Biblio

Anomaly detection on security logs is receiving more and more attention. Authentication events are an important component of security logs, and being able to produce trustful and accurate predictions minimizes the effort of cyber-experts to stop false attacks. Observed events are classified into Normal, for legitimate user behavior, and Malicious, for malevolent actions. These classes are consistently excessively imbalanced which makes the classification problem harder; in the commonly used Los Alamos dataset, the malicious class comprises only 0.00033% of the total. This work proposes a novel method to extract advanced composite features, and a supervised learning technique for classifying authentication logs trustfully; the models are Random Forest, LogitBoost, Logistic Regression, and ultimately Majority Voting which leverages the predictions of the previous models and gives the final prediction for each authentication event. We measure the performance of our experiments by using the False Negative Rate and False Positive Rate. In overall we achieve 0 False Negative Rate (i.e. no attack was missed), and on average a False Positive Rate of 0.0019.

While the Internet of Things (IoT) is embraced as important tools for efficiency and productivity, it is becoming an increasingly attractive target for cybercriminals. This work represents the first endeavor to develop practical Puncturable Attribute Based Encryption schemes that are light-weight and applicable in IoTs. In the proposed scheme, the attribute-based encryption is adopted for fine grained access control. The secret keys are puncturable to revoke the decryption capability for selected messages, recipients, or time periods, thus protecting selected important messages even if the current key is compromised. In contrast to conventional forward encryption, a distinguishing merit of the proposed approach is that the recipients can update their keys by themselves without key re-issuing from the key distributor. It does not require frequent communications between IoT devices and the key distribution center, neither does it need deleting components to expunge existing keys to produce a new key. Moreover, we devise a novel approach which efficiently integrates attribute-based key and punctured keys such that the key size is roughly the same as that of the original attribute-based encryption. We prove the correctness of the proposed scheme and its security under the Decisional Bilinear Diffie-Hellman (DBDH) assumption. We also implement the proposed scheme on Raspberry Pi and observe that the computation efficiency of the proposed approach is comparable to the original attribute-based encryption. Both encryption and decryption can be completed within tens of milliseconds.

Smart governments are known as extensions of e-governments both built on the Internet of Things (IoT). In this paper, we classify smart governments into two types (1) new generation and (2) extended smart-government. We then put forth a framework for smart governments implementation and discuss the major challenges in its implementation showing security as the most prominent challenge in USA, mindscaping in Kuwait and investment in India.

The concept of Virtualized Network Functions (VNFs) aims to move Network Functions (NFs) out of dedicated hardware devices into software that runs on commodity hardware. A single NF consists of multiple VNF instances, usually running on virtual machines in a cloud infrastructure. The elastic management of an NF refers to load management across the VNF instances and the autonomic scaling of the number of VNF instances as the load on the NF changes. In this paper, we present EL-SEC, an autonomic framework to elastically manage security NFs on a virtualized infrastructure. As a use case, we deploy the Snort Intrusion Detection System as the NF on the GENI testbed. Concepts from control theory are used to create an Elastic Manager, which implements various controllers - in this paper, Proportional Integral (PI) and Proportional Integral Derivative (PID) - to direct traffic across the VNF Snort instances by monitoring the current load. RINA (a clean-slate Recursive InterNetwork Architecture) is used to build a distributed application that monitors load and collects Snort alerts, which are processed by the Elastic Manager and an Attack Analyzer, respectively. Software Defined Networking (SDN) is used to steer traffic through the VNF instances, and to block attack traffic. Our results show that virtualized security NFs can be easily deployed using our EL-SEC framework. With the help of real-time graphs, we show that PI and PID controllers can be used to easily scale the system, which leads to quicker detection of attacks.

In the context of the rapid technological progress, the cyber-threats become a serious challenge that requires immediate and continuous action. As cybercrime poses a permanent and increasing threat, governments, corporate and individual users of the cyber-space are constantly struggling to ensure an acceptable level of security over their assets. Maliciousness on the cyber-space spans identity theft, fraud, and system intrusions. This is due to the benefits of cyberspace-low entry barriers, user anonymity, and spatial and temporal separation between users, make it a fertile field for deception and fraud. Numerous, supervised and unsupervised, techniques have been proposed and used to identify fraudulent transactions and activities that deviate from regular patterns of behaviour. For instance, neural networks and genetic algorithms were used to detect credit card fraud in a dataset covering 13 months and 50 million credit card transactions. Unsupervised methods, such as clustering analysis, have been used to identify financial fraud or to filter fake online product reviews and ratings on e-commerce websites. Blockchain technology has demonstrated its feasibility and relevance in e-commerce. Its use is now being extended to new areas, related to electronic government. The technology appears to be the most appropriate in areas that require storage and processing of large amounts of protected data. The question is what can blockchain technology do and not do to fight malicious online activity?

We consider the scenario where a cloud service provider (CSP) operates multiple geo-distributed datacenters to provide Internet-scale service. Our objective is to minimize the total electricity and bandwidth cost by jointly optimizing electricity procurement from wholesale markets and geographical load balancing (GLB), i.e., dynamically routing workloads to locations with cheaper electricity. Under the ideal setting where exact values of market prices and workloads are given, this problem reduces to a simple linear programming and is easy to solve. However, under the realistic setting where only distributions of these variables are available, the problem unfolds into a non-convex infinite-dimensional one and is challenging to solve. One of our main contributions is to develop an algorithm that is proven to solve the challenging problem optimally, by exploring the full design space of strategic bidding. Trace-driven evaluations corroborate our theoretical results, demonstrate fast convergence of our algorithm, and show that it can reduce the cost for the CSP by up to 20% as compared with baseline alternatives. This paper highlights the intriguing role of uncertainty in workloads and market prices, measured by their variances. While uncertainty in workloads deteriorates the cost-saving performance of joint electricity procurement and GLB, counter-intuitively, uncertainty in market prices can be exploited to achieve a cost reduction even larger than the setting without price uncertainty.

Modern power systems today are protected and controlled increasingly by embedded systems of computing technologies with a great degree of collaboration enabled by communication. Energy cyber-physical systems such as power systems infrastructures are increasingly vulnerable to cyber-attacks on the protection and control layer. We present a method of securing protective relays from malicious change in protective relay settings via collaboration of devices. Each device checks the proposed setting changes of its neighboring devices for consistency and coordination with its own settings using setting rules based on relay coordination principles. The method is enabled via peer-to-peer communication between IEDs. It is validated in a cyber-physical test bed containing a real time digital simulator and actual relays that communicate via IEC 61850 GOOSE messages. Test results showed improvement in cyber physical security by using domain based rules to block malicious changes in protection settings caused by simulated cyber-attacks. The method promotes the use of defense systems that are aware of the physical systems which they are designed to secure.

In this paper, we propose an architecture that utilizes blockchain technology for enabling verifiable trust in collaborative health research environments. The architecture supports the human-in-the-loop paradigm for health research by establishing trust between participants, including human researchers and AI systems, by making all data transformations transparent and verifiable by all participants. We define the trustworthiness of the system and provide an analysis of the architecture in terms of trust requirements. We then evaluate our architecture by analyzing its resiliency to common security threats and through an experimental realization.

In this paper, we propose a hybrid collaborative filtering recommendation algorithm based on heuristic similarity and trust measure, in order to alleviate the problem of data sparsity, cold start and trust measure. Firstly, a new similarity measure is implemented by weighted fusion of multiple similarity influence factors obtained from the rating matrix, so that the similarity measure becomes more accurate. Then, a user trust relationship computing model is implemented by constructing the user's trust network based on the trust propagation theory. On this basis, a SIMT collaborative filtering algorithm is designed which integrates trust and similarity instead of the similarity in traditional collaborative filtering algorithm. Further, an improved K nearest neighbor recommendation based on clustering algorithm is implemented for generation of a better recommendation list. Finally, a comparative experiment on FilmTrust dataset shows that the proposed algorithm has improved the quality and accuracy of recommendation, thus overcome the problem of data sparsity, cold start and trust measure to a certain extent.

The rapid development of the Internet and ecommerce has brought a lot of convenience to people's life. Personalized recommendation technology provides users with services that they may be interested according to users' information such as personal characteristics and historical behaviors. The research of personalized recommendation has been a hot point of data mining and social networks. In this paper, we focus on resolving the problem of data sparsity based on users' rating data and social network information, introduce a set of new measures for social trust and propose a novel personalized recommendation algorithm based on matrix factorization combining trust relevancy. Our experiments were performed on the Dianping datasets. The results show that our algorithm outperforms traditional approaches in terms of accuracy and stability.

The research in MANET has been carried out for the development of various techniques which will increase the competency of the network only. A plenty number of proposed routing protocols are magnificent in terms of efficiency. However, proposed protocols were generally fulfilling the set of trusted network and not considered for adversarial network setting, hence there is no security mechanism has been considered. MANET is widely used in sensitive fields like battlefield, police rescue operation and many more in such type of sensitive field an attacker may try to gather information about the conversation starting from the origin node to the terminal node. Secure route selection approach for route selection in adverse environment is discussed in this article. The results shows that proposed algorithm, will resolve the single & collaborative attack by increasing the computational & storage overhead and by improving the significant PDR, achieves a noticeable enhancement in the end to end delay.

Industrial cluster is an important organization form and carrier of development of small and medium-sized enterprises, and information service platform is an important facility of industrial cluster. Improving the credibility of the network platform is conducive to eliminate the adverse effects of distrust and information asymmetry on industrial clusters. The decentralization, transparency, openness, and intangibility of block chain technology make it an inevitable choice for trustworthiness optimization of industrial cluster network platform. This paper first studied on trusted standard of industry cluster network platform and construct a new trusted framework of industry cluster network platform. Then the paper focus on trustworthiness optimization of data layer and application layer of the platform. The purpose of this paper is to build an industrial cluster network platform with data access, information trustworthiness, function availability, high-speed and low consumption, and promote the sustainable and efficient development of industrial cluster.

When robots and human users collaborate, trust is essential for user acceptance and engagement. In this paper, we investigated two factors thought to influence user trust towards a robot: preference elicitation (a combination of user involvement and explanation) and embodiment. We set our experiment in the application domain of a restaurant recommender system, assessing trust via user decision making and perceived source credibility. Previous research in this area uses simulated environments and recommender systems that present the user with the best choice from a pool of options. This experiment builds on past work in two ways: first, we strengthened the ecological validity of our experimental paradigm by incorporating perceived risk during decision making; and second, we used a system that recommends a nonoptimal choice to the user. While no effect of embodiment is found for trust, the inclusion of preference elicitation features significantly increases user trust towards the robot recommender system. These findings have implications for marketing and health promotion in relation to Human-Robot Interaction and call for further investigation into the development and maintenance of trust between robot and user.

The current AI revolution provides us with many new, but often very complex algorithmic systems. This complexity does not only limit understanding, but also acceptance of e.g. deep learning methods. In recent years, explainable AI (XAI) has been proposed as a remedy. However, this research is rarely supported by publications on explanations from social sciences. We suggest a bottom-up approach to explanations for (game) AI, by starting from a baseline definition of understandability informed by the concept of limited human working memory. We detail our approach and demonstrate its application to two games from the GVGAI framework. Finally, we discuss our vision of how additional concepts from social sciences can be integrated into our proposed approach and how the results can be generalised.

Automated network control and management has been a long standing target of network protocols. We address in this paper the question of automated protocol design, where distributed networked nodes have to cooperate to achieve a common goal without a priori knowledge on which information to exchange or the network topology. While reinforcement learning has often been proposed for this task, we propose here to apply recent methods from semi-supervised deep neural networks which are focused on graphs. Our main contribution is an approach for applying graph-based deep learning on distributed routing protocols via a novel neural network architecture named Graph-Query Neural Network. We apply our approach to the tasks of shortest path and max-min routing. We evaluate the learned protocols in cold-start and also in case of topology changes. Numerical results show that our approach is able to automatically develop efficient routing protocols for those two use-cases with accuracies larger than 95%. We also show that specific properties of network protocols, such as resilience to packet loss, can be explicitly included in the learned protocol.

Mobile Adhoc networks are wireless adhoc networks that have property of self organizing, less infrastructure, multi hoping, which are designed to work under low power vulnerable environment. Due to its very unique characteristics, there is much chances of threat of malicious nodes within the network. Blackhole attack is a menace in MANETs which redirects all traffic to itself and drops it. This paper’s objective is to analyze the effects of blackhole attack under reactive routing protocol such as Adhoc on Demand Distance Vector routing (AODV). The performance of this protocol is assessed to find the vulnerability of attack and also compared the impact of attack on both AODV, AODV with blackhole and proposed AODV protocols. The analysis is done by simulated using NS- 2.35 and QoS parameters such as Throughput, PDR, and Average Energy Consumed are measured further.

Ciphertext policy attribute-based encryption (CP-ABE) is a promising cryptographic technology that provides fine-grained access control as well as data confidentiality. It enables one sender to encrypt the data for more receivers, and to specify a policy on who can decrypt the ciphertext using his/her attributes alone. However, most existing ABE schemes are constructed on bilinear maps and they cannot resist quantum attacks. In this paper, we propose a multi-authority CP-ABE (MA-CPABE) scheme on ideal lattices which is still secure in post-quantum era. On one hand, multiple attribute authorities are required when user's attributes cannot be managed by a central authority. On the other hand, compared with generic lattice, the ideal lattice has extra algebraic structure and can be used to construct more efficient cryptographic applications. By adding some virtual attributes for each authority, our scheme can support flexible threshold access policy. Security analysis shows that the proposed scheme is secure against chosen plaintext attack (CPA) in the standard model under the ring learning with errors (R-LWE) assumption.

From the last few years, security in wireless sensor network (WSN) is essential because WSN application uses important information sharing between the nodes. There are large number of issues raised related to security due to open deployment of network. The attackers disturb the security system by attacking the different protocol layers in WSN. The standard AODV routing protocol faces security issues when the route discovery process takes place. The data should be transmitted in a secure path to the destination. Therefore, to support the process we have proposed a trust based intrusion detection system (NL-IDS) for network layer in WSN to detect the Black hole attackers in the network. The sensor node trust is calculated as per the deviation of key factor at the network layer based on the Black hole attack. We use the watchdog technique where a sensor node continuously monitors the neighbor node by calculating a periodic trust value. Finally, the overall trust value of the sensor node is evaluated by the gathered values of trust metrics of the network layer (past and previous trust values). This NL-IDS scheme is efficient to identify the malicious node with respect to Black hole attack at the network layer. To analyze the performance of NL-IDS, we have simulated the model in MATLAB R2015a, and the result shows that NL-IDS is better than Wang et al. [11] as compare of detection accuracy and false alarm rate.

"Good Governance" - may it be corporate or governmental, is a badly needed focus area in the world today where the companies and governments are struggling to survive the political and economical turmoil around the globe. All governments around the world have a tendency of expanding the size of their government, but eventually they would be forced to think reducing the size by incorporating information technology as a way to provide services to the citizens effectively and efficiently. Hence our attempt is to offer a complete solution from birth of a citizen till death encompassing all the necessary services related to the well being of a person living in a society. Our research and analysis would explore the pros and cons of using IT as a solution to our problems and ways to implement them for a best outcome in e-Governance occasionally comparing with the present scenario when relevant.

This paper aims to discover the characteristics of acceptance of mobile government systems by elderly. Several initiatives and projects offer various governmental services for them, like information sharing, alerting and mHealth services. All of them carry important benefits for this user group, but these can only be utilized if the user acceptance is at a certain level. This is a requirement in order for the users to perceive the services as a benefit and not as hindrance. The key aspects for high acceptance are usability and user-friendliness, which will lead to successful-government systems designed for the target group. We have applied a combination of qualitative and quantitative research methods including an m-Government prototype to explore the key acceptance factors. Research approach utilizes the IGUAN framework, which is a user-driven method. We collected and analysed data guided by IGUAN framework about the acceptance of e-government services by elderly. The target group was recruited from Germany and Hungary. Our findings draw the attention to perceived security and perceived usability of an application; these are decisive factors for this target group.

Software deobfuscation is a key challenge in malware analysis to understand the internal logic of the code and establish adequate countermeasures. In order to defeat recent obfuscation techniques, state-of-the-art generic deobfuscation methodologies are based on dynamic symbolic execution (DSE). However, DSE suffers from limitations such as code coverage and scalability. In the race to counter and remove the most advanced obfuscation techniques, there is a need to reduce the amount of code to cover. To that extend, we propose a novel deobfuscation approach based on semantic equivalence, called DoSE. With DoSE, we aim to improve and complement DSE-based deobfuscation techniques by statically eliminating obfuscation transformations (built on code-reuse). This improves the code coverage. Our method's novelty comes from the transposition of existing binary diffing techniques, namely semantic equivalence checking, to the purpose of the deobfuscation of untreated techniques, such as two-way opaque constructs, that we encounter in surreptitious software. In order to challenge DoSE, we used both known malwares such as Cryptowall, WannaCry, Flame and BitCoinMiner and obfuscated code samples. Our experimental results show that DoSE is an efficient strategy of detecting obfuscation transformations based on code-reuse with low rates of false positive and/or false negative results in practice, and up to 63% of code reduction on certain types of malwares.

Cloud systems are becoming more complex and vulnerable to attacks. Cyber attacks are also becoming more sophisticated and harder to detect. Therefore, it is increasingly difficult for a single cloud-based intrusion detection system (IDS) to detect all attacks, because of limited and incomplete knowledge about attacks. The recent researches in cyber-security have shown that a co-operation among IDSs can bring higher detection accuracy in such complex computer systems. Through collaboration, a cloud-based IDS can consult other IDSs about suspicious intrusions and increase the decision accuracy. The problem of existing cooperative IDS approaches is that they overlook having untrusted (malicious or not) IDSs that may negatively effect the decision about suspicious intrusions in the cloud. Moreover, they rely on a centralized architecture in which a central agent regulates the cooperation, which contradicts the distributed nature of the cloud. In this paper, we propose a framework that enables IDSs to distributively form trustworthy IDSs communities. We devise a novel decentralized algorithm, based on coalitional game theory, that allows a set of cloud-based IDSs to cooperatively set up their coalition in such a way to make their individual detection accuracy increase, even in the presence of untrusted IDSs.

Nowadays, network is one of the essential parts of life, and lots of primary activities are performed by using the network. Also, network security plays an important role in the administrator and monitors the operation of the system. The intrusion detection system (IDS) is a crucial module to detect and defend against the malicious traffics before the system is affected. This system can extract the information from the network system and quickly indicate the reaction which provides real-time protection for the protected system. However, detecting malicious traffics is very complicating because of their large quantity and variants. Also, the accuracy of detection and execution time are the challenges of some detection methods. In this paper, we propose an IDS platform based on convolutional neural network (CNN) called IDS-CNN to detect DoS attack. Experimental results show that our CNN based DoS detection obtains high accuracy at most 99.87%. Moreover, comparisons with other machine learning techniques including KNN, SVM, and Naïve Bayes demonstrate that our proposed method outperforms traditional ones.

In the light of the information revolution, and the propagation of big social data, the dissemination of misleading information is certainly difficult to control. This is due to the rapid and intensive flow of information through unconfirmed sources under the propaganda and tendentious rumors. This causes confusion, loss of trust between individuals and groups and even between governments and their citizens. This necessitates a consolidation of efforts to stop penetrating of false information through developing theoretical and practical methodologies aim to measure the credibility of users of these virtual platforms. This paper presents an approach to domain-based prediction to user's trustworthiness of Online Social Networks (OSNs). Through incorporating three machine learning algorithms, the experimental results verify the applicability of the proposed approach to classify and predict domain-based trustworthy users of OSNs.

Dynamic data race detectors are valuable tools for testing and validating concurrent software, but to achieve good performance they are typically implemented using sophisticated concurrent algorithms. Thus, they are ironically prone to the exact same kind of concurrency bugs they are designed to detect. To address these problems, we have developed VerifiedFT, a clean slate redesign of the FastTrack race detector [19]. The VerifiedFT analysis provides the same precision guarantee as FastTrack, but is simpler to implement correctly and efficiently, enabling us to mechanically verify an implementation of its core algorithm using CIVL [27]. Moreover, VerifiedFT provides these correctness guarantees without sacrificing any performance over current state-of-the-art (but complex and unverified) FastTrack implementations for Java.