Biblio

The total number of photovoltaic power producing facilities whose FIT-based ten-year contract expires by 2023 is expected to reach approximately 1.65 million in Japan. If the number of renewable electricity-producing/consuming facilities reached two million, an enormous number of transactions would be invoked beyond blockchain's scalability.We propose mutually cooperative two novel methods to simultaneously solve scalability, data size, and privacy problems in blockchain-based trading platforms for renewable energy environmental value. One is a management scheme of electricity production resources (EPRs) using an extended UTXO token. The other is a data aggregation scheme that aggregates a significant number of smart meter records with evidentiality using zero-knowledge proof (ZKP).

In this paper, we present a theoretical approach concerning the econometric modelling for the estimation of cyber-security risk, with the use of time-series analysis methods and alternatively with Machine Learning (ML) based, deep learning methodology. Also we present work performed in the framework of SAINT H2020 Project [1], concerning innovative data mining techniques, based on automated web scrapping, for the retrieving of the relevant time-series data. We conclude with a review of emerging challenges in cyber-risk assessment brought by the rapid development of adversarial AI.

In recent years, Deep Learning (DL) has been utilized for cyber-attack detection mechanisms as it offers highly accurate detection and is able to overcome the limitations of standard machine learning techniques. When applied in a Software-Defined Network (SDN) environment, a DL-based detection mechanism shows satisfying detection performance. However, in the case of adversarial attacks, the detection performance deteriorates. Therefore, in this paper, first, we outline a highly accurate flooding DDoS attack detection framework based on DL for SDN environments. Second, we investigate the performance degradation of our detection framework when being tested with two adversary traffic datasets. Finally, we evaluate three adversarial training procedures for improving the detection performance of our framework concerning adversarial attacks. It is shown that the application of one of the adversarial training procedures can avoid detection performance degradation and thus might be used in a real-time detection system based on continual learning.

The Internet of Things (IoT) has been growing rapidly in recent years. With the appearance of 5G, it is expected to become even more indispensable to people's lives. In accordance with the increase of Distributed Denial-of-Service (DDoS) attacks from IoT devices, DDoS defense has become a hot research topic. DDoS detection mechanisms executed on routers and SDN environments have been intensely studied. However, these methods have the disadvantage of requiring the cost and performance of the devices. In addition, there is no existing DDoS mitigation algorithm on the network edge that can be performed with the low-cost and low-performance equipment. Therefore, this paper proposes a light-weight DDoS mitigation scheme at the network edge using limited resources of inexpensive devices such as home gateways. The goal of the proposed scheme is to detect and mitigate flooding attacks. It utilizes unused queue resources to detect malicious flows by random shuffling of queue allocation and discard the packets of the detected flows. The performance of the proposed scheme was confirmed via theoretical analysis and computer simulation. The simulation results match the theoretical results and the proposed algorithm can efficiently detect malicious flows using limited resources.

It has been a hot research topic to detect and mitigate Distributed Denial-of-Service (DDoS) attacks due to the significant increase of serious threat of such attacks. The rapid growth of Internet of Things (IoT) has intensified this trend, e.g. the Mirai botnet and variants. To address this issue, a light-weight DDoS mitigation mechanism was presented. In the proposed scheme, flooding attacks are detected by stochastic queue allocation which can be executed with widespread and inexpensive commercial products at a network edge. However, the detection process is delayed when the number of incoming flows is large because of the randomness of queue allocation. Thus, in this paper we propose an efficient queue allocation algorithm for rapid DDoS mitigation using limited resources. The idea behind the proposed scheme is to avoid duplicate allocation by decreasing the randomness of the existing scheme. The performance of the proposed scheme was confirmed via theoretical analysis and computer simulation. As a result, it was confirmed that malicious flows are efficiently detected and discarded with the proposed algorithm.

Distributed Denial of Service (DDoS) attacks became a true threat to network infrastructure. DDoS attacks are capable of inflicting major disruption to the information communication technology infrastructure. DDoS attacks aim to paralyze networks by overloading servers, network links, and network devices with illegitimate traffic. Therefore, it is important to detect and mitigate DDoS attacks to reduce the impact of DDoS attacks. In traditional networks, the hardware and software to detect and mitigate DDoS attacks are expensive and difficult to deploy. Software-Defined Network (SDN) is a new paradigm in network architecture by separating the control plane and data plane, thereby increasing scalability, flexibility, control, and network management. Therefore, SDN can dynamically change DDoS traffic forwarding rules and improve network security. In this study, a DDoS attack detection and mitigation system was built on the SDN architecture using the random forest machine-learning algorithm. The random forest algorithm will classify normal and attack packets based on flow entries. If packets are classified as a DDoS attack, it will be mitigated by adding flow rules to the switch. Based on tests that have been done, the detection system can detect DDoS attacks with an average accuracy of 98.38% and an average detection time of 36 ms. Then the mitigation system can mitigate DDoS attacks with an average mitigation time of 1179 ms and can reduce the average number of attack packets that enter the victim host by 15672 packets and can reduce the average number of CPU usage on the controller by 44,9%.

With the rapid growth of data sharing through social media networks, determining relevant data items concerning a particular subject becomes paramount. We address the issue of establishing which images represent an event of interest through a semi-supervised learning technique. The method learns consistent and shared features related to an event (from a small set of examples) to propagate them to an unlabeled set. We investigate the behavior of five image feature representations considering low- and high-level features and their combinations. We evaluate the effectiveness of the feature embedding approach on five collected datasets from real-world events.

Thousands of people have lost their life by COVID-19 infection. Authorities have seen the calamities caused by the corona virus in China. So, when the trace of virus was found in India, the only possible way to stop the spread of the virus was to go into lockdown. In a country like India where a major part of the population depends on the daily wages, being in lockdown started affecting their life. People where tend to go out for getting the food items and other essentials, and this caused the spread of virus. Many were infected and many lost their life by this. Due to the pandemic, the whole world was affected and many people working in foreign countries lost their jobs as well. These people who came back to India caused further spread of the virus. The main reason for the spread is lack of hygiene and a proper system to monitor the symptoms. Even though our country was in lockdown for almost 6 months the number of COVID cases doesn't get diminished. It is not practical to extend the lockdown any further, and people have decided to live with the virus. But it is essential to take the necessary precautions while interacting with the society. Automated system for checking that all the COVID protocols are followed and early symptom identification before entering to a place are essential to stop the spread of the infection. This research work proposes a smart door system, which evaluates the COVID-19 risk factors and collects the data of person before entering into any place, thereby ensuring that non-infected people are only entering to the place and thus the spread of virus can be avoided.

As it is easy to ensure the confidentiality of users on the Dark Web, malware and exploit kits are sold on the market, and attack methods are discussed in forums. Some services provide IoT Botnet to perform distributed denial-of-service (DDoS as a Service: DaaS), and it is speculated that the purchase of these services is made on the Dark Web. By crawling such information and storing it in a database, threat intelligence can be obtained that cannot otherwise be obtained from information on the Surface Web. However, crawling sites on the Dark Web present technical challenges. For this paper, we implemented a crawler that can solve these challenges. We also collected information on markets and forums on the Dark Web by operating the implemented crawler. Results confirmed that the dataset collected by crawling contains threat intelligence that is useful for analyzing cyber attacks, particularly those related to IoT Botnet and DaaS. Moreover, by uncovering the relationship with security reports, we demonstrated that the use of data collected from the Dark Web can provide more extensive threat intelligence than using information collected only on the Surface Web.

The rapid rise of the Dark Web and supportive technologies has served as the backbone facilitating online illegal activity worldwide. These illegal activities supported by anonymisation technologies such as Tor has made it increasingly elusive to law enforcement agencies. Despite several successful law enforcement operations, illegal activity on the Dark Web is still growing. There are approaches to monitor, mine, and research the Dark Web, all with varying degrees of success. Given the complexity and dynamics of the services offered, we recognize the need for in depth analysis of the Dark Web with regard to its infrastructures, actors, types of abuse and their relationships. This involves the challenging task of information extraction from the very heterogeneous collection of web pages that make up the Dark Web. Most providers develop their services on top of standard frameworks such as WordPress, Simple Machine Forum, phpBB and several other frameworks to deploy their services. As a result, these service providers publish significant number of pages based on similar structural and stylistic templates. We propose an efficient, scalable, repeatable and accurate approach to cluster Dark Web pages based on those structural and stylistic features. Extracting relevant information from those clusters should make it feasible to conduct in depth Dark Web analysis. This paper presents our clustering algorithm to accelerate information extraction, and as a result improve attribution of digital traces to infrastructures or individuals in the fight against cyber crime.

Nowadays, peoples are very concerned about their data privacy. Hence, all the current security methods should be improved to stay relevant in this fast-growing technology world. Visual Cryptography (VC) is a cryptographic technique that using the image processing method. The implementation of VC can be varying and flexible to be applied to the system that requires an extra security precaution as it is one of the effective solutions in securing the data exchange between two or more parties. The main purpose of the development of V-CRYPT System is to improve the current VC technique and make it more complex in the encryption and decryption process. V-CRYPT system will let the user enter the key, then select the image that they want to encrypt, and the system will split the image into four shares: share0, share1, share2, share3. Each pixel of the image will be splatted into a smaller block of subpixels in each of the four shares and encrypted as two subpixels in each of the shares. The decryption will work only when the user selects all the shares, and the correct text key is entered. The system will superimpose all the shares and producing one perfect image. If the incorrect key is entered, the resulted image will be unidentified. The results show that V- CRYPT is a valuable alternative to existing methods where its security level is higher in terms of adding a secure key and complexity.

Internet of Things (IoT) wireless devices has the capability to interconnect small footprint devices and its key purpose is to have seamless connection without operational barriers. It is built upon a three-layer (Perception, Transportation and Application) protocol stack architecture. A multitude of security principles must be imposed at each layer for the proper and efficient working of various IoT applications. In the forthcoming years, it is anticipated that IoT devices will be omnipresent, bringing several benefits. The intrinsic security issues in conjunction with the resource constraints in IoT devices enables the proliferation of security vulnerabilities. The absence of specifically designed IoT frameworks, specifications, and interoperability issues further exacerbate the challenges in the IoT arena. This paper conducts an investigation in IoT wireless security with a focus on the major security challenges and considerations from an IoT protocol stack perspective. The vulnerabilities in the IoT protocol stack are laid out along with a gap analysis, evaluation, and the discussion on countermeasures. At the end of this work, critical issues are highlighted with the aim of pointing towards future research directions and drawing conclusions out of it.

Quantum computers have the potential to outshine classical alternatives in solving specific problems, under the assumption of mature enough hardware. A specific subset of these problems relate to military applications. In this paper we consider the state-of-the-art of quantum technologies and different applications of this technology. Additionally, four use-cases of quantum computing specific for military applications are presented. These use-cases are directly in line with the 2021 AI strategic agenda of the Netherlands Ministry of Defense.

The competency to use mobile devices for work-related tasks gives advantages to the company productiveness and expedites business processes. Thus Bring Your Own Device (BYOD) setting emerge to enable work flexibility and technological compatibility. For management, employees’ productivity is important, but they could not jeopardise the security of information and data stored in the corporate network. Securing data and network becomes more complex tasks as it deals with foreign devices, i.e., devices that do not belong to the organisation. With much research focused on pre-implementation and the technical aspects of mobile device usage, post-implementation advancement is receiving less attention. IS audit as one of the post-implementation mechanisms provides performance evaluation of existing IS assets, business operations and process implementation, thus helping management formulating the best strategies in optimising IS practices. This paper discusses the feasibility of IS audit in assessing mobile device security by exploring the risks and vulnerabilities of mobile devices for organisational IS security as well as the perception of Information system management in mobile device security. By analysing related literature, authors pointed out how the references used in the current IS audit research address the mobile device security. This work serves a significant foundation in the future development in mobile device audit.

People are dependent on Trusted Third Party (TTP) administration based Centralized systems for content sharing having a deficit of security, faith, immutability, and clearness. This work has proposed a file-sharing environment based on Blockchain by clouting the Interplanetary File System (IPFS) and Public Key Infrastructure (PKI) systems, advantages for overcoming these troubles. The smart contract is implemented to control the access privilege and the modified version of IPFS software is utilized to enforce the predefined access-control list. An application framework on a secure decentralized file sharing system is presented in combination with IPFS and PKI to secure file sharing. PKI having public and private keys is used to enable encryption and decryption of every file transaction and authentication of identities through Metamask to cryptographically recognize account ownership in the Blockchain system. A gas consumption-based result analysis is done in the private Ethereum network and it attains transparency, security managed access, and quality of data indicating better efficacy of this work.

Cloud computing is a technology that provides users with a large storage space and an enormous computing power. For privacy purpose, the sensitive data should be encrypted before being outsourced to the cloud. To search over the outsourced data, searchable encryption (SE) schemes have been proposed in the literature. An SE scheme should perform searches over encrypted data without causing any sensitive information leakage. To this end, a few security constraints were elaborated to guarantee the security of the SE schemes, namely, the keyword privacy, the trapdoor unlinkability, and the access pattern. The latter is very hard to be respected and most approaches fail to guarantee the access pattern constraint when performing a search. This constraint consists in hiding from the server the search result returned to the user. The non respect of this constraint may cause sensitive information leakage as demonstrated in the literature. To fix this security lack, we propose a method that allows to securely request and receive the needed documents from the server after performing a search. The proposed method that we call the access pattern hiding (APH) technique allows to respect the access pattern constraint. An experimental study is conducted to validate the APH technique.

Modern embedded IoT devices are an attractive target for cyber attacks. For example, they can be used to disable entire factories and ask for ransom. Recovery of compromised devices is not an easy task, because malware can subvert the original software and make itself persistent. In addition, many embedded devices do not implement remote recovery procedures and, therefore, require manual intervention.Recent proposals from NIST and TCG define concepts and building blocks for cyber resilience: protection, detection and recovery. In this paper, we describe a system which allows implementing cyber resilient IoT devices that can be recovered remotely and timely. The proposed architecture consists of trusted data monitoring, local and remote attack detection, and enforced connections to remote services as building blocks for attack detection and recovery. Further, hardware- and software-based implementations of such a system are presented.

Securing communication between any two wireless devices or users is challenging without compromising sensitive/personal data. To address this problem, we have developed an artificial intelligence (AI) algorithm to secure communication on virtualized wireless networks. To detect cyberattacks in a virtualized environment is challenging compared to traditional wireless networks setting. However, we successfully investigate an efficient cyberattack detection algorithm using an AI algorithm in a Bayesian learning model for detecting cyberattacks on the fly. We have studied the results of Random Forest and deep neural network (DNN) models to detect the cyberattacks on a virtualized wireless network, having considered the required transmission power as a threshold value to classify suspicious activities in our model. We present both formal mathematical analysis and numerical results to support our claims. The numerical results show our accuracy in detecting cyberattacks in the proposed Bayesian model is better than Random Forest and DNN models. We have also compared both models in terms of detection errors. The performance comparison results show our proposed approach outperforms existing approaches in detection accuracy, precision, and recall.

We propose and demonstrate a set of microservice-based security components able to perform physical layer security assessment and mitigation in optical networks. Results illustrate the scalability of the attack detection mechanism and the agility in mitigating attacks.

Distributed Denial of Service (DDoS) attacks are among the most harmful cyberattack types in the Internet. The main goal of a DDoS defense mechanism is to reduce the attack's effect as close as possible to their sources to prevent malicious traffic in the Internet. In this work, we examine the DDoS attacks as a rate management and congestion control problem and propose a collaborative fair rate throttling mechanism to combat DDoS attacks. Additionally, we propose anomaly detection mechanisms to detect attacks at the victim site, early attack detection mechanisms by intermediate Autonomous Systems (ASes), and feedback mechanisms between ASes to achieve distributed defense against DDoS attacks. To reduce additional vulnerabilities for the feedback mechanism, we use a secure, private, and authenticated communication channel between AS monitors to control the process. Our mathematical model presents proactive resource management, where the victim site sends rate adjustment requests to upstream routers. We conducted several experiments using a real-world dataset to demonstrate the efficiency of our approach under DDoS attacks. Our results show that the proposed method can significantly reduce the impact of DDoS attacks with minimal overhead to routers. Moreover, the proposed anomaly detection techniques can help ASes to detect possible attacks and early attack detection by intermediate ASes.

Nowadays, exploits often rely on a code-reuse approach. Short pieces of code called gadgets are chained together to execute some payload. Code-reuse attacks can exploit vul-nerabilities in the presence of operating system protection that prohibits data memory execution. The ROP chain construction task is the code generation for the virtual machine defined by an exploited executable. It is crucial to understand how powerful ROP attacks can be. Such knowledge can be used to improve software security. We implement MAJORCA that generates ROP and JOP payloads in an architecture agnostic manner and thoroughly consider restricted symbols such as null bytes that terminate data copying via strcpy. The paper covers the whole code-reuse payloads construction pipeline: cataloging gadgets, chaining them in DAG, scheduling, linearizing to the ready-to-run payload. MAJORCA automatically generates both ROP and JOP payloads for x86 and MIPS. MAJORCA constructs payloads respecting restricted symbols both in gadget addresses and data. We evaluate MAJORCA performance and accuracy with rop-benchmark and compare it with open-source compilers. We show that MAJORCA outperforms open-source tools. We propose a ROP chaining metric and use it to estimate the probabilities of successful ROP chaining for different operating systems with MAJORCA as well as other ROP compilers to show that ROP chaining is still feasible. This metric can estimate the efficiency of OS defences.

Supervisory Control and Data Acquisition (SCADA) and Distributed Control Systems (DCS) use advanced computing, sensors, control systems, and communication networks to monitor and control industrial processes and distributed assets. The increased connectivity of these systems to corporate networks has exposed them to new security threats and made them a prime target for cyber-attacks with the potential of causing catastrophic economic, social, and environmental damage. Recent intensified sophisticated attacks on these systems have stressed the importance of methodologies and tools to assess the security risks of Industrial Control Systems (ICS). In this paper, we propose a novel game theory model and Monte Carlo simulations to assess the cybersecurity risks of an exemplary industrial control system under realistic assumptions. We present five game enrollments where attacker and defender agents make different preferences and we analyze the final outcome of the game. Results show that a balanced defense with uniform budget spending is the best strategy against a look-ahead attacker.

In dynamic control centers, conventional SCADA systems are enhanced with novel assistance functionalities to increase existing monitoring and control capabilities. To achieve this, different key technologies like phasor measurement units (PMU) and Digital Twins (DT) are incorporated, which give rise to new cyber-security challenges. To address these issues, a four-stage threat analysis approach is presented to identify and assess system vulnerabilities for novel dynamic control center architectures. For this, a simplified risk assessment method is proposed, which allows a detailed analysis of the different system vulnerabilities considering various active and passive cyber-attack types. Qualitative results of the threat analysis are presented and discussed for different use cases at the control center and substation level.

The Linux kernel is implemented in C, an unsafe programming language, which puts the burden of memory management, type and bounds checking, and error handling in the hands of the developer. Hundreds of buffer overflow bugs have compromised Linux systems over the years, leading to endless layers of mitigations applied on top of C. In contrast, the D programming language offers automated memory safety checks and modern features such as OOP, templates and functional style constructs. In addition, interoper-ability with C is supported out of the box. However, to integrate a D module with the Linux kernel it is required that the needed C header files are translated to D header files. This is a tedious, time consuming, manual task. Although a tool to automate this process exists, called DPP, it does not work with the complicated, sometimes convoluted, kernel code. In this paper, we improve DPP with the ability to translate any Linux kernel C header to D. Our work enables the development and integration of D code inside the Linux kernel, thus facilitating a method of making the kernel memory safe.

Microprocessor software test libraries (STLs) must provide maximum fault coverage with minimum overhead. Pruning safe faults, which cannot cause errors in the output of the processor, from the fault list can increase fault coverage without adding test overhead. Applying more application-specific constraints can lead to the identification of more safe faults, and some such constraints are yet to be explored. This work explores the use of signal combination-based constraints alongside well-known constant signal-based constraints for identifying safe faults. Also, for the first time, information on safe faults is utilised during test compaction in order to further minimise test overhead. Results for an OpenRISC processor design show up to 2.33% improvement in fault coverage with the use of the proposed constraints. In one test program, a code segment contributing only to the coverage of safe faults is identified, with its removal providing a 1.09 % code size reduction on top of existing compaction techniques. The results may vary for a larger and more complex commercial design with greater scope for redundant logic. This work explores the use of signal combination-based constraints alongside well-known constant signal-based constraints for identifying safe faults. Also, for the first time, information on safe faults is utilised during test compaction in order to further minimise test overhead. Results for an OpenRISC processor design show up to 2.33% improvement in fault coverage with the use of the proposed constraints. In one test program, a code segment contributing only to the coverage of safe faults is identified, with its removal providing a 1.09 % code size reduction on top of existing compaction techniques. The results may vary for a larger and more complex commercial design with greater scope for redundant logic.