Biblio

Smartphones have evolved over the years from simple devices to communicate with each other to fully functional portable computers although with comparatively less computational power but inholding multiple applications within. With the smartphone revolution, the value of personal data has increased. As technological complexities increase, so do the vulnerabilities in the system. Smartphones are the latest target for attacks. Android being an open source platform and also the most widely used smartphone OS draws the attention of many malware writers to exploit the vulnerabilities of it. Attackers try to take advantage of these vulnerabilities and fool the user and misuse their data. Malwares have come a long way from simple worms to sophisticated DDOS using Botnets, the latest trends in computer malware tend to go in the distributed direction, to evade the multiple anti-virus apps developed to counter generic viruses and Trojans. However, the recent trend in android system is to have a combination of applications which acts as malware. The applications are benign individually but when grouped, these may result into a malicious activity. This paper proposes a new category of distributed malware in android system, how it can be used to evade the current security, and how it can be detected with the help of graph matching algorithm.

To identify potential risks to the system security presented by time series it is offered to use wavelet analysis, the indicator of time-and-frequency distribution, the correlation analysis of wavelet-spectra for receiving rather complete range of data about the process studied. The indicator of time-and-frequency localization of time series was proposed allowing to estimate the speed of non-stationary changing. The complex approach is proposed to use the wavelet analysis, the time-and-frequency distribution of time series and the wavelet spectra correlation analysis; this approach contributes to obtaining complete information on the studied phenomenon both in numerical terms, and in the form of visualization for identifying and predicting potential system security threats.

An important source of cyber-attacks is malware, which proliferates in different forms such as botnets. The botnet malware typically looks for vulnerable devices across the Internet, rather than targeting specific individuals, companies or industries. It attempts to infect as many connected devices as possible, using their resources for automated tasks that may cause significant economic and social harm while being hidden to the user and device. Thus, it becomes very difficult to detect such activity. A considerable amount of research has been conducted to detect and prevent botnet infestation. In this paper, we attempt to create a foundation for an anomaly-based intrusion detection system using a statistical learning method to improve network security and reduce human involvement in botnet detection. We focus on identifying the best features to detect botnet activity within network traffic using a lightweight logistic regression model. The network traffic is processed by Bro, a popular network monitoring framework which provides aggregate statistics about the packets exchanged between a source and destination over a certain time interval. These statistics serve as features to a logistic regression model responsible for classifying malicious and benign traffic. Our model is easy to implement and simple to interpret. We characterized and modeled 8 different botnet families separately and as a mixed dataset. Finally, we measured the performance of our model on multiple parameters using F1 score, accuracy and Area Under Curve (AUC).

Peer-to-Peer botnets have become one of the significant threat against network security due to their distributed properties. The decentralized nature makes their detection challenging. It is important to take measures to detect bots as soon as possible to minimize their harm. In this paper, we propose PeerGrep, a novel system capable of identifying P2P bots. PeerGrep starts from identifying hosts that are likely engaged in P2P communications, and then distinguishes P2P bots from P2P hosts by analyzing their active ratio, packet size and the periodicity of connection to destination IP addresses. The evaluation shows that PeerGrep can identify all P2P bots with quite low FPR even if the malicious P2P application and benign P2P application coexist within the same host or there is only one bot in the monitored network.

This research aims to identify some vulnerabilities of advanced persistent threat (APT) attacks using multiple simulated attacks in a virtualized environment. Our experimental study shows that while updating the antivirus software and the operating system with the latest patches may help in mitigating APTs, APT threat vectors could still infiltrate the strongest defenses. Accordingly, we highlight some critical areas of security concern that need to be addressed.

This computer era leads human to interact with computers and networks but there is no such solution to get rid of security problems. Securities threats misleads internet, we are sometimes losing our hope and reliability with many server based access. Even though many more crypto algorithms are coming for integrity and authentic data in computer access still there is a non reliable threat penetrates inconsistent vulnerabilities in networks. These vulnerable sites are taking control over the user's computer and doing harmful actions without user's privileges. Though Firewalls and protocols may support our browsers via setting certain rules, still our system couldn't support for data reliability and confidentiality. Since these problems are based on network access, lets we consider TCP/IP parameters as a dataset for analysis. By doing preprocess of TCP/IP packets we can build sovereign model on data set and clump cluster. Further the data set gets classified into regular traffic pattern and anonymous pattern using KNN classification algorithm. Based on obtained pattern for normal and threats data sets, security devices and system will set rules and guidelines to learn by it to take needed stroke. This paper analysis the computer to learn security actions from the given data sets which already exist in the previous happens.

This paper presents an image technique Discrete Wavelet Transform and Singular Value Decomposition for image steganography. We are using a text file and convert into an image as watermark and embed watermarks into the cover image. We evaluate performance and compare this method with other methods like Least Significant Bit, Discrete Cosine Transform, and Discrete Wavelet Transform using Peak Signal Noise Ratio and Mean Squared Error. The result of this experiment showed that combine of Discrete Wavelet Transform and Singular Value Decomposition performance is better than the Least Significant Bit, Discrete Cosine Transform, and Discrete Wavelet Transform. The result of Peak Signal Noise Ratio obtained from Discrete Wavelet Transform and Singular Value Decomposition method is 57.0519 and 56.9520 while the result of Mean Squared Error is 0.1282 and 0.1311. Future work for this research is to add the encryption method on the data to be entered so that if there is an attack then the encryption method can secure the data becomes more secure.

Since Gatys et al. proved that the convolution neural network (CNN) can be used to generate new images with artistic styles by separating and recombining the styles and contents of images. Neural Style Transfer has attracted wide attention of computer vision researchers. This paper aims to provide an overview of the style transfer application deep learning network development process, and introduces the classical style migration model, on the basis of the research on the migration of style of the deep learning network for collecting and organizing, and put forward related to gathered during the investigation of the problem solution, finally some classical model in the image style to display and compare the results of migration.

In 2017, Gelernter et al. identified the ``password-reset man-in-the-middle'' attack, which can take over a user's account during two-factor authentication. In this attack, a password reset request is sent via an SMS message instead of an expected authentication request, and the user enters a reset code at the malicious man-in-the-middle website without recognizing that the code resets the password. Following this publication, most vulnerable websites attempted to remove the vulnerability. However, it is still not clear whether these attempts were sufficient to prevent careless users from being attacked. In this paper, we describe the results of an investigation involving domestic major websites that were vulnerable to this type of attack. To clarify the causes of vulnerability, we conducted experiments with 180 subjects. The SMS-message parameters were ``with/without warning'', ``numeric/alphanumeric code'', and ``one/two messages'', and subjects were tested to see if they input the reset code into the fake website. According to the result of the experiment, we found that the PRMitM risk odds were increased 4.6, 1.86, and 11.59 times higher in a no-warning case, a numeric-only reset code, and a behavior that change passwords very frequently, respectively.

With recent advances in robotics, it is expected that robots will become increasingly common in human environments, such as in the home and workplaces. Robots will assist and collaborate with humans on a variety of tasks. During these collaborations, it is inevitable that disagreements in decisions would occur between humans and robots. Among factors that lead to which decision a human should ultimately follow, theirs or the robot, trust is a critical factor to consider. This study aims to investigate individuals' behaviors and aspects of trust in a problem-solving situation in which a decision must be made in a bounded amount of time. A between-subject experiment was conducted with 100 participants. With the assistance of a humanoid robot, participants were requested to tackle a cognitive-based task within a given time frame. Each participant was randomly assigned to one of the following initial conditions: 1) a working robot in which the robot provided a correct answer or 2) a faulty robot in which the robot provided an incorrect answer. Impacts of the faulty robot behavior on participant's decision to follow the robot's suggested answer were analyzed. Survey responses about trust were collected after interacting with the robot. Results indicated that the first impression has a significant impact on participant's behavior of trusting a robot's advice during a disagreement. In addition, this study discovered evidence supporting that individuals still have trust in a malfunctioning robot even after they have observed a robot's faulty behavior.

We report on our implementation of a new Gaussian sampling algorithm for lattice trapdoors. Lattice trapdoors are used in a wide array of lattice-based cryptographic schemes including digital signatures, attributed-based encryption, program obfuscation and others. Our implementation provides Gaussian sampling for trapdoor lattices with prime moduli, and supports both single- and multi-threaded execution. We experimentally evaluate our implementation through its use in the GPV hash-and-sign digital signature scheme as a benchmark. We compare our design and implementation with prior work reported in the literature. The evaluation shows that our implementation 1) has smaller space requirements and faster runtime, 2) does not require multi-precision floating-point arithmetic, and 3) can be used for a broader range of cryptographic primitives than previous implementations.

This paper presents a possible implementation of progressive authentication using the Android pattern lock. Our key idea is to use one pattern for two access levels to the device; an abridged pattern is used to access generic applications and a second, extended and higher-complexity pattern is used less frequently to access more sensitive applications. We conducted a user study of 89 participants and a consecutive user survey on those participants to investigate the usability of such a pattern scheme. Data from our prototype showed that for unlocking lowsecurity applications the median unlock times for users of the multiple pattern scheme and conventional pattern scheme were 2824 ms and 5589 ms respectively, and the distributions in the two groups differed significantly (Mann-Whitney U test, p-value less than 0.05, two-tailed). From our user survey, we did not find statistically significant differences between the two groups for their qualitative responses regarding usability and security (t-test, p-value greater than 0.05, two-tailed), but the groups did not differ by more than one satisfaction rating at 90% confidence.

As the worldwide internet has non-stop developments, it comes with enormous amount automatically generated malware. Those malware had become huge threaten to computer users. A comprehensive malware family classifier can help security researchers to quickly identify characteristics of malware which help malware analysts to investigate in more efficient way. However, despite the assistance of the artificial intelligent (AI) classifiers, it has been shown that the AI-based classifiers are vulnerable to so-called adversarial attacks. In this paper, we demonstrate how the adversarial settings can be applied to the classifier of malware families classification. Our experimental results achieved high successful rate through the adversarial attack. We also find the important features which are ignored by malware analysts but useful in the future analysis.

Ubiquitous Healthcare System (U-Healthcare) is a well-known application of wireless sensor networking (WSN). In this system, the sensors take less power for operating the function. As the data transfers between sensor and other stations is sensitive so there needs to provide a security scheme. Due to the low life of sensor nodes in Wireless Sensor Networks (WSN), asymmetric key based security (AKS) architecture is always considered as unsuitable for these types of networks. Several papers have been published in recent past years regarding how to incorporate AKS in WSN, Haque et al's Asymmetric key based Architecture (AKA) is one of them. But later it is found that this system has authentication problem and therefore prone to man-in-the-middle (MITM) attack, furthermore it is not a truly asymmetric based scheme. We address these issues in this paper and proposed a complete asymmetric approach using PEKS-PM (proposed by Pham in [8]) to remove impersonation attack. We also found some other vulnerabilities in the original AKA system and proposed solutions, therefore making it a better and enhanced asymmetric key based architecture.

This paper presents some verifications and improved considerations of NAND PUF, which was introduced recently [1]. For embedded system such as IC cards, the secret data in memory is vulnerable, so it has to be encrypted and secured. PUF circuit is sensitive to environmental condition, especially in the temperature range influences and variations of current and voltages. This proposed bank IC card would be operated in AB class standard, i.e. voltage would be constant except for power mode changing. Nevertheless, operational temperatures may vary such as the situation of outdoor ATM. Thus, this paper presented some results of our PUF work in Cadence, also on FPGA board. Around 5ns is spent for stabilization of our PUF output that is under variance temperature when power mode changes. Inter Hamming distances is 48.9%, very near to uniqueness and robustness value, that our PUF is feasible to use in bankcard. The maximum error rates are HDintra(0$^\circ$C) = 3.9961 and HDintra(80$^\circ$C) = 3.9916 where at antipoles, while the minimum error rate is HDintra(20$^\circ$C) = 2.9 at room temperature. For improvement, Repetition, LDPC and SEC-DED codes are considered that would eliminate error rates.

Recent work, including ZKBoo, ZKB++, and Ligero, has developed efficient non-interactive zero-knowledge proofs of knowledge (NIZKPoKs) for Boolean circuits based on symmetric-key primitives alone, using the "MPC-in-the-head" paradigm of Ishai et al. We show how to instantiate this paradigm with MPC protocols in the preprocessing model; once optimized, this results in an NIZKPoK with shorter proofs (and comparable computation) as in prior work for circuits containing roughly 300–100,000 AND\textasciitildegates. In contrast to prior work, our NIZKPoK also supports witness-independent preprocessing, which allows the prover to shift most of its work to an offline phase before the witness is known. We use our NIZKPoK to construct a signature scheme based only on symmetric-key primitives (and hence with "post-quantum" security). The resulting scheme has shorter signatures than the scheme built using ZKB++ (and comparable signing/verification time), and is even competitive with hash-based signature schemes. To further highlight the flexibility and power of our NIZKPoK, we also use it to build efficient ring and group signatures based on symmetric-key primitives alone. To our knowledge, the resulting schemes are the most efficient constructions of these primitives that offer post-quantum security.

In this paper, we present an improved approach to transfer style for videos based on semantic segmentation. We segment foreground objects and background, and then apply different styles respectively. A fully convolutional neural network is used to perform semantic segmentation. We increase the reliability of the segmentation, and use the information of segmentation and the relationship between foreground objects and background to improve segmentation iteratively. We also use segmentation to improve optical flow, and apply different motion estimation methods between foreground objects and background. This improves the motion boundaries of optical flow, and solves the problems of incorrect and discontinuous segmentation caused by occlusion and shape deformation.

The growing interest in the smart device/home/city has resulted in increasing popularity of Internet of Things (IoT) deployment. However, due to the open and heterogeneous nature of IoT networks, there are various challenges to deploy an IoT network, among which security and scalability are the top two to be addressed. To improve the security and scalability for IoT networks, we propose a Software-Defined Virtual Private Network (SD-VPN) solution, in which each IoT application is allocated with its own overlay VPN. The VPN tunnels used in this paper are VxLAN based tunnels and we propose to use the SDN controller to push the flow table of each VPN to the related OpenvSwitch via the OpenFlow protocol. The SD-VPN solution can improve the security of an IoT network by separating the VPN traffic and utilizing service chaining. Meanwhile, it also improves the scalability by its overlay VPN nature and the VxLAN technology.

Industry 4.0 is based on the CPS architecture since it is the next generation in the industry. The CPS architecture is a system based on Cloud Computing technology and Internet of Things where computer elements collaborate for the control of physical entities. The security framework in this architecture is necessary for the protection of two parts (physical and information) so basically, security in CPS is classified into two main parts: information security (data) and security of control. In this work, we propose two models to solve the two problems detected in the security framework. The first proposal SCCAF (Smart Cloud Computing Adoption Framework) treats the nature of information that serves for the detection and the blocking of the threats our basic architecture CPS. The second model is a modeled detector related to the physical nature for detecting node information.

In order to solve the problem of vulnerable password guessing attacks caused by dictionary attacks, replay attacks in the authentication process, and man-in-the-middle attacks in the existing wireless local area network in terms of security authentication, we make some improvements to the 802.1X / EAP authentication protocol based on the study of the current IEEE802.11i security protocol with high security. After introducing the idea of Kerberos protocol authentication and applying the idea in the authentication process of 802.1X / EAP, a new protocol of Kerberos extensible authentication protocol (KEAP) is proposed. Firstly, the protocol introduces an asymmetric key encryption method, uses public key encryption during data transmission, and the receiver uses the corresponding private key for decryption. With unidirectional characteristics and high security, the encryption can avoid password guessing attacks caused by dictionary attacks as much as possible. Secondly, aiming at the problem that the request message sent from the client to the authentication server is vulnerable to replay attacks, the protocol uses a combination of the message sequence number and the random number, and the message serial number is added to the request message sent from the client to the authentication server. And establish a list database for storing message serial number and random number in the authentication server. After receiving a transfer message, the serial number and the random number are extracted and compared with the values in the list database to distinguish whether it is a retransmission message. Finally, the protocol introduces a keychain mechanism and uses an irreversible Hash function to encrypt the final authentication result, thereby effectively solving the man-in-the-middle attack by the pretender. The experiment uses the OPNET 14.5 simulation platform to model the KEAP protocol and simulate simulation attacks, and compares it with the current more common EAP-TLS authentication protocol. Experimental results show that the average traffic of the KEAP protocol is at least 14.74% higher than the EAP-TLS authentication protocol, and the average bit error rate is reduced by at least 24.00%.

In Android malware detection, recent work has shown that using contextual information of sensitive API invocation in the modeling of applications is able to improve the classification accuracy. However, the improvement brought by this context-awareness varies depending on how this information is used in the modeling. In this paper, we perform a comprehensive study on the effectiveness of using the contextual information in prior state-of-the-art detection systems. We find that this information has been "over-used" such that a large amount of non-essential metadata built into the models weakens the generalizability and longevity of the model, thus finally affects the detection accuracy. On the other hand, we find that the entrypoint of API invocation has the strongest impact on the classification correctness, which can further improve the accuracy if being properly captured. Based on this finding, we design and implement a lightweight, circumstance-aware detection system, named "PIKADROID" that only uses the API invocation and its entrypoint in the modeling. For extracting the meaningful entrypoints, PIKADROID applies a set of static analysis techniques to extract and sanitize the reachable entrypoints of a sensitive API, then constructs a frequency model for classification decision. In the evaluation, we show that this slim model significantly improves the detection accuracy on a data set of 23,631 applications by achieving an f-score of 97.41%, while maintaining a false positive rating of 0.96%.

Internet of things has become a subject of interest across a different industry domain. It includes 6LoWPAN (Low-Power Wireless Personal Area Network) which is used for a variety of application including home automation, sensor networks, manufacturing and industry application etc. However, gathering such a huge amount of data from such a different domain causes a problem of traffic congestion, high reliability, high energy efficiency etc. In order to address such problems, content based routing (CBR) technique is proposed, where routing paths are decided according to the type of content. By routing the correlated data to hop nodes for processing, a higher data aggregation ratio can be obtained, which in turns reducing the traffic congestion and minimizes the energy consumption. CBR is implemented on top of existing RPL (Routing Protocol for Low Power and Lossy network) and implemented in contiki operating system using cooja simulator. The analysis are carried out on the basis average power consumption, packet delivery ratio etc.

We survey elliptic curve implementations from several vantage points. We perform internet-wide scans for TLS on a large number of ports, as well as SSH and IPsec to measure elliptic curve support and implementation behaviors, and collect passive measurements of client curve support for TLS. We also perform active measurements to estimate server vulnerability to known attacks against elliptic curve implementations, including support for weak curves, invalid curve attacks, and curve twist attacks. We estimate that 1.53% of HTTPS hosts, 0.04% of SSH hosts, and 4.04% of IKEv2 hosts that support elliptic curves do not perform curve validity checks as specified in elliptic curve standards. We describe how such vulnerabilities could be used to construct an elliptic curve parameter downgrade attack called CurveSwap for TLS, and observe that there do not appear to be combinations of weak behaviors we examined enabling a feasible CurveSwap attack in the wild. We also analyze source code for elliptic curve implementations, and find that a number of libraries fail to perform point validation for JSON Web Encryption, and find a flaw in the Java and NSS multiplication algorithms.

Converged Multi-Level Secure systems allow users to interact with and freely move between applications and data of varying sensitivity on a single user interface. They promise unprecedented usability and security, especially in security-critical environments like Defence. Yet these promises rely on hard assumptions about secure user behaviour. We present initial work to test the validity of these assumptions in the absence of deception by an adversary. We conducted a user study with 21 participants on the Cross Domain Desktop Compositor. Chief amongst our findings is that the vast majority of participants (19 of 21) behave securely, even when doing so requires more effort than to behave insecurely. Our findings suggest that there is large scope for further research on converged Multi-Level Secure systems, and highlight the value of user studies to complement formal security analyses of critical systems.