Biblio

Information visualization applications have become ubiquitous, in no small part thanks to the ease of wide distribution and deployment to users enabled by the web browser. Scientific visualization applications, relying on native code libraries and parallel processing, have been less suited to such widespread distribution, as browsers do not provide the required libraries or compute capabilities. In this paper, we revisit this gap in visualization technologies and explore how new web technologies, WebAssembly and WebGPU, can be used to deploy powerful visualization solutions for large-scale scientific data in the browser. In particular, we evaluate the programming effort required to bring scientific visualization applications to the browser through these technologies and assess their competitiveness against classic native solutions. As a main example, we present a new GPU-driven isosurface extraction method for block-compressed data sets, that is suitable for interactive isosurface computation on large volumes in resource-constrained environments, such as the browser. We conclude that web browsers are on the verge of becoming a competitive platform for even the most demanding scientific visualization tasks, such as interactive visualization of isosurfaces from a 1TB DNS simulation. We call on researchers and developers to consider investing in a community software stack to ease use of these upcoming browser features to bring accessible scientific visualization to the browser.

Botnet is one of the threats to internet network security-Botmaster in carrying out attacks on the network by relying on communication on network traffic. Internet of Things (IoT) network infrastructure consists of devices that are inexpensive, low-power, always-on, always connected to the network, and are inconspicuous and have ubiquity and inconspicuousness characteristics so that these characteristics make IoT devices an attractive target for botnet malware attacks. In identifying whether packet traffic is a malware attack or not, one can use machine learning classification methods. By using Weka and Scikit-learn analysis tools machine learning, this paper implements four machine learning algorithms, i.e.: AdaBoost, Decision Tree, Random Forest, and Naïve Bayes. Then experiments are conducted to measure the performance of the four algorithms in terms of accuracy, execution time, and false positive rate (FPR). Experiment results show that the Weka tool provides more accurate and efficient classification methods. However, in false positive rate, the use of Scikit-learn provides better results.

In a block channel IoT system, sensitive details can be leaked by means of the proof of work or address check, as data or application Validation data is applied on the blockchain. In this, the zero-knowledge evidence is applied to a smart metering system to show how to improve the anonymity of the blockchain for privacy safety without disclosing information as a public key. Within this article, a blockchain has been implemented to deter security risks such as data counterfeiting by utilizing intelligent meters. Zero-Knowledge Proof, an anonymity blockchain technology, has been implemented through block inquiry to prevent threats to security like personal information infringement. It was suggested that intelligent contracts would be used to avoid falsification of intelligent meter data and abuse of personal details.

A trust model IMPACT: Intention, Measurability, Predictability, Agility, Communication, and Transparency has been conceptualized to build human trust in autonomous agents. The six critical characteristics must be exhibited by the agents in order to gain and maintain the trust from their human partners towards an effective and collaborative team in achieving common goals. The IMPACT model guided a design of an intelligent adaptive decision aid for dynamic target engagement processes in a military context. Positive feedback from subject matter experts participated in a large scale joint exercise controlling multiple unmanned vehicles indicated the effectiveness of the decision aid. It also demonstrated the utility of the IMPACT model as design principles for building up a trusted human-agent teaming.

Virtualization and Software-defined Networking (SDN) are emerging technologies that play a major role in cloud computing. Cloud computing provides efficient utilization, high performance, and resource availability on demand. However, virtualization environments are vulnerable to various types of intrusion attacks that involve installing malicious software and denial of services (DoS) attacks. Utilizing SDN technology, makes the idea of SDN-based security applications attractive in the fight against DoS attacks. Network intrusion detection system (IDS) which is used to perform network traffic analysis as a detection system implemented on SDN networks to protect virtualization servers from HTTP DoS attacks. The experimental results show that SDN-based IDS is able to detect and mitigate HTTP DoS attacks effectively.

Hyperbox classifier is an efficient tool for modern pattern classification problems due to its transparency and rigorous use of Euclidian geometry. Fuzzy min-max (FMM) network efficiently implements the hyperbox classifier, and has been modified several times to yield better classification accuracy. However, the obtained accuracy is not up to the mark. Therefore, in this paper, a new improved FMM (IFMM) network is proposed to increase the accuracy rate. In the proposed IFMM network, a modified constraint is employed to check the expandability of a hyperbox. It also uses semiperimeter of the hyperbox along with k-nearest mechanism to select the expandable hyperbox. In the proposed IFMM, the contraction rules of conventional FMM and enhanced FMM (EFMM) are also modified using semiperimeter of a hyperbox in order to balance the size of both overlapped hyperboxes. Experimental results show that the proposed IFMM network outperforms the FMM, k-nearest FMM, and EFMM by yielding more accuracy rate with less number of hyperboxes. The proposed methods are also applied to histopathological images to know the best magnification factor for classification.

We observe that operations performed by standard compilers harm fuzzing because the optimizations and the Intermediate Representation (IR) lead to transformations that improve execution speed at the expense of fuzzing. To remedy this problem, we propose `controlled compilation', a set of techniques to automatically re-factor a program's source code and cherry pick beneficial compiler optimizations to improve fuzzing. We design, implement and evaluate controlled compilation by building a new toolchain with Clang/LLVM. We perform an evaluation on 10 open source projects and compare the results of AFL to state-of-the-art grey-box fuzzers and concolic fuzzers. We show that when programs are compiled with this new toolchain, AFL covers 30 % new code on average and finds 21 additional bugs in real world programs. Our study reveals that controlled compilation often covers more code and finds more bugs than state-of-the-art fuzzing techniques, without the need to write a fuzzer from scratch or resort to advanced techniques. We identify two main reasons to explain why. First, it has proven difficult for researchers to appropriately configure existing fuzzers such as AFL. To address this problem, we provide guidelines and new LLVM passes to help automate AFL's configuration. This will enable researchers to perform a fairer comparison with AFL. Second, we find that current coverage-based evaluation measures (e.g. the total number of visited lines, edges or BBs) are inadequate because they lose valuable information such as which parts of a program a fuzzer actually visits and how consistently it does so. Coverage is considered a useful metric to evaluate a fuzzer's performance and devise a fuzzing strategy. However, the lack of a standard methodology for evaluating coverage remains a problem. To address this, we propose a rigorous evaluation methodology based on `qualitative coverage'. Qualitative coverage uniquely identifies each program line to help understand which lines are commonly visited by different fuzzers vs. which lines are visited only by a particular fuzzer. Throughout our study, we show the benefits of this new evaluation methodology. For example we provide valuable insights into the consistency of fuzzers, i.e. their ability to cover the same code or find the same bug across multiple independent runs. Overall, our evaluation methodology based on qualitative coverage helps to understand if a fuzzer performs better, worse, or is complementary to another fuzzer. This helps security practitioners adjust their fuzzing strategies.

Individualization of anonymous identities using artificial intelligence - enables innovative human-computer interaction through the personalization of communication which is, at the same time, individual and anonymous. This paper presents possible approach for individualization of anonymous identities in real time. It uses computer vision and artificial intelligence to automatically detect and recognize person's age group, gender, human body measures, proportions and other specific personal characteristics. Collected data constitutes the so-called person's biometric footprint and are linked to a unique (but still anonymous) identity that is recorded in the computer system, along with other information that make up the profile of the person. Identity anonymization can be achieved by appropriate asymmetric encryption of the biometric footprint (with no additional personal information being stored) and integrity can be ensured using blockchain technology. Data collected in this manner is GDPR compliant.

This paper describes a system that comprises of control, safety and security subsystem for industries and homes. The entire system is based on the Bolt IoT platform. Using this system, the user can control the devices such as LEDs, speed of the fan or DC motor, monitor the temperature of the premises with an alert sub-system for critical temperatures through SMS and call, monitor the presence of anyone inside the premises with an alert sub-system about any intrusion through SMS and call. If the system is used specifically in any industry then instead of monitoring the temperature any other physical quantity, which is critical for that industry, can be monitored using suitable sensors. In addition, the cloud connectivity is provided to the system using the Bolt IoT module and temperature data is sent to the cloud where using machine-learning algorithm the future temperature is predicted to avoid any accidents in the future.

Wireless network is an alternative communication to cable, where radio wave is used as transmission media instead of copper medium. However, wireless network more vulnerable to risk in security compared to cable network. Wireless network mostly used by Internet of Things node as communication media between nodes. Hence, these nodes exposed to risk of flooding attack from third party person. Hence, a system which capability to detect flooding attack at IoT node is required. Many researches have been done before, but most of the research only focus to IPv4 and signature-based detection. IPv6-based attacks undetectable by the current research, due to different datagram structure. This paper proposed a conceptual detection method with reinforcement learning algorithm to detect IPv6-based attack targeting IoT nodes. This reward will decide whether the detection system is good or not. The assessment calculation equation is used to turn reward-based score into detection accuracy.

Windows is one of the popular operating systems in use today, while Universal Serial Bus (USB) is one of the mechanisms used by many people with practical plug and play functions. USB has long been used as a vector of attacks on computers. One method of attack is Keylogger. The Keylogger can take advantage of existing vulnerabilities in the Windows 10 operating system attacks carried out in the form of recording computer keystroke activity without the victim knowing. In this research, an attack will be carried out by running a Powershell Script using BadUSB to be able to activate the Keylogger program. The script is embedded in the Arduino Pro Micro device. The results obtained in the Keyboard Injection Attack research using Arduino Pro Micro were successfully carried out with an average time needed to run the keylogger is 7.474 seconds with a computer connected to the internet. The results of the keylogger will be sent to the attacker via email.

Along with the development of the Windows operating system, browser applications to surf the internet are also growing rapidly. The most widely used browsers today are Google Chrome and Mozilla Firefox. Both browsers have a username and password management feature that makes users login to a website easily, but saving usernames and passwords in the browser is quite dangerous because the stored data can be hacked using brute force attacks or read through a program. One way to get a username and password in the browser is to use a program that can read Google Chrome and Mozilla Firefox login data from the computer's internal storage and then show those data. In this study, an attack will be carried out by implementing Rubber Ducky using BadUSB to run the ChromePass and PasswordFox program and the PowerShell script using the Arduino Pro Micro Leonardo device as a USB Password Stealer. The results obtained from this study are the username and password on Google Chrome and Mozilla Firefox successfully obtained when the USB is connected to the target device, the average time of the attack is 14 seconds then sending it to the author's email.

Recently, as the threat of Distributed Denial-of-Service attacks exploiting IoT devices has spread, source-side Denial-of-Service attack detection methods are being studied in order to quickly detect attacks and find their locations. Moreover, to mitigate the limitation of local view of source-side detection, a collaborative attack detection technique is required to share detection results on each source-side network. In this paper, a new collaborative source-side DDoS attack detection method is proposed for detecting DDoS attacks on multiple networks more correctly, by considering the detecting performance on different time zone. The results of individual attack detection on each network are weighted based on detection rate and false positive rate corresponding to the time zone of each network. By gathering the weighted detection results, the proposed method determines whether a DDoS attack happens. Through extensive evaluation with real network traffic data, it is confirmed that the proposed method reduces false positive rate by 35% while maintaining high detection rate.

The Industrial Control System (ICS) and Supervisory Control and Data Acquisition (SCADA) systems are the backbones for monitoring and supervising factories, power grids, water distribution systems, nuclear plants, and other critical infrastructures. These systems are installed by third party contractors, maintained by site engineers, and operate for a long time. This makes tracing the documentation of the systems' changes and updates challenging since some of their components' information (type, manufacturer, model, etc.) may not be up-to-date, leading to possibly unaccounted security vulnerabilities in the systems. Device recognition is useful first step in vulnerability identification and defense augmentation, but due to the lack of full traceability in case of legacy ICS/SCADA systems, the typical device recognition based on document inspection is not applicable. In this paper, we propose a hybrid approach involving the mix of communication-patterns and passive-fingerprinting to identify the unknown devices' types, manufacturers, and models. The algorithm uses the ICS/SCADA devices's communication-patterns to recognize the control hierarchy levels of the devices. In conjunction, certain distinguishable features in the communication-packets are used to recognize the device manufacturer, and model. We have implemented this hybrid approach in Python, and tested on traffic data from a water treatment SCADA testbed in Singapore (iTrust).

SCADA/ICS (Supervisory Control and Data Acqui-sition/Industrial Control Systems) networks are becoming targets of advanced multi-faceted attacks, and use of attack-graphs has been proposed to model complex attacks scenarios that exploit interdependence among existing atomic vulnerabilities to stitch together the attack-paths that might compromise a system-level security property. While such analysis of attack scenarios enables security administrators to establish appropriate security measurements to secure the system, practical considerations on time and cost limit their ability to address all system vulnerabilities at once. In this paper, we propose an approach that identifies label-cuts to automatically identify a set of critical-attacks that, when blocked, guarantee system security. We utilize the Strongly-Connected-Components (SCCs) of the given attack graph to generate an abstracted version of the attack-graph, a tree over the SCCs, and next use an iterative backward search over this tree to identify set of backward reachable SCCs, along with their outgoing edges and their labels, to identify a cut with a minimum number of labels that forms a critical-attacks set. We also report the implementation and validation of the proposed algorithm to a real-world case study, a SCADA network for a water treatment cyber-physical system.

Bitcoin is a decentralized digital currency whose transactions are recorded in a common ledger, so called blockchain. Due to the anonymity and lack of law enforcement, Bitcoin has been misused in darknet markets which deal with illegal products, such as drugs and weapons. Therefore from the security forensics aspect, it is demanded to establish an approach to identify newly emerged darknet markets' transactions and addresses. In this paper, we thoroughly analyze Bitcoin transactions and addresses related to darknet markets and propose a novel identification method of darknet markets' addresses. To improve the identification performance, we propose a voting based method which decides the labels of multiple addresses controlled by the same user based on the number of the majority label. Through the computer simulation with more than 200K Bitcoin addresses, it was shown that our voting based method outperforms the nonvoting based one in terms of precision, recal, and F1 score. We also found that DNM's addresses pay higher fees than others, which significantly improves the classification.

Companies develop their software in versions and iterations. Ensuring the security of each additional version using code review is costly and time consuming. This paper investigates automated tracing of the impacts of code changes on the security of a given software. To this end, we use call graphs to model the software code, and security assurance cases to model the security requirements of the software. Then we relate assurance case elements to code through the entry point methods of the software, creating a map of monitored security functions. This mapping allows to evaluate the security requirements that are affected by code changes. The approach is implemented in a set of tools and evaluated using three open-source ERP/E-commerce software applications. The limited evaluation showed that the approach is effective in identifying the impacts of code changes on the security of the software. The approach promises to considerably reduce the security assessment time of the subsequent releases and iterations of software, keeping the initial security state throughout the software lifetime.

Air-gap attacks and mimic defense are two emerging techniques in the field of network attack and defense, respectively. However, direct confrontation between them has not yet appeared in the real world. Who will be the winner, if air-gap attacks encounter mimic defense? To this end, a preliminary analysis is conducted for exploring the possible the strategy space of game according to the core principles of air-gap attacks and mimic defense. On this basis, an architecture model is proposed, which combines some detectors for air-gap attacks and mimic defense devices. First, a Dynamic Heterogeneous Redundancy (DHR) structure is employed to be on guard against malicious software of air-gap attacks. Second, some detectors for air-gap attacks are used to detect some signal sent by air-gap attackers' transmitter. Third, the proposed architecture model is obtained by organizing the DHR structure and the detectors for air-gap attacks with some logical relationship. The simulated experimental results preliminarily confirm the power of the new model.

Due to the potential security problem about key management and distribution for the symmetric image encryption schemes, a novel asymmetric image encryption method is proposed in this paper, which is based on the elliptic curve ElGamal (EC-ElGamal) cryptography and chaotic theory. Specifically, the SHA-512 hash is first adopted to generate the initial values of a chaotic system, and a crossover permutation in terms of chaotic index sequence is used to scramble the plain-image. Furthermore, the generated scrambled image is embedded into the elliptic curve for the encrypted by EC-ElGamal which can not only improve the security but also can help solve the key management problems. Finally, the diffusion combined chaos game with DNA sequence is executed to get the cipher image. The experimental analysis and performance comparisons demonstrate that the proposed method has high security, good efficiency, and strong robustness against the chosen-plaintext attack which make it have potential applications for the image secure communications.

The purpose of this paper is to improve the safety of chaotic image encryption algorithm. Firstly, to achieve this goal, it put forward two improved chaotic system logistic and henon, which covered an promoted henon chaotic system with better probability density, and an 2-dimension logistic chaotic system with high Lyapunov exponents. Secondly, the chaotic key stream was generated by the new 2D logistic chaotic system and optimized henon mapping, which mixed in dynamic proportions. The conducted sequence has better randomness and higher safety for image cryptosystem. Thirdly, we proposed algorithm takes advantage of the compounded chaotic system Simulation experiment results and security analysis showed that the proposed scheme was more effective and secure. It can resist various typical attacks, has high security, satisfies the requirements of image encryption theoretical.

In this paper, we propose the first traffic monitoring and labeling system for iOS devices, named iMonitor, which not just captures mobile network traffic in .pcap files, but also provides comprehensive APP-related and user-related information of captured packets. Through further analysis, one can obtain the exact APP or device where each packet comes from. The labeled traffic can be used in many research areas for mobile security, such as privacy leakage detection and user profiling. Given the implementation methodology of NetworkExtension framework of iOS 9+, APP labels of iMonitor are reliable enough so that labeled traffic can be regarded as training data for any traffic classification methods. Evaluations on real iPhones demonstrate that iMonitor has no notable impact upon user experience even with slight packet latency. Also, the experiment result supports our motivation that mobile traffic monitoring for iOS is absolutely necessary, as traffic generated by different OSes like Android and iOS are different and unreplaceable in researches.

Experience in designing general-purpose systems that enforce security goals shows that achieving universality, security, and performance remains a very difficult challenge. As a result, two directions emerged in designing, one of which focused on universality and performance with limited security mechanisms, and another - on robust security with reasonable performance for limited sets of applications. In the first case, popular but unsecure systems were created, and various efforts were subsequently made to upgrade the protected infrastructure for such systems. In the work, the latter approach is considered. It is obvious that the inclusion of built-in security mechanisms leads to a decrease in system performance. The paper considers a reference monitor and the assessment of its impact on system performance. For this purpose, the functional structure of reference monitor is built and the analytical model of impact evaluation on system performance is proposed.

In today's world web applications have become an instant means for information broadcasting. At present, man has become so dependent on web applications that everything done through electronic means like e-banking, e-shopping, online payment of bills etc. Due to an unauthorized admittance might threat customer's or user's confidentiality, integrity and authority. SQL injection considered as most Spartan dangerous coercions to the databases of web applications. current scenario databases are highly susceptible to SQL Injection[4] . SQL Injection is one of the most popular and dangerous hacking or cracking technique . In this work authors projected a novel approach to mitigate SQL Injection Attacks in a database. We have illustrated a technique or method prevent SQLIA by incorporating a hybrid encryption in form of Advanced Encryption Standard (AES) and Elliptical Curve Cryptography (ECC) [5]. In this research paper integrated approach of encryption method is followed to prevent the databases of the web applications against SQL Injection Attack. Incidentally if an invader gains access to the database, then it can cause severe damage and ends up with retrieves data or information. So to prevent these type of attacks a combined approach is projected , Advanced Encryption Standard (AES) at login phase to prevent the unauthorized access to databases and on the other hand Elliptical Curve Cryptography (ECC) to encode the database so that without the key no one can access the database information [3]. This research paper illustrates the technique to prevent SQL Injection Attack.

The use of information systems is a solutions to support the operations of the institution. In order to access information systems in accordance with their access rights, usually the user will enter a username and password as the authentication process. However, this has a weakness if the other side is cheating by sniffing or tapping user passwords. This makes the password unsafe to use for access information systems. If the username and password if it is stolen, abuse will occur for the crime or theft of the owner's identity accounts like name, email, telephone number, biological mother's name, account number and others. One solution is to apply two factor authentication method which is Time-Based One Time Password (TOTP) and Secure Algorithm Hash Algorithm 1 (SHA1). With this method, the system Authentication of a website or site does not only depend on the username and password to enter the account user but the user will get a token or code which is used to log in to the user's account. After testing hundred times, the authentication process who use Two Factor Authentication can tackle possible attacks on abuse o user access rights. Time Based Application One Time Password and Secure Hash Algorithm 1 Generate code that can't be the same because of the code it can only be used once with a time limit certain so it is difficult to guess. SHA1 with long input different strings will produce output with a fixed length string of 160 bits. Test results are obtained the results that 30 seconds is enough to prevent hackers log in and take over the account without permission and also prove that two-factor authentication can increase the security of the authentication process well. The time above is the result of testing the process user authentication until the hacker sniffing against tokens to try to take over the account.

In this paper, the application of the enhanced secure hash algorithm-512 is implemented on web applications specifically in password hashing. In addition to the enhancement of hash function, hill cipher is included for the salt generation to increase the complexity of generating hash tables that may be used as an attack on the algorithm. The testing of same passwords saved on the database is used to create hash collisions that will result to salt generation to produce a new hash message. The matrix encryption key provides five matrices to be selected upon based on the length of concatenated username, password, and concatenated characters from the username. In this process, same password will result to a different hash message that will to make it more secured from future attacks.