Biblio

Recent years have seen an increase in medical big data, which can be attributed to a paradigm shift experienced in medical data sharing induced by the growth of medical technology and the Internet of Things. The evidence of this potential has been proved during the recent covid-19 pandemic, which was characterised by the use of medical wearable devices to help with the medical data exchange between the healthcare providers and patients in a bid to contain the pandemic. However, the use of these technologies has also raised questions and concerns about security and privacy risks. To assist in resolving this issue, this paper proposes a blockchain-based access control framework for managing access to users’ medical data. This is facilitated by using a smart contract on the blockchain, which allows for delegated access control and secure user authentication. This solution leverages blockchain technology’s inherent autonomy and immutability to solve the existing access control challenges. We have presented the solution in the form of a medical wearable sensor prototype and a mobile app that uses the Ethereum blockchain in a real data sharing control scenario. Based on the empirical results, the proposed solution has proven effective. It has the potential to facilitate reliable data exchange while also protecting sensitive health information against potential threats. When subjected to security analysis and evaluation, the system exhibits performance improvements in data privacy levels, high security and lightweight access control design compared to the current centralised access control models.

Autonomous systems have the potential to accomplish missions more quickly and effectively, while reducing risks to human operators and costs. However, since the use of autonomous systems is still relatively new, there are still a lot of challenges associated with trusting these systems. Without operators in direct control of all actions, there are significant concerns associated with endangering human lives or damaging equipment. For this reason, NATO has issued a challenge seeking to identify ways to improve decision-maker and operator trust when deploying autonomous systems, and de-risk their adoption. This paper presents the proposal of the winning solution to this NATO challenge. It approaches trust as a multi-dimensional concept, by incorporating the four dimensions of human-agent trust establishment in a digital twin context.

While language learning in infants and toddlers progresses somewhat seamlessly, in artificial systems the grounding of language in knowledge structures that are learned from sensorimotor experiences remains a hard challenge. Here we introduce LEARNA, which learns event-characterizing abstractions to resolve natural language ambiguity. LEARNA develops knowledge structures from simulated sensorimotor experiences. Given a possibly ambiguous descriptive utterance, the learned knowledge structures enable LEARNA to infer environmental scenes, and events unfolding within, which essentially constitute plausible imaginations of the utterance’s content. Similar event-predictive structures may help in developing artificial systems that can generate and comprehend descriptions of scenes and events.

Big data continues to grow in the manufacturing domain due to increasing interconnectivity on the shop floor in the course of the fourth industrial revolution. The optimization of machines based on either real-time or historical machine data provides benefits to both machine producers and operators. In order to be able to make use of these opportunities, it is necessary to access the machine data, which can include sensitive information such as intellectual property. Employing the use case of machine tools, this paper presents a solution enabling industrial data sharing and cloud collaboration while protecting sensitive information. It employs the edge computing paradigm to apply differential privacy to machine data in order to protect sensitive information and simultaneously allow machine producers to perform the necessary calculations and analyses using this data.

Space systems provide many critical functions to the military, federal agencies, and infrastructure networks. Nation-state adversaries have shown the ability to disrupt critical infrastructure through cyber-attacks targeting systems of networked, embedded computers. Moving target defenses (MTDs) have been proposed as a means for defending various networks and systems against potential cyber-attacks. MTDs differ from many cyber resilience technologies in that they do not necessarily require detection of an attack to mitigate the threat. We devised a MTD algorithm and tested its application to a real-time network. We demonstrated MTD usage with a real-time protocol given constraints not typically found in best-effort networks. Second, we quantified the cyber resilience benefit of MTD given an exfiltration attack by an adversary. For our experiment, we employed MTD which resulted in a reduction of adversarial knowledge by 97%. Even when the adversary can detect when the address changes, there is still a reduction in adversarial knowledge when compared to static addressing schemes. Furthermore, we analyzed the core performance of the algorithm and characterized its unpredictability using nine different statistical metrics. The characterization highlighted the algorithm has good unpredictability characteristics with some opportunity for improvement to produce more randomness.

Renewed focus on spacecraft networking by government and private industry promises to establish interoperable communications infrastructures and enable distributed computing in multi-nodal systems. Planned near-Earth and cislunar missions by NASA and others evidence the start of building this networking vision. Working with space agencies, academia, and industry, NASA has developed a suite of communications protocols and algorithms collectively referred to as Delay-Tolerant Networking (DTN) to support an interoperable space network. Included in the DTN protocol suite is a security protocol - the Bundle Protocol Security Protocol - which provides the kind of delay-tolerant, transport-layer security needed for cislunar and deep-space trusted networking. We present an analysis of the lifecycle of security operations inherent in a space network with a focus on the DTN-enabled space networking paradigm. This analysis defines three security-related roles for spacecraft (Security Sources, verifiers, and acceptors) and associates a series of critical processing events with each of these roles. We then define the set of required and optional actions associated with these security events. Finally, we present a series of best practices associated with policy configurations that are unique to the space-network security problem. Framing space network security policy as a mapping of security actions to security events provides the details necessary for making trusted networks semantically interoperable. Finally, this method is flexible enough to allow for customization even while providing a unifying core set of mandatory security actions.

The subgraph matching problem arises in a number of modern machine learning applications including segmented images and meshes of 3D objects for pattern recognition, bio-chemical reactions and security applications. This graph-based problem can have a very large and complex solution space especially when the world graph has many more nodes and edges than the template. In a real use-case scenario, analysts may need to query additional information about template nodes or world nodes to reduce the problem size and the solution space. Currently, this query process is done by hand, based on the personal experience of analysts. By analogy to the well-known active learning problem in machine learning classification problems, we present a machine-based active learning problem for the subgraph match problem in which the machine suggests optimal template target nodes that would be most likely to reduce the solution space when it is otherwise overly large and complex. The humans in the loop can then include additional information about those target nodes. We present some case studies for both synthetic and real world datasets for multichannel subgraph matching.

Internet of Things (IoT) based applications face an increasing number of potential security risks, which need to be systematically assessed and addressed. Expert-based manual assessment of IoT security is a predominant approach, which is usually inefficient. To address this problem, we propose an automated security assessment framework for IoT networks. Our framework first leverages machine learning and natural language processing to analyze vulnerability descriptions for predicting vulnerability metrics. The predicted metrics are then input into a two-layered graphical security model, which consists of an attack graph at the upper layer to present the network connectivity and an attack tree for each node in the network at the bottom layer to depict the vulnerability information. This security model automatically assesses the security of the IoT network by capturing potential attack paths. We evaluate the viability of our approach using a proof-of-concept smart building system model which contains a variety of real-world IoT devices and poten-tial vulnerabilities. Our evaluation of the proposed framework demonstrates its effectiveness in terms of automatically predicting the vulnerability metrics of new vulnerabilities with more than 90% accuracy, on average, and identifying the most vulnerable attack paths within an IoT network. The produced assessment results can serve as a guideline for cybersecurity professionals to take further actions and mitigate risks in a timely manner.

Modern malware indicators utilized by the current top threat feeds are easily bypassed and generated through enigmatic methods, leading to a lack of detection capabilities for cyber defenders. Static hash-based algorithms such as MD5 or SHA generate indicators that are rendered obsolete by modifying a single byte of the source file. Conversely, fuzzy hash-based algorithms such as SSDEEP and TLSH are more robust to alterations of source information; however, these methods often utilize context boundaries that are hard to define or not based on meaningful information. In previous work, a custom binary analysis tool was created called @DisCo. In this study, four current ransomware campaigns were analyzed using TLSH fuzzy hashing and the @DisCo tool. While TLSH works on the binary level of the entire program, @DisCo works at an intermediate function level. The results from each analysis method were compared to provide validation between the two as well as introduce a narrative for using combinations of these types of methods for the creation of stronger indicators of compromise.

Existing compression coding technologies are investigated using a statistical approach. The fundamental strategies used in the process of statistical coding of video information data are analyzed. Factors that have a significant impact on the reliability and efficiency of video delivery in the process of statistical coding are analyzed. A model for estimating the impact of errors in the process of reconstruction of uneven code structures on the quality of recoverable video images is being developed.The influence of errors that occur in data transmission channels on the reliability of the reconstructed video image is investigated.

A secure hash code or message authentication code is a one-way hash algorithm. It is producing a fixed-size hash function to be used to check verification, the integrity of electronic data, password storage. Numerous researchers have proposed hashing algorithms. They have a very high time complexity based on several steps, initial value, and key constants which are publically known. We are focusing here on the many exiting algorithms that are dependent on the initial value and key constant usage to increasing the security strength of the hash function which is publically known. Therefore, we are proposing autonomous initial value proposed secure hash algorithm (AIVPSHA64) in this research paper to produce sixty-four-bit secure hash code without the need of initial value and key constant, it is very useful for a smart card to verify their identity which has limited memory space. Then evaluate the performance of hash function using autonomous initial value proposed secure hash algorithm (AIVPSHA64) and will compare the result, which is found by python-3.9.0 programming language.

Recently, Mobile Edge Cloud computing (MEC) has attracted attention both from academia and industry. The idea of moving a part of cloud resources closer to users and data sources can bring many advantages in terms of speed, data traffic, security and context-aware services. The MEC infrastructure does not only host and serves applications next to the end-users, but services can be dynamically migrated and reallocated as mobile users move in order to guarantee latency and performance constraints. This specific requirement calls for the involvement and collaboration of multiple MEC providers, which raises a major issue related to trustworthiness. Two main challenges need to be addressed: i) trustworthiness needs to be handled in a manner that does not affect latency or performance, ii) trustworthiness is considered in different dimensions - not only security metrics but also performance and quality metrics in general. In this paper, we propose a trust layer for public MEC infrastructure that handles establishing and updating trust relations among all MEC entities, making the interaction withing a MEC network transparent. First, we define trust attributes affecting the trusted quality of the entire infrastructure and then a methodology with a computation model that combines these trust attribute values. Our experiments showed that the trust model allows us to reduce latency by removing the burden from a single MEC node, while at the same time increase the network trustworthiness.

Cloud Computing (CC) has emerged as an on-demand accessible tool in different practical applications such as digital industry, academics, manufacturing, health sector and others. In this paper different security threats faced by CC are discussed with suitable examples. Moreover, an artificial intelligence based security enabled CC is also discussed based on suitable empirical data. It is found that an artificial neural network (ANN) is an effective system to detect the level of risk factors associated with CC along with mitigating those risk issues with appropriate algorithms. Hence, it provides a desired level of protection against cyber attacks, internal confidential threats and external threat of data theft from a cloud computing system. Levenberg–Marquardt (LMBP) algorithms are also found as a significant tool to estimate the level of security performance around a cloud computing system. ANN is used to improve the performance level of data security across a cloud computing network and make it security enabled to ensure a protected data transmission to clients associated with the system.

Adversarial machine learning, a technique which seeks to deceive machine learning (ML) models, threatens the utility and reliability of ML systems. This is particularly relevant in critical ML implementations such as those found in Network Intrusion Detection Systems (NIDS). This paper considers the impact of adversarial influence on NIDS and proposes ways to improve ML based systems. Specifically, we consider five feature robustness metrics to determine which features in a model are most vulnerable, and four defense methods. These methods are tested on six ML models with four adversarial sample generation techniques. Our results show that across different models and adversarial generation techniques, there is limited consistency in vulnerable features or in effectiveness of defense method.

In this paper we use a seeded modular coding scheme for implementing physical layer security in a wiretap scenario. This modular scheme consists of a traditional coding layer and a security layer. For the traditional coding layer, we use a polar code. We evaluate the performance of the seeded modular coding scheme in an experimental setup with software defined radios and compare these results to simulation results. In order to assess the secrecy level of the scheme, we employ the distinguishing security metric. In our experiments, we compare the distinguishing error rate for different seeds and block lengths.

With increased awareness comes unprecedented expectations. We live in a digital, cloud era wherein the underlying information architectures are expected to be elastic, secure, resilient, and handle petabyte scaling. The expectation of epic proportions from the next generation of the data frameworks is to not only do all of the above but also build it on a foundation of trust and explainability across multi-organization business networks. From cloud providers to automobile industries or even vaccine manufacturers, components are often sourced by a complex, not full digitized thread of disjoint suppliers. Building Machine Learning and AI-based order fulfillment and predictive models, remediating issues, is a challenge for multi-organization supply chain automation. We posit that Federated Learning in conjunction with blockchain and smart contracts are technologies primed to tackle data privacy and centralization challenges. In this paper, motivated by challenges in the industry, we propose a decentralized distributed system in conjunction with a recommendation system model (Matrix Factorization) that is trained using Federated Learning on an Ethereum blockchain network. We leverage smart contracts that allow decentralized serverless aggregation to update local-ized items vectors. Furthermore, we utilize Homomorphic Encryption (HE) to allow sharing the encrypted gradients over the network while maintaining their privacy. Based on our results, we argue that training a model over a serverless Blockchain network using smart contracts will provide the same accuracy as in a centralized model while maintaining our serverless model privacy and reducing the overhead communication to a central server. Finally, we assert such a system that provides transparency, audit-ready and deep insights into supply chain operations for enterprise cloud customers resulting in cost savings and higher Quality of Service (QoS).

Static analysis is a general name for various methods of program examination without actually executing it. In particular, it is widely used to discover errors and vulnerabilities in software. Taint analysis usually denotes the process of checking the flow of user-provided data in the program in order to find potential vulnerabilities. It can be performed either statically or dynamically. In the paper we evaluate several improvements for the static taint analyzer Irbis [1], which is based on a special case of interprocedural graph reachability problem - the so-called IFDS problem, originally proposed by Reps et al. [2]. The analyzer is currently being developed at the Ivannikov Institute for System Programming of the Russian Academy of Sciences (ISP RAS). The evaluation is based on several real projects with known vulnerabilities and a subset of the Juliet Test Suite for C/C++ [3]. The chosen subset consists of more than 5 thousand tests for 11 different CWEs.

Phishing URL is a type of cyberattack, based on falsified URLs. The number of phishing URL attacks continues to increase despite cybersecurity efforts. According to the Anti-Phishing Working Group (APWG), the number of phishing websites observed in 2020 is 1 520 832, doubling over the course of a year. Various algorithms, techniques and methods can be used to build models for phishing URL detection and classification. From our reading, we observed that Machine Learning (ML) is one of the recent approaches used to detect and classify phishing URL in an efficient and proactive way. In this paper, we evaluate eleven of the most adopted ML algorithms such as Decision Tree (DT), Nearest Neighbours (KNN), Gradient Boosting (GB), Logistic Regression (LR), Naïve Bayes (NB), Random Forest (RF), Support Vector Machines (SVM), Neural Network (NN), Ex-tra\_Tree (ET), Ada\_Boost (AB) and Bagging (B). To do that, we compute detection accuracy metric for each algorithm and we use lexical analysis to extract the URL features.

The extraordinary number of alerts generated by network intrusion detection systems (NIDS) can desensitize security analysts tasked with incident response. Security information and event management systems (SIEMs) perform some rudimentary automation but cannot replicate the decision-making process of a skilled analyst. Machine learning and artificial intelligence (AI) can detect patterns in data with appropriate training. In practice, the majority of the alert data comprises false alerts, and true alerts form only a small proportion. Consequently, a naive engine that classifies all security alerts into the majority class can yield a superficial high accuracy close to 100%. Without any correction for the class imbalance, the false alerts will dominate algorithmic predictions resulting in poor generalization performance. We propose a machine-learning approach to address the class imbalance problem in multi-appliance security alert data and automate the security alert analysis process performed in security operations centers (SOCs). We first used the neighborhood cleaning rule (NCR) to identify and remove ambiguous, noisy, and redundant false alerts. Then, we applied the support vector machine synthetic minority oversampling technique (SVMSMOTE) to generate synthetic training true alerts. Finally, we fit and evaluated the decision tree and random forest classifiers. In the experiments, using alert data from eight security appliances, we demonstrated that the proposed method can significantly reduce the need for manual auditing, decreasing the number of uninspected alerts and achieving a performance of 99.524% in recall.

Modulated signal identification plays a crucial role in both military reconnaissance and civilian signal regulation. Traditionally, modulated signal identification is based on high-order statistics, but this approach has many drawbacks. With the development of deep learning, its advantages are fully exploited by combining it with modulated signals to avoid the complex process of computing a priori knowledge while having good fault tolerance. In this paper, ten digital modulated signals are classified and recognized, and improvements are made on the basis of convolutional neural networks, using feature reuse to increase the depth of the convolutional layer and extract signal features with better results. After experimental analysis, the recognition accuracy increases with the rise of the signal-to-noise ratio, and can reach 90% and above when the signal-to-noise ratio is 30dB.

Threat information sharing is considered as one of the proactive defensive approaches for enhancing the over-all security of trusted partners. Trusted partner organizations can provide access to past and current cybersecurity threats for reducing the risk of a potential cyberattack—the requirements for threat information sharing range from simplistic sharing of documents to threat intelligence sharing. Therefore, the storage and sharing of highly sensitive threat information raises considerable concerns regarding constructing a secure, trusted threat information exchange infrastructure. Establishing a trusted ecosystem for threat sharing will promote the validity, security, anonymity, scalability, latency efficiency, and traceability of the stored information that protects it from unauthorized disclosure. This paper proposes a system that ensures the security principles mentioned above by utilizing a distributed ledger technology that provides secure decentralized operations through smart contracts and provides a privacy-preserving ecosystem for threat information storage and sharing regarding the MITRE ATT&CK framework.

This paper develops a glocal (global-local) attack detection framework to detect stealthy cyber-physical attacks, namely covert attack and zero-dynamics attack, against a class of multi-agent control systems seeking average consensus. The detection structure consists of a global (central) observer and local observers for the multi-agent system partitioned into clusters. The proposed structure addresses the scalability of the approach and the privacy preservation of the multi-agent system’s state information. The former is addressed by using decentralized local observers, and the latter is achieved by imposing unobservability conditions at the global level. Also, the communication graph model is subject to topology switching, triggered by local observers, allowing for the detection of stealthy attacks by the global observer. Theoretical conditions are derived for detectability of the stealthy attacks using the proposed detection framework. Finally, a numerical simulation is provided to validate the theoretical findings.

The Internet of Battlefield Things (IoBT) is a dynamically composed network of intelligent sensors and actuators that operate as a command and control, communications, computers, and intelligence complex-system with the aim to enable multi-domain operations. The use of artificial intelligence can help transform the IoBT data into actionable insight to create information and decision advantage on the battlefield. In this work, we focus on how accounting for uncertainty in IoBT systems can result in more robust and safer systems. Human trust in these systems requires the ability to understand and interpret how machines make decisions. Most real-world applications currently use deterministic machine learning techniques that cannot incorporate uncertainty. In this work, we focus on the machine learning task of classifying vehicles from their audio recordings, comparing deterministic convolutional neural networks (CNNs) with Bayesian CNNs to show that correctly estimating the uncertainty can help lead to robust decision-making in IoBT.

The widespread application of industrial Internet identifiers has increased the security risks of industrial Internet and identifier resolution system. In order to improve the security capabilities of identifier resolution system, this paper analyzes the security challenges faced by identifier resolution system at this stage, and in line with the concept of layered security defense in depth, divides the security domains of identifier resolution system and proposes a multi-level security strategy based on security domains by deploying appropriate protective measures in each security domain.

In dynamic control centers, conventional SCADA systems are enhanced with novel assistance functionalities to increase existing monitoring and control capabilities. To achieve this, different key technologies like phasor measurement units (PMU) and Digital Twins (DT) are incorporated, which give rise to new cyber-security challenges. To address these issues, a four-stage threat analysis approach is presented to identify and assess system vulnerabilities for novel dynamic control center architectures. For this, a simplified risk assessment method is proposed, which allows a detailed analysis of the different system vulnerabilities considering various active and passive cyber-attack types. Qualitative results of the threat analysis are presented and discussed for different use cases at the control center and substation level.