Biblio

Recent cyberattacks targeting Supervisory Control and Data Acquisition (SCADA)/Industrial Control System(ICS) exploit weaknesses of host system software environment and take over the control of host processes in the host of the station network. We analyze the attack path of these attacks, which features how the attack hijacks the host in the network and compromises the operations of field device controllers. The paper proposes a host-based protection method, which can prevent malware penetration into the process memory by code injection attacks. The method consists of two protection schemes. One is to prevent file-based code injection such as DLL injection. The other is to prevent fileless code injection. The method traces changes in memory regions and determine whether the newly allocated memory is written with malicious codes. For this method, we show how a machine learning method can be adopted.

Most financial markets prohibit unfair trades as they reduce efficiency and diminish the integrity of the market. Spoofers place orders they have no intention of trading in order to manipulate market prices and profit illegally. Most financial markets prohibit such spoofing orders; however, further clarification is still needed regarding how many orders a spoofer needs to place in order to manipulate market prices and profit. In this study I built an artificial market model (an agent-based model for financial markets) to show how unbalanced buy and sell orders affect the expected returns, and I implemented the spoofer agent in the model. I then investigated how many orders the spoofer needs to place in order to manipulate market prices and profit illegally. The results indicate that showing more spoofing orders than waiting orders in the order book enables the spoofer to earn illegally, amplifies price fluctuation, and reduces the efficiency of the market.

Recent advancements in the field of in-vehicle network and wireless communication, has been steadily progressing. Also, the advent of technologies such as Vehicular Adhoc Networks (VANET) and Intelligent Transportation System (ITS), has transformed modern automobiles into a sophisticated cyber-physical system rather than just a isolated mechanical device. Modern automobiles rely on many electronic control units communicating over the Controller Area Network (CAN) bus. Although protecting the car's external interfaces is an vital part of preventing attacks, detecting malicious activity on the CAN bus is an effective second line of defense against attacks. This paper proposes a hybrid anomaly detection system for CAN bus based on patterns of recurring messages and time interval of messages. The proposed method does not require modifications in CAN bus. The proposed system is evaluated on real CAN bus traffic with simulated attack scenarios. Results obtained show that our proposed system achieved a good detection rate with fast response times.

Recently, with the increase of smart factories, smart cities, and the 4th industrial revolution, internal user authentication is emerging as an important issue. The existing user authentication and Access Control architecture can use the centralized system to forge access history by the service manager, which can cause problems such as evasion of responsibility and internal corruption. In addition, the user must independently manage the ID or physical authentication medium for authentication of each service, it is difficult to manage the subscribed services. This paper proposes a Hybrid blockchain-based integrated ID model to solve the above problems. The user creates authentication information based on the electronic signature of the Ethereum Account, a public blockchain, and provides authentication to a service provider composed of a Hyperledger Fabric, a private blockchain. The service provider ensures the integrity of the information by recording the Access History and authentication information in the Internal-Ledger. Through the proposed architecture, we can integrate the physical pass or application for user authentication and authorization into one Unification ID. Service providers can prevent non-Repudiation of responsibility by recording their authority and access history in ledger.

Currently, data security issues are remaining as a major concern during digital communication. A large amount of crucial data is transmitted through the communication channel. There are many cryptographic algorithms available, which are used for providing data security during communication and storage process. However, the data needs to be decrypted for performing operations, which may lead to elevation of the privilege of data. The pin or passwords used for decryption of data can be easily identified using a brute force attack. This leads to losing the confidentiality of crucial data to an unauthorized user. In the proposed system, a combination of Homomorphic and Honey encryption is used to improve data confidentiality and user authentication problems. Thus, the system provides better data security for the issues related to outsourced databases.

The widespread application of 5G will make intrusion detection of large-scale network traffic a mere need. However, traditional intrusion detection cannot meet the requirements by manually extracting features, and the existing AI methods are also relatively inefficient. Therefore, when performing intrusion detection tasks, they have significant disadvantages of high false alarm rates and low recognition performance. For this challenge, this paper proposes a novel hybrid network, RULA-IDS, which can perform intrusion detection tasks by great amount statistical data from the network monitoring system. RULA-IDS consists of the fully connected layer, the feature extraction layer, the global attention mechanism layer and the SVM classification layer. In the feature extraction layer, the residual U-Net and LSTM are used to extract the spatial and temporal features of the network traffic attributes. It is worth noting that we modified the structure of U-Net to suit the intrusion detection task. The global attention mechanism layer is then used to selectively retain important information from a large number of features and focus on those. Finally, the SVM is used as a classifier to output results. The experimental results show that our method outperforms existing state-of-the-art intrusion detection methods, and the accuracies of training and testing are improved to 97.01% and 98.19%, respectively, and presents stronger robustness during training and testing.

Named Data Networking (NDN) is a promising Internet architecture which is expected to solve some problems (e.g., security, mobility) of the current TCP/IP architecture. The basic concept of NDN is to use named data for routing instead of using location addresses like IP address. NDN natively supports consumer mobility, but producer mobility is still a challenge and there have been quite a few researches. Considering the Internet connection such as public transport vehicles, network mobility support in NDN is important, but it is still a challenge. That is the reason that this paper proposes an efficient network mobility support scheme in NDN in terms of signaling protocols and data retrieval.

The ever-increasing growth of urban populations coupled with recent mobile data usage trends has led to an unprecedented increase in wireless devices, services and applications, with varying quality of service needs in terms of latency, data rate, and connectivity. To cope with these rising demands and challenges, next-generation wireless networks have resorted to cloud radio access network (Cloud-RAN) technology as a way of reducing latency and network traffic. A concrete example of this is New York City's LinkNYC network infrastructure, which replaces the city's payphones with kiosk-like structures, called Links, to provide fast and free public Wi-Fi access to city users. When enabled with data storage capability, these Links can, for example, play the role of edge cloud devices to allow in-network content caching so that access latency and network traffic are reduced. In this paper, we propose HybridCache, a hybrid proactive and reactive in-network caching scheme that reduces content access latency and network traffic congestion substantially. It does so by first grouping edge cloud devices in clusters to minimize intra-cluster content access latency and then enabling cooperative-proactively and reactively-caching using LSTM-based prediction to minimize in-network content redundancy. Using the LinkNYC network as the backbone infrastructure for evaluation, we show that HybridCache reduces the number of hops that content needs to traverse and increases cache hit rates, thereby reducing both network traffic and content access latency.

Once constellation of satellites are working in a collaborative manner, the security of their messages would have to be highly secure from all angles of scenarios by which the praxis of eavesdropping constitutes a constant thread for the instability of the different tasks and missions. In this paper we employ the Bennet-Brassard commonly known as the BB84 protocol in conjunction to the technique of Cognitive Radio applied to the Internet of Space Things to build a prospective technology to guarantee the communications among geocentric orbital satellites. The simulations have yielded that for a constellation of 5 satellites, the probability of successful of completion the communication might be of order of 75% ±5%.

In this chapter, we develop a defense strategy to secure Internet of Battlefield Things (IoBT) based on a hypergame employing deceptive techniques. The hypergame is played multiple rounds. At each round, the adversary updates its perception of the attack graph and chooses the next node to compromise. The defender updates its perceived list of compromised nodes and actively feeds false signals to the adversary to create deception. The hypergame developed in this chapter provides an important theoretical framework for us to model how a cyberattack spreads on a network and the interaction between the adversary and the defender. It also provides quantitative metrics such as the time it takes the adversary to explore the network and compromise the target nodes. Based on these metrics, the defender can reboot the network devices and reset the network topology in time to clean up all potentially compromised devices and to protect the critical nodes. The hypergame provides useful guidance on how to create cyber deceptions so that the adversary cannot obtain information about the correct network topology and can be deterred from reaching the target critical nodes on a military network while it is in service.

The use of biometrics in security applications may be vulnerable to several challenges of hacking. Thus, the emergence of cancellable biometrics becomes a suitable solution to this problem. This paper presents a one-way cancellable biometric transform that depends on 3D chaotic maps for face and fingerprint encryption. It aims to avoid cloning of original biometrics and allow the templates used by each user in different applications to be variable. The permutations achieved with the chaotic maps guarantee high security of the biometric templates, especially with the 3D implementation of the encryption algorithm. In addition, the paper presents a hardware implementation for this framework. The proposed algorithm also achieves good performance in the presence of low and moderate levels of noise. An experimental version of the proposed cancellable biometric system has been applied on FPGA model. The obtained results achieve a powerful performance of the proposed cancellable biometric system.

This work proposes a plausible detection scheme for Hardware Trojan (HT) detection in frequency domain analysis. Due to shrinking technology every node consumes low power values (in the range of $μ$W) which are difficult to manipulate for HT detection using conventional methods. The proposed method utilizes the time domain power signals which is converted to frequency domain that represents the implausible signals and analyzed. The precision of HT detection is found to be increased because of the magnified power values in frequency domain. This work uses ISCAS89 bench mark circuits for conducting experiments. In this, the wide range of power values that spans from 695 $μ$W to 22.3 $μ$W are observed in frequency domain whereas the respective powers in time domain have narrow span of 2.29 $μ$W to 0.783 $μ$W which is unconvincing. This work uses the wide span of power values to identify HT and observed that the mid-band of frequencies have larger footprints than the side bands. These methods intend to help the designers in easy identification of HT even of single gate events.

In the paper, an intrusion detection system to safeguard computer software is proposed. The detection is based on negative selection algorithm, inspired by the human immunity mechanism. It is composed of two stages, generation of receptors and anomaly detection. Experimental results of the proposed system are presented, analyzed, and concluded.

Cyber-Physical Systems (CPS) are monitored and controlled by Supervisory Control and Data Acquisition (SCADA) systems that use advanced computing, sensors, control systems, and communication networks. At first, CPS and SCADA systems were protected and secured by isolation. However, with recent industrial technology advances, the increased connectivity of CPSs and SCADA systems to enterprise networks has uncovered them to new cybersecurity threats and made them a primary target for cyber-attacks with the potential of causing catastrophic economic, social, and environmental damage. Recent research focuses on new methodologies for risk modeling and assessment using game theory and reinforcement learning. This paperwork proposes to frame CPS security on two different levels, strategic and battlefield, by meeting ideas from game theory and Multi-Agent Reinforcement Learning (MARL). The strategic level is modeled as imperfect information, extensive form game. Here, the human administrator and the malware author decide on the strategies of defense and attack, respectively. At the battlefield level, strategies are implemented by machine learning agents that derive optimal policies for run-time decisions. The outcomes of these policies manifest as the utility at a higher level, where we aim to reach a Nash Equilibrium (NE) in favor of the defender. We simulate the scenario of a virus spreading in the context of a CPS network. We present experiments using the MiniCPS simulator and the OpenAI Gym toolkit and discuss the results.

Privacy preservation is a challenging task with the huge amount of data that are available in social media. The data those are stored in the distributed environment or in cloud environment need to ensure confidentiality to data. In addition, representing the voluminous data is graph will be convenient to perform keyword search. The proposed work initially reads the data corresponding to social media and converts that into a graph. In order to prevent the data from the active attacks Advanced Encryption Standard algorithm is used to perform graph encryption. Later, search operation is done using two algorithms: kNK keyword search algorithm and top k nearest keyword search algorithm. The first scheme is used to fetch all the data corresponding to the keyword. The second scheme is used to fetch the nearest neighbor. This scheme increases the efficiency of the search process. Here shortest path algorithm is used to find the minimum distance. Now, based on the minimum value the results are produced. The proposed algorithm shows high performance for graph generation and searching and moderate performance for graph encryption.

To protect against misuse of passwords compromised in a breach, consumers should promptly change affected passwords and any similar passwords on other accounts. Ideally, affected companies should strongly encourage this behavior and have mechanisms in place to mitigate harm. In order to make recommendations to companies about how to help their users perform these and other security-enhancing actions after breaches, we must first have some understanding of the current effectiveness of companies’ post-breach practices. To study the effectiveness of password-related breach notifications and practices enforced after a breach, we examine—based on real-world password data from 249 participants—whether and how constructively participants changed their passwords after a breach announcement. Of the 249 participants, 63 had accounts on breached domains; only 33% of the 63 changed their passwords and only 13% (of 63) did so within three months of the announcement. New passwords were on average 1.3× stronger than old passwords (when comparing log10-transformed strength), though most were weaker or of equal strength. Concerningly, new passwords were overall more similar to participants’ other passwords, and participants rarely changed passwords on other sites even when these were the same or similar to their password on the breached domain. Our results highlight the need for more rigorous passwordchanging requirements following a breach and more effective breach notifications that deliver comprehensive advice.

Information Technology (IT) is a complex domain. In order to properly manage IT related processes, several frameworks including ITIL (Information Technologies Infrastructure Library), COBIT (Control OBjectives for Information and related Technologies), IT Service CMMI (IT Service Capability Maturity Model) and many others have emerged in recent decades. Meanwhile, the prevalence of Agile methods has increased, posing the coexistence of Agile approach with different IT frameworks already adopted in organizations. More specifically, the pursuit of being agile in the area of digitalization pushes organizations to go for agile transformation while preserving full compliance to IT frameworks for the sake of their survival. The necessity for this coexistence, however, brings its own challenges and solutions for harmonizing the requirements of both parties. In this paper, we focus on harmonizing the requirements of COBIT and Scrum in a same organization, which is especially challenging when a full compliance to COBIT is expected. Therefore, this study aims to identifying the challenges of and possible solutions for the coexistence of Scrum and COBIT (version 4.1 in this case) in an organization, by considering two case studies: one from the literature and the case of Akbank delivered in this study. Thus, it extends the corresponding previous case study from two points: adds one more case study to enrich the results from the previous case study and provides more opportunity to make generalization by considering two independent cases.

Human action recognition in video is one of the most widely applied topics in the field of image and video processing, with many applications in surveillance (security, sports, etc.), activity detection, video-content-based monitoring, man-machine interaction, and health/disability care. Action recognition is a complex process that faces several challenges such as occlusion, camera movement, viewpoint move, background clutter, and brightness variation. In this study, we propose a novel human action recognition method using convolutional neural networks (CNN) and deep bidirectional LSTM (DB-LSTM) networks, using only raw video frames. First, deep features are extracted from video frames using a pre-trained CNN architecture called ResNet152. The sequential information of the frames is then learned using the DB-LSTM network, where multiple layers are stacked together in both forward and backward passes of DB-LSTM, to increase depth. The evaluation results of the proposed method using PyTorch, compared to the state-of-the-art methods, show a considerable increase in the efficiency of action recognition on the UCF 101 dataset, reaching 95% recognition accuracy. The choice of the CNN architecture, proper tuning of input parameters, and techniques such as data augmentation contribute to the accuracy boost in this study.

In this paper, an E-band MIMO radar with 1 transmit and 4 receive channels is designed. The signal bandwidth is 2GHz at 77GHz, the max power of transmitted signal which is Frequency-modulated continuous-wave (FMCW) is 13dBm. This radar consists of two cascade parts: RF frond-end and digital signal process block. The RF front-end part includes antenna array, millimeter wave transceiver chips, and the digital signal process part includes FPGA, DSP and power supply circuits. It could be used in foreign object detection (FOD), landing assistance of helicopter and security checking.

A critical need exists for collaboration and action by government, industry, and academia to address cyber weaknesses or vulnerabilities inherent to embedded or cyber physical systems (CPS). These vulnerabilities are introduced as we leverage technologies, methods, products, and services from the global supply chain throughout a system's lifecycle. As adversaries are exploiting these weaknesses as access points for malicious purposes, solutions for system security and resilience become a priority call for action. The SAE G-32 Cyber Physical Systems Security Committee has been convened to address this complex challenge. The SAE G-32 will take a holistic systems engineering approach to integrate system security considerations to develop a Cyber Physical System Security Framework. This framework is intended to bring together multiple industries and develop a method and common language which will enable us to more effectively, efficiently, and consistently communicate a risk, cost, and performance trade space. The standard will allow System Integrators to make decisions utilizing a common framework and language to develop affordable, trustworthy, resilient, and secure systems.

Industrial control systems (ICSs) are used in various infrastructures and industrial plants for realizing their control operation and ensuring their safety. Concerns about the cybersecurity of industrial control systems have raised due to the increased number of cyber-attack incidents on critical infrastructures in the light of the advancement in the cyber activity of ICSs. Nevertheless, the operation of the industrial control systems is bind to vital aspects in life, which are safety, economy, and security. This paper presents a semi-supervised, hybrid attack detection approach for industrial control systems by combining Isolation Forest and Convolutional Neural Network (CNN) models. The proposed framework is developed using the normal operational data, and it is composed of a feature extraction model implemented using a One-Dimensional Convolutional Neural Network (1D-CNN) and an isolation forest model for the detection. The two models are trained independently such that the feature extraction model aims to extract useful features from the continuous-time signals that are then used along with the binary actuator signals to train the isolation forest-based detection model. The proposed approach is applied to a down-scaled industrial control system, which is a water treatment plant known as the Secure Water Treatment (SWaT) testbed. The performance of the proposed method is compared with the other works using the same testbed, and it shows an improvement in terms of the detection capability.

As we expect that the presence of autonomous robots in our everyday life will increase, we must consider that people will have not only to accept robots to be a fundamental part of their lives, but they will also have to trust them to reliably and securely engage them in collaborative tasks. Several studies showed that robots are more comfortable interacting with robots that respect social conventions. However, it is still not clear if a robot that expresses social conventions will gain more favourably people's trust. In this study, we aimed to assess whether the use of social behaviours and natural communications can affect humans' sense of trust and companionship towards the robots. We conducted a between-subjects study where participants' trust was tested in three scenarios with increasing trust criticality (low, medium, high) in which they interacted either with a social or a non-social robot. Our findings showed that participants trusted equally a social and non-social robot in the low and medium consequences scenario. On the contrary, we observed that participants' choices of trusting the robot in a higher sensitive task was affected more by a robot that expressed social cues with a consequent decrease of their trust in the robot.

Summary form only given, as follows. The complete presentation was not made available for publication as part of the conference proceedings. Banking, defence applications and cryptosystems often demand security features, including cryptography, tamper resistance, stealth, and etc., by means of hardware approaches and/or software approaches to prevent data leakages. The hardware physical attacks or commonly known as side channel attacks have been employed to extract the secret keys of the encrypted algorithms implemented in hardware devices by analyzing their physical parameters such as power dissipation, electromagnetic interference and timing information. Altered functions or unauthorized modules may be added to the circuit design during the shipping and manufacturing process, bringing in security threats to the deployed systems. In this presentation, we will discuss hardware assurance from both device level and circuit level, and present how machine learning techniques can be utilized. At the device level, we will first provide an overview of the different cryptography algorithms and present the side channel attacks, particularly the powerful Correlation Power Analysis (CPA) and Correlation Electromagnetic Analysis (CEMA) with a leakage model that can be used to reveal the secret keys of the cryptosystems. We will then discuss several countermeasure techniques and present how highly secured microchips can be designed based on these techniques. At the circuit level, we will provide an overview of manufactured IC circuit analysis through invasive IC delayering and imaging. We then present several machine learning techniques that can be efficiently applied to the retrieval of circuit contact points and connections for further netlist/functional analysis.

Hardware security has long been an important issue in the current IC design. In this paper, a hardware Trojan detection method based on frequency domain characteristics of power consumption is proposed. For some HTs, it is difficult to detect based on the time domain characteristics, these types of hardware Trojan can be analyzed in the frequency domain, and Mahalanobis distance is used to classify designs with or without HTs. The experimental results demonstrate that taking 10% distance as the criterion, the hardware Trojan detection results in the frequency domain have almost no failure cases in all the tested designs.

Many autonomous control systems are frequently exposed to attacks, so methods for attack identification are crucial for a safe operation. To preserve the privacy of the subsystems and achieve scalability in large-scale systems, identification algorithms should not require global model knowledge. We analyze a previously presented method for hierarchical attack identification, that is embedded in a distributed control setup for systems of systems with coupled nonlinear dynamics. It is based on the exchange of local sensitivity information and ideas from sparse signal recovery. In this paper, we prove sufficient conditions under which the method is guaranteed to identify all components affected by some unknown attack. Even though a general class of nonlinear dynamic systems is considered, our rigorous theoretical guarantees are applicable to practically relevant examples, which is underlined by numerical experiments with the IEEE 30 bus power system.