Biblio

An Intrusion Detection System (IDS) is a core element for securing critical systems. An IDS can use signatures of known attacks, or an anomaly detection model for detecting unknown attacks. Attacking an IDS is often the entry point of an attack against a critical system. Consequently, the security of IDSs themselves is imperative. To secure model-based IDSs, we propose a method to authenticate the anomaly detection model. The anomaly detection model is an autoencoder for which we only have access to input-output pairs. Inputs consist of time windows of values from sensors and actuators of an Industrial Control System. Our method is based on a multipath Neural Network (NN) classifier, a newly proposed deep learning technique. The idea is to characterize errors of an IDS's autoencoder by using a multipath NN's confidence measure \$c\$. We use the Wilcoxon-Mann-Whitney (WMW) test to detect a change in the distribution of the summary variable \$c\$, indicating that the autoencoder is not working properly. We compare our method to two baselines. They consist in using other summary variables for the WMW test. We assess the performance of these three methods using simulated data. Among others, our analysis shows that: 1) both baselines are oblivious to some autoencoder spoofing attacks while 2) the WMW test on a multipath NN's confidence measure enables detecting eventually any autoencoder spoofing attack.

Recently, as a result of the COVID-19 pandemic, the internet service has seen an upsurge in use. As a result, the usage of cloud computing apps, which offer services to end users on a subscription basis, rises in this situation. However, the availability and efficiency of cloud computing resources are impacted by DDoS attacks, which are designed to disrupt the availability and processing power of cloud computing services. Because there is no effective way for detecting or filtering DDoS attacks, they are a dependable weapon for cyber-attackers. Recently, researchers have been experimenting with machine learning (ML) methods in order to create efficient machine learning-based strategies for detecting DDoS assaults. In this context, we propose a technique for detecting DDoS attacks in a cloud computing environment using big data and deep learning algorithms. The proposed technique utilises big data spark technology to analyse a large number of incoming packets and a deep learning machine learning algorithm to filter malicious packets. The KDDCUP99 dataset was used for training and testing, and an accuracy of 99.73% was achieved.

Internet of Thing (IoT) devices are being widely used in smart homes and organizations. An IoT device has some intended purposes, but may also have hidden functionalities. Typically, the device is installed in a home or an organization and the network traffic associated with the device is captured and analyzed to infer high-level functionality to the extent possible. However, such analysis is dynamic in nature, and requires the installation of the device and access to network data which is often hard to get for privacy and confidentiality reasons. We propose an alternative static approach which can infer the functionality of a device from vendor materials using Natural Language Processing (NLP) techniques. Information about IoT device functionality can be used in various applications, one of which is ensuring security in a smart home. We demonstrate how security policies associated with device functionality in a smart home can be formally represented using the NIST Next Generation Access Control (NGAC) model and automatically analyzed using Alloy, which is a formal verification tool. This will provide assurance to the consumer that these devices will be compliant to the home or organizational policy even before they have been purchased.

In this work a data provenance system for grid-oriented applications is presented. The proposed Keyless Infrastructure Security Solution (KISS) provides mechanisms to store and maintain digital data fingerprints that can later be used to validate and assert data provenance using a time-based, hash tree mechanism. The developed solution has been designed to satisfy the stringent requirements of the modern power grid including execution time and storage necessities. Its applicability has been tested using a lab-scale, proof-of-concept deployment that secures an energy management system against the attack sequence observed on the 2016 Ukrainian power grid cyberattack. The results demonstrate a strong potential for enabling data provenance in a wide array of applications, including speed-sensitive applications such as those found in control room environments.

Dynamic searchable symmetric encryption (DSSE) that enables a client to perform searches and updates on encrypted data has been intensively studied in cloud computing. Recently, forward privacy and backward privacy has engaged significant attention to protect DSSE from the leakage of updates. However, the research in this field almost focused on keyword-level updates. That is, the client needs to know the keywords of the documents in advance. In this paper, we proposed a document-level update scheme, DBP, which supports immediate deletion while guaranteeing forward privacy and backward privacy. Compared with existing forward and backward private DSSE schemes, our DBP scheme has the following merits: 1) Practicality. It achieves deletion based on document identifiers rather than document/keyword pairs; 2) Efficiency. It utilizes only lightweight primitives to realize backward privacy while supporting immediate deletion. Experimental evaluation on two real datasets demonstrates the practical efficiency of our scheme.

The superior breadth of data transmission through the internet is rapidly increasing in the current scenario. The information in the form of images is really critical in the fields of Banking, Military, Medicine, etc, especially, in the medical field as people are unable to travel to different locations, they rely on telemedicine facilities available. All these fields are equally vulnerable to intruders. So, to prevent such an act, encryption of these data in the form of images can be done using chaos encryption. Chaos Encryption has its long way in the field of Secure Communication. Their Unique features offer much more security than any conventional algorithms. There are many simple chaotic maps that could be used for encryption. In this paper, at first Henon chaotic maps is used for the encryption purpose. The comparison of the algorithm with conventional algorithms is also done. Finally, a security analysis for proving the robustness of the algorithm is carried out. Also, different existing and some new versions are compared so as to check whether a new combination could produce a better result. The simulation results show that the proposed algorithm is robust and simple to be used for this application. Also, found a new combination of the map to be used for the application.

The internal laboratory directed research and development (LDRD) project Infrastructure eXpression (IX) at the Idaho National Laboratory (INL), is based on codifying infrastructure to support automatic applicability to emerging cyber issues, enabling automated cyber responses, codifying attack surfaces, and analysis of cyber impacts to our nation's most critical infrastructure. IX uses the Structured Threat Information eXpression (STIX) open international standard version 2.1 which supports STIX Cyber Observable (SCO) to codify infrastructure characteristics and exposures. Using these codified infrastructures, STIX Relationship Objects (SRO) connect to STIX Domain Objects (SDO) used for modeling cyber threat used to create attack surfaces integrated with specific infrastructure. This IX model creates a shareable, actionable and implementable attack surface that is updateable with emerging threat or infrastructure modifications. Enrichment of cyber threat information includes attack patterns, indicators, courses of action, malware and threat actors. Codifying infrastructure in IX enables creation of software and hardware bill of materials (SBoM/HBoM) information, analysis of emerging cyber vulnerabilities including supply chain threat to infrastructure.

Deepfake detection techniques have been widely studied to resolve security issues. However, existing techniques mainly focused on RGB channel-based analysis, which still shows incomplete detection accuracy. In this paper, we validate the performance of Gray channel-based deepfake detection. To compare RGB channel-based analysis and Gray channel-based analysis in deepfake detection, we quantitatively measured the performance by using popular CNN models, deepfake datasets, and evaluation indicators. Our experimental results confirm that Gray channel-based deepfake detection outperforms RGB channel-based deepfake detection in terms of accuracy and analysis time.

This paper considers methods of fingerprint protection in biometric authentication systems. Including methods of protecting fingerprint templates using zero digital watermarks and cryptography techniques. The paper considers a secure authentication model using cryptography and digital watermarks.

It is not possible to speak about a complete security system without also taking into account the video surveillance system (CCTV). The reason is that CCTV systems offer the most spectacular results both in the security of goods and people and in the field of customer relations, marketing, traffic monitoring and the list can go on. With the development of the software industry the applicability of CCTV systems has greatly increased, largely due to image processing applications. The present paper, which is the continuation of an article already presented at an international conference, aims to shape the electrical characteristics of a common video surveillance system. The proposed method will be validated in two different programming environments.

This paper deals with the different security issues and their probable solution related to the Internet of things (IoT). We firstly examine and found out the basic possible threats and security attacks in IoT. As we all are familiar with the fact that IoT had its impact in today’s era. We are very much dependent on smart technologies these days. Security is always an immense challenge in the IoT domain. We had tried to focus on some of the most common possible attacks and also examined the layer of the system model of IoT in which it had happened. In the later section of the paper, we had proposed all the possible solutions for the issues and attacks. This work will be used for giving some possible solutions for the attacks in different layers and we can stop them at the earliest.

A smart home provides better living environment by allowing remote Internet access for controlling the home appliances and devices. Security of smart homes is an important application area commonly using Passive Infrared Sensors (PIRs), image capture and analysis but such solutions sometimes fail to detect an event. An unambiguous person detection is important for security applications so that no event is missed and also that there are no false alarms which result in waste of resources. Cloud platforms provide deep learning and IoT services which can be used to implement an automated and failsafe security application. In this paper, we demonstrate reliable person detection for indoor and outdoor scenarios by integrating an application running on an edge device with AWS cloud services. We provide results for identifying a person before authorizing entry, detecting any trespassing within the boundaries, and monitoring movements within the home.

This paper studies the physical layer security of four reactive relay selection methods (optimum relay selection, opportunist relay selection enhancement, suboptimal relay selection enhancement and partial relay selection enhancement) in a cooperative cognitive radio network including one pair of primary users, one eavesdropper, multiple relays and secondary users with perfect and imperfect channel state information (CSI) at receivers. In addition, we consider existing a direct link from a secondary source (S) to secondary destination receivers (D) and eavesdroppers (E). The secrecy outage probability, outage probability, intercept probability and reliability are calculated to verify the four relay selection methods with the fading channels by using Monte Carlo simulation. The results show that the loss of secrecy outage probability when remaining direct links from S to D and S to E. Additionally, the results also show that the trade-off between secrecy outage probability and the intercept probability and the optimum relay selection method outperforms other methods.

Biometric matching involves storing and processing sensitive user information. Maintaining the privacy of this data is thus a major challenge, and homomorphic encryption offers a possible solution. We propose a privacy-preserving biometrics-based authentication protocol based on fully homomorphic en-cryption, where the biometric sample for a user is gathered by a local device but matched against a biometric template by a remote server operating solely on encrypted data. The design ensures that 1) the user's sensitive biometric data remains private, and 2) the user and client device are securely authenticated to the server. A proof-of-concept implementation building on the TFHE library is also presented, which includes the underlying basic operations needed to execute the biometric matching. Performance results from the implementation show how complex it is to make FHE practical in this context, but it appears that, with implementation optimisations and improvements, the protocol could be used for real-world applications.

Although DC microgrids using a distributed cooperative control architecture can avoid the instability or shutdown issues caused by a single-point failure as compared to the centralized approach, limited global information in the former makes it difficult to detect cyber attacks. Here, we present a false data injection attack (FDIA)–-termed as a local control input attack–-targeting voltage observers in the secondary controllers and control loops in the primary controllers. Such an attack cannot be detected by only observing the performance of the estimated voltage of each agent, thereby posing a potential threat to the system operation. To address this, a detection method using the outputs of the voltage observers is developed to identify the exact location of an FDIA. The proposed approach is based on the characteristics of the distributed cooperative network and avoids heavy dependency on the system model parameters. Next, an event-driven mitigation approach is deployed to substitute the attacked element with a reconstructed signal upon the detection of an attack. Finally, the effectiveness of the proposed resilient scheme is validated using simulation results.

We propose and experimentally demonstrate a compressive sensing scheme based on optical coherent receiver that recovers sparse optical arbitrary signals with an analog bandwidth up to 25GHz. The proposed scheme uses 16x lower sampling rate than the Nyquist theorem and spectral resolution of 24.4MHz.

The use of AlNiCo alloys as the low coercive force (LCF) magnet in Variable Flux Memory Machines has been largely discussed in the literature, but similar magnetic materials as FeCrCo are still little explored. This paper proposes the study of a standstill magnetization strategy of a Variable Flux Memory Machine composed by a FeCrCo-based cylindrical rotor. An inverter in DC/DC mode is proposed for injecting short-time currents along the magnetization axis aiming the regulation of the magnetization state of the FeCrCo. A methodology for validating results obtained is defined from the estimation of the remanence and the excitation field characterizing the behavior of the internal recoil lines of the magnet used in the rotor. A study of the armature reaction affecting the machine when q-axis currents supply the machine is proposed by simulation.

Performing a live digital forensics investigation on a running system is challenging due to the time pressure under which decisions have to be made. Newly proliferating and frequently applied types of malware (e.g., fileless malware) increase the need to conduct digital forensic investigations in real-time. In the course of these investigations, forensic experts are confronted with a wide range of different forensic tools. The decision, which of those are suitable for the current situation, is often based on the cyber forensics experts’ experience. Currently, there is no reliable automated solution to support this decision-making. Therefore, we derive requirements for visually supporting the decision-making process for live forensic investigations and introduce a research prototype that provides visual guidance for cyber forensic experts during a live digital forensics investigation. Our prototype collects relevant core information for live digital forensics and provides visual representations for connections between occurring events, developments over time, and detailed information on specific events. To show the applicability of our approach, we analyze an exemplary use case using the prototype and demonstrate the support through our approach.

As the traditional inverters are transforming toward more intelligent inverters with advanced information and communication technologies, the cyber-attack surface has been remarkably expanded. Specifically, securing firmware of smart inverters from cyber-attacks is crucial. This paper provides expanded firmware attack surface targeting smart inverters. Moreover, this paper proposes a security module for transforming a conventional inverter to a firmware security built-in smart inverter by preventing potential malware and unauthorized firmware update attacks as well as fast automated inverter recovery from zero-day attacks. Furthermore, the proposed security module as a client of blockchain is connected to blockchain severs to fully utilize blockchain technologies such as membership service, ledgers, and smart contracts to detect and mitigate the firmware attacks. The proposed security module framework is implemented in an Internet-of-Thing (IoT) device and validated by experiments.

In the era of rapid technological growth, malicious traffic has drawn increased attention. Most well-known offensive security assessment todays are heavily focused on pre-compromise. The amount of anomalous data in today's context is massive. Analyzing the data using primitive methods would be highly challenging. Solution to it is: If we can detect adversary behaviors in the early stage of compromise, one can prevent and safeguard themselves from various attacks including ransomwares and Zero-day attacks. Integration of new technologies Artificial Intelligence & Machine Learning with manual Anomaly Detection can provide automated machine-based detection which in return can provide the fast, error free, simplify & scalable Threat Detection & Response System. Endpoint Detection & Response (EDR) tools provide a unified view of complex intrusions using known adversarial behaviors to identify intrusion events. We have used the EMBER dataset, which is a labelled benchmark dataset. It is used to train machine learning models to detect malicious portable executable files. This dataset consists of features derived from 1.1 million binary files: 900,000 training samples among which 300,000 were malicious, 300,000 were benevolent, 300,000 un-labelled, and 200,000 evaluation samples among which 100K were malicious, 100K were benign. We have also included open-source code for extracting features from additional binaries, enabling the addition of additional sample features to the dataset.

The goal of neural style transfer is to transform images by the deep learning method, such as changing oil paintings into sketch-style images. The Generative Adversarial Network (GAN) has made remarkable achievements in neural style transfer in recent years. At first, this paper introduces three typical neural style transfer methods, including StyleGAN, StarGAN, and Transparent Latent GAN (TL-GAN). Then, we discuss the advantages and disadvantages of these models, including the quality of the feature axis, the scale, and the model's interpretability. In addition, as the core of this paper, we put forward innovative improvements to the above models, including how to fully exploit the advantages of the above three models to derive a better style conversion model.

The pervasive presence of smart objects in almost every corner of our everyday life urges the security of such embedded systems to be the point of attention. Memory vulnerabilities in the embedded program code, such as buffer overflow, are the entry point for powerful attack paradigms such as Code-Reuse Attacks (CRAs), in which attackers corrupt systems’ execution flow and maliciously alter their behavior. Control-Flow Integrity (CFI) has been proven to be the most promising approach against such kinds of attacks, and in the literature, a wide range of flow monitors are proposed, both hardware-based and software-based. While the formers are hardly applicable as they impose design alteration of underlying hardware modules, on the contrary, software solutions are more flexible and also portable to the existing devices. Real-Time Operating Systems (RTOS) and their key role in application development for embedded systems is the main concern regarding the application of the CFI solutions.This paper discusses the still open challenges and issues regarding the implementation of control-flow integrity policies on operating systems for embedded systems, analyzing the solutions proposed so far in the literature, highlighting possible limits in terms of performance, applicability, and protection coverage, and proposing possible improvement directions.

The process of Big data storage has become challenging due to the expansion of extensive data; data providers will offer encrypted data and upload to Big data. However, the data exchange mechanism is unable to accommodate encrypted data. Particularly when a large number of users share the scalable data, the scalability becomes extremely limited. Using a contemporary privacy protection system to solve this issue and ensure the security of encrypted data, as well as partially homomorphic re-encryption and decryption (PHRED). This scheme has the flexibility to share data by ensuring user's privacy with partially trusted Big Data. It can access to strong unforgeable scheme it make the transmuted cipher text have public and private key verification combined identity based Augmented Homomorphic Re Encryption Decryption(AHRED) on paillier crypto System with Laplacian noise filter the performance of the data provider for privacy preserving big data.

The transmission and storage process for the power data in an intelligent grid has problems such as a single point of failure in the central node, low data credibility, and malicious manipulation or data theft. The characteristics of decentralization and tamper-proofing of blockchain and its distributed storage architecture can effectively solve malicious manipulation and the single point of failure. However, there are few safe and reliable data transmission methods for the significant number and various identities of users and the complex node types in the power blockchain. Thus, this paper proposes a collaborative control scheme between on-chain and off-chain power data based on the distributed oracle technology. By building a trusted on-chain transmission mechanism based on distributed oracles, the scheme solves the credibility problem of massive data transmission and interactive power data between smart contracts and off-chain physical devices safely and effectively. Analysis and discussion show that the proposed scheme can realize the collaborative control between on-chain and off-chain data efficiently, safely, and reliably.

A source code static analysis became an industrial standard for program source code issues early detection. As one of requirements to such kind of analysis is high performance to provide response of automatic code checking tool as early as possible as far as such kind of tools integrates to Continuous testing and Integration systems. In this paper we propose a source code static analysis algorithm for solving performance issue of source code static analysis tool in general way.