Biblio

A new method for the detection of ransomware in an infected host is described and evaluated. The method utilizes data streams from on-board sensors to fingerprint the initiation of a ransomware infection. These sensor streams, which are common in modern computing systems, are used as a side channel for understanding the state of the system. It is shown that ransomware detection can be achieved in a rapid manner and that the use of slight, yet distinguishable changes in the physical state of a system as derived from a machine learning predictive model is an effective technique. A feature vector, consisting of various sensor outputs, is coupled with a detection criteria to predict the binary state of ransomware present versus normal operation. An advantage of this approach is that previously unknown or zero-day version s of ransomware are vulnerable to this detection method since no apriori knowledge of the malware characteristics are required. Experiments are carried out with a variety of different system loads and with different encryption methods used during a ransomware attack. Two test systems were utilized with one having a relatively low amount of available sensor data and the other having a relatively high amount of available sensor data. The average time for attack detection in the "sensor-rich" system was 7.79 seconds with an average Matthews correlation coefficient of 0.8905 for binary system state predictions regardless of encryption method and system load. The model flagged all attacks tested.

Security of physical layer key generation is based on the randomness and reciprocity of wireless fading channel, which has attracted more and more attention in recent years. This paper proposes a rate adaptive key agreement scheme and utilizes the received signal strength (RSS) of the channel between two wireless devices to generate the key. In conventional information reconciliation process, the bit inconsistency rate is usually eliminated by using the filter method, which increases the possibility of exposing the generated key bit string. Building on the strengths of existing secret key extraction approaches, this paper develops a scheme that uses Reed-Solomon (RS) codes, one of forward error correction channel codes, for information reconciliation. Owing to strong error correction performance of RS codes, the proposed scheme can solve the problem of inconsistent key bit string in the process of channel sensing. At the same time, the composition of RS codes can help the scheme realize rate adaptation well due to the construction principle of error correction code, which can freely control the code rate and achieve the reconciliation method of different key bit string length. Through experiments, we find that when the number of inconsistent key bits is not greater than the maximum error correction number of RS codes, it can well meet the purpose of reconciliation.

Smart grids can be exposed to relay attacks (or wormhole attacks) resulting from weaknesses in cryptographic operations such as authentication and key derivation associated with process automation protocols. Relay attacks refer to attacks in which authentication is evaded without needing to attack the smart grid itself. By using a universal composability model that provides a strong security notion for designing cryptographic operations, we formulate the necessary relay resilience settings for strengthening authentication and key derivation and enhancing relay security in process automation protocols in this paper. We introduce R-Chain, a universally composable relay resilience framework that prevents bypass of cryptographic operations. Our framework provides an ideal chaining functionality that integrates all cryptographic operations such that all outputs from a preceding operation are used as input to the subsequent operation to support relay resilience. We apply R-Chain to provide relay resilience in a practical smart grid process automation protocol, namely WirelessHART.

Internet of Things (IoT) networks are often attacked to compromise the security and privacy of application data and disrupt the services offered by them. The attacks are being launched at different layers of IoT protocol stack by exploiting their inherent weaknesses. Forensic investigations need substantial artifacts and datasets to support the decisions taken during analysis and while attributing the attack to the adversary. Network provenance plays a crucial role in establishing the relationships between network entities. Hence IoT networks can be made forensic ready so that network provenance may be collected to help in constructing these artifacts. The paper proposes Ready-IoT, a novel forensic readiness model for IoT environment to collect provenance from the network which comprises of both network parameters and traffic. A link layer dataset, Link-IoT Dataset is also generated by querying provenance graphs. Finally, Link-IoT dataset is compared with other IoT datasets to draw a line of difference and applicability to IoT environments. We believe that the proposed features have the potential to detect the attacks performed on the IoT network.

In recent years, one of the important and interesting tasks has become the protection of civilian and military objects from unmanned aerial vehicles (UAVs) carrying a potential threat. To solve this problem, it is required to detect UAVs and activate protective systems. UAVs can be represented as aerodynamic objects of the monoplane or multicopter type with acoustic fingerprints. In this paper we consider algorithm for UAV acoustic detection and recognition system. Preliminary results of analysis of experimental data show effectiveness of proposed approach.

In this paper, we propose a relational anonymous P2P communication network evaluation model based on Markov chain (AEMC), and show how to extend our model to the anonymous evaluation of sender and receiver relationship anonymity when the attacker attacks the anonymous P2P communication network and obtains some information. Firstly, the constraints of the evaluation model (the attacker assumption for message tracing) are specified in detail; then the construction of AEMC anonymous evaluation model and the specific evaluation process are described; finally, the simulation experiment is carried out, and the evaluation model is applied to the probabilistic anonymous evaluation of the sender and receiver relationship of the attacker model, and the evaluation is carried out from the perspective of user (message).

The Internet of Things integrates multiple hardware appliances from large cloud data centres to constrained devices embedded within the physical reality, from multiple vendors and providers, under the same infrastructure. These appliances are subject to different restrictions, have different available resources and show different risk profiles and vulnerabilities. In these scenarios, remote attestation mechanisms are essential, enabling the verification of a distant appliance’s internal state before allowing it to access sensitive data or execute critical workloads. This work proposes a new attestation approach based on a Trusted Platform Module (TPM), devoted to performing Remote Attestation as a Service (RAaaS) while guaranteeing essential properties such as flexibility, generality, domain separation and authorized initiation. The proposed solution can prove both edge devices and IoT devices reliability to services running on cloud data centres. Furthermore, the first prototype of this service has been validated and evaluated via a real use case.

The popularity of P2P (Peer-To-Peer) systems is increased tremendously due to massive increase in the Internet based applications. Initially, P2P systems were mainly designed for wired networks but today people are using more wireless networks and therefore these systems are gaining popularity. There are many wireless networks available today and WMNs (Wireless Mess Networks) are gaining popularity due to hybrid structure. People are using structured P2P systems-based applications within perimeter of a WMN. Structured P2P WMNs will assist the community to fetch the relevant information to accomplish their activities. There are inherent challenges in the structured P2P network and increased in wireless environment like WMNs. Structured P2P systems suffer from many challenges like lack of content availability, malicious content distribution, poor search scalability, free riding behaviour, white washing, lack of a robust trust model etc. Whereas, WMNs have limitations like mobility management, bandwidth constraint, limited battery power of user's devices, security, maintenance etc. in remote/ forward areas. We exploit the better possibility of content availability and search scalability in this paper. We propose replication schemes based on the popularity of content for structured P2P system applications in community based WMNs. The analysis of the performance shows that proposed scheme performs better than the existing replication scheme in different conditions.

For a long time, there have been a number of malicious APP discovery and detection services in the Android security field. There are multiple and multiple sensitive actions in most malicious apps. This paper is based on the research of dynamic and static detection technology to analyze the sensitive behaviors in APP, combined with automated testing technology to achieve automated detection, which can improve the detection efficiency and accuracy of malicious APP.

As a new service-oriented computing paradigm, cloud computing facilitates users to share and use resources. However, due to the dynamic and openness of its operating environment, only relying on traditional identity authentication technology can no longer fully meet the security requirements of cloud computing. The trust evaluation of user behavior has become the key to improve the security of cloud computing. Therefore, in view of some problems existing in our current research on user behavior trust, this paper optimizes and improves the construction of the evaluation index system and the calculation of trust value, and proposes a cloud end-user behavior trust evaluation model based on sliding window. Finally, the model is proved to be scientific and effective by simulation experiments, which has certain significance for the security protection of cloud resources.

As the rapid development of information technology and networks, there have been several new challenges to data security. For security needs in the process of data transmission and storage, the data security protection mechanism based on SM algorithm is studied. In addition, data cryptographic security protection system model composed of cryptographic infrastructure, cryptographic service nodes and cryptographic modules is proposed. As the core of the mechanism, SM algorithm not only brings about efficient data encryption and decryption, but ensures the security, integrity and non-repudiation of data transmission and storage. Secure and controllable key management is implemented by this model, which provides easy-to-expandable cryptographic services, and brings efficient cryptographic capabilities applicable for multiple scenarios.

With the development of openness, sharing and interconnection of computer network, the architecture of enterprise network becomes more and more complex, and various network security problems appear. Threat Intelligence(TI) Analysis and situation awareness(SA) are the prediction and analysis technology of enterprise security risk, while intrusion detection technology belongs to active defense technology. In order to ensure the safe operation of computer network system, we must establish a multi-level and comprehensive security system. This paper analyzes many security risks faced by enterprise computer network, and integrates threat intelligence analysis, security situation assessment, intrusion detection and other technologies to build a comprehensive enterprise security system to ensure the security of large enterprise network.

With the continuous emergence of cloud computing technology, cloud infrastructure software will become the mainstream application model in the future. Among the databases, relational databases occupy the largest market share. Therefore, the relational cloud database will be the main product of the combination of database technology and cloud computing technology, and will become an important branch of the database industry. This article explores the establishment of an evaluation system framework for relational databases, helping enterprises to select relational cloud database products according to a clear goal and path. This article can help enterprises complete the landing of relational cloud database projects.

With the rapid development of the internet of things and cloud computing, users can instantly transmit a large amount of data to various fields, with the development of communication technology providing convenience for people's life, information security is becoming more and more important. Therefore, it is of great significance to study the technology of image hiding information detection. This paper mainly uses the support vector machine learning algorithm to detect the hidden information of the image, based on a standard image library, randomly selecting images for embedding secret information. According to the bit-plane correlation and the gradient energy change of a single bit-plane after encryption of an image LSB matching algorithm, gradient energy change is selected as characteristic change, and the gradient energy change is innovatively applied to a support vector machine classifier algorithm, and has very good detection effect and good stability on the dense image with the embedding rate of more than 40 percent.

With the increasing scale of network, the scale of attack graph has been becoming larger and larger, and the number of nodes in attack graph is also increasing, which can not directly reflect the impact of nodes on the whole system. Therefore, in this paper, a method was proposed to determine the key nodes of network attack graph of power information physical system to solve the problem of uncertain emphasis of security protection of attack graph.

Traditional software intellectual property protection technology improves the complexity and anti-attack ability of the program, while it also increases the extra execution cost of the program. Therefore, this paper starts with the obfuscation of program control flow in reverse engineering to provide defense strategies for the protection of software intellectual property rights. Focusing on the parsing and obfuscation of Java byte code, we implement a prototype of code obfuscation system. The scheme improves the class aggregation and class splitting algorithms, discusses the fusion methods of various independent code obfuscation technologies, and provides the description and implementation of other key module algorithms. The experimental analysis shows that the obfuscation transformation scheme in this paper not only gets higher security, but also improves the program performance to a certain extent, which can effectively protect the intellectual property rights of Java software.

In order to improve the big data management ability of IOT access control based on converged network structure, a security integration model of IOT access control based on machine learning and converged network structure is proposed. Combined with the feature analysis method, the storage structure allocation model is established, the feature extraction and fuzzy clustering analysis of big data are realized by using the spatial node rotation control, the fuzzy information fusion parameter analysis model is constructed, the frequency coupling parameter analysis is realized, the virtual inertia parameter analysis model is established, and the integrated processing of big data is realized according to the machine learning analysis results. The test results show that the method has good clustering effect, reduces the storage overhead, and improves the reliability management ability of big data.

As the extensive use of the wireless sensor networks in Advanced Metering Infrastructure (AMI) of Smart Grid, the network security of AMI becomes more important. Thus, an optimization of trust management mechanism of Beta distribution theory is put forward in this article. First of all, a self-adaption method of trust features sampling is proposed, that adjusts acquisition frequency according to fluctuation of trust attribute collected, which makes the consumption of network resource minimum under the precondition of ensuring accuracy of trust value; Then, the collected trust attribute is judged based on the Mahalanobis distance; Finally, calculate the nodes’ trust value by the optimization of the Beta distribution theory. As the simulation shows, the trust management scheme proposed is suited to WSNs in AMI, and able to reflect the trust value of nodes in a variety of circumstances change better.

Aiming at the problems of single protection, lack of monitoring and unable to be physically isolated in time under abnormal conditions, an industrial control boundary network security protection method is provided. Realize the real-time monitoring and analysis of the network behavior of the industrial control boundary, realize the in-depth defense of the industrial control boundary, and timely block it in the way of logical link and physical link isolation in case of illegal intrusion, so as to comprehensively improve the protection level of the boundary security of the industrial control system.

Device-to-Device (D2D) communications play a key role in the mobile communication networks. In spite of its benefits, new system architecture expose the D2D communications to unique security threats. Due to D2D users share the same licensed spectrum resources with the cellular users, both the cellular user and D2D receiver can eavesdrop each other's critical information. Thus, to maximize the secrecy rate from the perspective of physical layer security, the letter proposed a optimal power allocation scheme and subsequently to optimization problem of resource allocation is systematically investigated. The efficacy of the proposed scheme is assessed numerically.

The standard routing technique that was developed for satisfying low power IoT application needs is RPL which is a protocol in compliance with 6LoWPAN specification. RPL was created for addressing the issues and challenges of constrained and lossy network routing. However, RPL does not accomplish efficiency with respect to power and reliability altogether which are definitely needed in IoT applications. RPL runs on routing metrics and objective function which determines the optimal path in routing. This paper focuses on contributing a comprehensive survey on the improved objective functions proposed by several researchers for RPL. In addition, the paper concentrates on highlighting the strengths and shortcomings of the different approaches in designing the objective function. The approaches built on Fuzzy logic are found to be more efficient and the relevant works related to these are compared. Furthermore, we present the insights drawn from the survey and summarize the challenges which can be effectively utilized for future works.

For systems with order of dynamics higher than two and oscillating loads with low damping, a non-collocation of the sensing and control can deteriorate robustness of the feedback and, in worst case, even bring it to instability. Furthermore, for a contactless sensing of the oscillating mechanical load, like in the system under investigation, the control structure is often restricted to the single proportional feedback only. This paper proposes a novel robust feedback control scheme for a low-damped fourth-order system using solely the measured load displacement. For reference tracking, the loop shaping design relies on a band reject filter, while the plant uncertainties are used as robustness measure for determining the feedback gain. Since prime uncertainties are due to the stiffness of elastic link, correspondingly connecting spring, and due to the gain of actuator transducer, the loop sensitivity function with additive plant variation is used for robustness measure. In order to deal with unknown disturbances, which are inherently exciting the load oscillations independently of the loop shaping performance, an output delay-based compensator is proposed as a second control-degree-of-freedom. That one requires an estimate of the load oscillation frequency only and does not affect the shaped open-loop behavior, correspondingly sensitivity function. An extensive numerical setup of the modeled system, a two-mass oscillator with contactless sensing of the load under gravity and low damping of the connecting spring, is used for the control evaluation and assessment of its robustness.

Considering the influence of load, This paper proposes a robust analysis method of cyber-physical power system based on the evolution of adjacency matrix. This method uses the load matrix to detect whether the system has overload failure, utilizes the reachable matrix to detect whether the system has unconnected failure, and uses the dependency matrix to reveal the cascading failure mechanism in the system. Finally, analyze the robustness of the cyber-physical power system. The IEEE30 standard node system is taken as an example for simulation experiment, and introduced the connectivity index and the load loss ratio as evaluation indexes. The robustness of the system is evaluated and analyzed by comparing the variation curves of connectivity index and load loss ratio under different tolerance coefficients. The results show that the proposed method is feasible, reduces the complexity of graph-based attack methods, and easy to research and analyze.

A common way to detect malware attacks and avoid their destructive impact on a system is the use of virtual machines; A.K.A sandboxing. Attackers, on the other hand, strive to detect sandboxes when their software is running under such a virtual environment. Accordingly, they postpone launching any attack (Malware) as long as operating under such an execution environment. Thus, it is common among malware developers to utilize different sandbox detection techniques (sometimes referred to as Anti-VM or Anti-Virtualization techniques). In this paper, we present novel, side-channel-based techniques to detect sandboxes. We show that it is possible to detect even sandboxes that were properly configured and so far considered to be detection-proof. This paper proposes and implements the first attack which leverage side channels leakage between sibling logical cores to determine the execution environment.

This paper presents a new framework for SATCOM jamming resiliency in the presence of a smart adversary jammer that can prioritize specific channels to attack with a non-uniform probability of distribution. We first develop a model and a defense action strategy based on a Markov decision process (MDP). We propose a greedy algorithm for the MDP-based defense algorithm's policy to optimize the expected user's immediate and future discounted rewards. Next, we remove the assumption that the user has specific information about the attacker's pattern and model. We develop a Q-learning algorithm-a reinforcement learning (RL) approach-to optimize the user's policy. We show that the Q-learning method provides an attractive defense strategy solution without explicit knowledge of the jammer's strategy. Computer simulation results show that the MDP-based defense strategies are very efficient; they offer a significant data rate advantage over the simple random hopping approach. Also, the proposed Q-learning performance can achieve close to the MDP approach without explicit knowledge of the jammer's strategy or attacking model.