Biblio

Smart grid communication system deeply rely on information technologies which makes it vulnerable to variable cyber-attacks. Among possible attacks, False Data Injection (FDI) Attack has created a severe threat to smart grid control system. Attackers can manipulate smart grid measurements such as collected data of phasor measurement units (PMU) by implementing FDI attacks. Detection of FDI attacks with a simple and effective approach, makes the system more reliable and prevents network outages. In this paper we propose a Decomposed Nearest Neighbor algorithm to detect FDI attacks. This algorithm improves traditional k-Nearest Neighbor by using metric learning. Also it learns the local-optima free distance metric by solving a convex optimization problem which makes it more accurate in decision making. We test the proposed method on PMU dataset and compare the results with other beneficial machine learning algorithms for FDI attack detection. Results demonstrate the effectiveness of the proposed approach.

In the current scenario, the data owners would like to access data from anywhere and anytime. Hence, they will store their data in public or private cloud along with encryption and particular set of attributes to access control on the cloud data. While uploading the data into public or private cloud they will assign some attribute set to their data. If any authorized cloud user wants to download their data they should enter that particular attribute set to perform further actions on the data owner's data. A cloud user wants to register their details under cloud organization to access the data owner's data. Users wants to submit their details as attributes along with their designation. Based on the Users details Semi-Trusted Authority generates decryption keys to get control on owner's data. A user can perform a lot of operation over the cloud data. If the user wants to read the cloud data he needs to be entering some read related, and if he wants to write the data he needs to be entering write related attribute. For each and every action user in an organization would be verified with their unique attribute set. These attributes will be stored by the admins to the authorized users in cloud organization. These attributes will be stored in the policy files in a cloud. Along with this attribute,a rule based engine is used, to provide the access control to user. If any user leaks their decryption key to the any malicious user data owners wants to trace by sending audit request to auditor and auditor will process the data owners request and concludes that who is the convict.

The electrical power system is the backbone of our nations critical infrastructure. It has been designed to withstand single component failures based on a set of reliability metrics which have proven acceptable during normal operating conditions. However, in recent years there has been an increasing frequency of extreme weather events. Many have resulted in widespread long-term power outages, proving reliability metrics do not provide adequate energy security. As a result, researchers have focused their efforts resilience metrics to ensure efficient operation of power systems during extreme events. A resilient system has the ability to resist, adapt, and recover from disruptions. Therefore, resilience has demonstrated itself as a promising concept for currently faced challenges in power distribution systems. In this work, we propose an operational resilience metric for modern power distribution systems. The metric is based on the aggregation of system assets adaptive capacity in real and reactive power. This metric gives information to the magnitude and duration of a disturbance the system can withstand. We demonstrate resilience metric in a case study under normal operation and during a power contingency on a microgrid. In the future, this information can be used by operators to make more informed decisions based on system resilience in an effort to prevent power outages.

Recent technological advancements have enabled proliferated use of small embedded and IoT devices for collecting, processing, and transferring the security-critical information and user data. This exponential use has acted as a catalyst in the recent growth of sophisticated attacks such as the replay, man-in-the-middle, and malicious code modification to slink, leak, tweak or exploit the security-critical information in malevolent activities. Therefore, secure communication and software state assurance (at run-time and boot-time) of the device has emerged as open security problems. Furthermore, these devices need to have an appropriate recovery mechanism to bring them back to the known-good operational state. Previous researchers have demonstrated independent methods for attack detection and safeguard. However, the majority of them lack in providing onboard system recovery and secure communication techniques. To bridge this gap, this manuscript proposes SRACARE - a framework that utilizes the custom lightweight, secure communication protocol that performs remote/local attestation, and secure boot with an onboard resilience recovery mechanism to protect the devices from the above-mentioned attacks. The prototype employs an efficient lightweight, low-power 32-bit RISC-V processor, secure communication protocol, code authentication, and resilience engine running on the Artix 7 Field Programmable Gate Array (FPGA) board. This work presents the performance evaluation and state-of-the-art comparison results, which shows promising resilience to attacks and demonstrate the novel protection mechanism with onboard recovery. The framework achieves these with only 8% performance overhead and a very small increase in hardware-software footprint.

We re-use a polarization-multiplexed I/Q modulator to acquire the quantum randomness of its seed laser light for the purpose of quantum random number generation. We obtain 9×104 256-bit AES keys/second after randomness extraction. Time-interleaved random number generation is demonstrated for PM-QPSK transmission.

Machine learning algorithms used to detect attacks are limited by the fact that they cannot incorporate the back-ground knowledge that an analyst has. This limits their suitability in detecting new attacks. Reinforcement learning is different from traditional machine learning algorithms used in the cybersecurity domain. Compared to traditional ML algorithms, reinforcement learning does not need a mapping of the input-output space or a specific user-defined metric to compare data points. This is important for the cybersecurity domain, especially for malware detection and mitigation, as not all problems have a single, known, correct answer. Often, security researchers have to resort to guided trial and error to understand the presence of a malware and mitigate it.In this paper, we incorporate prior knowledge, represented as Cybersecurity Knowledge Graphs (CKGs), to guide the exploration of an RL algorithm to detect malware. CKGs capture semantic relationships between cyber-entities, including that mined from open source. Instead of trying out random guesses and observing the change in the environment, we aim to take the help of verified knowledge about cyber-attack to guide our reinforcement learning algorithm to effectively identify ways to detect the presence of malicious filenames so that they can be deleted to mitigate a cyber-attack. We show that such a guided system outperforms a base RL system in detecting malware.

Almost everyone recognizes the emergence of a new challenge in the cyber domain, namely increased threats to the security of the Internet and its various uses. Seldom does a day go by without dire reports and hair raising narratives about unauthorized intrusions, access to content, or damage to systems, or operations. And, of course, a close correlate is the loss of value. An entire industry is around threats to cyber security, prompting technological innovations and operational strategies that promise to prevent damage and destruction. This paper is a collection chapters entitled 1) "Cybersecurity – Problems, Premises, Perspectives," 2) "An Abbreviated Technical Perspective on Cybersecurity," 3) "The Conceptual Underpinning of Cyber Security Studies" 4) "Cyberspace as the Domain of Content," 5) "The Conceptual Underpinning of Cyber Security Studies," 6) "China’s Perspective on Cyber Security," 7) "Pursuing Deterrence Internationally in Cyberspace," 8) "Is Deterrence Possible in Cyber Warfare?" and 9) "A Theoretical Framework for Analyzing Interactions between Contemporary Transnational Activism and Digital Communication."

We investigate a prediction model using RNN for network intrusion detection in industrial IoT environments. For intrusion detection, we use anomaly detection methods that estimate the next packet, measure and score the distance measurement in real packets to distinguish whether it is a normal packet or an abnormal packet. When the packet was learned in the LSTM model, two-gram and sliding window of N-gram showed the best performance in terms of errors and the performance of the LSTM model was the highest compared with other data mining regression techniques. Finally, cosine similarity was used as a scoring function, and anomaly detection was performed by setting a boundary for cosine similarity that consider as normal packet.

Cloud computing is a new kind of computing model which allows users to effectively rent virtualized computing resources on pay as you go model. It offers many advantages over traditional models in IT industries and healthcare as well. However, there is lack of trust between CSUs and CSPs to prevent the extensive implementation of cloud technologies amongst industries. Different models are developed to overcome the uncertainty and complexity between CSP and CSU regarding suitability. Several researchers focused on resource optimization, scheduling and service dependability in cloud computing by using fuzzy logic. But, data storage and security using fuzzy logic have been ignored. In this paper, a trust evaluation model is proposed for cloud computing security using fuzzy theory. Authors evaluates how fuzzy logic increases efficiency in trust evaluation. To validate the effectiveness of proposed FTEM, authors presents a case study of healthcare organization.

Science DMZs are specialized networks that enable large-scale distributed scientific research, providing efficient and guaranteed performance while transferring large amounts of data at high rates. The high-speed performance of a Science DMZ is made viable via data transfer nodes (DTNs), therefore they are a critical point of failure. DTNs are usually monitored with network intrusion detection systems (NIDS). However, NIDS do not consider system performance data, such as network I/O interrupts and context switches, which can also be useful in revealing anomalous system performance potentially arising due to external network based attacks or insider attacks. In this paper, we demonstrate how system performance metrics can be applied towards securing a DTN in a Science DMZ network. Specifically, we evaluate the effectiveness of system performance data in detecting TCP-SYN flood attacks on a DTN using DBSCAN (a density-based clustering algorithm) for anomaly detection. Our results demonstrate that system interrupts and context switches can be used to successfully detect TCP-SYN floods, suggesting that system performance data could be effective in detecting a variety of attacks not easily detected through network monitoring alone.

In this digital era, technology is upgrading day by day and becoming more agile and intelligent. Smart devices and gadgets are now being used to find solutions to complex problems in various domains such as health care, industries, entertainment, education, etc. The Transport system, which is the biggest challenge for any governing authority of a state, is also not untouched with this development. There are numerous challenges and issues with the existing transport system, which can be addressed by developing intelligent and autonomous vehicles. The existing vehicles can be upgraded to use sensors and the latest communication techniques. The advancements in the Internet of Things (IoT) have the potential to completely transform the existing transport system to a more advanced and intelligent transport system that is the Internet of Vehicles (IoV). Due to the connectivity with the Internet, the Internet of Vehicles (IoV) is exposed to various security threats. Security is the primary issue, which requires to be addressed for success and adoption of the IoV. In this paper, the applicability of machine learning based solutions to address the security issue of IoV is analyzed. The performance of six machine-learning algorithms to detect Bot threats is validated by the k-fold cross-validation method in python.

The Internet of Things (IoT) has transformed many application domains with realtime, continuous, automated control and information transmission. The smart grid is one such futuristic application domain in execution, with a large-scale IoT network as its backbone. By leveraging the functionalities and characteristics of IoT, the smart grid infrastructure benefits not only consumers, but also service providers and power generation organizations. The confluence of IoT and smart grid comes with its own set of challenges. The underlying cyberspace of IoT, though facilitates communication (information propagation) among devices of smart grid infrastructure, it undermines the privacy at the same time. In this paper we propose a new measure for quantifying the probability of privacy leakage based on the behaviors of the devices involved in the communication process. We construct a privacy stochastic game model based on the information shared by the device, and the access to the compromised device. The existence of Nash Equilibrium strategy of the game is proved theoretically. We experimentally validate the effectiveness of the privacy stochastic game model.

This paper presents a new micro-architectural vulnerability on the power management units of modern computers which creates an electromagnetic-based side-channel. The key observations that enable us to discover this sidechannel are: 1) in an effort to manage and minimize power consumption, modern microprocessors have a number of possible operating modes (power states) in which various sub-systems of the processor are powered down, 2) for some of the transitions between power states, the processor also changes the operating mode of the voltage regulator module (VRM) that supplies power to the affected sub-system, and 3) the electromagnetic (EM) emanations from the VRM are heavily dependent on its operating mode. As a result, these state-dependent EM emanations create a side-channel which can potentially reveal sensitive information about the current state of the processor and, more importantly, the programs currently being executed. To demonstrate the feasibility of exploiting this vulnerability, we create a covert channel by utilizing the changes in the processor's power states. We show how such a covert channel can be leveraged to exfiltrate sensitive information from a secured and completely isolated (air-gapped) laptop system by placing a compact, inexpensive receiver in proximity to that system. To further show the severity of this attack, we also demonstrate how such a covert channel can be established when the target and the receiver are several meters away from each other, including scenarios where the receiver and the target are separated by a wall. Compared to the state-of-the-art, the proposed covert channel has \textbackslashtextgreater3x higher bit-rate. Finally, to demonstrate that this new vulnerability is not limited to being used as a covert channel, we demonstrate how it can be used for attacks such as keystroke logging.

Nowadays, there is a flood of data such as naked body photos and child pornography, which is making people bloodless. In addition, people also distribute drugs through unknown dark channels. In particular, most transactions are being made through the Deep Web, the dark path. “Deep Web refers to an encrypted network that is not detected on search engine like Google etc. Users must use Tor to visit sites on the dark web” [4]. In other words, the Dark Web uses Tor's encryption client. Therefore, users can visit multiple sites on the dark Web, but not know the initiator of the site. In this paper, we propose the key idea based on the current status of such crimes and a crime information visual system for Deep Web has been developed. The status of deep web is analyzed and data is visualized using Java. It is expected that the program will help more efficient management and monitoring of crime in unknown web such as deep web, torrent etc.

This paper is the first to investigate the long-term stability of Surface Acoustic Wave Gyroscopes (SAWG) using an ovenized control system. Monolithic integration of a MEMS heater adjacent to SAW devices on Lithium Niobate over insulator substrate (LNOI) tightly couples frequency-based temperature detection with heating for temperature and frequency stabilization. This first prototype demonstrates the ability to minimize the temperature variations of the SAWG to below ±10 μK and stabilize the SAWG resonance frequency to ±0.2 ppm. This approach thus eliminates the thermal drift in a SAWG and enables the development of a new generation of MEMS-based gyroscopes with long-term stability.

Expressing Keystroke Dynamics (KD) in form of sound opens new avenues to apply sound analysis techniques on KD. However this mapping is not straight-forward as varied feature space, differences in magnitudes of features and human interpretability of the music bring in complexities. We present a musical interface to KD by mapping keystroke features to music features. Music elements like melody, harmony, rhythm, pitch and tempo are varied with respect to the magnitude of their corresponding keystroke features. A pitch embedding technique makes the music discernible among users. Using the data from 30 users, who typed fixed strings multiple times on a desktop, shows that these auditory signals are distinguishable between users by both standard classifiers (SVM, Random Forests and Naive Bayes) and humans alike.

Safety and security of complex critical infrastructures is very important for economic, environmental and social reasons. The interdisciplinary and inter-system dependencies within these infrastructures introduce difficulties in the safety and security design. Late discovery of safety and security design weaknesses can lead to increased costs, additional system complexity, ineffective mitigation measures and delays to the deployment of the systems. Traditionally, safety and security assessments are handled using different methods and tools, although some concepts are very similar, by specialized experts in different disciplines and are performed at different system design life-cycle phases.The methodology proposed in this paper supports a concurrent safety and security Defense in Depth (DiD) assessment at an early design phase and it is designed to handle safety and security at a high level and not focus on specific practical technologies. It is assumed that regardless of the perceived level of security defenses in place, a determined (motivated, capable and/or well-funded) attacker can find a way to penetrate a layer of defense. While traditional security research focuses on removing vulnerabilities and increasing the difficulty to exploit weaknesses, our higher-level approach focuses on how the attacker's reach can be limited and to increase the system's capability for detection, identification, mitigation and tracking. The proposed method can assess basic safety and security DiD design principles like Redundancy, Physical separation, Functional isolation, Facility functions, Diversity, Defense lines/Facility and Computer Security zones, Safety classes/Security Levels, Safety divisions and physical gates/conduits (as defined by the International Atomic Energy Agency (IAEA) and international standards) concurrently and provide early feedback to the system engineer. A prototype tool is developed that can parse the exported project file of the interdisciplinary model. Based on a set of safety and security attributes, the tool is able to assess aspects of the safety and security DiD capabilities of the design. Its results can be used to identify errors, improve the design and cut costs before a formal human expert inspection. The tool is demonstrated on a case study of an early conceptual design of a complex system of a nuclear power plant.

In this paper, Reversible data hiding using difference statistics technique incorporating QR codes was proposed. Here, Quick Response (QR) codes were employed as an additional feature and were hidden in the corners of the original image to direct to the hyperlink after authentication and then embedding the secret data bits was carried out. At the receiver side, when the QR codes were scanned by the user, the link to the webpage was accessed, and then the original image and the secret data bits were recovered by using the proposed reversible data hiding scheme. In the proposed scheme, the pixels of the cover image were scanned in row-major order fashion, and the differences between the adjacent pixels were computed, keeping the first pixel unaltered to maintain the size of the host and the difference image same. Now, the histogram was shifted towards the right or left to reduce the redundancy and then to embed the secret data bits were done. Due to the similarity exists between the pixel values, the difference between the host and the secret image reconstructs the marked image. The proposed scheme was carried out using MATLAB 2013. PSNR (Peak Signal to Noise Ratio) and payload have been computed for various test images to validate the proposed scheme and found to be better than the available literature.

The advanced persistent threat (APT) landscape has been studied without quantifiable data, for which indicators of compromise (IoC) may be uniformly analyzed, replicated, or used to support security mechanisms. This work culminates extensive academic and industry APT analysis, not as an incremental step in existing approaches to APT detection, but as a new benchmark of APT related opportunity. We collect 15,259 APT IoC hashes, retrieving subsequent sandbox execution logs across 41 different file types. This work forms an initial focus on Windows-based threat detection. We present a novel Windows APT executable (APT-EXE) dataset, made available to the research community. Manual and statistical analysis of the APT-EXE dataset is conducted, along with supporting feature analysis. We draw upon repeat and common APT paths access, file types, and operations within the APT-EXE dataset to generalize APT execution footprints. A baseline case analysis successfully identifies a majority of 117 of 152 live APT samples from campaigns across 2018 and 2019.

Traditional attributed network embedding methods are designed to map structural and attribute information of networks jointly into a continuous Euclidean space, while recently a novel branch of them named binarized attributed network embedding has emerged to learn binary codes in Hamming space, aiming to save time and memory costs and to naturally fit node retrieval task. However, current binarized attributed network embedding methods are scarce and mostly ignore the local attribute similarity between each pair of nodes. Besides, none of them attempt to control the independency of each dimension(bit) of the learned binary representation vectors. As existing methods still need improving, we propose an unsupervised Neural-based Binarized Attributed Network Embedding (NBANE) approach. Firstly, we inherit the Weisfeiler-Lehman proximity matrix from predecessors to aggregate high-order features for each node. Secondly, we feed the aggregated features into an autoencoder with the attribute similarity penalizing term and the orthogonality term to make further dimension reduction. To solve the problem of integer optimization we adopt the relaxation-quantization method during the process of training neural networks. Empirically, we evaluate the performance of NBANE through node classification and clustering tasks on three real-world datasets and study a case on fast retrieval in academic networks. Our method achieves better performance over state- of-the-art baselines methods of various types.

Bluetooth Low Energy (BLE) is a widely adopted wireless communication technology in the Internet of Things (IoT). BLE offers secure communication through a set of pairing strategies. However, these pairing strategies are obsolete in the context of IoT. The security of BLE based devices relies on physical security, but a BLE enabled IoT device may be deployed in a public environment without physical security. Attackers who can physically access a BLE-based device will be able to pair with it and may control it thereafter. Therefore, manufacturers may implement extra authentication mechanisms at the application layer to address this issue. In this paper, we design and implement a BLE Security Scan (BLESS) framework to identify those BLE apps that do not implement encryption or authentication at the application layer. Taint analysis is used to track if BLE apps use nonces and cryptographic keys, which are critical to cryptographic protocols. We scan 1073 BLE apps and find that 93% of them are not secure. To mitigate this problem, we propose and implement an application-level defense with a low-cost \$0.55 crypto co-processor using public key cryptography.

Balancing utility and differential privacy by shuffling or BUDS is an approach towards crowd sourced, statistical databases, with strong privacy and utility balance using differential privacy theory. Here, a novel algorithm is proposed using one-hot encoding and iterative shuffling with the loss estimation and risk minimization techniques, to balance both the utility and privacy. In this work, after collecting one-hot encoded data from different sources and clients, a step of novel attribute shuffling technique using iterative shuffling (based on the query asked by the analyst) and loss estimation with an updation function and risk minimization produces a utility and privacy balanced differential private report. During empirical test of balanced utility and privacy, BUDS produces ε = 0.02 which is a very promising result. Our algorithm maintains a privacy bound of ε = ln[t/((n1-1)S)] and loss bound of c'\textbackslashtextbareln[t/((n1-1)S)]-1\textbackslashtextbar.

This paper studies the data-driven stealthy actuator attack against cyber-physical systems. The objective of the attacker is to add a certain bias to the output while keeping the detection rate of the χ2 detector less than a certain value. With the historical input and output data, the parameters of the system are estimated and the attack signal is the solution of a convex optimization problem constructed with the estimated parameters. The extension to the case of arbitrary detectors is also discussed. A numerical example is given to verify the effectiveness of the attack.

Blockchains and distributed ledgers have brought renewed interest in Byzantine fault-tolerant protocols and decentralized systems, two domains studied for several decades. Recent promising works have in particular proposed to use epidemic protocols to overcome the limitations of popular Blockchain mechanisms, such as proof-of-stake or proof-of-work. These works unfortunately assume a perfect peer-sampling service, immune to malicious attacks, a property that is difficult and costly to achieve. We revisit this fundamental problem in this paper, and propose a novel Byzantine-tolerant peer-sampling service that is resilient to Sybil attacks in open systems by exploiting the underlying structure of wide-area networks.

In this paper, a generic model for a differential stripline is created using machine learning (ML) based regression analysis. A recursive approach of creating various inputs is adapted instead of traditional design of experiments (DoE) approach. This leads to reduction of number of simulations as well as control the data points required for performing simulations. The generic model is developed using 48 simulations. It is comparable to the linear regression model, which is obtained using 1152 simulations. Additionally, a tabular W-element model of a differential stripline is used to take into consideration the frequency-dependent dielectric loss. In order to demonstrate the expandability of this approach, the methodology was applied to two differential pairs of striplines in the frequency range of 10 MHz to 20 GHz.