Biblio

Although OpenFlow-based SDN networks make it easier to design and test new protocols, when you think of clean slate architectures, their use is quite limited because the parameterization of its flows resides primarily in TCP/IP protocols. Besides, despite the many benefits that SDN offers, some aspects have not yet been adequately addressed, such as management plane activities, network startup, and options for connecting the data plane to the control plane. Based on these issues and limitations, this work presents a bootstrap protocol for SDN-based networks, which allows, beyond the network topology discovery, automatic configuration of an inband control plane. The protocol is designed to act only on layer two, in an autonomous, distributed and deterministic way, with low overhead and has the intent to be the basement for the implementation of other management plane related activities. A formal specification of the protocol is provided. In addition, an analytical model was created to preview the number of required messages to establish the control plane. According to this model, the proposed protocol presents less overhead than similar de-facto protocols used to topology discovery in SDN networks.

Emotions are a powerful tool in communication and one way that humans show their emotions is through their facial expressions. One of the challenging and powerful tasks in social communications is facial expression recognition, as in non-verbal communication, facial expressions are key. In the field of Artificial Intelligence, Facial Expression Recognition (FER) is an active research area, with several recent studies using Convolutional Neural Networks (CNNs). In this paper, we demonstrate the classification of FER based on static images, using CNNs, without requiring any pre-processing or feature extraction tasks. The paper also illustrates techniques to improve future accuracy in this area by using pre-processing, which includes face detection and illumination correction. Feature extraction is used to extract the most prominent parts of the face, including the jaw, mouth, eyes, nose, and eyebrows. Furthermore, we also discuss the literature review and present our CNN architecture, and the challenges of using max-pooling and dropout, which eventually aided in better performance. We obtained a test accuracy of 61.7% on FER2013 in a seven-classes classification task compared to 75.2% in state-of-the-art classification.

In this article, the writers suggested a scheme for analyzing the optimum crop cultivation based on Fuzzy Logic Network (Implementation of Fuzzy Logic Control in Predictive Analysis and Real Time Monitoring of Optimum Crop Cultivation) knowledge. The Fuzzy system is Fuzzy Logic's set. By using the soil, temperature, sunshine, precipitation and altitude value, the scheme can calculate the output of a certain crop. By using this scheme, the writers hope farmers can boost f arm output. This, thus will have an enormous effect on alleviating economical deficiency, strengthening rate of employment, the improvement of human resources and food security.

Machine to Machine (M2M) a sub area of Internet of Things (IoT) will link billions of devices or things distributed around the world using the Internet. These devices when connected exchange information obtained from the environment such as temperature or humidity from industrial or residential control process. Information Security (IS) and Trust are one of the fundamental points for users and the industry to accept the use of these devices with Confidentiality, Integrity, Availability and Authenticity. The key reason is that most of these devices use wireless media especially in residential and smart city environments. The overall goal of this work is to implement a Middleware Security to improve Safety and Security between the control network devices used in IoT/M2M and the Internet for residential or industrial environments. This implementation has been tested with different protocols as CoAP and MQTT, a microcomputer with free Real-Time Operating System (RTOS) implemented in a Raspberry Pi Gateway Access Point (RGAP), Network Address Translator (NAT), IPTable firewall and encryption is part of this implementation for secure data transmission

In the current world, day by day the data growth and the investigation about that information increased due to the pervasiveness of computing devices, but people are reluctant to share their information on online portals or surveys fearing safety because sensitive information such as credit card information, medical conditions and other personal information in the wrong hands can mean danger to the society. These days privacy preserving has become a setback for storing data in data repository so for that reason data in the repository should be made undistinguishable, data is encrypted while storing and later decrypted when needed for analysis purpose in data mining. While storing the raw data of the individuals it is important to remove person-identifiable information such as name, employee id. However, the other attributes pertaining to the person should be encrypted so the methodologies used to implement. These methodologies can make data in the repository secure and PPDM task can made easier.

In this paper, Reversible data hiding using difference statistics technique incorporating QR codes was proposed. Here, Quick Response (QR) codes were employed as an additional feature and were hidden in the corners of the original image to direct to the hyperlink after authentication and then embedding the secret data bits was carried out. At the receiver side, when the QR codes were scanned by the user, the link to the webpage was accessed, and then the original image and the secret data bits were recovered by using the proposed reversible data hiding scheme. In the proposed scheme, the pixels of the cover image were scanned in row-major order fashion, and the differences between the adjacent pixels were computed, keeping the first pixel unaltered to maintain the size of the host and the difference image same. Now, the histogram was shifted towards the right or left to reduce the redundancy and then to embed the secret data bits were done. Due to the similarity exists between the pixel values, the difference between the host and the secret image reconstructs the marked image. The proposed scheme was carried out using MATLAB 2013. PSNR (Peak Signal to Noise Ratio) and payload have been computed for various test images to validate the proposed scheme and found to be better than the available literature.

Summary & Conclusions: The work described addresses assurance of a planning and execution software system being added to an in-orbit CubeSat to demonstrate autonomous control of that spacecraft. Our focus was on how to develop assurance of the correct operation of the added software in its operational context, our approach to which was to use an assurance case to guide and organize the information involved. The relatively manageable magnitude of the CubeSat and its autonomy demonstration experiment made it plausible to try out our assurance approach in a relatively short timeframe. Additionally, the time was ripe to inject useful assurance results into the ongoing development and testing of the autonomy demonstration. In conducting this, we sought to answer several questions about our assurance approach. The questions, and the conclusions we reached, are as follows: 1. Question: Would our approach to assurance apply to the introduction of a planning and execution software into an existing system? Conclusion: Yes. The use of an assurance case helped focus our attention on the more challenging aspects, notably the interactions between the added software and the existing software system into which it was being introduced. This guided us to choose a hazard analysis method specifically for software interactions. In addition, we were able to automate generation of assurance case elements from the hazard analysis' tabular representation. 2. Question: Would our methods prove understandable to the software engineers tasked with integrating the software into the CubeSat's existing system? Conclusion: Somewhat. In interim discussions with the software engineers we found the assurance case style, of decomposing an argument into smaller pieces, to be useful and understandable to organize discussion. Ultimately however we did not persuade them to adopt assurance cases as the means to present review information. We attribute this to reluctance to deviate from JPL's tried and true style of holding reviews. For the CubeSat project as a whole, hosting an autonomy demonstration was already a novelty. Combining this with presentation of review information via an assurance case, with which our reviewers would be unaccustomed, would have exacerbated the unfamiliarity. 3. Question: Would conducting our methods prove to be compatible with the (limited) time available of the software engineers? Conclusion: Yes. We used a series of six brief meetings (approximately one hour each) with the development team to first identify the interactions as the area on which to focus, and to then perform the hazard analysis on those interactions. We used the meetings to confirm, or correct as necessary, our understanding of the software system and the spacecraft context. Between meetings we studied the existing software documentation, did preliminary analyses by ourselves, and documented the results in a concise form suitable for discussion with the team. 4. Question: Would our methods yield useful results to the software engineers? Conclusion: Yes. The hazard analysis systematically confirmed existing hazards' mitigations, and drew attention to a mitigation whose implementation needed particular care. In some cases, the analysis identified potential hazards - and what to do about them - should some of the more sophisticated capabilities of the planning and execution software be used. These capabilities, not exercised in the initial experiments on the CubeSat, may be used in future experiments. We remain involved with the developers as they prepare for these future experiments, so our analysis results will be of benefit as these proceed.

Complex CPS such as UAS got rapid development these years, but also became vulnerable to GPS spoofing, packets injection, buffer-overflow and other malicious attacks. Ensuring the behaviors of UAS always keeping secure no matter how the environment changes, would be a prospective direction for UAS security. This paper aims at presenting a reactive synthesis-based approach to implement the automatic generation of secure UAS controller. First, we study the operating mechanism of UAS and construct a high-Ievel model consisting of actuator and monitor. Besides, we analyze the security threats of UAS from the perspective of hardware, software and data transmission, and then extract the corresponding specifications of security properties with LTL formulas. Based on the UAS model and security specifications, the controller can be constructed by GR(1) synthesis algorithm, which is a two-player game process between UAV and Environment. Finally, we expand the function of LTLMoP platform to construct the automatons for controller in multi-robots system, which provides secure behavior strategies under several typical UAS attack scenarios.

Over the years, a number of vulnerability scoring frameworks have been proposed to characterize the severity of known vulnerabilities in software-dependent systems. These frameworks provide security metrics to support decision-making in system development and security evaluation and assurance activities. When used in this context, it is imperative that these security metrics be sound, meaning that they can be consistently measured in a reproducible, objective, and unbiased fashion while providing contextually relevant, actionable information for decision makers. In this paper, we evaluate the soundness of the security metrics obtained via several vulnerability scoring frameworks. The evaluation is based on the Method for DesigningSound Security Metrics (MDSSM). We also present several recommendations to improve vulnerability scoring frameworks to yield more sound security metrics to support the development of secure software-dependent systems.

Proof of integrity in produced video data by surveillance cameras requires active forensic methods such as signatures, otherwise authenticity and integrity can be comprised and data becomes unusable e. g. for legal evidence. But a simple file- or stream-signature loses its validity when the stream is cut in parts or by separating data and signature. Using the principles of security in distributed systems similar to those of blockchain and distributed ledger technologies (BC/DLT), a chain which consists of the frames of a video which frame hash values will be distributed among a camera sensor network is presented. The backbone of this Framechain within the camera sensor network will be a camera identity concept to ensure accountability, integrity and authenticity according to the extended CIA triad security concept. Modularity by secure sequences, autarky in proof and robustness against natural modulation of data are the key parameters of this new approach. It allows the standalone data and even parts of it to be used as hard evidence.

Balancing utility and differential privacy by shuffling or BUDS is an approach towards crowd sourced, statistical databases, with strong privacy and utility balance using differential privacy theory. Here, a novel algorithm is proposed using one-hot encoding and iterative shuffling with the loss estimation and risk minimization techniques, to balance both the utility and privacy. In this work, after collecting one-hot encoded data from different sources and clients, a step of novel attribute shuffling technique using iterative shuffling (based on the query asked by the analyst) and loss estimation with an updation function and risk minimization produces a utility and privacy balanced differential private report. During empirical test of balanced utility and privacy, BUDS produces ε = 0.02 which is a very promising result. Our algorithm maintains a privacy bound of ε = ln[t/((n1-1)S)] and loss bound of c'\textbackslashtextbareln[t/((n1-1)S)]-1\textbackslashtextbar.

VANET plays a vital role to optimize the journey between source and destination in the growth of smart cities worldwide. The crucial information shared between vehicles is concerned primarily with safety. VANET is a MANET sub-class network that provides a free movement and communication between the RSU and vehicles. The self organized with high mobility in VANET makes any vehicle can transmit malicious messages to some other vehicle in the network. In the defense horizon of VANETs this is a matter of concern. It is the duty of RSU to ensure the safe transmission of sensitive information across the Network to each node. For this, network access exists as the key safety prerequisite, and several risks or attacks can be experienced. The VANETs is vulnerable to a range of security attacks including masquerading, selfish node attack, Sybil attack etc. One of the main threats to network access is this Denial of Service attack. The most important research in the literature on the prevention of Denial of Service Attack in VANETs was explored in this paper. The limitations of each reviewed paper are also presented and Game theory based security model is defined in this paper.

Neural Network Physical Unclonable Function (NN-PUF) has been proposed for the secure implementation of Edge AI. This study evaluates the tamper resistance of NN-PUF against machine learning attacks. The machine learning attack in this study learns CPRs using deep learning. As a result of the evaluation experiment, the machine learning attack predicted about 82% for CRPs. Therefore, this study revealed that NN-PUF is vulnerable to machine learning attacks.

System safety and cyber security have a great effect on the availability of devices that are interconnected. With the rising interconnection of critical infrastructures new risks occur, which have to be detected and warded. Therefore, attack vectors are defined to determine deviations to the nominal values of a cyber-physical system in this paper. Through an elaborated cyber security concept, the tasks of a simple motor protecting switch and additional tasks to detect cyber-attacks can be implemented. The simulative result of an exemplary overvoltage shows the impact on the RMS and phase voltages of a monitored drive.

YARA rules utilises string or pattern matching to perform malware analysis and is one of the most effective methods in use today. However, its effectiveness is dependent on the quality and quantity of YARA rules employed in the analysis. This can be managed through the rule optimisation process, although, this may not necessarily guarantee effective utilisation of YARA rules and its generated findings during its execution phase, as the main focus of YARA rules is in determining whether to trigger a rule or not, for a suspect sample after examining its rule condition. YARA rule conditions are Boolean expressions, mostly focused on the binary outcome of the malware analysis, which may limit the optimised use of YARA rules and its findings despite generating significant information during the execution phase. Therefore, this paper proposes embedding fuzzy rules with YARA rules to optimise its performance during the execution phase. Fuzzy rules can manage imprecise and incomplete data and encompass a broad range of conditions, which may not be possible in Boolean logic. This embedding may be more advantageous when the YARA rules become more complex, resulting in multiple complex conditions, which may not be processed efficiently utilising Boolean expressions alone, thus compromising effective decision-making. This proposed embedded approach is applied on a collected malware corpus and is tested against the standard and enhanced YARA rules to demonstrate its success.

Fast and high-quality network flow hashing is an essential operation in many high-speed network systems such as network monitoring probes. We propose a multi-objective evolutionary design method capable of evolving hash functions for IPv4 and IPv6 flow hashing. Our approach combines Cartesian genetic programming (CGP) with Non-dominated sorting genetic algorithm II (NSGA-II) and aims to optimize not only the quality of hashing, but also the execution time of the hash function. The evolved hash functions are evaluated on real data sets collected in computer network and compared against other evolved and conventionally created hash functions.

We use potential fields tuned by genetic algorithms to dynamically reconFigure unmanned aerial vehicles networks to serve user bandwidth needs. Such flying network base stations have applications in the many domains needing quick temporary networked communications capabilities such as search and rescue in remote areas and security and defense in overwatch and scouting. Starting with an initial deployment that covers an area and discovers how users are distributed across this area of interest, tuned potential fields specify subsequent movement. A genetic algorithm tunes potential field parameters to reposition UAVs to create and maintain a mesh network that maximizes user bandwidth coverage and network lifetime. Results show that our evolutionary adaptive network deployment algorithm outperforms the current state of the art by better repositioning the unmanned aerial vehicles to provide longer coverage lifetimes while serving bandwidth requirements. The parameters found by the genetic algorithm on four training scenarios with different user distributions lead to better performance than achieved by the state of the art. Furthermore, these parameters also lead to superior performance in three never before seen scenarios indicating that our algorithm finds parameter values that generalize to new scenarios with different user distributions.

In this paper, a generic model for a differential stripline is created using machine learning (ML) based regression analysis. A recursive approach of creating various inputs is adapted instead of traditional design of experiments (DoE) approach. This leads to reduction of number of simulations as well as control the data points required for performing simulations. The generic model is developed using 48 simulations. It is comparable to the linear regression model, which is obtained using 1152 simulations. Additionally, a tabular W-element model of a differential stripline is used to take into consideration the frequency-dependent dielectric loss. In order to demonstrate the expandability of this approach, the methodology was applied to two differential pairs of striplines in the frequency range of 10 MHz to 20 GHz.

Wireless Personal Area Network is widely used in day to day life. It might be a static or dynamic environment. As the density of the nodes increases it becomes difficult to handle the situation. The need of multiple sensor node technology in a desired environment without congestion is required. The use of autonomic network provides one such solution. The autonomicity combines the local automate and address agnostic features that controls the congestion resulting in improved throughput, fault tolerance and also with unicast and multicast packets delivery. The algorithm LA based ANA in a Bluetooth based dynamic environment provide 20% increase in throughput compared with LACAS based Wireless Sensor Network. The LA based ANA leads with 10% lesser fault tolerance levels and extended unicast and multi-cast packet delivery.

The IPv6 over Low-power Wireless Personal Area Network (6LoWPAN) has been standardized to support IP over lossy networks. RPL (Routing Protocol for Low-Power and Lossy Networks) is the common routing protocol for 6LoWPAN. Among various attacks on RPL-based networks, the wormhole attack may cause severe network disruption and is one of the hardest to detect. We have designed and implemented in ContikiOS a wormhole detection technique for 6LoWPAN, that uses round-trip times and hop counts. In addition, the performance of this technique has been evaluated in terms of power, CPU, memory, and communication overhead.

In the past decade, the Machine Learning (ML) and Deep learning (DL) has produced much research interest in the society and attracted them. Now-a-days, the Internet and social life make a lead in most of their life but it has serious social threats. It is a challenging thing to protect the sensitive information, data network and the computers which are in unauthorized cyber-attacks. For protecting the data's we need the cyber security. For these problems, the recent technologies of Deep learning and Machine Learning are integrated with the cyber-attacks to provide the solution for the problems. This paper gives a synopsis of utilizing deep learning to enhance the security of cyber world and various challenges in integrating deep learning into cyber security are analyzed.

The exchange of data has expanded utilizing the web nowadays, but it is not dependable because, during communication on the cloud, any malicious client can alter or steal the information or misuse it. To provide security to the data during transmission is becoming hot research and quite challenging topic. In this work, our proposed algorithm enhances the security of the keys by increasing its complexity, so that it can't be guessed, breached or stolen by the third party and hence by this, the data will be concealed while sending between the users. The proposed algorithm also provides more security and authentication to the users during cloud communication, as compared to the previously existing algorithm.

In the present scenario, security is the biggest concern in any domain of applications. The latest and widely used system for user authentication is a biometric system. This includes fingerprint recognition, retina recognition, and voice recognition. But these systems can be bypassed by masqueraders. To avoid this, a combination of these systems is used which becomes very costly. To overcome these two drawbacks keystroke dynamics were introduced in this field. Keystroke dynamics is a biometric authentication-based system on behavior, which is an automated method in which the identity of an individual is identified and confirmed based on the way and the rhythm of passwords typed on a keyboard by the individual. The work in this paper focuses on identifying the best algorithm for implementing an authentication system with the help of machine learning for user identification based on keystroke dynamics. Our proposed model which uses XGBoost gives a comparatively higher accuracy of 93.59% than the other algorithms for the dataset used.

Zigbee network security relies on symmetric cryptography based on a pre-shared secret. In the current Zigbee protocol, the network coordinator creates a network key while establishing a network. The coordinator then shares the network key securely, encrypted under the pre-shared secret, with devices joining the network to ensure the security of future communications among devices through the network key. The pre-shared secret, therefore, needs to be installed in millions or more devices prior to deployment, and thus will be inevitably leaked, enabling attackers to compromise the confidentiality and integrity of the network. To improve the security of Zigbee networks, we propose a new certificate-less Zigbee joining protocol that leverages low-cost public-key primitives. The new protocol has two components. The first is to integrate Elliptic Curve Diffie-Hellman key exchange into the existing association request/response messages, and to use this key both for link-to-link communication and for encryption of the network key to enhance privacy of user devices. The second is to improve the security of the installation code, a new joining method introduced in Zigbee 3.0 for enhanced security, by using public key encryption. We analyze the security of our proposed protocol using the formal verification methods provided by ProVerif, and evaluate the efficiency and effectiveness of our solution with a prototype built with open source software and hardware stack. The new protocol does not introduce extra messages and the overhead is as lows as 3.8% on average for the join procedure.

The new generation of digital services are natively conceived as an ordered set of Virtual Network Functions, deployed across boundaries and organizations. In this context, security threats, variable network conditions, computational and memory capabilities and software vulnerabilities may significantly weaken the whole service chain, thus making very difficult to combat the newest kinds of attacks. It is thus extremely important to conceive a flexible (and standard-compliant) framework able to attest the trustworthiness and the reliability of each single function of a Service Function Chain. At the time of this writing, and to the best of authors knowledge, the scientific literature addressed all of these problems almost separately. To bridge this gap, this paper proposes a novel methodology, properly tailored within the ETSI-NFV framework. From one side, Software-Defined Controllers continuously monitor the properties and the performance indicators taken from networking domains of each single Virtual Network Function available in the architecture. From another side, a high-level orchestrator combines, on demand, the suitable Virtual Network Functions into a Service Function Chain, based on the user requests, targeted security requirements, and measured reliability levels. The paper concludes by further explaining the functionalities of the proposed architecture through a use case.