Biblio
Compressed sensing can represent the sparse signal with a small number of measurements compared to Nyquist-rate samples. Considering the high-complexity of reconstruction algorithms in CS, recently compressive detection is proposed, which performs detection directly in compressive domain without reconstruction. Different from existing work that generally considers the measurements corrupted by dense noises, this paper studies the compressive detection problem when the measurements are corrupted by both dense noises and sparse errors. The sparse errors exist in many practical systems, such as the ones affected by impulse noise or narrowband interference. We derive the theoretical performance of compressive detection when the sparse error is either deterministic or random. The theoretical results are further verified by simulations.
In machine learning, feature engineering has been a pivotal stage in building a high-quality predictor. Particularly, this work explores the multiple Kernel Discriminant Component Analysis (mKDCA) feature-map and its variants. However, seeking the right subset of kernels for mKDCA feature-map can be challenging. Therefore, we consider the problem of kernel selection, and propose an algorithm based on Differential Mutual Information (DMI) and incremental forward search. DMI serves as an effective metric for selecting kernels, as is theoretically supported by mutual information and Fisher's discriminant analysis. On the other hand, incremental forward search plays a role in removing redundancy among kernels. Finally, we illustrate the potential of the method via an application in privacy-aware classification, and show on three mobile-sensing datasets that selecting an effective set of kernels for mKDCA feature-maps can enhance the utility classification performance, while successfully preserve the data privacy. Specifically, the results show that the proposed DMI forward search method can perform better than the state-of-the-art, and, with much smaller computational cost, can perform as well as the optimal, yet computationally expensive, exhaustive search.
Technological advances in wearable and implanted medical devices are enabling wireless body area networks to alter the current landscape of medical and healthcare applications. These systems have the potential to significantly improve real time patient monitoring, provide accurate diagnosis and deliver faster treatment. In spite of their growth, securing the sensitive medical and patient data relayed in these networks to protect patients' privacy and safety still remains an open challenge. The resource constraints of wireless medical sensors limit the adoption of traditional security measures in this domain. In this work, we propose a distributed mobile agent based intrusion detection system to secure these networks. Specifically, our autonomous mobile agents use machine learning algorithms to perform local and network level anomaly detection to detect various security attacks targeted on healthcare systems. Simulation results show that our system performs efficiently with high detection accuracy and low energy consumption.
As a vital component of variety cyber attacks, malicious domain detection becomes a hot topic for cyber security. Several recent techniques are proposed to identify malicious domains through analysis of DNS data because much of global information in DNS data which cannot be affected by the attackers. The attackers always recycle resources, so they frequently change the domain - IP resolutions and create new domains to avoid detection. Therefore, multiple malicious domains are hosted by the same IPs and multiple IPs also host same malicious domains in simultaneously, which create intrinsic association among them. Hence, using the labeled domains which can be traced back from queries history of all domains to verify and figure out the association of them all. Graphs seem the best candidate to represent for this relationship and there are many algorithms developed on graph with high performance. A graph-based interface can be developed and transformed to the graph mining task of inferring graph node's reputation scores using improvements of the belief propagation algorithm. Then higher reputation scores the nodes reveal, the more malicious probabilities they infer. For demonstration, this paper proposes a malicious domain detection technique and evaluates on a real-world dataset. The dataset is collected from DNS data servers which will be used for building a DNS graph. The proposed technique achieves high performance in accuracy rates over 98.3%, precision and recall rates as: 99.1%, 98.6%. Especially, with a small set of labeled domains (legitimate and malicious domains), the technique can discover a large set of potential malicious domains. The results indicate that the method is strongly effective in detecting malicious domains.
Acoustic emanations of computer keyboards represent a serious privacy issue. As demonstrated in prior work, physical properties of keystroke sounds might reveal what a user is typing. However, previous attacks assumed relatively strong adversary models that are not very practical in many real-world settings. Such strong models assume: (i) adversary's physical proximity to the victim, (ii) precise profiling of the victim's typing style and keyboard, and/or (iii) significant amount of victim's typed information (and its corresponding sounds) available to the adversary. This paper presents and explores a new keyboard acoustic eavesdropping attack that involves Voice-over-IP (VoIP), called Skype & Type (S&T), while avoiding prior strong adversary assumptions. This work is motivated by the simple observation that people often engage in secondary activities (including typing) while participating in VoIP calls. As expected, VoIP software acquires and faithfully transmits all sounds, including emanations of pressed keystrokes, which can include passwords and other sensitive information. We show that one very popular VoIP software (Skype) conveys enough audio information to reconstruct the victim's input – keystrokes typed on the remote keyboard. Our results demonstrate that, given some knowledge on the victim's typing style and keyboard model, the attacker attains top-5 accuracy of 91.7% in guessing a random key pressed by the victim. Furthermore, we demonstrate that S&T is robust to various VoIP issues (e.g., Internet bandwidth fluctuations and presence of voice over keystrokes), thus confirming feasibility of this attack. Finally, it applies to other popular VoIP software, such as Google Hangouts.
Since the Information Networks are added to the current electricity networks, the security and privacy of individuals is challenged. This combination of technologies creates vulnerabilities in the context of smart grid power which disrupt the consumer energy supply. Methods based on encryption are against the countermeasures attacks that have targeted the integrity and confidentiality factors. Although the cryptography strategies are used in Smart Grid, key management which is different in size from tens to millions of keys (for meters), is considered as the critical processes. The Key mismanagement causes to reveal the secret keys for attacker, a symmetric key distribution method is recently suggested by [7] which is based on a symmetric key distribution, this strategy is very suitable for smart electric meters. The problem with this method is its vulnerability to impersonating respondents attack. The proposed approach to solve this problem is to send the both side identifiers in encrypted form based on hash functions and a random value, the proposed solution is appropriate for devices such as meters that have very little computing power.
The security of Wireless Sensor Networks (WSNs) is vital in several applications such as the tracking and monitoring of endangered species such as pandas in a national park or soldiers in a battlefield. This kind of applications requires the anonymity of the source, known as Source Location Privacy (SLP). The main aim is to prevent an adversary from tracing back a real event to the originator by analyzing the network traffic. Previous techniques have achieved high anonymity such as Dummy Uniform Distribution (DUD), Dummy Adaptive Distribution (DAD) and Controlled Dummy Adaptive Distribution (CAD). However, these techniques increase the overall overhead of the network. To overcome this shortcoming, a new technique is presented: Exponential Dummy Adaptive Distribution (EDAD). In this technique, an exponential distribution is used instead of the uniform distribution to reduce the overhead without sacrificing the anonymity of the source. The exponential distribution improves the lifetime of the network since it decreases the number of transmitted packets within the network. It is straightforward and easy to implement because it has only one parameter $łambda$ that controls the transmitting rate of the network nodes. The conducted adversary model is global, which has a full view of the network and is able to perform sophisticated attacks such as rate monitoring and time correlation. The simulation results show that the proposed technique provides less overhead and high anonymity with reasonable delay and delivery ratio. Three different analysis models are developed to confirm the validation of our technique. These models are visualization model, a neural network model, and a steganography model.
In this paper we make the case for IoT edge offloading, which strives to exploit the resources on edge computing devices by offloading fine-grained computation tasks from the cloud closer to the users and data generators (i.e., IoT devices). The key motive is to enhance performance, security and privacy for IoT services. Our proposal bridges the gap between cloud computing and IoT by applying a divide and conquer approach over the multi-level (cloud, edge and IoT) information pipeline. To validate the design of IoT edge offloading, we developed a unikernel-based prototype and evaluated the system under various hardware and network conditions. Our experimentation has shown promising results and revealed the limitation of existing IoT hardware and virtualization platforms, shedding light on future research of edge computing and IoT.
The data security is a challenging issue nowadays with the increase of information capacity and its transmission rate. The most common and widely used techniques in the data security fields are cryptography and steganography. The combination of cryptography and steganography methods provides more security to the data. Now, DNA (Deoxyribonucleic Acid) is explored as a new carrier for data security since it achieves maximum protection and powerful security with high capacity and low modification rate. A new data security method can be developed by taking the advantages of DNA based AES (Advanced Encryption Standard) cryptography and DNA steganography. This new technique will provide multilayer security to the secret message. Here the secret message is first encoded to DNA bases then DNA based AES algorithm is applied to it. Finally the encrypted DNA will be concealed in another DNA sequence. This hybrid technique provides triple layer security to the secret message.
With the rapid and radical evolution of information and communication technology, energy consumption for wireless communication is growing at a staggering rate, especially for wireless multimedia communication. Recently, reducing energy consumption in wireless multimedia communication has attracted increasing attention. In this paper, we propose an energy-efficient wireless image transmission scheme based on adaptive block compressive sensing (ABCS) and SoftCast, which is called ABCS-SoftCast. In ABCS-SoftCast, the compression distortion and transmission distortion are considered in a joint manner, and the energy-distortion model is formulated for each image block. Then, the sampling rate (SR) and power allocation factors of each image block are optimized simultaneously. Comparing with conventional SoftCast scheme, experimental results demonstrate that the energy consumption can be greatly reduced even when the receiving image qualities are approximately the same.
The main issue with big data in cloud is the processed or used always need to be by third party. It is very important for the owners of data or clients to trust and to have the guarantee of privacy for the information stored in cloud or analyzed as big data. The privacy models studied in previous research showed that privacy infringement for big data happened because of limitation, privacy guarantee rate or dissemination of accurate data which is obtainable in the data set. In addition, there are various privacy models. In order to determine the best and the most appropriate model to be applied in the future, which also guarantees big data privacy, it is necessary to invest in research and study. In the next part, we surfed some of the privacy models in order to determine the advantages and disadvantages of each model in privacy assurance for big data in cloud. The present study also proposes combined Diff-Anonym algorithm (K-anonymity and differential models) to provide data anonymity with guarantee to keep balance between ambiguity of private data and clarity of general data.
In this paper, an advanced security and stability defense framework that utilizes multisource power system data to enhance the power system security and resilience is proposed. The framework consists of early warning, preventive control, on-line state awareness and emergency control, requires in-depth collaboration between power engineering and data science. To realize this framework in practice, a cross-disciplinary research topic — the big data analytics for power system security and resilience enhancement, which consists of data converting, data cleaning and integration, automatic labelling and learning model establishing, power system parameter identification and feature extraction using developed big data learning techniques, and security analysis and control based on the extracted knowledge — is deeply investigated. Domain considerations of power systems and specific data science technologies are studied. The future technique roadmap for emerging problems is proposed.
Tactical wireless sensor networks (WSNs) are deployed over a region of interest for mission centric operations. The sink node in a tactical WSN is the aggregation point of data processing. Due to its essential role in the network, the sink node is a high priority target for an attacker who wishes to disable a tactical WSN. This paper focuses on the mitigation of sink-node vulnerability in a tactical WSN. Specifically, we study the issue of protecting the sink node through a technique known as k-anonymity. To achieve k-anonymity, we use a specific routing protocol designed to work within the constraints of WSN communication protocols, specifically IEEE 802.15.4. We use and modify the Lightweight Ad hoc On-Demand Next Generation (LOADng) reactive-routing protocol to achieve anonymity. This modified LOADng protocol prevents an attacker from identifying the sink node without adding significant complexity to the regular sensor nodes. We simulate the modified LOADng protocol using a custom-designed simulator in MATLAB. We demonstrate the effectiveness of our protocol and also show some of the performance tradeoffs that come with this method.
Malware writers often develop malware with automated measures, so the number of malware has increased dramatically. Automated measures tend to repeatedly use significant modules, which form the basis for identifying malware variants and discriminating malware families. Thus, we propose a novel visualization analysis method for researching malware similarity. This method converts malicious Windows Portable Executable (PE) files into local entropy images for observing internal features of malware, and then normalizes local entropy images into entropy pixel images for malware classification. We take advantage of the Jaccard index to measure similarities between entropy pixel images and the k-Nearest Neighbor (kNN) classification algorithm to assign entropy pixel images to different malware families. Preliminary experimental results show that our visualization method can discriminate malware families effectively.
Outsourcing data storage and IT workloads to a third-party cloud provider introduces some security risks and time performance degradation. Moreover, controlling access to this data becomes very difficult when the volume of the data and number of users is very high. Various access control techniques have been proposed to address this issue. However, those techniques have complex schemes which are costly to be applied in real scenarios and they have limited flexibility and scalability to large volumes of data and users. In this paper we propose ESSAC which is an enhanced version of the SSAC scheme. ESSAC introduces a fine-grained access control scheme based on a classified Attribute Based Encryption, Role Based Encryption and Single Key Encryption methodology which achieves highest security without degrading the performance. We validate our scheme using a simulation on top of Amazon S3 and compare it to current schemes.
With the rapid application of the network based communication in industries, the security related problems appear to be inevitable for automation networks. The integration of internet into the automation plant benefited companies and engineers a lot and on the other side paved ways to number of threats. An attack on such control critical infrastructure may endangers people's health and safety, damage industrial facilities and produce financial loss. One of the approach to secure the network in automation is the development of an efficient Network based Intrusion Detection System (NIDS). Despite several techniques available for intrusion detection, they still lag in identifying the possible attacks or novel attacks on network efficiently. In this paper, we evaluate the performance of detection mechanism by combining the deep learning techniques with the machine learning techniques for the development of Intrusion Detection System (IDS). The performance metrics such as precession, recall and F-Measure were measured.
The Internet of Things (IoT) comes together with the connection between sensors and devices. These smart devices have been upgraded from a standalone device which can only handle a specific task at one time to an interactive device that can handle multiple tasks in time. However, this technology has been exposed to many vulnerabilities especially on the malicious attacks of the devices. With the IoT constraints and low-security mechanisms applied, the malicious attacks could exploit the sensor vulnerability to provide wrong data where it can lead to wrong interpretation and actuation to the users. Due to this problems, this short paper presents an event-based access control framework that considers integrity, privacy and the authenticity in the IoT devices.
Box queries on a dataset in a multidimensional data space are a type of query which specifies a set of allowed values for each dimension. Indexing a dataset in a multidimensional Non-ordered Discrete Data Space (NDDS) for supporting efficient box queries is becoming increasingly important in many application domains such as genome sequence analysis. The BoND-tree was recently introduced as an index structure specifically designed for box queries in an NDDS. Earlier work focused on developing strategies for building an effective BoND-tree to achieve high query performance. Developing efficient and effective techniques for deleting indexed vectors from the BoND-tree remains an open issue. In this paper, we present three deletion algorithms based on different underflow handling strategies in an NDDS. Our study shows that incorporating a new BoND-tree inspired heuristic can provide improved performance compared to the traditional underflow handling heuristics in NDDSs.
Hacker forums and other social platforms may contain vital information about cyber security threats. But using manual analysis to extract relevant threat information from these sources is a time consuming and error-prone process that requires a significant allocation of resources. In this paper, we explore the potential of Machine Learning methods to rapidly sift through hacker forums for relevant threat intelligence. Utilizing text data from a real hacker forum, we compared the text classification performance of Convolutional Neural Network methods against more traditional Machine Learning approaches. We found that traditional machine learning methods, such as Support Vector Machines, can yield high levels of performance that are on par with Convolutional Neural Network algorithms.
Nowadays, the Internet is developed, so that the requirements for on- and offline data storage have increased. Large storage IT projects, are related to large costs and high level of business risk. A storage service provider (SSP) provides computer storage space and management. In addition to that, it offers also back-up and archiving. Despite this, many companies fears security, privacy and integrity of outsourced data. As a solution, File Assured Deletion (FADE) is a system built upon standard cryptographic issues. It aims to guarantee their privacy and integrity, and most importantly, assuredly deleted files to make them unrecoverable to anybody (including those who manage the cloud storage) upon revocations of file access policies, by encrypting outsourced data files. Unfortunately, This system remains weak, in case the key manager's security is compromised. Our work provides a new scheme that aims to improve the security of FADE by using the TPM (Trusted Platform Module) that stores safely keys, passwords and digital certificates.
We propose a real time authentication scheme for smart grids which improves upon existing schemes. Our scheme is useful in many situations in smart grid operations. The smart grid Control Center (CC) communicates with the sensor nodes installed in the transmission lines so as to utilize real time data for monitoring environmental conditions in order to determine optimum power transmission capacity. Again a smart grid Operation Center (OC) communicates with several Residential Area (RA) gateways (GW) that are in turn connected to the smart meters installed in the consumer premises so as to dynamically control the power supply to meet demand based on real time electricity use information. It is not only necessary to authenticate sensor nodes and other smart devices, but also protect the integrity of messages being communicated. Our scheme is based on batch signatures and are more efficient than existing schemes. Furthermore our scheme is based on stronger notion of security, whereby the batch of signatures verify only if all individual signatures are valid. The communication overhead is kept low by using short signatures for verification.
Having an effective security level for Embedded System (ES), helps a reliable and stable operation of this system. In order to identify, if the current security level for a given ES is effective or not, we need a proactive evaluation for this security level. The evaluation of the security level for ESs is not straightforward process, things like the heterogeneity among the components of ES complicate this process. One of the productive approaches, which overcame the complexity of evaluation for Security, Privacy and Dependability (SPD) is the Multi Metrics (MM). As most of SPD evaluation approaches, the MM approach bases on the experts knowledge for the basic evaluation. Regardless of its advantages, experts evaluation has some drawbacks, which foster the need for less experts-dependent evaluation. In this paper, we propose a framework for security measurability as a part of security, privacy and dependability evaluation. The security evaluation based on Multi Metric (MM) approach as being an effective approach for evaluations, thus, we call it MM framework. The art of evaluation investigated within MM framework, based also on systematic storing and retrieving of experts knowledge. Using MM framework, the administrator of the ES could evaluate and enhance the S-level of their system, without being an expert in security.
The proposed frame describes two objectives one is to issue certificates through online and second is provide three level security through DNA cryptography. DNA Cryptography means converting the data to the DNA sequence. DNA is a succession comprising of four letters in order; A, C, G and T. every letter set is identified with a nucleotide. DNA can be used for store data, transmit the data and also used for computation of the data. This paper implemented 3 levels of cryptography. The receiver will apply the decryption for extracting the readable from the unreadable format. This DNA cryptography provide the security more than the other cryptography, but it takes more time complexity for generating the encoding and decoding and it has the chances to hacking the data by the hacker. So in this paper we implement the fast three level DNA Cryptography for me seva services.
With the accelerated iteration of technological innovation, blockchain has rapidly become one of the hottest Internet technologies in recent years. As a decentralized and distributed data management solution, blockchain has restored the definition of trust by the embedded cryptography and consensus mechanism, thus providing security, anonymity and data integrity without the need of any third party. But there still exists some technical challenges and limitations in blockchain. This paper has conducted a systematic research on current blockchain application in cybersecurity. In order to solve the security issues, the paper analyzes the advantages that blockchain has brought to cybersecurity and summarizes current research and application of blockchain in cybersecurity related areas. Through in-depth analysis and summary of the existing work, the paper summarizes four major security issues of blockchain and performs a more granular analysis of each problem. Adopting an attribute-based encryption method, the paper also puts forward an enhanced access control strategy.
With the increasing popularity of augmented reality (AR) services, providing seamless human-computer interactions in the AR setting has received notable attention in the industry. Gesture control devices have recently emerged to be the next great gadgets for AR due to their unique ability to enable computer interaction with day-to-day gestures. While these AR devices are bringing revolutions to our interaction with the cyber world, it is also important to consider potential privacy leakages from these always-on wearable devices. Specifically, the coarse access control on current AR systems could lead to possible abuse of sensor data. Although the always-on gesture sensors are frequently quoted as a privacy concern, there has not been any study on information leakage of these devices. In this article, we present our study on side-channel information leakage of the most popular gesture control device, Myo. Using signals recorded from the electromyography (EMG) sensor and accelerometers on Myo, we can recover sensitive information such as passwords typed on a keyboard and PIN sequence entered through a touchscreen. EMG signal records subtle electric currents of muscle contractions. We design novel algorithms based on dynamic cumulative sum and wavelet transform to determine the exact time of finger movements. Furthermore, we adopt the Hudgins feature set in a support vector machine to classify recorded signal segments into individual fingers or numbers. We also apply coordinate transformation techniques to recover fine-grained spatial information with low-fidelity outputs from the sensor in keystroke recovery. We evaluated the information leakage using data collected from a group of volunteers. Our results show that there is severe privacy leakage from these commodity wearable sensors. Our system recovers complex passwords constructed with lowercase letters, uppercase letters, numbers, and symbols with a mean success rate of 91%.