Biblio

Service Function Chaining (SFC) provides a special capability that defines an ordered list of network services as a virtual chain and makes a network more flexible and manageable. However, SFC is vulnerable to various attacks caused by compromised switches, especially the middlebox-bypass attack. In this paper, we propose a system that can detect not only middlebox-bypass attacks but also other incorrect forwarding actions by compromised switches. The existing solutions to protect SFC against compromised switches and middlebox-bypass attacks can only solve individual problems. The proposed system uses both probe-based and statistics-based methods to check the probe packets with random pre-assigned keys and collect statistics from middleboxes for detecting any abnormal actions in SFC. It is shown that the proposed system takes only 0.08 ms for the packet processing while it prevents SFC from the middlebox-bypass attacks and compromised switches, which is the negligible delay.

With the rapid growth in online services, hacking (alternatively attacking) on online database applications has become a grave concern now. Attacks on online database application are being frequently reported. Among these attacks, the SQL injection attack is at the top of the list. The hackers alter the SQL query sent by the user and inject malicious code therein. Hence, they access the database and manipulate the data. It is reported in the literature that the traditional SQL injection detection algorithms fail to prevent this type of attack. In this paper, we propose a machine learning based heuristic algorithm to prevent the SQL injection attack. We use a dataset of 616 SQL statements to train and test 23 different machine learning classifiers. Among these classifiers, we select the best five classifiers based on their detection accuracy and develop a Graphical User Interface (GUI) application based on these five classifiers. We test our proposed algorithm and the results show that our algorithm is able to detect the SQL injection attack with a high accuracy (93.8%).

The use of uninitialized variables is a common issue. It could cause kernel information leak, which defeats the widely deployed security defense, i.e., kernel address space layout randomization (KASLR). Though a recent system called Bochspwn Reloaded reported multiple memory leaks in Windows kernels, how to effectively detect this issue is still largely behind. In this paper, we propose a new technique, i.e., differential replay, that could effectively detect the use of uninitialized variables. Specifically, it records and replays a program's execution in multiple instances. One instance is with the vanilla memory, the other one changes (or poisons) values of variables allocated from the stack and the heap. Then it compares program states to find references to uninitialized variables. The idea is that if a variable is properly initialized, it will overwrite the poisoned value and program states in two running instances should be the same. After detecting the differences, our system leverages the symbolic taint analysis to further identify the location where the variable was allocated. This helps us to identify the root cause and facilitate the development of real exploits. We have implemented a prototype called TimePlayer. After applying it to both Windows 7 and Windows 10 kernels (x86/x64), it successfully identified 34 new issues and another 85 ones that had been patched (some of them were publicly unknown.) Among 34 new issues, 17 of them have been confirmed as zero-day vulnerabilities by Microsoft.

Botnets have been a major area of concern in the field of cybersecurity. There have been a lot of research works for detection of botnets. However, everyday cybercriminals are coming up with new ideas to counter the well-known detection methods. One such popular method is domain flux-based botnets in which a large number of domain names are produced using domain generation algorithm. In this paper, we have proposed a robust way of detecting DGA-based botnets using few novel features covering both syntactic and semantic viewpoints. We have used Area under ROC curve as our performance metric since it provides comprehensive information about the performance of binary classifiers at various thresholds. Results show that our approach performs significantly better than the baseline approach. Our proposed method can help in detecting established DGA bots (equipped with extensive features) as well as prospective advanced DGA bots imitating real-world domain names.

Due to the increased diversity and complexity of cyberattacks, innovative and effective analytics are needed in order to identify critical cyber incidents on a corporate network even if no ground truth data is available. This paper develops an automated system which processes a set of intrusion alerts to create behavior aggregates and then classifies these aggregates into empirical attack models through a dynamic Bayesian approach with innovative feature engineering methods. Each attack model represents a unique collective attack behavior that helps to identify critical activities on the network. Using 2017 National Collegiate Penetration Testing Competition data, it is demonstrated that the developed system is capable of generating and refining unique attack models that make sense to human, without a priori knowledge.

Recent advances in machine learning enable wider applications of prediction models in cyber-physical systems. Smart grids are increasingly using distributed sensor settings for distributed sensor fusion and information processing. Load forecasting systems use these sensors to predict future loads to incorporate into dynamic pricing of power and grid maintenance. However, these inference predictors are highly complex and thus vulnerable to adversarial attacks. Moreover, the adversarial attacks are synthetic norm-bounded modifications to a limited number of sensors that can greatly affect the accuracy of the overall predictor. It can be much cheaper and effective to incorporate elements of security and resilience at the earliest stages of design. In this paper, we demonstrate how to analyze the security and resilience of learning-based prediction models in power distribution networks by utilizing a domain-specific deep-learning and testing framework. This framework is developed using DeepForge and enables rapid design and analysis of attack scenarios against distributed smart meters in a power distribution network. It runs the attack simulations in the cloud backend. In addition to the predictor model, we have integrated an anomaly detector to detect adversarial attacks targeting the predictor. We formulate the stealthy adversarial attacks as an optimization problem to maximize prediction loss while minimizing the required perturbations. Under the worst-case setting, where the attacker has full knowledge of both the predictor and the detector, an iterative attack method has been developed to solve for the adversarial perturbation. We demonstrate the framework capabilities using a GridLAB-D based power distribution network model and show how stealthy adversarial attacks can affect smart grid prediction systems even with a partial control of network.

Devices that are connected to the Internet are very interesting to security researchers as are at high risk of being attacked, compromised or otherwise abused. To investigate the root causes of the risks it is necessary to understand what classes of devices are affected in different ways. These devices are heterogeneous, thus making it impractical to classify large sets by applying static rules. We propose improvements for manually labelling training sets using HTTP response features for future classification using a neural network.

A variety of architectures have been designed or repurposed for the task of facial forgery detection. While many of these designs have seen great success, they largely fail to address challenges these models may face in practice. A major challenge is posed by generality, wherein models must be prepared to perform in a variety of domains. In this paper, we investigate the ability of state-of-the-art facial forgery detection architectures to generalize. We first propose two criteria for generality: reliably detecting multiple spoofing techniques and reliably detecting unseen spoofing techniques. We then devise experiments which measure how a given architecture performs against these criteria. Our analysis focuses on two state-of-the-art facial forgery detection architectures, MesoNet and XceptionNet, both being convolutional neural networks (CNNs). Our experiments use samples from six state-of-the-art facial forgery techniques: Deepfakes, Face2Face, FaceSwap, GANnotation, ICface, and X2Face. We find MesoNet and XceptionNet show potential to generalize to multiple spoofing techniques but with a slight trade-off in accuracy, and largely fail against unseen techniques. We loosely extrapolate these results to similar CNN architectures and emphasize the need for better architectures to meet the challenges of generality.

System penetration testing is an important measure of discovering information system security issues. This paper summarizes and analyzes the high-risk problems found in the penetration testing of the artificial storm prediction system for power grid storm disasters from four aspects: application security, middleware security, host security and network security. In particular, in order to overcome the blindness of PGRDAIPS current SQL injection penetration test, this paper proposes a SQL blind bug based on improved second-order fragmentation reorganization. By modeling the SQL injection attack behavior and comparing the SQL injection vulnerability test in PGRDAIPS, this method can effectively reduce the blindness of SQL injection penetration test and improve its accuracy. With the prevalence of ubiquitous power internet of things, the electric power information system security defense work has to be taken seriously. This paper can not only guide the design, development and maintenance of disaster prediction information systems, but also provide security for the Energy Internet disaster safety and power meteorological service technology support.

Detecting DeepFake videos are one of the challenges in digital media forensics. This paper proposes a method to detect deepfake videos using Support Vector Machine (SVM) regression. The SVM classifier can be trained with feature points extracted using one of the different feature-point detectors such as HOG, ORB, BRISK, KAZE, SURF, and FAST algorithms. A comprehensive test of the proposed method is conducted using a dataset of original and fake videos from the literature. Different feature point detectors are tested. The result shows that the proposed method of using feature-detector-descriptors for training the SVM can be effectively used to detect false videos.

In last decades' web application security has become one of the most important case study of information security studies. Business processes are transferred to web platforms. So web application usage is increased very fast. Web-based attacks have also increased due to the increased use of web applications. In order to ensure the security of web applications, intrusion detection and prevention systems and web application firewalls are used against web based attacks. Blockchain technology, which has become popular in recent years, enables reliable and transparent sharing of data with all stakeholders. In this study, in order to detect web-based attacks, a blockchain based web attack detection model that uses the signature based detection method is proposed. The signature based detection refers to the detection of attacks by looking for specific patterns against known web based attack types, such as Structured Query Language (SQL) Injection, Cross Site Scripting (XSS), Command Injection. Three web servers were used for the experimental study. A blockchain node has been installed with the MultiChain application for each server. Attacks on web applications are detected using the signature list found in the web application as well as detected using the signature list updated on the blockchain. According to the experimental results, the attacks signature detected and defined by a web application are updated in the blockchain lists and used by all web applications.

The article focuses on Personal Data Cyber Security Systems. These systems are the critical components for Health Information Management Systems of Public Health enterprises. The purpose of this article is to inform and provide the reader with Personal Data Cyber Security Legislation and Regulation in Public Health Sector and enlighten him with the Information Systems that were designed and implemented for Personal Data Cyber Security in Public Health.

This paper gives a concept of wireless sensor network and describe the encoding algorithm and decoding algorithm along with the implementation of LDPC code and Rateless code. Compare the performances of those two code in WSN environment by making simulation in a Rayleigh channel in matlab and derive results and conclusions from the simulation.

Nowadays, the growing need to connect modern vehicles through computer networks leads to increased risks of cyberattacks. The internal network, which governs the several electronic components of a vehicle, is becoming increasingly overexposed to external attacks. The Controller Area Network (CAN) protocol, used to interconnect those devices is the key point of the internal network of modern vehicles. Therefore, securing such protocol is crucial to ensure a safe driving experience. However, the CAN is a standard that has undergone little changes since it was introduced in 1983. More precisely, in an attempt to reduce latency, the transfer of information remains unencrypted, which today represents a weak point in the protocol. Hence, the need to protect communications, without introducing low-level alterations, while preserving the performance characteristics of the protocol. In this work, we investigate the possibility of using symmetric encryption algorithms for securing messages exchanged by CAN protocol. In particular, we evaluate the using of lightweight ciphers to secure CAN-level communication. Such ciphers represent a reliable solution on hardware-constrained devices, such as microcontrollers.

The rapid developments of smart grids provide multiple benefits to the delivery of electric power, but at the same time makes the power grids under the threat of cyber attackers. The transmitted data could be deliberately modified without triggering the alarm of bad data detection procedure. In order to ensure the stable operation of the power systems, it is extremely significant to develop effective abnormal detection algorithms against injected false data. In this paper, we introduce the density-based LOF algorithm to detect the false data and dummy data. The simulation results show that the traditional density-clustering based LOF algorithm can effectively identify FDA, but the detection performance on DDA is not satisfactory. Therefore, we propose the improved LOF algorithm to detect DDA by setting reasonable density threshold.

Manufacturers often buy and/or license communication ICs from third-party suppliers. These communication ICs are then integrated into a complex computational system, resulting in a wide range of potential hardware-software security issues. This work proposes a compact supervisory circuit to classify the Bluetooth profile operation of a Bluetooth System-on-Chip (SoC) at low frequencies by monitoring the radio frequency (RF) output power of the Bluetooth SoC. The idea is to inexpensively manufacture an RF envelope detector to monitor the RF output power and a profile classification algorithm on a custom low-frequency integrated circuit in a low-cost legacy technology. When the supervisory circuit observes unexpected behavior, it can shut off power to the Bluetooth SoC. In this preliminary work, we proto-type the supervisory circuit using off-the-shelf components to collect a sufficient data set to train 11 different Machine Learning models. We extract smart descriptive time-domain features from the envelope of the RF output signal. Then, we train the machine learning models to classify three different Bluetooth operation profiles: sensor, hands-free, and headset. Our results demonstrate 100% classification accuracy with low computational complexity.

Currently, video surveillance systems play an important role in ensuring the safety of citizens, their property, etc., which greatly contributes to the reduction of crime. Due to the high intrinsic value and/or high efficiency of their use for the prevention and detection of crimes, they themselves often become the objects of illegal actions (theft, damage). The main purpose of video surveillance systems is to provide continuous visual monitoring of the situation at a particular facility or territory, as well as event registration. The breakdown of the camera is detected by the loss of signal in the control center. However, the absence of a signal for reasons other than these can also be caused by an accident on the power line, a communication channel break, software or hardware breakdown of the camera itself. In this regard, there is a problem of determining the exact cause of the lack of signal and, consequently, the need for a rapid response to it. The paper proposes an approach of video surveillance arrangement according to their main functional purpose, as well as their ability to monitor each other. Based on this approach, a mathematical model of the choice of locations and conditions of location of video surveillance equipment from a set of potentially acceptable as a problem of nonlinear Boolean programming is developed. This model maximizes the functionality of the video surveillance system, taking into account the importance of areas and objects of surveillance with restrictions on the number of video surveillance of each type, the nature of the terrain and existing buildings. An algorithm for solving this problem is proposed.

In this paper, we analyze the cyber resilience for the energy delivery systems (EDS) using critical system functionality (CSF). Some research works focus on identification of critical cyber components and services to address the resiliency for the EDS. Analysis based on the devices and services excluding the system behavior during an adverse event would provide partial analysis of cyber resilience. To address the gap, in this work, we utilize the vulnerability graph representation of EDS to compute the system functionality under adverse condition. We use network criticality metric to determine CSF. We estimate the criticality metric using graph Laplacian matrix and network performance after removing links (i.e., disabling control functions, or services). We model the resilience of the EDS using CSF, and system recovery curve. We also provide a comprehensive analysis of cyber resilience by determining the critical devices using TOPSIS (Technique for Order Preference by Similarity to Ideal Solution) and AHP (Analytical Hierarchy Process) methods. We present use cases of EDS illustrating the way control functions and services in EDS map to the vulnerability graph model. The simulation results show that we can estimate the resilience metric using different types of graphs that may assist in making an informed decision about EDS resilience.

Biometrics has enormous role to authenticate or substantiate an individual's on the basis of their physiological or behavioral attributes for pattern recognition system. Multimodal biometric systems cover up the limitations of single/ uni-biometric system. In this work, the multimodal biometric system is proposed; iris and hand geometry features are fused at feature level. The iris features are extracted by using moments and morphological operations are used to extract the features of hand geometry. The Chaos-based encryption is applied in order to enhance the high security on the database. Accuracy is predicted by performing the matching process. The experimental result shows that the overall performance of multimodal system has increased with accuracy, Genuine Acceptance Rate (GAR) and reduces with False Acceptance Rate (FAR) and False Rejection Rate (FRR) by using chaos with iris and hand geometry biometrics.

With the developments in deep learning, the security of neural networks against vulnerabilities has become one of the most urgent research topics in deep learning. There are many types of security countermeasures. Adversarial examples and their defense methods, in particular, have been well-studied in recent years. An adversarial example is designed to make neural networks misclassify or produce inaccurate output. Audio adversarial examples are a type of adversarial example where the main target of attack is a speech-to-text transcription neural network. In this study, we propose a new defense method against audio adversarial examples for the speech-to-text transcription neural networks. It is difficult to determine whether an input waveform data representing the sound of voice is an audio adversarial example. Therefore, the main framework of the proposed defense method is based on a sandbox approach. To evaluate the proposed defense method, we used actual audio adversarial examples that were created on Deep Speech, which is a speech-to-text transcription neural network. We confirmed that our defense method can identify audio adversarial examples to protect speech-to-text systems.

Modern operating systems are typical multitasking systems: Running multiple tasks at the same time. Therefore, a large number of system calls belonging to different processes are invoked at the same time. By associating these invocations, one can construct the system dependency graph. In rapidly evolving system dependency graphs, how to quickly find outliers is an urgent issue for intrusion detection. Clustering analysis based on graph similarity will help solve this problem. In this paper, an extended Weisfeiler-Lehman(WL) kernel is proposed. Firstly, an embedded vector with indefinite dimensions is constructed based on the original dependency graph. Then, the vector is compressed with Simhash to generate a fingerprint. Finally, anomaly detection based on clustering is carried out according to these fingerprints. Our scheme can achieve prominent detection with high efficiency. For validation, we choose StreamSpot, a relevant prior work, to act as benchmark, and use the same data set as it to carry out evaluations. Experiments show that our scheme can achieve the highest detection precision of 98% while maintaining a perfect recall performance. Moreover, both quantitative and visual comparisons demonstrate the outperforming clustering effect of our scheme than StreamSpot.

With the gradual progress of cloud computing, big data, network virtualization and other network technology. The traditional network architecture can no longer support this huge business. At this time, the clean slate team defined a new network architecture, SDN (Software Defined Network). It has brought about tremendous changes in the development of today's networks. The controller sends the flow table down to the switch, and the data flow is forwarded through matching flow table items. However, the current flow table resources of the SDN switch are very limited. Therefore, this paper studies the technology of the latest SDN Flow table optimization at home and abroad, proposes an efficient optimization scheme of Flow table item on the betweenness centrality through the main road selection algorithm, and realizes related applications by setting up experimental topology. Experiments show that this scheme can greatly reduce the number of flow table items of switches, especially the more hosts there are in the topology, the more obvious the experimental effect is. And the experiment proves that the optimization success rate is over 80%.

The IFDS algorithm can be compute-and memoryintensive for some large programs, often running for a long time (more than expected) or terminating prematurely after some time and/or memory budgets have been exhausted. In the latter case, the corresponding IFDS data-flow analyses may suffer from false negatives and/or false positives. To improve this, we introduce a sparse alternative to the traditional IFDS algorithm. Instead of propagating the data-flow facts across all the program points along the program’s (interprocedural) control flow graph, we propagate every data-flow fact directly to its next possible use points along its own sparse control flow graph constructed on the fly, thus reducing significantly both the time and memory requirements incurred by the traditional IFDS algorithm. In our evaluation, we compare FLOWDROID, a taint analysis performed by using the traditional IFDS algorithm, with our sparse incarnation, SPARSEDROID, on a set of 40 Android apps selected. For the time budget (5 hours) and memory budget (220GB) allocated per app, SPARSEDROID can run every app to completion but FLOWDROID terminates prematurely for 9 apps, resulting in an average speedup of 22.0x. This implies that when used as a market-level vetting tool, SPARSEDROID can finish analyzing these 40 apps in 2.13 hours (by issuing 228 leak warnings) while FLOWDROID manages to analyze only 30 apps in the same time period (by issuing only 147 leak warnings).

Ciphertext-policy Attributes-based Encryption (CP-ABE) is an encouraging cryptographic mechanism. It behaves an access control mechanism for data security. A ciphertext and secret key of user are dependent upon attributes. As a nature of CP-ABE, the data owner defines access policy before encrypting plaintext by his right. Therefore, CP-ABE is suitable in a real environment. In CP-ABE, the revocation issue is demanding since each attribute is shared by many users. A policy-based revolutionary CP-ABE scheme is proposed in this paper. In the proposed scheme, revocation takes place in policy level because a policy consists of threshold attributes and each policy is identified as a unique identity number. Policy revocation means that the data owner updates his policy identity number for ciphertext whenever any attribute is changed in his policy. To be a flexible updating policy control, four types of updating policy levels are identified for the data owner. Authorized user gets a secret key from a trusted authority (TA). TA updates the secret key according to the policy updating level done by the data owner. This paper tests personal health records (PHRs) and analyzes execution times among conventional CP-ABE, other enhanced CP-ABE and the proposed scheme.

Children and teenagers that have been a victim of bullying can possibly suffer its psychological effects for a lifetime. With the increase of online social media, cyberbullying incidents have been increased as well. In this paper we discuss how we can detect cyberbullying with AI techniques, using term frequency-inverse document frequency. We label messages as benign or bully. We want our method of cyberbullying detection to be privacy-preserving, such that the subscribers' benign messages should not be revealed to the operator. Moreover, the operator labels subscribers as normal, bully and victim. The operator utilizes policy control in 5G networks, to protect victims of cyberbullying from harmful traffic.