Biblio

In this paper, we discuss the development of the IoT security exercise content and the implementation of it to the CyExec. While the Internet of Things (IoT) devices are becoming more popular, vulnerability countermeasures are insufficient, and many incidents have occurred. It is because there is insufficient protection against vulnerabilities specific to IoT equipment. Also, the developers and users have low awareness of IoT devices against vulnerabilities from the past. Therefore, the importance of security education on IoT devices is increasing. However, the enormous burden of introduction and operation costs limited the use of commercial cybersecurity exercise systems. CyExec (Cyber Security Exercise System), consisting of a virtual environment using VirtualBox and Docker, is a low-cost and flexible cybersecurity exercise system, which we have proposed for the dissemination of security education. And the content of the exercises for CyExec is composed of the Basic exercises and Applied exercises.

Lately mining of information from online life is pulling in more consideration because of the blast in the development of Big Data. In security, Big Data manages an assortment of immense advanced data for investigating, envisioning and to draw the bits of knowledge for the expectation and anticipation of digital assaults. Big Data Analytics (BDA) is the term composed by experts to portray the art of dealing with, taking care of and gathering a great deal of data for future evaluation. Data is being made at an upsetting rate. The quick improvement of the Internet, Internet of Things (IoT) and other creative advances are the rule liable gatherings behind this proceeded with advancement. The data made is an impression of the earth, it is conveyed out of, along these lines can use the data got away from structures to understand the internal exercises of that system. This has become a significant element in cyber security where the objective is to secure resources. Moreover, the developing estimation of information has made large information a high worth objective. Right now, investigate ongoing exploration works in cyber security comparable to huge information and feature how Big information is secured and how huge information can likewise be utilized as a device for cyber security. Simultaneously, a Big Data based concentrated log investigation framework is actualized to distinguish the system traffic happened with assailants through DDOS, SQL Injection and Bruce Force assault. The log record is naturally transmitted to the brought together cloud server and big information is started in the investigation process.

Cybercrime is growing dramatically in the technological world nowadays. World Wide Web criminals exploit the personal information of internet users and use them to their advantage. Unethical users leverage the dark web to buy and sell illegal products or services and sometimes they manage to gain access to classified government information. A number of illegal activities that can be found in the dark web include selling or buying hacking tools, stolen data, digital fraud, terrorists activities, drugs, weapons, and more. The aim of this project is to collect evidence of any malicious activity in the dark web by using computer security mechanisms as traps called honeypots.

Nowadays, the emerging Internet-of-Things (IoT) emphasize the need for the security of network-connected devices. Additionally, there are two types of services in IoT devices that are easily exploited by attackers, weak authentication services (e.g., SSH/Telnet) and exploited services using command injection. Based on this observation, we propose IoTCMal, a hybrid IoT honeypot framework for capturing more comprehensive malicious samples aiming at IoT devices. The key novelty of IoTC-MAL is three-fold: (i) it provides a high-interactive component with common vulnerable service in real IoT device by utilizing traffic forwarding technique; (ii) it also contains a low-interactive component with Telnet/SSH service by running in virtual environment. (iii) Distinct from traditional low-interactive IoT honeypots[1], which only analyze family categories of malicious samples, IoTCMal primarily focuses on homology analysis of malicious samples. We deployed IoTCMal on 36 VPS1 instances distributed in 13 cities of 6 countries. By analyzing the malware binaries captured from IoTCMal, we discover 8 malware families controlled by at least 11 groups of attackers, which mainly launched DDoS attacks and digital currency mining. Among them, about 60% of the captured malicious samples ran in ARM or MIPs architectures, which are widely used in IoT devices.

A Distributed Denial of Service ( DDoS ) attack is usually instigated on a primary server that provides important services in a network. However such DDoS attacks can be identified and mitigated by the controller in a Software Defined Network (SDN). If the intruder further performs an attack on the controller along with the server, the attack becomes successful.In this paper, we show how such a combined DDoS attack can be instigated on a controller as well as a primary server. The DDoS attack on the primary server is instigated by compromising few hosts to send packets with spoofed IP addresses and the attack on the controller is instigated by compromising few switches to send flow table requests repeatedly to the controller. With the help of an emulator called mininet, we show the severity of this attack on the performance of the network. We further propose a common technique that can be used to mitigate this kind of attack by observing the variation of destination IP addresses and setting different priorities to switches and handling the flow table requests accordingly by the controller.

Distributed Denial of Service (DDoS) attacks aim at bringing down or decreasing the availability of services for their legitimate users, by exhausting network or server resources. It is difficult to differentiate attack traffic from legitimate traffic as the attack can come from distributed nodes that additionally might spoof their IP addresses. Traditional DoS mitigation solutions fail to defend all kinds of DoS attacks and huge DoS attacks might exceed the processing capacity of routers and firewalls easily. The advent of Software-defined Networking (SDN) and Network Function Virtualization (NFV) has brought a new perspective for network defense. Key features of such technologies like global network view and flexibly positionable security functionality can be used for mitigating DDoS attacks. In this paper, we propose a collaborative DDoS attack mitigation scheme that uses SDN and NFV. We adopt a machine learning algorithm from related work to derive accurate patterns describing DDoS attacks. Our experimental results indicate that our framework is able to differentiate attack and legitimate traffic with high accuracy and in near-realtime. Furthermore, the derived patterns can be used to create OpenFlow (OF) or Firewall rules that can be pushed back into the direction of the attack origin for more efficient and distributed filtering.

E- Health systems, specifically, Telecare Medical Information Systems (TMIS), are deployed in order to provide patients with specific diseases with healthcare services that are usually based on remote monitoring. Therefore, making an efficient, convenient and secure connection between users and medical servers over insecure channels within medical services is a rather major issue. In this context, because of the biometrics' characteristics, many biometrics-based three factor user authentication schemes have been proposed in the literature to secure user/server communication within medical services. In this paper, we make a brief study of the most interesting proposals. Then, we propose a new three-factor authentication and key agreement scheme for TMIS. Our scheme tends not only to fix the security drawbacks of some studied related work, but also, offers additional significant features while minimizing resource consumption. In addition, we perform a formal verification using the widely accepted formal security verification tool AVISPA to demonstrate that our proposed scheme is secure. Also, our comparative performance analysis reveals that our proposed scheme provides a lower resource consumption compared to other related work's proposals.

The development in the web technologies given growth to the new application that will make the voting process very easy and proficient. The E-voting helps in providing convenient, capture and count the votes in an election. This project provides the description about e-voting using an Android platform. The proposed e-voting system helps the user to cast the vote without visiting the polling booth. The application provides authentication measures in order to avoid fraud voters using the OTP. Once the voting process is finished the results will be available within a fraction of seconds. All the casted vote count is encrypted using AES256 algorithm and stored in the database in order to avoid any outbreaks and revelation of results by third person other than the administrator.

Ciphertext policy Attribute-based encryption (CPABE) plays an increasingly important role in the field of fine-grained access control for cloud storage. However, The exiting solution can not balance the issue of user identity tracking and user revocation. In this paper, we propose a CP-ABE scheme that supports association revocation and traceability. This scheme uses identity directory technology to realize single user revocation and associated user revocation, and the ciphertext re-encryption technology guarantees the forward security of revocation without updating the private key. In addition, we can accurately trace the identity of the user according to the decryption private key and effectively solve the problem of key abuse. This scheme is proved to be safe and traceable under the standard model, and can effectively control the computational and storage costs while maintaining functional advantages. It is suitable for the practical scenarios of tracking audit and user revocation.

One of a high relentless attack is the crucial distributed DoS attacks. The types and tools for this attacks increases day-to-day as per the technology increases. So the methodology for detection of DDoS should be advanced. For this purpose we created an automated DDoS detector using ML which can run on any commodity hardware. The results are 98.5 % accurate. We use three classification algorithms KNN, RF and NB to classify DDoS packets from normal packets using two features, delta time and packet size. This detector mostly can detect all types of DDoS such as ICMP flood, TCP flood, UDP flood etc. In the older systems they detect only some types of DDoS attacks and some systems may require a large number of features to detect DDoS. Some systems may work only with certain protocols only. But our proposed model overcome these drawbacks by detecting the DDoS of any type without a need of specific protocol that uses less amount of features.

Cloud computing provides so many groundbreaking advantages over native computing servers like to improve capacity and decrease costs, but meanwhile, it carries many security issues also. In this paper, we find the feasible security attacks made about cloud computing, including Wrapping, Browser Malware-Injection and Flooding attacks, and also problems caused by accountability checking. We have also analyzed the honey pot attack and its procedural intrusion way into the system. This paper on overall deals with the most common security breaches in cloud computing and finally honey pot, in particular, to analyze its intrusion way. Our major scope is to do overall security, analyze in the cloud and then to take up with a particular attack to deal with granular level. Honey pot is the one such attack that is taken into account and its intrusion policies are analyzed. The specific honey pot algorithm is in the queue as the extension of this project in the future.

Two-factor authentication (2FA) systems implement by verifying at least two factors. A factor is something a user knows (password, or phrase), something a user possesses (smart card, or smartphone), something a user is (fingerprint, or iris), something a user does (keystroke), or somewhere a user is (location). In the existing 2FA system, a user is required to act in order to implement the second layer of authentication which is not very user-friendly. Smart devices (phones, laptops, tablets, etc.) can receive signals from different radio frequency technologies within range. As these devices move among networks (Wi-Fi access points, cellphone towers, etc.), they receive broadcast messages, some of which can be used to collect information. This information can be utilized in a variety of ways, such as establishing a connection, sharing information, locating devices, and, most appropriately, identifying users in range. The principal benefit of broadcast messages is that the devices can read and process the embedded information without being connected to the broadcaster. Moreover, the broadcast messages can be received only within range of the wireless access point sending the broadcast, thus inherently limiting access to those devices in close physical proximity and facilitating many applications dependent on that proximity. In the proposed research, a new factor is used - something that is in the user's environment with minimal user involvement. Data from these broadcast messages is utilized to implement a 2FA scheme by determining whether two devices are proximate or not to ensure that they belong to the same user.

With its huge real-world demands, large-scale confidential computing still cannot be supported by today's Trusted Execution Environment (TEE), due to the lack of scalable and effective protection of high-throughput accelerators like GPUs, FPGAs, and TPUs etc. Although attempts have been made recently to extend the CPU-like enclave to GPUs, these solutions require change to the CPU or GPU chips, may introduce new security risks due to the side-channel leaks in CPU-GPU communication and are still under the resource constraint of today's CPU TEE.To address these problems, we present the first Heterogeneous TEE design that can truly support large-scale compute or data intensive (CDI) computing, without any chip-level change. Our approach, called HETEE, is a device for centralized management of all computing units (e.g., GPUs and other accelerators) of a server rack. It is uniquely designed to work with today's data centres and clouds, leveraging modern resource pooling technologies to dynamically compartmentalize computing tasks, and enforce strong isolation and reduce TCB through hardware support. More specifically, HETEE utilizes the PCIe ExpressFabric to allocate its accelerators to the server node on the same rack for a non-sensitive CDI task, and move them back into a secure enclave in response to the demand for confidential computing. Our design runs a thin TCB stack for security management on a security controller (SC), while leaving a large set of software (e.g., AI runtime, GPU driver, etc.) to the integrated microservers that operate enclaves. An enclaves is physically isolated from others through hardware and verified by the SC at its inception. Its microserver and computing units are restored to a secure state upon termination.We implemented HETEE on a real hardware system, and evaluated it with popular neural network inference and training tasks. Our evaluations show that HETEE can easily support the CDI tasks on the real-world scale and incurred a maximal throughput overhead of 2.17% for inference and 0.95% for training on ResNet152.

Due to the constrained resource and computational limitation of many Internet of Things (IoT) devices, conventional security protections, which require high computational overhead are not suitable to be deployed. Thus, vulnerable IoT devices could be easily exploited by attackers to break into networks. In this paper, we employ cyber deception and moving target defense (MTD) techniques to proactively change the network topology with both real and decoy nodes with the support of software-defined networking (SDN) technology and investigate the impact of single-target and multi-target attacks on the effectiveness of the integrated mechanism via a hierarchical graphical security model with security metrics. We also implement a web-based visualization interface to show topology changes with highlighted attack paths. Finally, the qualitative security analysis is performed for a small-scale and SDN-supported IoT network with different combinations of decoy types and levels of attack intelligence. Simulation results show the integrated defense mechanism can introduce longer mean-time-to-security-failure and larger attack impact under the multi-target attack, compared with the single-target attack model. In addition, adaptive shuffling has better performance than fixed interval shuffling in terms of a higher proportion of decoy paths, longer mean-time-to-security-failure and largely reduced defense cost.

Increased peripheral performance is causing strain on the memory subsystem of modern processors. For example, available DRAM throughput can no longer sustain the traffic of a modern network card. Scrambling to deliver the promised performance, instead of transferring peripheral data to and from DRAM, modern Intel processors perform I/O operations directly on the Last Level Cache (LLC). While Direct Cache Access (DCA) instead of Direct Memory Access (DMA) is a sensible performance optimization, it is unfortunately implemented without care for security, as the LLC is now shared between the CPU and all the attached devices, including the network card.In this paper, we reverse engineer the behavior of DCA, widely referred to as Data-Direct I/O (DDIO), on recent Intel processors and present its first security analysis. Based on our analysis, we present NetCAT, the first Network-based PRIME+PROBE Cache Attack on the processor's LLC of a remote machine. We show that NetCAT not only enables attacks in cooperative settings where an attacker can build a covert channel between a network client and a sandboxed server process (without network), but more worryingly, in general adversarial settings. In such settings, NetCAT can enable disclosure of network timing-based sensitive information. As an example, we show a keystroke timing attack on a victim SSH connection belonging to another client on the target server. Our results should caution processor vendors against unsupervised sharing of (additional) microarchitectural components with peripherals exposed to malicious input.

Distributed training is a novel approach to accelerating training of Deep Neural Networks (DNN), but common training libraries fall short of addressing the distributed nature of heterogeneous processors or interruption by other workloads on the shared processing nodes. This paper describes distributed training of DNN on computational storage devices (CSD), which are NAND flash-based, high-capacity data storage with internal processing engines. A CSD-based distributed architecture incorporates the advantages of federated learning in terms of performance scalability, resiliency, and data privacy by eliminating the unnecessary data movement between the storage device and the host processor. The paper also describes Stannis, a DNN training framework that improves on the shortcomings of existing distributed training frameworks by dynamically tuning the training hyperparameters in heterogeneous systems to maintain the maximum overall processing speed in term of processed images per second and energy efficiency. Experimental results on image classification training benchmarks show up to 3.1x improvement in performance and 2.45x reduction in energy consumption when using Stannis plus CSD compare to the generic systems.

Intelligenta transportation is an important part of urban development. The core of realizing intelligent transportation is to master the urban road condition. This system processes the video of dashcam based on the Panoptic Segmentation network and adds a tracking module based on the comparison of front and rear frames and KM algorithm. The system mainly includes the following parts: embedded device, Panoptic Feature Pyramid Network, cloud server and Web site.

The privacy protection and information security are two crucial issues for future advanced artificial intelligence devices, especially for cooperative system with rich core data exchange which may offer opportunities for attackers to fake interaction messages. To combat such threat, great efforts have been made by introducing trust mechanism in initiative or passive way. Furthermore, blockchain and distributed ledger technology provide a decentralized and peer-to-peer network, which has great potential application for multi-agent system, such as IoTs and robots. It eliminates third-party interference and data in the blockchain are stored in an encrypted way permanently and anti-destroys. In this paper, a methodology of blockchain is proposed and designed for advanced cooperative system with artificial intelligence to protect privacy and sensitive data exchange between multi-agents. The validation procedure is performed in laboratory by a three-level computing networks of Raspberry Pi 3B+, NVIDIA Jetson Tx2 and local computing server for a robot system with four manipulators and four binocular cameras in peer computing nodes by Go language.

The paper addresses the issue of providing information security to wireless sensor networks using Security Information and Event Management (SIEM) methodology along with multi-agent approach. The concept of wireless sensor networks and providing their information security, including construction of SIEM system architecture, SIEM analysis methodologies and its main features, are considered. The proposed approach is to integrate SIEM system methodology with a multi-agent architecture which includes data collecting agents, coordinating agent (supervisor) and local Intrusion Detection Systems (IDSs) based on artificial immune system mechanisms. Each IDS is used as an agent that performs a primary analysis and sends information about suspicious activity to the server. The server performs correlation analysis, identifies the most significant incidents, and helps to prioritize the incident response. The presented results of computational experiments confirm the effectiveness of the proposed approach.

Web application services have gradually become an important support of Internet services, but are also facing increasingly serious security problems. It is extremely necessary to evaluate the security of Web application services to deal with attacks against them effectively. In this paper, in view of the characteristics of the current attack of Web application services, a Web security analysis model based on the kill chain is established, and the possible attacks against Web application services are analyzed in depth from the perspective of the kill chain. Then, the security of Web application services is evaluated in a quantitative manner. In this way, it can make up the defects of insufficient inspection by the existing security vulnerability model and the security specification of the tracking of Web application services, so as to realize the objective and scientific evaluation of the security state of Web application services.

Shared register emulations on top of message-passing systems provide an illusion of a simpler shared memory system which can make the task of a system designer easier. Numerous shared register applications have a considerably high read-to-write ratio. Thus, having algorithms that make reads more efficient than writes is a fair trade-off.Typically, such algorithms for reads and writes are asymmetric and sacrifice the stringent consistency condition atomicity, as it is impossible to have fast reads for multi-writer atomicity. Safety is a consistency condition that has has gathered interest from both the systems and theory community as it is weaker than atomicity yet provides strong enough guarantees like "strong consistency" or read-my-write consistency. One requirement that is assumed by many researchers is that of the reliable broadcast (RB) primitive, which ensures the "all or none" property during a broadcast. One drawback is that such a primitive takes 1.5 rounds to complete and requires server-to-server communication.This paper implements an efficient multi-writer multi-reader safe register without using a reliable broadcast primitive. Moreover, we provide fast reads or one-shot reads – our read operations can be completed in one round of client-to-server communication. Of course, this comes with the price of requiring more servers when compared to prior solutions assuming reliable broadcast. However, we show that this increased number of servers is indeed necessary as we prove a tight bound on the number of servers required to implement Byzantine-fault tolerant safe registers in a system without reliable broadcast.We extend our results to data stored using erasure coding as well. We present an emulation of single-writer multi-reader safe register based on MDS codes. The usage of MDS codes reduces storage and communication costs. On the negative side, we also show that to use MDS codes and at the same time achieve one-shot reads, we need even more servers.

An attacker's success crucially depends on the reconnaissance phase of Distributed Denial of Service (DDoS) attacks, which is the first step to gather intelligence. Although several solutions have been proposed against network reconnaissance attacks, they fail to address the needs of legitimate users' requests. Thus, we propose a cloud-based deception framework which aims to confuse the attacker with reconnaissance replies while allowing legitimate uses. The deception is based on for-warding the reconnaissance packets to a cloud infrastructure through tunneling and SDN so that the returned IP addresses to the attacker will not be genuine. For handling legitimate requests, we create a reflected virtual topology in the cloud to match any changes in the original physical network to the cloud topology using SDN. Through experimentations on GENI platform, we show that our framework can provide reconnaissance responses with negligible delays to the network clients while also reducing the management costs significantly.

Machine-to-Machine (M2M) communication is a essential subset of the Internet of Things (IoT). Secure access to communication network systems by M2M devices requires the support of a secure and efficient anonymous authentication protocol. The Direct Anonymous Attestation (DAA) scheme in Trustworthy Computing is a verified security protocol. However, the existing defense system uses a static architecture. The “mimic defense” strategy is characterized by active defense, which is not effective against continuous detection and attack by the attacker. Therefore, in this paper, we propose a Mimic-DAA scheme that incorporates mimic defense to establish an active defense scheme. Multiple heterogeneous and redundant actuators are used to form a DAA verifier and optimization is scheduled so that the behavior of the DAA verifier unpredictable by analysis. The Mimic-DAA proposed in this paper is capable of forming a security mechanism for active defense. The Mimic-DAA scheme effectively safeguard the unpredictability, anonymity, security and system-wide security of M2M communication networks. In comparison with existing DAA schemes, the scheme proposed in this paper improves the safety while maintaining the computational complexity.

Since a lot of information is outsourcing into cloud servers, data confidentiality becomes a higher risk to service providers. To assure data security, Ciphertext Policy Attributes-Based Encryption (CP-ABE) is observed for the cloud environment. Because ciphertexts and secret keys are relying on attributes, the revocation issue becomes a challenge for CP-ABE. This paper proposes an encryption access control (EAC) scheme to fulfill policy revocation which covers both attribute and user revocation. When one of the attributes in an access policy is changed by the data owner, the authorized users should be updated immediately because the revoked users who have gained previous access policy can observe the ciphertext. Especially for data owners, four types of updating policy levels are predefined. By classifying those levels, each secret token key is distinctly generated for each level. Consequently, a new secret key is produced by hashing the secret token key. This paper analyzes the execution times of key generation, encryption, and decryption times between non-revocation and policy revocation cases. Performance analysis for policy revocation is also presented in this paper.

The Security is a vital aspect of cloud service as it comprises of data that belong to multiple users. Cloud service providers are responsible for maintaining data integrity, confidentiality and availability. They must ensure that their infrastructure and data are protected from intruders. In this research work Intrusion Detection System is designed to detect malicious server by using Cuckoo Search (CS) along with Artificial Intelligence. CS is used for feature optimization with the help of fitness function, the server's nature is categorized into two types: normal and attackers. On the basis of extracted features, ANN classify the attackers which affect the networks in cloud environment. The main aim is to distinguish attacker servers that are affected by DoS/DDoS, Black and Gray hole attacks from the genuine servers. Thus, instead of passing data to attacker server, the server passes the data to the genuine servers and hence, the system is protected. To validate the performance of the system, QoS parameters such as PDR (Packet delivery rate), energy consumption rate and total delay before and after prevention algorithm are measured. When compared with existing work, the PDR and the delay have been enhanced by 3.0 %and 21.5 %.