Biblio

To detect human behaviour and measure accuracy of classification rate. Materials and Methods: A novel deep belief network with sample size 10 and support vector machine with sample size of 10. It was iterated at different times predicting the accuracy percentage of human behaviour. Results: Human behaviour detection utilizing novel deep belief network 87.9% accuracy compared with support vector machine 87.0% accuracy. Deep belief networks seem to perform essentially better compared to support vector machines \$(\textbackslashmathrmp=0.55)(\textbackslashtextPiˆ0.05)\$. The deep belief algorithm in computer vision appears to perform significantly better than the support vector machine algorithm. Conclusion: Within this human behaviour detection novel deep belief network has more precision than support vector machine.

Dynamic Host Control Protocol (DHCP) is a protocol which provides IP addresses and network configuration parameters to the hosts present in the network. This protocol is deployed in small, medium, and large size organizations which removes the burden from network administrator to manually assign network parameters to every host in the network for establishing communication. Every vendor who plans to incorporate DHCP service in its device follows the working flow defined in Request for Comments (RFC). DHCP Starvation and DHCP Flooding attack are Denial of Service (DoS) attacks to prevents provision of IP addresses by DHCP. Port Security and DHCP snooping are built-in security features which prevents these DoS attacks. However, novel techniques have been devised to bypass these security features which uses ARP and ICMP protocol to perform the attack. The purpose of this research is to analyze implementation of DHCP in multiple devices to verify the involvement of both ARP and ICMP in the address acquisition process of DHCP as per RFC and to validate the results of prior research which assumes ARP or ICMP are used by default in all of devices.

In recent years, new types of cyber attacks called targeted attacks have been observed. It targets specific organizations or individuals, while usual large-scale attacks do not focus on specific targets. Organizations have published many Word or PDF files on their websites. These files may provide the starting point for targeted attacks if they include hidden data unintentionally generated in the authoring process. Adhatarao and Lauradoux analyzed hidden data found in the PDF files published by security agencies in many countries and showed that many PDF files potentially leak information like author names, details on the information system and computer architecture. In this study, we analyze hidden data of PDF files published on the website of police agencies in Japan and compare the results with Adhatarao and Lauradoux's. We gathered 110989 PDF files. 56% of gathered PDF files contain personal names, organization names, usernames, or numbers that seem to be IDs within the organizations. 96% of PDF files contain software names.

Network security isolation technology is an important means to protect the internal information security of enterprises. Generally, isolation is achieved through traditional network devices, such as firewalls and gatekeepers. However, the security rules are relatively rigid and cannot better meet the flexible and changeable business needs. Through the double sandbox structure created for each user, each user in the virtual machine is isolated from each other and security is ensured. By creating a virtual disk in a virtual machine as a user storage sandbox, and encrypting the read and write of the disk, the shortcomings of traditional network isolation methods are discussed, and the application of cloud desktop network isolation technology based on VMwarer technology in universities is expounded.

Information Technology (IT) governance crosses the organization practices, culture, and policy that support IT management in controlling five key functions, which are strategic alignment, performance management, resource management, value delivery, and risk management. The line of sight is extended from the corporate strategy to the risk management, and risk controls are assessed against operational goals. Thus, the risk management model is concerned with ensuring that the corporate risks are sufficiently controlled and managed. Many organizations rely on IT services to facilitate and sustain their operations, which mandate the existence of a risk management model in their IT governance. This paper examines prior research based on IT governance by using a risk management framework. It also proposes a new method for calculating and classifying IT-related risks. Additionally, we assessed our technique with one of the critical IT services that proves the reliability and accuracy of the implemented model.

The purpose of this article is to consider one of the options for automating the process of collecting information from open sources when conducting penetration testing in an organization's information security audit using the capabilities of the Python programming language. Possible primary vectors for collecting information about the organization, personnel, software, and hardware are shown. The basic principles of operation of the software product are presented in a visual form, which allows automated analysis of information from open sources about the object under study.

Identity Management Systems (IdMS) have seemingly evolved in recent years, both in terms of modelling approach and in terms of used technology. The early centralized, later federated and user-centric Identity Management (IdM) was finally replaced by Self-Sovereign Identity (SSI). Solutions based on Distributed Ledger Technology (DLT) appeared, with prominent examples of uPort, Sovrin or ShoCard. In effect, users got more freedom in creation and management of their identities. IdM systems became more distributed, too. However, in the area of interoperability, dynamic and ad-hoc identity management there has been almost no significant progress. Quest for the best IdM system which will be used by all entities and organizations is deemed to fail. The environment of IdM systems is, and in the near future will still be, heterogenous. Therefore a person will have to manage her or his identities in multiple IdM systems. In this article authors argument that future-proof IdM systems should be able to interoperate with each other dynamically, i.e. be able to discover existence of different identities of a person across multiple IdM systems, dynamically build trust relations and be able to translate identity assertions and claims across various IdM domains. Finally, authors introduce identity relationship model and corresponding identity discovery algorithm, propose IdMS-agnostic identity discovery service design and its implementation with use of Ethereum and Smart Contracts.

Being a part of today’s technical world, we are connected through a vast network. More we are addicted to these modernization techniques we need security. There must be reliability in a network security system so that it is capable of doing perfect monitoring of the whole network of an organization so that any unauthorized users or intruders wouldn’t be able to halt our security breaches. Firewalls are there for securing our internal network from unauthorized outsiders but still some time possibility of attacks is there as according to a survey 60% of attacks were internal to the network. So, the internal system needs the same higher level of security just like external. So, understanding the value of security measures with accuracy, efficiency, and speed we got to focus on implementing and comparing an improved intrusion detection system. A comprehensive literature review has been done and found that some feature selection techniques with standard scaling combined with Machine Learning Techniques can give better results over normal existing ML Techniques. In this survey paper with the help of the Uni-variate Feature selection method, the selection of 14 essential features out of 41 is performed which are used in comparative analysis. We implemented and compared both binary class classification and multi-class classification-based Intrusion Detection Systems (IDS) for two Supervised Machine Learning Techniques Support Vector Machine and Classification and Regression Techniques.

In Production System Engineering (PSE), domain experts from different disciplines reuse assets such as products, production processes, and resources. Therefore, PSE organizations aim at establishing reuse across engineering disciplines. However, the coordination of multi-disciplinary reuse tasks, e.g., the re-validation of related assets after changes, is hampered by the coarse-grained representation of tasks and by scattered, heterogeneous domain knowledge. This paper introduces the Multi-disciplinary Reuse Coordination (MRC) artifact to improve task management for multi-disciplinary reuse. For assets and their properties, the MRC artifact describes sub-tasks with progress and result states to provide references for detailed reuse task management across engineering disciplines. In a feasibility study on a typical robot cell in automotive manufacturing, we investigate the effectiveness of task management with the MRC artifact compared to traditional approaches. Results indicate that the MRC artifact is feasible and provides effective capabilities for coordinating multi-disciplinary re-validation after changes.

In this paper, we proposed a data security model of a big data analytical environment in the financial sector. Big Data can be seen as a trend in the advancement of technology that has opened the door to a new approach to understanding and decision making that is used to describe the vast amount of data (structured, unstructured and semi-structured) that is too time consuming and costly to load a relational database for analysis. The increase in cybercriminal attacks on an organization’s assets results in organizations beginning to invest in and care more about their cybersecurity points and controls. The management of business-critical data is an important point for which robust cybersecurity controls should be considered. The proposed model is applied in a datalake and allows the identification of security gaps on an analytical repository, a cybersecurity risk analysis, design of security components and an assessment of inherent risks on high criticality data in a repository of a regulated financial institution. The proposal was validated in financial entities in Lima, Peru. Proofs of concept of the model were carried out to measure the level of maturity focused on: leadership and commitment, risk management, protection control, event detection and risk management. Preliminary results allowed placing the entities in level 3 of the model, knowing their greatest weaknesses, strengths and how these can affect the fulfillment of business objectives.

This paper proposes a cybersecurity maturity model to assess the capabilities of medical organizations to identify their level of maturity, prioritizing privacy and personal data protection. There are problems such as data breaches, the lack of security measures in health information, and the poor capacity of organizations to handle cybersecurity threats that generate concern in the health sector as they seek to mitigate risks in cyberspace. The proposal, based upon C2M2 (Cybersecurity Capability Maturity Model), incorporates practices and controls which allow organizations to identify security gaps generated through cyberattacks on sensitive health patient data. This model seeks to integrate the best practices related to privacy and protection of personal data in the Peruvian legal framework through the Administrative Directive No. 294-MINSA and the personal data protection Act No. 29733. The model consists of 3 evaluation phases. 1. Assessment planning; 2. Execution of the evaluation; 3. Implementation of improvements. The model was validated and tested in a public sector medical organization in Lima, Peru. The preliminary results showed that the organization is at Level 1 with 14% of compliance with established controls, 34% in risk, threat and vulnerability management practices and 19% in supply chain management. These the 3 highest percentages of the 10 evaluated domains.

Cyber-security incidents have grown significantly in modern networks, far more diverse and highly destructive and disruptive. According to the 2021 Cyber Security Statistics Report [1], cybercrime is up 600% during this COVID pandemic, the top attacks are but are not confined to (a) sophisticated phishing emails, (b) account and DNS hijacking, (c) targeted attacks using stealth and air gap malware, (d) distributed denial of services (DDoS), (e) SQL injection. Additionally, 95% of cyber-security breaches result from human error, according to Cybint Report [2]. The average time to identify a breach is 207 days as per Ponemon Institute and IBM, 2022 Cost of Data Breach Report [3]. However, various preventative controls based on cyber-security risk estimation and awareness results decrease most incidents, but not all. Further, any incident detection delay and passive actions to cyber-security incidents put the organizational assets at risk. Therefore, the cyber-security incident management system has become a vital part of the organizational strategy. Thus, the authors propose a framework to converge a "Security Operation Center" (SOC) and a "Network Operations Center" (NOC) in an "Integrated Network Security Operation Center" (INSOC), to overcome cyber-threat detection and mitigation inefficiencies in the near-real-time scenario. We applied the People, Process, Technology, Governance and Compliance (PPTGC) approach to develop the INSOC conceptual framework, according to the requirements we formulated for its operation [4], [5]. The article briefly describes the INSOC conceptual framework and its usefulness, including the central area of the PPTGC approach while designing the framework.

Security incident handling and response are essen-tial parts of every organization's information and cyber security. Security incident handling consists of several phases, among which digital forensic analysis has an irreplaceable place. Due to particular digital evidence being recorded at a specific time, timelines play an essential role in analyzing this digital evidence. One of the vital tasks of the digital forensic investigator is finding relevant records in this timeline. This operation is performed manually in most cases. This paper focuses on the possibilities of automatically identifying digital evidence pertinent to the case and proposes a model that identifies this digital evidence. For this purpose, we focus on Windows operating system and the NTFS file system and use outlier detection (Local Outlier Factor method). Collected digital evidence is preprocessed, transformed to binary values, and aggregated by file system inodes and names. Subsequently, we identify digital records (file inodes, file names) relevant to the case. This paper analyzes the combinations of attributes, aggregation functions, local outlier factor parameters, and their impact on the resulting selection of relevant file inodes and file names.

In the present innovation, for the trading of information, the internet is the most well-known and significant medium. With the progression of the web and data innovation, computerized media has become perhaps the most famous and notable data transfer tools. This advanced information incorporates text, pictures, sound, video etc moved over the public organization. The majority of these advanced media appear as pictures and are a significant part in different applications, for example, chat, talk, news, website, web-based business, email, and digital books. The content is still facing various challenges in which including the issues of protection of copyright, modification, authentication. Cryptography, steganography, embedding techniques is widely used to secure the digital data. In this present the hybrid model of LSB steganography and Advanced Encryption Standard (AES) cryptography techniques to enhanced the security of the digital image and text that is undeniably challenging to break by the unapproved person. The security level of the secret information is estimated in the term of MSE and PSNR for better hiding required the low MSE and high PSNR values.

The article deals with the issues of improving the quality of corporate information systems functioning and ensuring the information security of financial organizations that have a complex structure and serve a significant number of customers. The formation of the company's informational system and its integrated information security system is studied based on the process approach, methods of risk management and quality management. The risks and threats to the security of the informational system functioning and the quality of information support for customer service of a financial organization are analyzed. The methods and tools for improving the quality of information services and ensuring information security are considered on the example of an organization for social insurance. Recommendations are being developed to improve the quality of the informational system functioning in a large financial company.

The goals, objectives and criteria of the effectiveness of the creation, maintenance and use of the Digital Information Fund of Intellectual Property (DIFIP) are considered. A formalized methodology is proposed for designing DIFIPs, increasing its efficiency and quality, based on a set of interconnected models, methods and algorithms for analysis, synthesis and normalization distributed information management of DIFIP's structure; classification of databases users of patent and scientific and technical information; synthesis of optimal logical structures of the DIFIP database and thematic databases; assessing the quality of the database and ensuring the required level of data security.

A malicious insider threat is more vulnerable to an organization. It is necessary to detect the malicious insider because of its huge impact to an organization. The occurrence of a malicious insider threat is less but quite destructive. So, the major focus of this paper is to detect the malicious insider threat in an organization. The traditional insider threat detection algorithm is not suitable for real time insider threat detection. A supervised learning-based anomaly detection technique is used to classify, predict and detect the malicious and non-malicious activity based on highest level of anomaly score. In this paper, a framework is proposed to detect the malicious insider threat using supervised learning-based anomaly detection. It is used to detect the malicious insider threat activity using One-Class Support Vector Machine (OCSVM). The experimental results shows that the proposed framework using OCSVM performs well and detects the malicious insider who obtain huge anomaly score than a normal user.

Aviation is a highly sophisticated and complex System-of-Systems (SoSs) with equally complex safety oversight. As novel products with autonomous functions and interactions between component systems are adopted, the number of interdependencies within and among the SoS grows. These interactions may not always be obvious. Understanding how proposed products (component systems) fit into the context of a larger SoS is essential to promote the safe use of new as well as conventional technology.UL 4600, is a Standard for Safety for the Evaluation of Autonomous Products specifically written for completely autonomous Load vehicles. The goal-based, technology-neutral features of this standard make it adaptable to other industries and applications.This paper, using the philosophy of UL 4600, gives guidance for creating an assurance case for products in an SoS context. An assurance argument is a cogent structured argument concluding that an autonomous aircraft system possesses all applicable through-life performance and safety properties. The assurance case process can be repeated at each level in the SoS: aircraft, aircraft system, unmodified components, and modified components. The original Equipment Manufacturer (OEM) develops the assurance case for the whole aircraft envisioned in the type certification process. Assurance cases are continuously validated by collecting and analyzing Safety Performance Indicators (SPIs). SPIs provide predictive safety information, thus offering an opportunity to improve safety by preventing incidents and accidents. Continuous validation is essential for risk-based approval of autonomously evolving (dynamic) systems, learning systems, and new technology. System variants, derivatives, and components are captured in a subordinate assurance case by their developer. These variants of the assurance case inherently reflect the evolution of the vehicle-level derivatives and options in the context of their specific target ecosystem. These subordinate assurance cases are nested under the argument put forward by the OEM of components and aircraft, for certification credit.It has become a common practice in aviation to address design hazards through operational mitigations. It is also common for hazards noted in an aircraft component system to be mitigated within another component system. Where a component system depends on risk mitigation in another component of the SoS, organizational responsibilities must be stated explicitly in the assurance case. However, current practices do not formalize accounting for these dependencies by the parties responsible for design; consequently, subsequent modifications are made without the benefit of critical safety-related information from the OEMs. The resulting assurance cases, including 3rd party vehicle modifications, must be scrutinized as part of the holistic validation process.When changes are made to a product represented within the assurance case, their impact must be analyzed and reflected in an updated assurance case. An OEM can facilitate this by integrating affected assurance cases across their customer’s supply chains to ensure their validity. The OEM is expected to exercise the sphere-of-control over their product even if it includes outsourced components. Any organization that modifies a product (with or without assurance argumentation information from other suppliers) is accountable for validating the conditions for any dependent mitigations. For example, the OEM may manage the assurance argumentation by identifying requirements and supporting SPI that must be applied in all component assurance cases. For their part, component assurance cases must accommodate all spheres-of-control that mitigate the risks they present in their respective contexts. The assurance case must express how interdependent mitigations will collectively assure the outcome. These considerations are much more than interface requirements and include explicit hazard mitigation dependencies between SoS components. A properly integrated SoS assurance case reflects a set of interdependent systems that could be independently developed..Even in this extremely interconnected environment, stakeholders must make accommodations for the independent evolution of products in a manner that protects proprietary information, domain knowledge, and safety data. The collective safety outcome for the SoS is based on the interdependence of mitigations by each constituent component and could not be accomplished by any single component. This dependency must be explicit in the assurance case and should include operational mitigations predicated on people and processes.Assurance cases could be used to gain regulatory approval of conventional and new technology. They can also serve to demonstrate consistency with a desired level of safety, especially in SoSs whose existing standards may not be adequate. This paper also provides guidelines for preserving alignment between component assurance cases along a product supply chain, and the respective SoSs that they support. It shows how assurance is a continuous process that spans product evolution through the monitoring of interdependent requirements and SPI. The interdependency necessary for a successful assurance case encourages stakeholders to identify and formally accept critical interconnections between related organizations. The resulting coordination promotes accountability for safety through increased awareness and the cultivation of a positive safety culture.

Exploring the efficient vulnerability scanning and detection technology of various tools is one fundamental aim of network security. This network security technique ameliorates the tremendous number of IoT security challenges and the threats they face daily. However, among various tools, Shodan Eye scanning technology has proven to be very helpful for network administrators and security personnel to scan, detect and analyze vulnerable ports and traffic in organizations' networks. This work presents a simulated network scanning activity and manual vulnerability analysis of an internet-connected industrial equipment of two chosen industrial networks (Industry A and B) by running Shodan on a virtually hosted (Oracle Virtual Box)-Linux-based operating system (Kali Linux). The result shows that the shodan eye is a a promising tool for network security and efficient vulnerability research.

Cyber-Physical Systems (CPS) are complex systems of computational, physical, and human components integrated to achieve some function over one or more networks. The use of distributed simulation, or co-simulation, is one method often used to analyze the behavior and properties of these systems. High-Level Architecture (HLA) is an IEEE co-simulation standard that supports the development and orchestration of distributed simulations. However, a simple HLA federation constructed with the component simulations (i.e., federates) does not satisfy several requirements that arise in real-world use cases such as the shared use of limited physical and computational resources, the need to selectively hide information from participating federates, the creation of reusable federates and federations for supporting configurable shared services, achieving performant distributed simulations, organizing federations across different model types or application concerns, and coordinating federations across organizations with different information technology policies. This paper describes these core requirements that necessitate the use of multiple HLA federations and presents various mechanisms for constructing such integrated HLA federations. An example use case is implemented using a model-based rapid simulation integration framework called the Universal CPS Environment for Federation (UCEF) to illustrate these requirements and demonstrate techniques for integrating multiple HLA federations.

Effective information security risk management is essential for survival of any business that is dependent on IT. In this paper we present an efficient and effective solution to find best parameters for managing cyber risks using artificial intelligence. Genetic algorithm is use as it can provide our required optimization and intelligence. Results show that GA is professional in finding the best parameters and minimizing the risk.

The proliferation of linked devices in decisive infrastructure fields including health care and the electric grid is transforming public perceptions of critical infrastructure. As the world grows more mobile and connected, as well as as the Internet of Things (IoT) expands, the growing interconnectivity of new critical sectors is being fuelled. Interruptions in any of these areas can have ramifications across numerous sectors and potentially the world. Crucial industries are critical to contemporary civilization. In today's hyper-connected world, critical infrastructure is more vulnerable than ever to cyber assaults, whether they are state-sponsored, carried out by criminal organizations, or carried out by individuals. In a world where more and more gadgets are interconnected, hackers have more and more entry points via which they may damage critical infrastructure. Significant modifications to an organization's main technological systems have created a new threat surface. The study's goal is to raise awareness about the challenges of protecting digital infrastructure in the future while it is still in development. Fog architecture is designed based on functionality once the infrastructure that creates large data has been established. There's also an in-depth look of fog-enabled IoT network security requirements. The next section examines the security issues connected with fog computing, as well as the privacy and trust issues raised by fog-enabled Internet of Things (IoT). Block chain is also examined to see how it may help address IoT security problems, as well as the complimentary interrelationships between block-chain and fog computing. Additionally, Formalizes big data security goal and scope, develops taxonomy for identifying risks to fog-based Internet of Things systems, compares current development contributions to security service standards, and proposes interesting study areas for future studies, all within this framework

Software supply chain attacks occur during the processes of producing software is compromised, resulting in vulnerabilities that target downstream customers. While the number of successful exploits is limited, the impact of these attacks is significant. Despite increased awareness and research into software supply chain attacks, there is limited information available on mitigating or architecting for these risks, and existing information is focused on singular and independent elements of the supply chain. In this paper, we extensively review software supply chain security using software development tools and infrastructure. We investigate the path that attackers find is least resistant followed by adapting and finding the next best way to complete an attack. We also provide a thorough discussion on how common software supply chain attacks can be prevented, preventing malicious hackers from gaining access to an organization's development tools and infrastructure including the development environment. We considered various SSC attacks on stolen code-sign certificates by malicious attackers and prevented unnoticed malware from passing by security scanners. We are aiming to extend our research to contribute to preventing software supply chain attacks by proposing novel techniques and frameworks.

Phishing emails are becoming more and more sophisticated, making current detection techniques ineffective. The reporting of phishing emails from users is, thus, crucial for organizations to detect phishing attacks and mitigate their effect. Despite extensive research on how the believability of a phishing email affects detection rates, there is little to no research about the relationship between the believability of a phishing email and the associated reporting rate. In this work, we present a controlled experiment with 446 subjects to evaluate how the reporting rate of a phishing email is linked to its believability and detection rate. Our results show that the reporting rate decreases as the believability of the email increases and that around half of the subjects who detect the mail as phishing, have an intention to report the email. However, the group intending to report an email is not a subset of the group detecting the mail as phishing, suggesting that reporting is still a concept misunderstood by many.

Requirement Elicitation is a key phase in software development. The fundamental goal of security requirement elicitation is to gather appropriate security needs and policies from stakeholders or organizations. The majority of systems fail due to incorrect elicitation procedures, affecting development time and cost. Security requirement elicitation is a major activity of requirement engineering that requires the attention of developers and other stakeholders. To produce quality requirements during software development, the authors suggested a methodology for effective requirement elicitation. Many challenges surround requirement engineering. These concerns can be connected to scope, preconceptions in requirements, etc. Other difficulties include user confusion over technological specifics, leading to confusing system aims. They also don't realize that the requirements are dynamic and prone to change. To protect the privacy of medical images, the proposed image cryptosystem uses a CCM-generated chaotic key series to confuse and diffuse them. A hexadecimal pre-processing technique is used to increase the security of color images utilising a hyper chaos-based image cryptosystem. Finally, a double-layered security system for biometric photos is built employing chaos and DNA cryptography.