Biblio

The risk of detecting incidents in the field of computer technology in Maritime transport is considered. The structure of the computer incident investigation system and its functions are given. The system of conducting investigations of computer incidents on sea transport is considered. A possible algorithm for investigating the incident using the tools of forensic science and an algorithm for transmitting the received data for further processing are presented.

With the development of openness, sharing and interconnection of computer network, the architecture of enterprise network becomes more and more complex, and various network security problems appear. Threat Intelligence(TI) Analysis and situation awareness(SA) are the prediction and analysis technology of enterprise security risk, while intrusion detection technology belongs to active defense technology. In order to ensure the safe operation of computer network system, we must establish a multi-level and comprehensive security system. This paper analyzes many security risks faced by enterprise computer network, and integrates threat intelligence analysis, security situation assessment, intrusion detection and other technologies to build a comprehensive enterprise security system to ensure the security of large enterprise network.

With a broad spectrum of technologies for the protection of personal data, it is important to be able to reliably compare these technologies to choose the most suitable one for a given problem. Although technologies like Homomorphic Encryption have matured over decades, Confidential Computing is still in its infancy with not only informal but also incomplete and even conflicting definitions by the Confidential Computing Consortium (CCC). In this work, we present key issues in definitions and comparison among existing technologies by CCC. We also provide recommendations to achieve clarity and precision in the definitions as well as fair and scientific comparison among existing technologies. We emphasize on the need of formal definitions of the terms and pose it as an open challenge to the community.

Cloud Computing (CC) has emerged as an on-demand accessible tool in different practical applications such as digital industry, academics, manufacturing, health sector and others. In this paper different security threats faced by CC are discussed with suitable examples. Moreover, an artificial intelligence based security enabled CC is also discussed based on suitable empirical data. It is found that an artificial neural network (ANN) is an effective system to detect the level of risk factors associated with CC along with mitigating those risk issues with appropriate algorithms. Hence, it provides a desired level of protection against cyber attacks, internal confidential threats and external threat of data theft from a cloud computing system. Levenberg–Marquardt (LMBP) algorithms are also found as a significant tool to estimate the level of security performance around a cloud computing system. ANN is used to improve the performance level of data security across a cloud computing network and make it security enabled to ensure a protected data transmission to clients associated with the system.

The importance of the security of industrial control network has become increasingly prominent. Aiming at the defects of main security protection system in the intelligent manufacturing industrial control network, we propose a security attack risk detection and defense, and emergency processing capability synchronization technology system suitable for the intelligent manufacturing industrial control system. Integrating system control and network security theories, a flexible and reconfigurable system-wide security architecture method is proposed. On the basis of considering the high availability and strong real-time of the system, our research centers on key technologies supporting system-wide security analysis, defense strategy deployment and synchronization, including weak supervision system reinforcement and pattern matching, etc.. Our research is helpful to solve the problem of industrial control network of “old but full of loopholes” caused by the long-term closed development of the production network of important parts, and alleviate the contradiction between the high availability of the production system and the relatively backward security defense measures.

The widespread application of industrial Internet identifiers has increased the security risks of industrial Internet and identifier resolution system. In order to improve the security capabilities of identifier resolution system, this paper analyzes the security challenges faced by identifier resolution system at this stage, and in line with the concept of layered security defense in depth, divides the security domains of identifier resolution system and proposes a multi-level security strategy based on security domains by deploying appropriate protective measures in each security domain.

With the advent of the era of big data, information technology has been rapidly developed and the application of computers has been popularized. However, network technology is a double-edged sword. While providing convenience, it also faces many problems, among which there are many hidden dangers of network information security. Based on this, based on the era background of big data, the network information security analysis, explore the main network security problems, and elaborate computer information network security matters needing attention, to strengthen the network security management, and put forward countermeasures, so as to improve the level of network security.

The papers in this special section focus on network science for high confidence cyber-physical systems (CPS) Here CPS refers to the engineered systems that can seamlessly integrate the physical world with the cyber world via advanced computation and communication capabilities. To enable high-confidence CPS for achieving better benefits as well as supporting emerging applications, network science-based theories and methodologies are needed to cope with the ever-growing complexity of smart CPS, to predict the system behaviors, and to model the deep inter-dependencies among CPS and the natural world. The major objective of this special section is to exploit various network science techniques such as modeling, analysis, mining, visualization, and optimization to advance the science of supporting high-confidence CPS for greater assurances of security, safety, scalability, efficiency, and reliability. These papers bring a timely and important research topic. The challenges and opportunities of applying network science approaches to high-confidence CPS are profound and far-reaching.

Current programming models for developing Internet of Things (IoT) applications are logically centralized and ill-suited for most IoT applications. We contribute Protocols over Things, a decentralized programming model that represents an IoT application via a protocol between the parties involved and provides improved performance over network-level delivery guarantees.

Cybersecurity Experimentation is often viewed narrowly in terms of a single technology or experiment. This paper reviews the experimentation life-cycle for two large scale research efforts that span multiple technologies. We identify salient aspects of each cybersecurity program, and capture guidelines based on eight years of experience. Extrapolating, we identify four principles for building future experimental infrastructure: 1) Reduce the cognitive burden on experimenters when designing and operating experiments. 2) Allow experimenters to encode their goals and constraints. 3) Provide flexibility in experimental design. 4) Provide multifaceted guidance to help experimenters produce high-quality experiments. By following these principles, future cybersecurity testbeds can enable significantly higher-quality experiments.

The elusive science of security. Science advances when research results build upon prior findings through the evolution of hypotheses and theories about the fundamental relationships among variables within a context and considering the threats and limitations of the work. Some hypothesize that, through this science of security, the industry can take a more principled and systematic approach to securing systems, rather than reacting to the latest move by attackers. Others debate the utility of a science of security.

With cybersecurity situation more and more complex, data-driven security has become indispensable. Numerous cybersecurity data exists in textual sources and data analysis is difficult for both security analyst and the machine. To convert the textual information into structured data for further automatic analysis, we extract cybersecurity-related entities and propose a self-attention-based neural network model for the named entity recognition in cybersecurity. Considering the single word feature not enough for identifying the entity, we introduce CNN to extract character feature which is then concatenated into the word feature. Then we add the self-attention mechanism based on the existing BiLSTM-CRF model. Finally, we evaluate the proposed model on the labelled dataset and obtain a better performance than the previous entity extraction model.

To address cybersecurity, this author proposed recently the approach of formulating it in symmetric dual-space and dual-system. This paper further explains this concept, beginning with symmetric Maxwell Equation (ME) and Fourier Transform (FT). The approach appears to be a powerful solution, with wide applications ranging from Electronic Warfare (EW) to 5G Mobile, etc.

This article pertains to cognitive security. There are deep concerns about the growing ability to create deepfakes. There is also deep concern about the malicious use of deepfakes to change the opinions of how people see a public figure.

This article pertains to cognitive security and human behavior. Facebook announced a recent takedown of 51 Facebook accounts, 36 Facebook pages, seven Facebook groups and three Instagram accounts that it says were all involved in coordinated "inauthentic behavior." Facebook says the activity originated geographically from Iran.

An Implantable Cardioverter Defibrillator (ICD) is a medical device used for the detection of potentially fatal cardiac arrhythmias and their treatment through the delivery of electrical shocks intended to restore normal heart rhythm. An ICDreprogrammingattackseeks to alter the device’s parameters to induce unnecessary therapy or prevent required therapy. In this paper, we present a formal approach for the synthesis of ICD reprogramming attacks that are both effective, i.e., lead to fundamental changes in the required therapy, and stealthy, i.e., are hard to detect. We focus on the discrimination algorithm underlying Boston Scientific devices (one of the principal ICD manufacturers) and formulate the synthesis problem as one of multi-objective optimization. Our solution technique is based on an Optimization Modulo Theories encoding of the problem and allows us to derive device parameters that are optimal with respect to the effectiveness-stealthiness tradeoff. Our method can be tailored to the patient’s current condition, and readily generalizes to new rhythms. To the best of our knowledge, our work is the first to derive systematic ICD reprogramming attacks designed to maximize therapy disruption while minimizing detection.

Searchable symmetric encryption (SSE) scheme allows a data owner to perform search queries over encrypted documents using symmetric cryptography. SSE schemes are useful in cloud storage and data outsourcing. Most of the SSE schemes in existing literature have been proved to leak a substantial amount of information that can lead to an inference attack. This paper presents, a novel leakage resilient searchable symmetric encryption with periodic updation (LRSSEPU) scheme that minimizes extra information leakage, and prevents an untrusted cloud server from performing document mapping attack, query recovery attack and other inference attacks. In particular, the size of the keyword vector is fixed and the keywords are periodically permuted and updated to achieve minimum leakage. Furthermore, our proposed LRSSEPU scheme provides authentication of the query messages and restricts an adversary from performing a replay attack, forged query attack and denial of service attack. We employ a combination of identity-based cryptography (IBC) with symmetric key cryptography to reduce the computation cost and communication overhead. Our scheme is lightweight and easy to implement with very little communication overhead.

The Internet of Things (IoT) is increasingly being used in applications ranging from precision agriculture to critical national infrastructure by deploying a large number of resource-constrained devices in hostile environments. These devices are being exploited to launch attacks in cyber systems. As a result, security has become a significant concern in the design of IoT based applications. In this paper, we present a security architecture for IoT networks by leveraging the underlying features supported by Software Defined Networks (SDN). Our security architecture restricts network access to authenticated IoT devices. We use fine granular policies to secure the flows in the IoT network infrastructure and provide a lightweight protocol to authenticate IoT devices. Such an integrated security approach involving authentication of IoT devices and enabling authorized flows can help to protect IoT networks from malicious IoT devices and attacks.

The giant network of Internet of Things establishes connections between smart devices and people, with protocols to collect and share data. While the data is expanding at a fast pace in this era of Big Data, there are growing concerns about security and privacy policies. In the current Internet of Things ecosystems, at the intersection of the Internet of Things, Big Data, and Cybersecurity lies the subject that attracts the most attention. In aiding users in getting an adequate understanding, this paper introduces HackerNets, an interactive visualization for emerging topics in the crossing of IoT, Big Data, and Cybersecurity over time. To demonstrate the effectiveness and usefulness of HackerNets, we apply and evaluate the technique on the dataset from the social media platform.

Cyber insurance is a viable method for cyber risk transfer. However, the cyber insurance faces critical challenges, the most important of which is lack of statistical data. In this paper, we proposed an incentive model considering monitoring signals for cybersecurity information haring based on the principal-agent theory. We studied the effect of monitoring signals on increasing the rationality of the incentive contract and reducing moral hazard in the process of cybersecurity information sharing, and analyzed factors influencing the effectiveness of the incentive contract. We show that by introducing monitoring signals, the insurer can collect more information about the effort level of the insured, and encourage the insured to share cybersecurity information based on the information sharing output and monitoring signals of the effort level, which can not only reduce the blindness of incentive to the insured in the process of cybersecurity information sharing, but also reduce moral hazard.

The Internet of Things (IoT) market is growing rapidly, allowing continuous evolution of new technologies. Alongside this development, most IoT devices are easy to compromise, as security is often not a prioritized characteristic. This paper proposes a novel IoT Security Model (IoTSM) that can be used by organizations to formulate and implement a strategy for developing end-to-end IoT security. IoTSM is grounded by the Software Assurance Maturity Model (SAMM) framework, however it expands it with new security practices and empirical data gathered from IoT practitioners. Moreover, we generalize the model into a conceptual framework. This approach allows the formal analysis for security in general and evaluates an organization's security practices. Overall, our proposed approach can help researchers, practitioners, and IoT organizations, to discourse about IoT security from an end-to-end perspective.

IoT devices introduce unprecedented threats into home and professional networks. As they fail to adhere to security best practices, they are broadly exploited by malicious actors to build botnets or steal sensitive information. Their adoption challenges established security standard as classic security measures are often inappropriate to secure them. This is even more problematic in sensitive environments where the presence of insecure IoTs can be exploited to bypass strict security policies. In this paper, we demonstrate an attack against a highly secured network using a Bluetooth smart bulb. This attack allows a malicious actor to take advantage of a smart bulb to exfiltrate data from an air gapped network.

This paper considers one of the methods of efficient allocation of limited resources in special-purpose devices (sensors) to monitor complex network unit cybersecurity.

We analyze expert review and student performance data to evaluate the validity of the Cybersecurity Concept Inventory (CCI) for assessing student knowledge of core cybersecurity concepts after a first course on the topic. A panel of 12 experts in cybersecurity reviewed the CCI, and 142 students from six different institutions took the CCI as a pilot test. The panel reviewed each item of the CCI and the overwhelming majority rated every item as measuring appropriate cybersecurity knowledge. We administered the CCI to students taking a first cybersecurity course either online or proctored by the course instructor. We applied classical test theory to evaluate the quality of the CCI. This evaluation showed that the CCI is sufficiently reliable for measuring student knowledge of cybersecurity and that the CCI may be too difficult as a whole. We describe the results of the expert review and the pilot test and provide recommendations for the continued improvement of the CCI.

Cybersecurity education and training have gained increasing attention in all sectors due to the prevalence and quick evolution of cyberattacks. A variety of platforms and systems have been proposed and developed to accommodate the growing needs of hands-on cybersecurity practice. However, those systems are either lacking sufficient flexibility (e.g., tied to a specific virtual computing service provider, little customization support) or difficult to scale. In this work, we present a cloud-based platform named EZSetup for hands-on cybersecurity practice at scale and our experience of using it in class. EZSetup is customizable and cloud-agnostic. Users can create labs through an intuitive Web interface and deploy them onto one or multiple clouds. We have used NSF funded Chameleon cloud and our private OpenStack cloud to develop, test and deploy EZSetup. We have developed 14 network and security labs using the tool and included six labs in an undergraduate network security course in spring 2019. Our survey results show that students have very positive feedback on using EZSetup and computing clouds for hands-on cybersecurity practice.