Biblio

SummaryIn this study, the propagation and resonance properties of shear-horizontal surface acoustic waves (SH SAWs) on a rotated Y-cut 90°X propagating Ca3TaGa3Si2O14 (CTGS) with a Au- or Al-interdigital transducer (IDT) were investigated theoretically and experimentally. It was found that not only a high-density Au-IDT but also a conventional Al-IDT enables the energy trapping of SH SAW in the vicinity of the surface. For both IDTs, the effective electromechanical coupling factor of about 1.2% and the zero temperature coefficient of frequency can be simultaneously obtained by adjusting the cut angle of CTGS and the electrode film thickness.

Conpot is a low-interaction SCADA honeypot system that mimics a Siemens S7-200 proprietary device on default deployments. Honeypots operating using standard configurations can be easily detected by adversaries using scanning tools such as Shodan. This study focuses on the capabilities of the Conpot honeypot, and how these competences can be used to lure attackers. In addition, the presented research establishes a framework that enables for the customized configuration, thereby enhancing its functionality to achieve a high degree of deceptiveness and realism when presented to the Shodan scanners. A comparison between the default and configured deployments is further conducted to prove the modified deployments' effectiveness. The resulting annotations can assist cybersecurity personnel to better acknowledge the effectiveness of the honeypot's artifacts and how they can be used deceptively. Lastly, it informs and educates cybersecurity audiences on how important it is to deploy honeypots with advanced deceptive configurations to bait cybercriminals.

Emerging safety-critical systems require high-performance data-parallel architectures and, problematically, ones that can guarantee tight and safe worst-case execution times. Given the complexity of existing architectures like GPUs, it is unlikely that sufficiently accurate models and algorithms for timing analysis will emerge in the foreseeable future. This motivates our work on Sim-D, a clean-slate approach to designing a real-time data-parallel architecture. Sim-D enforces a predictable execution model by isolating compute- and access resources in hardware. The DRAM controller uninterruptedly transfers tiles of data, requested by entire work-groups. This permits work-groups to be executed as a sequence of deterministic access- and compute phases, scheduling phases from up to two work-groups in parallel. Evaluation using a cycle-accurate timing model shows that Sim-D can achieve performance on par with an embedded-grade NVIDIA TK1 GPU under two conditions: applications refrain from using indirect DRAM transfers into large buffers, and Sim-D's scratchpads provide sufficient bandwidth. Sim-D's design facilitates derivation of safe WCET bounds that are tight within 12.7 percent on average, at an additional average performance penalty of \textbackslashsim∼9.2 percent caused by scheduling restrictions on phases.

In real-time video streaming, data packets are transported over the network from a transmitter to a receiver. The quality of the received video fluctuates as the network conditions change, and it can degrade substantially when there is considerable packet loss. Forward error correction (FEC) techniques can be used to recover lost packets by incorporating redundant data. Conventional FEC schemes do not work well when scalable video coding (SVC) is adopted. In this paper, we propose a novel FEC scheme that overcomes the drawbacks of these schemes by considering the reference picture structure of SVC and weighting the reference pictures more when FEC redundancy is applied. The experimental results show that the proposed FEC scheme outperforms conventional FEC schemes.

Though several deep learning (DL) detectors have been proposed for the network attack detection and achieved high accuracy, they are computationally expensive and struggle to satisfy the real-time detection for high-speed networks. Recently, programmable switches exhibit a remarkable throughput efficiency on production networks, indicating a possible deployment of the timely detector. Therefore, we present Soter, a DL enhanced in-network framework for the accurate real-time detection. Soter consists of two phases. One is filtering packets by a rule-based decision tree running on the Tofino ASIC. The other is executing a well-designed lightweight neural network for the thorough inspection of the suspicious packets on the CPU. Experiments on the commodity switch demonstrate that Soter behaves stably in ten network scenarios of different traffic rates and fulfills per-flow detection in 0.03s. Moreover, Soter naturally adapts to the distributed deployment among multiple switches, guaranteeing a higher total throughput for large data centers and cloud networks.

Aim: To bring off the spam detection in social media using Support Vector Machine (SVM) algorithm and compare accuracy with Artificial Neural Network (ANN) algorithm sample size of dataset is 5489, Initially the dataset contains several messages which includes spam and ham messages 80% messages are taken as training and 20% of messages are taken as testing. Materials and Methods: Classification was performed by KNN algorithm (N=10) for spam detection in social media and the accuracy was compared with SVM algorithm (N=10) with G power 80% and alpha value 0.05. Results: The value obtained in terms of accuracy was identified by ANN algorithm (98.2%) and for SVM algorithm (96.2%) with significant value 0.749. Conclusion: The accuracy of detecting spam using the ANN algorithm appears to be slightly better than the SVM algorithm.

One of the key topics in network security research is the autonomous COA (Couse-of-Action) attack search method. Traditional COA attack search methods that passively search for attacks can be difficult, especially as the network gets bigger. To address these issues, new autonomous COA techniques are being developed, and among them, an intelligent spatial algorithm is designed in this paper for efficient operations in scalable networks. On top of the spatial search, a Monte-Carlo (MC)-based temporal approach is additionally considered for taking care of time-varying network behaviors. Therefore, we propose a spatio-temporal attack COA search algorithm for scalable and time-varying networks.

With the inception of the Spectre attack in 2018, microarchitecture mitigation strategies propose secure cache hi-erarchies that do not leak the speculative state. Among many mitigation strategies, MuonTrap, proposes an efficient, secure cache hierarchy that provides speculative attack resiliency with minimum performance slowdown. Hardware prefetchers play a significant role in improving application performance by fetching and bringing data and instructions into caches before time. To prevent hardware prefetchers from leaking information about the speculative blocks brought into the cache, MuonTrap trains and triggers hardware prefetchers on the committed instruction streams, eliminating speculative state leakage. We find that on-commit prefetching can lead to significant performance slowdown as high as 20.46 % (primarily because of prefetch timeliness issues), making hardware prefetchers less effective. We propose Speculative yet Secure Prefetching (SpecPref), enhancements on top of the MuonTrap hierarchy that allows prefetching both on-commit and speculatively. We focus on improving the performance slowdown with the state-of-the-art hardware prefetchers without compromising the security guarantee provided by the MuonTrap implementation and provide an average performance slowdown of 1.17%.

To restrict unauthorized access to the data of the website. Most of the web-based systems nowadays require users to verify themselves before accessing the website is authentic information. In terms of security, it is very important to take different security measures for the protection of the authentic data of the website. However, most of the authentication systems which are used on the web today have several security flaws. This document is based on the security of the previous schemes. Compared to the previous approaches, this “spoofed proof stateless session model” method offers superior security assurance in a scenario in which an attacker has unauthorized access to the data of the website. The various protocol models are being developed and implemented on the web to analyze the performance. The aim was to secure the authentic database backups of the website and prevent them from SQL injection attacks by using the read-only properties for the database. This limits potential harm and provides users with reasonable security safeguards when an attacker has an unauthorized read-only access to the website's authentic database. This scheme provides robustness to the disclosure of authentic databases. Proven experimental results show the overheads due to the modified authentication method and the insecure model.

In this paper, the axial symmetry is used to analyze the deformation and stress change of the wheel, so as to reduce the scale of analysis and reduce the cost in industrial production. Firstly, the material properties are defined, then the rotation section of the wheel is established, the boundary conditions are defined, the model is divided by finite element, the angular velocity and pressure load during rotation are applied, and the radial and axial deformation diagram, radial, axial and equivalent stress distribution diagram of the wheel are obtained through analysis and solution. The use of axisymmetric characteristics can reduce the analysis cost in the analysis, and can be applied to materials or components with such characteristics, so as to facilitate the design and improvement of products and reduce the production cost.

Child facial expression recognition is a relatively less investigated area within affective computing. Children’s facial expressions differ significantly from adults; thus, it is necessary to develop emotion recognition frameworks that are more objective, descriptive and specific to this target user group. In this paper we propose the first approach that (i) constructs video-level heterogeneous graph representation for facial expression recognition in children, and (ii) predicts children’s facial expressions using the automatically detected Action Units (AUs). To this aim, we construct three separate length-independent representations, namely, statistical, spectral and graph at video-level for detailed multi-level facial behaviour decoding (AU activation status, AU temporal dynamics and spatio-temporal AU activation patterns, respectively). Our experimental results on the LIRIS Children Spontaneous Facial Expression Video Database demonstrate that combining these three feature representations provides the highest accuracy for expression recognition in children.

Nowadays big shopping marts are expanding their business all over the world but not all marts are fully protected with the advanced security system. Very often we come across cases where people take the things out of the mart without billing. These marts require some advanced features-based security system for them so that they can run an efficient and no-loss business. The idea we are giving here can not only be implemented in marts to enhance their security but can also be used in various other fields to cope up with the incompetent management system. Several issues of the stores like regular stock updating, placing orders for new products, replacing products that have expired can be solved with the idea we present here. We also plan on making the slow processes of billing and checking out of the mart faster and more efficient that would result in customer satisfaction.

The Internet of Things (IoT) is rapidly evolving, allowing physical items to share information and coordinate with other nodes, increasing IoT’s value and being widely applied to various applications. Radio Frequency Identification (RFID) is usually used in IoT applications to automate item identification by establishing symmetrical communication between the tag device and the reader. Because RFID reading data is typically in plain text, a security mechanism is required to ensure that the reading results from this RFID data remain confidential. Researchers propose a lightweight encryption algorithm framework for IoT-based RFID applications to address this security issue. Furthermore, this research assesses the implementation of lightweight encryption algorithms, such as Grain v1 and Espresso, as two systems scenarios. The Grain v1 encryption is the final eSTREAM project that accepts an 80-bit key, 64-bit IV, and has a 160-bit internal state with limited application. In contrast, the Espresso algorithm has been implemented in various applications such as 5G wireless communication. Furthermore, this paper tested the performance of each encryption algorithm in the microcontroller and inspected the network performance in an IoT system.

Study on the effect of nanosecond laser anneal (NLA) induced crystallization of ferroelectric (FE) Si-doped hafnium oxide (HSO) material is reported. The laser energy density (0.3 J/cm2 to 1.3 J/cm2) and pulse count (1.0 to 30) variations are explored as pathways for the HSO based metal-ferroelectric-metal (MFM) capacitors. The increase in energy density shows transition toward ferroelectric film crystallization monitored by the remanent polarization (2Pr) and coercive field (2Ec). The NLA conditions show maximum 2Pr (\$\textbackslashsim 24\textbackslash \textbackslashmu\textbackslashmathrmC/\textbackslashtextcmˆ2\$) comparable to the values obtained from reference rapid thermal processing (RTP). Reliability dependence in terms of fatigue (107 cycles) of MFMs on NLA versus RTP crystallization anneal is highlighted. The NLA based MFMs shows improved fatigue cycling at high fields for the low energy densities compared to an RTP anneal. The maximum fatigue cycles to breakdown shows a characteristic dependence on the laser energy density and pulse count. Leakage current and dielectric breakdown of NLA based MFMs at the transition of amorphous to crystalline film state is reported. The role of NLA based anneal on ferroelectric film crystallization and MFM stack reliability is reported in reference with conventional RTP based anneal.

Cyberattacks have been progressed in the fields of Internet of Things, and artificial intelligence technologies using the advanced persistent threat (APT) method recently. The damage caused by ransomware is rapidly spreading among APT attacks, and the range of the damages of individuals, corporations, public institutions, and even governments are increasing. The seriousness of the problem has increased because ransomware has been evolving into an intelligent ransomware attack that spreads over the network to infect multiple users simultaneously. This study used open source endpoint detection and response tools to build and test a framework environment that enables systematic ransomware detection at the network and system level. Experimental results demonstrate that the use of EDR tools can quickly extract ransomware attack features and respond to attacks.

Lock design is an important mechanism for scheduling management and security protection in operating systems. However, there is no effective way to identify the differences and connections among lock models, and users need to spend considerable time to understand different lock architectures. In this paper, we propose a classification scheme that abstracts lock design into three types of models: basic spinlock, semaphore amount extension, lock chain structure, and verify the effectiveness of these three types of lock models in the context of current mainstream applications. We also investigate the specific details of applying this classification method, which can be used as a reference for developers to design lock models, thus shorten the software development cycle.

The term cryptocurrency refers to a digital currency based on cryptographic concepts that have become popular in recent years. Bitcoin is a decentralized cryptocurrency that uses the distributed append-only public database known as blockchain to record every transaction. The incentive-compatible Proof-of-Work (PoW)-centered decentralized consensus procedure, which is upheld by the network's nodes known as miners, is essential to the safety of bitcoin. Interest in Bitcoin appears to be growing as the market continues to rise. Bitcoins and Blockchains have identical fundamental ideas, which are briefly discussed in this paper. Various studies discuss blockchain as a revolutionary innovation that has various applications, spanning from bitcoins to smart contracts, and also about it being a solution to many issues. Furthermore, many papers are reviewed here that not only look at Bitcoin’s fundamental underpinning technologies, such as Mixing and the Bitcoin Wallets but also at the flaws in it.

Cyber-physical Systems can be defined as a complex networked control system, which normally develop by combining several physical components with the cyber space. Cyber Physical System are already a part of our daily life. As its already being a part of everyone life, CPS also have great potential security threats and can be vulnerable to various cyber-attacks without showing any sign directly to component failure. To protect user security and privacy is a fundamental concern of any kind of system; either it’s a simple web application or supplicated professional system. Digital Multifactor authentication is one of the best ways to make secure authentication. It covers many different areas of a Cyber-connected world, including online payments, communications, access right management, etc. Most of the time, Multifactor authentication is little complex as it requires extra step from users. This paper will discuss the evolution from single authentication to Multi-Factor Authentication (MFA) starting from Single-Factor Authentication (SFA) and through Two-Factor Authentication (2FA). This paper seeks to analyze and evaluate the most prominent authentication techniques based on accuracy, cost, and feasibility of implementation. We also suggest several authentication schemes which incorporate with Multifactor authentication for CPS.

Smart Phones being a revolution in this Modern era which is considered a boon as well as a curse, it is a known fact that most kids of the current generation are addictive to smartphones. The National Institute of Health (NIH) has carried out different studies such as exposure of smartphones to children under 12 years old, health risk associated with their usage, social implications, etc. One such study reveals that children who spend more than two hours a day, on smartphones have been seen performing poorly when it comes to language and cognitive skills. In addition, children who spend more than seven hours per day were diagnosed to have a thinner brain cortex. Hence, it is of great importance to control the amount of exposure of children to smartphones, as well as access to irregulated content. Significant research work has gone in this regard with a plethora of inputs features, feature extraction techniques, and machine learning models. This paper is a survey of the State-of-the-art techniques in detecting the age of the user using machine learning models on touch, keystroke dynamics, and sensor data.

We present a system for interactive examination of learned security policies. It allows a user to traverse episodes of Markov decision processes in a controlled manner and to track the actions triggered by security policies. Similar to a software debugger, a user can continue or or halt an episode at any time step and inspect parameters and probability distributions of interest. The system enables insight into the structure of a given policy and in the behavior of a policy in edge cases. We demonstrate the system with a network intrusion use case. We examine the evolution of an IT infrastructure’s state and the actions prescribed by security policies while an attack occurs. The policies for the demonstration have been obtained through a reinforcement learning approach that includes a simulation system where policies are incrementally learned and an emulation system that produces statistics that drive the simulation runs.

Synthetic static code analysis test suites are important to test the basic functionality of tools. We present a framework that uses different source code patterns to generate Cross Site Scripting and SQL injection test cases. A decision tree is used to determine if the test cases are vulnerable. The test cases are split into two test suites. The first test suite contains 258,432 test cases that have influence on the decision trees. The second test suite contains 20 vulnerable test cases with different data flow patterns. The test cases are scanned with two commercial static code analysis tools to show that they can be used to benchmark and identify problems of static code analysis tools. Expert interviews confirm that the decision tree is a solid way to determine the vulnerable test cases and that the test suites are relevant.

The long-living nature and byte-addressability of persistent memory (PM) amplifies the importance of strong memory protections. This paper develops temporal exposure reduction protection (TERP) as a framework for enforcing memory safety. Aiming to minimize the time when a PM region is accessible, TERP offers a complementary dimension of memory protection. The paper gives a formal definition of TERP, explores the semantics space of TERP constructs, and the relations with security and composability in both sequential and parallel executions. It proposes programming system and architecture solutions for the key challenges for the adoption of TERP, which draws on novel supports in both compilers and hardware to efficiently meet the exposure time target. Experiments validate the efficacy of the proposed support of TERP, in both efficiency and exposure time minimization.

An often overlooked but equally important aspect of unmanned aerial system (UAS) design is the security of their networking protocols and how they deal with cyberattacks. In this context, cyberattacks are malicious attempts to monitor or modify incoming and outgoing data from the system. These attacks could target anywhere in the system where a transfer of data occurs but are most common in the transfer of data between the control station and the UAS. A compromise in the networking system of a UAS could result in a variety of issues including increased network latency between the control station and the UAS, temporary loss of control over the UAS, or a complete loss of the UAS. A complete loss of the system could result in the UAS being disabled, crashing, or the attacker overtaking command and control of the platform, all of which would be done with little to no alert to the operator. Fortunately, the majority of higher-end, enterprise, and government UAS platforms are aware of these threats and take actions to mitigate them. However, as the consumer market continues to grow and prices continue to drop, network security may be overlooked or ignored in favor of producing the lowest cost product possible. Additionally, these commercial off-the-shelf UAS often use uniform, standardized frequency bands, autopilots, and security measures, meaning a cyberattack could be developed to affect a wide variety of models with minimal changes. This paper will focus on a low-cost educational-use UAS and test its resilience to a variety of cyberattack methods, including man-in-the-middle attacks, spoofing of data, and distributed denial-of-service attacks. Following this experiment will be a discussion of current cybersecurity practices for counteracting these attacks and how they can be applied onboard a UAS. Although in this case the cyberattacks were tested against a simpler platform, the methods discussed are applicable to any UAS platform attempting to defend against such cyberattack methods.

We demonstrate an in-house built Endpoint Detection and Response (EDR) for linux systems using open-sourced tools like Osquery and Elastic. The advantage of building an in-house EDR tools against using commercial EDR tools provides both the knowledge and the technical capability to detect and investigate security incidents. We discuss the architecture of the tools and advantages it offers. Specifically, in our method all the endpoint logs are collected at a common server which we leverage to perform correlation between events happening on different endpoints and automatically detect threats like pivoting and lateral movements. We discuss various attacks that can be detected by our tool.

Topic modeling algorithms from the natural language processing (NLP) discipline have been used for various applications. For instance, topic modeling for the product recommendation systems in the e-commerce systems. In this paper, we briefly reviewed topic modeling applications and then described our proposed idea of utilizing topic modeling approaches for cyber threat intelligence (CTI) applications. We improved the previous work by implementing BERTopic and Top2Vec approaches, enabling users to select their preferred pre-trained text/sentence embedding model, and supporting various languages. We implemented our proposed idea as the new topic modeling module for the Open Web Application Security Project (OWASP) Maryam: Open-Source Intelligence (OSINT) framework. We also described our experiment results using a leaked hacker forum dataset (nulled.io) to attract more researchers and open-source communities to participate in the Maryam project of OWASP Foundation.