech-Chatbi (BGE) is a well-known attack on such implementations. A drawback from the adversary’s or security tester’s perspective is that manual reverse engineering of the implementation is required before the BGE attack can be applied. This paper presents a method to automate the BGE attack on a class of white-box AES implementations with a specific type of external encoding. The new method was implemented and applied successfully to a CHES 2016 capture the flag challenge.

The growth of IoT devices during the last decade has led to the development of smart ecosystems, such as smart homes, prone to cyberattacks. Traditional security methodologies support to some extend the requirement for preserving privacy and security of such deployments, but their centralized nature in conjunction with low computational capabilities of smart home gateways make such approaches not efficient. Last achievements on blockchain technologies allowed the use of such decentralized architectures to support cybersecurity defence mechanisms. In this work, a blockchain framework is presented to support the cybersecurity mechanisms of smart homes installations, focusing on the immutability of users and devices that constitute such environments. The proposed methodology provides also the appropriate smart contracts support for ensuring the integrity of the smart home gateway and IoT devices, as well as the dynamic and immutable management of blocked malicious IPs. The framework has been deployed on a real smart home environment demonstrating its applicability and efficiency.

An attacker's success crucially depends on the reconnaissance phase of Distributed Denial of Service (DDoS) attacks, which is the first step to gather intelligence. Although several solutions have been proposed against network reconnaissance attacks, they fail to address the needs of legitimate users' requests. Thus, we propose a cloud-based deception framework which aims to confuse the attacker with reconnaissance replies while allowing legitimate uses. The deception is based on for-warding the reconnaissance packets to a cloud infrastructure through tunneling and SDN so that the returned IP addresses to the attacker will not be genuine. For handling legitimate requests, we create a reflected virtual topology in the cloud to match any changes in the original physical network to the cloud topology using SDN. Through experimentations on GENI platform, we show that our framework can provide reconnaissance responses with negligible delays to the network clients while also reducing the management costs significantly.

The Internet Transport Protocol (ITP) is introduced to support reliable end-to-end transport services in the IP Internet without the need for end-to-end connections, changes to the Internet routing infrastructure, or modifications to name-resolution services. Results from simulation experiments show that ITP outperforms the Transmission Control Protocol (TCP) and the Named Data Networking (NDN) architecture, which requires replacing the Internet Protocol (IP). In addition, ITP allows transparent content caching while enforcing privacy.