Biblio

Software defined networking (SDN) architecture frame- work eases the work of the network administrators by separating the data plane from the control plane. This provides a programmable interface for applications development related to security and management. The centralized logical controller provides more control over the total network, which has complete network visibility. These SDN advantages expose the network to vulnerabilities and the impact of the attacks is much severe when compared to traditional networks, where the network devices have protection from the attacks and limits the occurrence of attacks. In this paper, we proposed an entropy based algorithm in SDN to detect as well as stopping distributed denial of service (DDoS) attacks on the servers or clouds or hosts. Firstly, there explored various attacks that can be launched on SDN at different layers. Basically DDoS is one kind of denial of service attack in which an attacker uses multiple distributed sources for attacking a particular server. Every network in a system has an entropy and an increase in the randomness of probability causes entropy to decrease. In comparison with previous entropy based approaches this approach has higher performance in distinguishing legal and illegal traffics and blocking illegal traffic paths. Linux OS and Mininet Simulator along with POX controller are used to validate the proposed approach. By conducting pervasive simulation along with theoretical analysis this method can definitely detect and stop DDoS attacks automatically.

Threat Intelligence has been a key part of the success of Intrusion Detection, with several trusted sources leading to wide adoption and greater understanding of new and trending threats to computer networks. Identifying potential threats and live attacks on networks is only half the battle, knowing how to correctly respond to these threats and attacks requires in-depth and domain specific knowledge, which may be unique to subject experts and software vendors. Network Incident Responders and Intrusion Response Systems can benefit from a similar approach to Threat Intel, with a focus on potential Response actions. A qualitative comparison of current Threat Intel Sources and prominent Intrusion Response Systems is carried out to aid in the identification of key requirements to be met to enable the adoption of Response Intel. Building on these requirements, a template for Response Intel is proposed which incorporates standardised models developed by MITRE. Similarly, to facilitate the automated use of Response Intel, a structure for automated Response Actions is proposed.

Nowadays, children, teens, and almost everyone around us tend to receive abundant and frequent advice regarding the usefulness of syllabification. Not only does it improve pronunciation, but it also makes it easier for us to read unfamiliar words in chunks of syllables rather than reading them all at once. Within this paper, we have designed, implemented, and presented a Turing machine-based syllable splitter. A Turing machine forms the theoretical basis for all modern computers and can be used to solve universal problems. On the other hand, a syllable splitter is used to hyphenate words into their corresponding syllables. We have proposed our work by illustrating the various states of the Turing machine, along with the rules it abides by, its machine specifications, and transition function. In addition to this, we have implemented a Graphical User Interface to stimulate our Turing machine to analyze our results better.

Software Defined Networking (SDN) is a networking paradigm that has been very popular due to its advantages over traditional networks with regard to scalability, flexibility, and its ability to solve many security issues. Nevertheless, SDN networks are exposed to new security threats and attacks, especially Distributed Denial of Service (DDoS) attacks. For this aim, we have proposed a model able to detect and mitigate attacks automatically in SDN networks using Machine Learning (ML). Different than other approaches found in literature which use the native flow features only for attack detection, our model extends the native features. The extended flow features are the average flow packet size, the number of flows to the same host as the current flow in the last 5 seconds, and the number of flows to the same host and port as the current flow in the last 5 seconds. Six ML algorithms were evaluated, namely Logistic Regression (LR), Naive Bayes (NB), K-Nearest Neighbor (KNN), Support Vector Machine (SVM), Decision Tree (DT), and Random Forest (RF). The experiments showed that RF is the best performing ML algorithm. Also, results showed that our model is able to detect attacks accurately and quickly, with a low probability of dropping normal traffic.

In this paper we present LANTENNA - a new type of an electromagnetic attack allowing adversaries to leak sensitive data from isolated, air-gapped networks. Malicious code in air-gapped computers gathers sensitive data and then encodes it over radio waves emanated from Ethernet cables. A nearby receiving device can intercept the signals wirelessly, decodes the data and sends it to the attacker. We discuss the exiltration techniques, examine the covert channel characteristics, and provide implementation details. Notably, the malicious code can run in an ordinary user mode process, and can successfully operates from within a virtual machine. We evaluate the covert channel in different scenarios and present a set of of countermeasures. Our experiments show that with the LANTENNA attack, data can be exfiltrated from air-gapped computers to a distance of several meters away.

Smart meter devices enable a better understanding of the demand at the potential risk of private information leakage. One promising solution to mitigating such risk is to inject noises into the meter data to achieve a certain level of differential privacy. In this paper, we cast one-shot non-intrusive load monitoring (NILM) in the compressive sensing framework, and bridge the gap between theoretical accuracy of NILM inference and differential privacy's parameters. We then derive the valid theoretical bounds to offer insights on how the differential privacy parameters affect the NILM performance. Moreover, we generalize our conclusions by proposing the hierarchical framework to solve the multishot NILM problem. Numerical experiments verify our analytical results and offer better physical insights of differential privacy in various practical scenarios. This also demonstrates the significance of our work for the general privacy preserving mechanism design.

With the advancement in the growth of Internet-of-Things (IoT), its number of applications has also increased such as in healthcare, smart cities, vehicles, industries, household appliances, and Smart Grids (SG). One of the major applications of IoT is the SG and smart meter which consists of a large number of internet-connected sensors and can communicate bi-directionally in real-time. The SG network involves smart meters, data collectors, generators, and sensors connected with the internet. SG networks involve the generation, distribution, transmission, and consumption of electrical power supplies. It consists of Household Area Network (HAN), and Neighborhood Area Network (NAN) for communication. Smart meters can communicate bidirectionally with consumers and provide real-time information to utility offices. But this communication channel is a wide-open network for data transmission. Therefore, it makes the SG network and smart meter vulnerable to outside hacker and various Cyber-Physical System (CPS) attacks such as False Data Injection (FDI), inserting malicious data, erroneous data, manipulating the sensor reading values. Here cryptography techniques can play a major role along with the private blockchain model for secure data transmission in smart meters. Hence, to overcome these existing issues and challenges in smart meter communication we have proposed a blockchain-based system model for secure communication along with a novel Advanced Elliptic Curve Cryptography Digital Signature (AECCDS) algorithm in Fog Computing (FC) environment. Here FC nodes will work as miners at the edge of smart meters for secure and real-time communication. The algorithm is implemented using iFogSim, Geth version 1.9.25, Ganache, Truffle for compiling smart contracts, Anaconda (Python editor), and ATOM as language editor for the smart contracts.

In this paper, we propose a methodology for post-silicon validation through the evaluation of security assertions for systems-on-chip (SoC). The methodology is centered around a security architecture in which a "security capsule" is attached to each IP core in the SoC. The security capsule consists of a set of on-line and off-line assertion monitors, a dynamic trace-buffer to trace selected groups of signals, and a dynamic trace controller. The architecture is supported by a trace signal selection and grouping algorithm and a dynamic signal tracing method to evaluate the off-chip monitors. This paper presents the security capsule architecture, the signal selection and grouping algorithm, and the run-time signal tracing method. Results of using the methodology on two SoC architectures based on the OpenRISC-1200 and RISC-V processors are presented.

Automated teller machines are affected by two kinds of attacks: physical and logical. It is common for most banks to look for zero-day protection for their devices. The most secure solutions available are based on complex security policies that are extremely hard to configure. The goal of this article is to present a concept of using the modified MajorClust algorithm for generating a sandbox-based security policy based on ATM usage data. The results obtained from the research prove the effectiveness of the used techniques and confirm that it is possible to create a division into sandboxes in an automated way.

Proofs in simulation-based frameworks have the greatest rigor when they are machine checked. But the level of details in these proofs surpasses what the formal-methods community can handle with existing tools. Existing formal results consider streamlined versions of simulation-based frameworks to cope with this complexity. Hence, a central question is how to abstract details from composability results and enable their formal verification.In this paper, we focus on the modeling of system communication in composable security statements. Existing formal models consider fixed communication patterns to reduce the complexity of their proofs. However, as we will show, this can affect the reusability of security statements. We propose an abstract approach to modeling system communication in Constructive Cryptography that avoids this problem. Our approach is suitable for mechanized verification and we use CryptHOL, a framework for developing mechanized cryptography proofs, to implement it in the Isabelle/HOL theorem prover. As a case study, we formalize the construction of a secure channel using Diffie-Hellman key exchange and a one-time-pad.

Radio frequency (RF) signal classification has significantly been used for detecting and identifying the features of unknown unmanned aerial vehicles (UAVs). This paper proposes a method using empirical mode decomposition (EMD) and ensemble empirical mode decomposition (EEMD) on extracting the communication channel characteristics of intruding UAVs. The decomposed intrinsic mode functions (IMFs) except noise components are selected for RF signal pattern recognition based on machine learning (ML). The classification results show that the denoising effects introduced by EMD and EEMD could both fit in improving the detection accuracy with different features of RF communication channel, especially on identifying time-varying RF signal sources.

To reduce the risk of botnet malware, methods of detecting botnet malware using machine learning have received enormous attention in recent years. Most of the traditional methods are based on supervised learning that relies on static features with defined labels. However, recent studies show that supervised machine learning-based IoT malware botnet models are more vulnerable to intentional attacks, known as an adversarial attack. In this paper, we study the adversarial attack on PSI-graph based researches. To perform the efficient attack, we proposed a reinforcement learning based method with a trained target classifier to modify the structures of PSI-graphs. We show that PSI-graphs are vulnerable to such attack. We also discuss about defense method which uses adversarial training to train a defensive model. Experiment result achieves 94.1% accuracy on the adversarial dataset; thus, shows that our defensive model is much more robust than the previous target classifier.

With the rapid growth of the Internet of Things (IoT) applications in smart regions/cities, for example, smart healthcare, smart homes/offices, there is an increase in security threats and risks. The IoT devices solve real-world problems by providing real-time connections, data and information. Besides this, the attackers can tamper with sensors, add or remove them physically or remotely. In this study, we address the IoT security sensor tampering issue in an office environment. We collect data from real-life settings and apply machine learning to detect sensor tampering using two methods. First, a real-time view of the traffic patterns is considered to train our isolation forest-based unsupervised machine learning method for anomaly detection. Second, based on traffic patterns, labels are created, and the decision tree supervised method is used, within our novel Anomaly Detection using Machine Learning (AD-ML) system. The accuracy of the two proposed models is presented. We found 84% with silhouette metric accuracy of isolation forest. Moreover, the result based on 10 cross-validations for decision trees on the supervised machine learning model returned the highest classification accuracy of 91.62% with the lowest false positive rate.

Threats and risks against supply chains are increasing and a framework to add the trustworthiness of supply chain has been considered. In this framework, organisations in the supply chain validate the conformance to the pre-defined requirements. The results of validations are linked each other to achieve the trustworthiness of the entire supply chain. In this paper, we further consider this framework for data supply chains. First, we implement the framework and evaluate the performance. The evaluation shows 500 digital evidences (logs) can be checked in 0.28 second. We also propose five methods to improve the performance as well as five new functionalities to improve usability. With these functionalities, the framework also supports maintaining the certificate chain.

Weakly supervised segmentation methods using bounding box annotations focus on obtaining a pixel-level mask from each box containing an object. Existing methods typically depend on a class-agnostic mask generator, which operates on the low-level information intrinsic to an image. In this work, we utilize higher-level information from the behavior of a trained object detector, by seeking the smallest areas of the image from which the object detector produces almost the same result as it does from the whole image. These areas constitute a bounding-box attribution map (BBAM), which identifies the target object in its bounding box and thus serves as pseudo ground-truth for weakly supervised semantic and instance segmentation. This approach significantly outperforms recent comparable techniques on both the PASCAL VOC and MS COCO benchmarks in weakly supervised semantic and instance segmentation. In addition, we provide a detailed analysis of our method, offering deeper insight into the behavior of the BBAM.

In recent years, more and more medical institutions have been using electronic medical records (EMRs) to improve service efficiency and reduce storage cost. However, it is difficult for medical institutions with different management methods to share medical data. The medical data of patients is easy to be abused, and there are security risks of privacy data leakage. The above problems seriously impede the sharing of medical data. To solve these problems, we propose a blockchain-based medical data sharing scheme with attribute-based searchable encryption, named BMDS. In BMDS, encrypted EMRs are securely stored in the interplanetary file system (IPFS), while corresponding indexes and other information are stored in a medical consortium blockchain. The proposed BMDS has the features of tamper-proof, privacy preservation, verifiability and secure key management, and there is no single point of failure. The performance evaluation of computational overhead and security analysis show that the proposed BMDS has more comprehensive security features and practicability.

Reliable group communication is an important cornerstone for various applications in the domain of Industrial Internet of Things (IIoT). Yet, despite various proposals, state-of- the-art (open) protocol stacks for IPv6-enabled Low Power and Lossy Networks (LLNs) have little to offer, regarding standardized or agreed-upon protocols for correct multicast routing, not to mention reliable multicast. We present an informal computational model, which allows us to analyze the respective candidates for multicast routing. Further, we focus on the IEEE 802.15.4/6LoWPAN stack and discuss prominent multicast routing protocols and how they fit into this model.

We propose an ideal functionality FCD and a construction ΠCD for oblivious and updatable committed databases. FCD allows a prover P to read, write, and update values in a database and to prove to a verifier V in zero-knowledge (ZK) that a value is read from or written into a certain position. The following properties must hold: (1) values stored in the database remain hidden from V; (2) a value read from a certain position is equal to the value previously written into that position; (3) (obliviousness) both the value read or written and its position remain hidden from V.ΠCD is based on vector commitments. After the initialization phase, the cost of read and write operations is independent of the database size, outperforming other techniques that achieve cost sublinear in the dataset size for prover and/or verifier. Therefore, our construction is especially appealing for large datasets. In existing “commit-and-prove” two-party protocols, the task of maintaining a committed database between P and V and reading and writing values into it is not separated from the task of proving statements about the values read or written. FCD allows us to improve modularity in protocol design by separating those tasks. In comparison to simply using a commitment scheme to maintain a committed database, FCD allows P to hide efficiently the positions read or written from V. Thanks to this property, we design protocols for e.g. privacy-preserving e-commerce and location-based services where V gathers aggregate statistics about the statements that P proves in ZK.

We consider the problem of security for unmanned aerial vehicle flight control systems. To provide a concrete setting, we consider the security problem in the context of a helicopter which is compromised by a malicious agent that distorts elevation measurements to the control loop. This is a particular example of the problem of the security of stochastic control systems under erroneous observation measurements caused by malicious sensors within the system. In order to secure the control system, we consider dynamic watermarking, where a private random excitation signal is superimposed onto the control input of the flight control system. An attack detector at the actuator can then check if the reported sensor measurements are appropriately correlated with the private random excitation signal. This is done via two specific statistical tests whose violation signifies an attack. We apply dynamic watermarking technique to a 2-rotor-based 3-DOF helicopter control system test-bed. We demonstrate through both simulation and experimental results the performance of the attack detector on two attack models: a stealth attack, and a random bias injection attack.

Cryptography is the science or process used for the encryption and decryption of data that helps the users to store important information or share it across networks where it can be read only by the intended user. In this paper, Elliptic Curve Cryptography (ECC) has been proposed because of its small key size, less memory space and high speed. Elliptic curve scalar multiplication is an important part of elliptic curve systems. Here, the scalar multiplication is performed with the help of hybrid Karatsuba multiplier as the area utilization of Karatsuba multiplier is less. An alternative of digital signature algorithm, that is, Elliptic Curve Digital Signature Algorithm (ECDSA) along with the primary operations of elliptic curves have also been discussed in this paper.

In recent times, security and privacy concerns associated with IoT devices have caught the attention of research community. The problem of securing IoT devices is immensely aggravating due to advancement in technology. These IoT devices are resource-constraint i.e. in terms of power, memory, computation, etc., so they are less capable to secure themselves. So we need a better approach to secure IoT devices within the limited resources. Several studies state that for these lightweight IoT devices Elliptic Curve Cryptography (ECC) suits perfectly. But there are several elliptic curve domain parameter standards, which may be used for different security levels. When any ECC based product is deployed then the selection of a suitable elliptic curve standard according to usability is become very important. So we have to choose one suitable standard domain parameter for the required security level. In this paper, two different elliptic curve standard domain parameters named secp256k1 and secp192k1 proposed by an industry consortium named Standards for Efficient Cryptography Group (SECG) [1] are implemented and then analyzed their performances metrics. The performance of each domain parameter is measured in computation time.

A vehicular Ad-hoc network (VANET) allows groups of autonomous or semi-autonomous vehicles to share information and content with each other and infrastructure. Named Data Networking (NDN) is recently proposed as one of the future internet architectures, which allows communication in network-based upon content name. It has originated from Information-centric networking (ICN). NDN-based VANET uses NDN as an underlying communication paradigm. NDN-based VANET suffers from several security attacks, one such attack is the Interest Flooding Attack (IFA) that targets the core forwarding mechanism of NDN-based VANET. This paper focuses on the detection and mitigation of IFA in NDN-based VANET. We proposed a method FIFA to detect and mitigate IFA. Our proposed method is capable of detecting normal IFA as well as a low-rate IFA. Along with that FIFA also ensures non-repudiation in networks. We have compared our proposed method with the existing mechanism to detect and mitigate IFA named IFAMS. Experiment results show that our method detects and mitigates normal IFA and low-rate IFA in the network.

Today's Internet is built on decades-old networking protocols that lack scalability, reliability, and security. In response, the networking community has developed path-aware Internet architectures that solve these issues while simultaneously empowering end hosts. In these architectures, autonomous systems construct authenticated forwarding paths based on their routing policies. Each end host then selects one of these authorized paths and includes it in the packet header, thus allowing routers to efficiently determine how to forward the packet. A central security property of these architectures is path authorization, requiring that packets can only travel along authorized paths. This property protects the routing policies of autonomous systems from malicious senders.The fundamental role of packet forwarding in the Internet and the complexity of the authentication mechanisms employed call for a formal analysis. In this vein, we develop in Isabelle/HOL a parameterized verification framework for path-aware data plane protocols. We first formulate an abstract model without an attacker for which we prove path authorization. We then refine this model by introducing an attacker and by protecting authorized paths using (generic) cryptographic validation fields. This model is parameterized by the protocol's authentication mechanism and assumes five simple verification conditions that are sufficient to prove the refinement of the abstract model. We validate our framework by instantiating it with several concrete protocols from the literature and proving that they each satisfy the verification conditions and hence path authorization. No invariants must be proven for the instantiation. Our framework thus supports low-effort security proofs for data plane protocols. The results hold for arbitrary network topologies and sets of authorized paths, a guarantee that state-of-the-art automated security protocol verifiers cannot currently provide.

Supervisory control and data acquisition (SCADA) networks provide high situational awareness and automation control for industrial control systems, whilst introducing a wide range of access points for cyber attackers. To address these issues, a line of machine learning or deep learning based intrusion detection systems (IDSs) have been presented in the literature, where a large number of attack examples are usually demanded. However, in real-world SCADA networks, attack examples are not always sufficient, having only a few shots in many cases. In this paper, we propose a novel few-shot learning based IDS, named FS-IDS, to detect cyber attacks against SCADA networks, especially when having only a few attack examples in the defenders’ hands. Specifically, a new method by orchestrating one-hot encoding and principal component analysis is developed, to preprocess SCADA datasets containing sufficient examples for frequent cyber attacks. Then, a few-shot learning based preliminary IDS model is designed and trained using the preprocessed data. Last, a complete FS-IDS model for SCADA networks is established by further training the preliminary IDS model with a few examples for cyber attacks of interest. The high effectiveness of the proposed FS-IDS, in detecting cyber attacks against SCADA networks with only a few examples, is demonstrated by extensive experiments on a real SCADA dataset.

The rapid development of machine learning technology has prompted the applications of Automatic Speech Recognition(ASR). However, studies have shown that the state-of-the-art ASR technologies are still vulnerable to various attacks, which undermines the stability of ASR destructively. In general, most of the existing attack techniques for the ASR model are based on white box scenarios, where the adversary uses adversarial samples to generate a substituted model corresponding to the target model. On the contrary, there are fewer attack schemes in the black-box scenario. Moreover, no scheme considers the problem of how to construct the architecture of the substituted models. In this paper, we point out that constructing a good substituted model architecture is crucial to the effectiveness of the attack, as it helps to generate a more sophisticated set of adversarial examples. We evaluate the performance of different substituted models by comprehensive experiments, and find that ensemble substituted models can achieve the optimal attack effect. The experiment shows that our approach performs attack over 80% success rate (2% improvement compared to the latest work) meanwhile maintaining the authenticity of the original sample well.