Biblio

Currently as the widespread use of virtual monetary units (like Bitcoin, Ethereum, Ripple, Litecoin) has begun, people with bad intentions have been attracted to this area and have produced and marketed ransomware in order to obtain virtual currency easily. This ransomware infiltrates the victim's system with smartly-designed methods and encrypts the files found in the system. After the encryption process, the attacker leaves a message demanding a ransom in virtual currency to open access to the encrypted files and warns that otherwise the files will not be accessible. This type of ransomware is becoming more popular over time, so currently it is the largest information technology security threat. In the literature, there are many studies about detection and analysis of this cyber-bullying. In this study, we focused on crypto-ransomware and investigated a forensic analysis of a current attack example in detail. In this example, the attack method and behavior of the crypto-ransomware were analyzed and it was identified that information belonging to the attacker was accessible. With this dimension, we think our study will significantly contribute to the struggle against this threat.

The following topics are dealt with: security of data; distributed power generation; power engineering computing; power grids; power system security; computer network security; voltage control; risk management; power system measurement; critical infrastructures.

Data analytics stands to benefit from the increasing availability of datasets that are held without their conceptual relationships being explicitly known. When collected, these datasets form a data lake from which, by processes like data wrangling, specific target datasets can be constructed that enable value- adding analytics. Given the potential vastness of such data lakes, the issue arises of how to pull out of the lake those datasets that might contribute to wrangling out a given target. We refer to this as the problem of dataset discovery in data lakes and this paper contributes an effective and efficient solution to it. Our approach uses features of the values in a dataset to construct hash- based indexes that map those features into a uniform distance space. This makes it possible to define similarity distances between features and to take those distances as measurements of relatedness w.r.t. a target table. Given the latter (and exemplar tuples), our approach returns the most related tables in the lake. We provide a detailed description of the approach and report on empirical results for two forms of relatedness (unionability and joinability) comparing them with prior work, where pertinent, and showing significant improvements in all of precision, recall, target coverage, indexing and discovery times.

Wireless Sensor Networks (WSNs) are attracted great attention in the past decade due to the unlimited number of applications they support. However, security has always been a serious concern for these networks due to the insecure communication links they exploit. In order to mitigate the possible security threats, sophisticated key management schemes must be employed to ensure the generating, distributing and revocation of the cryptographic keys that are needed to implement variety of security measures. In this paper, we propose a novel decentralized key management scheme for hierarchical grid organized WSNs. The main goal of our scheme is to reduce the total number of cryptographic keys stored in sensor nodes while maintaining the desired network connectivity. The performance analysis shows the efficiency of the proposed protocol in terms of communication overhead, storage cost and network connectivity.

In this paper, our objective is to focus on the recent trend of military fields where they brought Internet of Things (IoT) to have better impact on the battlefield by improving the effectiveness and this is called Internet of Battlefield Things(IoBT). Due to the requirements of high computing capability and minimum response time with minimum fault tolerance this paper proposed a decentralized IoBT architecture. The proposed method can increase the reliability in the battlefield environment by searching the reliable nodes among all the edge nodes in the environment, and by adding the fault tolerance in the edge nodes will increase the effectiveness of overall battlefield scenario. This suggested fault tolerance approach is worth for decentralized mode to handle the issue of latency requirements and maintaining the task reliability of the battlefield. Our experimental results ensure the effectiveness of the proposed approach as well as enjoy the requirements of latency-aware military field while ensuring the overall reliability of the network.

In this paper, we propose a decision support process that is designed to help network and security operators in understanding the complexity of a current security situation and decision making concerning ongoing cyber-attacks and threats. The process focuses on enterprise missions and uses a graph-based mission decomposition model that captures the missions, underlying hosts and services in the network, and functional and security requirements between them. Knowing the vulnerabilities and attacker's position in the network, the process employs logical attack graphs and Bayesian network to infer the probability of the disruption of the confidentiality, integrity, and availability of the missions. Based on the probabilities of disruptions, the process suggests the most resilient mission configuration that would withstand the current security situation.

Autonomy in cybersystems depends on their ability to be self-aware by understanding the intent of services and applications that are running on those systems. In case of mission-critical cybersystems that are deployed in dynamic and unpredictable environments, the newly integrated unknown applications or services can either be benign and essential for the mission or they can be cyberattacks. In some cases, these cyberattacks are evasive Advanced Persistent Threats (APTs) where the attackers remain undetected for reconnaissance in order to ascertain system features for an attack e.g. Trojan Laziok. In other cases, the attackers can use the system only for computing e.g. cryptomining malware. APTs such as cryptomining malware neither disrupt normal system functionalities nor trigger any warning signs because they simply perform bitwise and cryptographic operations as any other benign compression or encoding application. Thus, it is difficult for defense mechanisms such as antivirus applications to detect these attacks. In this paper, we propose an Operating Context profiling system based on deep neural networks-Long Short-Term Memory (LSTM) networks-using Windows Performance Counters data for detecting these evasive cryptomining applications. In addition, we propose Deep Cryptomining Profiler (DeCrypto Pro), a detection system with a novel model selection framework containing a utility function that can select a classification model for behavior profiling from both the light-weight machine learning models (Random Forest and k-Nearest Neighbors) and a deep learning model (LSTM), depending on available computing resources. Given data from performance counters, we show that individual models perform with high accuracy and can be trained with limited training data. We also show that the DeCrypto Profiler framework reduces the use of computational resources and accurately detects cryptomining applications by selecting an appropriate model, given the constraints such as data sample size and system configuration.

Millimeter Wave (mmWave) band can be a solution to serve the vast number of Internet of Things (IoT) and Vehicle to Everything (V2X) devices. In this context, Cognitive Radio (CR) is capable of managing the mmWave spectrum sharing efficiently. However, Cognitive mmWave Radios are vulnerable to malicious users due to the complex dynamic radio environment and the shared access medium. This indicates the necessity to implement techniques able to detect precisely any anomalous behaviour in the spectrum to build secure and efficient radios. In this work, we propose a comparison framework between deep generative models: Conditional Generative Adversarial Network (C-GAN), Auxiliary Classifier Generative Adversarial Network (AC-GAN), and Variational Auto Encoder (VAE) used to detect anomalies inside the dynamic radio spectrum. For the sake of the evaluation, a real mmWave dataset is used, and results show that all of the models achieve high probability in detecting spectrum anomalies. Especially, AC-GAN that outperforms C-GAN and VAE in terms of accuracy and probability of detection.

Per the National Energy Policy, Demand Side Management (DSM) is one of the energy conservations that performs a function to manage electric power of demand-side resources. One of the DSM solutions is a demand response program, which is a part of Thailand Smart Grid Action Plan 2017 - 2021. Demand response program such as peak demand reduction plays a role in both the management of the electricity crisis and enhance energy security. This paper presents a pilot project for a fully automated demand response program at MEA Rat Burana District Office. The system is composed of a Building Energy Management System (BEMS) with Demand Response Client gateway and 5 energy controllers at the air conditioner by using the OpenADR2.0b protocol. Also, this concept leads to automatic or semi-automatic demand response program in the future. The result shows the total energy consumption reduction for air conditioners by 53.5%. The future works to be carried out are to implement into other MEA District Office such as Khlong Toei, Yan Nawa and Bang Khun Thian and to test with a Load Aggregator Management System (LAMS).

Blockchain is becoming more popular because of its decentralized, secured, and transparent nature. Supply chain and its management is indispensable to improve customer services, reduce operating costs and improve financial position of a firm. Integration of blockchain and supply chain is substantial, but it alone is not enough for the sustainability of supply chain systems. The proposed mechanism speaks about the method of rewarding the supply chain parties with incentives so as to improve the security and make the integration of supply chain with blockchain sustainable. The proposed incentive mechanism employs the co-operative approach of game theory where all the supply chain parties show a cooperative behavior of following the blockchain-based supply chain protocols and also this mechanism makes a fair attempt in rewarding the supply chain parties with incentives.

Moving Target Defense (MTD) has been emerged as a promising countermeasure to defend systems against cyberattacks asymmetrically while working well with legacy security and defense mechanisms. MTD provides proactive security services by dynamically altering attack surfaces and increasing attack cost or complexity to prevent further escalation of the attack. However, one of the non-trivial hurdles in deploying MTD techniques is how to handle potential performance degradation (e.g., interruptions of service availability) and maintain acceptable quality-of-service (QoS) in an MTD-enabled system. In this paper, we derive the service performance metrics (e.g., an extent of failed jobs) to measure how much performance degradation is introduced due to MTD operations, and propose QoS-aware service strategies (i.e., drop and wait) to manage ongoing jobs with the minimum performance degradation even under MTD operations running. We evaluate the service performance of software-defined networking (SDN)-based web services (i.e., Apache web servers). Our experimental results prove that the MTD-enabled system can minimize performance degradation by using the proposed job management strategies. The proposed strategies aim to optimize a specific service configuration (e.g., types of jobs and request rates) and effectively minimize the adverse impact of deploying MTD in the system with acceptable QoS while retaining the security effect of IP shuffling-based MTD.

To solve the problem of poor security and performance caused by traditional encryption algorithm in the cloud data storage of power bidding system, we proposes a hybrid encryption method based on symmetric encryption and asymmetric encryption. In this method, firstly, the plaintext upload file is divided into several blocks according to the proportion, then the large file block is encrypted by symmetrical encryption algorithm AES to ensure the encryption performance, and then the small file block and AES key are encrypted by asymmetric encryption algorithm ECC to ensure the file encryption strength and the security of key transmission. Finally, the ciphertext file is generated and stored in the cloud storage environment to prevent sensitive files Pieces from being stolen and destroyed. The experimental results show that the hybrid encryption method can improve the anti-attack ability of cloud storage files, ensure the security of file storage, and have high efficiency of file upload and download.

In order to significantly improve the reliable interaction and fast processing when TT&C(Tracking, Telemetry and Command) Resource Scheduling and Management System (TRSMS) communicate with external systems which are diverse, multiple directional and high concurrent, this paper designs and implements a highly concurrent and secure middleware for TT&C Resource Automatic Scheduling Interface (TRASI). The middleware designs memory pool, data pool, thread pool and task pool to improve the efficiency of concurrent processing, uses the rule dictionary, communication handshake and wait retransmission mechanism to ensure the data interaction security and reliability. This middleware can effectively meet the requirements of TRASI for data exchange with external users and system, significantly improve the data processing speed and efficiency, and promote the information technology and automation level of Aerospace TT&C Network Management Center (TNMC).

This article discusses the problem of detecting cross-site scripting (XSS) using machine learning methods. XSS is an attack in which malicious code is embedded on a page to interact with an attacker’s web server. The XSS attack ranks third in the ranking of key web application risks according to Open Source Foundation for Application Security (OWASP). This attack has not been studied for a long time. It was considered harmless. However, this is fallacious: the page or HTTP Cookie may contain very vulnerable data, such as payment document numbers or the administrator session token. Machine learning is a tool that can be used to detect XSS attacks. This article describes an experiment. As a result the model for detecting XSS attacks was created. Following machine learning algorithms are considered: the support vector method, the decision tree, the Naive Bayes classifier, and Logistic Regression. The accuracy of the presented methods is made a comparison.

The Ad-hoc Vehicular networks (VANET) was developed through the implementation of the concepts of ad-hoc mobile networks(MANET), which is swiftly maturing, promising, emerging wireless communication technology nowadays. Vehicular communication enables us to communicate with other vehicles and Roadside Infrastructure Units (RSU) to share information pertaining to the safety system, traffic analysis, Authentication, privacy, etc. As VANETs operate in an open wireless connectivity system, it increases permeable of variant type's security issues. Security concerns, however, which are either generally seen in ad-hoc networks or utterly unique to VANET, present significant challenges. Access Control List (ACL) can be an efficient feature to solve such security issues by permitting statements to access registered specific IP addresses in the network and deny statement unregistered IP addresses in the system. To establish such secured VANETs, the License number of the vehicle will be the Identity Number, which will be assigned via a DNS server by the Traffic Certification Authority (TCA). TCA allows registered vehicles to access the nearest two or more regions. For special vehicles, public access should be restricted by configuring ACL on a specific IP. Smart-card given by TCA can be used to authenticate a subscriber by checking previous records during entry to a new network area. After in-depth analysis of Packet Delivery Ratio (PDR), Packet Loss Ratio (PLR), Average Delay, and Handover Delay, this research offers more secure and reliable communication in VANETs.

This chapter presents a game‐theoretic model to analyze attack–defense scenarios that use fake nodes (computing devices) for deception under consideration of the system deploying defense resources to protect individual nodes in a cost‐effective manner. The developed model has important applications in the Internet of Battlefield Things (IoBT). Our game‐theoretic model illustrates how the concept of the Nash equilibrium can be used by the defender to intelligently choose which nodes should be used for performing a computation task while deceiving the attacker into expending resources for attacking fake nodes. Our model considers the fact that defense resources may become compromised under an attack and suggests that the defender, in a probabilistic manner, may utilize unprotected nodes for performing a computation while the attacker is deceived into attacking a node with defense resources installed. The chapter also presents a deception‐based strategy to protect a target node that can be accessed via a tree network. Numerical results provide insights into the strategic deception techniques presented in this chapter.

Artificial intelligence has been widely used in industries such as smart manufacturing, medical care and home furnishings. Among them, the value of the application in communication security is very important. This paper makes a further exploration of the artificial intelligence technology and its application, and gives a detailed analysis of its development, standardization and the application.

One of the most important issues in the development of the Internet of Things (IoT) is network security. The deep packet inspection (DPI) is a promising technology that helps to detection and protection against network attacks. The DPI software system for IoT is developed in this paper. The system for monitoring and analyzing IoT traffic to detect anomalies and identify attacks based on Hurst parameter is proposed. This system makes it possible to determine the Hurst flow parameter at different intervals of observation. This system can be installed on a network provider to use more effectively the bandwidth.

Android gives us opportunity to extract meaningful information from metadata. From the security point of view, the missing important information in metadata of an application could be a sign of suspicious application, which could be directed for extensive analysis. Especially the usage of dangerous permissions is expected to be explained in app descriptions. The permission-to-description fidelity problem in the literature aims to discover such inconsistencies between the usage of permissions and descriptions. This study proposes a new method based on natural language processing and recurrent neural networks. The effect of user reviews on finding such inconsistencies is also investigated in addition to application descriptions. The experimental results show that high precision is obtained by the proposed solution, and the proposed method could be used for triage of Android applications.

In this century, the demand for energy is increasing daily, and the need for energy resources has become urgent and inevitable. New ways of generating energy, such as renewable resources that depend on many sources, including the sun and wind energy will contribute to the future of humankind largely and effectively. These renewable sources are facing major challenges that cannot be ignored which also require more researches on appropriate solutions . This has led to the emergence of a new type of network user called prosumer, which causes new challenges such as the intermittent nature of renewable. Smart grids have emerged as a solution to integrate these distributed energy sources. It also provides a mechanism to maintain safety and security for power supply networks. The main idea of smart grids is to facilitate local production and consumption By customers and consumers.Distributed ledger technology (DLT) or Block-chain technology has evolved dramatically since 2008 that coincided with the birth of its first application Bitcoin, which is the first cryptocurrency. This innovation led to sparked in the digital revolution, which provides decentralization, security, and democratization of information storage and transfer systems across numerous sectors/industries. Block-chain can be applied for the sake of the durability and safety of energy systems. In this paper, we will propose a new distributed framework that provides protection based on block-chain technology for energy systems to enhance self-defense capability against those cyber-attacks.

Intrusion Detection System is a well-known term in the domain of Network and Information Security. It's one of the important components of the Network and Information Security infrastructure. Host Intrusion Detection System (HIDS) helps to detect unauthorized use, abnormal and malicious activities on the host, whereas Network Intrusion Detection System (NIDS) helps to detect attacks and intrusion on networks. Various researchers are actively working on different approaches to improving the IDS performance and many improvements have been achieved. However, development in many other technologies and newly emerging techniques always opens the doors of opportunity to add a sharp edge to IDS and to make it more robust and reliable. This paper proposes the development of Distributed Intrusion Detection System (DIDS) using emerging and promising technologies like Blockchain upon a stable platform like cloud infrastructure.

IoT devices such as Google Home and Amazon Echo provide great convenience to our lives. Many of these IoT devices collect data including Personal Identifiable Information such as names, phone numbers, and addresses and thus IoT security is important. However, conducting security analysis on IoT devices is challenging due to the variety, the volume of the devices, and the special skills required for hardware and software analysis. In this research, we create and demonstrate a dynamic analysis security testing infrastructure for capturing network traffic from IoT devices. The network traffic is automatically mirrored to a server for live traffic monitoring and offline data analysis. Using the dynamic analysis security testing infrastructure, we conduct extensive security analysis on network traffic from Google Home and Amazon Echo. Our testing results indicate that Google Home enforces tighter security controls than Amazon Echo while both Google and Amazon devices provide the desired security level to protect user data in general. The dynamic analysis security testing infrastructure presented in the paper can be utilized to conduct similar security analysis on any IoT devices.

Electrocardiogram (ECG) biometric authentication (EBA) is a promising approach for human identification, particularly in consumer devices, due to the individualized, ubiquitous, and easily identifiable nature of ECG signals. Thus, computing architectures for EBA must be accurate, fast, energy efficient, and secure. In this article, first, we implement an EBA algorithm to achieve 100% accuracy in user authentication. Thereafter, we extensively analyze the algorithm to show the distinct variance in execution requirements and reveal the latency bottleneck across the algorithm's different steps. Based on our analysis, we propose a domain-specific architecture (DSA) to satisfy the execution requirements of the algorithm's different steps and minimize the latency bottleneck. We explore different variations of the DSA, including one that features the added benefit of ensuring constant timing across the different EBA steps, in order to mitigate the vulnerability to timing-based side-channel attacks. Our DSA improves the latency compared to a base ARM-based processor by up to 4.24×, while the constant timing DSA improves the latency by up to 19%. Also, our DSA improves the energy by up to 5.59×, as compared to the base processor.

Network traffic classification has a range of applications in network management including QoS and security monitoring. Deep Packet Inspection (DPI) is one of the effective method used for traffic classification. DPI is computationally expensive operation involving string matching between payload and application signatures. Existing traffic classification techniques perform multiple scans of payload to classify the application flows - first scan to extract the words and the second scan to match the words with application signatures. In this paper we propose an approach which can classify network flows with single scan of flow payloads using a heuristic method to achieve a sub-linear search complexity. The idea is to scan few initial bytes of payload and determine potential application signature(s) for subsequent signature matching. We perform experiments with a large dataset containing 171873 network flows and show that it has a good classification accuracy of 98%.

This paper presents the implementation of the ELGamal cryptoalgorithm for information flows encryption / decryption, which is based on the application of the vector-modular method of modular exponentiation and multiplication. This allows us to replace the complex operation of the modular exponentiation with multiplication and the last one with addition that increases the speed of the cryptosystem. In accordance with this, the application of the vector-modular method allows us to reduce the modular exponentiation and multiplication temporal complexity in comparison with the classical one.