Biblio

Nowadays, computers are used everywhere to carry out daily routine tasks. The input devices i.e. keyboard or mouse are used to feed input to computers. The surveillance of input devices is much important as monitoring the users logging activity. A keylogger also referred as a keystroke logger, is a software or hardware device which monitors every keystroke typed by a user. Keylogger runs in the background that user cannot identify its presence. It can be used as monitoring software for parents to keep an eye on children activity on computers and for the owner to monitor their employees. A keylogger (which can be either spyware or software) is a kind of surveillance software that has the ability to store every keystroke in a log file. It is very dangerous for those systems which use their system for daily transaction purpose i.e. Online Banking Systems. A keylogger is a tool, made to save all the keystroke generated through the machine which sanctions hackers to steal sensitive information without user's intention. Privileged also relies on the access for both implementation and placement by Kernel keylogger, the entire message transmitted from the keyboard drivers, while the programmer simply relies on kernel level facilities that interrupt. This certainly needs a large power and expertise for real and error-free execution. However, it has been observed that 90% of the current keyloggers are running in userspace so they do not need any permission for execution. Our aim is focused on detecting userspace keylogger. Our intention is to forbid userspace keylogger from stealing confidential data and information. For this purpose, we use a strategy which is clearly based on detection manner techniques for userspace keyloggers, an essential category of malware packages. We intend to achieve this goal by matching I/O of all processes with some simulated activity of the user, and we assert detection in case the two are highly correlated. The rationale behind this is that the more powerful stream of keystrokes, the more I/O operations are required by the keylogger to log the keystrokes into the file.

Vehicles are becoming increasingly connected to the outside world. We can connect our devices to the vehicle's infotainment system and internet is being added as a functionality. Therefore, security is a major concern as the attack surface has become much larger than before. Consequently, attackers are creating malware that can infect vehicles and perform life-threatening activities. For example, a malware can compromise vehicle ECUs and cause unexpected consequences. Hence, ensuring the security of connected vehicle software and networks is extremely important to gain consumer confidence and foster the growth of this emerging market. In this paper, we propose a characterization of vehicle malware and a security architecture to protect vehicle from these malware. The architecture uses multiple computational platforms and makes use of the virtualization technique to limit the attack surface. There is a real-time operating system to control critical vehicle functionalities and multiple other operating systems for non-critical functionalities (infotainment, telematics, etc.). The security architecture also describes groups of components for the operating systems to prevent malicious activities and perform policing (monitor, detect, and control). We believe this work will help automakers guard their systems against malware and provide a clear guideline for future research.

Identifying cyberattack vectors on cyber supply chains (CSC) in the event of cyberattacks are very important in mitigating cybercrimes effectively on Cyber Physical Systems CPS. However, in the cyber security domain, the invincibility nature of cybercrimes makes it difficult and challenging to predict the threat probability and impact of cyber attacks. Although cybercrime phenomenon, risks, and treats contain a lot of unpredictability's, uncertainties and fuzziness, cyberattack detection should be practical, methodical and reasonable to be implemented. We explore Bayesian Belief Networks (BBN) as knowledge representation in artificial intelligence to be able to be formally applied probabilistic inference in the cyber security domain. The aim of this paper is to use Bayesian Belief Networks to detect cyberattacks on CSC in the CPS domain. We model cyberattacks using DAG method to determine the attack propagation. Further, we use a smart grid case study to demonstrate the applicability of attack and the cascading effects. The results show that BBN could be adapted to determine uncertainties in the event of cyberattacks in the CSC domain.

A wide variety of security software systems need to be integrated into a Security Orchestration Platform (SecOrP) to streamline the processes of defending against and responding to cybersecurity attacks. Lack of interpretability and interoperability among security systems are considered the key challenges to fully leverage the potential of the collective capabilities of different security systems. The processes of integrating security systems are repetitive, time-consuming and error-prone; these processes are carried out manually by human experts or using ad-hoc methods. To help automate security systems integration processes, we propose an Ontology-driven approach for Security OrchestrAtion Platform (OnSOAP). The developed solution enables interpretability, and interoperability among security systems, which may exist in operational silos. We demonstrate OnSOAP's support for automated integration of security systems to execute the incident response process with three security systems (Splunk, Limacharlie, and Snort) for a Distributed Denial of Service (DDoS) attack. The evaluation results show that OnSOAP enables SecOrP to interpret the input and output of different security systems, produce error-free integration details, and make security systems interoperable with each other to automate and accelerate an incident response process.

Networks of and embedded (IoT) devices are becoming increasingly popular, particularly, in settings such as smart homes, factories and vehicles. These networks can include numerous (potentially diverse) devices that collectively perform certain tasks. In order to guarantee overall safety and privacy, especially in the face of remote exploits, software integrity of each device must be continuously assured. This can be achieved by Remote Attestation (RA) - a security service for reporting current software state of a remote and untrusted device. While RA of a single device is well understood, collective RA of large numbers of networked embedded devices poses new research challenges. In particular, unlike single-device RA, collective RA has not benefited from any systematic treatment. Thus, unsurprisingly, prior collective RA schemes are designed in an ad hoc fashion. Our work takes the first step toward systematic design of collective RA, in order to help place collective RA onto a solid ground and serve as a set of design guidelines for both researchers and practitioners. We explore the design space for collective RA and show how the notions of security and effectiveness can be formally defined according to a given application domain. We then present and evaluate a concrete collective RA scheme systematically designed to satisfy these goals.

In this paper, an agent-based cross-layer secure service discovery scheme has been presented. Service discovery in MANET is a critical task and it presents numerous security challenges. These threats can compromise the availability, privacy and integrity of service discovery process and infrastructure. This paper highlights various security challenges prevalent to service discovery in MANET. Then, in order to address these security challenges, the paper proposes a cross-layer, agent based secure service discovery scheme for MANET based on deep neural network. The software agents will monitor the intrusive activities in the network based on an Intrusion Detection System (IDS). The service discovery operation is performed based on periodic dissemination of service, routing and security information. The QoS provisioning is achieved by encapsulating QoS information in the periodic advertisements done by service providers. The proposed approach has been implemented in JIST/ SWANS simulator. The results show that proposed approach provides improved security, scalability, latency, packet delivery ratio and service discovery success ratio, for various simulation scenarios.

Biometric recognition systems based on ultrasound images have been investigated for several decades, and nowadays ultrasonic fingerprint sensors are fully integrated in portable devices. Main advantage of the Ultrasound over other technologies are the possibility to collect 3D images, allowing to gain information on under-skin features, which improve recognition accuracy and resistance to spoofing. Also, ultrasound images are not sensible to several skin contaminations, humidity and not uniform ambient illumination. An ultrasound system, able to acquire 3D images of the human palm has been recently proposed. In this work, a recognition procedure based on 2D palmprint images collected with this system is proposed and evaluated through verification experiments carried out on a home made database composed of 141 samples collected from 24 users. Perspective of the proposed method by upgrading the recognition procedure to provide a 3D template able to accounts for palm lines' depth are finally highlighted and discussed.

The massive integration of Renewable Energy Sources (RES) into power systems is a major challenge but it also provides new opportunities for network operation. For example, with a large amount of RES available at HV subtransmission level, it is possible to exploit them as controlling resources in islanding conditions. Thus, a procedure for off-line evaluation of islanded operation feasibility in the presence of RES is proposed. The method finds which generators and loads remain connected after islanding to balance the island's real power maximizing the amount of supplied load and assuring the network's long-term security. For each possible islanding event, the set of optimal control actions (load/generation shedding) to apply in case of actual islanding, is found. The procedure is formulated as a Mixed Integer Non-Linear Problem (MINLP) and is solved using Genetic Algorithms (GAs). Results, including dynamic simulations, are shown for a representative HV subtransmission grid.

Internet of Things (IoT) revolution in 5th Generation (5G) will dynamically support all user, devices and customer worldwide where these devices, mechanical and digital machines will be connected and are able to communicate and transfer data over the network. In industries, the evolution of these technologies, known as Industrial IoT (IIoT) will enable machines to be connected and communicate where else, Internet of Everything (IoE) makes the connection more relevant between all smart devices, machines and also people with a huge data, high speed and high security. The growth of these technologies has made Radio Frequency (RF) spectrum resources for wireless communication to be more saturated. In order to solve this problem, new wireless communication technologies are proposed to meet the demand and also to enhance the performance of the system and overcome the existing bandwidth limitations. Studies done shows that Light-Fidelity (Li-Fi), based on Visible Light Communications (VLC) is one of the most promising technology in future which is based on optical wireless communication. Initial study on the Li-Fi concept has focuses on achieving speed, bi-directional transmission concept and supports multiuser access. In this paper we propose a frame work focuses on the handover process for indoor environment by using the steerable Access Point (AP) and compare the output result with fix Access Point.

With the recent boom in the cryptocurrency market, hackers have been on the lookout to find novel ways of commandeering users' machine for covert and stealthy mining operations. In an attempt to expose such under-the-hood practices, this paper explores the issue of browser cryptojacking, whereby miners are secretly deployed inside browser code without the knowledge of the user. To this end, we analyze the top 50k websites from Alexa and find a noticeable percentage of sites that are indulging in this exploitative exercise often using heavily obfuscated code. Furthermore, mining prevention plug-ins, such as NoMiner, fail to flag such cleverly concealed instances. Hence, we propose a machine learning solution based on hardware-assisted profiling of browser code in real-time. A fine-grained micro-architectural footprint allows us to classify mining applications with \textbackslashtextgreater99% accuracy and even flags them if the mining code has been heavily obfuscated or encrypted. We build our own browser extension and show that it outperforms other plug-ins. The proposed design has negligible overhead on the user's machine and works for all standard off-the-shelf CPUs.

Smart power grid is a perfect model of Cyber Physical System (CPS) which is an important component for a comfortable life. The major concern of the electrical network is safety and reliable operation. A cyber attacker in the operation of power system would create a major damage to the entire power system structure and affect the continuity of the power supply by adversely changing its parameters. A risk assessment method is presented for evaluating the cyber security assessment of power systems taking into consideration the need for protection systems. The paper considers the impact of bus and transmission line protection systems located in substations on the cyber physical performance of power systems. The proposed method is to simulate the response of power systems to sudden attacks on various power system preset value and parameters. This paper focuses on the cyber attacks which occur in a co-ordinated way so that many power system components will be in risk. The risk can be modelled as the combined probability of power system impact due to attacks and of successful interruption into the system. Stochastic Petri Nets is employed for assessing the risks. The effectiveness of the proposed cyber security risk assessment method is simulated for a IEEE39 bus system.

Modulation classification is an important component of cognitive self-driving networks. Recently many ML-based modulation classification methods have been proposed. We have evaluated the robustness of 9 ML-based modulation classifiers against the powerful Carlini & Wagner (C-W) attack and showed that the current ML-based modulation classifiers do not provide any deterrence against adversarial ML examples. To the best of our knowledge, we are the first to report the results of the application of the C-W attack for creating adversarial examples against various ML models for modulation classification.

Today, there are several applications which allow us to share images over the internet. All these images must be stored in a secure manner and should be accessible only to the intended recipients. Hence it is of utmost importance to develop efficient and fast algorithms for encryption of images. This paper uses chaotic generators to generate random sequences which can be used as keys for image encryption. These sequences are seemingly random and have statistical properties. This makes them resistant to analysis and correlation attacks. However, these sequences have fixed cycle lengths. This restricts the number of sequences that can be used as keys. This paper utilises neural networks as a source of perturbation in a chaotic generator and uses its output to encrypt an image. The robustness of the encryption algorithm can be verified using NPCR, UACI, correlation coefficient analysis and information entropy analysis.

In the wake of diversity of service requirements and increasing push for extreme efficiency, adaptability propelled by machine learning (ML) a.k.a self organizing networks (SON) is emerging as an inevitable design feature for future mobile 5G networks. The implementation of SON with ML as a foundation requires significant amounts of real labeled sample data for the networks to train on, with high correlation between the amount of sample data and the effectiveness of the SON algorithm. As generally real labeled data is scarce therefore it can become bottleneck for ML empowered SON for unleashing their true potential. In this work, we propose a method of expanding these sample data sets using Generative Adversarial Networks (GANs), which are based on two interconnected deep artificial neural networks. This method is an alternative to taking more data to expand the sample set, preferred in cases where taking more data is not simple, feasible, or efficient. We demonstrate how the method can generate large amounts of realistic synthetic data, utilizing the GAN's ability of generation and discrimination, able to be easily added to the sample set. This method is, as an example, implemented with Call Data Records (CDRs) containing the start hour of a call and the duration of the call, in minutes taken from a real mobile operator. Results show that the method can be used with a relatively small sample set and little information about the statistics of the true CDRs and still make accurate synthetic ones.

The methods are based on injecting unpredictability into means and objects of protection are called stochastic methods of information security. The effective protection can be done only by using stochastic methods against an active opponent. The effectiveness of stochastic protection methods is defined by the quality of the used pseudo-random number generators and hash functions. The proposed hashing algorithm DOZENHASH is based on the using of 3D stochastic transformations of DOZEN family. The principal feature of the algorithm is that all input and output data blocks as well as intermediate results of calculations are represented as three-dimensional array of bytes with 4 bytes in each dimension. Thus, the resulting transformation has a high degree of parallelism at the level of elementary operations, in other words, it is focused on the implementation using heterogeneous supercomputer technologies.

Techniques applied in response to detrimental digital incidents vary in many respects according to their attributes. Models of techniques exist in current research but are typically restricted to some subset with regards to the discipline of the incident. An enormous collection of techniques is actually available for use. There is no single model representing all these techniques. There is no current categorisation of digital forensics reactive techniques that classify techniques according to the attribute of function and nor is there an attempt to classify techniques in a means that goes beyond a subset. In this paper, an ontology that depicts digital forensic reactive techniques classified by function is presented. The ontology itself contains additional information for each technique useful for merging into a cognate system where the relationship between techniques and other facets of the digital investigative process can be defined. A number of existing techniques were collected and described according to their function - a verb. The function then guided the placement and classification of the techniques in the ontology according to the ontology development process. The ontology contributes to a knowledge base for digital forensics - essentially useful as a resource for the various people operating in the field of digital forensics. The benefit of this that the information can be queried, assumptions can be made explicit, and there is a one-stop-shop for digital forensics reactive techniques with their place in the investigation detailed.

In this work we introduce a novel QKD protocol capable of smoothly transitioning, via a user-tuneable parameter, from classical to semi-quantum in order to help understand the effect of quantum communication resources on secure key distribution. We perform an information theoretic security analysis of this protocol to determine what level of "quantumness" is sufficient to achieve security, and we discover some rather interesting properties of this protocol along the way.

This paper proposes an FPGA-based nearest neighbor search engine for high-dimensional data, in which nearest neighbor search is performed based on distance-based hashing. The proposed hardware search engine implements a nearest neighbor search algorithm based on an extension of flexible distance-based hashing (FDH, for short), which finds an exact solution with high probability. The proposed engine is a parallel processing and pipelined circuit so that search results can be obtained in a short execution time. Experimental results show the effectiveness and efficiency of the proposed engine.

The paper reviews a project on the automation of term system construction. TSBuilder (Term System Builder) was developed in 2014 as a multilayer Rosenblatt's perceptron for supervised machine learning, namely 1-3 word terms identification in natural language texts and their rigid categorization. The program is being modified to reduce the rigidity of categorization which will bring text mining more in line with human thinking.We are expanding the range of parameters (semantical, morphological, and syntactical) for categorization, removing the restriction of the term length of three words, using convolution on a continuous sequence of terms, and present the probabilities of a term falling into different categories. The neural network will not assign a single category to a term but give N answers (where N is the number of predefined classes), each of which O ∈ [0, 1] is the probability of the term to belong to a given class.

Whenever we talk about big data, the concern is always about the security of the data. In recent days the most heard about technology is the Natural Language Processing. This new and trending technology helps in solving the ever ending security problems which are not completely solved using big data. Starting with the big data security issues, this paper deals with addressing the topics related to cyber security and information security using the Natural Language Processing technology. Including the well-known cyber-attacks such as phishing identification and spam detection, this paper also addresses issues on information assurance and security such as detection of Advanced Persistent Threat (APT) in DNS and vulnerability analysis. The goal of this paper is to provide the overview of how natural language processing can be used to address cyber security issues.

Mutriku wave farm is the first commercial plant all around the world. Since July 2011 it has been continuously selling electricity to the grid. It operates with the OWC technology and has 14 operating Wells-type turbines. In the plant there is a SCADA data recording system that collects the most important parameters of the turbines; among them, the pressure in the inlet chamber, the position of the security valve (from fully open to fully closed) and the generated power in the last 5 minutes. There is also an electricity meter which provides information about the amount of electric energy sold to the grid. The 2014 winter (January, February and March), and especially the first fortnight of February, was a stormy winter with rough sea state conditions. This was reflected both in the performance of the turbines (high pressure values, up to 9234.2 Pa; low opening degrees of the security valve, down to 49.4°; and high power generation of about 7681.6 W, all these data being average values) and in the calculated capacity factor (CF = 0.265 in winter and CF = 0.294 in February 2014). This capacity factor is a good tool for the comparison of different WEC technologies or different locations and shows an important seasonal behavior.

We consider the possibility of detecting malicious behaviors of the advanced persistent threat (APT) at endpoints during incident response or forensics investigations. Specifically, we study the case where third-party sensors are not available; our observables are obtained solely from inherent digital artifacts of Windows operating systems. What is of particular interest is an artifact called the Application Compatibility Cache (Shimcache). As it is not apparent from the Shimcache when a file has been executed, we propose an algorithm of estimating the time of file execution up to an interval. We also show guarantees of the proposed algorithm's performance and various possible extensions that can improve the estimation. Finally, combining this approach with methods of machine learning, as well as information from other digital artifacts, we design a prototype system called XTEC and demonstrate that it can help hunt for the APT in a real-world case study.

Internet of Things (IoT) is a key emerging technology which aims to connect objects over the internet. Software Defined Networking (SDN) is another new intelligent technology within networking domain which increases the network performance and provides better security, reliability, and privacy using dynamic software programs. In this paper, we have proposed a distributed secure Black SDN-IoT architecture with NFV implementation for smart cities. We have incorporated Black SDN that is highly secured SDN which gives better result in network performances, security, and privacy and secures both metadata and payload within each layer. This architecture also tried to introduce an approach which is more effective for building a cluster by means of Black SDN. Black SDN-loT with NFV concept brings benefits to the related fields in terms of energy savings and load balancing. Moreover, Multiple distributed controller have proposed to improve availability, integrity, privacy, confidentiality and etc. In the proposed architecture, the Black network provides higher security of each network layer comparative to the conventional network. Finally, this paper has discussed the architectural design of distributed secure Black SDN-IoT with NFV for smart cities and research challenges.

Currently, video surveillance systems play an important role in ensuring the safety of citizens, their property, etc., which greatly contributes to the reduction of crime. Due to the high intrinsic value and/or high efficiency of their use for the prevention and detection of crimes, they themselves often become the objects of illegal actions (theft, damage). The main purpose of video surveillance systems is to provide continuous visual monitoring of the situation at a particular facility or territory, as well as event registration. The breakdown of the camera is detected by the loss of signal in the control center. However, the absence of a signal for reasons other than these can also be caused by an accident on the power line, a communication channel break, software or hardware breakdown of the camera itself. In this regard, there is a problem of determining the exact cause of the lack of signal and, consequently, the need for a rapid response to it. The paper proposes an approach of video surveillance arrangement according to their main functional purpose, as well as their ability to monitor each other. Based on this approach, a mathematical model of the choice of locations and conditions of location of video surveillance equipment from a set of potentially acceptable as a problem of nonlinear Boolean programming is developed. This model maximizes the functionality of the video surveillance system, taking into account the importance of areas and objects of surveillance with restrictions on the number of video surveillance of each type, the nature of the terrain and existing buildings. An algorithm for solving this problem is proposed.

Software-Defined Networking (SDN) introduces a centralized network control and management by separating the data plane from the control plane which facilitates traffic flow monitoring, security analysis and policy formulation. However, it is challenging to choose a proper degree of traffic flow handling granularity while proactively protecting forwarding devices from getting overloaded. In this paper, we propose a novel traffic flow matching control framework called Q-DATA that applies reinforcement learning in order to enhance the traffic flow monitoring performance in SDN based networks and prevent traffic forwarding performance degradation. We first describe and analyse an SDN-based traffic flow matching control system that applies a reinforcement learning approach based on Q-learning algorithm in order to maximize the traffic flow granularity. It also considers the forwarding performance status of the SDN switches derived from a Support Vector Machine based algorithm. Next, we outline the Q-DATA framework that incorporates the optimal traffic flow matching policy derived from the traffic flow matching control system to efficiently provide the most detailed traffic flow information that other mechanisms require. Our novel approach is realized as a REST SDN application and evaluated in an SDN environment. Through comprehensive experiments, the results show that-compared to the default behavior of common SDN controllers and to our previous DATA mechanism-the new Q-DATA framework yields a remarkable improvement in terms of traffic forwarding performance degradation protection of SDN switches while still providing the most detailed traffic flow information on demand.