Biblio

With the rapid development of Internet technologies, emerging network environments have been discussed, such as Internet of Things. In this manuscript, we proposed a novel subset predicate encryption for the access control in Internet of Things. Compared with the existing subset predicate encryption schemes, the proposed scheme enjoy the better efficiency due to the short private key and the efficient decryption procedure.

Thanks to advances in network architecture with Software-Defined Networking (SDN) paradigm, there are various approaches for eliminating attack surface in the largescale networks relied on the essence of the SDN principle. They are ranging from intrusion detection to moving target defense, and cyber deception that leverages the network programmability. Therein, cyber deception is considered as a proactive defense strategy for the usual network operation since it makes attackers spend more time and effort to successfully compromise network systems. In this paper, we concentrate on reconnaissance attacks in SDN-enabled networks to collect the sensitive information for hackers to conduct further attacks. In more details, we introduce SDNRecon tool to perform reconnaissance attacks, which can be useful in evaluating cyber deception techniques deployed in SDN-aware networks.

Software Defined Networking (SDN) is an innovative technology, which can be applied in a plethora of applications and areas. Recently, SDN has been identified as one of the most promising solutions for industrial applications as well. The key features of SDN include the decoupling of the control plane from the data plane and the programmability of the network through application development. Researchers are looking at these features in order to enhance the Quality of Service (QoS) provisioning of modern network applications. To this end, the following work presents the development of an SDN application, capable of mitigating attacks and maximizing the network’s QoS, by implementing mixed integer linear programming but also using genetic algorithms. Furthermore, a low-cost, physical SDN testbed was developed in order to evaluate the aforementioned application in a more realistic environment other than only using simulation tools.

Drone based applications have progressed significantly in recent years across many industries, including agriculture. This paper proposes a sporadically connected cyber-physical system for assisting winemakers and minimizing the travel time to remote and poorly connected infrastructures. A set of representative diseases and conditions, which will be monitored by land-bound sensors in combination with multispectral images, is identified. To collect accurate data, a trustworthy and secured communication of the drone with the sensors and the base station should be established. We propose to use an Internet of Things framework for establishing a chain of trust by securely onboarding drones, sensors and base station, and providing self-adaptation support for the use case. Furthermore, we perform a security analysis of the use case for identifying potential threats and security controls that should be in place for mitigating them.

Security is the key concern, which allows safe communication between any two mobile nodes in an unfavorable environment. Wireless Ad Hoc can be unsecured against attacks by means of malicious nodes. Hence this study assesses the influence of wormhole attacks on Mobile Ad Hoc network (MANET) system that is evaluated and validated based on the QualNet simulator. The MANET performance is investigated utilizing the wormhole attacks. The simulation is performed on Mobile node's network layer and data link layer in the WANET (wireless Ad Hoc network). The MANET performance was examined using “what-if” analyses too. Results showed that for security purposes, it is indeed necessary to assess the Mobile Ad Hoc node deployment.

To improve efficiency and resource usage in data retrieval, an Internet of Things (IoT) search engine organizes a vast amount of scattered data and responds to client queries with processed results. Machine learning provides a deep understanding of complex patterns and enables enhanced feedback to users through well-trained models. Nonetheless, machine learning models are prone to adversarial attacks via the injection of elaborate perturbations, resulting in subverted outputs. Particularly, adversarial attacks on time-series data demand urgent attention, as sensors in IoT systems are collecting an increasing volume of sequential data. This paper investigates adversarial attacks on time-series analysis in an IoT search engine (IoTSE) system. Specifically, we consider the Long Short-Term Memory (LSTM) Recurrent Neural Network (RNN) as our base model, implemented in a simulated federated learning scheme. We propose the Federated Adversarial Learning for IoT Search Engine (FALIoTSE) that exploits the shared parameters of the federated model as the target for adversarial example generation and resiliency. Using a real-world smart parking garage dataset, the impact of an attack on FALIoTSE is demonstrated under various levels of perturbation. The experiments show that the training error increases significantly with noises from the gradient.

As the traditional grids are transitioning to the smart grid, they are getting more prone to cyber-attacks. Among all the cyber-attack one of the most dangerous attack is false data injection attack. When this attack is performed with historical information of the data packet the attack goes undetected. As the false data is included for training and testing the model, the accuracy is decreased, and decision making is affected. In this paper we analyzed the impact of the false data injection attack(FDIA) on AI based smart grid. These analyses were performed using two different multi-layer perceptron architectures with one of the independent variables being compared and modified by the attacker. The root-mean squared values were compared with different models.

With the evolution of the communication technology, fast and efficient tools for secure exchanged data are highly required. Through this research work, we introduce a simplified and fast chaos-based scheme for multimedia data encryption and in particular for color image encryption application. The new algorithm is based on an extracted four-dimension (4-D) discrete time map. The proposed 4-D chaos system includes seven (07) nonlinear terms and four (04) controllers to generate a robust chaos that can satisfy the encryption requirements. The performance of this image encryption algorithm are analyzed with the help of four important factors which are key space, correlation, complexity and running time. Results of the security analysis compared to some of similar proposals, show that our encryption scheme is more effective in terms of key stream cipher space, correlation, complexity and running time.

A comparative analysis of the classical and approximation methods of spectral analysis of fast-variable processes in technical systems is carried out. It is shown that the approximation methods make it possible to substantially remove the contradiction between the requirements for spectrum smoothing and its frequency resolution. On practical examples of vibroacoustic signals, the effectiveness of approximation methods is shown. The Prony method was used to process the time series. The interactive frequency segmentation method and the direct identification method were used for approximation and frequency characteristics.

Modern Industrial Automation & Control Systems (IACS) are essential part of the critical infrastructures and services. They are used in health, power, water, and transportation systems, and the impact of cyberattacks on IACS could be severe, resulting, for example, in damage to the environment, public or employee safety or health. Thus, building IACS safe and secure against cyberattacks is extremely important. The attacker model is one of the key elements in risk assessment and other security related information system management tasks. The aim of the study is to specify the attacker's profile based on the analysis of network and system events. The paper presents an approach to the selection of attacker's profile attributes from raw network and system events of the Linux OS. To evaluate the approach the experiments were performed on data collected within the Global CPTC 2019 competition.

We are attending a severe zero-day cyber attacks. Machine learning based anomaly detection is definitely the most efficient defence in depth approach. It consists to analyzing the network traffic in order to distinguish the normal behaviour from the abnormal one. This approach is usually implemented in a central server where all the network traffic is analyzed which can rise privacy issues. In fact, with the increasing adoption of Cloud infrastructures, it is important to reduce as much as possible the outsourcing of such sensitive information to the several network nodes. A better approach is to ask each node to analyze its own data and then to exchange its learning finding (model) with a coordinator. In this paper, we investigate the application of federated learning for network-based intrusion detection. Our experiment was conducted based on the C ICIDS2017 dataset. We present a f ederated learning on a deep learning algorithm C NN based on model averaging. It is a self-learning system for detecting anomalies caused by malicious adversaries without human intervention and can cope with new and unknown attacks without decreasing performance. These experimentation demonstrate that this approach is effective in detecting intrusion.

This paper presents a management system for a fleet of autonomous mobile robots performing logistics in security-heterogeneous factories. Loading and unloading goods and parts between workstations in these dynamic environments often demands from the mobile robots to share space and resources such as corridors, interlocked security doors and elevators among themselves. This model explores a dynamic task scheduling and assignment to the robots taking into account their location, tasks previously assigned and battery levels, all the while being aware of the physical constraints of the installation. The benefits of the proposed architecture were validated through a set of experiments in a mockup of INCM's shop-floor environment. During these tests 3 robots operated continuously for several hours, self-charging without any human intervention.

Electromagnetic emissions associated with the transmission of automotive controller area network (CAN) messages within a passenger car have been analysed and used to reconstruct the original CAN messages. Concurrent monitoring of the CAN traffic via a wired connection to the vehicle OBD-II port was used to validate the effectiveness of the reconstruction process. These results confirm the feasibility of reconstructing in-vehicle network data for forensic purposes, without the need for wired access, at distances of up to 1 m from the vehicle by using magnetic field measurements, and up to 3 m using electric field measurements. This capability has applications in the identification and resolution of EMI issues in vehicle data network, as well as possible implications for automotive cybersecurity.

Cyber-Physical systems (CPSs) are exposed to cyber- physical attacks, i.e., security breaches in cyberspace that adversely affect the physical processes of the systems.We define two probabilistic metrics to estimate the physical impact of attacks targeting cyber-physical systems formalised in terms of a probabilistic hybrid extension of Hennessy and Regan's Timed Process Language. Our impact metrics estimate the impact of cyber-physical attacks taking into account: (i) the severity of the inflicted damage in a given amount of time, and (ii) the probability that these attacks are actually accomplished, according to the dynamics of the system under attack. In doing so, we pay special attention to stealthy attacks, i. e., attacks that cannot be detected by intrusion detection systems. As further contribution, we show that, under precise conditions, our metrics allow us to estimate the impact of attacks targeting a complex CPS in a compositional way, i.e., in terms of the impact on its sub-systems.

Network intrusion detection systems (NIDS) are widely used solutions targeting the security of any network device connected to the Internet and are taking the lead in the battle against intruders. This paper addresses the network security issues by implementing a hardware-based NIDS solution with a Naïve Bayes machine learning (ML) algorithm for classification using NSL Knowledge Discovery in Databases (KDD) dataset. The proposed FPGA implementation of the Naive Bayes classifier focuses on low latency and provides intrusion detection in just 240ns, with accuracy/precision of 70/97%, occupying 1 % of the Virtex7 VC709 FPGA chip area.

In today's world, there is rapid progress in the field of artificial intelligence and image captioning. It becomes a fascinating task that has saw widespread interest. The task of image captioning comprises image description engendered based on the hybrid combination of deep learning, natural language processing, and various approaches of machine learning and computer vision. In this work authors emphasize on how the model generates a short description as an output of the input image using the functionalities of Deep Learning and Natural Language Processing, for helping visually impaired people, and can also be cast-off in various web sites to automate the generation of captions reducing the task of recitation with great ease.

This article considers the group consistency of second-order MAS with directly connected spanning tree communication topology. Because the MAS is divided into several groups, we proposed a group consistency control method based on intermittent control, and the range of parameters is given when the system achieves consensus. The protocol can realize periodic control and reduce the working hours of the controller in period. Furthermore, the group consistency of MAS is turn to the stability analysis of error, and a group consistency protocol of MAS with time-delays is designed. Finally, two examples are used for verify the theory.

Recently, with the spread of Internet of Things (IoT) devices, embedded hardware devices have been used in a variety of everyday electrical items. Due to the increased demand for embedded hardware devices, some of the IC design and manufacturing steps have been outsourced to third-party vendors. Since malicious third-party vendors may insert malicious circuits, called hardware Trojans, into their products, developing an effective hardware Trojan detection method is strongly required. In this paper, we propose 25 hardware-Trojan features based on the structure of trigger circuits for machine-learning-based hardware Trojan detection. Combining the proposed features into 11 existing hardware-Trojan features, we totally utilize 36 hardware-Trojan features for classification. Then we classify the nets in an unknown netlist into a set of normal nets and Trojan nets based on the random-forest classifier. The experimental results demonstrate that the average true positive rate (TPR) becomes 63.6% and the average true negative rate (TNR) becomes 100.0%. They improve the average TPR by 14.7 points while keeping the average TNR compared to existing state-of-the-art methods. In particular, the proposed method successfully finds out Trojan nets in several benchmark circuits, which are not found by the existing method.

Mutation-based taint inference (MTI) is a novel technique for taint analysis. Compared with traditional techniques that track propagations of taint tags, MTI infers a variable is tainted if its values change due to input mutations, which is lightweight and conceptually sound. However, there are 3 challenges to its efficiency and scalability: (1) it cannot efficiently record variable values to monitor their changes; (2) it consumes a large amount of memory monitoring variable values, especially on complex programs; and (3) its excessive memory overhead leads to a low hit ratio of CPU cache, which slows down the speed of taint inference. This paper presents an efficient and scalable solution named HashMTI. We first explain the above challenges based on 4 observations. Motivated by these challenges, we propose a hash record scheme to efficiently monitor changes in variable values and significantly reduce the memory overhead. The scheme is based on our specially selected and optimized hash functions that possess 3 crucial properties. Moreover, we propose the DoubleMutation strategy, which applies additional mutations to mitigate the limitation of the hash record and detect more taint information. We implemented a prototype of HashMTI and evaluated it on 18 real-world programs and 4 LAVA-M programs. Compared with the baseline OrigMTI, HashMTI significantly reduces the overhead while having similar accuracy. It achieves a speedup of 2.5X to 23.5X and consumes little memory which is on average 70.4 times less than that of OrigMTI.

Modern electric power systems are complex cyber-physical systems. The integration of traditional power and digital technologies result in interdependencies that need to be considered in risk analysis. In this paper we argue the need for analysis methods that can combine the competencies of various experts in a common analysis focusing on the overall system perspective. We report on our experiences on using the Vulnerability Analysis Framework (VAF) and bow-tie diagrams in a combined analysis of the power and cyber security aspects in a realistic case. Our experiences show that an extended version of VAF with increased support for interdependencies is promising for this type of analysis.

In-browser cryptomining uses the computational power of a website's visitors to mine cryptocurrency, i.e., to create new coins. With the rise of ready-to-use mining scripts distributed by service providers (e.g., Coinhive), it has become trivial to turn a website into a cryptominer by copying and pasting the mining script. Both legitimate webpage owners who want to raise an extra revenue under users' explicit consent and malicious actors who wish to exploit the computational power of the users' computers without their consent have started to utilize this emerging paradigm of cryptocurrency operations. In-browser cryptomining, though mostly abused by malicious actors in practice, is indeed a promising funding model that can be utilized by website owners, publishers, or non-profit organizations for legitimate business purposes, such as to collect revenue or donations for humanitarian projects, inter alia. However, our analysis in this paper shows that in practice, regardless of their being legitimate or not, all in-browser mining scripts are treated the same as malicious cryptomining samples (aka cryptojacking) and blacklisted by browser extensions or antivirus programs. Indeed, there is a need for a better understanding of the in-browser cryptomining ecosystem. Hence, in this paper, we present an in-depth empirical analysis of in-browser cryptomining processes, focusing on the samples explicitly asking for user consent, which we call permissioned cryptomining. To the best of our knowledge, this is the first study focusing on the permissioned cryptomining samples. For this, we created a dataset of 6269 unique web sites containing cryptomining scripts in their source codes to characterize the in-browser cryptomining ecosystem by differentiating permissioned and permissionless cryptomining samples. We believe that (1) this paper is the first attempt showing that permissioned in-browser cryptomining could be a legitimate and viable monetization tool if implemented responsibly and without interrupting the user, and (2) this paper will catalyze the widespread adoption of legitimate crvptominina with user consent and awareness.

This paper presents a design concept of an innovative CAPTCHA that can filter the color-vision–recognition states of different users. It can simultaneously verify the real-human-user identity, differentiate between the color-vision needs, and decide the content to be presented automatically.

This paper provides an overview of the security service controls that are applied in a big data processing (BDP) system to defend against cyber security attacks. We validate this approach by modeling attacks and effectiveness of security service controls in a sequence of states and transitions. This Finite State Machine (FSM) approach uses the probable effectiveness of security service controls, as defined in the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF). The attacks used in the model are defined in the ATT&CK™ framework. Five different BDP security architecture configurations are considered, spanning from a low-cost default BDP configuration to a more expensive, industry supported layered security architecture. The analysis demonstrates the importance of a multi-layer approach to implementing security in BDP systems. With increasing interest in using BDP systems to analyze sensitive data sets, it is important to understand and justify BDP security architecture configurations with their significant costs. The output of the model demonstrates that over the run time, larger investment in security service controls results in significantly more uptime. There is a significant increase in uptime with a linear increase in security service control investment. We believe that these results support our recommended BDP security architecture. That is, a layered architecture with security service controls integrated into the user interface, boundary, central management of security policies, and applications that incorporate privacy preserving programs. These results enable making BDP systems operational for sensitive data accessed in a multi-tenant environment.

Plagiarism is the act of using someone else’s words or ideas without giving them due credit and representing it as one’s own work. In today's world, it is very easy to plagiarize others' work due to advancement in technology, especially by the use of the Internet or other offline sources such as books or magazines. Plagiarism can be classified into two broad categories on the basis of detection namely extrinsic and intrinsic plagiarism. Extrinsic plagiarism detection refers to detecting plagiarism in a document by comparing it against a given reference dataset, whereas, Intrinsic plagiarism detection refers to detecting plagiarism with the help of variation in writing styles without using any reference corpus. Although there are many approaches which can be adopted to detect extrinsic plagiarism, few are available for intrinsic plagiarism detection. In this paper, a simplified approach is proposed for developing an intrinsic plagiarism detector which is helpful in detecting plagiarism even when no reference corpus is available. The approach deals with development of an intrinsic plagiarism detection system by identifying the writing style of authors in the document using stylometric features and Density-Based Spatial Clustering of Applications with Noise (DBSCAN) clustering. The proposed system has an easy to use interactive interface where user has to upload a text document to be checked for plagiarism and the result is displayed on the web page itself. In addition, the user can also see the analysis of the document in the form of graphs.

The network output activation values for a given input can be employed to produce a sorted ranking. Adversarial attacks typically generate the least amount of perturbation required to change the classifier label. In that sense, generated adversarial attack perturbation only affects the output in the 1st sorted ranking position. We argue that meaningful information about the adversarial examples i.e., their original labels, is still encoded in the network output ranking and could potentially be extracted, using rule-based reasoning. To this end, we introduce a novel adversarial attack methodology inspired by the K-anonymity principles, that generates adversarial examples that are not only misclassified, but their output sorted ranking spreads uniformly along K different positions. Any additional perturbation arising from the strength of the proposed objectives, is regularized by a visual similarity-based term. Experimental results denote that the proposed approach achieves the optimization goals inspired by K-anonymity with reduced perturbation as well.