Biblio

Cloud storage, in general, is a collection of Computer Technology resources provided to consumers over the internet on a leased basis. Cloud storage has several advantages, including simplicity, reliability, scalability, convergence, and cost savings. One of the most significant impediments to cloud computing's growth is security. This paper proposes a security approach based on cloud security. Cloud security now plays a critical part in everyone's life. Due to security concerns, data is shared between cloud service providers and other users. In order to protect the data from unwanted access, the Security Service Algorithm (SSA), which is called as MONcrypt is used to secure the information. This methodology is established on the obfuscation of data techniques. The MONcrypt SSA is a Security as a Service (SaaS) product. When compared to current obfuscation strategies, the proposed methodology offers a better efficiency and smart protection. In contrast to the current method, MONcrypt eliminates the different dimensions of information that are uploaded to cloud storage. The proposed approach not only preserves the data's secrecy but also decreases the size of the plaintext. The exi sting method does not reduce the size of data until it has been obfuscated. The findings show that the recommended MONcrypt offers optimal protection for the data stored in the cloud within the shortest amount of time. The proposed protocol ensures the confidentiality of the information while reducing the plaintext size. Current techniques should not reduce the size of evidence once it has been muddled. Based on the findings, it is clear that the proposed MONcrypt provides the highest level of protection in the shortest amount of time for rethought data.

Sharding is considered to be the most promising solution to overcome and to improve the scalability limitations of blockchain networks. By doing this, the transaction throughput increases, at the same time compromises the security of blockchain networks. In this paper, a probability distribution model is proposed to analyze this trade-off between scalability and security of sharding-based blockchain networks. For this purpose hypergeometric distribution and Chebyshev's Inequality are mainly used. The upper bounds of hypergeometric distributed transaction processing and failure probabilities for shards are mainly evaluated. The model validation is accomplished with Class A (Omniledger, Elastico, Harmony, and Zilliqa), and Class B (RapidChain) sharding protocols. This validation shows that Class B protocols have a better performance compared to Class A protocols. The proposed model observes the transaction processing and failure probabilities are increased when shard size is reduced or the number of shards increased in sharding-based blockchain networks. This trade-off between the scalability and the security decides on the shard size of the blockchain network based on the real-world application and the blockchain platform. This explains the scalability trilemma in blockchain networks claiming that decentralization, scalability, and security cannot be met at primary grounds. In conclusion, this paper presents a comprehensive analysis providing essential directions to develop sharding protocols in the future to enhance the performance and the best-cost benefit of sharing-based blockchains by improving the scalability and the security at the same time.

Cyber-attacks toward cyber-physical systems are one of the main concerns of smart grid's operators. However, many of these cyber-attacks, are toward unmanned substations where the cyber-attackers needs to be close enough to substation to malfunction protection and control systems in substations, using Electromagnetic signals. Therefore, in this paper, a new threat detection algorithm is proposed to prevent possible cyber-attacks toward unmanned substations. Using surveillance camera's streams and based on You Only Look Once (YOLO) V3, suspicious objects in the image are detected. Then, using Intersection over Union (IOU) and Generalized Intersection Over Union (GIOU), threat distance is estimated. Finally, the estimated threats are categorized into three categories using color codes red, orange and green. The deep network used for detection consists of 106 convolutional layers and three output prediction with different resolutions for different distances. The pre-trained network is transferred from Darknet-53 weights trained on 80 classes.

New services and products are increasingly becoming integral parts of our daily lives rising our technological dependence, as well as our exposure to risks from cyber. Critical sectors such as transport are progressively depending on digital technologies to run their core operations and develop novel solutions to exploit the economic strengths of the European Union. However, despite the fact that the continuously increasing number of visitors, entering the European Union through land-border crossing points or seaports, brings tremendous economic benefits, novel border control solutions, such as mobile devices for passenger identification for land and sea border control, are essential to accurately identify passengers ``on the fly'' while ensuring their comfort. However, the highly confidential personal data managed by these devices makes them an attractive target for cyberattacks. Therefore, novel secure and usable user authentication mechanisms are required to increase the level of security of this kind of devices without interrupting border control activities. Towards this direction, we, firstly, discuss risk-based and adaptive authentication for mobile devices as a suitable approach to deal with the security vs. usability challenge. Besides that, a novel risk-based adaptive user authentication mechanism is proposed for mobile passenger identification devices used by border control officers at land and sea borders.

Companies like Netflix increasingly use the cloud to deploy their business processes. Those processes often involve partnerships with other companies, and can be modeled as workflows where the owner of the data at risk interacts with contractors to realize a sequence of tasks on the data to be secured.In practice, access control is an essential building block to deploy these secured workflows. This component is generally managed by administrators using high-level policies meant to represent the requirements and restrictions put on the workflow. Handling access control with a high-level scheme comes with the benefit of separating the problem of specification, i.e. defining the desired behavior of the system, from the problem of implementation, i.e. enforcing this desired behavior. However, translating such high-level policies into a deployed implementation can be error-prone.Even though semi-automatic and automatic tools have been proposed to assist this translation, policy verification remains highly challenging in practice. In this paper, our aim is to define and propose structures assisting the checking and correction of potential errors introduced on the ground due to a faulty translation or corrupted deployments. In particular, we investigate structures with formal foundations able to naturally model policies. Metagraphs, a generalized graph theoretic structure, fulfill those requirements: their usage enables to compare high-level policies to their implementation. In practice, we consider Rego, a language used by companies like Netflix and Plex for their release process, as a valuable representative of most common policy languages. We propose a suite of tools transforming and checking policies as metagraphs, and use them in a global framework to show how policy verification can be achieved with such structures. Finally, we evaluate the performance of our verification method.

Protection of an organization's assets and information technology infrastructure is always crucial to any business. Securing and protecting businesses from cybersecurity threats became very challenging during the Covid-19 Pandemic. Organizations suddenly shifted towards remote work to maintain continuity and protecting against new cyber threats became a big concern for most business owners. This research looks into the following areas (i) outlining the shift from In-person to online work risks (ii) determine the cyber-attack type based on the list of 10 most prominent cybersecurity threats during the Covid-19 Pandemic (iii) and design a security policy to securing business continuity.

In August 2020, Intel asked the research community for feedback on the newly offered architecture extensions, called Intel Trust Domain Extensions (TDX), which give more control to Trust Domains (TDs) over processor resources. One of the key features of these extensions is the remote attestation mechanism, which provides a unified report verification mechanism for TDX and its predecessor Software Guard Extensions (SGX). Based on our experience and intuition, we respond to the request for feedback by formally specifying the attestation mechanism in the TDX using ProVerif's specification language. Although the TDX technology seems very promising, the process of formal specification reveals a number of subtle discrepancies in Intel's specifications that could potentially lead to design and implementation flaws. After resolving these discrepancies, we also present fully automated proofs that our specification of TD attestation preserves the confidentiality of the secret and authentication of the report by considering the state-of-the-art Dolev-Yao adversary in the symbolic model using ProVerif. We have submitted the draft to Intel, and Intel is in the process of making the changes.

Deep learning (DL) is an emerging technology that is being used in many areas due to its effectiveness. One of its major applications is attack detection and prevention of backdoor attacks. Sampling-based measurement approaches in the software-defined network of an Internet of Things (IoT) network often result in low accuracy, high overhead, higher memory consumption, and low attack detection. This study aims to review and analyse papers on DL-based network prediction techniques against the problem of Distributed Denial of service attack (DDoS) in a secure software network. Techniques and approaches have been studied, that can effectively predict network traffic and detect DDoS attacks. Based on this review, major components are identified in each work from which an overall system architecture is suggested showing the basic processes needed. Major findings are that the DL is effective against DDoS attacks more than other state of the art approaches.

DDoS attacks have grown in popularity as a tactic for potential hackers, cyber blackmailers, and cyberpunks. These attacks have the potential to put a person unconscious in a matter of seconds, resulting in severe economic losses. Despite the vast range of conventional mitigation techniques available today, DDoS assaults are still happening to grow in frequency, volume, and intensity. A new network paradigm is necessary to meet the requirements of today's tough security issues. We examine the available detection and mitigation of DDoS attacks techniques in depth. We classify solutions based on detection of DDoS attacks methodologies and define the prerequisites for a feasible solution. We present a novel methodology named D3 for detecting and mitigating DDoS attacks using cuckoo filter.

Distributed Denial of service attack(DDoS)is a network security attack and now the attackers intruded into almost every technology such as cloud computing, IoT, and edge computing to make themselves stronger. As per the behaviour of DDoS, all the available resources like memory, cpu or may be the entire network are consumed by the attacker in order to shutdown the victim`s machine or server. Though, the plenty of defensive mechanism are proposed, but they are not efficient as the attackers get themselves trained by the newly available automated attacking tools. Therefore, we proposed a classification based machine learning approach for detection of DDoS attack in cloud computing. With the help of three classification machine learning algorithms K Nearest Neighbor, Random Forest and Naive Bayes, the mechanism can detect a DDoS attack with the accuracy of 99.76%.

Distributed Denial of Service Attacks (DDoS) are most widely used cyber-attacks. Thus, design of DDoS detection mechanisms has attracted attention of researchers. Design of these mechanisms involves building statistical and machine learning models. Most of the work in design of mechanisms is focussed on improving the accuracy of the model. However, due to large volume of network traffic, scalability and performance of these techniques is an important research issue. In this work, we use Apache Spark framework for detection of DDoS attacks. We use NSL-KDD Cup as a benchmark dataset for experimental analysis. The results reveal that random forest performs better than decision trees and distributed processing improves the performance in terms of pre-processing and training time.

Distributed Denial of Service (DDoS) attacks are widely used by malicious actors to disrupt network infrastructures/services. A common attack is TCP SYN Flood that attempts to exhaust memory and processing resources. Typical mitigation mechanisms, i.e. SYN cookies require significant processing resources and generate large rates of backscatter traffic to block them. In this paper, we propose a detection and mitigation schema that focuses on generating and optimizing signature-based rules. To that end, network traffic is monitored and appropriate packet-level data are processed to form signatures i.e. unique combinations of packet field values. These are fed to machine learning models that classify them to malicious/benign. Malicious signatures corresponding to specific destinations identify potential victims. TCP traffic to victims is redirected to high-performance programmable XDPenabled firewalls that filter off ending traffic according to signatures classified as malicious. To enhance mitigation performance malicious signatures are subjected to a reduction process, formulated as a multi-objective optimization problem. Minimization objectives are (i) the number of malicious signatures and (ii) collateral damage on benign traffic. We evaluate our approach in terms of detection accuracy and packet filtering performance employing traces from production environments and high rate generated attack traffic. We showcase that our approach achieves high detection accuracy, significantly reduces the number of filtering rules and outperforms the SYN cookies mechanism in high-speed traffic scenarios.

Software Defined Networking (SDN) is a networking paradigm that has been very popular due to its advantages over traditional networks with regard to scalability, flexibility, and its ability to solve many security issues. Nevertheless, SDN networks are exposed to new security threats and attacks, especially Distributed Denial of Service (DDoS) attacks. For this aim, we have proposed a model able to detect and mitigate attacks automatically in SDN networks using Machine Learning (ML). Different than other approaches found in literature which use the native flow features only for attack detection, our model extends the native features. The extended flow features are the average flow packet size, the number of flows to the same host as the current flow in the last 5 seconds, and the number of flows to the same host and port as the current flow in the last 5 seconds. Six ML algorithms were evaluated, namely Logistic Regression (LR), Naive Bayes (NB), K-Nearest Neighbor (KNN), Support Vector Machine (SVM), Decision Tree (DT), and Random Forest (RF). The experiments showed that RF is the best performing ML algorithm. Also, results showed that our model is able to detect attacks accurately and quickly, with a low probability of dropping normal traffic.

Over the last few years, the deployment of Internet of Things (IoT) is attaining much more concern on smart computing devices. With the exponential growth of small devices and at the same time cheap prices of these sensing devices, there raises an important question for the security of the stored information as these devices generate a large amount of private data for observing and controlling purposes. Distributed Denial of Service (DDoS) attacks are current examples of major security threats to IoT devices. As yet, no standard protocol can fully ensure the security of IoT devices. But adaptive decision making along with elasticity and incessant monitoring is required. These difficulties can be resolved with the assistance of Software Defined Networking (SDN) which can viably deal with the security dangers to the IoT devices in a powerful and versatile way without hampering the lightweightness of the IoT devices. Although SDN performs quite well for managing and controlling IoT devices, security is still an open concern. Nonetheless, there are a few challenges relating to the mitigation of DDoS attacks in IoT systems implemented with SDN architecture. In this paper, a brief overview of some of the popular DDoS attack mitigation techniques and their limitations are described. Also, the challenges of implementing these techniques in SDN-based architecture to IoT devices have been presented.

Technological progress has changed our world beyond recognition. However, along with the incredible benefits and conveniences we have received new dangers and risks. Mankind is increasingly becoming hostage to information technology and cyber world. Recently, cybercrime is one of the top 10 risks to sustainable development in the world. It poses serious new challenges to global security and economy. The aim of the article is to obtain an assessment of some of the financial effects of modern IT crimes based on an analysis of the main aspects of monetary costs and the hidden economic impact of cybercrime. A multifactor regression model has been proposed to determine the contribution of the cost of the main consequences of IT incidents: business disruption, information loss, revenue loss and equipment damage caused by different types of cyberattacks worldwide in 2019 to total cost of cyberattacks. Information loss has been found to have a major impact on the total cost of cyberattacks, reducing profits and incurring additional costs for businesses. It was built a canonical model for identifying the dependence of total submission to ID ransomware, total cost of cybercrime and the main indicators of economic development for the TOP-10 countries. There is a significant correlation between two sets of indicators, in particular, it is confirmed that most cyberattacks target countries - countries with a high level of development, and the consequences of IT crimes are more significant for low-income countries.

Today cyber-attacks to critical infrastructures can perform outages, economical loss, physical damage to people and the environment, among many others. In particular, the smart grid is one of the main targets. In this paper, we develop and evaluate software detectors for integrity attacks to smart meter readings. The detectors rely upon different techniques and models, such as autoregressive models, clustering, and neural networks. Our evaluation considers different “attack scenarios”, then resembling the plethora of attacks found in last years. Starting from previous works in the literature, we carry out a detailed experimentation and analysis, so to identify which “detectors” best fit for each “attack scenario”. Our results contradict some findings of previous works and also offer a light for choosing the techniques that can address best the attacks to smart meters.

Internet of Things (IoT) devices have rooted themselves in the everyday life of billions of people. Thus, researchers have applied automated bug finding techniques to improve their overall security. However, due to the difficulties in extracting and emulating custom firmware, black-box fuzzing is often the only viable analysis option. Unfortunately, this solution mostly produces invalid inputs, which are quickly discarded by the targeted IoT device and do not penetrate its code. Another proposed approach is to leverage the companion app (i.e., the mobile app typically used to control an IoT device) to generate well-structured fuzzing inputs. Unfortunately, the existing solutions produce fuzzing inputs that are constrained by app-side validation code, thus significantly limiting the range of discovered vulnerabilities.In this paper, we propose a novel approach that overcomes these limitations. Our key observation is that there exist functions inside the companion app that can be used to generate optimal (i.e., valid yet under-constrained) fuzzing inputs. Such functions, which we call fuzzing triggers, are executed before any data-transforming functions (e.g., network serialization), but after the input validation code. Consequently, they generate inputs that are not constrained by app-side sanitization code, and, at the same time, are not discarded by the analyzed IoT device due to their invalid format. We design and develop Diane, a tool that combines static and dynamic analysis to find fuzzing triggers in Android companion apps, and then uses them to fuzz IoT devices automatically. We use Diane to analyze 11 popular IoT devices, and identify 11 bugs, 9 of which are zero days. Our results also show that without using fuzzing triggers, it is not possible to generate bug-triggering inputs for many devices.

Redaction of personal, confidential and sensitive information from documents is becoming increasingly important for individuals and organizations. In past years, there have been many well-publicized cases of data leaks from various popular companies. When the data contains sensitive information, these leaks pose a serious threat. To protect and conceal sensitive information, many companies have policies and laws about processing and sanitizing sensitive information in business documents.The traditional approach of manually finding and matching millions of words and then redacting is slow and error-prone. This paper examines different models to automate the identification and redaction of personal and sensitive information contained within the documents using named entity recognition. Sensitive entities example person’s name, bank account details or Aadhaar numbers targeted for redaction, are recognized based on the file’s content, providing users with an interactive approach to redact the documents by changing selected sensitive terms.

The recent technological advances and changes in the daily human activities increased the production and sharing of data. In the ecosystem of interconnected systems, data can be circulated among systems for various reasons. This could lead to exchange of private or sensitive information between entities. Data Sanitisation involves processes and practices that remove sensitive and private information from documents before sharing them with entities that should not have access to this information. This paper presents the design and development of a data sanitisation and redaction solution for a Cyber Threat Intelligence sharing platform. The Data Sanitisation and Redaction Plugin has been designed with the purpose of operating as a plugin for the ECHO Project’s Early Warning System platform and enhancing its operative capabilities during information sharing. This plugin aims to provide automated security and privacy-based controls to the concept of CTI sharing over a ticketing system. The plugin has been successfully tested and the results are presented in this paper.

The continuous increase in sophistication of threat actors over the years has made the use of actionable threat intelligence a critical part of the defence against them. Such Cyber Threat Intelligence is published daily on several online sources, including vulnerability databases, CERT feeds, and social media, as well as on forums and web pages from the Surface and the Dark Web. Named Entity Recognition (NER) techniques can be used to extract the aforementioned information in an actionable form from such sources. In this paper we investigate how the latest advances in the NER domain, and in particular transformer-based models, can facilitate this process. To this end, the dataset for NER in Threat Intelligence (DNRTI) containing more than 300 pieces of threat intelligence reports from open source threat intelligence websites is used. Our experimental results demonstrate that transformer-based techniques are very effective in extracting cybersecurity-related named entities, by considerably outperforming the previous state- of-the-art approaches tested with DNRTI.

Network traffic detection is closely related to network security, and it is also a hot research topic now. With the development of encryption technology, traffic detection has become more and more difficult, and many crimes have occurred on the dark web, so how to detect dark web traffic is the subject of this study. In this paper, we proposed a dark web traffic(Tor traffic) detection scheme based on deep learning and conducted experiments on public data sets. By analyzing the results of the experiment, our detection precision rate reached 95.47%.

The Industrial Internet of Things (IIoT) also referred as Cyber Physical Systems (CPS) as critical elements, expected to play a key role in Industry 4.0 and always been vulnerable to cyber-attacks and vulnerabilities. Terrorists use cyber vulnerability as weapons for mass destruction. The dark web's strong transparency and hard-to-track systems offer a safe haven for criminal activity. On the dark web (DW), there is a wide variety of illicit material that is posted regularly. For supervised training, large-scale web pages are used in traditional DW categorization. However, new study is being hampered by the impossibility of gathering sufficiently illicit DW material and the time spent manually tagging web pages. We suggest a system for accurately classifying criminal activity on the DW in this article. Rather than depending on the vast DW training package, we used authorized regulatory to various types of illicit activity for training Machine Learning (ML) classifiers and get appreciable categorization results. Espionage, Sabotage, Electrical power grid, Propaganda and Economic disruption are the cyber warfare motivations and We choose appropriate data from the open source links for supervised Learning and run a categorization experiment on the illicit material obtained from the actual DW. The results shows that in the experimental setting, using TF-IDF function extraction and a AdaBoost classifier, we were able to achieve an accuracy of 0.942. Our method enables the researchers and System authoritarian agency to verify if their DW corpus includes such illicit activity depending on the applicable rules of the illicit categories they are interested in, allowing them to identify and track possible illicit websites in real time. Because broad training set and expert-supplied seed keywords are not required, this categorization approach offers another option for defining illicit activities on the DW.

Cyber-Physical systems (CPSs) are exposed to cyber- physical attacks, i.e., security breaches in cyberspace that adversely affect the physical processes of the systems.We define two probabilistic metrics to estimate the physical impact of attacks targeting cyber-physical systems formalised in terms of a probabilistic hybrid extension of Hennessy and Regan's Timed Process Language. Our impact metrics estimate the impact of cyber-physical attacks taking into account: (i) the severity of the inflicted damage in a given amount of time, and (ii) the probability that these attacks are actually accomplished, according to the dynamics of the system under attack. In doing so, we pay special attention to stealthy attacks, i. e., attacks that cannot be detected by intrusion detection systems. As further contribution, we show that, under precise conditions, our metrics allow us to estimate the impact of attacks targeting a complex CPS in a compositional way, i.e., in terms of the impact on its sub-systems.

During this period of high-speed internet, there are a number of serious challenges for software security protection of software design, especially throughout the life cycle of the process of software design, in which there are various risks involving information interaction. Significant information leakage can result from a lack of technical support and software security protection. One major problem with regard to creating software that includes security is the way that secure software is defined and the methods that are used for the measurement of security. The point of this research work is on the software engineers' perspective regarding security in the stage of software design. The tools for the measurement of the metrics are employed for the evaluation of the software's security. In this case study, a metric category of design are used, which are assumed to provide quantitative data about the software's security.

Internet of Things (IoT) devices are ubiquitous, with web cameras, smart refrigerators, and digital assistants appearing in homes, offices, and public spaces. However, these devices are lacking in security measures due to their low time to market and insufficient funding for security research and development. In order to improve the security of IoTs, we have defined novel security metrics based on generic IoT characteristics. Furthermore, we have developed automation for experimentation with IoT devices that results to repeatable and reproducible calculations of security metrics within a realistic IoT testbed. Our results demonstrate that repeatable IoT security measurements are feasible with automation. They prove quantitatively intuitive hypotheses. For example, an large number of inbound / outbound network connections contributes to higher probability of compromise or measuring password strength leads to a robust estimation of IoT security.