Biblio

This paper offers a comparative vector assessment of DDoS and disinformation attacks. The assessed dimensions are as follows: (1) the threat agent, (2) attack vector, (3) target, (4) impact, and (5) defense. The results revealed that disinformation attacks, anchoring on astroturfs, resemble DDoS’s zombie computers in their method of amplification. Although DDoS affects several layers of the OSI model, disinformation attacks exclusively affect the application layer. Furthermore, even though their payloads and objectives are different, their vector paths and network designs are very similar. This paper, as its conclusion, strongly recommends the classification of disinformation as an actual cybersecurity threat to eliminate the inconsistencies in policies in social networking platforms. The intended target audiences of this paper are IT and cybersecurity experts, computer and information scientists, policymakers, legal and judicial scholars, and other professionals seeking references on this matter.

Internet technology has made surveillance widespread and access to resources at greater ease than ever before. This implied boon has countless advantages. It however makes protecting privacy more challenging for the greater masses, and for the few hacktivists, supplies anonymity. The ever-increasing frequency and scale of cyber-attacks has not only crippled private organizations but has also left Law Enforcement Agencies(LEA's) in a fix: as data depicts a surge in cases relating to cyber-bullying, ransomware attacks; and the force not having adequate manpower to tackle such cases on a more microscopic level. The need is for a tool, an automated assistant which will help the security officers cut down precious time needed in the very first phase of information gathering: reconnaissance. Confronting the surface web along with the deep and dark web is not only a tedious job but which requires documenting the digital footprint of the perpetrator and identifying any Indicators of Compromise(IOC's). TORSION which automates web reconnaissance using the Open Source Intelligence paradigm, extracts the metadata from popular indexed social sites and un-indexed dark web onion sites, provided it has some relating Intel on the target. TORSION's workflow allows account matching from various top indexed sites, generating a dossier on the target, and exporting the collected metadata to a PDF file which can later be referenced.

The achievable bandwidth in ladder acoustic filters is strictly limited by the electromechanical coupling coefficient (k;) in conventional ladder-acoustic filters. Furthermore, their out-of-band rejection is inherently weak due to the frequency responses of the shunt or series-connected acoustic resonators. This work proposes a coupling-matrix-based solution for both issues by employing acoustic and electromagnetic resonators within the same filter prototype using prescribed Chebyshev responses. It has been shown that significantly much wider bandwidths, that cannot be achieved with acoustic-only filters, can be obtained. An important strength of the proposed method is that a filter with a particular FBW can be designed with a wide range of acoustic resonators with different k; values. An 14 % third-order asymmetrical-response filter is designed and fabricated using electromagnetic resonators and an acoustic resonator with a k; of 3.5 %.

At the end of the IT Security degree program a simulation game is conducted to repeat and consolidate the core skills of a Bachelor’s graduate. The focus is not on teaching content, but on the application of already learned skills. The scenario shows the students the risks of a completely networked world, which has come to a complete standstill due to a catastrophe. The participants occupy in groups the predefined companies, which are assigned with the reconstruction of the communication infrastructure (the internet). This paper describes the preparation, technical and organizational implementation of the. Also, the most important conclusions drawn by the authors.

As autonomous service robots will become increasingly ubiquitous in our daily lives, human-robot conflicts will become more likely when humans and robots share the same spaces and resources. This thesis investigates the conflict resolution of robots and humans in everyday conflicts in the domestic and public context. Hereby, the acceptability, trustworthiness, and effectiveness of verbal and non-verbal strategies for the robot to solve the conflict in its favor are evaluated. Based on the assumption of the Media Equation and CASA paradigm that people interact with computers as social actors, robot conflict resolution strategies from social psychology and human-machine interaction were derived. The effectiveness, acceptability, and trustworthiness of those strategies were evaluated in online, virtual reality, and laboratory experiments. Future work includes determining the psychological processes of human-robot conflict resolution in further experimental studies.

Injection attack is one of the best 10 security dangers declared by OWASP. SQL infusion is one of the main types of attack. In light of their assorted and quick nature, SQL injection can detrimentally affect the line, prompting broken and public data on the site. Therefore, this article presents a profound woodland-based technique for recognizing complex SQL attacks. Research shows that the methodology we use resolves the issue of expanding and debasing the first condition of the woodland. We are currently presenting the AdaBoost profound timberland-based calculation, which utilizes a blunder level to refresh the heaviness of everything in the classification. At the end of the day, various loads are given during the studio as per the effect of the outcomes on various things. Our model can change the size of the tree quickly and take care of numerous issues to stay away from issues. The aftereffects of the review show that the proposed technique performs better compared to the old machine preparing strategy and progressed preparing technique.

Temporal Knowledge Graph Embedding (TKGE) is an extensible (continuous vector space) time-sensitive data structure (tree) and is used to predict future event given historical events. An event consists of current state of a knowledge (subject), and a transition (predicate) that morphs the knowledge to the next state (object). The prediction is accomplished when the historical event data conform to structural model of Temporal Points Processes (TPP), followed by processing it by the behavioral model of Conditional Intensity Function (CIF). The formidable challenge in constructing and maintaining a TKGE is to ensure absence of cycles when historical event data are formed/structured as logical paths. Variations of depth-first search (DFS) are used in constructing TKGE albeit with the challenge of maintaining it as a cycle-free structure. This article presents a simple (tradeoff-based) design that creates and maintains a single-rooted isolated-paths TKGE: ipTKGE. In ipTKGE, isolated-paths have their own (local) roots. The local roots trigger the break down of the traditionally-constructed TKGE into isolated (independent) paths alleviating the necessity for using DFS - or its variational forms. This approach is possible at the expense of subject/objec t and predicates redun-dancies in ipTKGE. Isolated-paths allow for simpler algorithmic detection and avoidance of potential cycles in TKGE.

Ant Colony Optimization is applied to design a suitable and shortest route between the starting node point and the end node point in the Wireless Sensor Network (WSN). In general ant colony algorithm plays a good role in path planning process that can also applied in improving the network security. Therefore to protect the network from the malicious nodes an ACO based Dynamic Key Management (ACO-DKM) scheme is proposed. The routes are diagnosed through ACO method also the actual coverage distance and pheromone updating strategy is updated simultaneously that prevents the node from continuous monitoring. Simulation analysis gives the efficiency of the proposed scheme.

Community question answering (CQA) websites have become very popular platforms attracting numerous participants to share and acquire knowledge and information in Internet However, with the rapid growth of crowdsourcing systems, many malicious users organize collusive attacks against the CQA platforms for promoting a target (product or service) via posting suggestive questions and deceptive answers. These manipulate deceptive contents, aggregating into multiple collusive questions and answers (Q&As) spam groups, can fully control the sentiment of a target and distort the decision of users, which pollute the CQA environment and make it less credible. In this paper, we propose a Pattern and Burstiness based Collusive Q&A Spam Detection method (PBCSD) to identify the deceptive questions and answers. Specifically, we intensively study the campaign process of crowdsourcing tasks and summarize the clues in the Q&As’ vocabulary usage level when collusive attacks are launched. Based on the clues, we extract the Q&A groups using frequent pattern mining and further purify them by the burstiness on posting time of Q&As. By designing several discriminative features at the Q&A group level, multiple machine learning based classifiers can be used to judge the groups as deceptive or ordinary, and the Q&As in deceptive groups are finally identified as collusive Q&A spam. We evaluate the proposed PBCSD method in a real-world dataset collected from Baidu Zhidao, a famous CQA platform in China, and the experimental results demonstrate the PBCSD is effective for collusive Q&A spam detection and outperforms a number of state-of-art methods.

Robot co-workers, like human co-workers, make mistakes that undermine trust. Yet, trust is just as important in promoting human-robot collaboration as it is in promoting human-human collaboration. In addition, individuals can signif-icantly differ in their attitudes toward robots, which can also impact or hinder their trust in robots. To better understand how individual attitude can influence trust repair strategies, we propose a theoretical model that draws from the theory of cognitive dissonance. To empirically verify this model, we conducted a between-subjects experiment with 100 participants assigned to one of four repair strategies (apologies, denials, explanations, or promises) over three trust violations. Individual attitudes did moderate the efficacy of repair strategies and this effect differed over successive trust violations. Specifically, repair strategies were most effective relative to individual attitude during the second of the three trust violations, and promises were the trust repair strategy most impacted by an individual's attitude.

Domestic service robots become increasingly prevalent and autonomous, which will make task priority conflicts more likely. The robot must be able to effectively and appropriately negotiate to gain priority if necessary. In previous human-robot interaction (HRI) studies, imitating human negotiation behavior was effective but long-term effects have not been studied. Filling this research gap, an interactive online study (\$N=103\$) with two sessions and six trials was conducted. In a conflict scenario, participants repeatedly interacted with a domestic service robot that applied three different conflict resolution strategies: appeal, command, diminution of request. The second manipulation was reinforcement (thanking) of compliance behavior (yes/no). This led to a 3×2×6 mixed-subject design. User acceptance, trust, user compliance to the robot, and self-reported compliance to a household member were assessed. The diminution of a request combined with positive reinforcement was the most effective strategy and perceived trustworthiness increased significantly over time. For this strategy only, self-reported compliance rates to the human and the robot were similar. Therefore, applying this strategy potentially seems to make a robot equally effective as a human requester. This paper contributes to the design of acceptable and effective robot conflict resolution strategies for long-term use.

The increasing use of Information Technology applications in the distributed environment is increasing security exploits. Information about vulnerabilities is also available on the open web in an unstructured format that developers can take advantage of to fix vulnerabilities in their IT applications. SQL injection (SQLi) attacks are frequently launched with the objective of exfiltration of data typically through targeting the back-end server organisations to compromise their customer databases. There have been a number of high profile attacks against large enterprises in recent years. With the ever-increasing growth of online trading, it is possible to see how SQLi attacks can continue to be one of the leading routes for cyber-attacks in the future, as indicated by findings reported in OWASP. Various machine learning and deep learning algorithms have been applied to detect and prevent these attacks. However, such preventive attempts have not limited the incidence of cyber-attacks and the resulting compromised database as reported by (CVE) repository. In this paper, the potential of using data mining approaches is pursued in order to enhance the efficacy of SQL injection safeguarding measures by reducing the false-positive rates in SQLi detection. The proposed approach uses CountVectorizer to extract features and then apply various supervised machine-learning models to automate the classification of SQLi. The model that returns the highest accuracy has been chosen among available models. Also a new model has been created PALOSDM (Performance analysis and Iterative optimisation of the SQLI Detection Model) for reducing false-positive rate and false-negative rate. The detection rate accuracy has also been improved significantly from a baseline of 94% up to 99%.

For designing the interaction with robots in healthcare scenarios, understanding how trust develops in such situations characterized by vulnerability and uncertainty is important. The goal of this study was to investigate how technology-related user dispositions, anxiety, and robot characteristics influence trust. A second goal was to substantiate the association between hospital patients' trust and their intention to use a transport robot. In an online study, patients, who were currently treated in hospitals, were introduced to the concept of a transport robot with both written and video-based material. Participants evaluated the robot several times. Technology-related user dispositions were found to be essentially associated with trust and the intention to use. Furthermore, hospital patients' anxiety was negatively associated with the intention to use. This relationship was mediated by trust. Moreover, no effects of the manipulated robot characteristics were found. In conclusion, for a successful implementation of robots in hospital settings patients' individual prior learning history - e.g., in terms of existing robot attitudes - and anxiety levels should be considered during the introduction and implementation phase.

All of us are familiar with the importance of social media in facilitating communication. e-mail is one of the safest social media platforms for online communications and information transfer over the internet. As of now, many people rely on email or communications provided by strangers. Because everyone may send emails or a message, spammers have a great opportunity to compose spam messages about our many hobbies and passions, interests, and concerns. Our internet speeds are severely slowed down by spam, which also collects personal information like our phone numbers from our contact list. There is a lot of work involved in identifying these fraudsters and also identifying spam content. Email spam refers to the practice of sending large numbers of messages via email. The recipient bears the bulk of the cost of spam, therefore it's practically free advertising. Spam email is a form of commercial advertising for hackers that is financially viable due of the low cost of sending email. Anti-spam filters have become increasingly important as the volume of unwanted bulk e-mail (also spamming) grows. We can define a message, if it is a spam or not using this proposed model. Machine learning algorithms can be discussed in detail, and our data sets will be used to test them all, with the goal of identifying the one that is most accurate and precise in its identification of email spam. Society of machine learning techniques for detecting unsolicited mass email and spam.

Intelligent Virtual Agents (IVAs) have become ubiquitous in our daily lives, displaying increased complexity of form and function. Initial IVA development efforts provided basic functionality to suit users' needs, typically in work or educational settings, but are now present in numerous contexts in more realistic, complex forms. In this paper, we focus on personalization of embodied human intelligent virtual agents to assist individuals as part of physical training “exergames”.

Under the situation of regular epidemic prevention and control, teleworking has gradually become a normal working mode. With the development of modern information technologies such as big data, cloud computing and mobile Internet, it's become a problem that how to build an effective security defense system to ensure the information security of teleworking in complex network environment while ensuring the availability, collaboration and efficiency of teleworking. One of the solutions is Zero Trust Network(ZTN), most enterprise infrastructures will operate in a hybrid zero trust/perimeter-based mode while continuing to invest in IT modernization initiatives and improve organization business processes. In this paper, we have systematically studied the zero trust principles, the logical components of zero trust architecture and the key technology of zero trust network. Based on the abstract model of zero trust architecture and information security technologies, a prototype has been realized which suitable for iOS terminals to access enterprise resources safely in teleworking mode.

In the era of Internet usage growth, storage services are widely used where users' can store their data, while hackers techniques pose massive threats to users' data security. The proposed system introduces multiple layers of security where data confidentiality, integrity and availability are achieved using honey encryption, hashed random passwords as well as detecting intruders and preventing them. The used techniques can ensure security against brute force and denial of service attacks. Our proposed methodology proofs the efficiency for storing and retrieving data using honey words and password hashing with less execution time and more security features achieved compared with other systems. Other systems depend on user password leading to easily predict it, we avoid this approach by making the password given to the user is randomly generated which make it unpredictable and hard to break. Moreover, we created a simple user interface to interact with users to take their inputs and store them along with the given password in true database, if an adversary detected, he will be processed as a normal user but with fake information taken from another database called false database, after that, the admin will be notified about this illegitimate access by providing the IP address. This approach will make the admin have continuous detection and ensure availability and confidentiality. Our execution time is efficient as the encryption process takes 244 ms and decryption 229 ms.

Static analyzers have become increasingly popular both as developer tools and as subjects of empirical studies. Whereas static analysis tools exist for disparate programming languages, the bulk of the empirical research has focused on the popular Java programming language. In this paper, we investigate to what extent some known results about using static analyzers for Java change when considering C\#-another popular object-oriented language. To this end, we combine two replications of previous Java studies. First, we study which static analysis tools are most widely used among C\# developers, and which warnings are more commonly reported by these tools on open-source C\# projects. Second, we develop and empirically evaluate EagleRepair: a technique to automatically fix code in response to static analysis warnings; this is a replication of our previous work for Java [20]. Our replication indicates, among other things, that 1) static code analysis is fairly popular among C\# developers too; 2) Re-Sharper is the most widely used static analyzer for C\#; 3) several static analysis rules are commonly violated in both Java and C\# projects; 4) automatically generating fixes to static code analysis warnings with good precision is feasible in C\#. The EagleRepair tool developed for this research is available as open source.

Several excellent devices can communicate without the need for human intervention. It is one of the fastest-growing sectors in the history of computing, with an estimated 50 billion devices sold by the end of 2020. On the one hand, IoT developments play a crucial role in upgrading a few simple, intelligent applications that can increase living quality. On the other hand, the security concerns have been noted to the cross-cutting idea of frameworks and the multidisciplinary components connected with their organization. As a result, encryption, validation, access control, network security, and application security initiatives for gadgets and their inherent flaws cannot be implemented. It should upgrade existing security measures to ensure that the ML environment is sufficiently protected. Machine learning (ML) has advanced tremendously in the last few years. Machine insight has evolved from a research center curiosity to a sensible instrument in a few critical applications.

The distributed energy resources (DERs) have significantly stimulated the development of decentralized energy system and changed the way how the energy system works. In recent years, peer-to-peer (P2P) trading has drawn attention as a promising alternative for prosumers to engage with the energy market more actively, particular by using the emerging blockchain technology. Blockchain can securely hold critical information and store data in blocks linking with chain, providing a desired platform for the P2P energy trading. This paper provides a detailed description of blockchain-enabled P2P energy trading, its essential components, and how it can be implemented within the local energy market An analysis of potential threats during blockchain-enabled P2P energy trading is also performed, which subsequently results in a list of operation and privacy requirements suggested to be implemented in the local energy market.

Cities are becoming increasingly smart as the Internet of Things (IoT) proliferates. With IoT devices interconnected, smart cities can offer novel and ubiquitous services as well as automate many of our daily lives (e.g., smart health, smart home). The abundance in the number of IoT devices leads to divergent types of security threats as well. One of such important attacks is the Distributed Denial of Service attack(DDoS). DDoS attacks have become increasingly common in the internet of things because of the rapid growth of insecure devices. These attacks slow down legitimate network requests. Although DDoS attacks were first reported in 1996, the sophistication of these attacks has increased significantly. In mid-August 2020, a 2 Terabytes per second(TBps) attack targeting critical infrastructure, such as finance, was reported. In the next two years, it is predicted that this number will double to 15 million attacks. Blockchain technology, whose development dates back to the advent of the internet, has become one of the most important advancements to come along since that time. Several applications can use this technology to secure exchanges. Using blockchain to mitigate DDoS attacks is discussed in this survey paper in diverse domains to date. Its purpose is to expose the strengths, weaknesses, and limitations of the different approaches to DDoS mitigation. As a research and development platform for DDoS mitigation, this paper will act as a central hub for a more comprehensive understanding of these approaches.

CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) is an important security technique designed to deter bots from abusing software systems, which has broader applications in cyberspace. CAPTCHAs come in a variety of forms, including the deciphering of obfuscated text, transcribing of audio messages, and tracking mouse movement, among others. This paper focuses on using deep learning techniques to recognize text-based CAPTCHAs. In particular, our work focuses on generating training datasets using different CAPTCHA schemes, along with a pre-processing technique allowing for character-based recognition. We have encapsulated the CRABI (CAPTCHA Recognition with Attached Binary Images) framework to give an image multiple labels for improvement in feature extraction. Using real-world datasets, performance evaluations are conducted to validate the efficacy of our proposed approach on several neural network architectures (e.g., custom CNN architecture, VGG16, ResNet50, and MobileNet). The experimental results confirm that over 90% accuracy can be achieved on most models.

Unmanned Aerial Vehicles (UAVs) are drawing enormous attention in both commercial and military applications to facilitate dynamic wireless communications and deliver seamless connectivity due to their flexible deployment, inherent line-of-sight (LOS) air-to-ground (A2G) channels, and high mobility. These advantages, however, render UAV-enabled wireless communication systems susceptible to eavesdropping attempts. Hence, there is a strong need to protect the wireless channel through which most of the UAV-enabled applications share data with each other. There exist various error correction techniques such as Low Density Parity Check (LDPC), polar codes that provide safe and reliable data transmission by exploiting the physical layer but require high transmission power. Also, the security gap achieved by these error-correction techniques must be reduced to improve the security level. In this paper, we present deep learning (DL) enabled punctured LDPC codes to provide secure and reliable transmission of data for UAVs through the Additive White Gaussian Noise (AWGN) channel irrespective of the computational power and channel state information (CSI) of the Eavesdropper. Numerical result analysis shows that the proposed scheme reduces the Bit Error Rate (BER) at Bob effectively as compared to Eve and the Signal to Noise Ratio (SNR) per bit value of 3.5 dB is achieved at the maximum threshold value of BER. Also, the security gap is reduced by 47.22 % as compared to conventional LDPC codes.

Third-party libraries with rich functionalities facilitate the fast development of JavaScript software, leading to the explosive growth of the NPM ecosystem. However, it also brings new security threats that vulnerabilities could be introduced through dependencies from third-party libraries. In particular, the threats could be excessively amplified by transitive dependencies. Existing research only considers direct dependencies or reasoning transitive dependencies based on reachability analysis, which neglects the NPM-specific dependency resolution rules as adapted during real installation, resulting in wrongly resolved dependencies. Consequently, further fine-grained analysis, such as precise vulnerability propagation and their evolution over time in dependencies, cannot be carried out precisely at a large scale, as well as deriving ecosystem-wide solutions for vulnerabilities in dependencies. To fill this gap, we propose a knowledge graph-based dependency resolution, which resolves the inner dependency relations of dependencies as trees (i.e., dependency trees), and investigates the security threats from vulnerabilities in dependency trees at a large scale. Specifically, we first construct a complete dependency-vulnerability knowledge graph (DVGraph) that captures the whole NPM ecosystem (over 10 million library versions and 60 million well-resolved dependency relations). Based on it, we propose a novel algorithm (DTResolver) to statically and precisely resolve dependency trees, as well as transitive vulnerability propagation paths, for each package by taking the official dependency resolution rules into account. Based on that, we carry out an ecosystem-wide empirical study on vulnerability propagation and its evolution in dependency trees. Our study unveils lots of useful findings, and we further discuss the lessons learned and solutions for different stakeholders to mitigate the vulnerability impact in NPM based on our findings. For example, we implement a dependency tree based vulnerability remediation method (DTReme) for NPM packages, and receive much better performance than the official tool (npm audit fix).

Cyber Attack is the most challenging issue all over the world. Nowadays, Cyber-attacks are increasing on digital systems and organizations. Innovation and utilization of new digital technology, infrastructure, connectivity, and dependency on digital strategies are transforming day by day. The cyber threat scope has extended significantly. Currently, attackers are becoming more sophisticated, well-organized, and professional in generating malware programs in Python, C Programming, C++ Programming, Java, SQL, PHP, JavaScript, Ruby etc. Accurate attack modeling techniques provide cyber-attack planning, which can be applied quickly during a different ongoing cyber-attack. This paper aims to create a new cyber-attack model that will extend the existing model, which provides a better understanding of the network’s vulnerabilities.Moreover, It helps protect the company or private network infrastructure from future cyber-attacks. The final goal is to handle cyber-attacks efficacious manner using attack modeling techniques. Nowadays, many organizations, companies, authorities, industries, and individuals have faced cybercrime. To execute attacks using our model where honeypot, the firewall, DMZ and any other security are available in any environment.