Biblio
Phishing emails have affected users seriously due to the enormous increasing in numbers and exquisite camouflage. Users spend much more effort on distinguishing the email properties, therefore current phishing email detection system demands more creativity and consideration in filtering for users. The proposed research tries to adopt creative computing in detecting phishing emails for users through a combination of computing techniques and social engineering concepts. In order to achieve the proposed target, the fraud type is summarised in social engineering criteria through literature review; a semantic web database is established to extract and store information; a fuzzy logic control algorithm is constructed to allocate email categories. The proposed approach will help users to distinguish the categories of emails, furthermore, to give advice based on different categories allocation. For the purpose of illustrating the approach, a case study will be presented to simulate a phishing email receiving scenario.
This paper proposes a context-aware, graph-based approach for identifying anomalous user activities via user profile analysis, which obtains a group of users maximally similar among themselves as well as to the query during test time. The main challenges for the anomaly detection task are: (1) rare occurrences of anomalies making it difficult for exhaustive identification with reasonable false-alarm rate, and (2) continuously evolving new context-dependent anomaly types making it difficult to synthesize the activities apriori. Our proposed query-adaptive graph-based optimization approach, solvable using maximum flow algorithm, is designed to fully utilize both mutual similarities among the user models and their respective similarities with the query to shortlist the user profiles for a more reliable aggregated detection. Each user activity is represented using inputs from several multi-modal resources, which helps to localize anomalies from time-dependent data efficiently. Experiments on public datasets of insider threats and gesture recognition show impressive results.
The widespread diffusion of the Internet of Things (IoT) is introducing a huge number of Internet-connected devices in our daily life. Mainly, wearable devices are going to have a large impact on our lifestyle, especially in a healthcare scenario. In this framework, it is fundamental to secure exchanged information between these devices. Among other factors, it is important to take into account the link between a wearable device and a smart unit (e.g., smartphone). This connection is generally obtained via specific wireless protocols such as Bluetooth Low Energy (BLE): the main topic of this work is to analyse the security of this communication link. In this paper we expose, via an experimental campaign, a methodology to perform a vulnerability assessment (VA) on wearable devices communicating with a smartphone. In this way, we identify several security issues in a set of commercial wearable devices.
Aiming at the problem of internal attackers of database system, anomaly detection method of user behaviour is used to detect the internal attackers of database system. With using Discrete-time Markov Chains (DTMC), an anomaly detection system of user behavior is proposed, which can detect the internal threats of database system. First, we make an analysis on SQL queries, which are user behavior features. Then, we use DTMC model extract behavior features of a normal user and the detected user and make a comparison between them. If the deviation of features is beyond threshold, the detected user behavior is judged as an anomaly behavior. The experiments are used to test the feasibility of the detction system. The experimental results show that this detction system can detect normal and abnormal user behavior precisely and effectively.
The best practice to prevent Cross Site Scripting (XSS) attacks is to apply encoders to sanitize untrusted data. To balance security and functionality, encoders should be applied to match the web page context, such as HTML body, JavaScript, and style sheets. A common programming error is the use of a wrong encoder to sanitize untrusted data, leaving the application vulnerable. We present a security unit testing approach to detect XSS vulnerabilities caused by improper encoding of untrusted data. Unit tests for the XSS vulnerability are automatically constructed out of each web page and then evaluated by a unit test execution framework. A grammar-based attack generator is used to automatically generate test inputs. We evaluate our approach on a large open source medical records application, demonstrating that we can detect many 0-day XSS vulnerabilities with very low false positives, and that the grammar-based attack generator has better test coverage than industry best practices.
In contrast to electronic travel documents (e.g. ePassports), the standardisation of breeder documents (e.g. birth certificates), regarding harmonisation of content and contained security features is in statu nascendi. Due to the fact that breeder documents can be used as an evidence of identity and enable the application for electronic travel documents, they pose the weakest link in the identity life cycle and represent a security gap for identity management. In this work, we present a cost efficient way to enhance the long-term security of breeder documents by utilizing blockchain technology. A conceptual architecture to enhance breeder document long-term security and an introduction of the concept's constituting system components is presented. Our investigations provide evidence that the Bitcoin blockchain is most suitable for breeder document long-term security.
We consider an underlay cognitive network with secondary users that support full-duplex communication. In this context, we propose the application of antenna selection at the secondary destination node to improve the secondary user secrecy performance. Antenna selection rules for cases where exact and average knowledge of the eavesdropping channels are investigated. The secrecy outage probabilities for the secondary eavesdropping network are analyzed, and it is shown that the secrecy performance improvement due to antenna selection is due to coding gain rather than diversity gain. This is very different from classical antenna selection for data transmission, which usually leads to a higher diversity gain. Numerical simulations are included to verify the performance of the proposed scheme.
In previous work, we proposed a solution to facilitate access to computer science related courses and learning materials using cloud computing and mobile technologies. The solution was positively evaluated by the participants, but most of them indicated that it lacks support for laboratory activities. As it is well known that many of computer science subjects (e.g. Computer Networks, Information Security, Systems Administration, etc.) require a suitable and flexible environment where students can access a set of computers and network devices to successfully complete their hands-on activities. To achieve this criteria, we created a cloud-based virtual laboratory based on OpenStack cloud platform to facilitate access to virtual machine both locally and remotely. Cloud-based virtual labs bring a lot of advantages, such as increased manageability, scalability, high availability and flexibility, to name a few. This arrangement has been tested in a case-study exercise with a group of students as part of Computer Networks and System Administration courses at Kabul Polytechnic University in Afghanistan. To measure success, we introduced a level test to be completed by participants prior and after the experiment. As a result, the learners achieved an average of 17.1 % higher scores in the post level test after completing the practical exercises. Lastly, we distributed a questionnaire after the experiment and students provided positive feedback on the effectiveness and usefulness of the proposed solution.
In this paper we present results of a research on automatic extremist text detection. For this purpose an experimental dataset in the Russian language was created. According to the Russian legislation we cannot make it publicly available. We compared various classification methods (multinomial naive Bayes, logistic regression, linear SVM, random forest, and gradient boosting) and evaluated the contribution of differentiating features (lexical, semantic and psycholinguistic) to classification quality. The results of experiments show that psycholinguistic and semantic features are promising for extremist text detection.
Wearable devices for fitness tracking and health monitoring have gained considerable popularity and become one of the fastest growing smart devices market. More and more companies are offering integrated health and activity monitoring solutions for fitness trackers. Recently insurances are offering their customers better conditions for health and condition monitoring. However, the extensive sensitive information collected by tracking products and accessibility by third party service providers poses vital security and privacy challenges on the employed solutions. In this paper, we present our security analysis of a representative sample of current fitness tracking products on the market. In particular, we focus on malicious user setting that aims at injecting false data into the cloud-based services leading to erroneous data analytics. We show that none of these products can provide data integrity, authenticity and confidentiality.
Large-scale infrastructures are critical to economic and social development, and hence their continued performance and security are of high national importance. Such an infrastructure often is a system of systems, and its functionality critically depends on the inherent robustness of its constituent systems and its defense strategy for countering attacks. Additionally, interdependencies between the systems play another critical role in determining the infrastructure robustness specified by its survival probability. In this paper, we develop game-theoretic models between a defender and an attacker for a generic system of systems using inherent parameters and conditional survival probabilities that characterize the interdependencies. We derive Nash Equilibrium conditions for the cases of interdependent and independent systems of systems under sum-form utility functions. We derive expressions for the infrastructure survival probability that capture its dependence on cost and system parameters, and also on dependencies that are specified by conditional probabilities. We apply the results to cyber-physical systems which show the effects on system survival probability due to defense and attack intensities, inherent robustness, unit cost, target valuation, and interdependencies.
The growing popularity of Android applications makes them vulnerable to security threats. There exist several studies that focus on the analysis of the behaviour of Android applications to detect the repackaged and malicious ones. These techniques use a variety of features to model the application's behaviour, among which the calls to Android API, made by the application components, are shown to be the most reliable. To generate the APIs that an application calls is not an easy task. This is because most malicious applications are obfuscated and do not come with the source code. This makes the problem of identifying the API methods invoked by an application an interesting research issue. In this paper, we present HyDroid, a hybrid approach that combines static and dynamic analysis to generate API call traces from the execution of an application's services. We focus on services because they contain key characteristics that allure attackers to misuse them. We show that HyDroid can be used to extract API call trace signatures of several malware families.
Distribution system security region (DSSR) has been widely used to analyze the distribution system operation security. This paper innovatively defines the scale of DSSR, namely the number of boundary constraints and variables of all operational constraints, analyzes and puts forward the corresponding evaluation method. Firstly, the influence of the number of security boundary constraints and variables on the scale of DSSR is analyzed. The factors that mainly influence the scale are found, such as the number of transformers, feeders, as well as sectionalizing switches, and feeder contacts modes between transformers. Secondly, a matrix representing the relations among transformers in distribution system is defined to reflect the characteristics of network's structure, while an algorithm of the scale of DSSR based on transformers connection relationship matrix is proposed, which avoids the trouble of listing security region constraints. Finally, the proposed method is applied in a test system to confirm the effectiveness of the concepts and methods. It provides the necessary foundation for DSSR theory as well as safety analysis.
Building lightweight security for low-cost pervasive devices is a major challenge considering the design requirements of a small footprint and low power consumption. Physical Unclonable Functions (PUFs) have emerged as a promising technology to provide a low-cost authentication for such devices. By exploiting intrinsic manufacturing process variations, PUFs are able to generate unique and apparently random chip identifiers. Strong-PUFs represent a variant of PUFs that have been suggested for lightweight authentication applications. Unfortunately, many of the Strong-PUFs have been shown to be susceptible to modelling attacks (i.e., using machine learning techniques) in which an adversary has access to challenge and response pairs. In this study, we propose an obfuscation technique during post-processing of Strong-PUF responses to increase the resilience against machine learning attacks. We conduct machine learning experiments using Support Vector Machines and Artificial Neural Networks on two Strong-PUFs: a 32-bit Arbiter-PUF and a 2-XOR 32-bit Arbiter-PUF. The predictability of the 32-bit Arbiter-PUF is reduced to $\approx$ 70% by using an obfuscation technique. Combining the obfuscation technique with 2-XOR 32-bit Arbiter-PUF helps to reduce the predictability to $\approx$ 64%. More reduction in predictability has been observed in an XOR Arbiter-PUF because this PUF architecture has a good uniformity. The area overhead with an obfuscation technique consumes only 788 and 1080 gate equivalents for the 32-bit Arbiter-PUF and 2-XOR 32-bit Arbiter-PUF, respectively.
This paper introduces a multi-factors security key generation mechanism for self-organising Internet of Things (IoT) network and nodes. The mechanism enables users to generate unique set of security keys to enhance IoT security while meeting various business needs. The multi-factor security keys presents an additional security layer to existing security standards and practices currently being adopted by the IoT community. The proposed security key generation mechanism enables user to define and choose any physical and logical parameters he/she prefers, in generating a set of security keys to be encrypted and distributed to registered IoT nodes. IoT applications and services will only be activated after verifying that all security keys are present. Multiple levels of authorisation for different user groups can be easily created through the mix and match of the generated multi-factors security keys. A use case, covering indoor and outdoor field tests was conducted. The results of the tests showed that the mechanism is easily adaptable to meet diverse multivendor IoT devices and is scalable for various applications.
The increasing demand for secure interactions between network domains brings in new challenges to access control technologies. In this paper we design an access control framework which provides a multilevel mapping method between hierarchical access control structures for achieving multilevel security protection in cross-domain networks. Hierarchical access control structures ensure rigorous multilevel security in intra domains. And the mapping method based on subject attributes is proposed to determine the subject's security level in its target domain. Experimental results we obtained from simulations are also reported in this paper to verify the effectiveness of the proposed access control model.
In this paper, a mutual authentication protocol based on ECC is designed for RFID systems. This protocol is described in detail and the performance of this protocol is analyzed. The results show that the protocol has many advantages, such as mutual authentication, confidentiality, anonymity, availability, forward security, scalability and so on, which can resist camouflage attacks, tracking attacks, denial of service attacks, system internal attack.
Because of the nature of vehicular communications, security is a crucial aspect, involving the continuous development and analysis of the existing security architectures and punctual theoretical and practical aspects that have been proposed and are in need of continuous updates and integrations with newer technologies. But before an update, a good knowledge of the current aspects is mandatory. Identifying weaknesses and anticipating possible risks of vehicular communication networks through a failure modes and effects analysis (FMEA) represent an important aspect of the security analysis process and a valuable step in finding efficient security solutions for all kind of problems that might occur in these systems.
In this paper, we present an algorithm for estimating the state of the power grid following a cyber-physical attack. We assume that an adversary attacks an area by: (i) disconnecting some lines within that area (failed lines), and (ii) obstructing the information from within the area to reach the control center. Given the phase angles of the buses outside the attacked area under the AC power flow model (before and after the attack), the algorithm estimates the phase angles of the buses and detects the failed lines inside the attacked area. The novelty of our approach is the transformation of the line failures detection problem, which is combinatorial in nature, to a convex optimization problem. As a result, our algorithm can detect any number of line failures in a running time that is independent of the number of failures and is solely dependent on the size of the network. To the best of our knowledge, this is the first convex relaxation for the problem of line failures detection using phase angle measurements under the AC power flow model. We evaluate the performance of our algorithm in the IEEE 118- and 300-bus systems, and show that it estimates the phase angles of the buses with less that 1% error, and can detect the line failures with 80% accuracy for single, double, and triple line failures.
Security and privacy issues of the Internet of Things (IoT in short, hereafter) attracts the hot topic of researches through these years. As the relationship between user and server become more complicated than before, the existing security solutions might not provide exhaustive securities in IoT environment and novel solutions become new research challenges, e.g., the solutions based on symmetric cryptosystems are unsuited to handle with the occasion that decryption is only allowed in specific time range. In this paper, a new scalable one-time file encryption scheme combines reliable cryptographic techniques, which is named OTFEP, is proposed to satisfy specialized security requirements. One of OTFEP's key features is that it offers a mechanism to protect files in the database from arbitrary visiting from system manager or third-party auditors. OTFEP uses two different approaches to deal with relatively small file and stream file. Moreover, OTFEP supports good node scalability and secure key distribution mechanism. Based on its practical security and performance, OTFEP can be considered in specific IoT devices where one-time file encryption is necessary.
Many fault-proneness prediction models have been proposed in literature to identify fault-prone code in software systems. Most of the approaches use fault data history and supervised learning algorithms to build these models. However, since fault data history is not always available, some approaches also suggest using semi-supervised or unsupervised fault-proneness prediction models. The HySOM model, proposed in literature, uses function-level source code metrics to predict fault-prone functions in software systems, without using any fault data. In this paper, we adapt the HySOM approach for object-oriented software systems to predict fault-prone code at class-level granularity using object-oriented source code metrics. This adaptation makes it easier to prioritize the efforts of the testing team as unit tests are often written for classes in object-oriented software systems, and not for methods. Our adaptation also generalizes one main element of the HySOM model, which is the calculation of the source code metrics threshold values. We conducted an empirical study using 12 public datasets. Results show that the adaptation of the HySOM model for class-level fault-proneness prediction improves the consistency and the performance of the model. We additionally compared the performance of the adapted model to supervised approaches based on the Naive Bayes Network, ANN and Random Forest algorithms.
Customers need to know how reliable a new release is, and whether or not the new release has substantially different, either better or worse, reliability than the one currently in production. Customers are demanding quantitative evidence, based on pre-release metrics, to help them decide whether or not to upgrade (and thereby offer new features and capabilities to their customers). Finding ways to estimate future reliability performance is not easy - we have evaluated many prerelease development and test metrics in search of reliability predictors that are sufficiently accurate and also apply to a broad range of software products. This paper describes a successful model that has resulted from these efforts, and also presents both a functional extension and a further conceptual simplification of the extended model that enables us to better communicate key release information to internal stakeholders and customers, without sacrificing predictive accuracy or generalizability. Work remains to be done, but the results of the original model, the extended model, and the simplified version are encouraging and are currently being applied across a range of products and releases. To evaluate whether or not these early predictions are accurate, and also to compare releases that are available to customers, we use a field software reliability assessment mechanism that incorporates two types of customer experience metrics: field bug encounters normalized by usage, and field bug counts, also normalized by usage. Our 'release-overrelease' strategy combines the 'maturity assessment' component (i.e., estimating reliability prior to release to the field) and the 'reliability assessment' component (i.e., gauging actual reliability after release to the field). This overall approach enables us to both predict reliability and compare reliability results for recent releases for a product.
Data analytics is being increasingly used in cyber-security problems, and found to be useful in cases where data volumes and heterogeneity make it cumbersome for manual assessment by security experts. In practical cyber-security scenarios involving data-driven analytics, obtaining data with annotations (i.e. ground-truth labels) is a challenging and known limiting factor for many supervised security analytics task. Significant portions of the large datasets typically remain unlabelled, as the task of annotation is extensively manual and requires a huge amount of expert intervention. In this paper, we propose an effective active learning approach that can efficiently address this limitation in a practical cyber-security problem of Phishing categorization, whereby we use a human-machine collaborative approach to design a semi-supervised solution. An initial classifier is learnt on a small amount of the annotated data which in an iterative manner, is then gradually updated by shortlisting only relevant samples from the large pool of unlabelled data that are most likely to influence the classifier performance fast. Prioritized Active Learning shows a significant promise to achieve faster convergence in terms of the classification performance in a batch learning framework, and thus requiring even lesser effort for human annotation. An useful feature weight update technique combined with active learning shows promising classification performance for categorizing Phishing/malicious URLs without requiring a large amount of annotated training samples to be available during training. In experiments with several collections of PhishMonger's Targeted Brand dataset, the proposed method shows significant improvement over the baseline by as much as 12%.