Biblio

Fog computing extends cloud resources to the edge of the network, thus enabling network providers to support real-time applications at low latencies. These applications further demand high security against malicious attacks that target distributed fog servers. One effective defense mechanism here against cyber attacks is the use of honeypots. The latter acts as a potential target for attackers by diverting malicious traffic away from the servers that are dedicated to legitimate users. However, one main limitation of honeypots is the lack of real traffic and network activities. Therefore, it is important to implement a solution that simulates the behavior of the real system to lure attackers without the risk of being exposed. Hence this paper proposes a practical approach to generate network traffic by introducing decoy virtual network functions (VNF) embedded on fog servers, which make the network traffic on honeypots resemble a legitimate, vulnerable fog system to attract cyber attackers. The use of virtualization allows for robust scalability and modification of network functions based on incoming attacks, without the need for dedicated hardware. Moreover, deep learning is leveraged here to build fingerprints for each real VNF, which is subsequently used to support its decoy counterpart against active probes. The proposed framework is evaluated based on CPU utilization, memory usage, disk input/output access, and network latency.

Information systems and applications provide indispensable services at every stage of life, enabling us to carry out our activities more effectively and efficiently. Today, information technology systems produce many alarm and event records. These produced records often have a relationship with each other, and when this relationship is captured correctly, many interruptions that will harm institutions can be prevented before they occur. For example, an increase in the disk I/O speed of a server or a problem may cause the business software running on that server to slow down and cause different results in this slowness. Here, an institution’s accurate analysis and management of all event records, and rule-based analysis of the resulting records in certain time periods and depending on certain rules will ensure efficient and effective management of millions of alarms. In addition, it will be possible to prevent possible problems by removing the relationships between events. Events that occur in IT systems are a kind of footprint. It is also vital to keep a record of the events in question, and when necessary, these event records can be analyzed to analyze the efficiency of the systems, harmful interferences, system failure tendency, etc. By understanding the undesirable situations such as taking the necessary precautions, possible losses can be prevented. In this study, the model developed for fault prediction in systems by performing event log analysis in information systems is explained and the experimental results obtained are given.

In this paper, we will describe the design and implementation of a secure payment system based on QR codes. These QR codes have been extensively used in recent years since they speed up the payment process and provide users with ultimate convenience. However, as convenient as they may sound, QR-based online payment systems are vulnerable to different types of attacks. Therefore, transaction processing needs to be secure enough to protect the integrity and confidentiality of every payment process. Moreover, the online payment system must provide authenticity for both the sender and receiver of each transaction. In this paper, the security of the proposed QR-based system is provided using visual cryptography. The proposed system consists of a mobile application and a payment gateway server that implements visual cryptography. The application provides a simple and user-friendly interface for users to carry out payment transactions in user-friendly secure environment.

In recent years we can observe that digital forensics is being applied to a variety of domains as nearly any data can become valuable forensic evidence. The sheer scope of web-based investigations provides a vast amount of information. Due to a rapid increase in the number of cybercrimes the importance of application-specific forensics is greater than ever. Criminals use the application not only to communicate but also to facilitate crimes. It came to our attention that the gaming chat application Discord is one of them. Discord allows its users to send text messages as well as exchange image, video, and audio files. While Discord's community is not as large as that of the most popular messaging apps the stable growth of its userbase and recent incidents indicate that it is used by criminals. This paper presents our research into the digital forensic analysis of Discord client-side artefacts and presents experimental development of a tool for extraction, analysis, and presentation of the data from Discord application. The work then proposes a solution in form of a tool, `DiscFor', that can retrieve information from the application's local files and cache storage.

Customer Relationship Management (CRM), Supply Chain Management (SCM), banking, and e-commerce are just a few of the internet-primarily based commercial enterprise programmes that make use of distributed computing generation. These programmes are the principal target of large-scale attacks known as DDoS attacks, which cause the denial of service (DoS) of resources to legitimate customers. Servers that provide dependable services to real consumers in distributed environments are vulnerable to such attacks, which send phoney requests that appear legitimate. Flash crowd, on the other hand, is a massive collection of traffic generated by flash events that imitate Distributed Denial of Service assaults. Detecting and distinguishing between Distributed Denial of Service assaults and flash crowds is a difficult problem to tackle, as is preventing DDoS attacks. Existing solutions are generally intended for DDoS attacks or flash crowds, and more research is required to have a thorough understanding. This study presents a technique for distinguishing between different types of Distributed Denial of Service attacks and Flash Crowds. This research work has suggested an approach to prevent DDOS attacks in addition to detecting and discriminating. The performance of the suggested technique is validated using NS-2 simulations.

This paper presents an implementation of a novel approach, utilizing hybrid data partitioning, to secure sensitive data and improve query performance. In this novel approach, vertical and horizontal data partitioning are combined together in an approach that called hybrid partitioning and the new approach is implemented using Microsoft SQL server to generate divided/partitioned relations. A group of proposed rules is applied to the query request process using query binning (QB) and Metadata of partitioning. The proposed approach is validated using experiments involving a collection of data evaluated by outcomes of advanced stored procedures. The suggested approach results are satisfactory in achieving the properties of defining the data security: non-linkability and indistinguishability. The results of the proposed approach were satisfactory. The proposed novel approach outperforms a well-known approach called PANDA.

Cloud based cyber physical system (CPS) enables individuals to store and share data collected from both cyberspace and the physical world. This leads to the proliferation of massive data at a user's local site. Since local storage systems can't store and maintain huge data, it is a wise and practical way to outsource such huge data to the cloud. Cloud storage provides scalable storage space to manage data economically and flexibly. However, the integrity of outsourced data is a critical challenge because user's lose control of their data once it's transferred to cloud servers. Several auditing schemes have been put forward based on public key infrastructure (PKI) or identity-based cryptography to verify data integrity. However, “the PKI-based schemes suffer from certificate management problem and identity-based schemes face the key escrow” problem. Therefore, to address these problems, certificateless public auditing schemes have been introduced on the basis of bilinear pairing, which incur high computation overhead, and thus it is not suitable for CPS. To reduce the computation overhead, in this paper, Using elliptic curve cryptography, we propose an efficient pairing-free certificateless public auditing scheme for cloud-based CPS. The proposed scheme is more secure against type I/II/III adversaries and efficient compared to other certificateless based schemes.

Antivirus software is considered to be the primary line of defense against malicious software in modern computing systems. The purpose of this paper is to expose exploitation that can evade Antivirus software that uses signature-based detection algorithms. In this paper, a novel approach was proposed to change the source code of a common Metasploit-Framework used to compile the reverse shell payload without altering its functionality but changing its signature. The proposed method introduced an additional stage to the shellcode program. Instead of the shellcode being generated and stored within the program, it was generated separately and stored on a remote server and then only accessed when the program is executed. This approach was able to reduce its detectability by the Antivirus software by 97% compared to a typical reverse shell program.

Security of data and information in servers connected to networks that provide services to user computers, is the most important thing to maintain data privacy and security in network security management mechanisms. Weaknesses in the server security system can be exploited by intruders to disrupt the security of the server. One way to maintain server security is to implement an intrusion detection system using the Intrusion Detection System. This research is experimenting to create a security system prototype, monitoring, and evaluating server security systems using Snort and alert notifications that can improve security monitoring for server security. The system can detect intrusion attacks and provide warning messages and attack information through the Intrusion Detection System monitoring system. The results show that snort and alert notifications on the security server can work well, efficiently, and can be handled quickly. Testing attacks with Secure Shell Protocol and File Transfer Protocol Brute Force, Ping of Death and scanning port attacks requires a detection time of no more than one second, and all detection test results are detected and send real-time notification alerts to the Administrator.

Botnets are used by hackers to conduct cyber attacks and pose a huge threat to Internet users. The key of botnets is the command and control (C&C) channels. Security researchers can keep track of a botnet by capturing and analyzing the communication traffic between C&C servers and bots. Hence, the botmaster is constantly seeking more covert C&C channels to stealthily control the botnet. This paper designs a new botnet dubbed mp-botnet wherein bots communicate with each other based on the Stratum mining pool protocol. The mp-botnet botnet completes information transmission according to the communication method of the Stratum protocol. The communication traffic in the botnet is disguised as the traffic between the mining pool and the miners in a Bitcoin network, thereby achieving better stealthiness and flexibility.

As the public cloud becomes one of the leading ways in data sharing nowadays, data confidentiality and user privacy are increasingly critical. Partially policy-hidden ciphertext policy attribute-based encryption (CP-ABE) can effectively protect data confidentiality while reducing privacy leakage by hiding part of the access structure. However, it cannot satisfy the need of data sharing in the public cloud with complex users and large amounts of data, both in terms of less expressive access structures and limited granularity of policy hiding. Moreover, the verification of access right to shared data and correctness of decryption are ignored or conducted by an untrusted third party, and the prime-order groups are seldom considered in the expressive policy-hidden schemes. This paper proposes a fully policy-hidden CP-ABE scheme constructed on LSSS access structure and prime-order groups for public cloud data sharing. To help users decrypt, HVE with a ``convert step'' is applied, which is more compatible with CP-ABE. Meanwhile, decentralized credible verification of access right to shared data and correctness of decryption based on blockchain are also provided. We prove the security of our scheme rigorously and compare the scheme with others comprehensively. The results show that our scheme performs better.

With meteoric advancement in quantum computing, the traditional data integrity verifying schemes are no longer safe for cloud data storage. A large number of the current techniques are dependent on expensive Public Key Infrastructure (PKI). They cost computationally and communicationally heavy for verification which do not stand with the advantages when quantum computing techniques are applied. Hence, a quantum safe and efficient integrity verification protocol is a research hotspot. Lattice-based signature constructions involve matrix-matrix or matrix vector multiplications making computation competent, simple and resistant to quantum computer attacks. Study in this paper uses Bloom Filter which offers high efficiency in query and search operations. Further, we propose an Identity-Based Integrity Verification (IBIV) protocol for cloud storage from Lattice and Bloom filter. We focus on security against attacks from Cloud Service Provider (CSP), data privacy attacks against Third Party Auditor (TPA) and improvement in efficiency.

Cloud computing is a modern computing mode based on network, which is widely participated by the public, and provides virtualized dynamic computing resources in the form of services. Cloud computing builds an effective communication platform with the help of computer internet, so that users can get the same computing resources even if they are in different areas. With its unique technical characteristics and advantages, cloud computing has been deployed to practical applications more and more, and the consequent security problems of cloud computing have become increasingly prominent. In addition to the original cloud computing environment, this paper proposes to build a secure cloud with cloud technology, deploy security agents in the business cloud, connect the business cloud, security cloud and security agents through SDN (software defined network) technology, and dynamically divide the business cloud into logically isolated business areas through security agents. Therefore, security is separated from the specific implementation technology and deployment scheme of business cloud, and an information security protection scheme under cloud computing environment is proposed according to the characteristics of various factors, so as to enhance the security of network information.

Proxy web caching is usually employed to maximize the efficiency and utilization of the network and the origin servers while reducing the request latency. However, and due to the limited cache size, some replacement policy has to be enforced in order to decide on the object(s) to be evicted from the cache once it is full. This paper introduces the use of the K-mean clustering to categorize the objects in the cache into groups of different priorities. This categorization is then used for replacement purposes such that the object(s) of lowest priority are chosen for eviction. The proposed improved the hit rate and the byte hit rate of the cache when compared to conventional and intelligent web proxy caching algorithms.

With the development of communication technology, the disadvantages of traditional notification methods such as low efficiency gradually appear. With the introduction of WAP with WTLS security and its development and maintenance, more and more notification systems are using this technology. Through the analysis, design and implementation of notification system for large user groups, this paper studies how to collect and notify data without affecting the business system, and proposes a scheme of real-time data acquisition and filtering based on trigger. The middleware and application server implementation transaction management and database operation to separate CICS middleware technology based on research using UNIXC, Socket programming, SQL statements, SYBASE database technology, from the system requirements, business process, function structure, database and data structure, the input and output of the system, system testing the aspects such as design of practical significance to intelligent notification system for large user groups. Finally, the paper describes the test effect of the system in detail. 10 users send 1, 5, 10 and 20 strokes at the same time, and the completion time is 0.28, 1.09, 1.58 and 2.20 seconds, which proves that the system has practical significance.

With the advancement of network technology, more electronic devices have begun to connect to the Internet. The era of IoE (Internet of Everything) is coming. However, the number of serious incidents of cyberattacks on important facilities has gradually increased at the same time. Security becomes an important issue when setting up plenty of network devices in an environment. Thus, we propose an innovative mechanism of the Moving Target Defense (MTD) to solve the problems happening to other MTD mechanisms in the past. This method applies Dynamic Host Configuration Protocol (DHCP) to dynamically change the IPv4 address of information equipment in the medical environment. In other words, each of the nodes performs IP-Hopping and effectively avoids malicious attacks. Communication between devices relies on DNS lookup. The mechanism avoids problems such as time synchronization and IP conflict. Also, it greatly reduces the costs of large-scale deployment. All of these problems are encountered by other MTD mechanisms in the past. Not only can the mechanism be applied to the medical and information equipment, it can also be applied to various devices connected to the Internet, including Industrial Control System (ICS). The mechanism is implemented in existing technologies and prevents other problems, which makes it easy to build a system.

In the continuously evolving environment, computer security has become a convenient challenge because of the rapid rise and expansion of the Internet. One of the most significant challenges to networks is attacks on network resources caused by inadequate network security. DHCP is defenseless to a number of attacks, such as DHCP rogue server attacks. This work is focused on developing a method of detecting these attacks and granting active host protection on GNU/Linux operating systems. Unauthorized DHCP servers can be easily arranged and compete with the legitimate server on the local network that can be the result of distributing incorrect IP addresses, malicious DNS server addresses, invalid routing information to unsuspecting clients, intercepting and eavesdropping on communications, and so on. The goal is to prevent the situations described above by recognizing untrusted DHCP servers and providing active host protection on the local network.

In mobile edge computing, edge devices collect data, and an edge server performs computational or data processing tasks that need real-time processing. Depending upon the requested task's complexity, an edge server executes it locally or remotely in the cloud. When an edge server needs to offload its computational tasks, there could be a sudden failure in the cloud or network. In this scenario, we need to provide a flexible execution model to edge devices and servers for the continuous execution of the task. To that end, in this paper, we induced a middleware system that allows an edge server to execute a task on the edge devices instead of offloading it to a cloud server. Edge devices not only send data to an edge server for further processing but also execute edge services by utilizing nearby edge devices' computing resources. We extend the concept of service-oriented architecture and integrate a decentralized peer-to-peer network architecture to achieve reusability, location-specific security, and reliability. By following our methodology, software developers can enhance their application in a collaborative environment without worrying about low-level implementation.

Static information flow analysis (IFA) and dynamic information flow tracking (DIFT) have been widely employed in offline security analysis of computer programs. As security attacks become more sophisticated, there is a rising need for IFA and DIFT in production environment. However, existing systems usually deal with IFA and DIFT separately, and most DIFT systems incur significant performance overhead. We propose MIT to facilitate IFA and DIFT in online production environment. MIT offers mixed-mode information flow tracking at byte-granularity and incurs moderate runtime performance overhead. The core techniques consist of the extraction of taint semantics intermediate representation (TSIR) at compile-time and the decoupled execution of TSIR for information flow analysis. We conducted an extensive performance overhead evaluation on MIT to confirm its applicability in production environment. We also outline potential applications of MIT, including the implementation of data provenance checking and information flow based anomaly detection in real-world applications.

As Meltdown mitigation, Kernel Page Table I solation (KPTI) was merged into Linux kernel mainline, and the performance impact is significant on x86 processors. Most of the previous work focuses on how KPTI affects Linux kernel performance within the scope of virtual machines or physical machines on x86. However, whether host KPTI affects virtual machines has not been well studied. What's more, there is relatively little research on ARM CPUs. This paper presents an in-depth study of how KPTI on the host affects the virtualized server performance and compares ARMv8 and x86. We first run several application benchmarks to demonstrate the performance impact does exist. The reason is that with a para-virtual I/O scheme, guest offloads I/O requests to the host side, which may incur user/kernel transitions. For the network I/O, when using QEMU as the back-end device, we saw a 1.7% and 5.5% slowdown on ARMv8 and x86, respectively. vhost and vhost-user, originally proposed to optimize performance, inadvertently mitigate the performance impact introduced by host KPTI. For CPU and memory-intensive benchmarks, the performance impact is trivial. We also find that virtual machines on ARMv8 are less affected by KPTI. To diagnose the root cause, we port HyperBench to the ARM virtualization platform. The final results show that swapping the translation table pointer register on ARMv8 is about 3.5x faster than x86. Our findings have significant implications for tuning the x86 virtualization platform's performance and helping ARMv8 administrators enable KPTI with confidence.

This study used the support vector machine (SVM) algorithm to predict Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks on a proxy server. Proxy-servers are prone to attacks such as DoS and DDoS and existing detection and prediction systems are inefficient. Three convex optimization problems using the Gaussian, linear and non-linear kernel methods were solved using the SVM module to detect the attacks. The SVM module and proxy server were implemented in Python and javascript respectively and made to run on a local network. Four other computers running on the same network where made to each communicate with the proxy server (two dedicated to attack the server). The server was able to detect and filter out the malicious requests from the attacking clients. Hence, the SVM module can effectively predict cyber attacks and can be integrated into any server to detect such attacks for improved security.

Attacks on mobile devices have gained a significant amount of attention lately. This is because more and more individuals are switching to smartphones from traditional non-smartphones. Therefore, attackers or cybercriminals are now getting on the bandwagon to have an opportunity at obtaining information stored on smartphones. In this paper, we present an Android mobile application that will aid to minimize data exfiltration from attacks, such as, Acoustic Side-Channel Attack, Clipboard Jacking, Permission Misuse and Malicious Apps. This paper will commence its inception with an introduction explaining the current issues in general and how attacks such as side-channel attacks and clipboard jacking paved the way for data exfiltration. We will also discuss a few already existing solutions that try to mitigate these problems. Moving on to the methodology we will emphasize how we came about the solution and what methods we followed to achieve the end goal of securing the smartphone. In the final section, we will discuss the outcomes of the project and conclude what needs to be done in the future to enhance this project so that this mobile application will continue to keep the user's data safe from the criminals' grasps.

With the popularization of mobile communication and sensing equipment, as well as the rapid development of location-aware technology and wireless communication technology, LBSs(Location-based services) bring convenience to people’s lives and enable people to arrange activities more efficiently and reasonably. It can provide more flexible LBS proximity detection query, which has attracted widespread attention in recent years. However, the development of proximity detection query still faces many severe challenges including query information privacy. For example, when users want to ensure their location privacy and data security, they can get more secure location-based services. In this article, we propose an efficient and privacy-protecting proximity detection framework based on location services: PD(Proximity Detection). Through PD, users can query the range of arbitrary polygons and obtain accurate LBS results. Specifically, based on homomorphic encryption technology, an efficient PRQ(polygon range query) algorithm is constructed. With the help of PRQ, PD, you can obtain accurate polygon range query results through the encryption request and the services provided by the LAS(LBS Agent Server) and the CS(Cloud Server). In addition, the query privacy of the queryer and the information of the data provider are protected. The correctness proof and performance analysis show that the scheme is safe and feasible. Therefore, our scheme is suitable for many practical applications.

Edge data caching has attracted tremendous attention in recent years. Service providers can consider caching data on nearby locations to provide service for their app users with relatively low latency. The key to enhance the user experience is appropriately choose to cache data on the suitable edge servers to achieve the service providers' objective, e.g., minimizing data retrieval latency and minimizing data caching cost, etc. However, Quality of Experience (QoE), which impacts service providers' caching benefit significantly, has not been adequately considered in existing studies of edge data caching. This is not a trivial issue because QoE and Quality-of-Service (QoS) are not correlated linearly. It significantly complicates the formulation of cost-effective edge data caching strategies under the caching budget, limiting the number of cache spaces to hire on edge servers. We consider this problem of QoE-aware edge data caching in this paper, intending to optimize users' overall QoE under the caching budget. We first build the optimization model and prove the NP-completeness about this problem. We propose a heuristic approach and prove its approximation ratio theoretically to solve the problem of large-scale scenarios efficiently. We have done extensive experiments to demonstrate that the MPSG algorithm we propose outperforms state-of-the-art approaches by at least 68.77%.

Integrity verification of cloud data is of great importance for secure and effective cloud storage since attackers can change the data even though it is encrypted. Traditional integrity verification schemes only let the client know the integrity status of the remote data. When the data is corrupted, the system cannot hold the server accountable. Besides, almost all existing schemes assume that the users are credible. Instead, especially in a dynamic operation environment, users can deny their behaviors, and let the server bear the penalty of data loss. To address the issues above, we propose an accountable dynamic storage integrity verification (ADS-IV) scheme which provides means to detect or eliminate misbehavior of all participants. In the meanwhile, we modify the Invertible Bloom Filter (IBF) to recover the corrupted data and use the Mahalanobis distance to calculate the degree of damage. We prove that our scheme is secure under Computational Diffie-Hellman (CDH) assumption and Discrete Logarithm (DL) assumption and that the audit process is privacy-preserving. The experimental results demonstrate that the computational complexity of the audit is constant; the storage overhead is \$O(\textbackslashtextbackslashsqrt n )\$, which is only 1/400 of the size of the original data; and the whole communication overhead is O(1).As a result, the proposed scheme is not only suitable for large-scale cloud data storage systems, but also for systems with sensitive data, such as banking systems, medical systems, and so on.