Biblio

Vulnerability assessment is an important process for network security. However, most commonly used vulnerability assessment methods still rely on expert experience or rule-based automated scripts, which are difficult to meet the security requirements of increasingly complex network environment. In recent years, although scientists and engineers have made great progress on artificial intelligence in both theory and practice, it is a challenging to manufacture a mature high-quality intelligent products in the field of network security, especially in penetration testing based vulnerability assessment for enterprises. Therefore, in order to realize the intelligent penetration testing, Vul.AI with its rich experience in cyber attack and defense for many years has designed and developed a set of intelligent penetration and attack simulation system Ai.Scan, which is based on attack chain, knowledge graph and related evaluation algorithms. In this paper, the realization principle, main functions and application scenarios of Ai.Scan are introduced in detail.

Successive approximation register analog-to-digital converter (SAR ADC) is widely adopted in the Internet of Things (IoT) systems due to its simple structure and high energy efficiency. Unfortunately, SAR ADC dissipates various and unique power features when it converts different input signals, leading to severe vulnerability to power side-channel attack (PSA). The adversary can accurately derive the input signal by only measuring the power information from the analog supply pin (AVDD), digital supply pin (DVDD), and/or reference pin (Ref) which feed to the trained machine learning models. This paper first presents the detailed mathematical analysis of power side-channel attack (PSA) to SAR ADC, concluding that the power information from AVDD is the most vulnerable to PSA compared with the other supply pin. Then, an LSB-reused protection technique is proposed, which utilizes the characteristic of LSB from the SAR ADC itself to protect against PSA. Lastly, this technique is verified in a 12-bit 5 MS/s secure SAR ADC implemented in 65nm technology. By using the current waveform from AVDD, the adopted convolutional neural network (CNN) algorithms can achieve \textgreater99% prediction accuracy from LSB to MSB in the SAR ADC without protection. With the proposed protection, the bit-wise accuracy drops to around 50%.

New malware increasingly adopts novel fileless techniques to evade detection from antivirus programs. Process injection is one of the most popular fileless attack techniques. This technique makes malware more stealthy by writing malicious code into memory space and reusing the name and port of the host process. It is difficult for traditional security software to detect and intercept process injections due to the stealthiness of its behavior. We propose a novel framework called ProcGuard for detecting process injection behaviors. This framework collects sensitive function call information of typical process injection. Then we perform a fine-grained analysis of process injection behavior based on the function call chain characteristics of the program, and we also use the improved RCNN network to enhance API analysis on the tampered memory segments. We combine API analysis with deep learning to determine whether a process injection attack has been executed. We collect a large number of malicious samples with process injection behavior and construct a dataset for evaluating the effectiveness of ProcGuard. The experimental results demonstrate that it achieves an accuracy of 81.58% with a lower false-positive rate compared to other systems. In addition, we also evaluate the detection time and runtime performance loss metrics of ProcGuard, both of which are improved compared to previous detection tools.

The heterogeneity of network traffic features brings quantitative calculation problems to the matching between network data. In order to solve the above fuzzy matching problem between the heterogeneous network feature data, a quantitative matching method for network traffic features is proposed in this paper. By constructing the numerical expression method of network traffic features, the numerical expression of key features of network data is realized. By constructing the suitable section calculation methods for the similarity of different network traffic features, the personalized quantitative matching for heterogeneous network data features is realized according to the actual meaning of different features. By defining the weight of network traffic features, the quantitative importance value of different features is realized. The weighted sum mathematical method is used to accurately calculate the overall similarity value between network data. The effectiveness of the proposed method through experiments is verified. The experimental results show that the proposed matching method can be used to calculate the similarity value between network data, and the quantitative calculation purpose of network traffic feature matching with heterogeneous features is realized.

Artificial intelligence (AI) was engendered by the rapid development of high and new technologies, which altered the environment of business financial audits and caused problems in recent years. As the pioneers of enterprise financial monitoring, auditors must actively and proactively adapt to the new audit environment in the age of AI. However, the performances of the auditors during the adaptation process are not so favorable. In this paper, methods such as data analysis and field research are used to conduct investigations and surveys. In the process of applying AI to the financial auditing of a business, a number of issues are discovered, such as auditors' underappreciation, information security risks, and liability risk uncertainty. On the basis of the problems, related suggestions for improvement are provided, including the cultivation of compound talents, the emphasis on the value of auditors, and the development of a mechanism for accepting responsibility.

Public transportation is an important system of urban passenger transport. The purpose of this article is to explore the impact of network resilience when each station of urban rail transit network was attacked by large passenger flow. Based on the capacity load model, we propose a load redistribution mechanism to simulate the passenger flow propagation after being attacked by large passenger flow. Then, taking Xi'an's rail network as an example, we study the resilience variety of the network after a node is attacked by large passenger flow. Through some attack experiments, the feasibility of the model for studying the resilience of the rail transit system is finally verified.

CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) is a widely used technology to distinguish real users and automated users such as bots. However, the advance of AI technologies weakens many CAPTCHA tests and can induce security concerns. In this paper, we propose a user-friendly text-based CAPTCHA generation method named Robust Text CAPTCHA (RTC). At the first stage, the foregrounds and backgrounds are constructed with font and background images respectively sampled from font and image libraries, and they are then synthesized into identifiable pseudo adversarial CAPTCHAs. At the second stage, we utilize a highly transferable adversarial attack designed for text CAPTCHAs to better obstruct CAPTCHA solvers. Our experiments cover comprehensive models including shallow models such as KNN, SVM and random forest, as well as various deep neural networks and OCR models. Experiments show that our CAPTCHAs have a failure rate lower than one millionth in general and high usability. They are also robust against various defensive techniques that attackers may employ, including adversarially trained CAPTCHA solvers and solvers trained with collected RTCs using manual annotation. Codes available at https://github.com/RulinShao/RTC.

Present-day vehicles have numerous Electronic Control Units (ECUs) and they communicate with each other over a network known as the Controller Area Network(CAN) bus. In this way, the CAN bus is a fundamental component of intra-vehicle communication. The CAN bus was designed without focusing on communication security and in this way it is vulnerable to many cyber attacks. As the vehicles are always connected to the Internet, the CAN bus is remotely accessible and could be hacked. To secure the communication between ECUs and defend against these cyber attacks, we apply a Hash Message Authentication Code(HMAC) to automotive data and demonstrate the CAN bus communication between two ECUs using Arduino UNO and MCP2515 CAN bus module.

The application of mobile intelligent terminal in the environment is very complex, and its own computing capacity is also very limited, so it is vulnerable to malicious attacks. The security classification of mobile intelligent terminals can effectively ensure the security of their use. Therefore, a security classification method for mobile intelligent terminals based on multi-source data fusion is proposed. The Boolean value is used to count the multi-source data of the mobile intelligent terminal, and the word frequency method is used to calculate the weight of the multi-source data of the mobile intelligent terminal. The D-S evidence theory is used to complete the multi-source data fusion of the mobile intelligent terminal and implement the multi-source data fusion processing of the mobile intelligent terminal. On this basis, the security level permission value of mobile intelligent terminal is calculated to achieve the security level division of mobile intelligent terminal based on multi-source data fusion. The experimental results show that the accuracy of mobile intelligent terminal security classification is higher than 96% and the classification time is less than 3.8 ms after the application of the proposed method. Therefore, the security level of mobile intelligent terminals after the application of this method is high, and the security performance of mobile intelligent terminals is strong, which can effectively improve the accuracy of security classification and shorten the time of security classification.

With the rapid development of Internet Technology in recent years, the demand for security support for complex applications is becoming stronger and stronger. Intel Software Guard Extensions (Intel SGX) is created as an extension of Intel Systems to enhance software security. Intel SGX allows application developers to create so-called enclave. Sensitive application code and data are encapsulated in Trusted Execution Environment (TEE) by enclave. TEE is completely isolated from other applications, operating systems, and administrative programs. Enclave is the core structure of Intel SGX Technology. Enclave supports multi-threading. Thread Control Structure (TCS) stores special information for restoring enclave threads when entering or exiting enclave. Each execution thread in enclave is associated with a TCS. This paper analyzes and verifies the possible security risks of enclave under concurrent conditions. It is found that in the case of multithread concurrency, a single enclave cannot resist flooding attacks, and related threads also throw TCS exception codes.

Code-reuse attacks (including ROP/JOP) severely threaten computer security. Control-flow integrity (CFI), which can restrict control flow in legal scope, is recognised as an effective defence mechanism against code-reuse attacks. Hardware-based CFI uses Instruction Set Architecture (ISA) extensions with additional hardware modules to implement CFI and achieve better performance. However, hardware-based fine-grained CFI adds new instructions to the ISA, which can not be executed on old processors and breaks the compatibility of programs. Some coarse-grained CFI designs, such as Intel IBT, maintain the compatibility of programs but can not provide enough security guarantees.To balance the security and compatibility of hardware CFI, we propose Transparent Forward CFI (TFCFI). TFCFI implements hardware-based fine-grained CFI designs without changing the ISA. The software modification of TFCFI utilizes address information and hint instructions in RISC-V as transparent labels to mark the program. The hardware module of TFCFI monitors the control flow during execution. The program modified by TFCFI can be executed on old processors without TFCFI. Benefiting from transparent labels, TFCFI also solves the destination equivalence problem. The experiment on FPGA shows that TFCFI incurs negligible performance overhead (1.82% on average).

This paper proposes a vehicle violation determination system based on improved YOLOv5 algorithm, which performs vehicle violation determination on a single unit at a single intersection, and displays illegal photos and license plates of illegal vehicles on the webpage. Using the network structure of YOLOv5, modifying the vector output of the Head module, and modifying the rectangular frame detection of the target object to quadrilateral detection, the system can identify vehicles and lane lines with more flexibilities.

The proliferation of real-time cyber-physical systems (CPS) is making profound changes to our daily life. Many real-time CPSs are security and safety-critical because of their continuous interactions with the physical world. While the general perception is that the security protection mechanism deployment is often absent in real-time embedded systems, there is no existing empirical study that measures the adoption of these mechanisms in the ecosystem. To bridge this gap, we conduct a measurement study for real-time embedded firmware from both a security perspective and a real-time perspective. To begin with, we collected more than 16 terabytes of embedded firmware and sampled 1,000 of them for the study. Then, we analyzed the adoption of security protection mechanisms and their potential impacts on the timeliness of real-time embedded systems. Besides, we measured the scheduling algorithms supported by real-time embedded systems since they are also security-critical.

Edge detection based embedding techniques are famous for data security and image quality preservation. These techniques use diverse edge detectors to classify edge and non-edge pixels in an image and then implant secrets in one or both of these classes. Image with conceived data is called stego image. It is noticeable that none of such researches tries to reform the original image from the stego one. Rather, they devote their concentration to extract the hidden message only. This research presents a solution to the raised reversibility problem. Like the others, our research, first, applies an edge detector e.g., canny, in a cover image. The scheme next collects \$n\$-LSBs of each of edge pixels and finally, concatenates them with encrypted message stream. This method applies a lossless compression algorithm to that processed stream. Compression factor is taken such a way that the length of compressed stream does not exceed the length of collected LSBs. The compressed message stream is then implanted only in the edge pixels by \$n\$-LSB substitution method. As the scheme does not destroy the originality of non-edge pixels, it presents better stego quality. By incorporation the mechanisms of encryption, concatenation, compression and \$n\$-LSB, the method has enriched the security of implanted data. The research shows its effectiveness while implanting a small sized message.

The current study aims to discern the impact of expert systems and neural network on the Jordanian commercial banks. In achieving the objective, the study employed descriptive analytical approach and the population consisted of the 13 Jordanian commercial banks listed at Amman Stock Exchange-ASE. The primary data were obtained by using a questionnaire with 188 samples distributed to a group of accountants, internal auditors, and programmers, who constitute the study sample. The results unveiled that there is an impact of the application of expert systems and neural networks on the relevance of financial information in Jordanian commercial banks. It also revealed that there is a high level of relevance of financial information in Jordanian commercial banks. Accordingly, the study recommended the need for banks to keep pace with the progress and development taking place in connection to the process and environment of expertise systems by providing modern and developed devices to run various programs and expert systems. It also recommended that, Jordanian commercial banks need to rely more on advanced systems to operate neural network technology more efficiently.

Improving the accuracy of intruders in innovative Intrusion detection by comparing Machine Learning classifiers such as Random Forest (RF) with Support Vector Machine (SVM). Two groups of supervised Machine Learning algorithms acquire perfection by looking at the Random Forest calculation (N=20) with the Support Vector Machine calculation (N=20)G power value is 0.8. Random Forest (99.3198%) has the highest accuracy than the SVM (9S.56l5%) and the independent T-test was carried out (=0.507) and shows that it is statistically insignificant (p \textgreater0.05) with a confidence value of 95% by comparing RF and SVM. Conclusion: The comparative examination displays that the Random Forest is more productive than the Support Vector Machine for identifying the intruders are significantly tested.

Cybersecurity is important in the field of information technology. One most recent pressing issue is information security. When we think of cybersecurity, the first thing that comes to mind is cyber-attacks, which are on the rise, such as Ransomware. Various governments and businesses take a variety of measures to combat cybercrime. People are still concerned about ransomware, despite numerous cybersecurity precautions. In ransomware, the attacker encrypts the victim’s files/data and demands payment to unlock the data. Cybersecurity is a collection of tools, regulations, security guards, security ideas, guidelines, risk management, activities, training, insurance, best practices, and technology used to secure the cyber environment, organization, and user assets. This paper analyses ransomware attacks, techniques for dealing with these attacks, and future challenges.

Autonomous vehicles (AVs) are capable of making driving decisions autonomously using multiple sensors and a complex autonomous driving (AD) software. However, AVs introduce numerous unique security challenges that have the potential to create safety consequences on the road. Security mechanisms require a benchmark suite and an evaluation framework to generate comparable results. Unfortunately, AVs lack a proper benchmarking framework to evaluate the attack and defense mechanisms and quantify the safety measures. This paper introduces BenchAV – a security benchmark suite and evaluation framework for AVs to address current limitations and pressing challenges of AD security. The benchmark suite contains 12 security and performance metrics, and an evaluation framework that automates the metric collection process using Carla simulator and Robot Operating System (ROS).

To decrease the IoT attack surface and provide protection against security threats such as introduction of fake IoT nodes and identity theft, IoT requires scalable device identity and authentication management. This work proposes a blockchain-based identity management approach with consensus authentication as a scalable solution for IoT device authentication management. The proposed approach relies on having a blockchain secure tamper proof ledger and a novel lightweight consensus-based identity authentication. The results show that the proposed decentralised authentication system is scalable as we increase number of nodes.

This paper analyzes the problems existing in the existing emergency management technology system in China from various perspectives, and designs the construction of intelligent emergency system in combination with the development of new generation of Internet of Things, big data, cloud computing and artificial intelligence technology. The overall design is based on scientific and technological innovation to lead the reform of emergency management mechanism and process reengineering to build an intelligent emergency technology system characterized by "holographic monitoring, early warning, intelligent research and accurate disposal". To build an intelligent emergency management system that integrates intelligent monitoring and early warning, intelligent emergency disposal, efficient rehabilitation, improvement of emergency standards, safety and operation and maintenance construction.

Many cyber-related untoward incidents and multiple instances of a data breach of system are being reported. User identity and its usage for valid entry to system depend upon successful authentication. Researchers have explored many threats and vulnerabilities in a centralized system. It has initiated concept of a decentralized way to overcome them. In this work, we have explored application of Self-Sovereign Identity and Verifiable Credentials using decentralized identifiers over cloud.

Based on the campus wireless IPv6 network system, using WiFi contactless sensing and positioning technology and action recognition technology, this paper designs a new campus security early warning system. The characteristic is that there is no need to add new monitoring equipment. As long as it is the location covered by the wireless IPv6 network, personnel quantity statistics and personnel body action status display can be realized. It plays an effective monitoring supplement to the places that cannot be covered by video surveillance in the past, and can effectively prevent campus violence or other emergencies.

Anomaly detection has been considered under several extents of prior knowledge. Unsupervised methods do not require any labelled data, whereas semi-supervised methods leverage some known anomalies. Inspired by mixture-of-experts models and the analysis of the hidden activations of neural networks, we introduce a novel data-driven anomaly detection method called ARGUE. Our method is not only applicable to unsupervised and semi-supervised environments, but also profits from prior knowledge of self-supervised settings. We designed ARGUE as a combination of dedicated expert networks, which specialise on parts of the input data. For its final decision, ARGUE fuses the distributed knowledge across the expert systems using a gated mixture-of-experts architecture. Our evaluation motivates that prior knowledge about the normal data distribution may be as valuable as known anomalies.

CP-ABE (Ciphertext-policy attribute based encryption) is considered as a secure access control for data sharing. However, the SK(secret key) in most CP-ABE scheme is generated by Centralized authority(CA). It could lead to the high cost of building trust and single point of failure. Because of the characters of blockchain, some schemes based on blockchain have been proposed to prevent the disclosure and protect privacy of users' attribute. Thus, a new CP-ABE identity-attribute management(IAM) data sharing scheme is proposed based on blockchain, i.e. IAM-BDSS, to guarantee privacy through the hidden policy and attribute. Meanwhile, we define a transaction structure to ensure the auditability of parameter transmission on blockchain system. The experimental results and security analysis show that our IAM-BDSS is effective and feasible.

Intelligent Systems for Personal Data Cyber Security is a critical component of the Personal Information Management of Medicaid Enterprises. Intelligent Systems for Personal Data Cyber Security combines components of Cyber Security Systems with Human-Computer Interaction. It also uses the technology and principles applied to the Internet of Things. The use of software-hardware concepts and solutions presented in this report is, in the authors’ opinion, some step in the working-out of the Intelligent Systems for Personal Data Cyber Security in Medicaid Enterprises. These concepts may also be useful for developers of these types of systems.