Biblio

The use of modeling techniques such as Knuth's Rule or Bayesian Blocks for the purposes of real-time traffic characterization in RFID networks has been proposed already. This study examines the applicability of using Voronoi polygon maps or alternatively, DBSCAN clustering, as initial density estimation techniques when computing 2-Dimentional Bayesian Blocks models of RFID traffic. Our results are useful for the purposes of extending the constant-piecewise adaptation of Bayesian Blocks into 2D piecewise models for the purposes of more precise detection of anomalies in RFID traffic based on multiple log features such as command type, location, UID values, security support, etc. Automatic anomaly detection of RFID networks is an essential first step in the implementation of intrusion detection as well as a timely response to equipment malfunction such as tag hardware failure.

Recent advances in machine learning enable wider applications of prediction models in cyber-physical systems. Smart grids are increasingly using distributed sensor settings for distributed sensor fusion and information processing. Load forecasting systems use these sensors to predict future loads to incorporate into dynamic pricing of power and grid maintenance. However, these inference predictors are highly complex and thus vulnerable to adversarial attacks. Moreover, the adversarial attacks are synthetic norm-bounded modifications to a limited number of sensors that can greatly affect the accuracy of the overall predictor. It can be much cheaper and effective to incorporate elements of security and resilience at the earliest stages of design. In this paper, we demonstrate how to analyze the security and resilience of learning-based prediction models in power distribution networks by utilizing a domain-specific deep-learning and testing framework. This framework is developed using DeepForge and enables rapid design and analysis of attack scenarios against distributed smart meters in a power distribution network. It runs the attack simulations in the cloud backend. In addition to the predictor model, we have integrated an anomaly detector to detect adversarial attacks targeting the predictor. We formulate the stealthy adversarial attacks as an optimization problem to maximize prediction loss while minimizing the required perturbations. Under the worst-case setting, where the attacker has full knowledge of both the predictor and the detector, an iterative attack method has been developed to solve for the adversarial perturbation. We demonstrate the framework capabilities using a GridLAB-D based power distribution network model and show how stealthy adversarial attacks can affect smart grid prediction systems even with a partial control of network.

The possible interactions between a controller and its environment can naturally be modelled as the arena of a two-player game, and adding an appropriate winning condition permits to specify desirable behavior. The classical model here is the positional game, where both players can (fully or partially) observe the current position in the game graph, which in turn is indicative of their mutual current states. In practice, neither sensing and actuating the environment through physical devices nor data forwarding to and from the controller and signal processing in the controller are instantaneous. The resultant delays force the controller to draw decisions before being aware of the recent history of a play and to submit these decisions well before they can take effect asynchronously. It is known that existence of a winning strategy for the controller in games with such delays is decidable over finite game graphs and with respect to ω-regular objectives. The underlying reduction, however, is impractical for non-trivial delays as it incurs a blow-up of the game graph which is exponential in the magnitude of the delay. For safety objectives, we propose a more practical incremental algorithm successively synthesizing a series of controllers handling increasing delays and reducing the game-graph size in between. It is demonstrated using benchmark examples that even a simplistic explicit-state implementation of this algorithm outperforms state-of-the-art symbolic synthesis algorithms as soon as non-trivial delays have to be handled. We furthermore address the practically relevant cases of non-order-preserving delays and bounded message loss, as arising in actual networked control, thereby considerably extending the scope of regular game theory under delay.

Modern electric grids that integrate smart grid technologies require different approaches to grid operations. There has been a shift towards increased reliance on distributed sensors to monitor bidirectional power flows and machine learning based load forecasting methods (e.g., using deep learning). These methods are fairly accurate under normal circumstances, but become highly vulnerable to stealthy adversarial attacks that could be deployed on the load forecasters. This paper provides a novel model-based Testbed for Simulation-based Evaluation of Resilience (TeSER) that enables evaluating deep learning based load forecasters against stealthy adversarial attacks. The testbed leverages three existing technologies, viz. DeepForge: for designing neural networks and machine learning pipelines, GridLAB-D: for electric grid distribution system simulation, and WebGME: for creating web-based collaborative metamodeling environments. The testbed architecture is described, and a case study to demonstrate its capabilities for evaluating load forecasters is provided.

Society heavily relies upon the Internet for global communications. Simultaneously, Internet stability and reliability are continuously subject to deliberate threats. These threats include (Distributed) Denial-of-Service (DDoS) attacks, which can potentially be devastating. As a result of DDoS, businesses lose hundreds of millions of dollars annually. Moreover, when it comes to vital infrastructure, national safety and even lives could be at stake. Effective defenses are therefore an absolute necessity. Prospective users of readily available mitigation solutions find themselves having many shapes and sizes to choose from, the right fit of which may, however, not always be apparent. In addition, the deployment and operation of mitigation solutions may come with hidden hazards that need to be better understood. Policy makers and governments also find themselves facing questions concerning what needs to be done to promote cybersafety on a national level. Developing an optimal course of action to deal with DDoS, therefore, also brings about societal challenges. Even though the DDoS problem is by no means new, the scale of the problem is still unclear. We do not know exactly what it is we are defending against and getting a better understanding of attacks is essential to addressing the problem head-on. To advance situational awareness, many technical and societal challenges need still to be tackled. Given the central importance of better understanding the DDoS problem to improve overall Internet security, the thesis that we summarize in this paper has three main contributions. First, we rigorously characterize attacks and attacked targets at scale. Second, we advance knowledge about the Internet-wide adoption, deployment and operational use of various mitigation solutions. Finally, we investigate hidden hazards that can render mitigation solutions altogether ineffective.

This paper designed the lightweight stream ciphers named VHFO. It used OFB. The key-stream size is 128-bit while the IV is specified to be 128 bits. Our security evaluation shows that VHFO can achieve enough security margin against known attacks. The implementation efficiency of both software and hardware based on VHFO is higher than others in RFID environment.

In 2018, several malware campaigns targeted and succeed to infect millions of low-cost routers (malwares e.g., VPN-Filter, Navidade, and SonarDNS). These routers were used, then, for all sort of cybercrimes: from DDoS attacks to ransomware. MikroTik routers are a peculiar example of low-cost routers. These routers are used to provide both last mile access to home users and are used in core network infrastructure. Half of the core routers used in one of the biggest Internet exchanges in the world are MikroTik devices. The problem is that vulnerable firmwares (RouterOS) used in homeusers houses are also used in core networks. In this paper, we are the first to quantify the problem that infecting MikroTik devices would pose to the Internet. Based on more than 4 TB of data, we reveal more than 4 million MikroTik devices in the world. Then, we propose an easy-to-deploy MikroTik honeypot and collect more than 17 millions packets, in 45 days, from sensors deployed in Australia, Brazil, China, India, Netherlands, and the United States. Finally, we use the collected data from our honeypots to automatically classify and assess attacks tailored to MikroTik devices. All our source-codes and analysis are publicly available. We believe that our honeypots and our findings in this paper foster security improvements in MikroTik devices worldwide.

Conflicts may arise at any time during military debriefing meetings, especially in high intensity deployed settings. When such conflicts arise, it takes time to get everyone back into a receptive state of mind so that they engage in reflective discussion rather than unproductive arguing. It has been proposed by some that the use of social robots equipped with social abilities such as emotion regulation through rapport building may help to deescalate these situations to facilitate critical operational decisions. However, in military settings, the same AI agent used in the pre-brief of a mission may not be the same one used in the debrief. The purpose of this study was to determine whether a brief rapport-building session with a social robot could create a connection between a human and a robot agent, and whether consistency in the embodiment of the robot agent was necessary for maintaining this connection once formed. We report the results of a pilot study conducted at the United States Air Force Academy which simulated a military mission (i.e., Gravity and Strike). Participants' connection with the agent, sense of trust, and overall likeability revealed that early rapport building can be beneficial for military missions.

Following the same trend of consumer electronics, safety-critical industries are starting to adopt Over-The-Air Software Updates (OTASU) on their embedded systems. The motivation behind this trend is twofold. On the one hand, OTASU offer several benefits to the product makers and users by improving or adding new functionality and services to the product without a complete redesign. On the other hand, the increasing connectivity trend makes OTASU a crucial cyber-security demand to download latest security patches. However, the application of OTASU in the safety-critical domain is not free of challenges, specially when considering the dramatic increase of software complexity and the resulting high computing performance demands. This is the mission of UP2DATE, a recently launched project funded within the European H2020 programme focused on new software update architectures for heterogeneous high-performance mixed-criticality systems. This paper gives an overview of UP2DATE and its foundations, which seeks to improve existing OTASU solutions by considering safety, security and availability from the ground up in an architecture that builds around composability and modularity.

Cloud forensics investigates the crime committed over cloud infrastructures like SLA-violations and storage privacy. Cloud storage forensics is the process of recording the history of the creation and operations performed on a cloud data object and investing it. Secure data provenance in the Cloud is crucial for data accountability, forensics, and privacy. Towards this, we present a Cloud-based data provenance framework using Blockchain, which traces data record operations and generates provenance data. Initially, we design a dropbox like application using AWS S3 storage. The application creates a cloud storage application for the students and faculty of the university, thereby making the storage and sharing of work and resources efficient. Later, we design a data provenance mechanism for confidential files of users using Ethereum blockchain. We also evaluate the proposed system using performance parameters like query and transaction latency by varying the load and number of nodes of the blockchain network.

State estimation is of considerable significance for the power system operation and control. However, well-designed false data injection attacks can utilize blind spots in conventional residual-based bad data detection methods to manipulate measurements in a coordinated manner and thus affect the secure operation and economic dispatch of grids. In this paper, we propose a detection approach based on an autoencoder neural network. By training the network on the dependencies intrinsic in `normal' operation data, it effectively overcomes the challenge of unbalanced training data that is inherent in power system attack detection. To evaluate the detection performance of the proposed mechanism, we conduct a series of experiments on the IEEE 118-bus power system. The experiments demonstrate that the proposed autoencoder detector displays robust detection performance under a variety of attack scenarios.

Analyzing multi-dimensional geospatial data is difficult and immersive analytics systems are used to visualize geospatial data and models. There is little previous work evaluating when immersive and non-immersive visualizations are the most suitable for data analysis and more research is needed.

This paper deals with novel group-based Authentication and Key Agreement protocol for Internet of Things(IoT) enabled LTE/LTE-A network to overcome the problems of computational overhead, complexity and problem of heterogeneous devices, where other existing methods are lagging behind in attaining security requirements and computational overhead. In this work, two Groups are created among Machine Type Communication Devices (MTCDs) on the basis of device type to reduce complexity and problems of heterogeneous devices. This paper fulfills all the security requirements such as preservation, mutual authentication, confidentiality. Bio-metric authentication has been used to enhance security level of the network. The security and performance analysis have been verified through simulation results. Moreover, the performance of the proposed Novel Group-Based Authentication and key Agreement(AKA) Protocol is analyzed with other existing IoT enabled LTE/LTE-A protocol.

This paper describes an approach to the security fault tolerance of access control in which the security breaches of an access control are tolerated by means of a security fault tolerant (SFT) access control. Though an access control is securely designed and implemented, it can contain faults in development or be contaminated in operation. The threats to an access control are analyzed to identify possible security breaches. To tolerate the security breaches, an SFT access control is made to be semantically identical to an access control. Our approach is described using role-based access control (RBAC) and extended access control list (EACL). A healthcare system is used to demonstrate our approach.

This research provides security and safety extensions to a blockchain based solution whose target is e-health. The Advanced Blockchain platform is extended with intelligent monitoring for security and machine learning for detecting patient treatment medication safety issues. For the reasons of stringent HIPAA, HITECH, EU-GDPR and other regional regulations dictating security, safety and privacy requirements, the e-Health blockchains have to cover mandatory disclosure of violations or enforcements of policies during transaction flows involving healthcare. Our service solution further provides the benefits of resolving the abnormal flows of a medical treatment process, providing accountability of the service providers, enabling a trust health information environment for institutions to handle medication safely, giving patients a better safety guarantee, and enabling the authorities to supervise the security and safety of e-Health blockchains. The capabilities can be generalized to support a uniform smart solution across industry in a variety of blockchain applications.

Low accuracy and slow speed of predictions for cyber security situational awareness. This paper proposes a network security situational awareness model based on accelerated accurate k-means radial basis function (RBF) neural network, the model uses the ball k-means clustering algorithm to cluster the input samples, to get the nodes of the hidden layer of the RBF neural network, speeding up the selection of the initial center point of the RBF neural network, and optimize the parameters of the RBF neural network structure. Finally, use the training data set to train the neural network, using the test data set to test the accuracy of this neural network structure, the results show that this method has a greater improvement in training speed and accuracy than other neural networks.

Interconnection networks for multi/many-core processors or server systems are the backbone of the system as they enable data communication among the processing cores, caches, memory and other peripherals. Given the criticality of the interconnects, the system can be severely subverted if the interconnection is compromised. The threat of Hardware Trojans (HTs) penetrating complex hardware systems such as multi/many-core processors are increasing due to the increasing presence of third party players in a System-on-chip (SoC) design. Even by deploying naïve HTs, an adversary can exploit the Network-on-Chip (NoC) backbone of the processor and get access to communication patterns in the system. This information, if leaked to an attacker, can reveal important insights regarding the application suites running on the system; thereby compromising the user privacy and paving the way for more severe attacks on the entire system. In this paper, we demonstrate that one or more HTs embedded in the NoC of a multi/many-core processor is capable of leaking sensitive information regarding traffic patterns to an external malicious attacker; who, in turn, can analyze the HT payload data with machine learning techniques to infer the applications running on the processor. Furthermore, to protect against such attacks, we propose a Simulated Annealing-based randomized routing algorithm in the system. The proposed defense is capable of obfuscating the attacker's data processing capabilities to infer the user profiles successfully. Our experimental results demonstrate that the proposed randomized routing algorithm could reduce the accuracy of identifying user profiles by the attacker from \textbackslashtextgreater98% to \textbackslashtextless; 15% in multi/many-core systems.

Fulcrum decoders can trade off between computational complexity and the number of received packets. This allows heterogeneous nodes to decode at different level of complexity in accordance with their computing power. Variations of Fulcrum codes, like dynamic sparsity and expansion packets (DSEP) have significantly reduced the encoders and decoders' complexity by using dynamic sparsity and expansion packets. However, limited effort had been done for recoders of Fulcrum codes and their variations, limiting their full potential when being deployed at multi-hop networks. In this paper, we investigate the drawback of the conventional Fulcrum recoding and introduce a novel recoding scheme for the family of Fulcrum codes by limiting the buffer size, and thus memory needs. Our evaluations indicate that DSEP recoding mechamism increases the recoding goodput by 50%, and reduces the decoding overhead by 60%-90% while maintaining high decoding goodput at receivers and small memory usage at recoders compared with the conventional Fulcrum recoding. This further reduces the resources needed for Fulcrum codes at the recoders.

Over the past few years, malicious hardware modifications, a.k.a. hardware Trojans (HT), have emerged as a major security threat because integrated circuit (IC) companies have been fabricating chips at offshore foundries due to various factors including time-to-market, cost reduction demands, and the increased complexity of ICs. Among proposed hardware Trojan detection techniques, reverse engineering appears to be the most accurate and reliable one because it works for all circuits and Trojan types without a golden example of the chip. However, because reverse engineering is an extremely expensive, time-consuming, and destructive process, it is difficult to apply this technique for a large population of ICs in a real test environment. This paper proposes a novel golden-chip-free clustering method using backscattering side-channel to divide ICs into groups of Trojan-free and Trojan-infected boards. The technique requires no golden chip or a priori knowledge of the chip circuitry, and divides a large population of ICs into clusters based on how HTs (if existed) affect their backscattered signals. This significantly reduces the size of test vectors for reverse engineering based detection techniques, thus enables deployment of reverse engineering approaches to a large population of ICs in a real testing scenario. The results are collected on 100 different FPGA boards where boards are randomly chosen to be infected or not. The results show that we can cluster the boards with 100% accuracy and demonstrate that our technique can tolerate manufacturing variations among hardware instances to cluster all the boards accurately for 9 different dormant Trojan designs on 3 different benchmark circuits from Trusthub. We have also shown that we can detect dormant Trojan designs whose trigger size has shrunk to as small as 0.19% of the original circuit with 100% accuracy as well.

Deep learning plays an increasingly important role in various fields due to its superior performance, and it also achieves advanced recognition performance in the field of image classification. However, the vulnerability of deep learning in the adversarial environment cannot be ignored, and the prediction result of the model is likely to be affected by the small perturbations added to the samples by the adversary. In this paper, we propose a two-layer dynamic defense method based on defensive techniques pool and retrained branch model pool. First, we randomly select defense methods from the defense pool to process the input. The perturbation ability of the adversarial samples preprocessed by different defense methods changed, which would produce different classification results. In addition, we conduct adversarial training based on the original model and dynamically generate multiple branch models. The classification results of these branch models for the same adversarial sample is inconsistent. We can detect the adversarial samples by using the inconsistencies in the output results of the two layers. The experimental results show that the two-layer dynamic defense method we designed achieves a good defense effect.

Ransomware attacks are taking advantage of the ongoing pandemics and attacking the vulnerable systems in business, health sector, education, insurance, bank, and government sectors. Various approaches have been proposed to combat ransomware, but the dynamic nature of malware writers often bypasses the security checkpoints. There are commercial tools available in the market for ransomware analysis and detection, but their performance is questionable. This paper aims at proposing an AI-based ransomware detection framework and designing a detection tool (AIRaD) using a combination of both static and dynamic malware analysis techniques. Dynamic binary instrumentation is done using PIN tool, function call trace is analyzed leveraging Cuckoo sandbox and Ghidra. Features extracted at DLL, function call, and assembly level are processed with NLP, association rule mining techniques and fed to different machine learning classifiers. Support vector machine and Adaboost with J48 algorithms achieved the highest accuracy of 99.54% with 0.005 false-positive rates for a multi-level combined term frequency approach.

Compute-intensive platforms such as micro-servers and embedded systems have already undergone a shift from a single-chip to multichip architecture to achieve better yield and lower cost. However, performance of multichip systems is limited by the latency and power-hungry chip-to-chip wired I/Os. On the other hand, wireless interconnections are emerging as an energy-efficient and low latency interconnect solution for such multichip systems as it can mask long multi-hop off-chip wired I/O communication. Despite efficient communication, the unguided on and off-chip wireless communication introduce security vulnerabilities in the system. In this work, we propose a reconfigurable, secure millimeter-wave (mm-Wave) wireless interconnection architecture (AReS) for multichip systems capable of detecting and defending against emerging threats including Hardware Trojans (HTs) and Denial-of-Service (DoS) using a Machine Learning (ML)-based approach. The ML-based approach is used to classify internal and external attack to enable the required defense mechanism. To serve this purpose, we design a reconfigurable Medium Access Control (MAC) and a suitable communication protocol to enable sustainable communication even under jamming attack from both internal and external attackers. The proposed architecture also reuses the in-built test infrastructure to detect and withstand a persistent jamming attack in a wireless multichip system. Through simulation, we show that, the proposed wireless interconnection can sustain chip-to-chip communication even under persistent jamming attack with an average 1.44xand 1.56x latency degradation for internal and external attacks respectively for application-specific traffic.

This paper is focused on the topic of the use of biometrics framework and strategy for secure access identity management of cloud computing services. This paper present's a description of cloud computing security issues and explored a review of previous works that represented various ideas for a cloud access framework. This paper discusses threats like a malicious insider, data breaches, and describes ways to protect them. It describes an innovative way portrayed a framework that fingerprint access-based authentication to protect Cloud services from unauthorized access and DOS, DDoS attacks. This biometrics-based framework as an extra layer of protection, added then it can be robust to prevent unauthorized access to cloud services.

The Internet has changed business, education, healthcare, banking etc. and it is the main part of technological evolution. Internet provides us a connecting world to perform our day to day life activities easily. Internet is designed in such a way that it can uniquely identify machine, not a person, on the network hence there is need to design a system that can perform entity identification on the Internet. Currently on Internet, service providers provide identity of a user with user name and password and store this information on a centralized server. These servers become honey pot for hackers to steal user’s personal identity information and service provider can utilize user identity information using data mining, artificial intelligence for economic benefits. Aim of Self sovereign identity system is to provide decentralized, user centric identity system which is controlled by identity owner that can be developed along with distributed ledger technology i.e. blockchain. In this paper, we intend to make an exhaustive study on different blockchain based self sovereign identity implementations (such as Sovrin, Uport, EverID, LifeID, Sora, SelfKey) along with its architectural components and discuss about use case of self sovereign identity.