Biblio

Actuator malfunctions may have disastrous con-sequences for systems not designed to mitigate them. We focus on the loss of control authority over actuators, where some actuators are uncontrolled but remain fully capable. To counter-act the undesirable outputs of these malfunctioning actuators, we use real-time measurements and redundant actuators. In this setting, a system that can still reach its target is deemed resilient. To quantify the resilience of a system, we compare the shortest time for the undamaged system to reach the target with the worst-case shortest time for the malfunctioning system to reach the same target, i.e., when the malfunction makes that time the longest. Contrary to prior work on driftless linear systems, the absence of analytical expression for time-optimal controls of general linear systems prevents an exact calculation of quantitative resilience. Instead, relying on Lyapunov theory we derive analytical bounds on the nominal and malfunctioning reach times in order to bound quantitative resilience. We illustrate our work on a temperature control system.

SCADA systems are one of the critical infrastructures and face many security threats. Attackers can control SCADA systems through network attacks, destroying the normal operation of the power system. It is important to conduct a risk assessment of security threats on SCADA systems. However, existing models for risk assessment using attack trees mainly focus on describing possible intrusions rather than the interaction between threats and defenses. In this paper, we comprehensively consider intrusion likelihood and defense capability and propose a quantitative risk assessment model of security threats based on attack countermeasure tree (ACT). Each leaf node in ACT contains two attributes: exploitable vulnerabilities and defense countermeasures. An attack scenario can be constructed by means of traversing the leaf nodes. We set up six indicators to evaluate the impact of security threats in attack scenarios according to NISTIR 7628 standard. Experimental results show the attack probability of security threats and high-risk attack scenarios in SCADA systems. We can improve defense countermeasures to protect against security threats corresponding to high-risk scenarios. In addition, the model can continually update risk assessments based on the implementation of the system’s defensive countermeasures.

Modern day cyber-infrastructures are critically dependent on each other to provide essential services. Current frameworks typically focus on the risk analysis of an isolated infrastructure. Evaluation of potential disruptions taking the heterogeneous cyber-infrastructures is vital to note the cascading disruption vectors and determine the appropriate interventions to limit the damaging impact. This paper presents a cyber-security risk assessment framework for the interconnected cyber-infrastructures. Our methodology is designed to be comprehensive in terms of accommodating accidental incidents and malicious cyber threats. Technically, we model the functional dependencies between the different architectures using reliability block diagrams (RBDs). RBDs are convenient, yet powerful graphical diagrams, which succinctly describe the functional dependence between the system components. The analysis begins by selecting a service from the many services that are outputted by the synchronized operation of the architectures whose disruption is deemed critical. For this service, we design an attack fault tree (AFT). AFT is a recent graphical formalism that combines the two popular formalisms of attack trees and fault trees. We quantify the attack-fault tree and compute the risk metrics - the probability of a disruption and the damaging impact. For this purpose, we utilize the open source ADTool. We show the efficacy of our framework with an example outage incident.

Adversarial attacks have recently been proposed to scrutinize the security of deep neural networks. Most blackbox adversarial attacks, which have partial access to the target through queries, are target-specific; e.g., they require a well-trained surrogate that accurately mimics a given target. In contrast, target-agnostic black-box attacks are developed to attack any target; e.g., they learn a generalized surrogate that can adapt to any target via fine-tuning on samples queried from the target. Despite their success, current state-of-the-art target-agnostic attacks require tremendous fine-tuning steps and consequently an immense number of queries to the target to generate successful attacks. The high query complexity of these attacks makes them easily detectable and thus defendable. We propose a novel query-efficient target-agnostic attack that trains a generalized surrogate network to output the adversarial directions iv.r.t. the inputs and equip it with an effective fine-tuning strategy that only fine-tunes the surrogate when it fails to provide useful directions to generate the attacks. Particularly, we show that to effectively adapt to any target and generate successful attacks, it is sufficient to fine-tune the surrogate with informative samples that help the surrogate get out of the failure mode with additional information on the target’s local behavior. Extensive experiments on CIFAR10 and CIFAR-100 datasets demonstrate that the proposed target-agnostic approach can generate highly successful attacks for any target network with very few fine-tuning steps and thus significantly smaller number of queries (reduced by several order of magnitudes) compared to the state-of-the-art baselines.

Malicious attacks, malware, and ransomware families pose critical security issues to cybersecurity, and it may cause catastrophic damages to computer systems, data centers, web, and mobile applications across various industries and businesses. Traditional anti-ransomware systems struggle to fight against newly created sophisticated attacks. Therefore, state-of-the-art techniques like traditional and neural network-based architectures can be immensely utilized in the development of innovative ransomware solutions. In this paper, we present a feature selection-based framework with adopting different machine learning algorithms including neural network-based architectures to classify the security level for ransomware detection and prevention. We applied multiple machine learning algorithms: Decision Tree (DT), Random Forest (RF), Naïve Bayes (NB), Logistic Regression (LR) as well as Neural Network (NN)-based classifiers on a selected number of features for ransomware classification. We performed all the experiments on one ransomware dataset to evaluate our proposed framework. The experimental results demonstrate that RF classifiers outperform other methods in terms of accuracy, F -beta, and precision scores.

Ransomware is an emerging threat that imposed a \$ 5 billion loss in 2017, rose to \$ 20 billion in 2021, and is predicted to hit \$ 256 billion in 2031. While initially targeting PC (client) platforms, ransomware recently leaped over to server-side databases-starting in January 2017 with the MongoDB Apocalypse attack and continuing in 2020 with 85,000 MySQL instances ransomed. Previous research developed countermeasures against client-side ransomware. However, the problem of server-side database ransomware has received little attention so far. In our work, we aim to bridge this gap and present DIMAQS (Dynamic Identification of Malicious Query Sequences), a novel anti-ransomware solution for databases. DIMAQS performs runtime monitoring of incoming queries and pattern matching using two classification approaches (Colored Petri Nets (CPNs) and Deep Neural Networks (DNNs)) for attack detection. Our system design exhibits several novel techniques like dynamic color generation to efficiently detect malicious query sequences globally (i.e., without limiting detection to distinct user connections). Our proof-of-concept and ready-to-use implementation targets MySQL servers. The evaluation shows high efficiency without false negatives for both approaches and a false positive rate of nearly 0%. Both classifiers show very moderate performance overheads below 6%. We will publish our data sets and implementation, allowing the community to reproduce our tests and results.

Cyber security is turning into a significant angle in each industry like in banking part, force and computerization segments. Servers are basic resources in these enterprises where business basic touch information is put away. These servers frequently join web servers in them through which any business information and tasks are performed remotely. Thus, clearly for a solid activity, security of web servers is extremely basic. This paper gives another testing way to deal with defenselessness appraisal of web applications by methods for breaking down and utilizing a consolidated arrangement of apparatuses to address a wide scope of security issues.

In recent years, artificial intelligence technology based on image data has been widely used in various industries. Rational analysis and mining of image data can not only promote the development of the technology field but also become a new engine to drive economic development. However, the privacy leakage problem has become more and more serious. To solve the privacy leakage problem of image data, this paper proposes the RDP-WGAN privacy protection framework, which deploys the Rényi differential privacy (RDP) protection techniques in the training process of generative adversarial networks to obtain a generative model with differential privacy. This generative model is used to generate an unlimited number of synthetic datasets to complete various data analysis tasks instead of sensitive datasets. Experimental results demonstrate that the RDP-WGAN privacy protection framework provides privacy protection for sensitive image datasets while ensuring the usefulness of the synthetic datasets.

The spread of the Internet of Things (IoT) and the use of smart control systems in many mission-critical or safety-critical applications domains, like automotive or aeronautical, make devices attractive targets for attackers. Nowadays, several of these are mixed-criticality systems, i.e., they run both high-criticality tasks (e.g., a car control system) and low-criticality ones (e.g., infotainment). High-criticality routines often employ Real-Time Operating Systems (RTOS) to enforce hard real-time requirements, while the tasks with lower constraints can be delegated to more generic-purpose operating systems (GPOS).Much of the control code for these devices is written in memory-unsafe languages such as C and C++. This makes them susceptible to powerful binary attacks, such as the famous Return-Oriented Programming (ROP). Control-Flow Integrity (CFI) is the most investigated security technique to protect against such threats. At now, CFI solutions for real-time embedded systems are not as mature as the ones for general-purpose systems, and even more, there is a lack of in-depth studies on how different operating systems with different security requirements and timing constraints can coexist on a single multicore platform.This paper aims at drawing attention to the subject, discussing the current scientific proposal, and in turn proposing a solution for an optimized asymmetric verification system for execution integrity. By using an embedded hypervisor, predefined cores could be dedicated to only high or low-criticality tasks, with the high-priority core being monitored by the lower-criticality core, relying on offline binary instrumentation and a light exchange of information and signals at runtime. The work also presents preliminary results about a possible implementation for multicore ARM platforms, running both RTOS and GPOS, both in terms of security and performance penalties.

Ubiquitous environment embedded with artificial intelligent consist of heterogenous smart devices communicating each other in several context for the computation of requirements. In such environment the trust among the smart users have taken as the challenge to provide the secure environment during the communication in the ubiquitous region. To provide the secure trusted environment for the users of ubiquitous system proposed approach aims to extract behavior of smart invisible entities by retrieving their behavior of communication in the network and applying the recommendation-based filters using Deep learning (RBF-DL). The proposed model adopts deep learning-based classifier to classify the unfair recommendation with fair ones to have a trustworthy ubiquitous system. The capability of proposed model is analyzed and validated by considering different attacks and additional feature of instances in comparison with generic recommendation systems.

Signals get sampled using Nyquist rate in conventional sampling method, but in compressive sensing the signals sampled below Nyquist rate by randomly taking the signal projections and reconstructing it out of very few estimations. But in case of recovering the image by utilizing compressive measurements with the help of multi-resolution grid where the image has certain region of interest (RoI) that is more important than the rest, it is not efficient. The conventional Cartesian sampling cannot give good result in motion image sensing recovery and is limited to stationary image sensing process. The proposed work gives improved results by using Radial sampling (a type of compression sensing). This paper discusses the approach of Radial sampling along with the application of Sparse Fourier Transform algorithms that helps in reducing acquisition cost and input/output overhead.

Ransomware groups represent a significant cyber threat to Western states. Most high-end ransomware actors reside in territorial safe-haven jurisdictions and prove to be resistant to traditional law enforcement activities. This has prompted public sector and cybersecurity industry leaders to perceive ransomware as a national security threat requiring a whole-of-government approach, including cyber operations. In this paper, we investigate whether cyber operations or the threat of cyber operations influence the ransomware ecosystem. Subsequently, we assess the vectors of influence and characteristics of past operations that have disrupted the ecosystem. We describe the specifics of the ransomware-as-a-service system and provide three case studies (DarkSide/BlackMatter, REvil, Conti) highly representative of the current ecosystem and the effect cyber operations have on it. Additionally, we present initial observations about the influence of cyber operations on the system, including best practices from cyber operations against non-state groups. We conclude that even professional, highly skilled, and top-performing ransomware groups can be disrupted through cyber operations. In fact, cyber operations can even bypass some limits imposed on law enforcement operations. Even when ransomware groups rebrand or resurface after a hiatus, we suggest their infrastructure (both technical, human, and reputational) will still suffer mid-to long-term disruption. Although cyber operations are unlikely to be a silver bullet, they are an essential tool in the whole-of-government and multinational efforts and may even grow in importance in the next several years.1‘Releasing the hounds’ is a term for offensive cyber operations aimed at disrupting global ransomware gangs, especially those conducted by militaries or intelligence agencies. First use is found in Patrick Gray and Adam Boileau, ‘Feature Podcast: Releasing the Hounds with Bobby Chesney’, Risky Business, 28 May 2020, https://risky.biz/HF6/.

Markov models of reliability of fault-tolerant computer systems are proposed, taking into account two stages of recovery of redundant memory devices. At the first stage, the physical recovery of memory devices is implemented, and at the second, the informational one consists in entering the data necessary to perform the required functions. Memory redundancy is carried out to increase the stability of the system to the loss of unique data generated during the operation of the system. Data replication is implemented in all functional memory devices. Information recovery is carried out using replicas of data stored in working memory devices. The model takes into account the criticality of the system to the timeliness of calculations in real time and to the impossibility of restoring information after multiple memory failures, leading to the loss of all stored replicas of unique data. The system readiness coefficient and the probability of its transition to a non-recoverable state are determined. The readiness of the system for the timely execution of requests is evaluated, taking into account the influence of the shares of the distribution of the performance of the computer allocated for the maintenance of requests and for the entry of information into memory after its physical recovery.

KYC or Know Your Customer is the procedure to verify the individuality of its consumers & evaluating the possible dangers of illegitimate trade relations. A few problems with the existing KYC manual process are that it is less secure, time-consuming and expensive. With the advent of Blockchain technology, its structures such as consistency, security, and geographical diversity make them an ideal solution to such problems. Although marketing solutions such as KYC-chain.co, K-Y-C. The legal right to enable blockchain-based KYC authentication provides a way for documents to be verified by a trusted network participant. This project uses an ETHereum based Optimised KYC Block-chain system with uniform A-E-S encryption and compression built on the LZ method. The system publicly verifies a distributed encryption, is protected by cryptography, operates by pressing the algorithm and is all well-designed blockchain features. The suggested scheme is a novel explanation based on Distributed Ledger Technology or Blockchain technology that would cut KYC authentication process expenses of organisations & decrease the regular schedule for completion of the procedure whilst becoming easier for clients. The largest difference in the system in traditional methods is the full authentication procedure is performed in just no time for every client, regardless of the number of institutions you desire to be linked to. Furthermore, since DLT is employed, validation findings may be securely distributed to consumers, enhancing transparency. Based on this method, a Proof of Concept (POC) is produced with Ethereum's API, websites as endpoints and the android app as the front office, recognising the viability and efficacy of this technique. Ultimately, this strategy enhances consumer satisfaction, lowers budget overrun & promotes transparency in the customer transport network.

Realize the same-city and remote disaster recovery of the infectious disease network direct reporting system of the China Medical Archives Information Center. Method: A three-tier B/S/DBMS architecture is used in the disaster recovery center to deploy an infectious disease network direct reporting system, and realize data-level disaster recovery through remote replication technology; realize application-level disaster recovery of key business systems through asynchronous data technology; through asynchronous the mode carries on the network direct report system disaster tolerance data transmission of medical files. The establishment of disaster recovery centers in different cities in the same city ensures the direct reporting system and data security of infectious diseases, and ensures the effective progress of continuity work. The results show that the efficiency of remote disaster recovery and backup based on big data has increased by 9.2%

Plaintext transmission is the major way of communication in the existing security and stability control (SSC) system of power grid. Such type of communication is easy to be invaded, camouflaged and hijacked by a third party, leading to a serious threat to the safe and stable operation of power system. Focusing on the communication security in SSC system, the authors use asymmetric encryption algorithm to encrypt communication messages, to generate random numbers through random noise of electrical quantities, and then use them to generate key pairs needed for encryption, at the same time put forward a set of key management mechanism for engineering application. In addition, the field engineering test is performed to verify that the proposed encryption method and management mechanism can effectively improve the communication in SSC system while ensuring the high-speed and reliable communication.

To solve the current problem of scarce information security talents, this paper proposes to design a network information security attack and defense practical training platform based on ThinkPHP framework. It provides help for areas with limited resources and also offers a communication platform for the majority of information security enthusiasts and students. The platform is deployed using ThinkPHP, and in order to meet the personalized needs of the majority of users, support vector machine algorithms are added to the platform to provide a more convenient service for users.

For multi-source heterogeneous complex data types of data cleaning and visual display, we proposed to build dynamic multimode visualization analysis tool, according to the different types of data designed by the user in accordance with the data model, and use visualization technology tools to build and use CQRS technology to design, external interface using a RESTFul architecture, The domain model and data query are completely separated, and the underlying data store adopts Hbase, ES and relational database. Drools is adopted in the data flow engine. According to the internal algorithm, three kinds of graphs can be output, namely, transaction relationship network analysis graph, capital flow analysis graph and transaction timing analysis graph, which can reduce the difficulty of analysis and help users to analyze data in a more friendly way

Aiming at the current troubles encountered by enterprise employees in their daily work when operating business systems due to web compatibility issues, a dual-core secure browser is designed and developed in the paper based on summarizing the current development status of multi-core browsers, key difficulties and challenges in the field. Based on the Chromium open-source project, the design of a dual-core browser auto-adaptation method is carried out. Firstly, dual-core encapsulation technology is implemented, followed by a study of the core auto-adaptation algorithm, and then a core cookie sharing function is developed based on Hook technology. In addition, the security of the browser is reinforced by designing a cookie manager, adding behavior monitoring functions, and unified platform control to enhance confidentiality and security, providing a safe and secure interface for employees' work and ubiquitous IoT access. While taking security into account, the browser realizes the need for a single browser compatible with all business system web pages of the enterprise, enhancing the operating experience of the client. Finally, the possible future research directions in this field are summarized and prospected.

With the rapid growth of the number of global network entities and interconnections, the security risks of network relationships are constantly accumulating. As the basis of network interconnection and communication, Internet routing is facing severe challenges such as insufficient online monitoring capability of large-scale routing events and lack of effective and credible verification mechanism. Major global routing security events emerge one after another, causing extensive and far-reaching impacts. To solve these problems, China Telecom studied the BGP (border gateway protocol) SDN (software defined network) controller technology to monitor the interconnection routing, constructed the global routing information database trust source integrating multi-dimensional information and developed the function of the protocol level based real-time monitoring system of Internet routing security events. Through these means, it realizes the second-level online monitoring capability of large-scale IP network Internet service routing events, forms the minute-level route leakage interception and route hijacking blocking solutions, and achieves intelligent protection capability of Internet routing security.

Virtual power plants are among the promising ways that variable generation and flexible demand may be optimally balanced in the future. The virtual power plant is an important branch of the energy internet, and it plays an important role in the aggregation of distributed power generation resources and the establishment of virtual power resource transactions. However, in the existing virtual power plant model, the following problems are becoming increasingly prominent, such as safeguard, credit rating system, privacy protection, benefit distribution. Firstly, the operation and transaction mechanism of the virtual power plant was introduced. Then, the blockchain technology is introduced into the virtual power plant transaction to make it more conducive to the information transparent, stable dispatch system, data security, and storage security. Finally, the operation and transaction system based on blockchain technology for the virtual power plant was design.

With the development of information networks, cloud computing, big data, and virtualization technologies promote the emergence of various new network applications to meet the needs of various Internet services. A security protection system for virtual host in cloud computing center is proposed in the article. The system takes “security as a service” as the starting point, takes virtual machines as the core, and takes virtual machine clusters as the unit to provide unified security protection against the borderless characteristics of virtualized computing. The thesis builds a network security protection system for APT attacks; uses the system dynamics method to establish a system capability model, and conducts simulation analysis. The simulation results prove the validity and rationality of the network communication security system framework and modeling analysis method proposed in the thesis. Compared with traditional methods, this method has more comprehensive modeling and analysis elements, and the deduced results are more instructive.

As a new generation of power grid system, smart grid and smart meter conduct two-way communication to realize the intelligent collection, monitoring and dispatching of user power data, so as to achieve a safer, stable, reliable and efficient power grid environment. With the vigorous development of power grid, there are also some security and privacy problems. This paper uses Paillier homomorphic encryption algorithm and role-based access control strategy to ensure the privacy security in the process of multi-dimensional aggregation, data transmission and sharing of power data. Applying the characteristics of blockchain technology such as decentralization, non tampering and traceability to the smart grid can effectively solve the privacy and security problems of power data transmission and sharing in the smart grid. This paper compares Paillier encryption algorithm with PPAR algorithm and SIAHE algorithm in terms of encryption mechanism, number of aggregators and computational complexity respectively. The results show that Paillier homomorphic encryption algorithm has higher data privacy and security.

At present, code reuse attacks, such as Return Oriented Programming (ROP), execute attacks through the code of the application itself, bypassing the traditional defense mechanism and seriously threatening the security of computer software. The existing two mainstream defense mechanisms, Address Space Layout Randomization (ASLR), are vulnerable to information disclosure attacks, and Control-Flow Integrity (CFI) will bring high overhead to programs. At the same time, due to the widespread use of software of unknown origin, there is no source code provided or available, so it is not always possible to secure the source code. In this paper, we propose FRCFI, an effective method based on binary rewriting to prevent code reuse attacks. FRCFI first disrupts the program's memory space layout through function shuffling and NOP insertion, then verifies the execution of the control-flow branch instruction ret and indirect call/jmp instructions to ensure that the target address is not modified by attackers. Experiment show shows that FRCFI can effectively defend against code reuse attacks. After randomization, the survival rate of gadgets is only 1.7%, and FRCFI adds on average 6.1% runtime overhead on SPEC CPU2006 benchmark programs.

This paper examines how the extent of the network has expanded from the traditional computer Internet to the field of edge computing based on mobile communication technology with the in-depth development of the mobile Internet and the Internet of Things. In particular, the introduction of 5G has enabled massive edge computing nodes to build a high-performance, energy-efficient and low-latency mobile edge computing architecture. Traditional network security technologies and methods are not fully applicable in this environment. The focus of this paper is on security protection for edge networks. Using virtualized networks builds a dynamic heterogeneous redundancy security model (i.e., DHR). It first designs and evaluates the DHR security model, then constructs the required virtualized heterogeneous entity set, and finally constructs a DHR-based active defense scheme. Compared with existing network security solutions, the security protection technology of the edge network studied this time has a better protective effect against the unknown security threats facing the edge network.