Biblio

Found 2356 results

Filters: Keyword is privacy  [Clear All Filters]
2023-05-19
Acheampong, Edward Mensah, Zhou, Shijie, Liao, Yongjian, Antwi-Boasiako, Emmanuel, Obiri, Isaac Amankona.  2022.  Smart Health Records Sharing Scheme based on Partially Policy-Hidden CP-ABE with Leakage Resilience. 2022 IEEE 24th Int Conf on High Performance Computing & Communications; 8th Int Conf on Data Science & Systems; 20th Int Conf on Smart City; 8th Int Conf on Dependability in Sensor, Cloud & Big Data Systems & Application (HPCC/DSS/SmartCity/DependSys). :1408—1415.
With the rapid innovation of cloud computing technologies, which has enhanced the application of the Internet of Things (IoT), smart health (s-health) is expected to enhance the quality of the healthcare system. However, s-health records (SHRs) outsourcing, storage, and sharing via a cloud server must be protected and users attribute privacy issues from the public domain. Ciphertext policy attribute-based encryption (CP-ABE) is the cryptographic primitive which is promising to provide fine-grained access control in the cloud environment. However, the direct application of traditional CP-ABE has brought a lot of security issues like attributes' privacy violations and vulnerability in the future by potential powerful attackers like side-channel and cold-bot attacks. To solve these problems, a lot of CP-ABE schemes have been proposed but none of them concurrently support partially policy-hidden and leakage resilience. Hence, we propose a new Smart Health Records Sharing Scheme that will be based on Partially Policy-Hidden CP-ABE with Leakage Resilience which is resilient to bound leakage from each of many secret keys per user, as well as many master keys, and ensure attribute privacy. Our scheme hides attribute values of users in both secret key and ciphertext which contain sensitive information in the cloud environment and are fully secure in the standard model under the static assumptions.
2023-09-01
She, Cairui, Chen, Liwei, Shi, Gang.  2022.  TFCFI:Transparent Forward Fine-grained Control-Flow Integrity Protection. 2022 IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). :407—414.
Code-reuse attacks (including ROP/JOP) severely threaten computer security. Control-flow integrity (CFI), which can restrict control flow in legal scope, is recognised as an effective defence mechanism against code-reuse attacks. Hardware-based CFI uses Instruction Set Architecture (ISA) extensions with additional hardware modules to implement CFI and achieve better performance. However, hardware-based fine-grained CFI adds new instructions to the ISA, which can not be executed on old processors and breaks the compatibility of programs. Some coarse-grained CFI designs, such as Intel IBT, maintain the compatibility of programs but can not provide enough security guarantees.To balance the security and compatibility of hardware CFI, we propose Transparent Forward CFI (TFCFI). TFCFI implements hardware-based fine-grained CFI designs without changing the ISA. The software modification of TFCFI utilizes address information and hint instructions in RISC-V as transparent labels to mark the program. The hardware module of TFCFI monitors the control flow during execution. The program modified by TFCFI can be executed on old processors without TFCFI. Benefiting from transparent labels, TFCFI also solves the destination equivalence problem. The experiment on FPGA shows that TFCFI incurs negligible performance overhead (1.82% on average).
2023-07-14
Li, Suozai, Huang, Ming, Wang, Qinghao, Zhang, Yongxin, Lu, Ning, Shi, Wenbo, Lei, Hong.  2022.  T-PPA: A Privacy-Preserving Decentralized Payment System with Efficient Auditability Based on TEE. 2022 IEEE 8th International Conference on Computer and Communications (ICCC). :1255–1263.
Cryptocurrencies such as Bitcoin and Ethereum achieve decentralized payment by maintaining a globally distributed and append-only ledger. Recently, several researchers have sought to achieve privacy-preserving auditing, which is a crucial function for scenarios that require regulatory compliance, for decentralized payment systems. However, those proposed schemes usually cost much time for the cooperation between the auditor and the user due to leveraging complex cryptographic tools such as zero-knowledge proof. To tackle the problem, we present T-PPA, a privacy-preserving decentralized payment system, which provides customizable and efficient auditability by leveraging trusted execution environments (TEEs). T-PPA demands the auditor construct audit programs based on request and execute them in the TEE to protect the privacy of transactions. Then, identity-based encryption (IBE) is employed to construct the separation of power between the agency nodes and the auditor and to protect the privacy of transactions out of TEE. The experimental results show that T-PPA can achieve privacy-preserving audits with acceptable overhead.
2023-02-03
Sultana, Habiba, Kamal, A H M.  2022.  An Edge Detection Based Reversible Data Hiding Scheme. 2022 IEEE Delhi Section Conference (DELCON). :1–6.

Edge detection based embedding techniques are famous for data security and image quality preservation. These techniques use diverse edge detectors to classify edge and non-edge pixels in an image and then implant secrets in one or both of these classes. Image with conceived data is called stego image. It is noticeable that none of such researches tries to reform the original image from the stego one. Rather, they devote their concentration to extract the hidden message only. This research presents a solution to the raised reversibility problem. Like the others, our research, first, applies an edge detector e.g., canny, in a cover image. The scheme next collects \$n\$-LSBs of each of edge pixels and finally, concatenates them with encrypted message stream. This method applies a lossless compression algorithm to that processed stream. Compression factor is taken such a way that the length of compressed stream does not exceed the length of collected LSBs. The compressed message stream is then implanted only in the edge pixels by \$n\$-LSB substitution method. As the scheme does not destroy the originality of non-edge pixels, it presents better stego quality. By incorporation the mechanisms of encryption, concatenation, compression and \$n\$-LSB, the method has enriched the security of implanted data. The research shows its effectiveness while implanting a small sized message.

Rout, Sonali, Mohapatra, Ramesh Kumar.  2022.  Hiding Sensitive Information in Surveillance Video without Affecting Nefarious Activity Detection. 2022 2nd International Conference on Artificial Intelligence and Signal Processing (AISP). :1–6.
Protection of private and sensitive information is the most alarming issue for security providers in surveillance videos. So to provide privacy as well as to enhance secrecy in surveillance video without affecting its efficiency in detection of violent activities is a challenging task. Here a steganography based algorithm has been proposed which hides private information inside the surveillance video without affecting its accuracy in criminal activity detection. Preprocessing of the surveillance video has been performed using Tunable Q-factor Wavelet Transform (TQWT), secret data has been hidden using Discrete Wavelet Transform (DWT) and after adding payload to the surveillance video, detection of criminal activities has been conducted with maintaining same accuracy as original surveillance video. UCF-crime dataset has been used to validate the proposed framework. Feature extraction is performed and after feature selection it has been trained to Temporal Convolutional Network (TCN) for detection. Performance measure has been compared to the state-of-the-art methods which shows that application of steganography does not affect the detection rate while preserving the perceptual quality of the surveillance video.
ISSN: 2640-5768
2023-06-29
Atiqoh, Jihan Lailatul, Moesrami Barmawi, Ari, Afianti, Farah.  2022.  Blockchain-based Smart Parking System using Ring Learning With Errors based Signature. 2022 6th International Conference on Cryptography, Security and Privacy (CSP). :154–158.
Recently, placing vehicles in the parking area is becoming a problem. A smart parking system is proposed to solve the problem. Most smart parking systems have a centralized system, wherein that type of system is at-risk of single-point failure that can affect the whole system. To overcome the weakness of the centralized system, the most popular mechanism that researchers proposed is blockchain. If there is no mechanism implemented in the blockchain to verify the authenticity of every transaction, then the system is not secure against impersonation attacks. This study combines blockchain mechanism with Ring Learning With Errors (RLWE) based digital signature for securing the scheme against impersonation and double-spending attacks. RLWE was first proposed by Lyubashevsky et al. This scheme is a development from the previous scheme Learning with Error or LWE.
2023-07-14
Sunil Raj, Y., Albert Rabara, S., Britto Ramesh Kumar, S..  2022.  A Security Architecture for Cloud Data Using Hybrid Security Scheme. 2022 4th International Conference on Smart Systems and Inventive Technology (ICSSIT). :1766–1774.
Cloud Computing revolutionize the usage of Internet of Things enabled devices integrated via Internet. Providing everything in an outsourced fashion, Cloud also lends infrastructures such as storage. Though cloud makes it easy for us to store and access the data faster and easier, yet there exist various security and privacy risks. Such issues if not handled may become more threatening as it could even disclose the privacy of an individual/ organization. Strengthening the security of data is need of the hour. The work proposes a novel architecture enhancing the security of Cloud data in an IoT integrated environment. In order to enhance the security, systematic use of a modified hybrid mechanism based on DNA code and Elliptic Curve Cryptography along with Third Party Audit is proposed. The performance of the proposed mechanism has been analysed. The results ensures that proposed IoT Cloud architecture performs better while providing strong security which is the major aspect of the work.
2023-04-14
Li, Xiling, Ma, Zhaofeng, Luo, Shoushan.  2022.  Blockchain-Oriented Privacy Protection with Online and Offline Verification in Cross-Chain System. 2022 International Conference on Blockchain Technology and Information Security (ICBCTIS). :177–181.
User privacy is an attractive and valuable task to the success of blockchain systems. However, user privacy protection's performance and data capacity have not been well studied in existing access control models of blockchain systems because of traceability and openness of the P2P network. This paper focuses on investigating performance and data capacity from a blockchain infrastructure perspective, which adds secondary encryption to shield confidential information in a non-invasive way. First, we propose an efficient asymmetric encryption scheme by combining homomorphic encryption and state-of-the-art multi-signature key aggregation to preserve privacy. Second, we use smart contracts and CA infrastructure to achieve attribute-based access control. Then, we use the non-interactive zero-knowledge proof scheme to achieve secondary confidentiality explicitly. Finally, experiments show our scheme succeeds better performance in data capacity and system than other schemes. This scheme improves availability and robust scalability, solves the problem of multi-signature key distribution and the unlinkability of transactions. Our scheme has established a sound security cross-chain system and privacy confidentiality mechanism and that has more excellent performance and higher system computing ability than other schemes.
2023-06-30
Lu, Xiaotian, Piao, Chunhui, Han, Jianghe.  2022.  Differential Privacy High-dimensional Data Publishing Method Based on Bayesian Network. 2022 International Conference on Computer Engineering and Artificial Intelligence (ICCEAI). :623–627.
Ensuring high data availability while realizing privacy protection is a research hotspot in the field of privacy-preserving data publishing. In view of the instability of data availability in the existing differential privacy high-dimensional data publishing methods based on Bayesian networks, this paper proposes an improved MEPrivBayes privacy-preserving data publishing method, which is mainly improved from two aspects. Firstly, in view of the structural instability caused by the random selection of Bayesian first nodes, this paper proposes a method of first node selection and Bayesian network construction based on the Maximum Information Coefficient Matrix. Then, this paper proposes a privacy budget elastic allocation algorithm: on the basis of pre-setting differential privacy budget coefficients for all branch nodes and all leaf nodes in Bayesian network, the influence of branch nodes on their child nodes and the average correlation degree between leaf nodes and all other nodes are calculated, then get a privacy budget strategy. The SVM multi-classifier is constructed with privacy preserving data as training data set, and the original data set is used as input to evaluate the prediction accuracy in this paper. The experimental results show that the MEPrivBayes method proposed in this paper has higher data availability than the classical PrivBayes method. Especially when the privacy budget is small (noise is large), the availability of the data published by MEPrivBayes decreases less.
Song, Yuning, Ding, Liping, Liu, Xuehua, Du, Mo.  2022.  Differential Privacy Protection Algorithm Based on Zero Trust Architecture for Industrial Internet. 2022 IEEE 4th International Conference on Power, Intelligent Computing and Systems (ICPICS). :917–920.
The Zero Trust Architecture is an important part of the industrial Internet security protection standard. When analyzing industrial data for enterprise-level or industry-level applications, differential privacy (DP) is an important technology for protecting user privacy. However, the centralized and local DP used widely nowadays are only applicable to the networks with fixed trust relationship and cannot cope with the dynamic security boundaries in Zero Trust Architecture. In this paper, we design a differential privacy scheme that can be applied to Zero Trust Architecture. It has a consistent privacy representation and the same noise mechanism in centralized and local DP scenarios, and can balance the strength of privacy protection and the flexibility of privacy mechanisms. We verify the algorithm in the experiment, that using maximum expectation estimation method it is able to obtain equal or even better result of the utility with the same level of security as traditional methods.
2023-09-20
Zhang, Chengzhao, Tang, Huiyue.  2022.  Empirical Research on Multifactor Quantitative Stock Selection Strategy Based on Machine Learning. 2022 3rd International Conference on Pattern Recognition and Machine Learning (PRML). :380—383.
In this paper, stock selection strategy design based on machine learning and multi-factor analysis is a research hotspot in quantitative investment field. Four machine learning algorithms including support vector machine, gradient lifting regression, random forest and linear regression are used to predict the rise and fall of stocks by taking stock fundamentals as input variables. The portfolio strategy is constructed on this basis. Finally, the stock selection strategy is further optimized. The empirical results show that the multifactor quantitative stock selection strategy has a good stock selection effect, and yield performance under the support vector machine algorithm is the best. With the increase of the number of factors, there is an inverse relationship between the fitting degree and the yield under various algorithms.
2023-04-14
Duan, Zhentai, Zhu, Jie, Zhao, Jin Yi.  2022.  IAM-BDSS: A Secure Ciphertext-Policy and Identity- Attribute Management Data Sharing Scheme based on Blockchain. 2022 International Conference on Blockchain Technology and Information Security (ICBCTIS). :117–122.

CP-ABE (Ciphertext-policy attribute based encryption) is considered as a secure access control for data sharing. However, the SK(secret key) in most CP-ABE scheme is generated by Centralized authority(CA). It could lead to the high cost of building trust and single point of failure. Because of the characters of blockchain, some schemes based on blockchain have been proposed to prevent the disclosure and protect privacy of users' attribute. Thus, a new CP-ABE identity-attribute management(IAM) data sharing scheme is proposed based on blockchain, i.e. IAM-BDSS, to guarantee privacy through the hidden policy and attribute. Meanwhile, we define a transaction structure to ensure the auditability of parameter transmission on blockchain system. The experimental results and security analysis show that our IAM-BDSS is effective and feasible.

2023-06-30
Han, Liquan, Xie, Yushan, Fan, Di, Liu, Jinyuan.  2022.  Improved differential privacy K-means clustering algorithm for privacy budget allocation. 2022 International Conference on Computer Engineering and Artificial Intelligence (ICCEAI). :221–225.
In the differential privacy clustering algorithm, the added random noise causes the clustering centroids to be shifted, which affects the usability of the clustering results. To address this problem, we design a differential privacy K-means clustering algorithm based on an adaptive allocation of privacy budget to the clustering effect: Adaptive Differential Privacy K-means (ADPK-means). The method is based on the evaluation results generated at the end of each iteration in the clustering algorithm. First, it dynamically evaluates the effect of the clustered sets at the end of each iteration by measuring the separation and tightness between the clustered sets. Then, the evaluation results are introduced into the process of privacy budget allocation by weighting the traditional privacy budget allocation. Finally, different privacy budgets are assigned to different sets of clusters in the iteration to achieve the purpose of adaptively adding perturbation noise to each set. In this paper, both theoretical and experimental results are analyzed, and the results show that the algorithm satisfies e-differential privacy and achieves better results in terms of the availability of clustering results for the three standard datasets.
Kai, Liu, Jingjing, Wang, Yanjing, Hu.  2022.  Localized Differential Location Privacy Protection Scheme in Mobile Environment. 2022 IEEE 5th International Conference on Big Data and Artificial Intelligence (BDAI). :148–152.
When users request location services, they are easy to expose their privacy information, and the scheme of using a third-party server for location privacy protection has high requirements for the credibility of the server. To solve these problems, a localized differential privacy protection scheme in mobile environment is proposed, which uses Markov chain model to generate probability transition matrix, and adds Laplace noise to construct a location confusion function that meets differential privacy, Conduct location confusion on the client, construct and upload anonymous areas. Through the analysis of simulation experiments, the scheme can solve the problem of untrusted third-party server, and has high efficiency while ensuring the high availability of the generated anonymous area.
2023-09-20
Shi, Yong.  2022.  A Machine Learning Study on the Model Performance of Human Resources Predictive Algorithms. 2022 4th International Conference on Applied Machine Learning (ICAML). :405—409.
A good ecological environment is crucial to attracting talents, cultivating talents, retaining talents and making talents fully effective. This study provides a solution to the current mainstream problem of how to deal with excellent employee turnover in advance, so as to promote the sustainable and harmonious human resources ecological environment of enterprises with a shortage of talents.This study obtains open data sets and conducts data preprocessing, model construction and model optimization, and describes a set of enterprise employee turnover prediction models based on RapidMiner workflow. The data preprocessing is completed with the help of the data statistical analysis software IBM SPSS Statistic and RapidMiner.Statistical charts, scatter plots and boxplots for analysis are generated to realize data visualization analysis. Machine learning, model application, performance vector, and cross-validation through RapidMiner's multiple operators and workflows. Model design algorithms include support vector machines, naive Bayes, decision trees, and neural networks. Comparing the performance parameters of the algorithm model from the four aspects of accuracy, precision, recall and F1-score. It is concluded that the performance of the decision tree algorithm model is the highest. The performance evaluation results confirm the effectiveness of this model in sustainable exploring of enterprise employee turnover prediction in human resource management.
2023-09-18
Jia, Jingyun, Chan, Philip K..  2022.  Representation Learning with Function Call Graph Transformations for Malware Open Set Recognition. 2022 International Joint Conference on Neural Networks (IJCNN). :1—8.
Open set recognition (OSR) problem has been a challenge in many machine learning (ML) applications, such as security. As new/unknown malware families occur regularly, it is difficult to exhaust samples that cover all the classes for the training process in ML systems. An advanced malware classification system should classify the known classes correctly while sensitive to the unknown class. In this paper, we introduce a self-supervised pre-training approach for the OSR problem in malware classification. We propose two transformations for the function call graph (FCG) based malware representations to facilitate the pretext task. Also, we present a statistical thresholding approach to find the optimal threshold for the unknown class. Moreover, the experiment results indicate that our proposed pre-training process can improve different performances of different downstream loss functions for the OSR problem.
2023-02-03
Chen, Shengjian.  2022.  Trustworthy Internet Based on Generalized Blockchain. 2022 International Conference on Blockchain Technology and Information Security (ICBCTIS). :5–12.
It is the key to the Internet's expansion of social and economic functions by ensuring the credibility of online users' identities and behaviors while taking into account privacy protection. Public Key Infrastructure (PKI) and blockchain technology have provided ways to achieve credibility from different perspectives. Based on these two technologies, we attempt to generalize people's offline activities to online ones with our proposed model, Atom and Molecule. We then present the strict definition of trustworthy system and the trustworthy Internet. The definition of Generalized Blockchain and its practical implementation are provided as well.
2023-01-06
Banciu, Doina, Cîrnu, Carmen Elena.  2022.  AI Ethics and Data Privacy compliance. 2022 14th International Conference on Electronics, Computers and Artificial Intelligence (ECAI). :1—5.
Throughout history, technological evolution has generated less desired side effects with impact on society. In the field of IT&C, there are ongoing discussions about the role of robots within economy, but also about their impact on the labour market. In the case of digital media systems, we talk about misinformation, manipulation, fake news, etc. Issues related to the protection of the citizen's life in the face of technology began more than 25 years ago; In addition to the many messages such as “the citizen is at the center of concern” or, “privacy must be respected”, transmitted through various channels of different entities or companies in the field of ICT, the EU has promoted a number of legislative and normative documents to protect citizens' rights and freedoms.
2023-04-14
Alcaraz-Velasco, Francisco, Palomares, José M., Olivares, Joaquín.  2022.  Analysis of the random shuffling of message blocks as a low-cost integrity and security measure. 2022 17th Iberian Conference on Information Systems and Technologies (CISTI). :1–6.
Recently, a mechanism that randomly shuffles the data sent and allows securing the communication without the need to encrypt all the information has been proposed. This proposal is ideal for IoT systems with low computational capacity. In this work, we analyze the strength of this proposal from a brute-force attack approach to obtain the original message without knowledge of the applied disordering. It is demonstrated that for a set of 10x10 16-bit data, the processing time and the required memory are unfeasible with current technology. Therefore, it is safe.
ISSN: 2166-0727
2023-09-18
Herath, Jerome Dinal, Wakodikar, Priti Prabhakar, Yang, Ping, Yan, Guanhua.  2022.  CFGExplainer: Explaining Graph Neural Network-Based Malware Classification from Control Flow Graphs. 2022 52nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). :172—184.
With the ever increasing threat of malware, extensive research effort has been put on applying Deep Learning for malware classification tasks. Graph Neural Networks (GNNs) that process malware as Control Flow Graphs (CFGs) have shown great promise for malware classification. However, these models are viewed as black-boxes, which makes it hard to validate and identify malicious patterns. To that end, we propose CFG-Explainer, a deep learning based model for interpreting GNN-oriented malware classification results. CFGExplainer identifies a subgraph of the malware CFG that contributes most towards classification and provides insight into importance of the nodes (i.e., basic blocks) within it. To the best of our knowledge, CFGExplainer is the first work that explains GNN-based mal-ware classification. We compared CFGExplainer against three explainers, namely GNNExplainer, SubgraphX and PGExplainer, and showed that CFGExplainer is able to identify top equisized subgraphs with higher classification accuracy than the other three models.
2023-06-09
Wintenberg, Andrew, Lafortune, Stéphane, Ozay, Necmiye.  2022.  Communication Obfuscation for Privacy and Utility against Obfuscation-Aware Eavesdroppers. 2022 American Control Conference (ACC). :3363—3363.
Networked cyber-physical systems must balance the utility of communication for monitoring and control with the risks of revealing private information. Many of these networks, such as wireless communication, are vulnerable to eavesdrop-ping by illegitimate recipients. Obfuscation can hide information from eaves-droppers by ensuring their observations are ambiguous or misleading. At the same time, coordination with recipients can enable them to interpret obfuscated data. In this way, we propose an obfuscation framework for dynamic systems that ensures privacy against eavesdroppers while maintaining utility for legitimate recipients. We consider eavesdroppers unaware of obfuscation by requiring that their observations are consistent with the original system, as well as eaves-droppers aware of the goals of obfuscation by assuming they learn of the specific obfuscation implementation used. We present a method for bounded synthesis of solutions based upon distributed reactive synthesis and the synthesis of publicly-known obfuscators.
ISSN: 2378-5861
2022-12-09
de Oliveira Silva, Hebert.  2022.  CSAI-4-CPS: A Cyber Security characterization model based on Artificial Intelligence For Cyber Physical Systems. 2022 52nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks - Supplemental Volume (DSN-S). :47—48.

The model called CSAI-4-CPS is proposed to characterize the use of Artificial Intelligence in Cybersecurity applied to the context of CPS - Cyber-Physical Systems. The model aims to establish a methodology being able to self-adapt using shared machine learning models, without incurring the loss of data privacy. The model will be implemented in a generic framework, to assess accuracy across different datasets, taking advantage of the federated learning and machine learning approach. The proposed solution can facilitate the construction of new AI cybersecurity tools and systems for CPS, enabling a better assessment and increasing the level of security/robustness of these systems more efficiently.

2023-07-20
Human, Soheil, Pandit, Harshvardhan J., Morel, Victor, Santos, Cristiana, Degeling, Martin, Rossi, Arianna, Botes, Wilhelmina, Jesus, Vitor, Kamara, Irene.  2022.  Data Protection and Consenting Communication Mechanisms: Current Open Proposals and Challenges. 2022 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). :231—239.
Data Protection and Consenting Communication Mechanisms (DPCCMs) enable users to express their privacy decisions and manage their online consent. Thus, they can become a crucial means of protecting individuals' online privacy and agency, thereby replacing the current problematic practices such as “consent dialogues”. Based on an in-depth analysis of different DPCCMs, we propose an interdisciplinary set of factors that can be used for a comparison of such mechanisms. Moreover, we use the results from a qualitative expert study to identify some of the main multidisciplinary challenges that DPCCMs should address to become widely adopted data privacy mechanisms. We leverage both the factors and the challenges to compare two current open specifications, i.e. the Advanced Data Protection Control (ADPC) and the Global Privacy Control (GPC), and discuss future work.
2022-12-23
Rodríguez, Elsa, Fukkink, Max, Parkin, Simon, van Eeten, Michel, Gañán, Carlos.  2022.  Difficult for Thee, But Not for Me: Measuring the Difficulty and User Experience of Remediating Persistent IoT Malware. 2022 IEEE 7th European Symposium on Security and Privacy (EuroS&P). :392–409.
Consumer IoT devices may suffer malware attacks, and be recruited into botnets or worse. There is evidence that generic advice to device owners to address IoT malware can be successful, but this does not account for emerging forms of persistent IoT malware. Less is known about persistent malware, which resides on persistent storage, requiring targeted manual effort to remove it. This paper presents a field study on the removal of persistent IoT malware by consumers. We partnered with an ISP to contrast remediation times of 760 customers across three malware categories: Windows malware, non-persistent IoT malware, and persistent IoT malware. We also contacted ISP customers identified as having persistent IoT malware on their network-attached storage devices, specifically QSnatch. We found that persistent IoT malware exhibits a mean infection duration many times higher than Windows or Mirai malware; QSnatch has a survival probability of 30% after 180 days, whereby most if not all other observed malware types have been removed. For interviewed device users, QSnatch infections lasted longer, so are apparently more difficult to get rid of, yet participants did not report experiencing difficulty in following notification instructions. We see two factors driving this paradoxical finding: First, most users reported having high technical competency. Also, we found evidence of planning behavior for these tasks and the need for multiple notifications. Our findings demonstrate the critical nature of interventions from outside for persistent malware, since automatic scan of an AV tool or a power cycle, like we are used to for Windows malware and Mirai infections, will not solve persistent IoT malware infections.
2023-01-20
Wang, Wei, Yao, Jiming, Shao, Weiping, Xu, Yangzhou, Peng, Shaowu.  2022.  Efficient 5G Network Slicing Selection with Privacy in Smart Grid. 2022 IEEE 10th Joint International Information Technology and Artificial Intelligence Conference (ITAIC). 10:916—922.
To fulfill different requirements from various services, the smart grid typically uses 5G network slicing technique for splitting the physical network into multiple virtual logical networks. By doing so, end users in smart grid can select appropriate slice that is suitable for their services. Privacy has vital significance in network slicing selection, since both the end user and the network entities are afraid that their sensitive slicing features are leaked to an adversary. At the same time, in the smart grid, there are many low-power users who are not suitable for complex security schemes. Therefore, both security and efficiency are basic requirements for 5G slicing selection schemes. Considering both security and efficiency, we propose a 5G slicing selection security scheme based on matching degree estimation, called SS-MDE. In SS-MDE, a set of random numbers is used to hide the feature information of the end user and the AMF which can provide privacy protection for exchanged slicing features. Moreover, the best matching slice is selected by calculating the Euclid distance between two slices. Since the algorithms used in SS-MDE include only several simple mathematical operations, which are quite lightweight, SS-MDE can achieve high efficiency. At the same time, since third-party attackers cannot extract the slicing information, SS-MDE can fulfill security requirements. Experimental results show that the proposed scheme is feasible in real world applications.