Biblio

The most common defenses against malware threats involves the use of signatures derived from instances of known malware. However, the constant evolution of the malware threat landscape necessitates defense against unknown malware, making a signature catalog of known threats insufficient to prevent zero-day vulnerabilities from being exploited. Recent research has applied machine learning approaches to identify malware through artifacts of malicious activity as observed through dynamic behavioral analysis. We have seen that these approaches mimic common malware defenses by simply offering a method of detecting known malware. We contribute a new method of identifying software as malicious or benign through analysis of the frequency of Windows API system function calls. We show that this is a powerful technique for malware detection because it generates learning models which understand the difference between malicious and benign software, rather than producing a malware signature classifier. We contribute a method of systematically comparing machine learning models against different datasets to determine their efficacy in accurately distinguishing the difference between malicious and benign software.

There exist numerous strategies for Source Location Privacy (SLP) routing schemes. In this study, an experimental analysis of a few routing schemes is done to investigate the influence of the routing scheme algorithms on the privacy protection level and the network lifetime performance. The analysis involved four categories of SLP routing schemes. Analysis results revealed that the algorithms used in the representative schemes for tree-based and angle-based routing schemes incur the highest influence. The tree-based algorithm stimulates the highest energy consumption with the lowest network lifetime while the angle-based algorithm does the opposite. Moreover, for the tree-based algorithm, the influence is highly dependent on the region of the network domain.

Security and consistency of smart grids is one of the main issues in the design and maintenance of highly controlled and monitored new power grids. Bad data injection attack could lead to disasters such as power system outage, or huge economical losses. In many attack scenarios, the attacker can come up with new attack strategies that couldn't be detected by the traditional bad data detection methods. Adaptive Partitioning State Estimation (APSE) method [3] has been proposed recently to combat such attacks. In this work, we evaluate and compare with a traditional method. The main idea of APSE is to increase the sensitivity of the chi-square test by partitioning the large grids into small ones and apply the test on each partition individually and repeat this procedure until the faulty node is located. Our simulation findings using MATPOWER program show that the method is not consistent where it is sensitive the systems size and the location of faulty nodes as well.

IoT devices can be used to fulfil many of our daily tasks. IoT could be wearable devices, home appliances, or even light bulbs. With the introduction of this new technology, however, vulnerabilities are being introduced and can be leveraged or exploited by malicious users. One common vehicle of exploitation is malicious software, or malware. Malware can be extremely harmful and compromise the confidentiality, integrity and availability (CIA triad) of information systems. This paper analyzes the types of malware attacks, introduce some mitigation approaches and discusses future challenges.

Not only the number of deployed IoT devices increases but also that of IoT malware increases. We eager to understand the threat made by IoT malware but we lack tools to observe, analyze and detect them. We design and implement an automatic, virtual machine-based profiling system to collect valuable IoT malware behavior, such as API call invocation, system call execution, etc. In addition to conventional profiling methods (e.g., strace and packet capture), the proposed profiling system adapts virtual machine introspection based API hooking technique to intercept API call invocation by malware, so that our introspection would not be detected by IoT malware. We then propose a method to convert the multiple sequential data (API calls) to a family behavior graph for further analysis.

In this paper, we consider the problem of joint target detection and tracking in compressive sampling and processing (CSP-JDT). CSP can process the compressive samples of sparse signals directly without signal reconstruction, which is suitable for handling high-resolution radar signals. However, in CSP, the radar target detection and tracking problems are usually solved separately or by a two-stage strategy, which cannot obtain a globally optimal solution. To jointly optimize the target detection and tracking performance and inspired by the optimal Bayes joint decision and estimation (JDE) framework, a jointly optimized target detection and tracking algorithm in CSP is proposed. Since detection and tracking are highly correlated, we first develop a measurement matrix construction method to acquire the compressive samples, and then a joint CSP Bayesian approach is developed for target detection and tracking. The experimental results demonstrate that the proposed method outperforms the two-stage algorithms in terms of the joint performance metric.

Underwater sensor networks (UWSN) are a division of classical wireless sensor networks (WSN), which are designed to accomplish both military and civil operations, such as invasion detection and underwater life monitoring. Underwater sensor nodes operate using the energy provided by integrated limited batteries, and it is a serious challenge to replace the battery under the water especially in harsh conditions with a high number of sensor nodes. Here, energy efficiency confronts as a very important issue. Besides energy efficiency, data privacy is another essential topic since UWSN typically generate delicate sensing data. UWSN can be vulnerable to silent positioning and listening, which is injecting similar adversary nodes into close locations to the network to sniff transmitted data. In this paper, we discuss the usage of compressive sensing (CS) and energy harvesting (EH) to improve the lifetime of the network whilst we suggest a novel encryption decision method to maintain privacy of UWSN. We also deploy a Mixed Integer Programming (MIP) model to optimize the encryption decision cases which leads to an improved network lifetime.

The sheer size of IoT networks being deployed today presents an "attack surface" and poses significant security risks at a scale never before encountered. In other words, a single device/node in a network that becomes infected with malware has the potential to spread malware across the network, eventually ceasing the network functionality. Simply detecting and quarantining the malware in IoT networks does not guarantee to prevent malware propagation. On the other hand, use of traditional control theory for malware confinement is not effective, as most of the existing works do not consider real-time malware control strategies that can be implemented using uncertain infection information of the nodes in the network or have the containment problem decoupled from network performance. In this work, we propose a two-pronged approach, where a runtime malware detector (HaRM) that employs Hardware Performance Counter (HPC) values to detect the malware and benign applications is devised. This information is fed during runtime to a stochastic model predictive controller to confine the malware propagation without hampering the network performance. With the proposed solution, a runtime malware detection accuracy of 92.21% with a runtime of 10ns is achieved, which is an order of magnitude faster than existing malware detection solutions. Synthesizing this output with the model predictive containment strategy lead to achieving an average network throughput of nearly 200% of that of IoT networks without any embedded defense.

Location privacy is one of most frequently discussed terms in the mobile devices security breaches and data leaks. With the expected growth of the number of IoT devices, which is 20 billions by 2020., location privacy issues will be further brought to focus. In this paper we give an overview of location privacy implications in wireless networks, mainly focusing on user's Preferred Network List (list of previously used WiFi Access Points) contained within WiFi Probe Request packets. We will showcase the existing work and suggest interesting topics for future work. A chronological overview of sensitive location data we collected on a musical festival in years 2014, 2015, 2017 and 2018 is provided. We conclude that using passive WiFi monitoring scans produces different results through years, with a significant increase in the usage of a more secure Broadcast Probe Request packets and MAC address randomizations by the smartphone operating systems.

It is often necessary to disclose training data to the public domain, while protecting privacy of certain sensitive labels. We use information theoretic measures to develop such privacy preserving data disclosure mechanisms. Our mechanism involves perturbing the data vectors to strike a balance in the privacy-utility trade-off. We use maximal information leakage between the output data vector and the confidential label as our privacy metric. We first study the theoretical Bernoulli-Gaussian model and study the privacy-utility trade-off when only the mean of the Gaussian distributions can be perturbed. We show that the optimal solution is the same as the case when the utility is measured using probability of error at the adversary. We then consider an application of this framework to a data driven setting and provide an empirical approximation to the Sibson mutual information. By performing experiments on the MNIST and FERG data sets, we show that our proposed framework achieves equivalent or better privacy than previous methods based on mutual information.

In recent years, the research community has increasingly focused on understanding the security and privacy challenges posed by deep learning models. However, the security domain and the privacy domain have typically been considered separately. It is thus unclear whether the defense methods in one domain will have any unexpected impact on the other domain. In this paper, we take a step towards enhancing our understanding of deep learning models when the two domains are combined together. We do this by measuring the success of membership inference attacks against two state-of-the-art adversarial defense methods that mitigate evasion attacks: adversarial training and provable defense. On the one hand, membership inference attacks aim to infer an individual's participation in the target model's training dataset and are known to be correlated with target model's overfitting. On the other hand, adversarial defense methods aim to enhance the robustness of target models by ensuring that model predictions are unchanged for a small area around each sample in the training dataset. Intuitively, adversarial defenses may rely more on the training dataset and be more vulnerable to membership inference attacks. By performing empirical membership inference attacks on both adversarially robust models and corresponding undefended models, we find that the adversarial training method is indeed more susceptible to membership inference attacks, and the privacy leakage is directly correlated with model robustness. We also find that the provable defense approach does not lead to enhanced success of membership inference attacks. However, this is achieved by significantly sacrificing the accuracy of the model on benign data points, indicating that privacy, security, and prediction accuracy are not jointly achieved in these two approaches.

SQL injection is among the most dangerous vulnerabilities in web applications that allow attackers to bypass the authentication and access the application database. Security testing is one of the techniques required to detect the existence of SQL injection vulnerability in a web application. However, inadequate test data during testing can affect the effectiveness of security testing. Therefore, in this paper, the new algorithm is designed and developed by applying the Cartesian Product technique in order to generate a set of invalid test data automatically. A total of 624 invalid test data were generated in order to increase the detection rate of SQL injection vulnerability. Finally, the ideas obtained from our method is able to detect the vulnerability of SQL injection in web application.

The interest over building security-based solutions to reduce the vulnerability exploits and mitigate the risks associated with smart homes in IoT is growing. However, our investigation identified to architect and implement distributed security mechanisms is still a challenge because is necessary to handle security and privacy in IoT middleware with a strong focus. Our investigation, it was identified the significant proportion of the systems that did not address security and did not describe the security approach in any meaningful detail. The idea proposed in this work is to provide middleware aim to implement security mechanisms in smart home and contribute as how guide to beginner developers' IoT middleware. The advantages of using MidSecThings are to avoid leakage data, unavailable service, unidentification action and not authorized access over IoT devices in smart home.

Oscillating-water-column (OWC) devices are a very important type of wave energy converters which have been extensively studied over the years. Although most designs of OWC are based on floating or fixed structures exposed above the surface level, little is known from completely submerged systems which can benefit from reduced environmental loads and a simplified structural design. The submerged type of resonant duct consists of two OWCs separated by a weir and air chamber instead of the commonly used single column. Under conditions close to resonance, water flows from the first column into the second one, resulting in a positive flow through the system from which energy can be extracted by a hydro turbine. While existing work has looked at the study of the behaviour of one OWC, this paper addresses the dynamic interaction between the two water columns including the mass transfer mechanism as well as the associated change of momentum. A numerical time-domain model is used to obtain some initial results on the performance and response of the system for different design parameters. The model is derived from 1D conservation of mass and momentum equations, including hydrodynamic effects, adiabatic air compressibility and turbine induced damping. Preliminary results indicate that the mass transfer has an important effect both on the resonance amplification and on the phase between the motion of the two columns. Simulation results are presented for the system performance over several weir heights and regular wave conditions. Further work will continue in design optimization and experimental validation of the proposed model.

Today the frequency of technological transformations is very high. In order to cope up with these, there is a demand for fast processing and secured algorithms should be proposed for data exchange. In this paper, Advanced Encryption Standard (AES) is modified using DNA cryptography for fast processing and dynamic S-boxes are introduced to develop an attack resistant algorithm. This is strengthened by combining symmetric and asymmetric algorithms. Diffie-Hellman key exchange is used for AES key generation and also for secret number generation used for creation of dynamic S-boxes. The proposed algorithm is fast in computation and can resist cryptographic attacks like linear and differential cryptanalysis attacks.

The security of user personal information on cloud computing is an important issue for the recommendation system. In order to provide high quality recommendation services, privacy of user is often obtained by untrusted recommendation systems. At the same time, malicious attacks often use the recommendation results to try to guess the private data of user. This paper proposes a hybrid algorithm based on NMF and random perturbation technology, which implements the recommendation system and solves the protection problem of user privacy data in the recommendation process on cloud computing. Compared with the privacy protection algorithm of SVD, the elements of the matrix after the decomposition of the new algorithm are non-negative elements, avoiding the meaninglessness of negative numbers in the matrix formed by texts, images, etc., and it has a good explanation for the local characteristics of things. Experiments show that the new algorithm can produce recommendation results with certain accuracy under the premise of protecting users' personal privacy on cloud computing.

The process of information security entails securing the information by transferring it through the networks preventing the data from attacks. This way of securing the information is known as cryptography. The perspective of converting the plain-text into non-understandable format is known as cryptography that could be possible using certain cryptography algorithms. The security could not be offered by the conventional cryptographic algorithms that lacks in their security for the huge amount of growing data, which could be easily broken by the intruders for their malicious activities. This gives rise to the new cryptographic algorithm known as DNA computing that could strengthen the information security, which does not provide any intruders to get authorized to confidential data. The proposed DNA symmetric cryptography enhances information security. The results reveal that encryption process carried out on plain-text is highly secured.

As time progresses, new and complex malware types are being generated which causes a serious threat to computer systems. Due to this drastic increase in the number of malware samples, the signature-based malware detection techniques cannot provide accurate results. Different studies have demonstrated the proficiency of machine learning for the detection and classification of malware files. Further, the accuracy of these machine learning models can be improved by using feature selection algorithms to select the most essential features and reducing the size of the dataset which leads to lesser computations. In this paper, we have developed a machine learning based malware analysis framework for efficient and accurate malware detection and classification. We used Cuckoo sandbox for dynamic analysis which executes malware in an isolated environment and generates an analysis report based on the system activities during execution. Further, we propose a feature extraction and selection module which extracts features from the report and selects the most important features for ensuring high accuracy at minimum computation cost. Then, we employ different machine learning algorithms for accurate detection and fine-grained classification. Experimental results show that we got high detection and classification accuracy in comparison to the state-of-the-art approaches.

The confinement of light in three dimensions (3D) is an active research topic in Nanophotonics, since it allows for ultimate control over photons [1]. A powerful tool to this end is a 3D photonic band gap crystal with a tailored defect that acts as a cavity or even a waveguide [2]. When a one-dimensional array of cavities is coupled, an intricate waveguiding system appears, known as a CROW (coupled resonator optical waveguide) [3]. Remarkably, 3D superlattices of coupled cavities that resonate inside a 3D band gap have not been studied to date. Recently, theoretical work has predicted the occurrence of "Cartesian light", wherein light propagates by hopping only in high symmetry directions in space [4]. This represents the optical analog of the Anderson model for spins or electrons that is relevant for neuromorphic computing and may lead to intricate lasing [5].

Android applications (Apps) have penetrated almost every aspect of our lives, bring users great convenience as well as security concerns. Even though Android system adopts permission mechanism to restrict Apps from accessing important resources of a smartphone, such as telephony, camera and GPS location, users face still significant risk of privacy leakage due to the overprivileged permissions. The overprivileged permission means the extra permission declared by the App but has nothing to do with its function. Unfortunately, there doesn't exist any tool for ordinary users to detect the overprivileged permission of an App, hence most users grant any permission declared by the App, intensifying the risk of private information leakage. Although some previous studies tried to solve the problem of permission overprivilege, their methods are not applicable nowadays because of the progress of App protection technology and the update of Android system. Towards this end, we develop a user-friendly tool based on frequent item set mining for the detection of overprivileged permissions of Android Apps, which is named Droidtector. Droidtector can operate in online or offline mode and users can choose any mode according to their situation. Finally, we run Droidtector on 1000 Apps crawled from Google Play and find that 479 of them are overprivileged, accounting for about 48% of all the sample Apps.

Autonomous technologies have been rapidly replacing the traditional manual intervention nearly in every aspect of our life. These technologies essentially require robots to carry out their automated processes. Nowadays, with the emergence of industry 4.0, robots are increasingly being remote-controlled via client-server connection, which creates uncommon vulnerabilities that allow attackers to target those robots. The development of an open source operational environment for robots, known as Robot Operating System (ROS) has come as a response to these demands. Security and privacy are crucial for the use of ROS as the chance of a compromise may lead to devastating ramifications. In this paper, an overview of ROS and the attacks targeting it are detailed and discussed. Followed by a review of the ROS security and digital investigation studies.

Wearables are now ubiquitous items equipped with a multitude of sensors such as GPS, accelerometer, or Bluetooth. The raw data from this sensors are typically used in a health context. However, we can also use it for security purposes. In this paper, we present a solution that aims at using data from the sensors of a wearable device to identify the password a user is typing on a keyboard by using machine learning algorithms. Hence, the purpose is to determine whether a malicious third party application could extract sensitive data through the raw data that it has access to.

Currently, the guidelines for business entities to collect and use consumer information from online sources is guided by the Fair Information Practice Principles set forth by the Federal Trade Commission in the United States. These guidelines are inadequate, outdated, and provide little protection for consumers. Moreover, there are many techniques to anonymize the stored data that was collected by large companies and governments. However, what does not exist is a framework that is capable of evaluating and scoring the effects of this information in the event of a data breach. In this work, a framework for scoring and evaluating the vulnerability of private data is presented. This framework is created to be used in parallel with currently adopted frameworks that are used to score and evaluate other areas of deficiencies within the software, including CVSS and CWSS. It is dubbed the Privacy Assessment Vulnerability Scoring System (PAVSS) and quantifies the privacy-breach vulnerability an individual takes on when using an online platform. This framework is based on a set of hypotheses about user behavior, inherent properties of an online platform, and the usefulness of available data in performing a cyber attack. The weight each of these metrics has within our model is determined by surveying cybersecurity experts. Finally, we test the validity of our user-behavior based hypotheses, and indirectly our model by analyzing user posts from a large twitter data set.

Wireless Sensor Networks (WSNs) utilizes many dedicated sensors for large scale networks in order to record and monitor the conditions over the environment. Cluster-Based Wireless Sensor Networks (CBWSNs) elucidates essential challenges like routing, load balancing, and lifetime of a network and so on. Conversely, security relies a major challenge in CBWSNs by limiting its resources or not forwarding the data to the other clusters. Wireless Sensor Networks utilize different security methods to offer secure information transmission. Encryption of information records transferred into various organizations thus utilizing a very few systems are the normal practices to encourage high information security. For the most part, such encoded data and also the recovery of unique data depend on symmetric or asymmetric key sets. Collectively with the evolution of security advances, unfruitful or unauthorized endeavors have been made by different illicit outsiders to snip the transmitted information and mystery keys deviously, bother the transmission procedure or misshape the transmitted information and keys. Sometimes, the limitations made in the correspondence channel, transmitting and receiving devices might weaken information security and discontinue a critical job to perform. Thus, in this paper we audit the current information security design and key management framework in WSN. Based on this audit and recent security holes, this paper recommends a plausible incorporated answer for secure transmission of information and mystery keys to address these confinements. Thus, consistent and secure clusters is required to guarantee appropriate working of CBWSNs.

Spreadsheets are widely used in industries for tabular data analysis, visualization and storage. Users often exchange spreadsheets' semi-structured data to collaborative analyze them. Recently, office suites integrated a software module that enables collaborative authoring of office files, including spreadsheets, to facilitate the sharing process. Typically spreadsheets collaborative authoring applications, like Google Sheets or Excel online, need to delocalize the entire file in public cloud storage servers. This choice is not secure for enterprise use because it exposes shared content to the risk of third party access. Moreover, available platforms usually provide coarse grained spreadsheet file sharing, where collaborators have access to all data stored inside a workbook and to all the spreadsheets' formulas used to manipulate those data. This approach limits users' possibilities to disclose only a small portion of tabular data and integrate data coming from different sources (spreadsheets or software platforms). For these reasons enterprise users prefer to control fine grained confidential data exchange and their updates manually through copy, paste, attach-to-email, extract-from-email operations. However unsupervised data sharing and circulation often leads to errors or, at the very least, to inconsistencies, data losses, and proliferation of multiple copies. We propose a model that gives business users a different level of spreadsheet data sharing control, privacy and management. Our approach enables collaborative analytics of tabular data focusing on fine grained spreadsheet data sharing instead of coarse grained file sharing. This solution works with a platform that implements an end to end encrypted protocol for sensitive data sharing that prevents third party access to confidential content. Data are never shared into public clouds but they are transferred encrypted among the administrative domains of collaborators. In this paper we describe the model and the implemented system that enable our solution. We focus on two enterprise use cases we implemented describing how we deployed our platform to speed up and optimize industry processes that involve spreadsheet usage.