Biblio

The current supply of a highly specialized cyber security professionals cannot meet the demands for societies seeking digitization. To close the skill gap, there is a need for introducing students in higher education to cyber security, and to combine theoretical knowledge with practical skills. This paper presents how the cyber security training platform Haaukins, initially developed to increase interest and knowledge of cyber security among high school students, was further developed to support the need for training in higher education. Based on the differences between the existing and new target audiences, a set of design principles were derived which shaped the technical adjustments required to provide a suitable platform - mainly related to dynamic tooling, centralized access to exercises, and scalability of the platform to support courses running over longer periods of time. The implementation of these adjustments has led to a series of teaching sessions in various institutions of higher education, demonstrating the viability for Haaukins for the new target audience.

Modbus is a popular industrial communication protocol supported by most automation devices. Despite its popularity, it is not a secure protocol because when it was developed, security was not a concern due to closed environments of industrial control systems. With the convergence of information technology and operational technology in recent years, the security of industrial control systems has become a serious concern. Due to the high availability requirements, it is not practical or feasible to do security experimentation of production systems. We present an implementation of cyber-physical systems with Modbus/TCP communication for real-time security testing. The proposed architecture consists of a process simulator, an IEC 61131-3 compliant programmable logic controller, and a human-machine interface, all communicating via Modbus/TCP protocol. We use Simulink as the process simulator. It does not have built-in support for the Modbus protocol. A contribution of the proposed work is to extend the functionality of Simulink with a custom block to enable Modbus communication. We use two case studies to demonstrate the utility of the cyber-physical system architecture. We can model complex industrial processes with this architecture, can launch cyber-attacks, and develop protection mechanisms.

Nowadays, cyber physical systems are playing an important role in human life in which they provide features that make interactions between human and machine easier. To design and analysis such systems, the main problem is their complexity. In this paper, we propose a description language for cyber physical systems based on stochastic processes. The proposed language is called SPDL (Stochastic Description Process Language). For designing SPDL, two main parts are considered for Cyber Physical Systems (CSP): embedded systems and physical environment. Then these parts are defined as stochastic processes and CPS is defined as a tuple. Syntax and semantics of SPDL are stated based on the proposed definition. Also, the semantics are defined as by set theory. For implementation of SPDL, dependencies between words of a requirements are extracted as a tree data structure. Based on the dependencies, SPDL is used for describing the CPS. Also, a lexical analyzer and a parser based on a defined BNF grammar for SPDL is designed and implemented. Finally, SPDL of CPS is transformed to NuSMV which is a symbolic model checker. The Experimental results show that SPDL is capable of describing cyber physical systems by natural language.

This paper presents conceptual modelling of the criticality of critical infrastructure (CI) nth order dependency effect using neural networks. Incidentally, critical infrastructures are usually not stand-alone, they are mostly interconnected in some way thereby creating a complex network of infrastructures that depend on each other. The relationships between these infrastructures can be either unidirectional or bidirectional with possible cascading or escalating effect. Moreover, the dependency relationships can take an nth order, meaning that a failure or disruption in one infrastructure can cascade to nth interconnected infrastructure. The nth-order dependency and criticality problems depict a sequential characteristic, which can result in chronological cyber effects. Consequently, quantifying the criticality of infrastructure demands that the impact of its failure or disruption on other interconnected infrastructures be measured effectively. To understand the complex relational behaviour of nth order relationships between infrastructures, we model the behaviour of nth order dependency using Neural Network (NN) to analyse the degree of dependency and criticality of the dependent infrastructure. The outcome, which is to quantify the Criticality Index Factor (CIF) of a particular infrastructure as a measure of its risk factor can facilitate a collective response in the event of failure or disruption. Using our novel NN approach, a comparative view of CIFs of infrastructures or organisations can provide an efficient mechanism for Critical Information Infrastructure Protection and resilience (CIIPR) in a more coordinated and harmonised way nationally. Our model demonstrates the capability to measure and establish the degree of dependency (or interdependency) and criticality of CIs as a criterion for a proactive CIIPR.

Cyber ranges are valuable assets but have limitations in simulating complex realities and multi-sector dependencies; to address this, federated cyber ranges are emerging. This work presents the ECHO Federated Cyber Range, a marketplace for cyber range services, that establishes a mechanism by which independent cyber range capabilities can be interconnected and accessed via a convenient portal. This allows for more complex and complete emulations, spanning potentially multiple sectors and complex exercises. Moreover, it supports a semi-automated approach for processing and deploying service requests to assist customers and providers interfacing with the marketplace. Its features and architecture are described in detail, along with the design, validation and deployment of a training scenario.

The popularity of cryptocurrencies has garnered interest from cybercriminals, spurring an onslaught of cryptojacking campaigns that aim to hijack computational resources for the purpose of mining cryptocurrencies. In this paper, we present a cross-stack cryptojacking defense system that spans the hardware and OS layers. Unlike prior work that is confined to detecting cryptojacking behavior within web browsers, our solution is application agnostic. We show that tracking instructions that are frequently used in cryptographic hash functions serve as reliable signatures for fingerprinting cryptojacking activity. We demonstrate that our solution is resilient to multi-threaded and throttling evasion techniques that are commonly employed by cryptojacking malware. We characterize the robustness of our solution by extensively testing a diverse set of workloads that include real consumer applications. Finally, an evaluation of our proof-of-concept implementation shows minimal performance impact while running a mix of benchmark applications.

Automated analysis of facial expressions is one of the most interesting and challenging problems in many areas such as human-computer interaction. Facial images are affected by many factors, such as intensity, pose and facial expressions. These factors make facial expression recognition problem a challenge. The aim of this paper is to propose a new method based on the pyramid local binary pattern (PLBP) and the pyramid local phase quantization (PLPQ), which are the extension of the local binary pattern (LBP) and the local phase quantization (LPQ) as two methods for extracting texture features. LBP operator is used to extract LBP feature in the spatial domain and LPQ operator is used to extract LPQ feature in the frequency domain. The combination of features in spatial and frequency domains can provide important information in both domains. In this paper, PLBP and PLPQ operators are separately used to extract features. Then, these features are combined to create a new feature vector. The advantage of pyramid transform domain is that it can recognize facial expressions efficiently and with high accuracy even for very low-resolution facial images. The proposed method is verified on the CK+ facial expression database. The proposed method achieves the recognition rate of 99.85% on CK+ database.

Facial emotion recognition (FER) is useful in many different applications and could offer significant benefit as part of feedback systems to train children with Autism Spectrum Disorder (ASD) who struggle to recognize facial expressions and emotions. This project explores the potential of real time FER based on the use of local regions of interest combined with a machine learning approach. Histogram of Oriented Gradients (HOG) was implemented for feature extraction, along with 3 different classifiers, 2 based on k-Nearest Neighbor and 1 using Support Vector Machine (SVM) classification. Model performance was compared using accuracy of randomly selected validation sets after training on random training sets of the Oulu-CASIA database. Image classes were distributed evenly, and accuracies of up to 98.44% were observed with small variation depending on data distributions. The region selection methodology provided a compromise between accuracy and number of extracted features, and validated the hypothesis a focus on smaller informative regions performs just as well as the entire image.

State estimation algorithm ensures an effective realtime monitoring of the modern smart grid leading to an accurate determination of the current operating states. Recently, a new genre of data integrity attacks namely false data injection attack (FDIA) has shown its deleterious effects by bypassing the traditional bad data detection technique. Modern grid operators must detect the presence of such attacks in the raw field measurements to guarantee a safe and reliable operation of the grid. State forecasting based FDIA identification schemes have recently shown its efficacy by determining the deviation of the estimated states due to an attack. This work emphasizes on a scalable deep learning state forecasting model which can accurately determine the presence of FDIA in real-time. An optimal set of hyper-parameters of the proposed architecture leads to an effective forecasting of the operating states with minimal error. A diligent comparison between other state of the art forecasting strategies have promoted the effectiveness of the proposed neural network. A comprehensive analysis on the IEEE 14 bus test bench effectively promotes the proposed real-time attack identification strategy.

Real time data analysis in the context of e.g. realtime monitoring or computational steering is an important tool in many fields of science, allowing scientists to make the best use of limited resources such as sensors and HPC platforms. These tools typically rely on large amounts of continuously collected data that needs to be processed in near-real time to avoid wasting compute, storage, and networking resources. Streaming pipelines are a natural fit for this use case but are inconvenient to use on high-performance computing (HPC) systems because of the diverging system software environment with big data, increasing both the cost and the complexity of the solution. In this paper we propose Neon, a clean-slate design of a streaming data processing framework for HPC systems that enables users to create arbitrarily large streaming pipelines. The experimental results on the Bebop supercomputer show significant performance improvements compared with Apache Storm, with up to 2x increased throughput and reduced latency.

Deep reinforcement learning has recently been adopted for robot behavior learning, where robot skills are acquired and adapted from data generated by the robot while interacting with its environment through a trial-and-error process. Despite this success, most model-free deep reinforcement learning algorithms learn a task-specific policy from a clean slate and thus suffer from high sample complexity (i.e., they require a significant amount of interaction with the environment to learn reasonable policies and even more to reach convergence). They also suffer from poor initial performance due to executing a randomly initialized policy in the early stages of learning to obtain experience used to train a policy or value function. Model based deep reinforcement learning mitigates these shortcomings. However, it suffers from poor asymptotic performance in contrast to a model-free approach. In this work, we investigate knowledge transfer from a model-based teacher to a task-specific model-free learner to alleviate executing a randomly initialized policy in the early stages of learning. Our experiments show that this approach results in better asymptotic performance, enhanced initial performance, improved safety, better action effectiveness, and reduced sample complexity.

Physical layer security has a paramount importance in tactical wireless networks. Traditional approaches may not fulfill all requirements, demanding additional sophisticated techniques. Thus, Combined Interference and Communications (CIC) emerges as a strategy against message interception in Cognitive Radio Military Networks (CRMN). Since CIC adopts an interference approach under specific CRMN requirements and characteristics, it saves great energy and reduces the receiver detection factor when compared to previous proposals in the literature. However, previous CIC analyses were conducted under vaguely realistic channel models. Thus, the focus of this paper is two-fold. Firstly, we identify more realistic channel models to achieve tactical network scenario channel parameters. Additionally, we use such parameters to evaluate CIC suitability to increase CRMN physical layer security. Numerical experiments and emulations illustrate potential impairments on previous work due to the adoption of unrealistic channel models, concluding that CIC technique remains as an upper limit to increase physical layer security in CRMN.

Physical-layer security is a new paradigm that offers data protection against eavesdropping in wireless 5G networks. In this context, the Gaussian channel is a typical model that captures the practical aspects of confidentially transmitting a message through the wireless medium. In this paper, we consider the peculiar case of transmitting a message through a wireless, state-dependent channel which is prone to eavesdropping, where the state knowledge is non-causally known and shared between the sender and the eavesdropper. We show that a novel structured coding scheme, which combines random coding arguments and the dirty-paper coding technique, achieves the fundamental limit of secure and reliable communication for the considered model.

In recent years web applications that are hacked every day estimated to be 30 000, and in most cases, web developers or website owners do not even have enough knowledge about what is happening on their sites. Web hackers can use many attacks to gain entry or compromise legitimate web applications, they can also deceive people by using phishing sites to collect their sensitive and private information. In response to this, the need is raised to take proper measures to understand the risks and be aware of the vulnerabilities that may affect the website and hence the normal business flow. In the scope of this study, mitigations against the most common web application attacks are set, and the web administrator is provided with ways to detect phishing links which is a social engineering attack, the study also demonstrates the generation of web application logs that simplifies the process of analyzing the actions of abnormal users to show when behavior is out of bounds, out of scope, or against the rules. The methods of mitigation are accomplished by secure coding techniques and the methods for phishing link detection are performed by various machine learning algorithms and deep learning techniques. The developed application has been tested and evaluated against various attack scenarios, the outcomes obtained from the test process showed that the website had successfully mitigated these dangerous web application attacks, and for the detection of phishing links part, a comparison is made between different algorithms to find the best one, and the outcome of the best model gave 98% accuracy.

Deep learning (DL) is becoming popular as a new tool for many applications in wireless communication systems. However, for many classification tasks (e.g., modulation classification) it has been shown that DL-based wireless systems are susceptible to adversarial examples; adversarial examples are well-crafted malicious inputs to the neural network (NN) with the objective to cause erroneous outputs. In this paper, we extend this to regression problems and show that adversarial attacks can break DL-based power allocation in the downlink of a massive multiple-input-multiple-output (maMIMO) network. Specifically, we extend the fast gradient sign method (FGSM), momentum iterative FGSM, and projected gradient descent adversarial attacks in the context of power allocation in a maMIMO system. We benchmark the performance of these attacks and show that with a small perturbation in the input of the NN, the white-box attacks can result in infeasible solutions up to 86%. Furthermore, we investigate the performance of black-box attacks. All the evaluations conducted in this work are based on an open dataset and NN models, which are publicly available.

With current Traditional / Legacy networks, the reliance on manual intervention to solve a variety of issues be it primary operational functionalities like addressing Link-failure or other consequent complexities arising out of existing solutions for challenges like Link-flapping or facing attacks like DDoS attacks is substantial. This physical and manual approach towards network configurations to make significant changes result in very slow updates and increased probability of errors and are not sufficient to address and support the rapidly shifting workload of the networks due to the fact that networking decisions are left to the hands of physical networking devices. With the advent of Software Defined Networking (SDN) which abstracts the network functionality planes, separating it from physical hardware – and decoupling the data plane from the control plane, it is able to provide a degree of automation for the network resources and management of the services provided by the network. This paper explores some of the aspects of automation provided by SDN capabilities in a Mesh Network (provides Network Security with redundancy of communication links) which contribute towards making the network inherently intelligent and take decisions without manual intervention and thus take a step towards Intelligent Automated Networks.

Software-Defined Networking (SDN) has found applications in different domains, including wired- and wireless networks. The SDN controller has a global view of the network topology, which is vulnerable to topology poisoning attacks, e.g., link fabrication and host-location hijacking. The adversaries can leverage these attacks to monitor the flows or drop them. However, current defence systems such as TopoGuard and TopoGuard+ can detect such attacks. In this paper, we introduce the Link Latency Attack (LLA) that can successfully bypass the systems' defence mechanisms above. In LLA, the adversary can add a fake link into the network and corrupt the controller's view from the network topology. This can be accomplished by compromising the end hosts without the need to attack the SDN-enabled switches. We develop a Machine Learning-based Link Guard (MLLG) system to provide the required defence for LLA. We test the performance of our system using an emulated network on Mininet, and the obtained results show an accuracy of 98.22% in detecting the attack. Interestingly, MLLG improves 16% the accuracy of TopoGuard+.

Despite the high directivity of THz beams, THz wireless links may still suffer compromising emissions when propagate through atmospheric turbulence and suffers scattering. In this work, we investigate the eavesdropping risks of a line-of-sight (LOS) THz link `in atmospheric turbulence with an eavesdropper located close to but outside of the beam path. A theoretical model considering the turbulence induced losses, gaseous absorption and beam divergence is conducted. Theoretical estimations agree well with our measured data. The secrecy capacity and outage probability dependent on the carrier frequency, turbulence strength, eavesdropper’s position and receiver sensitivity are analyzed.

In recent years, a new type of DDoS attacks against backbone routing links have appeared. They paralyze the communication network of a large area by directly congesting the key routing links concerning the network accessibility of the area. This new type of DDoS attacks make it difficult for traditional countermeasures to take effect. This paper proposes and implements an attack detection method based on non-cooperative active measurement. Experiments show that our detection method can efficiently perceive changes of network link performance and assist in identifying such new DDoS attacks. In our testbed, the network anomaly detection accuracy can reach 93.7%.

This paper introduces a robust random number generator that based on Bernoulli discrete chaotic map. An eight bit SAR ADC is used with discrete time chaotic map to generate random bit sequences. Compared to RNGs that use the continuous time chaotic map, sensitivity to process, voltage and temperature (PVT) variations are reduced. Thanks to utilizing switch capacitor circuits to implement Bernoulli chaotic map equations, power consumption decreased significantly. Proposed design that has a throughput of 500 Kbit/second is implemented in TSMC 180 nm process technology. Generated bit sequences has successfully passed all four primary tests of FIPS-140-2 test suite and all tests of NIST 820–22 test suite without post processing. Furthermore, data rate can be increased by sacrificing power consumption. Hence, proposed architecture could be utilized in high speed cryptography applications.

Completely Automated Public Turing Tests (CAPTCHA) have been used to differentiate between computers and humans for quite some time now. There are many different varieties of CAPTCHAs - text-based, image-based, audio, video, arithmetic, etc. However, not all varieties are suitable for the visually impaired. As time goes by and Spambots and APIs grow more accurate, the CAPTCHA tests have been constantly updated to stay relevant, but that has not happened with the audio CAPTCHA. There exists an audio CAPTCHA intended for the blind/visually impaired but many blind/visually impaired find it difficult to solve. We propose an alternative to the existing system, which would make use of unique sound samples layered with music generated through GANs (Generative Adversarial Networks) along with noise and other layers of sounds to make it difficult to dissect. The user has to count the number of times the unique sound was heard in the sample and then input that number. Since there are no letters or numbers involved in the samples, speech-to-text bots/APIs cannot be used directly to decipher this system. Also, any user regardless of their native language can comfortably use this system.

CAPTCHA or Completely Automated Public Turing test to Tell Computers and Humans Apart is a technique to distinguish between humans and computers by generating and evaluating tests that can be passed by humans but not computer bots. However, captchas are not foolproof, and they can be bypassed which raises security concerns. Hence, sites over the internet remain open to such vulnerabilities. This research paper identifies the vulnerabilities found in some of the commonly used captcha schemes by cracking them using Deep Learning techniques. It also aims to provide solutions to safeguard against these vulnerabilities and provides recommendations for the generation of secure captchas.

CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) is commonly utilized as a technology for avoiding attacks to Web sites by bots. State-of-the-art CAPTCHAs vary in difficulty based on the client's behavior, allowing for efficient bot detection without sacrificing simplicity. In this research, we focus on detecting bots by supervised machine learning from access-log time series in the past. We have analysed access logs to several Web services which are using a commercial cloud-based CAPTCHA service, Capy Puzzle CAPTCHA. Experiments show that bot detection in attacks over a month can be performed with high accuracy by precursory analysis of the access log in only the first day as training data. In addition, we have manually analyzed the data that are found to be False Positive in the discrimination results, and it is found that the proposed model actually detects access by bots, which had been overlooked in the first-stage manual discrimination of flags in preparation of training data.

Lightning Network (LN) addresses the scalability problem of Bitcoin by leveraging off-chain transactions. Nevertheless, it is not possible to run LN on resource-constrained IoT devices due to its storage, memory, and processing requirements. Therefore, in this paper, we propose an efficient and secure protocol that enables an IoT device to use LN's functions through a gateway LN node. The idea is to involve the IoT device in LN operations with its digital signature by replacing original 2-of-2 multisignature channels with 3-of-3 multisignature channels. Our protocol enforces the LN gateway to request the IoT device's cryptographic signature for all operations on the channel. We evaluated the proposed protocol by implementing it on a Raspberry Pi for a toll payment scenario and demonstrated its feasibility and security.

Blockchain technology relies on a growing number of globally distributed ledgers known as blockchain. This technology was used for the creation of the cryptocurrency known as bitcoin that allows transactions to be carried out quickly and easily, without the need to use an intermediary "financial institution". The information is sent trough the protocols known as: PoW (Proof of Work) and PoS (Proof of Stake), which must guarantee confidentiality, integrity and availability of the information. The present work shows the result of a bibliographic review on the evolution of the blockchain, the PoW and PoS protocols; as well as the application of these within the framework of Ecuadorian legislation with emphasis on the evolution of risks of the PoW protocol.