Biblio

Machine learning techniques help to understand underlying patterns in datasets to develop defense mechanisms against cyber attacks. Multilayer Perceptron (MLP) technique is a machine learning technique used in detecting attack vs. benign data. However, it is difficult to construct any effective model when there are imbalances in the dataset that prevent proper classification of attack samples in data. In this research, we use UGR'16 dataset to conduct data wrangling initially. This technique helps to prepare a test set from the original dataset to train the neural network model effectively. We experimented with a series of inputs of varying sizes (i.e. 10000, 50000, 1 million) to observe the performance of the MLP neural network model with distribution of features over accuracy. Later, we use Generative Adversarial Network (GAN) model that produces samples of different attack labels (e.g. blacklist, anomaly spam, ssh scan) for balancing the dataset. These samples are generated based on data from the UGR'16 dataset. Further experiments with MLP neural network model shows that a balanced attack sample dataset, made possible with GAN, produces more accurate results than an imbalanced one.

The 5G network solutions currently standardised and deployed do not yet enable the full potential of pervasive networking and computing envisioned in 5G initial visions: network services and slices with different QoS profiles do not span multiple operators; security, trust and automation is limited. The evolution of 5G towards a truly production-level stage needs to heavily rely on automated end-to-end network operations, use of distributed Artificial Intelligence (AI) for cognitive network orchestration and management and minimal manual interventions (zero-touch automation). All these elements are key to implement highly pervasive network infrastructures. Moreover, Distributed Ledger Technologies (DLT) can be adopted to implement distributed security and trust through Smart Contracts among multiple non-trusted parties. In this paper, we propose an initial concept of a zero-touch security and trust architecture for ubiquitous computing and connectivity in 5G networks. Our architecture aims at cross-domain security & trust orchestration mechanisms by coupling DLTs with AI-driven operations and service lifecycle automation in multi-tenant and multi-stakeholder environments. Three representative use cases are identified through which we will validate the work which will be validated in the test facilities at 5GBarcelona and 5TONIC/Madrid.

A self-governing system consisting of mobile nodes that exchange information within a cellular area and is known as a mobile ad hoc network (MANET). Due to its dynamic nature, it is vulnerable to attacks and there is no fixed infrastructure. To transfer a data packet Ad-hoc On-Demand Distance Vector (AODV) is used and it's another form of a reactive protocol. The black-hole attack is a major attack that drastically decreases the packet delivery ratio during a data transaction in a routing environment. In this attack, the attacker's node acts as the shortest path to the target node itself. If the attacker node receives the data packet from the source node, all obtained data packets are excluded from a routing network. A trust-based routing scheme is suggested to ensure secure routing. This routing scheme is divided into two stages, i.e., the Data retrieval (DR), to identify and preserve each node data transfer mechanism in a routing environment and route development stage, to predict a safe path to transmit a data packet to the target node.

Robotics Mobile Ad-hoc Networks (MANETs) are comprised of stations having mobility with no central authority and control. The stations having mobility in Robotics MANETs work as a host as well as a router. Due to the unique characteristics of Robotics MANETs such type of networks are vulnerable to different security attacks. Ad-hoc On-demand Distance Vector (AODV) is a routing protocol that belongs to the reactive category of routing protocols in Robotics MANETs. However, it is more vulnerable to the Black hole (BH) attack that is one of the most common attacks in the Robotics MANETs environment. In this attack during the route disclosure procedure a malicious station promotes itself as a most brief path to the destination as well as after that drop every one of the data gotten by the malicious station. Meanwhile the packets don't reach to its ideal goal, the BH attack turns out to be progressively escalated when a heap of malicious stations attack the system as a gathering. This research analyzed different BH finding as well as removal mechanisms for AODV routing protocol.

Application programs are a possible source of attacks to databases as attackers might exploit vulnerabilities in a privileged database application. They can perform code injection or code-reuse attack in order to steal sensitive data. However, as such attacks very often result in changes in the program's behavior, program monitoring techniques represent an effective defense to detect on-going attacks. One such technique is monitoring the library/system calls that the application program issues while running. In this paper, we propose AD-PROM, an Anomaly Detection system that aims at protecting relational database systems against malicious/compromised applications PROgraMs aiming at stealing data. AD-PROM tracks calls executed by application programs on data extracted from a database. The system operates in two phases. The first phase statically and dynamically analyzes the behavior of the application in order to build profiles representing the application's normal behavior. AD-PROM analyzes the control and data flow of the application program (i.e., static analysis), and builds a hidden Markov model trained by the program traces (i.e., dynamic analysis). During the second phase, the program execution is monitored in order to detect anomalies that may represent data leakage attempts. We have implemented AD-PROM and carried experimental activities to assess its performance. The results showed that our system is highly accurate in detecting changes in the application programs' behaviors and has very low false positive rates.

The object of research is information security. The tools used for research are artificial neural networks. The goal is to increase the cryptography security. The problems are: the big volume of information, the expenses for neural networks design and training. It is offered to use the neural network for the cryptographic transformation of information.

Modern industrial control systems (ICS) act as victims of cyber attacks more often in last years. These cyber attacks often can not be detected by classical information security methods. Moreover, the consequences of cyber attack's impact can be catastrophic. Since cyber attacks leads to appearance of anomalies in the ICS and technological equipment controlled by it, the task of intrusion detection for ICS can be reformulated as the task of industrial process anomaly detection. This paper considers the applicability of generative adversarial networks (GANs) in the field of industrial processes anomaly detection. Existing approaches for GANs usage in the field of information security (such as anomaly detection in network traffic) were described. It is proposed to use the BiGAN architecture in order to detect anomalies in the industrial processes. The proposed approach has been tested on Secure Water Treatment Dataset (SWaT). The obtained results indicate the prospects of using the examined method in practice.

It is necessary to improve the safety of the underwater acoustic sensor networks (UASNs) since it is mostly used in the military industry. Specific emitter identification is the process of identifying different transmitters based on the radio frequency fingerprint extracted from the received signal. The sonar transmitter is a typical low-frequency radiation source and is an important part of the UASNs. Class D power amplifier, a typical nonlinear amplifier, is usually used in sonar transmitters. The inherent nonlinearity of power amplifiers provides fingerprint features that can be distinguished without transmitters for specific emitter recognition. First, the nonlinearity of the sonar transmitter is studied in-depth, and the nonlinearity of the power amplifier is modeled and its nonlinearity characteristics are analyzed. After obtaining the nonlinear model of an amplifier, a similar amplifier in practical application is obtained by changing its model parameters as the research object. The output signals are collected by giving the same input of different models, and, then, the output signals are extracted and classified. In this paper, the memory polynomial model is used to model the amplifier. The power spectrum features of the output signals are extracted as fingerprint features. Then, the dimensionality of the high-dimensional features is reduced. Finally, the classifier is used to recognize the amplifier. The experimental results show that the individual sonar transmitter can be well identified by using the nonlinear characteristics of the signal. By this way, this method can enhance the communication safety of the UASNs.

Trust is a fundamental factor in how users engage in interactions with Visual Analytics (VA) systems. While the importance of building trust to this end has been pointed out in research, the aspect that trust can also be misplaced is largely ignored in VA so far. This position paper addresses this aspect by putting trust calibration in focus – i.e., the process of aligning the user’s trust with the actual trustworthiness of the VA system. To this end, we present the trust continuum in the context of VA, dissect important trust issues in both VA systems and users, as well as discuss possible approaches that can build and calibrate trust.

Mobile Ad-hoc Network (MANET) consists of different configurations, where it deals with the dynamic nature of its creation and also it is a self-configurable type of a network. The primary task in this type of networks is to develop a mechanism for routing that gives a high QoS parameter because of the nature of ad-hoc network. The Ad-hoc-on-Demand Distance Vector (AODV) used here is the on-demand routing mechanism for the computation of the trust. The proposed approach uses the Artificial neural network (ANN) and the Support Vector Machine (SVM) for the discovery of the black hole attacks in the network. The results are carried out between the black hole AODV and the security mechanism provided by us as the Secure AODV (SAODV). The results were tested on different number of nodes, at last, it has been experimented for 100 nodes which provide an improvement in energy consumption of 54.72%, the throughput is 88.68kbps, packet delivery ratio is 92.91% and the E to E delay is of about 37.27ms.

After several years of research on onion routing, Camenisch and Lysyanskaya, in an attempt at rigorous analysis, defined an ideal functionality in the universal composability model, together with properties that protocols have to meet to achieve provable security. A whole family of systems based their security proofs on this work. However, analyzing HORNET and Sphinx, two instances from this family, we show that this proof strategy is broken. We discover a previously unknown vulnerability that breaks anonymity completely, and explain a known one. Both should not exist if privacy is proven correctly.In this work, we analyze and fix the proof strategy used for this family of systems. After proving the efficacy of the ideal functionality, we show how the original properties are flawed and suggest improved, effective properties in their place. Finally, we discover another common mistake in the proofs. We demonstrate how to avoid it by showing our improved properties for one protocol, thus partially fixing the family of provably secure onion routing protocols.

In the context of insiders, preventive security measures have a high likelihood of failing because insiders ought to have sufficient privileges to perform their jobs. Instead, in this paper, we propose to treat the insider threat by a detective measure that holds an insider accountable in case of violations. However, to enable accountability, we need to create causal models that support reasoning about the causality of a violation. Current security models (e.g., attack trees) do not allow that. Still, they are a useful source for creating causal models. In this paper, we discuss the value added by causal models in the security context. Then, we capture the interaction between attack trees and causal models by proposing an automated approach to extract the latter from the former. Our approach considers insider-specific attack classes such as collusion attacks and causal-model-specific properties like preemption relations. We present an evaluation of the resulting causal models’ validity and effectiveness, in addition to the efficiency of the extraction process.
 

Most cyber-attacks and data breaches in cloud infrastructure are due to human errors and misconfiguration vulnerabilities. Cloud customer-centric tools are imperative for mitigating these issues, however existing cloud security models are largely unable to tackle these security challenges. Therefore, novel security mechanisms are imperative, we propose Risk-driven Fault Injection (RDFI) techniques to address these challenges. RDFI applies the principles of chaos engineering to cloud security and leverages feedback loops to execute, monitor, analyze and plan security fault injection campaigns, based on a knowledge-base. The knowledge-base consists of fault models designed from secure baselines, cloud security best practices and observations derived during iterative fault injection campaigns. These observations are helpful for identifying vulnerabilities while verifying the correctness of security attributes (integrity, confidentiality and availability). Furthermore, RDFI proactively supports risk analysis and security hardening efforts by sharing security information with security mechanisms. We have designed and implemented the RDFI strategies including various chaos engineering algorithms as a software tool: CloudStrike. Several evaluations have been conducted with CloudStrike against infrastructure deployed on two major public cloud infrastructure: Amazon Web Services and Google Cloud Platform. The time performance linearly increases, proportional to increasing attack rates. Also, the analysis of vulnerabilities detected via security fault injection has been used to harden the security of cloud resources to demonstrate the effectiveness of the security information provided by CloudStrike. Therefore, we opine that our approaches are suitable for overcoming contemporary cloud security issues.

Budding technologies like IoT requires minimum latency for performing real-time applications. The IoT devices collect a huge amount of big data and stores in the cloud environment, because of its on-demand services and scalability. But processing the needed information of the IoT devices from the cloud computing environment is found to be time-sensitive one. To eradicate this issue fog computing environment was created which acts an intermediate between the IoT devices and cloud computing environment. The fog computing performs intermediate computation and storage which is needed by IoT devices and it eliminates the drawbacks of latency and bandwidth limitation faced by directly using cloud computing for storage and accessing. The fog computing even though more advantageous it is more exposed to security issues by its architecture. This paper concentrates more on the security issues met by fog computing and the present methods used by the researchers to secure fog with their pros and cons.

In order to the development of IoT, IETF developed a standard named 6LoWPAN for increase the usage of IPv6 to the tiny and smart objects with low power. Generally, the 6LoWPAN radio link needs end to end (e2e) security for its IPv6 communication process. 6LoWPAN requires light weight variant of security solutions in IPSec. A new security approach of 6LoWPAN at adaptation layer to provide e2e security with light weight IPSec. The existing security protocol IPsec is not suitable for its 6LoWPAN IoT environment because it has heavy restrictions on memory, power, duty cycle, additional overhead transmission. The IPSec had packet overhead problem due to share the secret key between two communicating peers by IKE (Internet Key Exchange) protocol. Hence the existing security protocol IPSec solutions are not suitable for lightweight-based security need in 6LoWPAN IoT. This paper describes 6LowPSec protocol with AES-CCM (Cipher block chaining Message authentication code with Counter mode) cryptographic algorithm with key size of 128 bits with minimum power consumption and duty cycle.

Trustworthy and secure operation of the cyber-power system calls for resilience against malicious and accidental failures. The objective of a resilient system is to withstand and recover operation of the system to supply critical loads despite multiple contingencies in the system. To take timely actions, we need to continuously measure the cyberphysical security of the system. We propose a cyber-physical security assessment metric (CP-SAM) based on quantitative factors affecting resiliency and utilizing concepts from graph theoretic analysis, probabilistic model of availability, attack graph metrics, and vulnerabilities across different layers of the microgrid system. These factors are integrated into a single metric using a multi-criteria decision making (MCDM) technique, Choquet Integral to compute CP-SAM. The developed metric will be valuable for i) monitoring the microgrid resiliency considering a holistic cyber-physical model; and ii) enable better decision-making to select best possible mitigation strategies towards resilient microgrid system. Developed CP-SAM can be extended for active distribution system and has been validated in a real-world power-grid test-bed to monitor the microgrid resiliency.

This work aims to formulate an effective scheme which can detect and mitigate of Distributed Denial of Service (DDoS) attack in Software Defined Networks. Distributed Denial of Service attacks are one of the most destructive attacks in the internet. Whenever you heard of a website being hacked, it would have probably been a victim of a DDoS attack. A DDoS attack is aimed at disrupting the normal operation of a system by making service and resources unavailable to legitimate users by overloading the system with excessive superfluous traffic from distributed source. These distributed set of compromised hosts that performs the attack are referred as Botnet. Software Defined Networking being an emerging technology, offers a solution to reduce network management complexity. It separates the Control plane and the data plane. This decoupling provides centralized control of the network with programmability and flexibility. This work harness this programming ability and centralized control of SDN to obtain the randomness of the network flow data. This statistical approach utilizes the source IP in the network and various attributes of TCP flags and calculates entropy from them. The proposed technique can detect volume based and application based DDoS attacks like TCP SYN flood, Ping flood and Slow HTTP attacks. The methodology is evaluated through emulation using Mininet and Detection and mitigation strategies are implemented in POX controller. The experimental results show the proposed method have improved performance evaluation parameters including the Attack detection time, Delay to serve a legitimate request in the presence of attacker and overall CPU utilization.

In this study, it was aimed to recognize the emotional state from facial images using the deep learning method. In the study, which was approved by the ethics committee, a custom data set was created using videos taken from 20 male and 20 female participants while simulating 7 different facial expressions (happy, sad, surprised, angry, disgusted, scared, and neutral). Firstly, obtained videos were divided into image frames, and then face images were segmented using the Haar library from image frames. The size of the custom data set obtained after the image preprocessing is more than 25 thousand images. The proposed convolutional neural network (CNN) architecture which is mimics of LeNet architecture has been trained with this custom dataset. According to the proposed CNN architecture experiment results, the training loss was found as 0.0115, the training accuracy was found as 99.62%, the validation loss was 0.0109, and the validation accuracy was 99.71%.

Modbus TCP/IP protocol is a commonly used protocol in industrial automation control systems, systems responsible for sensitive operations such as gas turbine operation and refinery control. The protocol was designed decades ago with no security features in mind. Denial of service attack and malicious parameter command injection are examples of attacks that can exploit vulnerabilities in industrial control systems that use Modbus/TCP protocol. This paper discusses and explores the use of intrusion detection and prevention systems (IDPS) with deep packet inspection (DPI) capabilities and DPI industrial firewalls that have capability to detect and stop highly specialized attacks hidden deep in the communication flow. The paper has the following objectives: (i) to develop signatures for IDPS for common attacks on Modbus/TCP based network architectures; (ii) to evaluate performance of three IDPS - Snort, Suricata and Bro - in detecting and preventing common attacks on Modbus/TCP based control systems; and (iii) to illustrate and emphasize that the IDPS and industrial firewalls with DPI capabilities are not preventing but only mitigating likelihood of exploitation of Modbus/TCP vulnerabilities in the industrial and automation control systems. The results presented in the paper illustrate that it might be challenging task to achieve requirements on real-time communication in some industrial and automation control systems in case the DPI is implemented because of the latency and jitter introduced by these IDPS and DPI industrial firewall.

This is GAO’s 18th annual assessment of DOD acquisition programs. GAO’s prior assessments covered major defense acquisition programs. This year’s assessment expands to include selected major IT systems and rapid prototyping and rapid fielding programs, in response to a provision in the National Defense Authorization Act for Fiscal Year 2019.

This report (1) summarizes the characteristics of 121 weapon and IT programs, (2) examines cost and schedule measures and other topics for these same programs, and (3) summarizes selected organizational and legislative changes. GAO identified the 121 programs for review based on their cost and acquisition status. GAO selected organizational and legislative changes that it determined related to the execution and oversight of the 121 programs.

GAO reviewed relevant legislation and DOD reports, collected data from program offices through a questionnaire, and interviewed DOD officials.
Additional analyses and assessments of major IT programs are included in a companion report to be issued later this year.

The Department of Defense (DOD) currently plans to invest over $1.8 trillion to acquire new major weapon systems such as aircraft, ships, and satellites. At the same time, the department is investing billions more in information technology (IT) systems and capabilities that it expects to either prototype or field rapidly through a new middle-tier acquisition pathway. (See table.)

Zero Trust Model ensures each node is responsible for the approval of the transaction before it gets committed. The data owners can track their data while it’s shared amongst the various data custodians ensuring data security. The consensus algorithm enables the users to trust the network as malicious nodes fail to get approval from all nodes, thereby causing the transaction to be aborted. The use case chosen to demonstrate the proposed consensus algorithm is the college placement system. The algorithm has been extended to implement a diversified, decentralized, automated placement system, wherein the data owner i.e. the student, maintains an immutable certificate vault and the student’s data has been validated by a verifier network i.e. the academic department and placement department. The data transfer from student to companies is recorded as transactions in the distributed ledger or blockchain allowing the data to be tracked by the student.

MANETs are wireless networks, providing properties such as self-configuration, mobility, and flexibility to the network, which make them a popular and widely used technique. As the usage and popularity of the networks increases, security becomes the most important factor to be concerned. For the sake of security, several protocols and methodologies have been developed for the networks. Along with the increase in security mechanisms, the number of attacks and attackers also increases and hence the threat to the network and secure communication within it increases as well. Some of the attacks have been resolved by the proposed methodologies but some are still a severe threat to the framework, one such attack is Black Hole Attack. The proposed work integrates the SUPERMAN (Security Using Pre-Existing Routing for Mobile Ad-hoc Networks) framework with appropriate methodology to detect and prevent the network from the Black Hole Attack. The mechanism is based on the AODV (Ad-hoc On-demand Distance Vector) routing protocol. In the methodology, the source node uses two network routes, from the source to the destination, one for sending the data packet and another for observing the intermediate nodes of the initial route. If any node is found to be a Black Hole node, then the route is dropped and the node is added to the Black Hole list and a new route to send the data packet to the destination is discovered.

Mobile Adhoc networks (MANETs) comprises of mobile devices or nodes that are connected wirelessly and have no infrastructure. Detecting malicious activities in MANETs is a challenging task as they are vulnerable to attacks where the performance of the entire network degrades. Hence it is necessary to provide security to the network so that the nodes are prone to attack. Selecting a good routing protocol in MANET is also important as frequent change of topology causes the route reply to not arrive at the source node. In this paper, R-AODV (Reverse Adhoc On-Demand Distance Vector) protocol along with ECC (Elliptic Key Cryptography) algorithm is designed and implemented to detect and to prevent the malicious node and to secure data transmission against blackhole attack. The main objective is to keep the data packets secure. ECC provides a smaller key size compared to other public-key encryption and eliminates the requirement of pre-distributed keys also makes the path more secure against blackhole attacks in a MANET. The performance of this proposed system is simulated by using the NS-2.35 network simulator. Simulation results show that the proposed protocol provides good experimental results on various metrics like throughput, end-to-end delay, and PDR. Analysis of the results points to an improvement in the overall network performance.

The dynamic and adaptable characteristics of mobile ad hoc networks have made it a significant field for deploying various applications in wireless sensor networks. Increasing popularity of the portable devices is the main reason for the development of mobile ad hoc networks. Furthermore, the network does not require a fixed architecture and it is easy to deploy. This type of network is highly vulnerable to cyber-attacks as the nodes communicate with each other through a Wireless medium. The most critical attack in ad hoc network is jellyfish attack. In this research we have proposed a Direct Trust-based Detection Algorithm to detect and prevent jellyfish attack in MANET.

Biometric authentication is the preferred authentication scheme in modern computing systems. While it offers enhanced usability, it also requires cautious handling of sensitive users' biometric templates. In this paper, a distributed scheme that eliminates the requirement for a central node that holds users' biometric templates is presented. This is replaced by an Ethereum/IPFS combination to which the templates of the users are stored in a homomorphically encrypted form. The scheme enables the biometric authentication of the users by any third party service, while the actual biometric templates of the user never leave his device in non encrypted form. Secure authentication of users in enabled, while sensitive biometric data are not exposed to anyone. Experiments show that the scheme can be applied as an authentication mechanism with minimal time overhead.