Biblio

In the prevailing situation, the sports like economic, industrial, cultural, social, and governmental activities are carried out in the online world. Today's international is particularly dependent on the wireless era and protective these statistics from cyber-assaults is a hard hassle. The reason for cyber-assaults is to damage thieve the credentials. In a few other cases, cyber-attacks ought to have a navy or political functions. The damages are PC viruses, facts break, DDS, and exceptional attack vectors. To this surrender, various companies use diverse answers to prevent harm because of cyberattacks. Cyber safety follows actual-time data at the modern-day-day IT data. So, far, numerous techniques have proposed with the resource of researchers around the area to prevent cyber-attacks or lessen the harm due to them. The cause of this has a look at is to survey and comprehensively evaluate the usual advances supplied around cyber safety and to analyse the traumatic situations, weaknesses, and strengths of the proposed techniques. Different sorts of attacks are taken into consideration in element. In addition, evaluation of various cyber-attacks had been finished through the platform called Kali Linux. It is predicted that the complete assessment has a have a study furnished for college students, teachers, IT, and cyber safety researchers might be beneficial.

Due to openness of the deployed environment and transmission medium, Wireless Sensor Networks (WSNs) suffers from various types of security attacks including Denial of service, Sinkhole, Tampering etc. Securing WSN is achieved a greater research interest and this paper proposes a new secure routing strategy for WSNs based on trust model. In this model, initially the sensor nodes of the network are formulated as clusters. Further a trust evaluation mechanism was accomplished for every sensor node at Cluster Head level to build a secure route for data transmission from sensor node to base station. Here the trust evaluation is carried out only at cluster head and also the cluster head is chosen in such a way the node having rich resources availability. The trust evaluation is a composition of the social trust and data trust. Simulation experiments are conducted over the proposed approach and the performance is measured through the performance metrics such as network lifetime, and Malicious Detection Rate. The obtained performance metrics shows the outstanding performance of proposed approach even in the increased malicious behavior of network.

Biometric security is the fastest growing area that receives considerable attention over the past few years. Digital hiding and encryption technologies provide an effective solution to secure biometric information from intentional or accidental attacks. Visual cryptography is the approach utilized for encrypting the information which is in the form of visual information for example images. Meanwhile, the biometric template stored in the databases are generally in the form of images, the visual cryptography could be employed effectively for encrypting the template from the attack. This study develops a share creation with improved encryption process for secure biometric verification (SCIEP-SBV) technique. The presented SCIEP-SBV technique majorly aims to attain security via encryption and share creation (SC) procedure. Firstly, the biometric images undergo SC process to produce several shares. For encryption process, homomorphic encryption (HE) technique is utilized in this work. To further improve the secrecy, an improved bald eagle search (IBES) approach was exploited in this work. The simulation values of the SCIEP-SBV system are tested on biometric images. The extensive comparison study demonstrated the improved outcomes of the SCIEP-SBV technique over compared methods.

Since malware has caused serious damages and evolving threats to computer and Internet users, its detection is of great interest to both anti-malware industry and researchers. In recent years, machine learning-based systems have been successfully deployed in malware detection, in which different kinds of classifiers are built based on the training samples using different feature representations. Unfortunately, as classifiers become more widely deployed, the incentive for defeating them increases. In this paper, we explore the adversarial machine learning in malware detection. In particular, on the basis of a learning-based classifier with the input of Windows Application Programming Interface (API) calls extracted from the Portable Executable (PE) files, we present an effective evasion attack model (named EvnAttack) by considering different contributions of the features to the classification problem. To be resilient against the evasion attack, we further propose a secure-learning paradigm for malware detection (named SecDefender), which not only adopts classifier retraining technique but also introduces the security regularization term which considers the evasion cost of feature manipulations by attackers to enhance the system security. Comprehensive experimental results on the real sample collections from Comodo Cloud Security Center demonstrate the effectiveness of our proposed methods.

A novel secure arithmetic image coding algorithm based on Two-dimensional Generalized Logistic Mapping is proposed. Firstly, according to the digital image size m×n, two 2D chaotic sequences are generated by logistic chaotic mapping. Then, the original image data is scrambled by sorting the chaotic sequence. Secondly, the chaotic sequence is optimized to generate key stream which is used to mask the image data. Finally, to generate the final output, the coding interval order is controlled by the chaotic sequence during the arithmetic coding process. Experiment results show the proposed secure algorithm has good robustness and can be applied in the arithmetic coder for multimedia such as video and audio with little loss of coding efficiency.

Physical perturbations are performed against embedded systems that can contain valuable data. Such devices and in particular smart cards are targeted because potential attackers hold them. The embedded system security must hold against intentional hardware failures that can result in software errors. In a malicious purpose, an attacker could exploit such errors to find out secret data or disrupt a transaction. Simulation techniques help to point out fault injection vulnerabilities and come at an early stage in the development process. This paper proposes a generic fault injection simulation tool that has the particularity to embed the injection mechanism into the smart card source code. By its embedded nature, the Embedded Fault Simulator (EFS) allows us to perform fault injection simulations and side-channel analyses simultaneously. It makes it possible to achieve combined attacks, multiple fault attacks and to perform backward analyses. We appraise our approach on real, modern and complex smart card systems under data and control flow fault models. We illustrate the EFS capacities by performing a practical combined attack on an Advanced Encryption Standard (AES) implementation.

Joint transmission coordinated multi-point (CoMP) is a combination of constructive and destructive superposition of several to potentially many signal components, with the goal to maximize the desired receive-signal and at the same time to minimize mutual interference. Especially the destructive superposition requires accurate alignment of phases and amplitudes. Therefore, a 5G clean slate approach needs to incorporate the following enablers to overcome the challenging limitation for JT CoMP: accurate channel estimation of all relevant channel components, channel prediction for time-aligned precoder design, proper setup of cooperation areas corresponding to user grouping and to limit feedback overhead especially in FDD as well as treatment of out-of-cluster interference (interference floor shaping).

Small Unmanned Aircraft Systems (sUAS) are already revolutionizing agricultural and environmental monitoring through the acquisition of high-resolution multi-spectral imagery on-demand. However, in order to accurately understand various complex environmental and agricultural processes, it is often necessary to collect physical samples of pests, pathogens, and insects from the field for ex-situ analysis. In this paper, we describe a sUAS for autonomous deployment and recovery of a novel environmental sensor probe. We present the UAS software and hardware stack, and a probe design that can be adapted to collect a variety of environmental samples and can be transported autonomously for off-site analysis. Our team participated in an NSF-sponsored student unmanned aerial vehicle (UAV) challenge, where we used our sUAS to deploy and recover a scale-model mosquito trap outdoors. Results from indoor and field trials are presented, and the challenges experienced in detecting and docking with the probe in outdoor conditions are discussed.

Small Unmanned Aircraft Systems (sUAS) are already revolutionizing agricultural and environmental monitoring through the acquisition of high-resolution multi-spectral imagery on-demand. However, in order to accurately understand various complex environmental and agricultural processes, it is often necessary to collect physical samples of pests, pathogens, and insects from the field for ex-situ analysis. In this paper, we describe a sUAS for autonomous deployment and recovery of a novel environmental sensor probe. We present the UAS software and hardware stack, and a probe design that can be adapted to collect a variety of environmental samples and can be transported autonomously for off-site analysis. Our team participated in an NSF-sponsored student unmanned aerial vehicle (UAV) challenge, where we used our sUAS to deploy and recover a scale-model mosquito trap outdoors. Results from indoor and field trials are presented, and the challenges experienced in detecting and docking with the probe in outdoor conditions are discussed.

The Internet of Things (IoT) is a technological vision in which constrained or embedded devices connect together through the Internet. This enables common objects to be empowered with communication and cooperation capabilities. Industry can take an enormous advantage of IoT, leading to the so-called Industrial IoT. In these systems, integrity, confidentiality, and access control over data are key requirements. An emerging approach to reach confidentiality and access control is Attribute-Based Encryption (ABE), which is a technique able to enforce cryptographically an access control over data. In this paper, we propose fABElous, an ABE scheme suitable for Industrial IoT applications which aims at minimizing the overhead of encryption on communication. fABElous ensures data integrity, confidentiality, and access control, while reducing the communication overhead of 35% with respect to using ABE techniques naively.

This paper introduces a new method of applying both an Intrusion Detection System (IDS) and an Intrusion Response System (IRS) to communications protected using Ciphertext-Policy Attribute-based Encryption (CP-ABE) in the context of the Internet of Things. This method leverages features specific to CP-ABE in order to improve the detection capabilities of the IDS and the response ability of the network. It also enables improved privacy towards the users through group encryption rather than one-to-one shared key encryption as the policies used in the CP-ABE can easily include the IDS as an authorized reader. More importantly, it enables different levels of detection and response to intrusions, which can be crucial when using anomaly-based detection engines.

Password data in a system usually stored in hash. Various human-caused negligence and system vulnerability can make those data fall in the hand of those who isn't entitled to or even those who have malicious purpose. Attacks which could be done on the hashed password data using GPGPU-based machine are for example: brute-force, dictionary, mask-attack, and word-list. This research explains about effectivity of brute-force and dictionary attack which done on SHA-l hashed password using GPGPU-based machine. Result is showing that brute-force effectively crack more password which has lower set of character, with over 11% of 7 or less characters passwords vs mere 3 % in the dictionary attack counterpart. Whereas dictionary attack is more effective on cracking password which has unsecure character pattern with 5,053 passwords vs 491 on best brute-force attack scenario. Usage of combined attack method (brute-force + dictionary) gives more balanced approach in terms of cracking whether the password is long or secure patterned string.

Machine learning (ML) techniques are changing both the offensive and defensive aspects of cybersecurity. The implications are especially strong for privacy, as ML approaches provide unprecedented opportunities to make use of collected data. Thus, education on cybersecurity and AI is needed. To investigate how AI and cybersecurity should be taught together, we look at previous studies on cybersecurity MOOCs by conducting a systematic literature review. The initial search resulted in 72 items and after screening for only peer-reviewed publications on cybersecurity online courses, 15 studies remained. Three of the studies concerned multiple cybersecurity MOOCs whereas 12 focused on individual courses. The number of published work evaluating specific cybersecurity MOOCs was found to be small compared to all available cybersecurity MOOCs. Analysis of the studies revealed that cybersecurity education is, in almost all cases, organised based on the topic instead of used tools, making it difficult for learners to find focused information on AI applications in cybersecurity. Furthermore, there is a gab in academic literature on how AI applications in cybersecurity should be taught in online courses.

With the emergence of new digital trends like Internet of Things (IoT), more industry actors and technical committees pursue research in utilising such technologies as they promise a better and optimised management, improved energy efficiency and a better quality living through a wide array of value-added services. However, as sensing, actuation, communication and control become increasingly more sophisticated, such promising data-driven systems generate, process, and exchange larger amounts of security-critical and privacy-sensitive data, which makes them attractive targets of attacks. In turn this affirms the importance of trustworthiness in IoT and emphasises the need of a solid technical and regulatory foundation. The goal of this paper is to first introduce the concept of trustworthiness in IoT, its main pillars namely, security, privacy and data protection, and then analyse the state-of-the-art in research and standardisation for each of these subareas. Throughout the paper, we develop and refer to Unmanned Aerial Vehicles (UAVs) as a promising value-added service example of mobile IoT devices. The paper then presents a thorough gap analysis and concludes with recommendations for future work.

Currently, the Dark Web is one key platform for the online trading of illegal products and services. Analysing the .onion sites hosting marketplaces is of interest for law enforcement and security researchers. This paper presents a study on 123k listings obtained from 6 different Dark Web markets. While most of current works leverage existing datasets, these are outdated and might not contain new products, e.g., those related to the 2020 COVID pandemic. Thus, we build a custom focused crawler to collect the data. Being able to conduct analyses on current data is of considerable importance as these marketplaces continue to change and grow, both in terms of products offered and users. Also, there are several anti-crawling mechanisms being improved, making this task more difficult and, consequently, reducing the amount of data obtained in recent years on these marketplaces. We conduct a data analysis evaluating multiple characteristics regarding the products, sellers, and markets. These characteristics include, among others, the number of sales, existing categories in the markets, the origin of the products and the sellers. Our study sheds light on the products and services being offered in these markets nowadays. Moreover, we have conducted a case study on one particular productive and dynamic drug market, i.e., Cannazon. Our initial goal was to understand its evolution over time, analyzing the variation of products in stock and their price longitudinally. We realized, though, that during the period of study the market suffered a DDoS attack which damaged its reputation and affected users' trust on it, which was a potential reason which lead to the subsequent closure of the market by its operators. Consequently, our study provides insights regarding the last days of operation of such a productive market, and showcases the effectiveness of a potential intervention approach by means of disrupting the service and fostering mistrust.

Bluetooth Low Energy mesh networks are emerging as new standard of short burst communications. While security of the messages is guaranteed thought standard encryption techniques, little has been done in terms of actively protecting the overall network in case of attacks aiming to undermine its integrity. Although many network analysis and risk mitigation techniques are currently available, they require considerable amounts of data coming from both legitimate and attack scenarios to sufficiently discriminate among them, which often turns into the requirement of a complete description of the traffic flowing through the network. Furthermore, there are no publicly available datasets to this extent for BLE mesh networks, due most to the novelty of the standard and to the absence of specific implementation tools. To create a reliable mechanism of network analysis suited for BLE in this paper we propose a machine learning Intrusion Detection System (IDS) based on pattern classification and recognition of the most classical denial of service attacks affecting this kind of networks, working on a single internal node, thus requiring a small amount of information to operate. Moreover, in order to overcome the gap created by the absence of data, we present our data collection system based on ESP32 that allowed the collection of the packets from the Network and the Model layers of the BLE Mesh stack, together with a set of experiments conducted to get the necessary data to train the IDS. In the last part, we describe some preliminary results obtained by the experimental setups, focusing on its strengths, as well as on the aspects where further analysis is required, hence proposing some improvements of the classification model as future work. Index Terms-Bluetooth, BLE Mesh, Intrusion Detection System, IoT, network security.