Biblio

Nowadays, Internet Of Everything (IOE) has demanded for a wide range of applications areas. IOE is started to replaces an Internet Of things (IOT). IOE is a combination of massive number of computing elements and sensors, people, processes and data through the Internet infrastructure. Device to Device communication and interfacing of Wireless Sensor network with IOE can makes any system as a Smart System. With the increased the use of Internet and Internet connected devices has opportunities for hackers to launch attacks on unprecedented scale and impact. The IOE can serve the varied security in the various sectors like manufacturing, agriculture, smart grid, payments, IoT gateways, healthcare and industrial ecosystems. To secure connections among people, process, data, and things, is a major challenge in Internet of Everything.. This paper focuses on various security Issues and Authentication Schemes in the IOE systems.

It is necessary to improve the safety of the underwater acoustic sensor networks (UASNs) since it is mostly used in the military industry. Specific emitter identification is the process of identifying different transmitters based on the radio frequency fingerprint extracted from the received signal. The sonar transmitter is a typical low-frequency radiation source and is an important part of the UASNs. Class D power amplifier, a typical nonlinear amplifier, is usually used in sonar transmitters. The inherent nonlinearity of power amplifiers provides fingerprint features that can be distinguished without transmitters for specific emitter recognition. First, the nonlinearity of the sonar transmitter is studied in-depth, and the nonlinearity of the power amplifier is modeled and its nonlinearity characteristics are analyzed. After obtaining the nonlinear model of an amplifier, a similar amplifier in practical application is obtained by changing its model parameters as the research object. The output signals are collected by giving the same input of different models, and, then, the output signals are extracted and classified. In this paper, the memory polynomial model is used to model the amplifier. The power spectrum features of the output signals are extracted as fingerprint features. Then, the dimensionality of the high-dimensional features is reduced. Finally, the classifier is used to recognize the amplifier. The experimental results show that the individual sonar transmitter can be well identified by using the nonlinear characteristics of the signal. By this way, this method can enhance the communication safety of the UASNs.

This research aims to implement different modular exponentiation algorithms and evaluate the average complexity and compare it to the theoretical value. We use the library GMP to implement seven modular exponentiation algorithms. They are Left-to-right Square and Multiply, Right-to-left Square and Multiply, Left-to-right Signed Digit Square, and Multiply Left-to-right Square and Multiply Always Right-to-left Square and Multiply Always, Montgomery Ladder and Joye Ladder. For some exponent bit length, we choose 1024 bits and execute each algorithm on many exponent values and count the average numbers of squares and the average number of multiplications. Whenever relevant, our programs will check the consistency relations between the registers at the end of the exponentiation.

Trust is a fundamental factor in how users engage in interactions with Visual Analytics (VA) systems. While the importance of building trust to this end has been pointed out in research, the aspect that trust can also be misplaced is largely ignored in VA so far. This position paper addresses this aspect by putting trust calibration in focus – i.e., the process of aligning the user’s trust with the actual trustworthiness of the VA system. To this end, we present the trust continuum in the context of VA, dissect important trust issues in both VA systems and users, as well as discuss possible approaches that can build and calibrate trust.

Cybersecurity community is slowly leveraging Machine Learning (ML) to combat ever evolving threats. One of the biggest drivers for successful adoption of these models is how well domain experts and users are able to understand and trust their functionality. As these black-box models are being employed to make important predictions, the demand for transparency and explainability is increasing from the stakeholders.Explanations supporting the output of ML models are crucial in cyber security, where experts require far more information from the model than a simple binary output for their analysis. Recent approaches in the literature have focused on three different areas: (a) creating and improving explainability methods which help users better understand the internal workings of ML models and their outputs; (b) attacks on interpreters in white box setting; (c) defining the exact properties and metrics of the explanations generated by models. However, they have not covered, the security properties and threat models relevant to cybersecurity domain, and attacks on explainable models in black box settings.In this paper, we bridge this gap by proposing a taxonomy for Explainable Artificial Intelligence (XAI) methods, covering various security properties and threat models relevant to cyber security domain. We design a novel black box attack for analyzing the consistency, correctness and confidence security properties of gradient based XAI methods. We validate our proposed system on 3 security-relevant data-sets and models, and demonstrate that the method achieves attacker's goal of misleading both the classifier and explanation report and, only explainability method without affecting the classifier output. Our evaluation of the proposed approach shows promising results and can help in designing secure and robust XAI methods.

In Machine Learning, White Box Adversarial Attacks rely on knowing underlying knowledge about the model attributes. This works focuses on discovering to distrinct pieces of model information: the underlying architecture and primary training dataset. With the process in this paper, a structured set of input probes and the output of the model become the training data for a deep classifier. Two subdomains in Machine Learning are explored - image based classifiers and text transformers with GPT-2. With image classification, the focus is on exploring commonly deployed architectures and datasets available in popular public libraries. Using a single transformer architecture with multiple levels of parameters, text generation is explored by fine tuning off different datasets. Each dataset explored in image and text are distinguishable from one another. Diversity in text transformer outputs implies further research is needed to successfully classify architecture attribution in text domain.

The security of deep learning becomes increasing important with the more and more related applications. The adversarial attack is the known method that makes the performance of deep learning network (DNN) decline rapidly. However, adversarial attack needs the gradient knowledge of the target networks to craft the specific adversarial examples, which is the white-box attack and hardly becomes true in reality. In this paper, we implement a black-box attack on DNN classifier via a functionally equivalent network without knowing the internal structure and parameters of the target networks. And we increase the entropy of the noise via deep convolution generative adversarial networks (DCGAN) to make it seems fuzzier, avoiding being probed and eliminated easily by adversarial training. Experiments show that this method can produce a large number of adversarial examples quickly in batch and the target network cannot improve its accuracy via adversarial training simply.

The implication of Cyber-Physical Systems (CPS) in critical infrastructures (e.g., smart grids, water distribution networks, etc.) has introduced new security issues and vulnerabilities to those systems. In this paper, we demonstrate that black-box system identification using Support Vector Regression (SVR) can be used efficiently to build a model of a given industrial system even when this system is protected with a watermark-based detector. First, we briefly describe the Tennessee Eastman Process used in this study. Then, we present the principal of detection scheme and the theory behind SVR. Finally, we design an efficient black-box SVR algorithm for the Tennessee Eastman Process. Extensive simulations prove the efficiency of our proposed algorithm.

Mobile Ad-hoc Network (MANET) consists of different configurations, where it deals with the dynamic nature of its creation and also it is a self-configurable type of a network. The primary task in this type of networks is to develop a mechanism for routing that gives a high QoS parameter because of the nature of ad-hoc network. The Ad-hoc-on-Demand Distance Vector (AODV) used here is the on-demand routing mechanism for the computation of the trust. The proposed approach uses the Artificial neural network (ANN) and the Support Vector Machine (SVM) for the discovery of the black hole attacks in the network. The results are carried out between the black hole AODV and the security mechanism provided by us as the Secure AODV (SAODV). The results were tested on different number of nodes, at last, it has been experimented for 100 nodes which provide an improvement in energy consumption of 54.72%, the throughput is 88.68kbps, packet delivery ratio is 92.91% and the E to E delay is of about 37.27ms.

After several years of research on onion routing, Camenisch and Lysyanskaya, in an attempt at rigorous analysis, defined an ideal functionality in the universal composability model, together with properties that protocols have to meet to achieve provable security. A whole family of systems based their security proofs on this work. However, analyzing HORNET and Sphinx, two instances from this family, we show that this proof strategy is broken. We discover a previously unknown vulnerability that breaks anonymity completely, and explain a known one. Both should not exist if privacy is proven correctly.In this work, we analyze and fix the proof strategy used for this family of systems. After proving the efficacy of the ideal functionality, we show how the original properties are flawed and suggest improved, effective properties in their place. Finally, we discover another common mistake in the proofs. We demonstrate how to avoid it by showing our improved properties for one protocol, thus partially fixing the family of provably secure onion routing protocols.

File timestamps do not receive much attention from information security specialists and computer forensic scientists. It is believed that timestamps are extremely easy to fake, and the system time of a computer can be changed. However, operating system for synchronizing processes and working with file objects needs accurate time readings. The authors estimate that several million timestamps can be stored on the logical partition of a hard disk with the NTFS. The MFT stores four timestamps for each file object in \$STANDARDİNFORMATION and \$FILE\_NAME attributes. Furthermore, each directory in the İNDEX\_ROOT or İNDEX\_ALLOCATION attributes contains four more timestamps for each file within it. File timestamps are set and changed as a result of file operations. At the same time, some file operations differently affect changes in timestamps. This article presents the results of the tool-based observation over the creation and update of timestamps in the MFT resulting from the basic file operations. Analysis of the results is of interest with regard to computer forensic science.

With the traffic growth with different deterministic transport and isolation requirements in radio access networks (RAN), Flexible Ethernet (FlexE) over wavelength division multiplexing (WDM) network is as a candidate for next generation RAN transport, and the security issue in RAN transport is much more obvious, especially the eavesdropping attack in physical layer. Therefore, in this work, we put forward a cross-layer design for security enhancement through leveraging universal Hashing based FlexE data block permutation and multiple parallel fibre transmission for anti-eavesdropping in end-to-end FlexE over WDM network. Different levels of attack ability are considered for measuring the impact on network security and resource utilization. Furthermore, the trade-off problem between efficient resource utilization and guarantee of higher level of security is also explored. Numerical results demonstrate the cross-layer defense strategies are effective to struggle against intruders with different levels of attack ability.

Return-oriented programming (ROP) is an effective code-reuse attack in which short code sequences (i.e., gadgets) ending in a ret instruction are found within existing binaries and then executed by taking control of the call stack. The shadow stack, control flow integrity (CFI) and code (re)randomization are three popular techniques for protecting programs against return address overwrites. However, existing runtime rerandomization techniques operate on concrete return addresses, requiring expensive pointer tracking. By adding one level of indirection, we introduce BarRA, the first shadow stack mechanism that applies continuous runtime rerandomization to abstract return addresses for protecting their corresponding concrete return addresses (protected also by CFI), thus avoiding expensive pointer tracking. As a nice side-effect, BarRA naturally combines the shadow stack, CFI and runtime rerandomization in the same framework. The key novelty of BarRA, however, is that once some abstract return addresses are leaked, BarRA will enforce the burn-after-reading property by rerandomizing the mapping from the abstract to the concrete return address space in the order of microseconds instead of seconds required for rerandomizing a concrete return address space. As a result, BarRA can be used as a superior replacement for the shadow stack, as demonstrated by comparing both using the 19 C/C++ benchmarks in SPEC CPU2006 (totalling 2,047,447 LOC) and analyzing a proof-of-concept attack, provided that we can tolerate some slight binary code size increases (by an average of 29.44%) and are willing to use 8MB of dedicated memory for holding up to 220 return addresses (on a 64-bit platform). Under an information leakage attack (for some return addresses), the shadow stack is always vulnerable but BarRA is significantly more resilient (by reducing an attacker's success rate to [1/(220)] on average). In terms of the average performance overhead introduced, both are comparable: 6.09% (BarRA) vs. 5.38% (the shadow stack).

This paper shows how the Xtensa architecture can be attacked with Return-Oriented-Programming (ROP). The presented techniques include possibilities for both supported Application Binary Interfaces (ABIs). Especially for the windowed ABI a powerful mechanism is presented that not only allows to jump to gadgets but also to manipulate registers without relying on specific gadgets. This paper purely focuses on how the properties of the architecture itself can be exploited to chain gadgets and not on specific attacks or a gadget catalog.

In order to the development of IoT, IETF developed a standard named 6LoWPAN for increase the usage of IPv6 to the tiny and smart objects with low power. Generally, the 6LoWPAN radio link needs end to end (e2e) security for its IPv6 communication process. 6LoWPAN requires light weight variant of security solutions in IPSec. A new security approach of 6LoWPAN at adaptation layer to provide e2e security with light weight IPSec. The existing security protocol IPsec is not suitable for its 6LoWPAN IoT environment because it has heavy restrictions on memory, power, duty cycle, additional overhead transmission. The IPSec had packet overhead problem due to share the secret key between two communicating peers by IKE (Internet Key Exchange) protocol. Hence the existing security protocol IPSec solutions are not suitable for lightweight-based security need in 6LoWPAN IoT. This paper describes 6LowPSec protocol with AES-CCM (Cipher block chaining Message authentication code with Counter mode) cryptographic algorithm with key size of 128 bits with minimum power consumption and duty cycle.

Power system security assessment and enhancement in grids with high penetration of renewables is critical for pragmatic power system planning. Static Security Assessment (SSA) is a fast response tool to assess system stability margins following considerable contingencies assuming post fault system reaches a steady state. This paper presents a contingency ranking methodology using static security indices to rank credible contingencies considering severity. A Modified IEEE 9 bus system integrating renewables was used to test the approach. The static security indices used independently provides accurate results in identifying severe contingencies but further assessment is needed to provide an accurate picture of static security assessment in an increased time frame of the steady state. The indices driven for static security assessment could accurately capture and rank contingencies with renewable sources but due to intermittency of the renewable source various contingency ranking lists are generated. This implies that using indices in future grids without consideration on intermittent nature of renewables will make it difficult for the grid operator to identify severe contingencies and assist the power system operator to make operational decisions. This makes it necessary to integrate the behaviour of renewables in security indices for practical application in real time security assessment.

With the expansion of Internet of Things (IoT) that relies on heterogeneous, dynamic, and massively deployed devices, device management (DM) (i.e., remote administration such as firmware update, configuration, troubleshooting and tracking) is required for proper quality of service and user experience, deployment of new functions, bug corrections and security patches distribution. Existing industrial DM platforms and approaches do not suit IoT devices and are already showing their limits with a few static home devices (e.g., routers, TV Decoders). Indeed, undetected buggy firmware deployment and manual target device identification are common issues in existing systems. Besides, these platforms are manually operated by experts (e.g., system administrators) and require extensive knowledge and skills. Such approaches cannot be applied on massive and diverse devices forming the IoT. To tackle these issues, our work in an industrial research context proposes to apply autonomic computing to DM platforms operation and impact tracking. Specifically, our contribution relies on automated device targeting (i.e., aiming only suitable devices) and impact-aware DM (i.e., error and anomalies detection preceding patch generalization on all suitable devices of a given fleet). Our solution is composed of three coordinated autonomic loops and allows more accurate and faster irregularity diagnosis, vertical scaling along with simpler IoT DM platform administration. For experimental validation, we developed a prototype that demonstrates encouraging results compared to simulated legacy telecommunication operator approaches (namely Orange).

In January 2017 encrypted Internet traffic surpassed non-encrypted traffic. Although encryption increases security, it also masks intrusions and attacks by blocking the access to packet contents and traffic features, therefore making data analysis unfeasible. In spite of the strong effect of encryption, its impact has been scarcely investigated in the field. In this paper we study how encryption affects flow feature spaces and machine learning-based attack detection. We propose a new cross-layer feature vector that simultaneously represents traffic at three different levels: application, conversation, and endpoint behavior. We analyze its behavior under TLS and IPSec encryption and evaluate the efficacy with recent network traffic datasets and by using Random Forests classifiers. The cross-layer multi-key approach shows excellent attack detection in spite of TLS encryption. When IPsec is applied, the reduced variant obtains satisfactory detection for botnets, yet considerable performance drops for other types of attacks. The high complexity of network traffic is unfeasible for monolithic data analysis solutions, therefore requiring cross-layer analysis for which the multi-key vector becomes a powerful profiling core.

Deep neural network (DNN) has demonstrated its success in multiple domains. However, DNN models are inherently vulnerable to adversarial examples, which are generated by adding adversarial perturbations to benign inputs to fool the DNN model to misclassify. In this paper, we present a cross-layer strategic ensemble framework and a suite of robust defense algorithms, which are attack-independent, and capable of auto-repairing and auto-verifying the target model being attacked. Our strategic ensemble approach makes three original contributions. First, we employ input-transformation diversity to design the input-layer strategic transformation ensemble algorithms. Second, we utilize model-disagreement diversity to develop the output-layer strategic model ensemble algorithms. Finally, we create an input-output cross-layer strategic ensemble defense that strengthens the defensibility by combining diverse input transformation based model ensembles with diverse output verification model ensembles. Evaluated over 10 attacks on ImageNet dataset, we show that our strategic ensemble defense algorithms can achieve high defense success rates and are more robust with high attack prevention success rates and low benign false negative rates, compared to existing representative defenses.

This work aims to formulate an effective scheme which can detect and mitigate of Distributed Denial of Service (DDoS) attack in Software Defined Networks. Distributed Denial of Service attacks are one of the most destructive attacks in the internet. Whenever you heard of a website being hacked, it would have probably been a victim of a DDoS attack. A DDoS attack is aimed at disrupting the normal operation of a system by making service and resources unavailable to legitimate users by overloading the system with excessive superfluous traffic from distributed source. These distributed set of compromised hosts that performs the attack are referred as Botnet. Software Defined Networking being an emerging technology, offers a solution to reduce network management complexity. It separates the Control plane and the data plane. This decoupling provides centralized control of the network with programmability and flexibility. This work harness this programming ability and centralized control of SDN to obtain the randomness of the network flow data. This statistical approach utilizes the source IP in the network and various attributes of TCP flags and calculates entropy from them. The proposed technique can detect volume based and application based DDoS attacks like TCP SYN flood, Ping flood and Slow HTTP attacks. The methodology is evaluated through emulation using Mininet and Detection and mitigation strategies are implemented in POX controller. The experimental results show the proposed method have improved performance evaluation parameters including the Attack detection time, Delay to serve a legitimate request in the presence of attacker and overall CPU utilization.

Modbus TCP/IP protocol is a commonly used protocol in industrial automation control systems, systems responsible for sensitive operations such as gas turbine operation and refinery control. The protocol was designed decades ago with no security features in mind. Denial of service attack and malicious parameter command injection are examples of attacks that can exploit vulnerabilities in industrial control systems that use Modbus/TCP protocol. This paper discusses and explores the use of intrusion detection and prevention systems (IDPS) with deep packet inspection (DPI) capabilities and DPI industrial firewalls that have capability to detect and stop highly specialized attacks hidden deep in the communication flow. The paper has the following objectives: (i) to develop signatures for IDPS for common attacks on Modbus/TCP based network architectures; (ii) to evaluate performance of three IDPS - Snort, Suricata and Bro - in detecting and preventing common attacks on Modbus/TCP based control systems; and (iii) to illustrate and emphasize that the IDPS and industrial firewalls with DPI capabilities are not preventing but only mitigating likelihood of exploitation of Modbus/TCP vulnerabilities in the industrial and automation control systems. The results presented in the paper illustrate that it might be challenging task to achieve requirements on real-time communication in some industrial and automation control systems in case the DPI is implemented because of the latency and jitter introduced by these IDPS and DPI industrial firewall.

One important aspect in protecting Cyber Physical System (CPS) is ensuring that the proper control and measurement signals are propagated within the control loop. The CPS research community has been developing a large set of check blocks that can be integrated within the control loop to check signals against various types of attacks (e.g., false data injection attacks). Unfortunately, it is not possible to integrate all these “checks” within the control loop as the overhead introduced when checking signals may violate the delay constraints of the control loop. Moreover, these blocks do not completely operate in isolation of each other as dependencies exist among them in terms of their effectiveness against detecting a subset of attacks. Thus, it becomes a challenging and complex problem to assign the proper checks, especially with the presence of a rational adversary who can observe the check blocks assigned and optimizes her own attack strategies accordingly. This paper tackles the inherent state-action space explosion that arises in securing CPS through developing DeepBLOC (DB)-a framework in which Deep Reinforcement Learning algorithms are utilized to provide optimal/sub-optimal assignments of check blocks to signals. The framework models stochastic games between the adversary and the CPS defender and derives mixed strategies for assigning check blocks to ensure the integrity of the propagated signals while abiding to the real-time constraints dictated by the control loop. Through extensive simulation experiments and a real implementation on a water purification system, we show that DB achieves assignment strategies that outperform other strategies and heuristics.

The time-varying properties of the wireless channel are a powerful source of information that can complement and enhance traditional security mechanisms. Therefore, we propose a cross-layer authentication mechanism that combines physical layer channel information and traditional authentication mechanism in LTE. To verify the feasibility of the proposed mechanism, we build a cross-layer authentication system that extracts the phase shift information of a typical UE and use the ensemble learning method to train the fingerprint map based on OAI LTE. Experimental results show that our cross-layer authentication mechanism can effectively prompt the security of LTE system.

Learning-enabled components (LECs) are widely used in cyber-physical systems (CPS) since they can handle the uncertainty and variability of the environment and increase the level of autonomy. However, it has been shown that LECs such as deep neural networks (DNN) are not robust and adversarial examples can cause the model to make a false prediction. The paper considers the problem of efficiently detecting adversarial examples in LECs used for regression in CPS. The proposed approach is based on inductive conformal prediction and uses a regression model based on variational autoencoder. The architecture allows to take into consideration both the input and the neural network prediction for detecting adversarial, and more generally, out-of-distribution examples. We demonstrate the method using an advanced emergency braking system implemented in an open source simulator for self-driving cars where a DNN is used to estimate the distance to an obstacle. The simulation results show that the method can effectively detect adversarial examples with a short detection delay.

In recent years, the damage caused by unauthorized access using bots has increased. Compared with attacks on conventional login screens, the success rate is higher and detection of them is more difficult. CAPTCHA is commonly utilized as a technology for avoiding attacks by bots. But user's experience declines as the difficulty of CAPTCHA becomes higher corresponding to the advancement of the bot. As a solution, adaptive difficulty setting of CAPTCHA combining with bot detection technologies is considered. In this research, we focus on Capy puzzle CAPTCHA, which is widely used in commercial service. We use a supervised machine learning approach to detect bots. As a training data, we use access logs to several Web services, and add flags to attacks by bots detected in the past. We have extracted vectors fields like HTTP-User-Agent and some information from IP address (e.g. geographical information) from the access logs, and the dataset is investigated using supervised learning. By using XGBoost and LightGBM, we have achieved high ROC-AUC score more than 0.90, and further have detected suspicious accesses from some ISPs that has no bot discrimination flag.