Biblio

Phishing is an act of technology-based deception that targets individuals to obtain information. To minimize the number of phishing attacks, factors that influence the ability to identify phishing attempts must be examined. The present study aimed to determine how individual differences relate to performance on a phishing task. Undergraduate students completed a questionnaire designed to assess impulsivity, trust, personality characteristics, and Internet/security habits. Participants performed an email task where they had to discriminate between legitimate emails and phishing attempts. Researchers assessed performance in terms of correctly identifying all email types (overall accuracy) as well as accuracy in identifying phishing emails (phishing accuracy). Results indicated that overall and phishing accuracy each possessed unique trust, personality, and impulsivity predictors, but shared one significant behavioral predictor. These results present distinct predictors of phishing susceptibility that should be incorporated in the development of anti-phishing technology and training.

The 6G wireless communication networks are being studied to build a powerful networking system with global coverage, enhanced spectral/energy/cost efficiency, better intelligent level and security. This paper presents a four-in-one networking paradigm named 3CL-Net that would broaden and strengthen the capabilities of current networking by introducing ubiquitous computing, caching, and intelligence over the communication connection to build 6G-required capabilities. To evaluate the practicability of 3CL-Net, this paper designs a platform based on the 3CL-Net architecture. The platform adopts leader-followers structure that could support all functions of 3CL-Net, but separate missions of 3CL-Net into two parts. Moreover, this paper has implemented part of functions as a prototype, on which some experiments are carried out. The results demonstrate that 3CL-Net is potential to be a practical and effective network paradigm to meet future requirements, meanwhile, 3CL-Net could motivate designs of related platforms as well.

Metaverse opens up a new social networking paradigm where people can experience a real interactive feeling without physical space constraints. Social interactions are gradually evolving from text combined with pictures and videos to 3-dimensional virtual reality, making the social experience increasingly physical, implying that more metaverse applications with immersive experiences will be developed in the future. However, the increasing data dimensionality and volume for new metaverse applications present a significant challenge in data acquisition, security, and sharing. Furthermore, metaverse applications require high capacity and ultrareliability for the wireless system to guarantee the quality of user experience, which cannot be addressed in the current fifth-generation system. Therefore, reaching the metaverse is dependent on the revolution in the sixth-generation (6G) wireless communication, which is expected to provide low-latency, high-throughput, and secure services. This article provides a comprehensive view of metaverse applications and investigates the fundamental technologies for the 6G toward metaverse.

CAPTCHAs are designed to prevent malicious bot programs from abusing websites. Most online service providers deploy audio CAPTCHAs as an alternative to text and image CAPTCHAs for visually impaired users. However, prior research investigating the security of audio CAPTCHAs found them highly vulnerable to automated attacks using Automatic Speech Recognition (ASR) systems. To improve the robustness of audio CAPTCHAs against automated abuses, we present the design and implementation of an audio adversarial CAPTCHA (aaeCAPTCHA) system in this paper. The aaeCAPTCHA system exploits audio adversarial examples as CAPTCHAs to prevent the ASR systems from automatically solving them. Furthermore, we conducted a rigorous security evaluation of our new audio CAPTCHA design against five state-of-the-art DNN-based ASR systems and three commercial Speech-to-Text (STT) services. Our experimental evaluations demonstrate that aaeCAPTCHA is highly secure against these speech recognition technologies, even when the attacker has complete knowledge of the current attacks against audio adversarial examples. We also conducted a usability evaluation of the proof-of-concept implementation of the aaeCAPTCHA scheme. Our results show that it achieves high robustness at a moderate usability cost compared to normal audio CAPTCHAs. Finally, our extensive analysis highlights that aaeCAPTCHA can significantly enhance the security and robustness of traditional audio CAPTCHA systems while maintaining similar usability.

Model checking is one of the most commonly used technique in formal verification. However, the exponential scale state space renders exhaustive state enumeration inefficient even for a moderate System on Chip (SoC) design. In this paper, we propose a method that leverages symbolic execution to accelerate state space search and pinpoint security vulnerabilities. We automatically convert the hardware design to functionally equivalent C++ code and utilize the KLEE symbolic execution engine to perform state exploration through heuristic search. To reduce the search space, we symbolically represent essential input signals while making non-critical inputs concrete. Experiment results have demonstrated that our method can precisely identify security vulnerabilities at significantly lower computation cost.

As one of the defensive solutions against cyberattacks, an Intrusion Detection System (IDS) plays an important role in observing the network state and alerting suspicious actions that can break down the system. There are many attempts of adopting Machine Learning (ML) in IDS to achieve high performance in intrusion detection. However, all of them necessitate a large amount of labeled data. In addition, labeling attack data is a time-consuming and expensive human-labor operation, it makes existing ML methods difficult to deploy in a new system or yields lower results due to a lack of labels on pre-trained data. To address these issues, we propose a semi-supervised IDS model that leverages Generative Adversarial Networks (GANs) and Adversarial AutoEncoder (AAE), called a semi-supervised adversarial autoencoder (SAAE). Our SAAE experimental results on two public datasets for benchmarking ML-based IDS, including NF-CSE-CIC-IDS2018 and NF-UNSW-NB15, demonstrate the effectiveness of AAE and GAN in case of using only a small number of labeled data. In particular, our approach outperforms other ML methods with the highest detection rates in spite of the scarcity of labeled data for model training, even with only 1% labeled data.

In the operation of information technology (IT) services, operators monitor the equipment-issued alarms, to locate the cause of a failure and take action. Alarms generate simultaneously from multiple devices with physical/logical connections. Therefore, if the time and location of the alarms are close to each other, it can be judged that the alarms are likely to be caused by the same event. In this paper, we propose a method that takes a novel approach by correlating alarms considering event units using a Bayesian network based on alarm generation time, generation place, and alarm type. The topology information becomes a critical decision element when doing the alarm correlation. However, errors may occur when topology information updates manually during failures or construction. Therefore, we show that event-by-event correlation with 100% accuracy is possible even if the topology information is 25% wrong by taking into location information other than topology information.

In recent years, generative adversarial networks (GAN) have become a research hotspot in the field of deep learning. Researchers apply them to the field of anomaly detection and are committed to effectively and accurately identifying abnormal images in practical applications. In anomaly detection, traditional supervised learning algorithms have limitations in training with a large number of known labeled samples. Therefore, the anomaly detection model of unsupervised learning GAN is the research object for discussion and research. Firstly, the basic principles of GAN are introduced. Secondly, several typical GAN-based anomaly detection models are sorted out in detail. Then by comparing the similarities and differences of each derivative model, discuss and summarize their respective advantages, limitations and application scenarios. Finally, the problems and challenges faced by GAN in anomaly detection are discussed, and future research directions are prospected.

In the prevailing situation, the sports like economic, industrial, cultural, social, and governmental activities are carried out in the online world. Today's international is particularly dependent on the wireless era and protective these statistics from cyber-assaults is a hard hassle. The reason for cyber-assaults is to damage thieve the credentials. In a few other cases, cyber-attacks ought to have a navy or political functions. The damages are PC viruses, facts break, DDS, and exceptional attack vectors. To this surrender, various companies use diverse answers to prevent harm because of cyberattacks. Cyber safety follows actual-time data at the modern-day-day IT data. So, far, numerous techniques have proposed with the resource of researchers around the area to prevent cyber-attacks or lessen the harm due to them. The cause of this has a look at is to survey and comprehensively evaluate the usual advances supplied around cyber safety and to analyse the traumatic situations, weaknesses, and strengths of the proposed techniques. Different sorts of attacks are taken into consideration in element. In addition, evaluation of various cyber-attacks had been finished through the platform called Kali Linux. It is predicted that the complete assessment has a have a study furnished for college students, teachers, IT, and cyber safety researchers might be beneficial.

In recent years, new types of cyber attacks called targeted attacks have been observed. It targets specific organizations or individuals, while usual large-scale attacks do not focus on specific targets. Organizations have published many Word or PDF files on their websites. These files may provide the starting point for targeted attacks if they include hidden data unintentionally generated in the authoring process. Adhatarao and Lauradoux analyzed hidden data found in the PDF files published by security agencies in many countries and showed that many PDF files potentially leak information like author names, details on the information system and computer architecture. In this study, we analyze hidden data of PDF files published on the website of police agencies in Japan and compare the results with Adhatarao and Lauradoux's. We gathered 110989 PDF files. 56% of gathered PDF files contain personal names, organization names, usernames, or numbers that seem to be IDs within the organizations. 96% of PDF files contain software names.

In today’s world, digital data are enormous due to technologies that advance data collection, storage, and analyses. As more data are shared or publicly available, privacy is of great concern. Having privacy means having control over your data. The first step towards privacy protection is to understand various aspects of privacy and have the ability to quantify them. Much work in structured data, however, has focused on approaches to transforming the original data into a more anonymous form (via generalization and suppression) while preserving the data integrity. Such anonymization techniques count data instances of each set of distinct attribute values of interest to signify the required anonymity to protect an individual’s identity or confidential data. While this serves the purpose, our research takes an alternative approach to provide quick privacy measures by way of anonymity especially when dealing with large-scale data. This paper presents a study of anonymity measures based on their relevant properties that impact privacy. Specifically, we identify three properties: uniformity, variety, and diversity, and formulate their measures. The paper provides illustrated examples to evaluate their validity and discusses the use of multi-aspects of anonymity and privacy measures.

At present, the ciphertext-policy attribute based encryption (CP-ABE) has been widely used in different fields of data sharing such as cross-border paperless trade, digital government and etc. However, there still exist some challenges including single point of failure, key abuse and key unaccountable issues in CP-ABE. To address these problems. We propose an accountable CP-ABE mechanism based on block chain system. First, we establish two authorization agencies MskCA and AttrVN(Attribute verify Network),where the MskCA can realize master key escrow, and the AttrVN manages and validates users' attributes. In this way, our system can avoid the single point of failure and improve the privacy of user attributes and security of keys. Moreover, in order to realize auditability of CP-ABE key parameter transfer, we introduce the did and record parameter transfer process on the block chain. Finally, we theoretically prove the security of our CP-ABE. Through comprehensive comparison, the superiority of CP-ABE is verified. At the same time, our proposed schemes have some properties such as fast decryption and so on.

The recent experience in the use of virtual reality (VR) technology has shown that users prefer Electromyography (EMG) sensor-based controllers over hand controllers. The results presented in this paper show the potential of EMG-based controllers, in particular the Myo armband, to identify a computer system user. In the first scenario, we train various classifiers with 25 keyboard typing movements for training and test with 75. The results with a 1-dimensional convolutional neural network indicate that we are able to identify the user with an accuracy of 93% by analyzing only the EMG data from the Myo armband. When we use 75 moves for training, accuracy increases to 96.45% after cross-validation.

With the advent of the era of big data, the files that need to be stored in the storage system will increase exponentially. Cloud storage has become the most popular data storage method due to its powerful convenience and storage capacity. However, in order to save costs, some cloud service providers, Malicious deletion of the user's infrequently accessed data causes the user to suffer losses. Aiming at data integrity and privacy issues, a blockchain-based cloud storage integrity verification scheme for recoverable data is proposed. The scheme uses the Merkle tree properties, anonymity, immutability and smart contracts of the blockchain to effectively solve the problems of cloud storage integrity verification and data damage recovery, and has been tested and analyzed that the scheme is safe and effective.