Biblio

The problem of information privacy has grown more significant in terms of data storage and communication in the 21st century due to the technological explosion during which information has become a highly important strategic resource. The idea of employing DNA cryptography has been highlighted as a potential technology that offers fresh hope for unbreakable algorithms since standard cryptosystems are becoming susceptible to assaults. Due to biological DNA's outstanding energy efficiency, enormous storage capacity, and extensive parallelism, a new branch of cryptography based on DNA computing is developing. There is still more study to be done since this discipline is still in its infancy. This work proposes a DNA encryption strategy based on cryptographic key generation techniques and chaotic diffusion operation.

Malwares are designed to cause harm to the machine without the user's knowledge. Malwares belonging to different families infect the system in its own unique way causing damage which could be irreversible and hence there is a need to detect and analyse the malwares. Manual analysis of all types of malwares is not a practical approach due to the huge effort involved and hence Automated Malware Analysis is resorted to so that the burden on humans can be decreased and the process is made robust. A lot of Automated Malware Analysis tools are present right now both offline and online but the problem arises as to which tool to select while analysing a suspicious binary. A comparative analysis of three most widely used automated tools has been done with different malware class samples. These tools are Cuckoo Sandbox, Any. Run and Intezer Analyze. In order to check the efficacy of the tool in both online and offline analysis, Cuckoo Sandbox was configured for offline use, and Any. Run and Intezer Analyze were configured for online analysis. Individual tools analyse each malware sample and after analysis is completed, a comparative chart is prepared to determine which tool is good at finding registry changes, processes created, files created, network connections, etc by the malicious binary. The findings conclude that Intezer Analyze tool recognizes file changes better than others but otherwise Cuckoo Sandbox and Any. Run tools are better in determining other functionalities.

Phishing has become a prominent method of data theft among hackers, and it continues to develop. In recent years, many strategies have been developed to identify phishing website attempts using machine learning particularly. However, the algorithms and classification criteria that have been used are highly different from the real issues and need to be compared. This paper provides a detailed comparison and evaluation of the performance of several machine learning algorithms across multiple datasets. Two phishing website datasets were used for the experiments: the Phishing Websites Dataset from UCI (2016) and the Phishing Websites Dataset from Mendeley (2018). Because these datasets include different types of class labels, the comparison algorithms can be applied in a variety of situations. The tests showed that Random Forest was better than other classification methods, with an accuracy of 88.92% for the UCI dataset and 97.50% for the Mendeley dataset.

Nowadays, the number of new websites in Thailand has been increasing every year. However, there is a lack of security on some of those websites which causes negative effects and damage. This has also resulted in numerous violations. As a result, these violations cause delays in the situation analysis. Additionally, the cost of effective and well-established digital forensics tools is still expensive. Therefore, this paper has presented the idea of using freeware digital forensics tools to test their performances and compare them with the standards of the digital forensics process. The results of the paper suggest that the tested tools have significant differences in functions and process. WEFA Web Forensics tool is the most effective tool as it supports 3 standards up to 8 out of 10 processes, followed by Browser History View which supports 7 processes, Browser History Spy and Browser Forensic Web Tool respectively, supports 5 processes. The Internet history Browser supports 4 processes as compared to the basic process of the standardization related to forensics.

In recent years, business environments are undergoing disruptive changes across sectors [1]. Globalization and technological advances, such as artificial intelligence and the internet of things, have completely redesigned business activities, bringing to light an ever-increasing interest and attention towards the customer [2], especially in healthcare sector. In this context, researchers is paying more and more attention to the introduction of new technologies capable of meeting the patients’ needs [3, 4] and the Covid-19 pandemic has contributed and still contributes to accelerate this phenomenon [5]. Therefore, emerging technologies (i.e., AI-enabled solutions, service robots, conversational agents) are proving to be effective partners in improving medical care and quality of life [6]. Conversational agents, often identified in other ways as “chatbots”, are AI-enabled service robots based on the use of text [7] and capable of interpreting natural language and ensuring automation of responses by emulating human behavior [8, 9, 10]. Their introduction is linked to help institutions and doctors in the management of their patients [11, 12], at the same time maintaining the negligible incremental costs thanks to their virtual aspect [13–14]. However, while the utilization of these tools has significantly increased during the pandemic [15, 16, 17], it is unclear what benefits they bring to service delivery. In order to identify their contributions, there is a need to find out which activities can be supported by conversational agents.This paper takes a grounded approach [18] to achieve contextual understanding design and to effectively interpret the context and meanings related to conversational agents in healthcare interactions. The study context concerns six chatbots adopted in the healthcare sector through semi-structured interviews conducted in the health ecosystem. Secondary data relating to these tools under consideration are also used to complete the picture on them. Observation, interviewing and archival documents [19] could be used in qualitative research to make comparisons and obtain enriched results due to the opportunity to bridge the weaknesses of one source by compensating it with the strengths of others. Conversational agents automate customer interactions with smart meaningful interactions powered by Artificial Intelligence, making support, information provision and contextual understanding scalable. They help doctors to conduct the conversations that matter with their patients. In this context, conversational agents play a critical role in making relevant healthcare information accessible to the right stakeholders at the right time, defining an ever-present accessible solution for patients’ needs. In summary, conversational agents cannot replace the role of doctors but help them to manage patients. By conveying constant presence and fast information, they help doctors to build close relationships and trust with patients.

IoT connects a large number of physical objects with the Internet that capture and exchange real-time information for service provisioning. Traditional network management schemes face challenges to manage vast amounts of network traffic generated by IoT services. Software-defined networking (SDN) and information-centric networking (ICN) are two complementary technologies that could be integrated to solve the challenges of different aspects of IoT service provisioning. ICN offers a clean-slate design to accommodate continuously increasing network traffic by considering content as a network primitive. It provides a novel solution for information propagation and delivery for large-scale IoT services. On the other hand, SDN allocates overall network management responsibilities to a central controller, where network elements act merely as traffic forwarding components. An SDN-enabled network supports ICN without deploying ICN-capable hardware. Therefore, the integration of SDN and ICN provides benefits for large-scale IoT services. This article provides a comprehensive survey on software-defined information-centric Internet of Things (SDIC-IoT) for IoT service provisioning. We present critical enabling technologies of SDIC-IoT, discuss its architecture, and describe its benefits for IoT service provisioning. We elaborate on key IoT service provisioning requirements and discuss how SDIC-IoT supports different aspects of IoT services. We define different taxonomies of SDIC-IoT literature based on various performance parameters. Furthermore, we extensively discuss different use cases, synergies, and advances to realize the SDIC-IoT concept. Finally, we present current challenges and future research directions of IoT service provisioning using SDIC-IoT.

Compare to outside threats, insider threats that originate within targeted systems are more destructive and invisible. More importantly, it is more difficult to detect and mitigate these insider threats, which poses significant cyber security challenges to an industry control system (ICS) tightly coupled with today’s information technology infrastructure. Currently, power utilities rely mainly on the authentication mechanism to prevent insider threats. If an internal intruder breaks the protection barrier, it is hard to identify and intervene in time to prevent harmful damage. Based on the existing in-depth security defense system, this paper proposes an insider threat protection scheme for ICSs of power utilities. This protection scheme can conduct compliance check by taking advantage of the characteristics of its business process compliance and the nesting of upstream and downstream business processes. Taking the Advanced Metering Infrastructures (AMIs) in power utilities as an example, the potential insider threats of violation and misoperation under the current management mechanism are identified after the analysis of remote charge control operation. According to the business process, a scheme of compliance check for remote charge control command is presented. Finally, the analysis results of a specific example demonstrate that the proposed scheme can effectively prevent the consumers’ power outage due to insider threats.

In the present work, we intend to present a thorough study developed on a digital library, called HAT corpus, for a purpose of authorship attribution. Thus, a dataset of 300 documents that are written by 100 different authors, was extracted from the web digital library and processed for a task of author style analysis. All the documents are related to the travel topic and written in Arabic. Basically, three important rules in stylometry should be respected: the minimum document size, the same topic for all documents and the same genre too. In this work, we made a particular effort to respect those conditions seriously during the corpus preparation. That is, three lexical features: Fixed-length words, Rare words and Suffixes are used and evaluated by using a centroid based Manhattan distance. The used identification approach shows interesting results with an accuracy of about 0.94.

Due to the rapid development of cyber-physical systems, there are more and more security problems. The purpose of this work is to develop the concept of a knowledge base in the field of security of cyber-physical systems based on an ontological approach. To create the concept of a knowledge base, it was necessary to consider the system of a cyber-physical system and highlight its structural parts. As a result, the main concepts of the security of a cyber-physical system were identified and the concept of a knowledge base was drawn up, which in the future will help to analyze potential threats to cyber-physical systems.

The consensus-based frequency control relying on a communication system is used to restore the frequency deviations introduced by the primary droop control in an islanded AC microgrid, a typical cyber-physical power system(CPPS). This paper firstly studies the performance of the CPPS under two types of Distributed Denial of Service (DDoS ) attacks, finds that the intelligent attacks may cause more damage than the brute force attacks, and analyzes some potential defense strategies of the CPPS from two points of view. Some simulation results are also given to show the performance of both the physical and cyber system of the CPPS under different operation conditions.

Frame detection is an important part of the reconnaissance satellite receiver to identify the terrestrial application specific messages (ASM) / VHF data exchange (VDE) signal, and has been challenged by Doppler shift and message collision. A constant false alarm rate (CFAR) frame detection strategy insensitive to Doppler shift has been proposed in this paper. Based on the double Barker sequence, a periodical sequence has been constructed, and differential operations have been adopted to eliminate the Doppler shift. Moreover, amplitude normalization is helpful for suppressing the interference introduced by message collision. Simulations prove that the proposed CFAR frame detection strategy is very attractive for the reconnaissance satellite to identify the terrestrial ASM/VDE signal.

Metaverse is becoming the new standard for social networks and 3D virtual worlds when Facebook officially rebranded to Metaverse in October 2021. Many relevant technologies are used in the metaverse to offer 3D immersive and customized experiences at the user’s fingertips. Despite the fact that the metaverse receives a lot of attention and advantages, one of the most pressing concerns for its users is the safety of their digital material and data. As a result of its decentralization, immutability, and transparency, blockchain is a possible alternative. Our goal is to conduct a comprehensive assessment of blockchain systems in the metaverse to properly appreciate its function in the metaverse. To begin with, the paper introduces blockchain and the metaverse and explains why it’s necessary for the metaverse to adopt blockchain technology. Aside from these technological considerations, this article focuses on how blockchain-based approaches for the metaverse may be used from a privacy and security standpoint. There are several technological challenegs that need to be addressed for making the metaverse a reality. The influence of blockchain on important key technologies with in metaverse, such as Artifical Intelligence, big data and the Internet-of-Things (IoT) is also examined. Several prominent initiatives are also shown to demonstrate the importance of blockchain technology in the development of metaverse apps and services. There are many possible possibilities for future development and research in the application of blockchain technology in the metaverse.

This paper considers network protection games for a heterogeneous network system with N nodes against cyber-attackers of two different types of intentions. The first type tries to maximize damage based on the value of each net-worked node, while the second type only aims at successful infiltration. A defender, by applying defensive resources to networked nodes, can decrease those nodes' vulnerabilities. Meanwhile, the defender needs to balance the cost of using defensive resources and potential security benefits. Existing literature shows that, in a Nash equilibrium, the defender should adopt different resource allocation strategies against different types of attackers. However, it could be difficult for the defender to know the type of incoming cyber-attackers. A Bayesian game is investigated considering the case that the defender is uncertain about the attacker's type. We demonstrate that the Bayesian equilibrium defensive resource allocation strategy is a mixture of the Nash equilibrium strategies from the games against the two types of attackers separately.

In this decade, digital transactions have risen exponentially demanding more reliable and secure authentication systems. CAPTCHA (Completely Automated Public Turing Test to tell Computers and Humans Apart) system plays a major role in these systems. These CAPTCHAs are available in character sequence, picture-based, and audio-based formats. It is very essential that these CAPTCHAs should be able to differentiate a computer program from a human precisely. This work tests the strength of text-based CAPTCHAs by breaking them using an algorithm built on CNN (Convolution Neural Network) and RNN (Recurrent Neural Network). The algorithm is designed in such a way as an attempt to break the security features designers have included in the CAPTCHAs to make them hard to be cracked by machines. This algorithm is tested against the synthetic dataset generated in accordance with the schemes used in popular websites. The experiment results exhibit that the model has shown a considerable performance against both the synthetic and real-world CAPTCHAs.

There are a large number of illegal websites on the Internet, such as pornographic websites, gambling websites, online fraud websites, online pyramid selling websites, etc. This paper studies the use of crawler technology for digital forensics on illegal websites. First, a crawler based illegal website forensics program is designed and developed, which can detect the peripheral information of illegal websites, such as domain name, IP address, network topology, and crawl key information such as website text, pictures, and scripts. Then, through comprehensive analysis such as word cloud analysis, word frequency analysis and statistics on the obtained data, it can help judge whether a website is illegal.

In this paper, we proposed a data security model of a big data analytical environment in the financial sector. Big Data can be seen as a trend in the advancement of technology that has opened the door to a new approach to understanding and decision making that is used to describe the vast amount of data (structured, unstructured and semi-structured) that is too time consuming and costly to load a relational database for analysis. The increase in cybercriminal attacks on an organization’s assets results in organizations beginning to invest in and care more about their cybersecurity points and controls. The management of business-critical data is an important point for which robust cybersecurity controls should be considered. The proposed model is applied in a datalake and allows the identification of security gaps on an analytical repository, a cybersecurity risk analysis, design of security components and an assessment of inherent risks on high criticality data in a repository of a regulated financial institution. The proposal was validated in financial entities in Lima, Peru. Proofs of concept of the model were carried out to measure the level of maturity focused on: leadership and commitment, risk management, protection control, event detection and risk management. Preliminary results allowed placing the entities in level 3 of the model, knowing their greatest weaknesses, strengths and how these can affect the fulfillment of business objectives.

While 5G Edge Computing along with IoT technology has transformed the future of healthcare data transmission, it presents security vulnerabilities and risks when transmitting patients' confidential information. Currently, there are very few reliable security solutions available for healthcare data that routes through SDN routers in 5G Edge Computing. These solutions do not provide cryptographic security from IoT sensor devices. In this paper, we studied how 5G edge computing integrated with IoT network helps healthcare data transmission for remote medical treatment, explored security risks associated with unsecured data transmission, and finally proposed a cryptographic end-to-end security solution initiated at IoT sensor devices and routed through SDN routers. Our proposed solution with cryptographic security initiated at IoT sensor goes through SDN control plane and data plane in 5G edge computing and provides an end-to-end secured communication from IoT device to doctor's office. A prototype built with two-layer encrypted communication has been lab tested with promising results. This analysis will help future security implementation for eHealth in 5G and beyond networks.

There is a stark contrast between the state of cyber security of national infrastructure in Ireland and the efforts underway to support cyber security technologists to work in the country. Notable attacks have recently occurred against the national health service, universities, and various other state bodies, prompting an interest in changing the current situation. This paper presents an overview of the security projects, commercial establishments, and policy in Ireland.

Digital forensics is essential when performing in-depth crime investigations and evidence extraction, especially in the field of the Internet of Things, where there is a ton of information every second boosted with latest and smartest technological devices. However, the enormous growth of data and the nature of its complexity could constrain the data examination process since traditional data acquisition techniques are not applicable nowadays. Therefore, if the knowledge gap between digital forensics and the Internet of Things is not bridged, investigators will jeopardize the loss of a possible rich source of evidence that otherwise could act as a lead in solving open cases. The work aims to introduce examples of employing the latest Internet of Things forensics approaches as a panacea in this regard. The paper covers a variety of articles presenting the new Blockchain, fog, and video-based applications that can aid in easing the process of digital forensics investigation with a focus on the Internet of Things. The results of the review indicated that the above current trends are very promising procedures in the field of Internet of Things digital forensics and need to be explored and applied more actively.

The healthcare industry is confronted with a slew of significant challenges, including stringent regulations, privacy concerns, and rapidly rising costs. Many leaders and healthcare professionals are looking to new technology and informatics to expand more intelligent forms of healthcare delivery. Numerous technologies have advanced during the last few decades. Over the past few decades, pharmacy has changed and grown, concentrating less on drugs and more on patients. Pharmaceutical services improve healthcare's affordability and security. The primary invention was a cyber-infrastructure made up of smart gadgets that are connected to and communicate with one another. These cyber infrastructures have a number of problems, including privacy, trust, and security. These gadgets create cyber-physical systems for pharmaceutical care services in p-health. In the present period, cyber-physical systems for pharmaceutical care services are dealing with a variety of important concerns and demanding conditions, i.e., problems and obstacles that need be overcome to create a trustworthy and effective medical system. This essay offers a thorough examination of CPS's architectural difficulties and emerging tendencies.

With the development of technology, the invention of computers, the use of cyberspace created by information communication systems and networks, increasing the effectiveness of knowledge in all aspects and the gains it provides have increased further the importance of cyber security day by day. In parallel with the developments in cyber space, the need for cyber defense has emerged with active and passive defense approaches for cyber security against internal and external cyber-attacks of increasing type, severity and complexity. In this framework, proactive cyber defense and deterrence strategies have started to be implemented with new techniques and methods.

Cyber security is everybody's responsibility. It is the capability of the person to protect or secure the use of cyberspace from cyber-attacks. Cyber security awareness is the combination of both knowing and doing to safeguard one's personal information or assets. Online threats continue to rise in the Philippines which is the focus of this study, to identify the level of cyber security awareness among the students and teachers of Occidental Mindoro State College (OMSC) Philippines. Results shows that the level of cyber security awareness in terms of Knowledge, majority of the students and teachers got the passing score and above however there are almost fifty percent got below the passing score. In terms of Practices, both the teachers and the students need to strengthen the awareness of system and browser updates to boost the security level of the devices used. More than half of the IT students are aware of the basic cyber security protocol but there is a big percentage in the Non-IT students which is to be considered. Majority of the teachers are aware of the basic cyber security protocols however the remaining number must be looked into. There is a need to intensity the awareness of the students in the proper etiquette in using the social media. Boost the basic cyber security awareness training to all students and teachers to avoid cybercrime victims.

This Innovative Practice Work-in-Progress paper presents a virtual, proactive, and collaborative learning paradigm that can engage learners with different backgrounds and enable effective retention and transfer of the multidisciplinary AI-cybersecurity knowledge. While progress has been made to better understand the trustworthiness and security of artificial intelligence (AI) techniques, little has been done to translate this knowledge to education and training. There is a critical need to foster a qualified cybersecurity workforce that understands the usefulness, limitations, and best practices of AI technologies in the cybersecurity domain. To address this import issue, in our proposed learning paradigm, we leverage multidisciplinary expertise in cybersecurity, AI, and statistics to systematically investigate two cohesive research and education goals. First, we develop an immersive learning environment that motivates the students to explore AI/machine learning (ML) development in the context of real-world cybersecurity scenarios by constructing learning models with tangible objects. Second, we design a proactive education paradigm with the use of hackathon activities based on game-based learning, lifelong learning, and social constructivism. The proposed paradigm will benefit a wide range of learners, especially underrepresented students. It will also help the general public understand the security implications of AI. In this paper, we describe our proposed learning paradigm and present our current progress of this ongoing research work. In the current stage, we focus on the first research and education goal and have been leveraging cost-effective Minecraft platform to develop an immersive learning environment where the learners are able to investigate the insights of the emerging AI/ML concepts by constructing related learning modules via interacting with tangible AI/ML building blocks.

Cyber physical system (CPS) Critical infrastructures (CIs) like the power and energy systems are increasingly becoming vulnerable to cyber attacks. Mitigating cyber risks in CIs is one of the key objectives of the design and maintenance of these systems. These CPS CIs commonly use legacy devices for remote monitoring and control where complete upgrades are uneconomical and infeasible. Therefore, risk assessment plays an important role in systematically enumerating and selectively securing vulnerable or high-risk assets through optimal investments in the cybersecurity of the CPS CIs. In this paper, we propose a CPS CI security framework and software tool, CySec Game, to be used by the CI industry and academic researchers to assess cyber risks and to optimally allocate cybersecurity investments to mitigate the risks. This framework uses attack tree, attack-defense tree, and game theory algorithms to identify high-risk targets and suggest optimal investments to mitigate the identified risks. We evaluate the efficacy of the framework using the tool by implementing a smart grid case study that shows accurate analysis and feasible implementation of the framework and the tool in this CPS CI environment.

Forensic Science comprises a set of technical-scientific knowledge used to solve illicit acts. The increasing use of mobile devices as the main computing platform, in particular smartphones, makes existing information valuable for forensics. However, the blocking mechanisms imposed by the manufacturers and the variety of models and technologies make the task of reconstructing the data for analysis challenging. It is worth mentioning that the conclusion of a case requires more than the simple identification of evidence, as it is extremely important to correlate all the data and sources obtained, to confirm a suspicion or to seek new evidence. This work carries out a systematic review of the literature, identifying the different types of existing image acquisition and the main extraction and encryption methods used in smartphones with the Android operating system.