Biblio

Advance persistent threat is a primary security concerns to the big organizations and its technical infrastructure, from cyber criminals seeking personal and financial information to state sponsored attacks designed to disrupt, compromising infrastructure, sidestepping security efforts thus causing serious damage to organizations. A skilled cybercriminal using multiple attack vectors and entry points navigates around the defenses, evading IDS/Firewall detection and breaching the network in no time. To understand the big picture, this paper analyses an approach to advanced persistent threat by doing the same things the bad guys do on a network setup. We will walk through various steps from foot-printing and reconnaissance, scanning networks, gaining access, maintaining access to finally clearing tracks, as in a real world attack. We will walk through different attack tools and exploits used in each phase and comparative study on their effectiveness, along with explaining their attack vectors and its countermeasures. We will conclude the paper by explaining the factors which actually qualify to be an Advance Persistent Threat.

Conventional methods for anomaly detection include techniques based on clustering, proximity or classification. With the rapidly growing social networks, outliers or anomalies find ingenious ways to obscure themselves in the network and making the conventional techniques inefficient. In this paper, we utilize the ability of Deep Learning over topological characteristics of a social network to detect anomalies in email network and twitter network. We present a model, Graph Neural Network, which is applied on social connection graphs to detect anomalies. The combinations of various social network statistical measures are taken into account to study the graph structure and functioning of the anomalous nodes by employing deep neural networks on it. The hidden layer of the neural network plays an important role in finding the impact of statistical measure combination in anomaly detection.

Intentionally deceptive content presented under the guise of legitimate journalism is a worldwide information accuracy and integrity problem that affects opinion forming, decision making, and voting patterns. Most so-called `fake news' is initially distributed over social media conduits like Facebook and Twitter and later finds its way onto mainstream media platforms such as traditional television and radio news. The fake news stories that are initially seeded over social media platforms share key linguistic characteristics such as making excessive use of unsubstantiated hyperbole and non-attributed quoted content. In this paper, the results of a fake news identification study that documents the performance of a fake news classifier are presented. The Textblob, Natural Language, and SciPy Toolkits were used to develop a novel fake news detector that uses quoted attribution in a Bayesian machine learning system as a key feature to estimate the likelihood that a news article is fake. The resultant process precision is 63.333% effective at assessing the likelihood that an article with quotes is fake. This process is called influence mining and this novel technique is presented as a method that can be used to enable fake news and even propaganda detection. In this paper, the research process, technical analysis, technical linguistics work, and classifier performance and results are presented. The paper concludes with a discussion of how the current system will evolve into an influence mining system.

In the wake of diversity of service requirements and increasing push for extreme efficiency, adaptability propelled by machine learning (ML) a.k.a self organizing networks (SON) is emerging as an inevitable design feature for future mobile 5G networks. The implementation of SON with ML as a foundation requires significant amounts of real labeled sample data for the networks to train on, with high correlation between the amount of sample data and the effectiveness of the SON algorithm. As generally real labeled data is scarce therefore it can become bottleneck for ML empowered SON for unleashing their true potential. In this work, we propose a method of expanding these sample data sets using Generative Adversarial Networks (GANs), which are based on two interconnected deep artificial neural networks. This method is an alternative to taking more data to expand the sample set, preferred in cases where taking more data is not simple, feasible, or efficient. We demonstrate how the method can generate large amounts of realistic synthetic data, utilizing the GAN's ability of generation and discrimination, able to be easily added to the sample set. This method is, as an example, implemented with Call Data Records (CDRs) containing the start hour of a call and the duration of the call, in minutes taken from a real mobile operator. Results show that the method can be used with a relatively small sample set and little information about the statistics of the true CDRs and still make accurate synthetic ones.

Malware classification is the process of categorizing the families of malware on the basis of their signatures. This work focuses on classifying the emerging malwares on the basis of comparable features of similar malwares. This paper proposes a novel framework that categorizes malware samples into their families and can identify new malware samples for analysis. For this six diverse classification techniques of machine learning are used. To get more comparative and thus accurate classification results, analysis is done using two different tools, named as Knime and Orange. The work proposed can help in identifying and thus cleaning new malwares and classifying malware into their families. The correctness of family classification of malwares is investigated in terms of confusion matrix, accuracy and Cohen's Kappa. After evaluation it is analyzed that Random Forest gives the highest accuracy.

In today's IIoT world, most of the IoT platform providers like Microsoft, Amazon and Google are focused towards connecting devices and extract data from the devices and send the data to the Cloud for analytics. Only there are few companies concentrating on Security measures implemented on Edge Node. Gartner estimates that by 2020, more than 25 percent of all enterprise attackers will make use of the Industrial IoT. As Cyber Security Threat is getting more important, it is essential to ensure protection of data both at rest and at motion. The reflex of Cyber Security in the Industrial IoT Domain is much more severe when compared to the Consumer IoT Segment. The new bottleneck in this are security services which employ computationally intensive software operations and system services [1]. Resilient services consume considerable resources in a design. When such measures are added to thwart security attacks, the resource requirements grow even more demanding. Since the standard IIoT Gateways and other sub devices are resource constrained in nature the conventional design for security services will not be applicable in this case. This paper proposes an intelligent architectural paradigm for the Constrained IIoT Gateways that can efficiently identify the Cyber-Attacks in the Industrial IoT domain.

Common vulnerability scoring system (CVSS) is an industry standard that can assess the vulnerability of nodes in traditional computer systems. The metrics computed by CVSS would determine critical nodes and attack paths. However, traditional IT security models would not fit IoT embedded networks due to distinct nature and unique characteristics of IoT systems. This paper analyses the application of CVSS for IoT embedded systems and proposes an improved vulnerability scoring system based on CVSS v3 framework. The proposed framework, named CVSSIoT, is applied to a realistic IT supply chain system and the results are compared with the actual vulnerabilities from the national vulnerability database. The comparison result validates the proposed model. CVSSIoT is not only effective, simple and capable of vulnerability evaluation for traditional IT system, but also exploits unique characteristics of IoT devices.

Malware analysis and detection based on it is very important factor in the computer security. Despite of the enormous effort of companies making anti-malware solutions, it is usually not possible to respond to new malware in time and some computers will get infected. This shortcoming could be partially mitigated through using behavioral malware analysis. This work is aimed towards machine learning algorithms comparison for the behavioral malware analysis purposes.

Bio-modalities are ideal for user authentication in Medical Cyber-Physical Systems. Various forms of bio-modalities, such as the face, iris, fingerprint, are commonly used for secure user authentication. Concurrently, various spoofing approaches have also been developed over time which can fail traditional bio-modality detection systems. Image synthesis with play-doh, gelatin, ecoflex etc. are some of the ways used in spoofing bio-identifiable property. Since the bio-modality detection sensors are small and resource constrained, heavy-weight detection mechanisms are not suitable for these sensors. Recently, Fog based architectures are proposed to support sensor management in the Medical Cyber-Physical Systems (MCPS). A thin software client running in these resource-constrained sensors can enable communication with fog nodes for better management and analysis. Therefore, we propose a fog-based security application to detect bio-modality spoofing in a Fog based MCPS. In this regard, we propose a machine learning based security algorithm run as an application at the fog node using a binarized multi-factor boosted ensemble learner algorithm coupled with feature selection. Our proposal is verified on real datasets provided by the Replay Attack, Warsaw and LiveDet 2015 Crossmatch benchmark for face, iris and fingerprint modality spoofing detection used for authentication in an MCPS. The experimental analysis shows that our approach achieves significant performance gain over the state-of-the-art approaches.

In this paper, we propose a video surveillance system based on blockchain system. The proposed system consists of a blockchain network with trusted internal managers. The metadata of the video is recorded on the distributed ledger of the blockchain, thereby blocking the possibility of forgery of the data. The proposed architecture encrypts and stores the video, creates a license within the blockchain, and exports the video. Since the decryption key for the video is managed by the private DB of the blockchain, it is not leaked by the internal manager unauthorizedly. In addition, the internal administrator can manage and export videos safely by exporting the license generated in the blockchain to the DRM-applied video player.

Aiming at the incomplete and incomplete security mechanism of wireless access system in emergency communication network, this paper proposes a security mechanism requirement construction method for wireless access system based on security evaluation standard. This paper discusses the requirements of security mechanism construction in wireless access system from three aspects: the definition of security issues, the construction of security functional components and security assurance components. This method can comprehensively analyze the security threats and security requirements of wireless access system in emergency communication network, and can provide correct and reasonable guidance and reference for the establishment of security mechanism.

Distributed Denial of Service (DDoS) attacks have two defense perspectives firstly, to defend your network, resources and other information assets from this disastrous attack. Secondly, to prevent your network to be the part of botnet (botforce) bondage to launch attacks on other networks and resources mainly be controlled from a control center. This work focuses on the development of a botnet prevention system for Internet of Things (IoT) that uses the benefits of both Software Defined Networking (SDN) and Distributed Blockchain (DBC). We simulate and analyze that using blockchain and SDN, how can detect and mitigate botnets and prevent our devices to play into the hands of attackers.

The application of line current differential relays (LCDRs) to protect transmission lines has recently proliferated. However, the reliance of LCDRs on digital communication channels has raised growing cyber-security concerns. This paper investigates the impacts of false data injection attacks (FDIAs) on the performance of LCDRs. It also develops coordinated attacks that involve multiple components, including LCDRs, and can cause false line tripping. Additionally, this paper proposes a technique for detecting FDIAs against LCDRs and differentiating them from actual faults in two-terminal lines. In this method, when an LCDR detects a fault, instead of immediately tripping the line, it calculates and measures the superimposed voltage at its local terminal, using the proposed positive-sequence (PS) and negative-sequence (NS) submodules. To calculate this voltage, the LCDR models the protected line in detail and replaces the rest of the system with a Thevenin equivalent that produces accurate responses at the line terminals. Afterwards, remote current measurement is utilized by the PS and NS submodules to compute each sequence's superimposed voltage. A difference between the calculated and the measured superimposed voltages in any sequence reveals that the remote current measurements are not authentic. Thus, the LCDR's trip command is blocked. The effectiveness of the proposed method is corroborated using simulation results for the IEEE 39-bus test system. The performance of the proposed method is also tested using an OPAL real-time simulator.

We propose an efficient and secure two-server password-only remote user authentication protocol for consumer electronic devices, such as smartphones and laptops. Our protocol works on-top of any existing trust model, like Secure Sockets Layer protocol (SSL). The proposed protocol is secure against dictionary and impersonation attacks.

A noble multi-factor authentication (MFA) algorithm is developed for the security enhancement of the Cryptocurrency (CR). The main goal of MFA is to set up extra layer of safeguard while seeking access to a targets such as physical location, computing device, network or database. MFA security scheme requires more than one method for the validation from commutative family of credentials to verify the user for a transaction. MFA can reduce the risk of using single level password authentication by introducing additional factors of authentication. MFA can prevent hackers from gaining access to a particular account even if the password is compromised. The superfluous layer of security introduced by MFA offers additional security to a user. MFA is implemented by using time-based onetime password (TOTP) technique. For logging to any entity with MFA enabled, the user first needs username and password, as a second factor, the user then needs the MFA token to virtually generate a TOTP. It is found that MFA can provide a better means of secured transaction of CR.

Mobile nodes in a mobile ad hoc network (MANET) form a temporal link between a sender and receiver due to their continuous movement in a limited area. This network can be easily attacked because there is no organized identity. This article discusses the MANET, its various associated challenges, and selected solutions. As a case study, a neighbor trust-based security scheme that can prevent malicious attacks in a MANET is discussed in detail. The security scheme identifies each node's behavior in the network in terms of packets received and forwarded. Nodes are placed in a suspicious range, and if the security scheme detects malicious function continuously, then it is confirmed that the particular node is the attacker in the network.

Denial-of-Service attack (DoS attack) is an attack on network in which an attacker tries to disrupt the availability of network resources by overwhelming the target network with attack packets. In DoS attack it is typically done using a single source, and in a Distributed Denial-of-Service attack (DDoS attack), like the name suggests, multiple sources are used to flood the incoming traffic of victim. Typically, such attacks use vulnerabilities of Domain Name System (DNS) protocol and IP spoofing to disrupt the normal functioning of service provider or Internet user. The attacks involving DNS, or attacks exploiting vulnerabilities of DNS are known as DNS based DDOS attacks. Many of the proposed DNS based DDoS solutions try to prevent/mitigate such attacks using some intelligent non-``network layer'' (typically application layer) protocols. Utilizing the flexibility and programmability aspects of Software Defined Networks (SDN), via this proposed doctoral research it is intended to make underlying network intelligent enough so as to prevent DNS based DDoS attacks.

For the security of mobile ad-hoc networks (MANETs), a group of wireless mobile nodes needs to cooperate by forwarding packets, to implement an intrusion detection system (IDS). Some of the current IDS implementations in a clustered MANET have designed mobile nodes to wait until the cluster head is elected before scanning the network and thus nodes may be, unfortunately, exposed to several control packet attacks by which nodes identify falsified routes to reach other nodes. In order to detect control packet attacks such as route falsification, we design a route cache sharing mechanism for a non-clustered network where all one-hop routing data are collected by each node for a cooperative host-based detection. The cooperative host-based detection system uses a Support Vector Machine classifier and achieves a detection rate of around 95%. By successfully detecting the route falsification attacks, nodes are given the capability to avoid other attacks such as black-hole and gray-hole, which are in many cases a result of a successful route falsification attack.

The greatest threat towards securing the organization and its assets are no longer the attackers attacking beyond the network walls of the organization but the insiders present within the organization with malicious intent. Existing approaches helps to monitor, detect and prevent any malicious activities within an organization's network while ignoring the human behavior impact on security. In this paper we have focused on user behavior profiling approach to monitor and analyze user behavior action sequence to detect insider threats. We present an ensemble hybrid machine learning approach using Multi State Long Short Term Memory (MSLSTM) and Convolution Neural Networks (CNN) based time series anomaly detection to detect the additive outliers in the behavior patterns based on their spatial-temporal behavior features. We find that using Multistate LSTM is better than basic single state LSTM. The proposed method with Multistate LSTM can successfully detect the insider threats providing the AUC of 0.9042 on train data and AUC of 0.9047 on test data when trained with publically available dataset for insider threats.

The quantity of Internet of Things (IoT) devices in the marketplace and lack of security is staggering. The interconnectedness of IoT devices has increased the attack surface for hackers. "White Worm" technology has the potential to combat infiltrating malware. Before white worm technology becomes viable, its capabilities must be constrained to specific devices and limited to non-harmful actions. This paper addresses the current problem, international research, and the conflicting interest of individuals, businesses, and governments regarding white worm technology. Proposed is a new perspective on utilizing white worm technology to protect the vulnerability of IoT devices, while overcoming its challenges.

Reconnaissance might be the longest phase, sometimes take weeks or months. The black hat makes use of passive information gathering techniques. Once the attacker has sufficient statistics, then the attacker starts the technique of scanning perimeter and internal network devices seeking out open ports and related services. In this paper we are showing traffic accountability and time to complete the specific task during reconnaissance phase active scanning with nmap tool and proposed strategies that how to deal with large volumes of hosts and conserve network traffic as well as time of the specific task.

Securing Internet of things is a major concern as it deals with data that are personal, needed to be reliable, can direct and manipulate device decisions in a harmful way. Also regarding data generation process is heterogeneous, data being immense in volume, complex management. Quantum Computing and Internet of Things (IoT) coined as Quantum IoT defines a concept of greater security design which harness the virtue of quantum mechanics laws in Internet of Things (IoT) security management. Also it ensures secured data storage, processing, communication, data dynamics. In this paper, an IoT security infrastructure is introduced which is a hybrid one, with an extra layer, which ensures quantum state. This state prevents any sort of harmful actions from the eavesdroppers in the communication channel and cyber side, by maintaining its state, protecting the key by quantum cryptography BB84 protocol. An adapted version is introduced specific to this IoT scenario. A classical cryptography system `One-Time pad (OTP)' is used in the hybrid management. The novelty of this paper lies with the integration of classical and quantum communication for Internet of Things (IoT) security.

This research proposes an inspection on Trust Based Routing protocols to protect Internet of Things directing to authorize dependability and privacy amid to direction-finding procedure in inaccessible systems. There are number of Internet of Things (IOT) gadgets are interrelated all inclusive, the main issue is the means by which to protect the routing of information in the important systems from different types of stabbings. Clients won't feel secure on the off chance that they know their private evidence could without much of a stretch be gotten to and traded off by unapproved people or machines over the system. Trust is an imperative part of Internet of Things (IOT). It empowers elements to adapt to vulnerability and roughness caused by the through and through freedom of other devices. In Mobile Ad-hoc Network (MANET) host moves frequently in any bearing, so that the topology of the network also changes frequently. No specific algorithm is used for routing the packets. Packets/data must be routed by intermediate nodes. It is procumbent to different occurrences ease. There are various approaches to compute trust for a node such as fuzzy trust approach, trust administration approach, hybrid approach, etc. Adaptive Information Dissemination (AID) is a mechanism which ensures the packets in a specific transmission and it analysis of is there any attacks by hackers.It encompasses of ensuring the packet count and route detection between source and destination with trusted path.Trust estimation dependent on the specific condition or setting of a hub, by sharing the setting information onto alternate hubs in the framework would give a superior answer for this issue.Here we present a survey on various trust organization approaches in MANETs. We bring out instantaneous of these approaches for establishing trust of the partaking hubs in a dynamic and unverifiable MANET atmosphere.

Machine learning experts prefer to think of their input as a single, homogeneous, and consistent data set. However, when analyzing large volumes of data, the entire data set may not be manageable on a single server, but must be stored on a distributed file system instead. Moreover, with the pressing demand to deliver explainable models, the experts may no longer focus on the machine learning algorithms in isolation, but must take into account the distributed nature of the data stored, as well as the impact of any data pre-processing steps upstream in their data analysis pipeline. In this paper, we make the point that even basic transformations during data preparation can impact the model learned, and that this is exacerbated in a distributed setting. We then sketch our vision of end-to-end explainability of the model learned, taking the pre-processing into account. In particular, we point out the potentials of linking the contributions of research on data provenance with the efforts on explainability in machine learning. In doing so, we highlight pitfalls we may experience in a distributed system on the way to generating more holistic explanations for our machine learning models.