Biblio

The current supply of a highly specialized cyber security professionals cannot meet the demands for societies seeking digitization. To close the skill gap, there is a need for introducing students in higher education to cyber security, and to combine theoretical knowledge with practical skills. This paper presents how the cyber security training platform Haaukins, initially developed to increase interest and knowledge of cyber security among high school students, was further developed to support the need for training in higher education. Based on the differences between the existing and new target audiences, a set of design principles were derived which shaped the technical adjustments required to provide a suitable platform - mainly related to dynamic tooling, centralized access to exercises, and scalability of the platform to support courses running over longer periods of time. The implementation of these adjustments has led to a series of teaching sessions in various institutions of higher education, demonstrating the viability for Haaukins for the new target audience.

Modbus is a popular industrial communication protocol supported by most automation devices. Despite its popularity, it is not a secure protocol because when it was developed, security was not a concern due to closed environments of industrial control systems. With the convergence of information technology and operational technology in recent years, the security of industrial control systems has become a serious concern. Due to the high availability requirements, it is not practical or feasible to do security experimentation of production systems. We present an implementation of cyber-physical systems with Modbus/TCP communication for real-time security testing. The proposed architecture consists of a process simulator, an IEC 61131-3 compliant programmable logic controller, and a human-machine interface, all communicating via Modbus/TCP protocol. We use Simulink as the process simulator. It does not have built-in support for the Modbus protocol. A contribution of the proposed work is to extend the functionality of Simulink with a custom block to enable Modbus communication. We use two case studies to demonstrate the utility of the cyber-physical system architecture. We can model complex industrial processes with this architecture, can launch cyber-attacks, and develop protection mechanisms.

High-performance implementation of non-linear support vector machine (SVM) function is important in many applications. This paper develops a hardware design of Gaussian kernel function with high-performance since it is one of the most modules in non-linear SVM. The designed Gaussian kernel function consists of Norm unit and exponentiation function unit. The Norm unit uses fewer subtractors and multiplexers. The exponentiation function unit performs modified coordinate rotation digital computer algorithm with wide range of convergence and high accuracy. The presented circuit is implemented on a Xilinx field-programmable gate array platform. The experimental results demonstrate that the designed circuit achieves low resource utilization and high efficiency with relative error 0.0001.

Cyber ranges are valuable assets but have limitations in simulating complex realities and multi-sector dependencies; to address this, federated cyber ranges are emerging. This work presents the ECHO Federated Cyber Range, a marketplace for cyber range services, that establishes a mechanism by which independent cyber range capabilities can be interconnected and accessed via a convenient portal. This allows for more complex and complete emulations, spanning potentially multiple sectors and complex exercises. Moreover, it supports a semi-automated approach for processing and deploying service requests to assist customers and providers interfacing with the marketplace. Its features and architecture are described in detail, along with the design, validation and deployment of a training scenario.

With the development of artificial intelligence and cryptography, intelligent cryptography will be the trend of encrypted communications in the future. Abadi designed an encrypted communication model based on a generative adversarial network, which can communicate securely when the adversary knows the ciphertext. The communication party and the adversary fight against each other to continuously improve their own capabilities to achieve a state of secure communication. However, this model can only have a better communication effect under the 16 bits communication length, and cannot adapt to the length of modern encrypted communication. Combine the neural network structure in DCGAN to optimize the neural network of the original model, and at the same time increase the batch normalization process, and optimize the loss function in the original model. Experiments show that under the condition of the maximum 2048-bit communication length, the decryption success rate of communication reaches about 0.97, while ensuring that the adversary’s guess error rate is about 0.95, and the training speed is greatly increased to keep it below 5000 steps, ensuring safety and efficiency Communication.

Because of the rise of the Monroe coin, many JavaScript files with embedded malicious code are used to mine cryptocurrency using the computing power of the browser client. This kind of script does not have any obvious behaviors when it is running, so it is difficult for common users to witness them easily. This feature could lead the browser side cryptocurrency mining abused without the user’s permission. Traditional browser security strategies focus on information disclosure and malicious code execution, but not suitable for such scenes. Thus, we present a novel detection method named MineDetector using a machine learning algorithm and static features for automatically detecting browser-side cryptojacking scripts on the websites. MineDetector extracts five static feature groups available from the abstract syntax tree and text of codes and combines them using the machine learning method to build a powerful cryptojacking classifier. In the real experiment, MineDetector achieves the accuracy of 99.41% and the recall of 93.55% and has better performance in time comparing with present dynamic methods. We also made our work user-friendly by developing a browser extension that is click-to-run on the Chrome browser.

Bitcoin and other digital cryptocurrencies have de-veloped rapidly in recent years. To reduce hardware and power costs, many criminals use the botnet to infect other hosts to mine cryptocurrency for themselves, which has led to the proliferation of mining botnets and is referred to as cryptojacking. At present, the mechanisms specific to cryptojacking detection include host-based, Deep Packet Inspection (DPI) based, and dynamic network characteristics based. Host-based detection requires detection installation and running at each host, and the other two are heavyweight. Besides, DPI-based detection is a breach of privacy and loses efficacy if encountering encrypted traffic. This paper de-signs a lightweight cryptojacking traffic detection method based on network behavior features for an ISP, without referring to the payload of network traffic. We set up an environment to collect cryptojacking traffic and conduct a cryptojacking traffic study to obtain its discriminative network traffic features extracted from only the first four packets in a flow. Our experimental study suggests that the machine learning classifier, random forest, based on the extracted discriminative network traffic features can accurately and efficiently detect cryptojacking traffic.

Aiming at the problems of the traditional convolutional neural network (CNN), such as too many parameters, single scale feature and inefficiency by some useless features, a lightweight multi-scale network with attention is proposed for facial expression recognition. The network uses the lightweight convolutional neural network model Xception and combines with the convolutional block attention module (CBAM) to learn key facial features; In addition, depthwise separable convolution module with convolution kernel of 3 × 3, 5 × 5 and 7 × 7 are used to extract features of facial expression image, and the features are fused to expand the receptive field and obtain more rich facial feature information. Experiments on facial expression datasets Fer2013 and KDEF show that the expression recognition accuracy is improved by 2.14% and 2.18% than the original Xception model, and the results further verify the effectiveness of our methods.

The false data injection attacks (FDIAs) in smart grids can offset the power measurement data and it can bypass the traditional bad data detection mechanism. To solve this problem, a new detection mechanism called cosine similarity ratio which is based on the dynamic estimation algorithm of square root cubature Kalman filter (SRCKF) is proposed in this paper. That is, the detection basis is the change of the cosine similarity between the actual measurement and the predictive measurement before and after the attack. When the system is suddenly attacked, the actual measurement will have an abrupt change. However, the predictive measurement will not vary promptly with it owing to the delay of Kalman filter estimation. Consequently, the cosine similarity between the two at this moment has undergone a change. This causes the ratio of the cosine similarity at this moment and that at the initial moment to fluctuate considerably compared to safe operation. If the detection threshold is triggered, the system will be judged to be under attack. Finally, the standard IEEE-14bus test system is used for simulation experiments to verify the effectiveness of the proposed detection method.

As a typical cyber-physical system, the power system utilizes advanced information and communication technologies to transmit crucial control signals in communication channels. However, many adversaries can construct false data injection attacks (FDIA) to circumvent traditional bad data detection and break the stability of the power grid. In this paper, we proposed a threat-maximizing FDIA model from the view of attackers. The proposed FDIA can not only circumvent bad data detection but can also cause a terrible fluctuation in the power system. Furthermore, in order to eliminate potential attack threats, the Spatio-temporal correlations of measurement matrices are considered. To extract the Spatio-temporal features, a data-driven detection method using a deep convolutional neural network was proposed. The effectiveness of the proposed FDIA model and detection are assessed by a simulation on the New England 39 bus system. The results show that the FDIA can cause a negative effect on the power system’s stable operation. Besides, the results reveal that the proposed FDIA detection method has an outstanding performance on Spatio-temporal features extraction and FDIA recognition.

State estimation (SE) plays a vital role in the reliable operation of modern power systems, gives situational awareness to the operators, and is employed in different functions of the Energy Management System (EMS), such as Optimal Power Flow (OPF), Contingency Analysis (CA), power market mechanism, etc. To increase SE's accuracy and protect it from compromised measurements, Bad Data Detection (BDD) algorithm is employed. However, the integration of Information and Communication Technologies (ICT) into the modern power system makes it a complicated cyber-physical system (CPS). It gives this opportunity to an adversary to find some loopholes and flaws, penetrate to CPS layer, inject false data, bypass existing BDD schemes, and consequently, result in security and stability issues. This paper employs a semi-supervised learning method to find normal data patterns and address the False Data Injection Attack (FDIA) problem. Based on this idea, the Probability Distribution Functions (PDFs) of measurement variations are derived for training and test data sets. Two distinct indices, i.e., Absolute Distance (AD) and Relative Entropy (RE), a concept in Information Theory, are utilized to find the distance between these two PDFs. In case an intruder compromises data, the related PDF changes. However, we demonstrate that AD fails to detect these changes. On the contrary, the RE index changes significantly and can properly detect FDIA. This proposed method can be used in a real-time attack detection process where the larger RE index indicates the possibility of an attack on the real-time data. To investigate the proposed methodology's effectiveness, we utilize the New York Independent System Operator (NYISO) data (Jan.-Dec. 2019) with a 5-minute resolution and map it to the IEEE 14-bus test system, and prepare an appropriate data set. After that, two different case studies (attacks on voltage magnitude ( Vm), and phase angle (θ)) with different attack parameters (i.e., 0.90, 0.95, 0.98, 1.02, 1.05, and 1.10) are defined to assess the impact of an attack on the state variables at different buses. The results show that RE index is a robust and reliable index, appropriate for real-time applications, and can detect FDIA in most of the defined case studies.

In recent years, cyber attackers are targeting the power system and imposing different damages to the national economy and public safety. False Data Injection Attack (FDIA) is one of the main types of Cyber-Physical attacks that adversaries can manipulate power system measurements and modify system data. Consequently, it may result in incorrect decision-making and control operations and lead to devastating effects. In this paper, we propose a two-stage detection method. In the first step, Gated Recurrent Unit (GRU), as a deep learning algorithm, is employed to forecast the data for the future horizon. Meanwhile, hyperparameter optimization is implemented to find the optimum parameters (i.e., number of layers, epoch, batch size, β1, β2, etc.) in the supervised learning process. In the second step, an unsupervised scoring algorithm is employed to find the sequences of false data. Furthermore, two penalty factors are defined to prevent the objective function from greedy behavior. We assess the capability of the proposed false data detection method through simulation studies on a real-world data set (ComEd. dataset, Northern Illinois, USA). The results demonstrate that the proposed method can detect different types of attacks, i.e., scaling, simple ramp, professional ramp, and random attacks, with good performance metrics (i.e., recall, precision, F1 Score). Furthermore, the proposed deep learning method can mitigate false data with the estimated true values.

Most of the studies of the existing object detection models are studies to better detect the objects to be detected. The problem of false detection of objects that should not be detected is not considered. When an object detection model that does not take this problem into account is applied to an industrial field close to humans, false detection can lead to a dangerous situation that greatly interferes with human life. To solve this false detection problem, this paper proposes a method of fine-tuning the backbone neural network model of the object detection model using the Outlier Exposure method and applying the class-specific uncertainty constant to the confidence score to detect the object.

Name Data Networking (NDN) is a clean-slate network redesign that uses content names for routing and addressing. Facing the fact that TCP/IP is deeply entrenched in the current Internet architecture, NDN has made slow progress in industrial promotion. Meanwhile, new architectures represented by SDN, P4, etc., provide a flexible and programmable approach to network research. As a result, a centralized NDN routing mechanism is needed in the scenario for network integration between NDN and TCP/IP. Combining the NLSR protocol and the P4 environment, we introduce an efficient NDN routing mechanism that offers extensible NDN routing services (e.g., resources-location management and routing calculation) which can be programmed in the control plane. More precisely, the proposed mechanism allows the programmable switches to transmit NLSR packets to the control plane with the extended data plane. The NDN routing services are provided by control plane application which framework bases on resource-location mapping to achieve part of the NLSR mechanism. Experimental results show that the proposed mechanism can reduce the number of routing packets significantly, and introduce a slight overhead in the controller compared with NLSR simulation.

Cognitive radio (CR) as a key technology of solving the problem of low spectrum utilization has attracted wide attention in recent years. However, due to the open nature of the radio, the communication links can be eavesdropped by illegal user, resulting to severe security threat. Unmanned aerial vehicle (UAV) equipped with signal sensing and data transmission module, can access to the unoccupied channel to improve network security performance by transmitting artificial noise (AN) in CR networks. In this paper, we propose a resource allocation scheme for UAV-assisted overlay CR network. Based on the result of spectrum sensing, the UAV decides to play the role of jammer or secondary transmitter. The power splitting ratio for transmitting secondary signal and AN is introduced to allocate the UAV's transmission power. Particularly, we jointly optimize the spectrum sensing time, the power splitting ratio and the hovering position of the UAV to maximize the total secrecy rate of primary and secondary users. The optimization problem is highly intractable, and we adopt an adaptive inertia coefficient particle swarm optimization (A-PSO) algorithm to solve this problem. Simulation results show that the proposed scheme can significantly improve the total secrecy rate in CR network.

Cognitive radio primary network secure communication strategy based on secondary user energy harvesting and primary user destination assistance is investigated to guarantee primary user secure communication in cognitive radio network. In the proposed strategy, the primary network selects the best secondary user to forward the traffic from a primary transmitter (PT) to a primary receiver (PR). The best secondary user implements beamforming technique to assist primary network for secure communication. The remaining secondary transmitters harvest energy and transmit information to secondary receiver over the licensed primary spectrum. In order to further enhance the security of primary network and increase the harvested energy for the remaining secondary users, a destination-assisted jamming signal transmission strategy is proposed. In this strategy, artificial noise jamming signal transmitted by PR not only confuses eavesdropper, but also be used to power the remaining secondary users. Simulation results demonstrate that, the proposed strategy allows secondary users to communicate in the licensed primary spectrum. It enhances primary network secure communication performance dramatically with the joint design of secondary user transmission power and beamforming vectors. Furthermore, physical layer security of primary and secondary network can also be guaranteed via the proposed cognitive radio primary network secure communication strategy.

Physical-layer security (PLS) for an underlay cognitive radio network (CRN)-based simultaneous wireless information and power transfer (SWIPT) over cascaded κ-µ fading channels is investigated. The network is composed of a pair of secondary users (SUs), a primary user (PU) receiver, and an eavesdropper attempting to intercept the data shared by the SUs. To improve the SUs’ data transmission security, we assume a full-duplex (FD) SU destination, which employs energy harvesting (EH) to extract the power required for generating jamming signals to be emitted to confound the eavesdropper. Two scenarios are presented and compared; harvesting and non-harvesting eavesdropper. Moreover, a trade-off between the system’s secrecy and reliability is explored. PLS is studied in terms of the probability of non-zero secrecy capacity and the intercept probability, whereas the reliability is studied in terms of the outage probability. Results reveal the great impact of jamming over the improvement of the SUs’ secrecy. Additionally, our work indicates that studying the system’s secrecy over cascaded channels has an influence on the system’s PLS that cannot be neglected.

We investigate cognitive radio networks where the unlicensed sender operates in the overlay mode to relay the information of the licensed transmitter as well as send its individual information. To secure information broadcasted by the unlicensed sender against the wire-tapper, we invoke jammers to limit eavesdropping. Also, to exploit efficiently radio frequency energy in licensed signals, we propose the unlicensed sender and all jammers to scavenge this energy source. To assess the security measures of both licensed and unlicensed networks, we first derive rigorous closed-form formulas of licensed/unlicensed secrecy outage probabilities. Next, we validate these formulas with Monte-Carlo simulations before using them to achieve insights into the security capability of the proposed jamming-aided energy harvesting cognitive radio networks in crucial system parameters.

In this paper, we show that caching can aid in achieving secure communications by considering a wiretap scenario where the transmitter and legitimate receiver share access to a secure cache, and an eavesdropper is able to tap transmissions over a binary erasure wiretap channel during the delivery phase of a caching protocol. The scenario under consideration gives rise to a new channel model for wiretap coding that allows the transmitter to effectively choose a subset of bits to erase at the eavesdropper by caching the bits ahead of time. The eavesdropper observes the remainder of the coded bits through the wiretap channel for the general case. In the wiretap type-II scenario, the eavesdropper is able to choose a set of revealed bits only from the subset of bits not cached. We present a coding approach that allows efficient use of the cache to realize a caching gain in the network, and show how to use the cache to optimize the information theoretic security in the choice of a finite blocklength code and the choice of the cached bit set. To our knowledge, this is the first work on explicit algorithms for secrecy coding in any type of caching network.

A physical layer security (PLS) technique called Gray Code Hopping (GCH) is presented offering simplistic implementation and no bit error rate (BER) performance degradation over the main channel. A synchronized transmitter and receiver "hop" to an alternative binary reflected Gray code (BRGC) mapping of bits to symbols between each consecutive modulation symbol. Monte Carlo simulations show improved BER performance over a similar technique from the literature. Simulations also confirm compatibility of GCH with either hard or soft decision decoding methods. Simplicity of GCH allows for ready implementation in adaptive 5th Generation New Radio (5G NR) modulation coding schemes.

Polar codes have been shown to provide an effective mechanism for achieving physical-layer security over various wiretap channels. A majority of these schemes require channel state information (CSI) at the encoder for both intended receivers and eavesdroppers. In this paper, we consider a polar coding scheme for secrecy over a Gaussian wiretap channel when no CSI is available. We show that the availability of a shared keystream between friendly parties allows polar codes to be used for both secure and reliable communications, even when the eavesdropper knows a large fraction of the keystream. The scheme relies on a predetermined strategy for partitioning the bits to be encoded into a set of frozen bits and a set of information bits. The frozen bits are filled with bits from the keystream, and we evaluate the security gap when the cyclic redundancy check-aided successive cancellation list decoder is used at both receivers in the wiretap channel model.

In recent years web applications that are hacked every day estimated to be 30 000, and in most cases, web developers or website owners do not even have enough knowledge about what is happening on their sites. Web hackers can use many attacks to gain entry or compromise legitimate web applications, they can also deceive people by using phishing sites to collect their sensitive and private information. In response to this, the need is raised to take proper measures to understand the risks and be aware of the vulnerabilities that may affect the website and hence the normal business flow. In the scope of this study, mitigations against the most common web application attacks are set, and the web administrator is provided with ways to detect phishing links which is a social engineering attack, the study also demonstrates the generation of web application logs that simplifies the process of analyzing the actions of abnormal users to show when behavior is out of bounds, out of scope, or against the rules. The methods of mitigation are accomplished by secure coding techniques and the methods for phishing link detection are performed by various machine learning algorithms and deep learning techniques. The developed application has been tested and evaluated against various attack scenarios, the outcomes obtained from the test process showed that the website had successfully mitigated these dangerous web application attacks, and for the detection of phishing links part, a comparison is made between different algorithms to find the best one, and the outcome of the best model gave 98% accuracy.

Distributed Denial-of-Service (DDoS) attack is a long-lived attack that is hugely harmful to the Internet. In particular, the emergence of a new type of DDoS called Link Flooding Attack (LFA) makes the detection and defense more difficult. In LFA, the attacker cuts off a specific area by controlling large numbers of bots to send low-rate traffic to congest selected links. Since the attack flows are similar to the legitimate ones, traditional schemes like anomaly detection and intrusion detection are no longer applicable. Blockchain provides a new solution to address this issue. In this paper, we propose a blockchain-based LFA detection scheme, which is deployed on routers and servers in and around the area that we want to protect. Blockchain technology is used to record and share the traceroute information, which enables the hosts in the protected region to easily trace the flow paths. We implement our scheme in Ethereum and conduct simulation experiments to evaluate its performance. The results show that our scheme can achieve timely detection of LFA with a high detection rate and a low false positive rate, as well as a low overhead.

In the course of the research, the research of discriminatory methods of handling video information resource based on the JPEG platform was carried out. This research showed a high interest of the scientific world in identifying important data at different phases of handling. However, the discriminatory handling of the video information resource after the quantization phase is not well understood. Based on the research data, the goal is to find possible ways to operation a video information resource based on a JPEG platform in order to identify important data in a telecommunications system. At the same time, the proposed strategies must provide the required pace of dynamic picture grade and hiding in the context of limited bandwidth. The fulfillment of the condition with limited bandwidth is achieved through the use of a lossless compression algorism based on arithmetic coding. The purpose of the study is considered to be achieved if the following requirements are met:1.Reduction of the volume of dynamic pictures by 30% compared to the initial amount;2.The quality pace is confirmed by an estimate of the peak signal-to-noise ratio for an authorized user, which is Ψauthor ≥ 20 dB;3.The pace of hiding is confirmed by an estimate of the peak signal-to-noise ratio for unauthorized access, which is Ψunauthor ≤ 9 dBThe first strategy is to use encryption tables. The advantage of this strategy is its high hiding strength.The second strategy is the important matrix method. The advantage of this strategy is higher performance.Thus, the goal of the study on the development of possible ways of handling a video information resource based on a JPEG platform in order to identify important data in a telecommunication system with the given requirements is achieved.

The superior breadth of data transmission through the internet is rapidly increasing in the current scenario. The information in the form of images is really critical in the fields of Banking, Military, Medicine, etc, especially, in the medical field as people are unable to travel to different locations, they rely on telemedicine facilities available. All these fields are equally vulnerable to intruders. So, to prevent such an act, encryption of these data in the form of images can be done using chaos encryption. Chaos Encryption has its long way in the field of Secure Communication. Their Unique features offer much more security than any conventional algorithms. There are many simple chaotic maps that could be used for encryption. In this paper, at first Henon chaotic maps is used for the encryption purpose. The comparison of the algorithm with conventional algorithms is also done. Finally, a security analysis for proving the robustness of the algorithm is carried out. Also, different existing and some new versions are compared so as to check whether a new combination could produce a better result. The simulation results show that the proposed algorithm is robust and simple to be used for this application. Also, found a new combination of the map to be used for the application.