Biblio

Code-reuse techniques have emerged as a way to defeat the control-flow defenses that prevent the injection and execution of new code, as they allow an adversary to hijack the control flow of a victim program without injected code. A well-known code-reuse attack technique is Return-OrientedProgramming (ROP), which considers and links together (relatively short) code snippets, named ROP gadgets, already present in the victim’s memory address space through a controlled use of the stack values of the victim program. Although ROP attacks are known to be Turing-complete, there are still open question such as the quantification of the executional power of an adversary, which is determined by whatever code exists in the memory of a victim program, and whether an adversary can build a ROP chain, made up of ROP gadgets, for any kind of algorithm. To fill these gaps, in this paper we first define a virtual language, dubbed ROPLANG, that defines a set of operations (specifically, arithmetic, assignment, dereference, logical, and branching operations) which are mapped to ROP gadgets. We then use it to evaluate the executional power of an adversary in Windows 7 and Windows 10, in both 32- and 64-bit versions. In addition, we have developed ROP3, a tool that accepts a set of program files and a ROP chain described with our language and returns the code snippets that make up the ROP chain. Our results show that there are enough ROP gadgets to simulate any virtual operation and that branching operations are the less frequent ones. As expected, our results also indicate that the larger a program file is, the more likely to find ROP gadgets within it for every virtual operation.

Discovering vulnerabilities is an information-intensive task that requires a developer to locate the defects in the code that have security implications. The task is difficult due to the growing code complexity and some developer's lack of security expertise. Although tools have been created to ease the difficulty, no single one is sufficient. In practice, developers often use a combination of tools to uncover vulnerabilities. Yet, the basis on which different tools are composed is under explored. In this paper, we examine the composition base by taking advantage of the tool design patterns informed by foraging theory. We follow a design science methodology and carry out a three-step empirical study: mapping 34 foraging-theoretic patterns in a specific vulnerability discovery tool, formulating hypotheses about the value and cost of foraging when considering two composition scenarios, and performing a human-subject study to test the hypotheses. Our work offers insights into guiding developers' tool usage in detecting software vulnerabilities.

Largely known for attack scenarios, code reuse techniques at a closer look reveal properties that are appealing also for program obfuscation. We explore the popular return-oriented programming paradigm under this light, transforming program functions into ROP chains that coexist seamlessly with the surrounding software stack. We show how to build chains that can withstand popular static and dynamic deobfuscation approaches, evaluating the robustness and overheads of the design over common programs. The results suggest a significant amount of computational resources would be required to carry a deobfuscation attack for secret finding and code coverage goals.

In the field of image steganography, edge detection based implantation methods play vital rules in providing stronger security of hided data. In this arena, researcher applies a suitable edge detection method to detect edge pixels in an image. Those detected pixels then conceive secret message bits. A very recent trend is to employ multiple edge detection methods to increase edge pixels in an image and thus to enhance the embedding capacity. The uses of multiple edge detectors additionally boost up the data security. Like as the demand for embedding capacity, many applications need to have the modified image, i.e., stego image, with good quality. Indeed, when the message payload is low, it will not be a better idea to finds more local pixels for embedding that small payload. Rather, the image quality will look better, visually and statistically, if we could choose a part but sufficient pixels to implant bits. In this article, we propose an algorithm that uses multiple edge detection algorithms to find edge pixels separately and then selects pixels which are common to all edges. This way, the proposed method decreases the number of embeddable pixels and thus, increases the image quality. The experimental results provide promising output.

Controller area network is the serial communication protocol, which broadcasts the message on the CAN bus. The transmitted message is read by all the nodes which shares the CAN bus. The message can be eavesdropped and can be re-used by some other node by changing the information or send it by duplicate times. The message reused after some delay is replay attack. In this paper, the CAN network with three CAN nodes is implemented using the universal verification components and the replay attack is demonstrated by creating the faulty node. Two types of replay attack are implemented in this paper, one is to replay the entire message and the other one is to replay only the part of the frame. The faulty node uses the first replay attack method where it behaves like the other node in the network by duplicating the identifier. CAN frame except the identifier is reused in the second method which is hard to detect the attack as the faulty node uses its own identifier and duplicates only the data in the CAN frame.

The development of technologies makes it possible to increase the power of information processing systems, but the modernization of processors brings not only an increase in performance but also an increase in the number of errors and vulnerabilities that can allow an attacker to attack the system and gain access to confidential information. White-Box cryptography allows (due to its structure) not only monitoring possible changes but also protects the processed data even with full access of the attacker to the environment. Elliptic Curve Cryptography (ECC) due to its properties, is becoming stronger and stronger in our lives, as it allows you to get strong encryption at a lower cost of processing your own algorithm. This allows you to reduce the load on the system and increase its performance.

In this work, the algorithm of increasing the information security of a communication system with Orthogonal Frequency Division Multiplexing (OFDM) was achieved by using a discrete-nonlinear Duffing system with dynamic chaos. The main idea of increasing information security is based on scrambling input information on three levels. The first one is mixing up data order, the second is scrambling data values and the final is mixing symbols at the Quadrature Amplitude Modulation (QAM) plot constellation. Each level's activities were made with the use of pseudorandom numbers set, generated by the discrete-nonlinear Duffing system with dynamic chaos.

Code-reuse attacks pose a threat to embedded devices since they are able to defeat common security defenses such as non-executable stacks. To succeed in his code-reuse attack, the attacker has to gain knowledge of some or all of the instructions of the target firmware/software. In case of a bare-metal firmware that is protected from being dumped out of a device, it is hard to know the running instructions of the target firmware. This consequently makes code-reuse attacks more difficult to achieve. This paper shows how an attacker can gain knowledge of some of these instructions by sniffing the unencrypted incremental updates. These updates exist to reduce the radio reception power for resource-constrained devices. Based on the literature, these updates are checked against authentication and integrity, but they are sometimes sent unencrypted. Therefore, it will be demonstrated how a Return-Oriented Programming (ROP) attack can be accomplished using only the passively sniffed incremental updates. The generated updates of the R3diff and Delta Generator (DG) differencing algorithms will be under assessment. The evaluation reveals that both of them can be exploited by the attacker. It also shows that the DG generated updates leak more information than the R3diff generated updates. To defend against this attack, different countermeasures that consider different power consumption scenarios are proposed, but yet to be evaluated.

The fusion of infrared and visible images using traditional multi-scale decomposition methods often leads to the loss of detailed information or the blurring of image edges, which is because the contour information and the detailed information within the contour cannot be retained simultaneously in the fusion process. To obtain high-quality fused images, a hybrid multi-scale decomposition fusion method using co-occurrence and Gaussian filters is proposed in this research. At first, by making full use of the smoothing effect of the Gaussian filter and edge protection characteristic of the co-occurrence filter, source images are decomposed into multiple hierarchical structures with different characteristics. Then, characteristics of sub-images at each level are analyzed, and the corresponding fusion rules are designed for images at different levels. At last, the final fused image obtained by combining fused sub-images of each level has rich scene information and clear infrared targets. Compared with several traditional multi-scale fusion algorithms, the proposed method has great advantages in some objective evaluation indexes.

In the crowdsourced testing system, due to the openness of crowdsourced testing platform and other factors, the security of crowdsourced testing intellectual property cannot be effectively protected. We proposed an attribute-based double encryption scheme, combined with the blockchain technology, to achieve the data access control method of the code to be tested. It can meet the privacy protection and traceability of specific intellectual property in the crowdsourced testing environment. Through the experimental verification, the access control method is feasible, and the performance test is good, which can meet the normal business requirements.

Intrusion Detection System (IDS) is one of the most important security tool for many security issues that are prevailing in today's cyber world. Intrusion Detection System is designed to scan the system applications and network traffic to detect suspicious activities and issue an alert if it is discovered. So many techniques are available in machine learning for intrusion detection. The main objective of this project is to apply machine learning algorithms to the data set and to compare and evaluate their performances. The proposed application has used the SVM (Support Vector Machine) and ANN (Artificial Neural Networks) Algorithms to detect the intrusion rates. Each algorithm is used to detect whether the requested data is authorized or contains any anomalies. While IDS scans the requested data if it finds any malicious information it drops that request. These algorithms have used Correlation-Based and Chi-Squared Based feature selection algorithms to reduce the dataset by eliminating the useless data. The preprocessed dataset is trained and tested with the models to obtain the prominent results, which leads to increasing the prediction accuracy. The NSL KDD dataset has been used for the experimentation. Finally, an accuracy of about 48% has been achieved by the SVM algorithm and 97% has been achieved by ANN algorithm. Henceforth, ANN model is working better than the SVM on this dataset.

The ubiquity of wireless communication systems has resulted in extensive concern regarding their security issues. Combination of signaling and secrecy coding can provide greater improvement of confidentiality than tradition methods. In this work, we mainly focus on the secrecy coding design for physical layer security in wireless communications. When the main channel and wiretap channel are noisy, we propose a McEliece secure coding method based on LDPC which can guarantee both reliability between intended users and information security with respect to eavesdropper simultaneously. Simulation results show that Bob’s BER will be significantly decreased with the SNR increased, while Eve get a BER of 0.5 no matter how the SNR changes.

This paper proposes a novel network intrusion detection algorithm based on the combination of Subspace Clustering (SSC) and BP neural network. Firstly, we perform a subspace clustering algorithm on the network data set to obtain different subspaces. Secondly, BP neural network intrusion detection is carried out on the data in different subspaces, and calculate the prediction error value. By comparing with the pre-set accuracy, the threshold is constantly updated to improve the ability to identify network attacks. By comparing with K-means, DBSCAN, SSC-EA and k-KNN intrusion detection model, the SSC-BP neural network model can detect the most attacked networks with the lowest false detection rate.

This paper integrates Software-Defined Networking (SDN) and Information -Centric Networking (ICN) framework to enable low latency-based stateful routing and caching management by leveraging a novel forwarding and caching strategy. The framework is implemented in a clean- slate environment that does not rely on the TCP/IP principle. It utilizes Pending Interest Tables (PIT) instead of Forwarding Information Base (FIB) to perform data dissemination among peers in the proposed IC-SDN framework. As a result, all data exchanged and cached in the system are organized in chunks with the same interest resulting in reduced packet overhead costs. Additionally, we propose an efficient caching strategy that leverages in- network caching and naming of contents through an IC-SDN controller to support off- path caching. The testbed evaluation shows that the proposed IC-SDN implementation achieves an increased throughput and reduced latency compared to the traditional information-centric environment, especially in the high load scenarios.

This paper puts forward a dynamic reduction method of renewable energy based on N-1 safety standard of power system, which is suitable for high-voltage distribution network and can reduce the abandoned amount of renewable energy to an ideal level. On the basis of AC sensitivity coefficient, the optimization method of distribution factor suitable for single line or multi-line disconnection is proposed. Finally, taking an actual high-voltage distribution network in Germany as an example, the simulation results show that the proposed method can effectively limit the line load, and can greatly reduce the line load with less RES reduction.

In order to strengthen information security, practical solutions to reduce information security stress are needed because the motivation of the members of the organization who use it is needed to work properly. Therefore, this study attempts to suggest the key factors that can enhance security while reducing the information security stress of organization members. To this end, based on the theory of protection motivation, trust and security stress in information security policies are set as mediating factors to explain changes in security reinforcement behavior, and risk, efficacy, and reaction costs of cyberattacks are considered as prerequisites. Our study suggests a solution to the security reinforcement problem by analyzing the factors that influence the behavior of organization members that can raise the protection motivation of the organization members.

Aiming at the problems of imperfect dynamic verification of power grid security and stability control strategy and high test cost, a reliability test method of power grid security control system based on BP neural network and dynamic group simulation is proposed. Firstly, the fault simulation results of real-time digital simulation system (RTDS) software are taken as the data source, and the dynamic test data are obtained with the help of the existing dispatching data network, wireless virtual private network, global positioning system and other communication resources; Secondly, the important test items are selected through the minimum redundancy maximum correlation algorithm, and the test items are used to form a feature set, and then the BP neural network model is used to predict the test results. Finally, the dynamic remote test platform is tested by the dynamic whole group simulation of the security and stability control system. Compared with the traditional test methods, the proposed method reduces the test cost by more than 50%. Experimental results show that the proposed method can effectively complete the reliability test of power grid security control system based on dynamic group simulation, and reduce the test cost.

Data generated from various dynamic applications of Internet of Things (IoT) based healthcare technology is effectively used for decision-making, providing reliable and smart healthcare services to the elderly and patients with chronic diseases. Since these precious data are susceptible to various security attacks, continuous monitoring of the system's compliance and identification of security risks in IoT data propagation is essential through potentially several layers of applications. This paper pinpoints how security-aware data provenance graphs can support compliance checking and risk estimation by including sufficient information on security controls and other security-relevant evidence. Real-time analysis of these security evidence to enable a step-wise validation and providing the evidence of this validation to end-users is currently not possible with the available data. This paper analyzes the security concerns in different phases of data propagation in a designed IoT-health scenario and promotes step-wise validation of security evidence. It proposes a system model with a novel protocol that documents and verifies evidence for security controls for data-object relations in data provenance graphs to assist compliance checking of security regulation of healthcare systems. With this regard, this paper discusses the proposed system model design with the requirements for technical safeguards of the Health Insurance Portability and Accountability Act (HIPAA). Based on the verification output at each phase, the proposed protocol reports this chain of verification by creating certain security tokens. Finally, the paper provides a formal security validation and security design analysis to show the applicability of this step-wise validation within the proposed system model.

An unprecedented upsurge in the number of cyberattacks and threats is the corollary of ubiquitous internet connectivity. Among a variety of threats and attacks, Denial of Service (DoS) attacks are crucial and conventional mechanisms currently being used for detection/ identification of these attacks are not adequate. The use of real-time and robust mechanisms is the way to handle this. Machine learning-based techniques have been extensively used for this in the recent past. In this paper, a robust mechanism using Support Vector Machine Based Auto-Encoder is proposed for identifying DoS attacks. The proposed technique is tested on the CICIDS dataset and has given 99.32 % accuracy for DoS attacks. To study the effect of the number of features on the performance of the technique, a discriminant component analysis is deployed for feature reduction and independent experiments, namely SVM with 25 features, SVM with 30 features, SVM with 35 features, and PCA-SVM with 25 features, are conducted. From the experiments, it is observed that AE-SVM has performed better than others.

The Internet-of-Things (IoT) paradigm at large continues to be compromised, hindering the privacy, dependability, security, and safety of our nations. While the operational security communities (i.e., CERTS, SOCs, CSIRT, etc.) continue to develop capabilities for monitoring cyberspace, tools which are IoT-centric remain at its infancy. To this end, we address this gap by innovating an actionable Cyber Threat Intelligence (CTI) feed related to Internet-scale infected IoT devices. The feed analyzes, in near real-time, 3.6TB of daily streaming passive measurements ( ≈ 1M pps) by applying a custom-developed learning methodology to distinguish between compromised IoT devices and non-IoT nodes, in addition to labeling the type and vendor. The feed is augmented with third party information to provide contextual information. We report on the operation, analysis, and shortcomings of the feed executed during an initial deployment period. We make the CTI feed available for ingestion through a public, authenticated API and a front-end platform.

We propose and demonstrate a set of microservice-based security components able to perform physical layer security assessment and mitigation in optical networks. Results illustrate the scalability of the attack detection mechanism and the agility in mitigating attacks.

The growing adoption of IoT devices is creating a huge positive impact on human life. However, it is also making the network more vulnerable to security threats. One of the major threats is malicious traffic injection attack, where the hacked IoT devices overwhelm the application servers causing large-scale service disruption. To address such attacks, we propose a Software Defined Networking based predictive alarm manager solution for malicious traffic detection and mitigation at the IoT Gateway. Our experimental results with the proposed solution confirms the detection of malicious flows with nearly 95% precision on average and at its best with around 99% precision.

Cloud computing systems (CCSs) enable the sharing of physical computing resources through virtualisation, where a group of virtual machines (VMs) can share the same physical resources of a given machine. However, this sharing can lead to a so-called side-channel attack (SCA), widely recognised as a potential threat to CCSs. Specifically, malicious VMs can capture information from (target) VMs, i.e., those with sensitive information, by merely co-located with them on the same physical machine. As such, a VM allocation algorithm needs to be cognizant of this issue and attempts to allocate the malicious and target VMs onto different machines, i.e., the allocation algorithm needs to be security-aware. This paper investigates the allocation patterns of VM allocation algorithms that are more likely to lead to a secure allocation. A driving objective is to reduce the number of VM migrations during allocation. We also propose a graph-based secure VMs allocation algorithm (GbSRS) to minimise SCA threats. Our results show that algorithms following a stacking-based behaviour are more likely to produce secure VMs allocation than those following spreading or random behaviours.

This paper presents a secure reinforcement learning (RL) based control method for unknown linear time-invariant cyber-physical systems (CPSs) that are subjected to compositional attacks such as eavesdropping and covert attack. We consider the attack scenario where the attacker learns about the dynamic model during the exploration phase of the learning conducted by the designer to learn a linear quadratic regulator (LQR), and thereafter, use such information to conduct a covert attack on the dynamic system, which we refer to as doubly learning-based control and attack (DLCA) framework. We propose a dynamic camouflaging based attack-resilient reinforcement learning (ARRL) algorithm which can learn the desired optimal controller for the dynamic system, and at the same time, can inject sufficient misinformation in the estimation of system dynamics by the attacker. The algorithm is accompanied by theoretical guarantees and extensive numerical experiments on a consensus multi-agent system and on a benchmark power grid model.

Mobile payment protocols have attracted widespread attention over the past decade, due to advancements in digital technology. The use of these protocols in online industries can dramatically improve the quality of online services. However, the central issue of concern when utilizing these types of systems is their accountability, which ensures trust between the parties involved in payment transactions. It is, therefore, vital for researchers to investigate how to handle the accountability of mobile payment protocols. In this research, we introduce a secure mobile payment protocol to overcome this problem. Our payment protocol combines all the necessary security features, such as confidentiality, integrity, authentication, and authorization that are required to build trust among parties. In other words, is the properties of mutual authentication and non-repudiation are ensured, thus providing accountability. Our approach can resolve any conflicts that may arise in payment transactions between parties. To prove that the proposed protocol is correct and complete, we use the Scyther and AVISPA tools to verify our approach formally.