Biblio

The main intention of edge computing is to improve network performance by storing and computing data at the edge of the network near the end user. However, its rapid development largely ignores security threats in large-scale computing platforms and their capable applications. Therefore, Security and privacy are crucial need for edge computing and edge computing based environment. Security vulnerabilities in edge computing systems lead to security threats affecting edge computing networks. Therefore, there is a basic need for an intrusion detection system (IDS) designed for edge computing to mitigate security attacks. Due to recent attacks, traditional algorithms may not be possibility for edge computing. This article outlines the latest IDS designed for edge computing and focuses on the corresponding methods, functions and mechanisms. This review also provides deep understanding of emerging security attacks in edge computing. This article proves that although the design and implementation of edge computing IDS have been studied previously, the development of efficient, reliable and powerful IDS for edge computing systems is still a crucial task. At the end of the review, the IDS developed will be introduced as a future prospect.

Web browsers are among the most important but also complex software solutions to access the web. It is therefore not surprising that web browsers are an attractive target for attackers. Especially in the last decade, security researchers and browser vendors have developed sandboxing mechanisms like security-relevant HTTP headers to tackle the problem of getting a more secure browser. Although the security community is aware of the importance of security-relevant HTTP headers, legacy applications and individual requests from different parties have led to possible insecure configurations of these headers. Even if specific security headers are configured correctly, conflicts in their functionalities may lead to unforeseen browser behaviors and vulnerabilities. Recently, the first work which analyzed duplicated headers and conflicts in headers was published by Calzavara et al. at USENIX Security [1]. The authors focused on inconsistent protections by using both, the HTTP header X-Frame-Options and the framing protection of the Content-Security-Policy.We extend their work by analyzing browser behaviors when parsing duplicated headers, conflicting directives, and values that do not conform to the defined ABNF metalanguage specification. We created an open-source testbed running over 19,800 test cases, at which nearly 300 test cases are executed in the set of 66 different browsers. Our work shows that browsers conform to the specification and behave securely. However, all tested browsers behave differently when it comes, for example, to parsing the Strict-Transport-Security header. Moreover, Chrome, Safari, and Firefox behave differently if the header contains a character, which is not allowed by the defined ABNF. This results in the protection mechanism being fully enforced, partially enforced, or not enforced and thus completely bypassable.

Managing electricity effectively also means knowing as accurately as possible when, where and how electricity is used. Detailed metering and timely allocation of consumption can help identify specific areas where energy consumption is excessive and therefore requires action and optimization. All those interested in the measurement process (distributors, sellers, wholesalers, managers, ultimately customers and new prosumer figures - producers / consumers -) have an interest in monitoring and managing energy flows more efficiently, in real time.Smart meter plays a key role in sending data containing consumer measurements to both the producer and the consumer, thanks to chain 2. It allows you to connect consumption and production, during use and the customer’s identity, allowing billing as Time-of-Use or Real-Time Pricing, and through the new two-way channel, this information is also made available to the consumer / prosumer himself, enabling new services such as awareness of energy consumption at the very moment of energy use.This is made possible by latest generation devices that "talk" with the end user, which use chain 2 and the power line for communication.However, the implementation of smart meters and related digital technologies associated with the smart grid raises various concerns, including, privacy. This paper provides a comparative perspective on privacy policies for residential energy customers, moreover, it will be possible to improve security through the blockchain for the introduction of smart contracts.

Over the past decade, smart grids have been widely implemented. Real-time pricing can better address demand-side management in smart grids. Real-time pricing requires managers to interact more with consumers at the data level, which raises many privacy threats. Thus, we introduce differential privacy into the Real-time pricing for privacy protection. However, differential privacy leaves more space for an adversary to compromise the robustness of the system, which has not been well addressed in the literature. In this paper, we propose a novel active attack detection scheme against stealthy attacks, and then give the proof of correctness and effectiveness of the proposed scheme. Further, we conduct extensive experiments with real datasets from CER to verify the detection performance of the proposed scheme.

Active consumers have now been empowered thanks to the smart grid concept. To avoid fossil fuels, the demand side must provide flexibility through Demand Response events. However, selecting the proper participants for an event can be complex due to response uncertainty. The authors design a Contextual Consumer Rate to identify the trustworthy participants according to previous performances. In the present case study, the authors address the problem of new players with no information. In this way, two different methods were compared to predict their rate. Besides, the authors also refer to the consumer privacy testing of the dataset with and without information that could lead to the participant identification. The results found to prove that, for the proposed methodology, private information does not have a high impact to attribute a rate.

When storing face biometric samples in accordance with ISO/IEC 19794 as JPEG2000 encoded images, it is necessary to encrypt them for the sake of users’ privacy. Literature suggests selective encryption of JPEG2000 images as fast and efficient method for encryption, the trade-off is that some information is left in plaintext. This could be used by an attacker, in case the encrypted biometric samples are leaked. In this work, we will attempt to utilize a convolutional neural network to perform cryptanalysis of the encryption scheme. That is, we want to assess if there is any information left in plaintext in the selectively encrypted face images which can be used to identify the person. The chosen approach is to train CNNs for biometric face recognition not only with plaintext face samples but additionally conduct a refinement training with partially encrypted data. If this system can successfully utilize encrypted face samples for biometric matching, we can show that the information left in encrypted biometric face samples is information actually usable for biometric recognition.The method works and we can show that a supposedly secure biometric sample still contains identifying information on average over the whole database.

Smart metering is a mechanism through which fine-grained electricity usage data of consumers is collected periodically in a smart grid. However, a growing concern in this regard is that the leakage of consumers' consumption data may reveal their daily life patterns as the state-of-the-art metering strategies lack adequate security and privacy measures. Many proposed solutions have demonstrated how the aggregated metering information can be transformed to obscure individual consumption patterns without affecting the intended semantics of smart grid operations. In this paper, we expose a complete break of such an existing privacy preserving metering scheme [10] by determining individual consumption patterns efficiently, thus compromising its privacy guarantees. The underlying methodol-ogy of this scheme allows us to - i) retrieve the lower bounds of the privacy parameters and ii) establish a relationship between the privacy preserved output readings and the initial input readings. Subsequently, we present a rigorous experimental validation of our proposed attacking methodology using real-life dataset to highlight its efficacy. In summary, the present paper queries: Is the Whole lesser than its Parts? for such privacy aware metering algorithms which attempt to reduce the information leakage of aggregated consumption patterns of the individuals.

The vehicle-to-grid (V2G) network has a clear advantage in terms of economic benefits, and it has grabbed the interest of powergrid and electric vehicle (EV) consumers. Many V2G techniques, at present, for example, use bilinear pairing to execute the authentication scheme, which results in significant computational costs. Furthermore, in the existing V2G techniques, the system master key is issued independently by the third parties, it is vulnerable to leaking if the third party is compromised by an attacker. This paper presents an efficient and secure anonymous authentication scheme for V2G networks to overcome this issue we use a lightweight authentication system for electric vehicles and smart grids. In the proposed technique, the keys are generated by the trusted authority after the successful registration of EVs in the trusted authority and the dispatching center. The suggested scheme not only enhances the verification performance of V2G networks and also protects against inbuilt hackers.

A reliable database of Indicators of Compromise (IoC’s) is a cornerstone of almost every malware detection system. Building the database and keeping it up-to-date is a lengthy and often manual process where each IoC should be manually reviewed and labeled by an analyst. In this paper, we focus on an automatic way of identifying IoC’s intended to save analysts’ time and scale to the volume of network data. We leverage relations of each IoC to other entities on the internet to build a heterogeneous graph. We formulate a classification task on this graph and apply graph neural networks (GNNs) in order to identify malicious domains. Our experiments show that the presented approach provides promising results on the task of identifying high-risk malware as well as legitimate domains classification.

In healthcare 4.0 ecosystems, authentication of healthcare information allows health stakeholders to be assured that data is originated from correct source. Recently, biometric based authentication is a preferred choice, but as the templates are stored on central servers, there are high chances of copying and generating fake biometrics. An adversary can forge the biometric pattern, and gain access to critical health systems. Thus, to address the limitation, the paper proposes a scheme, PHBio, where an encryption-based biometric system is designed prior before storing the template to the server. Once a user provides his biometrics, the authentication process does not decrypt the data, rather uses a homomorphic-enabled Paillier cryptosystem. The scheme presents the encryption and the comparison part which is based on euclidean distance (EUD) strategy between the user input and the stored template on the server. We consider the minimum distance, and compare the same with a predefined threshold distance value to confirm a biometric match, and authenticate the user. The scheme is compared against parameters like accuracy, false rejection rates (FARs), and execution time. The proposed results indicate the validity of the scheme in real-time health setups.

The cloud provides storage for users to share their files in the cloud. Nowadays some shared data auditing schemes are proposed for protecting data integrity. However, preserving the identity privacy of group users and secure user revocation usually result in high computational overhead. Then a shared data auditing scheme supporting identity privacy preserving is proposed that enables users to be effectively revoked. To preserve identity privacy during the audit process, we develop an efficient authenticator generation mechanism that enables public auditing. Our solution supports efficient user revocation, where the authenticator of the revoked user does not need to be regenerated and integrity checking can be performed appropriately. At the same time, the group manager maintains two tables to ensure user traceability. When the user updates data, two tables are modified and updated by the group manager promptly. It shows that our scheme is secure by security analysis. Moreover, concrete experiments prove the performance of the system.

We have several issues in most current supply chain management systems. Consumers want to spend money on environmentally friendly products, but they are seldomly informed of the environmental contributions of the suppliers. Meanwhile, each supplier seeks to recover the costs for the environmental contributions to re-invest them into further contributions. Instead, in most current supply chains, the reward for each supplier is not clearly defined and fairly distributed. To address these issues, we propose a supply-chain contribution management platform for fair reward distribution called ‘Advanced Ledger.’ This platform records suppliers' environ-mental contribution trails, receives rewards from consumers in exchange for trail-backed fungible tokens, and fairly distributes the rewards to each supplier based on the contribution trails. In this paper, we overview the architecture of Advanced Ledger and 11 technical features, including decentralized autonomous organization (DAO) based contribution verification, contribution concealment, negative-valued tokens, fair reward distribution, atomic rewarding, and layer-2 rewarding. We then study the requirements and candidates of the smart contract platforms for implementing Advanced Ledger. Finally, we introduce a use case called ‘ESG token’ built on the Advanced Ledger architecture.

Estimation for obesity levels is always an important topic in medical field since it can provide useful guidance for people that would like to lose weight or keep fit. The article tries to find a model that can predict obesity and provides people with the information of how to avoid overweight. To be more specific, this article applied dimension reduction to the data set to simplify the data and tried to Figure out a most decisive feature of obesity through Principal Component Analysis (PCA) based on the data set. The article also used some machine learning methods like Support Vector Machine (SVM), Decision Tree to do prediction of obesity and wanted to find the major reason of obesity. In addition, the article uses Artificial Neural Network (ANN) to do prediction which has more powerful feature extraction ability to do this. Finally, the article found that family history of obesity is the most decisive feature, and it may because of obesity may be greatly affected by genes or the family eating diet may have great influence. And both ANN and Decision tree’s accuracy of prediction is higher than 90%.

Cyber Physical Systems (CPS), which contain devices to aid with physical infrastructure activities, comprise sensors, actuators, control units, and physical objects. CPS sends messages to physical devices to carry out computational operations. CPS mainly deals with the interplay among cyber and physical environments. The real-time network data acquired and collected in physical space is stored there, and the connection becomes sophisticated. CPS incorporates cyber and physical technologies at all phases. Cyber Physical Systems are a crucial component of Internet of Things (IoT) technology. The CPS is a traditional concept that brings together the physical and digital worlds inhabit. Nevertheless, CPS has several difficulties that are likely to jeopardise our lives immediately, while the CPS's numerous levels are all tied to an immediate threat, therefore necessitating a look at CPS security. Due to the inclusion of IoT devices in a wide variety of applications, the security and privacy of users are key considerations. The rising level of cyber threats has left current security and privacy procedures insufficient. As a result, hackers can treat every person on the Internet as a product. Deep Learning (DL) methods are therefore utilised to provide accurate outputs from big complex databases where the outputs generated can be used to forecast and discover vulnerabilities in IoT systems that handles medical data. Cyber-physical systems need anomaly detection to be secure. However, the rising sophistication of CPSs and more complex attacks means that typical anomaly detection approaches are unsuitable for addressing these difficulties since they are simply overwhelmed by the volume of data and the necessity for domain-specific knowledge. The various attacks like DoS, DDoS need to be avoided that impact the network performance. In this paper, an effective Network Cluster Reliability Model with enhanced security and privacy levels for the data in IoT for Anomaly Detection (NSRM-AD) using deep learning model is proposed. The security levels of the proposed model are contrasted with the proposed model and the results represent that the proposed model performance is accurate

The advancements in technology can be seen in recent years, and people have been adopting the emerging technologies. Though people rely upon these advancements, many loopholes can be seen if you take a particular field, and attackers are thirsty to steal personal data. There has been an increasing number of cyber threats and breaches happening worldwide, primarily for fun or for ransoms. Web servers and sites of the users are being compromised, and they are unaware of the vulnerabilities. Vulnerabilities include OWASP's top vulnerabilities like SQL injection, Cross-site scripting, and so on. To overcome the vulnerabilities and protect the site from getting down, the proposed work includes the implementation of a Web Application Firewall focused on the Application layer of the OSI Model; the product protects the target web applications from the Common OWASP security vulnerabilities. The Application starts analyzing the incoming and outgoing requests generated from the traffic through the pre-built Application Programming Interface. It compares the request and parameter with the algorithm, which has a set of pre-built regex patterns. The outcome of the product is to detect and reject general OWASP security vulnerabilities, helping to secure the user's business and prevent unauthorized access to sensitive data, respectively.

This paper focuses on the system on wireless sensor networks. The system is linear and the time of the system is discrete as well as variable, which named discrete-time linear time-varying systems (DLTVS). DLTVS are vulnerable to network attacks when exchanging information between sensors in the network, as well as putting their security at risk. A DLTVS with privacy-preserving is designed for this purpose. A set-membership estimator is designed by adding privacy noise obeying the Laplace distribution to state at the initial moment. Simultaneously, the differential privacy of the system is analyzed. On this basis, the real state of the system and the existence form of the estimator for the desired distribution are analyzed. Finally, simulation examples are given, which prove that the model after adding differential privacy can obtain accurate estimates and ensure the security of the system state.

With the increasing complexity of the driving environment, more and more attention has been paid to the research on improving the intelligentization of traffic control. Among them, the digital twin-based internet of vehicle can establish a mirror system on the cloud to improve the efficiency of communication between vehicles, provide warning and safety instructions for drivers, avoid driving potential dangers. To ensure the security and effectiveness of data sharing in traffic control, this paper proposes a secure and privacy-preserving scheme for digital twin-based traffic control. Specifically, in the data uploading phase, we employ a group signature with a time-bound keys technique to realize data source authentication with efficient members revocation and privacy protection, which can ensure that data can be securely stored on cloud service providers after it synchronizes to its twin. In the data sharing stage, we employ the secure and efficient attribute-based access control technique to provide flexible and efficient data sharing, in which the parameters of a specific sub-policy can be stored during the first decryption and reused in subsequent data access containing the same sub-policy, thus reducing the computing complexity. Finally, we analyze the security and efficiency of the scheme theoretically.

A vast volume of digital electronic health records is exchanged across the open network in this modern era. Cross all the existing security methods, encryption is a dependable method of data security. This study discusses an encryption technique for digital medical images that uses chaos combined with deoxyribonucleic acid (DNA). In fact, Rossler's and Lorenz's chaotic systems along with DNA encoding are used in the suggested medical image cryptographic system. Chaos is used to create a random key stream. The DNA encoding rules are then used to encode the key and the input original image. A hardware design of the proposed scheme is implemented on the Zedboard development kit. The experimental findings show that the proposed cryptosystem has strong security while maintaining acceptable hardware performances.

Securing communication and information is known as cryptography. To convert messages from plain text to cipher text and the other way around. It is the process of protecting the data and sending it to the right audience so they can understand and process it. Hence, unauthorized access is avoided. This work suggests leveraging DNA technology for encrypt and decrypt the data. The main aim of utilizing the AES in this stage will transform ASCII code to hexadecimal to binary coded form and generate DNA. The message is encrypted with a random key. Shared key used for encrypt and decrypt the data. The encrypted data will be disguised as an image using steganography. To protect our data from hijackers, assailants, and muggers, it is frequently employed in institutions, banking, etc.

The Internet of Vehicles (IoV) has a tremendous prospect for numerous vehicular applications. IoV enables vehicles to transmit data to improve roadway safety and efficiency. Data security is essential for increasing the security and privacy of vehicle and roadway infrastructures in IoV systems. Several researchers proposed numerous solutions to address security and privacy issues in IoV systems. However, these issues are not proper solutions that lack data authentication and verification protocols. In this paper, a blockchain-enabled automated data management system for vehicles has been proposed and demonstrated. This work enables automated data verification and authentication using smart contracts. Certified organizations can only access vehicle data uploaded by the vehicle user to the Interplanetary File System (IPFS) server through that vehicle user’s consent. The proposed system increases the security of vehicles and data. Vehicle privacy is also maintained here by increasing data privacy.

Android malware is continuously evolving at an alarming rate due to the growing vulnerabilities. This demands more effective malware detection methods. This paper presents DynaMalDroid, a dynamic analysis-based framework to detect malicious applications in the Android platform. The proposed framework contains three modules: dynamic analysis, feature engineering, and detection. We utilized the well-known CICMalDroid2020 dataset, and the system calls of apps are extracted through dynamic analysis. We trained our proposed model to recognize malware by selecting features obtained through the feature engineering module. Further, with these selected features, the detection module applies different Machine Learning classifiers like Random Forest, Decision Tree, Logistic Regression, Support Vector Machine, Naïve-Bayes, K-Nearest Neighbour, and AdaBoost, to recognize whether an application is malicious or not. The experiments have shown that several classifiers have demonstrated excellent performance and have an accuracy of up to 99%. The models with Support Vector Machine and AdaBoost classifiers have provided better detection accuracy of 99.3% and 99.5%, respectively.

Artificial intelligence (AI) has been successfully employed in industries for decades, beginning with the invention of expert systems in the 1960s and continuing through the present ubiquity of deep learning. Data-driven AI solutions have grown increasingly common as a means of supporting ever-more complicated industrial processes owing to the accessibility of affordable computer and storage infrastructure. Despite recent optimism, implementing AI to smart industrial applications still offers major difficulties. The present paper gives an executive summary of AI methodologies with an emphasis on deep learning before detailing unresolved issues in AI safety, data privacy, and data quality — all of which are necessary for completely automated commercial AI systems.

With the dramatic increase in malicious software, the sophistication and innovation of malware have increased over the years. In particular, the dynamic analysis based on the deep neural network has shown high accuracy in malware detection. However, most of the existing methods only employ the raw API sequence feature, which cannot accurately reflect the actual behavior of malicious programs in detail. The relationship between API calls is critical for detecting suspicious behavior. Therefore, this paper proposes a malware detection method based on the graph neural network. We first connect the API sequences executed by different processes to build a directed process graph. Then, we apply Bert to encode the API sequences of each process into node embedding, which facilitates the semantic execution information inside the processes. Finally, we employ GCN to mine the deep semantic information based on the directed process graph and node embedding. In addition to presenting the design, we have implemented and evaluated our method on 10,000 malware and 10,000 benign software datasets. The results show that the precision and recall of our detection model reach 97.84% and 97.83%, verifying the effectiveness of our proposed method.

With the increasing number of distributed energy sources and the growing demand for free exchange of energy, Energy internet (EI) is confronted with great challenges of persistent connection, stable transmission, real-time interaction, and security. The new definition of metaverse in the EI field is proposed as a potential solution for these challenges by establishing a massive and comprehensive fusion 3D network, which can be considered as the advanced stage of EI. The main characteristics of the metaverse such as reality to virtualization, interaction, persistence, and immersion are introduced. Specifically, we present the key enabling technologies of the metaverse including virtual reality, artificial intelligence, blockchain, and digital twin. Meanwhile, the potential applications are presented from the perspectives of immersive user experience, virtual power station, management, energy trading, new business, device maintenance. Finally, some challenges of metaverse in EI are concluded.

New malware increasingly adopts novel fileless techniques to evade detection from antivirus programs. Process injection is one of the most popular fileless attack techniques. This technique makes malware more stealthy by writing malicious code into memory space and reusing the name and port of the host process. It is difficult for traditional security software to detect and intercept process injections due to the stealthiness of its behavior. We propose a novel framework called ProcGuard for detecting process injection behaviors. This framework collects sensitive function call information of typical process injection. Then we perform a fine-grained analysis of process injection behavior based on the function call chain characteristics of the program, and we also use the improved RCNN network to enhance API analysis on the tampered memory segments. We combine API analysis with deep learning to determine whether a process injection attack has been executed. We collect a large number of malicious samples with process injection behavior and construct a dataset for evaluating the effectiveness of ProcGuard. The experimental results demonstrate that it achieves an accuracy of 81.58% with a lower false-positive rate compared to other systems. In addition, we also evaluate the detection time and runtime performance loss metrics of ProcGuard, both of which are improved compared to previous detection tools.