Biblio

Fuzzing has been widely adopted as an effective techniques to detect vulnerabilities in softwares. However, existing fuzzers suffer from the problems of generating excessive test inputs that either cannot pass input validation or are ineffective in exploring unvisited regions in the program under test (PUT). To tackle these problems, we propose a greybox fuzzer called MuFuzzer based on AFL, which incorporates two heuristics that optimize seed selection and automatically extract input formatting information from the PUT to increase the chance of generating valid test inputs, respectively. In particular, the first heuristic collects the branch coverage and execution information during a fuzz session, and utilizes such information to guide fuzzing tools in selecting seeds that are fast to execute, small in size, and more importantly, more likely to explore new behaviors of the PUT for subsequent fuzzing activities. The second heuristic automatically identifies string comparison operations that the PUT uses for input validation, and establishes a dictionary with string constants from these operations to help fuzzers generate test inputs that have higher chances to pass input validation. We have evaluated the performance of MuFuzzer, in terms of code coverage and bug detection, using a set of realistic programs and the LAVA-M test bench. Experiment results demonstrate that MuFuzzer is able to achieve higher code coverage and better or comparative bug detection performance than state-of-the-art fuzzers.

With the rapid development of the Industrial Internet, the network security risks faced by industrial control systems (ICSs) are becoming more and more intense. How to do a good job in the security protection of industrial control systems is extremely urgent. For traditional network security, industrial control systems have some unique characteristics, which results in traditional intrusion detection systems that cannot be directly reused on it. Aiming at the industrial control system, this paper constructs all attack paths from the hacker's perspective through the attack tree model, and uses the LSTM algorithm to identify and classify the attack behavior, and then further classify the attack event by extracting atomic actions. Finally, through the constructed attack tree model, the results are reversed and predicted. The results show that the model has a good effect on attack recognition, and can effectively analyze the hacker attack path and predict the next attack target.

Developing mission-centric impact assessment techniques to address cyber resiliency in the cyber-physical systems (CPSs) requires integrating system inter-dependencies to the risk and resilience analysis process. Generally, network administrators utilize attack graphs to estimate possible consequences in a networked environment. Attack graphs lack to incorporate the operations-specific dependencies. Localizing the dependencies among operational missions, tasks, and the hosting devices in a large-scale CPS is also challenging. In this work, we offer a graphical modeling technique to integrate the mission-centric impact assessment of cyberattacks by relating the effect to the operational resiliency by utilizing a combination of the logical attack graph and mission impact propagation graph. We propose formal techniques to compute cyberattacks’ impact on the operational mission and offer an optimization process to minimize the same, having budgetary restrictions. We also relate the effect to the system functional operability. We illustrate our modeling techniques using a SCADA (supervisory control and data acquisition) case study for the cyber-physical power systems. We believe our proposed method would help evaluate and minimize the impact of cyber attacks on CPS’s operational missions and, thus, enhance cyber resiliency.

A new Domain Name System (DNS) cache poisoning attack aiming at clients has emerged recently. It induced cloud users to visit fake web sites and thus reveal information such as account passwords. However, the design of current DNS defense architecture does not formally consider the protection of clients. Although the DNS traffic encryption technology can alleviate this new attack, its deployment is as slow as the new DNS architecture. Thus we propose a lightweight adaptive intelligent defense strategy, which only needs to be deployed on the client without any configuration support of DNS. Firstly, we model the attack and defense process as a static stochastic game with incomplete information under bounded rationality conditions. Secondly, to solve the problem caused by uncertain attack strategies and large quantities of game states, we adopt a deep reinforcement learning (DRL) with guaranteed monotonic improvement. Finally, through the prototype system experiment in Alibaba Cloud, the effectiveness of our method is proved against multiple attack modes with a success rate of 97.5% approximately.

Internet of Things (IoT) combines the internet and physical objects to transfer information among the objects. In the emerging IoT networks, providing security is the major issue. IoT device is exposed to various security issues due to its low computational efficiency. In recent years, the Intrusion Detection System valuable tool deployed to secure the information in the network. This article exposes the Intrusion Detection System (IDS) based on deep learning and machine learning to overcome the security attacks in IoT networks. Long Short-Term Memory (LSTM) and K-Nearest Neighbor (KNN) are used in the attack detection model and performances of those algorithms are compared with each other based on detection time, kappa statistic, geometric mean, and sensitivity. The effectiveness of the developed IDS is evaluated by using Bot-IoT datasets.

Process variation is the critical issue in hardware Trojan detection. In the state-of-art works, ring oscillators are employed to address this problem. But ring oscillators are very sensitive to IR-drop effect, which exists ICs. In this paper, based on circuit theory, a IR-drop calibration method is proposed. The nominal power supply voltage and the others power supply voltage with a very small difference of the nominal power supply voltage are applied to the test chip. It is assumed that they have the same IR-drop $Δ$V. Combined with these measured data, the value of Vth + $Δ$V, can be obtained by mathematic analysis. The typical Vth from circuit simulation is used to compute $Δ$V. We studied the proposed method in a tested chip.

In this digital era, the usage of technology has increased rapidly and led to the deployment of more innovative technologies for storing and transferring the generated data. The most important aspect of the emerging communication technologies is to ensure the safety and security of the generated huge amount of data. Hence, cryptography is considered as a pathway that can securely transfer and save the data. Cryptography comprises of ciphers that act like an algorithm, where the data is encrypted at the source and decrypted at the destination. This paper comprises of two ciphers namely PRESENT and AES ciphers. In the real-time applications, AES is no more relevant especially for segmenting the organizations that leverage RFID, Sensors and IoT devices. In order to overcome the strategic issues faced by these organization, PRESENT ciphers work appropriately with its super lightweight block figure, which has the equivalent significance to both security and equipment arrangements. This paper compares the AES (Advance encryption standard) symmetric block cipher with PRESENT symmetric block cipher to leverage in the industries mentioned earlier, where the huge consumption of resources becomes a significant factor. For the comparison of different ciphers, the results of area, timing analysis and the waveforms are taken into consideration.

In the last couple of years ARM-based servers have been gradually adopted by cloud service providers and utilized in the data centers. Such tendency may provide great business opportunities for various companies in the industry. Hence, the ability to timely track the development trend of the ARM-based server ecosystem (ASE) from technical perspective is of great importance. In this paper the level of development of the ASE is quantitatively assessed based on open-source data analysis. In particular, statistical data is extracted from 42 Linux kernels to analyze the development process of the ASE. Furthermore, an estimate of the development trend of the ASE in the next 10 years is made based on the statistical data. The estimated results provide insight on when the ASE may become as mature as today's x86-based server ecosystem.

This paper studies initial-value privacy problems of linear dynamical systems. We consider a standard linear time-invariant system with random process and measurement noises. For such a system, eavesdroppers having access to system output trajectories may infer the system initial states, leading to initial-value privacy risks. When a finite number of output trajectories are eavesdropped, we consider a requirement that any guess about the initial values can be plausibly denied. When an infinite number of output trajectories are eavesdropped, we consider a requirement that the initial values should not be uniquely recoverable. In view of these two privacy requirements, we define differential initial-value privacy and intrinsic initial-value privacy, respectively, for the system as metrics of privacy risks. First of all, we prove that the intrinsic initial-value privacy is equivalent to unobservability, while the differential initial-value privacy can be achieved for a privacy budget depending on an extended observability matrix of the system and the covariance of the noises. Next, the inherent network nature of the considered linear system is explored, where each individual state corresponds to a node and the state and output matrices induce interaction and sensing graphs, leading to a network system. Under this network system perspective, we allow the initial states at some nodes to be public, and investigate the resulting intrinsic initial- value privacy of each individual node. We establish necessary and sufficient conditions for such individual node initial-value privacy, and also prove that the intrinsic initial-value privacy of individual nodes is generically determined by the network structure.

In this research we propose a framework that will strengthen the IoT devices security from dual perspectives; avoid devices to become attack target as well as a source of an attack. Unlike traditional devices, IoT devices are equipped with insufficient host-based defense system and a continuous internet connection. All time internet enabled devices with insufficient security allures the attackers to use such devices and carry out their attacks on rest of internet. When plethora of vulnerable devices become source of an attack, intensity of such attacks increases exponentially. Mirai was one of the first well-known attack that exploited large number of vulnerable IoT devices, that bring down a large part of Internet. To strengthen the IoT devices from dual security perspective, we propose a two step framework. Firstly, confine the communication boundary of IoT devices; IoT-Sphere. A sphere of IPs that are allowed to communicate with a device. Any communication that violates the sphere will be blocked at the gateway level. Secondly, only allowed communication will be evaluated for potential attacks and anomalies using advance detection engines. To show the effectiveness of our proposed framework, we perform couple of attacks on IoT devices; camera and google home and show the feasibility of IoT-Sphere.

Image steganography is the operation of hiding a message into a cover image. the message can be text, codes, or image. Hiding an image into another is the proposed approach in this paper. Based on LSB coding, a k-LSB-based method is proposed using k least bits to hide the image. For decoding the hidden image, a region detection operation is used to know the blocks contains the hidden image. The resolution of stego image can be affected, for that, an image quality enhancement method is used to enhance the image resolution. To demonstrate the effectiveness of the proposed approach, we compare it with some of the state-of-the-art methods.

Authenticating a person's identity has always been a challenge. While attempts are being made by government agencies to address this challenge, the citizens are being exposed to a new age problem of Identity management. The sharing of photocopies of identity cards in order to prove our identity is a common sight. From score-card to Aadhar-card, the details of our identity has reached many unauthorized hands during the years. In India the identity thefts accounts for 77% [1] of the fraud cases, and the threats are trending. Programs like e-Residency by Estonia[2], Bitnation using Ethereum[3] are being devised for an efficient Identity Management. Even the US Home Land Security is funding a research with an objective of “Design information security and privacy concepts on the Blockchain to support identity management capabilities that increase security and productivity while decreasing costs and security risks for the Homeland Security Enterprise (HSE).” [4] This paper will discuss the challenges specific to India around Identity Management, and the possible solution that the Distributed ledger, hashing algorithms and smart contracts can offer. The logic of hashing the personal data, and controlling the distribution of identity using public-private keys with Blockchain technology will be discussed in this paper.

The Internet of Things (IoT) has transformed many application domains with realtime, continuous, automated control and information transmission. The smart grid is one such futuristic application domain in execution, with a large-scale IoT network as its backbone. By leveraging the functionalities and characteristics of IoT, the smart grid infrastructure benefits not only consumers, but also service providers and power generation organizations. The confluence of IoT and smart grid comes with its own set of challenges. The underlying cyberspace of IoT, though facilitates communication (information propagation) among devices of smart grid infrastructure, it undermines the privacy at the same time. In this paper we propose a new measure for quantifying the probability of privacy leakage based on the behaviors of the devices involved in the communication process. We construct a privacy stochastic game model based on the information shared by the device, and the access to the compromised device. The existence of Nash Equilibrium strategy of the game is proved theoretically. We experimentally validate the effectiveness of the privacy stochastic game model.

Video surveillance plays an important role in our times. It is a great help in reducing the crime rate, and it can also help to monitor the status of facilities. The performance of the video surveillance system is limited by human factors such as fatigue, time efficiency, and human resources. It would be beneficial for all if fully automatic video surveillance systems are employed to do the job. The automation of the video surveillance system is still not satisfying regarding many problems such as the accuracy of the detector, bandwidth consumption, storage usage, etc. This scientific paper mainly focuses on a video surveillance system using Convolutional Neural Networks (CNN), IoT and cloud. The system contains multi nods, each node consists of a microprocessor(Raspberry Pi) and a camera, the nodes communicate with each other using client and server architecture. The nodes can detect humans using a pretraining MobileNetv2-SSDLite model and Common Objects in Context(COCO) dataset, the captured video will stream to the main node(only one node will communicate with cloud) in order to stream the video to the cloud. Also, the main node will send an SMS notification to the security team to inform the detection of humans. The security team can check the videos captured using a mobile application or web application. Operating the Object detection model of Deep learning will be required a large amount of the computational power, for instance, the Raspberry Pi with a limited in performance for that reason we used the MobileNetv2-SSDLite model.

This paper is the first to investigate the long-term stability of Surface Acoustic Wave Gyroscopes (SAWG) using an ovenized control system. Monolithic integration of a MEMS heater adjacent to SAW devices on Lithium Niobate over insulator substrate (LNOI) tightly couples frequency-based temperature detection with heating for temperature and frequency stabilization. This first prototype demonstrates the ability to minimize the temperature variations of the SAWG to below ±10 μK and stabilize the SAWG resonance frequency to ±0.2 ppm. This approach thus eliminates the thermal drift in a SAWG and enables the development of a new generation of MEMS-based gyroscopes with long-term stability.

In this article, the writers suggested a scheme for analyzing the optimum crop cultivation based on Fuzzy Logic Network (Implementation of Fuzzy Logic Control in Predictive Analysis and Real Time Monitoring of Optimum Crop Cultivation) knowledge. The Fuzzy system is Fuzzy Logic's set. By using the soil, temperature, sunshine, precipitation and altitude value, the scheme can calculate the output of a certain crop. By using this scheme, the writers hope farmers can boost f arm output. This, thus will have an enormous effect on alleviating economical deficiency, strengthening rate of employment, the improvement of human resources and food security.

Machine to Machine (M2M) a sub area of Internet of Things (IoT) will link billions of devices or things distributed around the world using the Internet. These devices when connected exchange information obtained from the environment such as temperature or humidity from industrial or residential control process. Information Security (IS) and Trust are one of the fundamental points for users and the industry to accept the use of these devices with Confidentiality, Integrity, Availability and Authenticity. The key reason is that most of these devices use wireless media especially in residential and smart city environments. The overall goal of this work is to implement a Middleware Security to improve Safety and Security between the control network devices used in IoT/M2M and the Internet for residential or industrial environments. This implementation has been tested with different protocols as CoAP and MQTT, a microcomputer with free Real-Time Operating System (RTOS) implemented in a Raspberry Pi Gateway Access Point (RGAP), Network Address Translator (NAT), IPTable firewall and encryption is part of this implementation for secure data transmission

In the current world, day by day the data growth and the investigation about that information increased due to the pervasiveness of computing devices, but people are reluctant to share their information on online portals or surveys fearing safety because sensitive information such as credit card information, medical conditions and other personal information in the wrong hands can mean danger to the society. These days privacy preserving has become a setback for storing data in data repository so for that reason data in the repository should be made undistinguishable, data is encrypted while storing and later decrypted when needed for analysis purpose in data mining. While storing the raw data of the individuals it is important to remove person-identifiable information such as name, employee id. However, the other attributes pertaining to the person should be encrypted so the methodologies used to implement. These methodologies can make data in the repository secure and PPDM task can made easier.

This paper proposes a novel extension of blockchain systems with fuzzy ontologies. The main advantage is to let the users have flexible restrictions, represented using fuzzy sets, and to develop smart contracts where there is a partial agreement among the involved parts. We propose a general architecture based on four fuzzy ontologies and a process to develop and run the smart contracts, based on a reduction to a well-known fuzzy ontology reasoning task (Best Satisfiability Degree). We also investigate different operators to compute Pareto-optimal solutions and implement our approach in the Ethereum blockchain.

Cryptography is a powerful means of delivering information in a secure manner. Over the years, many image encryption algorithms have been proposed based on the chaotic system to protect the digital image against cryptography attacks. In chaotic encryption, it jumbles the image to vary the framework of the image. This makes it difficult for the attacker to retrieve the original image. This paper introduces an efficient image encryption algorithm incorporating the genetic algorithm, bit plane slicing and bit plane rotation of the digital image. The digital image is sliced into eight planes and each plane is well rotated to give a fully encrypted image after the application of the Genetic Algorithm on each pixel of the image. This makes it less prone to attacks. For decryption, we perform the operations in the reverse order. The performance of this algorithm is measured using various similarity measures like Structural Similarity Index Measure (SSIM). The results exhibit that the proposed scheme provides a stronger level of encryption and an enhanced security level.

With the rapid development of information technology and the increasing popularity of information and communication technology, the information age has come. Enterprises must adapt to changes in the times, introduce network and computer technologies in a timely manner, and establish more efficient and reasonable information systems and platforms. Large-scale information system construction is inseparable from related audit work, and network security risks have become an important part of information system audit concerns. This paper analyzes the objectives and contents of information system audits under the background of network information security through theoretical analysis, and on this basis, proposes how the IS audit work will be carried out.

Visible light communication (VLC) is considered as an emerging system for wireless indoor multimedia communications. As any wireless communication system, its channels are open and reachable to both licensed and unlicensed users owing to the broadcast character of visible-light propagation in public areas or multiple-user scenarios. In this work, we consider the physical-layer security approaches for VLC to mitigate this limitation. The physical-layer security approaches can be divided into two categories: keyless security and key-based security approaches. In the last category, recently, the authors introduced physical-layer key-generation approaches for optical orthogonal frequency division multiplexing (OFDM) systems. In these approaches, the cyclic prefix (CP) samples are exploited for key generation. In this paper, we study the effect of the length of key space and order of modulation on the security level, BER performance, and key-disagreement-rate (KDR) of the introduced key-based security approaches. From the results, our approaches are more efficient in higher order of modulation as the KDR decreases with the increase of order of modulation.

This paper proposes a method that offers much higher security for Iseki's fully homomorphic encryption (FHE), a recently proposed secure computation scheme. The key idea is re-encrypting already encrypted data. This second encryption is executed using new common keys, whereby two or more encryptions offer much stronger security.

Researchers have demonstrated the effectiveness of self-explanations (SE) as an instructional practice and study strategy. However, there is a lack of work studying the characteristics of SE responses prompted by collaborative activities. In this paper, we use writing analytics to investigate differences between SE text responses resulting from individual versus collaborative learning activities. A Coh-Metrix analysis suggests that students in the collaborative SE activity demonstrated a higher level of comprehension. Future research should explore how writing analytics can be incorporated into CSCL systems to support student performance of SE activities.

This paper proposes new original solutions for the use of interpretable flexible fuzzy systems for identity verification based on an on-line signature. Such solutions must be scalable because the verification of the identity of each user must be carried out independently of one another. In addition, a large number of system users limit the possibilities of iterative system learning. An important issue is the ability to interpret the system rules because it explains how the similarity of test signatures to reference signature templates is assessed. In this paper, we propose an approach that meets all of the above requirements and works effectively for the on-line signatures' database used in the simulations.