Biblio

A recently emerged cellular network based One-Tap Authentication (OTAuth) scheme allows app users to quickly sign up or log in to their accounts conveniently: Mobile Network Operator (MNO) provided tokens instead of user passwords are used as identity credentials. After conducting a first in-depth security analysis, however, we have revealed several fundamental design flaws among popular OTAuth services, which allow an adversary to easily (1) perform unauthorized login and register new accounts as the victim, (2) illegally obtain identities of victims, and (3) interfere OTAuth services of legitimate apps. To further evaluate the impact of our identified issues, we propose a pipeline that integrates both static and dynamic analysis. We examined 1,025/894 Android/iOS apps, each app holding more than 100 million installations. We confirmed 396/398 Android/iOS apps are affected. Our research systematically reveals the threats against OTAuth services. Finally, we provide suggestions on how to mitigate these threats accordingly.

Cloud computing is preferred because of its numerous improvements, such as data security, low maintenance cost, unlimited storage capacity and consistent backups. However, legitimate users take advantage of cloud storage services for storing a considerable amount of sensitive data. After storing data on the cloud, data users pass on control over data to cloud administrators. Although for assuring data security, sensitive information needs to be encrypted before deploying it on the cloud server. In traditional searchable encryption, encrypted data can be searched using keywords on a cloud server without knowing data details, and users can retrieve certain specific files of interest after authentication. However, the results are only related to the exact matching keyword searches. This drawback affects system usability and efficiency, due to which existing encryption methods are unsuitable in cloud computing. To avoid the above problems, this study includes as follows: Firstly, we analyze all fuzzy keyword search techniques that are wildcard based, gram based and trie-traverse. Secondly, we briefly describe certificateless cryptography and suggest a certificateless searchable encryption scheme. Finally, this study gives easy access to developing a fuzzy keyword searchable system for a new researcher to combine the above two points. It provides easy access and efficient search results.

We present a ternary source coding scheme in this paper, which is a special class of low density generator matrix (LDGM) codes. We prove that a ternary linear block LDGM code, whose generator matrix is randomly generated with each element independent and identically distributed, is universal for source coding in terms of the symbol-error rate (SER). To circumvent the high-complex maximum likelihood decoding, we introduce a special class of convolutional LDGM codes, called block Markov superposition transmission of repetition (BMST-R) codes, which are iteratively decodable by a sliding window algorithm. Then the presented BMST-R codes are applied to construct a tandem scheme for Gaussian source compression, where a dead-zone quantizer is introduced before the ternary source coding. The main advantages of this scheme are its universality and flexibility. The dead-zone quantizer can choose a proper quantization level according to the distortion requirement, while the LDGM codes can adapt the code rate to approach the entropy of the quantized sequence. Numerical results show that the proposed scheme performs well for ternary sources over a wide range of code rates and that the distortion introduced by quantization dominates provided that the code rate is slightly greater than the discrete entropy.

One major tool of Energy Management Systems for monitoring the status of the power grid is State Estimation (SE). Since the results of state estimation are used within the energy management system, the security of the power system state estimation tool is most important. The research in this area is targeting detection of False Data Injection attacks on measurements. Though this aspect is crucial, SE also depends on database that are used to describe the relationship between measurements and systems' states. This paper presents a two-stage optimization framework to not only detect, but also correct cyber-attacks pertaining the measurements' model parameters used by the SE routine. In the first stage, an estimate of the line parameters ratios are obtained. In the second stage, the estimated ratios from stage I are used in a Bi-Level model for obtaining a final estimate of the measurements' model parameters. Hence, the presented framework does not only unify the detection and correction in a single optimization run, but also provide a monitoring scheme for the SE database that is typically considered static. In addition, in the two stages, linear programming framework is preserved. For validation, the IEEE 118 bus system is used for implementation. The results illustrate the effectiveness of the proposed model for detecting attacks in the database used in the state estimation process.

Vulnerability detection has always been an essential part of maintaining information security, and the existing work can significantly improve the performance of vulnerability detection. However, due to the differences in representation forms and deep learning models, various methods still have some limitations. In order to overcome this defect, We propose a vulnerability detection method VDBWGDL, based on weight graphs and deep learning. Firstly, it accurately locates vulnerability-sensitive keywords and generates variant codes that satisfy vulnerability trigger logic and programmer programming style through code variant methods. Then, the control flow graph is sliced for vulnerable code keywords and program critical statements. The code block is converted into a vector containing rich semantic information and input into the weight map through the deep learning model. According to specific rules, different weights are set for each node. Finally, the similarity is obtained through the similarity comparison algorithm, and the suspected vulnerability is output according to different thresholds. VDBWGDL improves the accuracy and F1 value by 3.98% and 4.85% compared with four state-of-the-art models. The experimental results prove the effectiveness of VDBWGDL.

In the computer field, cybersecurity has always been the focus of attention. How to detect malware is one of the focuses and difficulties in network security research effectively. Traditional existing malware detection schemes can be mainly divided into two methods categories: database matching and the machine learning method. With the rise of deep learning, more and more deep learning methods are applied in the field of malware detection. Deeper semantic features can be extracted via deep neural network. The main tasks of this paper are as follows: (1) Using machine learning methods and one-dimensional convolutional neural networks to detect malware (2) Propose a machine The method of combining learning and deep learning is used for detection. Machine learning uses LGBM to obtain an accuracy rate of 67.16%, and one-dimensional CNN obtains an accuracy rate of 72.47%. In (2), LGBM is used to screen the importance of features and then use a one-dimensional convolutional neural network, which helps to further improve the detection result has an accuracy rate of 78.64%.

In recent times, the occurrence of malware attacks are increasing at an unprecedented rate. Particularly, the image-based malware attacks are spreading worldwide and many people get harmful malware-based images through the technique called steganography. In the existing system, only open malware and files from the internet can be identified. However, the image-based malware cannot be identified and detected. As a result, so many phishers make use of this technique and exploit the target. Social media platforms would be totally harmful to the users. To avoid these difficulties, Machine learning can be implemented to find the steganographic malware images (contents). The proposed methodology performs an automatic detection of malware and steganographic content by using Machine Learning. Steganography is used to hide messages from apparently innocuous media (e.g., images), and steganalysis is the approach used for detecting this malware. This research work proposes a machine learning (ML) approach to perform steganalysis. In the existing system, only open malware and files from the internet are identified but in the recent times many people get harmful malware-based images through the technique called steganography. Social media platforms would be totally harmful to the users. To avoid these difficulties, the proposed Machine learning has been developed to appropriately detect the steganographic malware images (contents). Father, the steganalysis method using machine learning has been developed for performing logistic classification. By using this, the users can avoid sharing the malware images in social media platforms like WhatsApp, Facebook without downloading it. It can be also used in all the photo-sharing sites such as google photos.

The aim of this paper is to describe the battery lifetime estimation and energy consumption model of the sensor nodes in TDMA wireless mesh sensor using merged data collecting (MDC) methods based on lithium thionyl chloride batteries. Defining the energy consumption of the nodes in wireless mesh networks is crucial for battery lifetime estimation. In this paper, we describe the timing, energy consumption, and battery lifetime estimation of the MDC method in the TDMA mesh sensor networks using flooding routing. For the battery life estimation, we made a semiempirical model that describes the energy consumption of the nodes with a real battery model. In this model, the low-level constraints are based on the measured energy consumption of the sensor nodes in different operation phases.

Injection attack is one of the best 10 security dangers declared by OWASP. SQL infusion is one of the main types of attack. In light of their assorted and quick nature, SQL injection can detrimentally affect the line, prompting broken and public data on the site. Therefore, this article presents a profound woodland-based technique for recognizing complex SQL attacks. Research shows that the methodology we use resolves the issue of expanding and debasing the first condition of the woodland. We are currently presenting the AdaBoost profound timberland-based calculation, which utilizes a blunder level to refresh the heaviness of everything in the classification. At the end of the day, various loads are given during the studio as per the effect of the outcomes on various things. Our model can change the size of the tree quickly and take care of numerous issues to stay away from issues. The aftereffects of the review show that the proposed technique performs better compared to the old machine preparing strategy and progressed preparing technique.

Binary analysis is pervasively utilized to assess software security and test vulnerabilities without accessing source codes. The analysis validity is heavily influenced by the inferring ability of information related to the code compilation. Among the compilation information, compiler type and optimization level, as the key factors determining how binaries look like, are still difficult to be inferred efficiently with existing tools. In this paper, we conduct a thorough empirical study on the binary's appearance under various compilation settings and propose a lightweight binary analysis tool based on the simplest machine learning method, called DIComP to infer the compiler and optimization level via most relevant features according to the observation. Our comprehensive evaluations demonstrate that DIComP can fully recognize the compiler provenance, and it is effective in inferring the optimization levels with up to 90% accuracy. Also, it is efficient to infer thousands of binaries at a millisecond level with our lightweight machine learning model (1MB).

Ant Colony Optimization is applied to design a suitable and shortest route between the starting node point and the end node point in the Wireless Sensor Network (WSN). In general ant colony algorithm plays a good role in path planning process that can also applied in improving the network security. Therefore to protect the network from the malicious nodes an ACO based Dynamic Key Management (ACO-DKM) scheme is proposed. The routes are diagnosed through ACO method also the actual coverage distance and pheromone updating strategy is updated simultaneously that prevents the node from continuous monitoring. Simulation analysis gives the efficiency of the proposed scheme.

Community question answering (CQA) websites have become very popular platforms attracting numerous participants to share and acquire knowledge and information in Internet However, with the rapid growth of crowdsourcing systems, many malicious users organize collusive attacks against the CQA platforms for promoting a target (product or service) via posting suggestive questions and deceptive answers. These manipulate deceptive contents, aggregating into multiple collusive questions and answers (Q&As) spam groups, can fully control the sentiment of a target and distort the decision of users, which pollute the CQA environment and make it less credible. In this paper, we propose a Pattern and Burstiness based Collusive Q&A Spam Detection method (PBCSD) to identify the deceptive questions and answers. Specifically, we intensively study the campaign process of crowdsourcing tasks and summarize the clues in the Q&As’ vocabulary usage level when collusive attacks are launched. Based on the clues, we extract the Q&A groups using frequent pattern mining and further purify them by the burstiness on posting time of Q&As. By designing several discriminative features at the Q&A group level, multiple machine learning based classifiers can be used to judge the groups as deceptive or ordinary, and the Q&As in deceptive groups are finally identified as collusive Q&A spam. We evaluate the proposed PBCSD method in a real-world dataset collected from Baidu Zhidao, a famous CQA platform in China, and the experimental results demonstrate the PBCSD is effective for collusive Q&A spam detection and outperforms a number of state-of-art methods.

Vehicular crowdsensing (VCS) is a subset of crowd-sensing where data collection is outsourced to group vehicles. Here, an entity interested in collecting data from a set of Places of Sensing Interest (PsI), advertises a set of sensing tasks, and the associated rewards. Vehicles attracted by the offered rewards deviate from their ongoing trajectories to visit and collect from one or more PsI. In this win-to-win scenario, vehicles reach their final destination with the extra reward, and the entity obtains the desired samples. Unfortunately, the efficiency of VCS can be undermined by the Sybil attack, in which an attacker can benefit from the injection of false vehicle identities. In this paper, we present a case study and analyze the effects of such an attack. We also propose a defense mechanism based on generative adversarial neural networks (GANs). We discuss GANs' advantages, and drawbacks in the context of VCS, and new trends in GANs' training that make them suitable for VCS.

Network security is a problem that is of great concern to all countries at this stage. How to ensure that the network provides effective services to people without being exposed to potential security threats has become a major concern for network security researchers. In order to better understand the network security situation, researchers have studied a variety of quantitative assessment methods, and the most scientific and effective one is the hierarchical quantitative assessment method of the network security threat situation. This method allows the staff to have a very clear understanding of the security of the network system and make correct judgments. This article mainly analyzes the quantitative assessment of the hierarchical network security threat situation from the current situation and methods, which is only for reference.

Code optimization is an essential feature for compilers and almost all software products are released by compiler optimizations. Consequently, bugs in code optimization will inevitably cast significant impact on the correctness of software systems. Locating optimization bugs in compilers is challenging as compilers typically support a large amount of optimization configurations. Although prior studies have proposed to locate compiler bugs via generating witness test programs, they are still time-consuming and not effective enough. To address such limitations, we propose an automatic bug localization approach, ODFL, for locating compiler optimization bugs via differentiating finer-grained options in this study. Specifically, we first disable the fine-grained options that are enabled by default under the bug-triggering optimization levels independently to obtain bug-free and bug-related fine-grained options. We then configure several effective passing and failing optimization sequences based on such fine-grained options to obtain multiple failing and passing compiler coverage. Finally, such generated coverage information can be utilized via Spectrum-Based Fault Localization formulae to rank the suspicious compiler files. We run ODFL on 60 buggy GCC compilers from an existing benchmark. The experimental results show that ODFL significantly outperforms the state-of-the-art compiler bug isolation approach RecBi in terms of all the evaluated metrics, demonstrating the effectiveness of ODFL. In addition, ODFL is much more efficient than RecBi as it can save more than 88% of the time for locating bugs on average.

With their variety of application verticals, smart cities represent a killer scenario for Cloud-IoT computing, e.g. fog computing. Such applications require a management capable of satisfying all their requirements through suitable service placements, and of balancing among QoS-assurance, operational costs, deployment security and, last but not least, energy consumption and carbon emissions. This keynote discusses these aspects over a motivating use case and points to some open challenges.

This paper conducts simulation analysis on power transmission lines and availability of power communication link based on Latin hypercube sampling. It proposes a new method of vulnerability communication link assessment for electric cyber physical system. Wind power output, transmission line failure and communication link failure of electric cyber physical system are sampled to obtain different operating states of electric cyber physical system. The connectivity of communication links under different operating states of electric cyber physical system is calculated to judge whether the communication nodes of the links are connected with the control master station. According to the connection between the link communication node and the control master station, the switching load and switching load of the electric cyber physical system in different operating states are calculated, and the optimal switching load of the electric cyber physical system in different operating states is obtained. This method can clearly identify the vulnerable link in the electric cyber physical system, so as to monitor the vulnerable link and strengthen the link strength.

Modern cyber-physical systems that comprise controlled power electronics are becoming more internet-of-things-enabled and vulnerable to cyber-attacks. Therefore, hardening those systems against cyber-attacks becomes an emerging need. In this paper, a model-based deep learning cyber-attack detection to protect electric drive systems from cyber-attacks on the physical level is proposed. The approach combines the model physics with a deep learning-based classifier. The combination of model-based and deep learning will enable more accurate cyber-attack detection results. The proposed cyber-attack detector will be trained and simulated on a PM based electric drive system to detect false data injection attacks on the drive controller command and sensor signals.

State-of-the-art approaches in gait analysis usually rely on one isolated tracking system, generating insufficient data for complex use cases such as sports, rehabilitation, and MedTech. We address the opportunity to comprehensively understand human motion by a novel data model combining several motion-tracking methods. The model aggregates pose estimation by captured videos and EMG and EIT sensor data synchronously to gain insights into muscle activities. Our demonstration with biceps curl and sitting/standing pose generates time-synchronous data and delivers insights into our experiment’s usability, advantages, and challenges.

The success of deep learning based steganography has shifted focus of researchers from traditional steganography approaches to deep learning based steganography. Various deep steganographic models have been developed for improved security, capacity and invisibility. In this work a multi-data deep learning steganography model has been developed using a well known deep learning model called Generative Adversarial Networks (GAN) more specifically using deep convolutional Generative Adversarial Networks (DCGAN). The model is capable of hiding two different messages, meant for two different receivers, inside a single cover image. The proposed model consists of four networks namely Generator, Steganalyzer Extractor1 and Extractor2 network. The Generator hides two secret messages inside one cover image which are extracted using two different extractors. The Steganalyzer network differentiates between the cover and stego images generated by the generator network. The experiment has been carried out on CelebA dataset. Two commonly used distortion metrics Peak signal-to-Noise ratio (PSNR) and Structural Similarity Index Metric (SSIM) are used for measuring the distortion in the stego image The results of experimentation show that the stego images generated have good imperceptibility and high extraction rates.

With the development of 5G networking technology on the Internet of Vehicle (IoV), there are new opportunities for numerous cyber-attacks, such as in-vehicle attacks like hijacking occurrences and data theft. While numerous attempts have been made to protect against the potential attacks, there are still many unsolved problems such as developing a fine-grained access control system. This is reflected by the granularity of security as well as the related data that are hosted on these platforms. Among the most notable trends is the increased usage of smart devices, IoV, cloud services, emerging technologies aim at accessing, storing and processing data. Most popular authentication protocols rely on knowledge-factor for authentication that is infamously known to be vulnerable to subversions. Recently, the zero-trust framework has drawn huge attention; there is an urgent need to develop further the existing Continuous Authentication (CA) technique to achieve the zero-trustiness framework. In this paper, firstly, we develop the static authentication process and propose a secured protocol to generate the smart key for user to unlock the vehicle. Then, we proposed a novel and secure continuous authentication system for IoVs. We present the proof-of-concept of our CA scheme by building a prototype that leverages the commodity fingerprint sensors, NFC, and smartphone. Our evaluations in real-world settings demonstrate the appropriateness of CA scheme and security analysis of our proposed protocol for digital key suggests its enhanced security against the known attack-vector.

The increasing use of Information Technology applications in the distributed environment is increasing security exploits. Information about vulnerabilities is also available on the open web in an unstructured format that developers can take advantage of to fix vulnerabilities in their IT applications. SQL injection (SQLi) attacks are frequently launched with the objective of exfiltration of data typically through targeting the back-end server organisations to compromise their customer databases. There have been a number of high profile attacks against large enterprises in recent years. With the ever-increasing growth of online trading, it is possible to see how SQLi attacks can continue to be one of the leading routes for cyber-attacks in the future, as indicated by findings reported in OWASP. Various machine learning and deep learning algorithms have been applied to detect and prevent these attacks. However, such preventive attempts have not limited the incidence of cyber-attacks and the resulting compromised database as reported by (CVE) repository. In this paper, the potential of using data mining approaches is pursued in order to enhance the efficacy of SQL injection safeguarding measures by reducing the false-positive rates in SQLi detection. The proposed approach uses CountVectorizer to extract features and then apply various supervised machine-learning models to automate the classification of SQLi. The model that returns the highest accuracy has been chosen among available models. Also a new model has been created PALOSDM (Performance analysis and Iterative optimisation of the SQLI Detection Model) for reducing false-positive rate and false-negative rate. The detection rate accuracy has also been improved significantly from a baseline of 94% up to 99%.

All of us are familiar with the importance of social media in facilitating communication. e-mail is one of the safest social media platforms for online communications and information transfer over the internet. As of now, many people rely on email or communications provided by strangers. Because everyone may send emails or a message, spammers have a great opportunity to compose spam messages about our many hobbies and passions, interests, and concerns. Our internet speeds are severely slowed down by spam, which also collects personal information like our phone numbers from our contact list. There is a lot of work involved in identifying these fraudsters and also identifying spam content. Email spam refers to the practice of sending large numbers of messages via email. The recipient bears the bulk of the cost of spam, therefore it's practically free advertising. Spam email is a form of commercial advertising for hackers that is financially viable due of the low cost of sending email. Anti-spam filters have become increasingly important as the volume of unwanted bulk e-mail (also spamming) grows. We can define a message, if it is a spam or not using this proposed model. Machine learning algorithms can be discussed in detail, and our data sets will be used to test them all, with the goal of identifying the one that is most accurate and precise in its identification of email spam. Society of machine learning techniques for detecting unsolicited mass email and spam.

Intelligent Virtual Agents (IVAs) have become ubiquitous in our daily lives, displaying increased complexity of form and function. Initial IVA development efforts provided basic functionality to suit users' needs, typically in work or educational settings, but are now present in numerous contexts in more realistic, complex forms. In this paper, we focus on personalization of embodied human intelligent virtual agents to assist individuals as part of physical training “exergames”.

In this work, we implement a complete probabilistic amplitude shaping (PAS) architecture on a field-programmable gate array (FPGA) platform to study the interplay between probabilistic shaping (PS) and forward error correction (FEC). Due to the fully parallelized input–output interfaces based on look up table (LUT) and low computational complexity without high-precision multiplication, hierarchical distribution matching (HiDM) is chosen as the solution for real time probabilistic shaping. In terms of FEC, we select two kinds of the mainstream soft decision-forward error correction (SD-FEC) algorithms currently used in optical communication system, namely Open FEC (OFEC) and soft-decision quasi-cyclic low-density parity-check (SD-QC-LDPC) codes. Through FPGA experimental investigation, we studied the impact of probabilistic shaping on OFEC and LDPC, respectively, based on PS-16QAM under moderate shaping, and also the impact of probabilistic shaping on LDPC code based on PS-64QAM under weak/strong shaping. The FPGA experimental results show that if pre-FEC bit error rate (BER) is used as the predictor, moderate shaping induces no degradation on the OFEC performance, while strong shaping slightly degrades the error correction performance of LDPC. Nevertheless, there is no error floor when the output BER is around 10-15. However, if normalized generalized mutual information (NGMI) is selected as the predictor, the performance degradation of LDPC will become insignificant, which means pre-FEC BER may not a good predictor for LDPC in probabilistic shaping scenario. We also studied the impact of residual errors after FEC decoding on HiDM. The FPGA experimental results show that the increased BER after HiDM decoding is within 10 times compared to post-FEC BER.