Biblio

With the widespread adoption of Internet of Things (IoT) applications around the world, security related problems become a challenge since the number of cybercrimes that must be identified and investigated increased dramatically. The volume of data generated and handled is immense due to the increased number of IoT applications around the world. As a result, when a cybercrime happens, the volume of digital data needs to be dealt with is massive. Consequently, more effort and time are needed to handle the security issues. As a result, in digital forensics, the analysis phase is an important and challenging phase. This paper proposes a generic proactive model for the cybercrime analysis process in the Internet of Things. The model is focused on the classification of evidences in advance based on its significance and relation to past crimes, as well as the severity of the evidence in terms of the probability occurrence of a cybercrime. This model is supposed to save time and effort during the automated forensic investigation process.

Aggressive time-to-market constraints and enormous hardware design and fabrication costs have pushed the semiconductor industry toward hardware Intellectual Properties (IP) core design. However, the globalization of the integrated circuits (IC) supply chain exposes IP providers to theft and illegal redistribution of IPs. Watermarking and fingerprinting are proposed to detect IP piracy. Nevertheless, they come with additional hardware overhead and cannot guarantee IP security as advanced attacks are reported to remove the watermark, forge, or bypass it. In this work, we propose a novel methodology, GNN4IP, to assess similarities between circuits and detect IP piracy. We model the hardware design as a graph and construct a graph neural network model to learn its behavior using the comprehensive dataset of register transfer level codes and gate-level netlists that we have gathered. GNN4IP detects IP piracy with 96% accuracy in our dataset and recognizes the original IP in its obfuscated version with 100% accuracy.

Logic locking is a holistic design-for-trust technique that aims to protect the design intellectual property (IP) from untrustworthy entities throughout the supply chain. Functional and structural analysis-based attacks successfully circumvent state-of-the-art, provably secure logic locking (PSLL) techniques. However, such attacks are not holistic and target specific implementations of PSLL. Automating the detection and subsequent removal of protection logic added by PSLL while accounting for all possible variations is an open research problem. In this paper, we propose GNNUnlock, the first-of-its-kind oracle-less machine learning-based attack on PSLL that can identify any desired protection logic without focusing on a specific syntactic topology. The key is to leverage a well-trained graph neural network (GNN) to identify all the gates in a given locked netlist that belong to the targeted protection logic, without requiring an oracle. This approach fits perfectly with the targeted problem since a circuit is a graph with an inherent structure and the protection logic is a sub-graph of nodes (gates) with specific and common characteristics. GNNs are powerful in capturing the nodes' neighborhood properties, facilitating the detection of the protection logic. To rectify any misclassifications induced by the GNN, we additionally propose a connectivity analysis-based post-processing algorithm to successfully remove the predicted protection logic, thereby retrieving the original design. Our extensive experimental evaluation demonstrates that GNNUnlock is 99.24% - 100% successful in breaking various benchmarks locked using stripped-functionality logic locking [1], tenacious and traceless logic locking [2], and Anti-SAT [3]. Our proposed post-processing enhances the detection accuracy, reaching 100% for all of our tested locked benchmarks. Analysis of the results corroborates that GNNUnlock is powerful enough to break the considered schemes under different parameters, synthesis settings, and technology nodes. The evaluation further shows that GNNUnlock successfully breaks corner cases where even the most advanced state-of-the-art attacks [4], [5] fail. We also open source our attack framework [6].

A new method for judging degree sequence is shown by means of perfect ice-flower systems made by operators - stars (particular complete bipartite graphs), and moreover this method can be used to build up degree sequences and perfect ice-flower systems. Graphic lattice, graph-graphic lattice, caterpillar-graphic lattice and topological coding lattice are defined. We establish some connections between traditional lattices and graphic lattices trying to provide new techniques for Lattice-based cryptosystem and post-quantum cryptography, and trying to enrich the theoretical knowledge of topological coding.

With the popularity of smart devices in the power grid and the advancement of data collection technology, the amount of electricity usage data has exploded in recent years, which is beneficial for optimizing service quality and grid operation. However, current data analysis is mainly based on cloud platforms, which poses challenges to transmission bandwidth, computing resources, and transmission delays. To solve the problem, this paper proposes a graph convolution neural networks (GCNs) based edge-cloud collaborative anomaly detection model. Specifically, the time series is converted into graph data based on visibility graph model, and graph convolutional network model is adopted to classify the labeled graph data for anomaly detection. Then a model segmentation method is proposed to adaptively divide the anomaly detection model between the edge equipment and the back-end server. Experimental results show that the proposed scheme provides an effective solution to edge anomaly detection and can make full use of the computing resources of terminal equipment.

Graphs have proved to be a promising data structure to solve complex problems in various domains. Graphs store data in an associative manner which is analogous to the manner in which humans store memories in the brain. Generathe chatbots lack the ability to recall details revealed by the user in long conversations. To solve this problem, we have used graph-based memory to recall-related conversations from the past. Thus, providing context feature derived from query systems to generative systems such as OpenAI GPT. Using graphs to detect important details from the past reduces the total amount of processing done by the neural network. As there is no need to keep on passingthe entire history of the conversation. Instead, we pass only the last few pairs of utterances and the related details from the graph. This paper deploys this system and also demonstrates the ability to deploy such systems in real-world applications. Through the effective usage of knowledge graphs, the system is able to reduce the time complexity from O(n) to O(1) as compared to similar non-graph based implementations of transfer learning- based conversational agents.

Aiming at group shilling attacks in recommender systems, a shilling group detection approach based on triangle dense subgraph mining is proposed. First, the user relation graph is built by mining the relations among users in the rating dataset. Second, the improved triangle dense subgraph mining method and the personalizing PageRank seed expansion algorithm are used to divide candidate shilling groups. Finally, the suspicious degrees of candidate groups are calculated using several group detection indicators and the attack groups are obtained. Experiments indicate that our method has better detection performance on the Amazon and Yelp datasets than the baselines.

This article considers the group consistency of second-order MAS with directly connected spanning tree communication topology. Because the MAS is divided into several groups, we proposed a group consistency control method based on intermittent control, and the range of parameters is given when the system achieves consensus. The protocol can realize periodic control and reduce the working hours of the controller in period. Furthermore, the group consistency of MAS is turn to the stability analysis of error, and a group consistency protocol of MAS with time-delays is designed. Finally, two examples are used for verify the theory.

The concealment and confusion nature of insider threat makes it a challenging task for security analysts to identify insider threat from log data. To detect insider threat, we propose a novel gated recurrent unit (GRU) and multi-autoencoder based insider threat detection method, which is an unsupervised anomaly detection method. It takes advantage of the extremely unbalanced characteristic of insider threat data and constructs a normal behavior autoencoder with low reconfiguration error through multi-level filter behavior learning, and identifies the behavior data with high reconfiguration error as abnormal behavior. In order to achieve the high efficiency of calculation and detection, GRU and multi-head attention are introduced into the autoencoder. Use dataset v6.2 of the CERT insider threat as validation data and threat detection recall as evaluation metric. The experimental results show that the effect of the proposed method is obviously better than that of Isolation Forest, LSTM autoencoder and multi-channel autoencoders based insider threat detection methods, and it's an effective insider threat detection technology.

Text analytics directly on compression (TADOC) has proven to be a promising technology for big data analytics. GPUs are extremely popular accelerators for data analytics systems. Unfortunately, no work so far shows how to utilize GPUs to accelerate TADOC. We describe G-TADOC, the first framework that provides GPU-based text analytics directly on compression, effectively enabling efficient text analytics on GPUs without decompressing the input data. G-TADOC solves three major challenges. First, TADOC involves a large amount of dependencies, which makes it difficult to exploit massive parallelism on a GPU. We develop a novel fine-grained thread-level workload scheduling strategy for GPU threads, which partitions heavily-dependent loads adaptively in a fine-grained manner. Second, in developing G-TADOC, thousands of GPU threads writing to the same result buffer leads to inconsistency while directly using locks and atomic operations lead to large synchronization overheads. We develop a memory pool with thread-safe data structures on GPUs to handle such difficulties. Third, maintaining the sequence information among words is essential for lossless compression. We design a sequence-support strategy, which maintains high GPU parallelism while ensuring sequence information. Our experimental evaluations show that G-TADOC provides 31.1× average speedup compared to state-of-the-art TADOC.

Cyber-Physical Power Systems (CPPSs) currently face an increasing number of security attacks and lack methods for optimal proactive security decisions to defend the attacks. This paper proposed an optimal defensive method based on game theory to minimize the system performance deterioration of CPPSs under cyberspace attacks. The reinforcement learning algorithmic solution is used to obtain the Nash equilibrium and a set of metrics of system vulnerabilities are adopted to quantify the cost of defense against cyber-attacks. The minimax-Q algorithm is utilized to obtain the optimal defense strategy without the availability of the attacker's information. The proposed solution is assessed through experiments based on a realistic power generation microsystem testbed and the numerical results confirmed its effectiveness.

GSSD is an evolving knowledge networking system dedicated to sustainable development. Designed to help identify and extend innovative approaches toward sustainability—including enabling technologies, policies, and strategies—it tracks diverse aspects of challenges, problems, and emergent solutions to date. Specifically, it is a computer-assisted, organized system linking discrete actors with a knowledge producing capacity that is, (b) combined via common organizing principles, and (c) based on individual autonomy; such that (d) the value of networked knowledge is enhanced, and (e) the stock of knowledge is expanded further.

Executive Order (EO) 14028, Improving the Nation's Cybersecurity, 12 May 2021, directs the National Institute of Standards and Technology (NIST) to recommend minimum standards for software testing within 60 days. This document describes eleven recommendations for software verification techniques as well as providing supplemental information about the techniques and references for further information. It recommends the following techniques: • Threat modeling to look for design-level security issues • Automated testing for consistency and to minimize human effort • Static code scanning to look for top bugs • Heuristic tools to look for possible hardcoded secrets • Use of built-in checks and protections • "Black box" test cases • Code-based structural test cases • Historical test cases • Fuzzing • Web app scanners, if applicable • Address included code (libraries, packages, services) The document does not address the totality of software verification, but instead recommends techniques that are broadly applicable and form the minimum standards. The document was developed by NIST in consultation with the National Security Agency. Additionally, we received input from numerous outside organizations through papers submitted to a NIST workshop on the Executive Order held in early June, 2021 and discussion at the workshop as well as follow up with several of the submitters.

Supervisory Control and Data Acquisition (SCADA) and Distributed Control Systems (DCS) use advanced computing, sensors, control systems, and communication networks to monitor and control industrial processes and distributed assets. The increased connectivity of these systems to corporate networks has exposed them to new security threats and made them a prime target for cyber-attacks with the potential of causing catastrophic economic, social, and environmental damage. Recent intensified sophisticated attacks on these systems have stressed the importance of methodologies and tools to assess the security risks of Industrial Control Systems (ICS). In this paper, we propose a novel game theory model and Monte Carlo simulations to assess the cybersecurity risks of an exemplary industrial control system under realistic assumptions. We present five game enrollments where attacker and defender agents make different preferences and we analyze the final outcome of the game. Results show that a balanced defense with uniform budget spending is the best strategy against a look-ahead attacker.

Disinformation, fake news, and unverified rumors spread quickly in online social networks (OSNs) and manipulate people's opinions and decisions about life events. The solid mathematical solutions of the strategic decisions in OSNs have been provided under game theory models, including multiple roles and features. This work proposes a game-theoretic opinion framework to model subjective opinions and behavioral strategies of attackers, users, and a defender. The attackers use information deception models to disseminate disinformation. We investigate how different game-theoretic opinion models of updating people's subject opinions can influence a way for people to handle disinformation. We compare the opinion dynamics of the five different opinion models (i.e., uncertainty, homophily, assertion, herding, and encounter-based) where an opinion is formulated based on Subjective Logic that offers the capability to deal with uncertain opinions. Via our extensive experiments, we observe that the uncertainty-based opinion model shows the best performance in combating disinformation among all in that uncertainty-based decisions can significantly help users believe true information more than disinformation.

The network attack such as Distributed Denial-of-Service (DDoS) attack could be critical to latency-critical systems such as Mobile Edge Computing (MEC) as such attacks significantly increase the response delay of the victim service. Intrusion prevention system (IPS) is a promising solution to defend against such attacks, but there will be a trade-off between IPS deployment and application resource reservation as the deployment of IPS will reduce the number of computation resources for MEC applications. In this paper, we proposed a game-theoretic framework to study the joint computation resource allocation and IPS deployment in the MEC architecture. We study the pricing strategy of the MEC platform operator and purchase strategy of the application service provider, given the expected attack strength and end user demands. The best responses of both MPO and ASPs are derived theoretically to identify the Stackelberg equilibrium. The simulation results confirm that the proposed solutions significantly increase the social welfare of the system.

Generative Adversarial Networks (GANs) are machine learning methods that are used in many important and novel applications. For example, in imaging science, GANs are effectively utilized in generating image datasets, photographs of human faces, image and video captioning, image-to-image translation, text-to-image translation, video prediction, and 3D object generation to name a few. In this paper, we discuss how GANs can be used to create an artificial world. More specifically, we discuss how GANs help to describe an image utilizing image/video captioning methods and how to translate the image to a new image using image-to-image translation frameworks in a theme we desire. We articulate how GANs impact creating a customized world.

The extensive utilization of network by smart devices, computers and servers makes it vulnerable to malicious activities where intruders and attackers tends to violate system security policies and authenticity to slither essential information. Honeypots are designed to create a virtual trap against hackers. The trap is to attract intruders and gather information about attackers and attack features. Honeypots mimics as a computer application, billing systems, webpages and client server-based applications to understand attackers behavior by gathering attack features and common foot prints used by hackers to forge information. In this papers, authors analyse amazon web services honeypot (AWSH) data to determine geo-spatial distribution of targeted attacks originated from different locations. The categorization of attacks is made on the basis of internet protocols and frequency of attack occurrences worldwide.

Cyber-defense systems are being developed to automatically ingest Cyber Threat Intelligence (CTI) that contains semi-structured data and/or text to populate knowledge graphs. A potential risk is that fake CTI can be generated and spread through Open-Source Intelligence (OSINT) communities or on the Web to effect a data poisoning attack on these systems. Adversaries can use fake CTI examples as training input to subvert cyber defense systems, forcing their models to learn incorrect inputs to serve the attackers' malicious needs. In this paper, we show how to automatically generate fake CTI text descriptions using transformers. Given an initial prompt sentence, a public language model like GPT-2 with fine-tuning can generate plausible CTI text that can mislead cyber-defense systems. We use the generated fake CTI text to perform a data poisoning attack on a Cybersecurity Knowledge Graph (CKG) and a cybersecurity corpus. The attack introduced adverse impacts such as returning incorrect reasoning outputs, representation poisoning, and corruption of other dependent AI-based cyber defense systems. We evaluate with traditional approaches and conduct a human evaluation study with cyber-security professionals and threat hunters. Based on the study, professional threat hunters were equally likely to consider our fake generated CTI and authentic CTI as true.

Semantic image annotation is a field of paramount importance in which deep learning excels. However, some application domains, like security or medicine, may need an explanation of this annotation. Explainable Artificial Intelligence is an answer to this need. In this work, an explanation is a sentence in natural language that is dedicated to human users to provide them clues about the process that leads to the decision: the labels assignment to image parts. We focus on semantic image annotation with fuzzy logic that has proven to be a useful framework that captures both image segmentation imprecision and the vagueness of human spatial knowledge and vocabulary. In this paper, we present an algorithm for textual explanation generation of the semantic annotation of image regions.

The rapid development of machine learning technology has prompted the applications of Automatic Speech Recognition(ASR). However, studies have shown that the state-of-the-art ASR technologies are still vulnerable to various attacks, which undermines the stability of ASR destructively. In general, most of the existing attack techniques for the ASR model are based on white box scenarios, where the adversary uses adversarial samples to generate a substituted model corresponding to the target model. On the contrary, there are fewer attack schemes in the black-box scenario. Moreover, no scheme considers the problem of how to construct the architecture of the substituted models. In this paper, we point out that constructing a good substituted model architecture is crucial to the effectiveness of the attack, as it helps to generate a more sophisticated set of adversarial examples. We evaluate the performance of different substituted models by comprehensive experiments, and find that ensemble substituted models can achieve the optimal attack effect. The experiment shows that our approach performs attack over 80% success rate (2% improvement compared to the latest work) meanwhile maintaining the authenticity of the original sample well.

Information flow type systems enforce the security property of noninterference by detecting unauthorized data flows at compile-time. However, they require precise type annotations, making them difficult to use in practice as much of the legacy infrastructure is written in untyped or dynamically-typed languages. Gradual typing seamlessly integrates static and dynamic typing, providing the best of both approaches, and has been applied to information flow control, where information flow monitors are derived from gradual security types. Prior work on gradual information flow typing uncovered tensions between noninterference and the dynamic gradual guarantee- the property that less precise security type annotations in a program should not cause more runtime errors.This paper re-examines the connection between gradual information flow types and information flow monitors to identify the root cause of the tension between the gradual guarantees and noninterference. We develop runtime semantics for a simple imperative language with gradual information flow types that provides both noninterference and gradual guarantees. We leverage a proof technique developed for FlowML and reduce noninterference proofs to preservation proofs.

The impact of malware grows for IT (information technology) systems day by day. The number, the complexity, and the cost of them increase rapidly. While researchers are developing new and better detection algorithms, attackers are also evolving malware to fail the current detection techniques. Therefore malware detection becomes one of the most challenging tasks in cyber security. To increase the performance of the detection techniques, researchers benefit from different approaches. But some of them might cost a lot both in time and hardware resources. This situation puts forward fast and cheap detection methods. In this context, static analysis provides these utilities but it is important to keep detection accuracy high while reducing resource consumption. Opcodes (operational codes) are commonly used in static analysis but sometimes feature extraction from opcodes might be difficult since an opcode sequence might have a great length. Furthermore, most of the malware developers use obfuscation and encryption techniques to avoid detection methods based on static analysis. This kind of malware is called packed malware and according to common belief, packed malware should be either unpacked or analyzed dynamically in order to detect them. In this study, a graph-based malware detection method has been proposed to overcome these problems. The proposed method relies on obtaining the opcode graph of every executable file in the dataset and using them for future extraction. In this way, the proposed method reaches up to 98% detection accuracy. In addition to the accuracy rate, the proposed method makes it possible to detect packed malware without the need for unpacking or dynamic analysis.

There is an increasing concern about possible hostile modification done to ICs, which are used in various critical applications. Such malicious modifications are referred to as Hardware Trojan. A novel procedure to detect these malicious Trojans using Genetic algorithm along with the logical masking technique which masks the Trojan module when embedded is presented in this paper. The circuit features such as transition probability and SCOAP are used as suitable parameters to identify the rare nodes which are more susceptible for Trojan insertion. A set of test patterns called optimal test patterns are generated using Genetic algorithm to claim that these test vectors are more feasible to detect the presence of Trojan in the circuit under test. The proposed methodologies are validated in accordance with ISCAS '85 and ISCAS '89 benchmark circuits. The experimental results proven that it achieves maximum Trigger coverage, Trojan coverage and is also able to successfully mask the inserted Trojan when it is triggered by the optimal test patterns.