Biblio

Malwares are designed to cause harm to the machine without the user's knowledge. Malwares belonging to different families infect the system in its own unique way causing damage which could be irreversible and hence there is a need to detect and analyse the malwares. Manual analysis of all types of malwares is not a practical approach due to the huge effort involved and hence Automated Malware Analysis is resorted to so that the burden on humans can be decreased and the process is made robust. A lot of Automated Malware Analysis tools are present right now both offline and online but the problem arises as to which tool to select while analysing a suspicious binary. A comparative analysis of three most widely used automated tools has been done with different malware class samples. These tools are Cuckoo Sandbox, Any. Run and Intezer Analyze. In order to check the efficacy of the tool in both online and offline analysis, Cuckoo Sandbox was configured for offline use, and Any. Run and Intezer Analyze were configured for online analysis. Individual tools analyse each malware sample and after analysis is completed, a comparative chart is prepared to determine which tool is good at finding registry changes, processes created, files created, network connections, etc by the malicious binary. The findings conclude that Intezer Analyze tool recognizes file changes better than others but otherwise Cuckoo Sandbox and Any. Run tools are better in determining other functionalities.

This document addresses the issue of the actual security level of PDF documents. Two types of detection approaches are utilized to detect dangerous elements within malware: static analysis and dynamic analysis. Analyzing malware binaries to identify dangerous strings, as well as reverse-engineering is included in static analysis for t1he malware to disassemble it. On the other hand, dynamic analysis monitors malware activities by running them in a safe environment, such as a virtual machine. Each method has its own set of strengths and weaknesses, and it is usually best to employ both methods while analyzing malware. Malware detection could be simplified without sacrificing accuracy by reducing the number of malicious traits. This may allow the researcher to devote more time to analysis. Our worry is that there is no obvious need to identify malware with numerous functionalities when it isn't necessary. We will solve this problem by developing a system that will identify if the given file is infected with malware or not.

A reliable database of Indicators of Compromise (IoC’s) is a cornerstone of almost every malware detection system. Building the database and keeping it up-to-date is a lengthy and often manual process where each IoC should be manually reviewed and labeled by an analyst. In this paper, we focus on an automatic way of identifying IoC’s intended to save analysts’ time and scale to the volume of network data. We leverage relations of each IoC to other entities on the internet to build a heterogeneous graph. We formulate a classification task on this graph and apply graph neural networks (GNNs) in order to identify malicious domains. Our experiments show that the presented approach provides promising results on the task of identifying high-risk malware as well as legitimate domains classification.

The Internet of things (IoT) is proving to be a boon in granting internet access to regularly used objects and devices. Sensors, programs, and other innovations interact and trade information with different gadgets and frameworks over the web. Even in modern times, IoT gadgets experience the ill effects of primary security threats, which expose them to many dangers and malware, one among them being IoT botnets. Botnets carry out attacks by serving as a vector and this has become one of the significant dangers on the Internet. These vectors act against associations and carry out cybercrimes. They are used to produce spam, DDOS attacks, click frauds, and steal confidential data. IoT gadgets bring various challenges unlike the common malware on PCs and Android devices as IoT gadgets have heterogeneous processor architecture. Numerous researches use static or dynamic analysis for detection and classification of botnets on IoT gadgets. Most researchers haven't addressed the multi-architecture issue and they use a lot of computing resources for analyzing. Therefore, this approach attempts to classify botnets in IoT by using PSI-Graphs which effectively addresses the problem of encryption in IoT botnet detection, tackles the multi-architecture problem, and reduces computation time. It proposes another methodology for describing and recognizing botnets utilizing graph-based Machine Learning techniques and Exploratory Data Analysis to analyze the data and identify how separable the data is to recognize bots at an earlier stage so that IoT devices can be prevented from being attacked.

Roads are the backbone of our country, they play an important role for human progress. Roads seem to be dangerous and harmful for human beings on hills, near rivers, lakes and small ridges. It's possible with the help of IoT (Internet of things) to incorporate all the things made efficiently and effectively. IoT in combination with roads make daily life smart and excellent. This paper shows IoT technology will be the beginning of smart cities and it will reduce road accidents and collisions. If all vehicles are IoT based and connected with the internet, then an efficient method to guide, it performs urgent action, when less time is available. Internet and antenna technology in combination with IoT perform fully automation in our day-to-day life. It will provide excellent service as well as accuracy and precision.

The recent 5G networks aim to provide higher speed, lower latency, and greater capacity; therefore, compared to the previous mobile networks, more advanced and intelligent network security is essential for 5G networks. To detect unknown and evolving 5G network intrusions, this paper presents an artificial intelligence (AI)-based network threat detection system to perform data labeling, data filtering, data preprocessing, and data learning for 5G network flow and security event data. The performance evaluations are first conducted on two well-known datasets-NSL-KDD and CICIDS 2017; then, the practical testing of proposed system is performed in 5G industrial IoT environments. To demonstrate detection against network threats in real 5G environments, this study utilizes the 5G model factory, which is downscaled to a real smart factory that comprises a number of 5G industrial IoT-based devices.

With the advent of information and communication technology, the digital space is becoming a playing ground for criminal activities. Criminals typically prefer darkness or a hidden place to perform their illegal activities in a real-world while sometimes covering their face to avoid being exposed and getting caught. The same applies in a digital world where criminals prefer features which provide anonymity or hidden features to perform illegal activities. It is from this spirit the Darkweb is attracting all kinds of criminal activities conducted over the Internet such as selling drugs, illegal weapons, child pornography, assassination for hire, hackers for hire, and selling of malicious exploits, to mention a few. Although the anonymity offered by Darkweb can be exploited as a tool to arrest criminals involved in cybercrime, an in-depth research is needed to advance criminal investigation on Darkweb. Analysis of illegal activities conducted in Darkweb is in its infancy and faces several challenges like lack of standard operating procedures. This study proposes progressive standard operating procedures (SOPs) for Darkweb forensics investigation. We provide the four stages of SOP for Darkweb investigation. The proposed SOP consists of the following stages; identification and profiling, discovery, acquisition and preservation, and the last stage is analysis and reporting. In each stage, we consider the objectives, tools and expected results of that particular stage. Careful consideration of this SOP revealed promising results in the Darkweb investigation.

A malicious insider threat is more vulnerable to an organization. It is necessary to detect the malicious insider because of its huge impact to an organization. The occurrence of a malicious insider threat is less but quite destructive. So, the major focus of this paper is to detect the malicious insider threat in an organization. The traditional insider threat detection algorithm is not suitable for real time insider threat detection. A supervised learning-based anomaly detection technique is used to classify, predict and detect the malicious and non-malicious activity based on highest level of anomaly score. In this paper, a framework is proposed to detect the malicious insider threat using supervised learning-based anomaly detection. It is used to detect the malicious insider threat activity using One-Class Support Vector Machine (OCSVM). The experimental results shows that the proposed framework using OCSVM performs well and detects the malicious insider who obtain huge anomaly score than a normal user.

The 5G research community is increasingly leveraging the innovative features offered by Information Centric Networking (ICN). However, ICN’s fundamental features, such as in-network caching, make access control enforcement more challenging in an ICN-based 5G deployment. To address this shortcoming, we propose a Blockchain-based Decentralized Authentication Protocol (BDAP) which enables efficient and secure mobile user authentication in an ICN-based 5G network. We show that BDAP is robust against a variety of attacks to which mobile networks and blockchains are particularly vulnerable. Moreover, a preliminary performance analysis suggests that BDAP can reduce the authentication delay compared to the standard 5G authentication protocols.

Internet architecture has transformed into a more complex form than it was about a decade back. Today the internet comprises multimedia information where services and web applications have started to shift their focus on content. In our perspective of communication systems, content-centric networking (CCN) proposes a new methodology. The use of cache memory at the network level is an important feature of this new architecture. This cache is intended to store transit details for a set period, and it is hoped that this capability will aid in network quality, especially in a rapidly increasing video streaming situation. Information-centric networking (ICN) is the one architecture that is seen as a possible alternative for shifting the Internet from a host-centric to a content-centric point-of-view. It focuses on data rather than content. CCN is more reliable when it comes to data delivery as it does not need to depend on location for data. CCN architecture is scalable, secure and provides mobility support. In this paper, we implement a ccnchat, a chat testing application, which is created with the help of libraries provided by Palo Alto Research Center (PARC) on local area network (LAN) between two users and demonstrate the working of this local chat application over CCN network that works alongside existing IP infrastructure.

As an important pillar of social informatization, e-government not only provides more convenient services for the public, but also effectively improves administrative efficiency. At the same time, the application of cloud computing technology also urgently requires the government to improve the level of digital construction. This paper proposes the concept of e-government based on cloud computing, analyze the possible hidden dangers that cloud computing brings to e-government in management, technology, and security, and build cloud computing e-government information security system from three aspects: cloud security management, cloud security technology, and cloud security assurance.

The new paradigm of industrial development, called Industry 4.0, faces the problems of Cybersecurity, and as it has already manifested itself in Information Systems, focuses on the use of Artificial Intelligence tools. The authors of this article build on their experience with the use of the above mentioned tools to increase the resilience of Information Systems against Cyber threats, approached to the choice of an effective structure of Cyber-protection of Industrial Systems, primarily analyzing the objective differences between them and Information Systems. A number of analyzes show increased resilience of the decentralized architecture in the management of large-scale industrial processes to the centralized management architecture. These considerations provide sufficient grounds for the team of the project to give preference to the decentralized structure with flock behavior for further research and experiments. The challenges are to determine the indicators which serve to assess and compare the impacts on the controlled elements.

Metaverse is becoming the new standard for social networks and 3D virtual worlds when Facebook officially rebranded to Metaverse in October 2021. Many relevant technologies are used in the metaverse to offer 3D immersive and customized experiences at the user’s fingertips. Despite the fact that the metaverse receives a lot of attention and advantages, one of the most pressing concerns for its users is the safety of their digital material and data. As a result of its decentralization, immutability, and transparency, blockchain is a possible alternative. Our goal is to conduct a comprehensive assessment of blockchain systems in the metaverse to properly appreciate its function in the metaverse. To begin with, the paper introduces blockchain and the metaverse and explains why it’s necessary for the metaverse to adopt blockchain technology. Aside from these technological considerations, this article focuses on how blockchain-based approaches for the metaverse may be used from a privacy and security standpoint. There are several technological challenegs that need to be addressed for making the metaverse a reality. The influence of blockchain on important key technologies with in metaverse, such as Artifical Intelligence, big data and the Internet-of-Things (IoT) is also examined. Several prominent initiatives are also shown to demonstrate the importance of blockchain technology in the development of metaverse apps and services. There are many possible possibilities for future development and research in the application of blockchain technology in the metaverse.

Metaverse opens up a new social networking paradigm where people can experience a real interactive feeling without physical space constraints. Social interactions are gradually evolving from text combined with pictures and videos to 3-dimensional virtual reality, making the social experience increasingly physical, implying that more metaverse applications with immersive experiences will be developed in the future. However, the increasing data dimensionality and volume for new metaverse applications present a significant challenge in data acquisition, security, and sharing. Furthermore, metaverse applications require high capacity and ultrareliability for the wireless system to guarantee the quality of user experience, which cannot be addressed in the current fifth-generation system. Therefore, reaching the metaverse is dependent on the revolution in the sixth-generation (6G) wireless communication, which is expected to provide low-latency, high-throughput, and secure services. This article provides a comprehensive view of metaverse applications and investigates the fundamental technologies for the 6G toward metaverse.

This paper is a conceptual paper that explores how the sensemaking process by intelligence analysts completed within a cognitive immersive environment might be impacted by the inclusion of a progressive dialog system. The tools enabled in the sensemaking room (a specific instance within the cognitive immersive environment) were informed by tools from the intelligence analysis domain. We explore how a progressive dialog system would impact the use of tools such as the collaborative brainstorming exercise [1]. These structured analytic techniques are well established in intelligence analysis training literature, and act as ways to access the intended users' cognitive schema as they use the cognitive immersive room and move through the sensemaking process. A prior user study determined that the sensemaking room encouraged users to be more concise and representative with information while using the digital brainstorming tool. We anticipate that addition of the progressive dialog function will enable a more cohesive link between information foraging and sensemaking behaviors for analysts.

Industrial Control Systems (ICS) are increasingly facing the threat of False Data Injection (FDI) attacks. As an emerging intrusion detection scheme for ICS, process-based Intrusion Detection Systems (IDS) can effectively detect the anomalies caused by FDI attacks. Specifically, such IDS establishes anomaly detection model which can describe the normal pattern of industrial processes, then perform real-time anomaly detection on industrial process data. However, this method suffers low detection accuracy due to the complexity and instability of industrial processes. That is, the process data inherently contains sophisticated nonlinear spatial-temporal correlations which are hard to be explicitly described by anomaly detection model. In addition, the noise and disturbance in process data prevent the IDS from distinguishing the real anomaly events. In this paper, we propose an Anomaly Detection approach based on Robust Spatial-temporal Modeling (AD-RoSM). Concretely, to explicitly describe the spatial-temporal correlations within the process data, a neural based state estimation model is proposed by utilizing 1D CNN for temporal modeling and multi-head self attention mechanism for spatial modeling. To perform robust anomaly detection in the presence of noise and disturbance, a composite anomaly discrimination model is designed so that the outputs of the state estimation model can be analyzed with a combination of threshold strategy and entropy-based strategy. We conducted extensive experiments on two benchmark ICS security datasets to demonstrate the effectiveness of our approach.

Many cyber-related untoward incidents and multiple instances of a data breach of system are being reported. User identity and its usage for valid entry to system depend upon successful authentication. Researchers have explored many threats and vulnerabilities in a centralized system. It has initiated concept of a decentralized way to overcome them. In this work, we have explored application of Self-Sovereign Identity and Verifiable Credentials using decentralized identifiers over cloud.

The agricultural sector and other Micro, Small, and Medium Enterprises in India operate with more than 90% migrant workers searching for better employment opportunities far away from their native places. However, inherent challenges are far more for the migrant workers, most prominently their Identity. To the best of our knowledge, available literature lacks a comprehensive study on identity management components for user privacy and data protection mechanisms in identity management architecture. Self-Sovereign Identity is regarded as a new evolution in digital identity management systems. Blockchain technology and distributed ledgers bring us closer to realizing an ideal Self-Sovereign Identity system. This paper proposes a novel solution to address identity issues being faced by migrant workers. It also gives a holistic, coherent, and mutually beneficial Identity Management Solution for the migrant workforce in the Indian perspective towards e-Governance and Digital India.

Identity Management Systems (IdMS) have seemingly evolved in recent years, both in terms of modelling approach and in terms of used technology. The early centralized, later federated and user-centric Identity Management (IdM) was finally replaced by Self-Sovereign Identity (SSI). Solutions based on Distributed Ledger Technology (DLT) appeared, with prominent examples of uPort, Sovrin or ShoCard. In effect, users got more freedom in creation and management of their identities. IdM systems became more distributed, too. However, in the area of interoperability, dynamic and ad-hoc identity management there has been almost no significant progress. Quest for the best IdM system which will be used by all entities and organizations is deemed to fail. The environment of IdM systems is, and in the near future will still be, heterogenous. Therefore a person will have to manage her or his identities in multiple IdM systems. In this article authors argument that future-proof IdM systems should be able to interoperate with each other dynamically, i.e. be able to discover existence of different identities of a person across multiple IdM systems, dynamically build trust relations and be able to translate identity assertions and claims across various IdM domains. Finally, authors introduce identity relationship model and corresponding identity discovery algorithm, propose IdMS-agnostic identity discovery service design and its implementation with use of Ethereum and Smart Contracts.

One way to detect and assess software vulnerabilities is by extracting security-related information from commit messages. Automating the detection and assessment of vulnerabilities upon security commit messages is still challenging due to the lack of structured and clear messages. We created a convention, called SECOM, for security commit messages that structure and include bits of security-related information that are essential for detecting and assessing vulnerabilities for both humans and tools. The full convention and details are available here: https://tqrg.github.io/secom/.

Internet of Things devices collect and share data (IoT). Internet connections and emerging technologies like IoT offer privacy and security challenges, and this trend is anticipated to develop quickly. Internet of Things intrusions are everywhere. Businesses are investing more to detect these threats. Institutes choose accurate testing and verification procedures. In recent years, IoT utilisation has increasingly risen in healthcare. Where IoT applications gained popular among technologists. IoT devices' energy limits and scalability raise privacy and security problems. Experts struggle to make IoT devices more safe and private. This paper provides a machine-learning-based IDS for IoT network threats (ML-IDS). This study aims to implement ML-supervised IDS for IoT. We're going with a centralised, lightweight IDS. Here, we compare seven popular categorization techniques on three data sets. The decision tree algorithm shows the best intrusion detection results.

Network attacks are always a nightmare for the network administrators as it eats away a huge wavelength and disturbs the normal working of many critical services in the network. Network behavior based profiling and detection is considered to be an accepted method; but the modeling data and method is always a big concern. The network event-based profiling is getting acceptance as they are sequential in nature and the sequence depicts the behavior of the system. This sequential network events can be analyzed using different techniques to create a profile for anomaly detection. In this paper we examine the possibility of two techniques for sequential event analysis using Modified GSP and IPAM algorithm. We evaluate the performance of these algorithms on the CSE-CIC-IDS 2018 data set to benchmark the performance. This experiment is different from other anomaly-based detection which evaluates the features of the dataset to detect the abnormalities. The performance of the algorithms on the dataset is then confirmed by the pattern evolving from the analysis and the indications it provides for early detection of network attacks.

Information privacy and security has become a necessity in the rapid growth of computer technology. A new algorithm for image encryption is proposed in this paper; using hash functions, chaotic map and two levels of diffusion process. The initialization key for chaos map is generated with the help of two hash functions. The initial seed for these hash functions is the sum of rows, columns and pixels across the diagonal of the plain image. Firstly, the image is scrambled using quantization unit. In the first level of diffusion process, the pixel values of the scrambled image are XOR with the normalized chaotic map. Odd pixel value is XOR with an even bit of chaotic map and even pixel is XOR with an odd bit of chaotic map. To achieve strong encryption, the image undergoes a second level of diffusion process where it is XOR with the map a finite number of times. After every round, the pixel array is circular shifted three times to achieve a strong encrypted image. The experimental and comparative analysis done with state of the art techniques on the proposed image encryption algorithm shows that it is strong enough to resist statistical and differential attacks present in the communication channel.

Secure hash functions are widely used in cryptographic algorithms to secure against diverse attacks. A one-way secure hash function is used in the various research fields to secure, for instance, blockchain. Notably, most of the hash functions provide security based on static parameters and publicly known operations. Consequently, it becomes easier to attack by the attackers because all parameters and operations are predefined. The publicly known parameters and predefined operations make the oracle regenerate the key even though it is a one-way secure hash function. Moreover, the sensitive data is mixed with the predefined constant where an oracle may find a way to discover the key. To address the above issues, we propose a novel one-way secure hash algorithm, OSHA for short, to protect sensitive data against attackers. OSHA depends on a pseudo-random number generator to generate a hash value. Particularly, OSHA mixes multiple pseudo-random numbers to produce a secure hash value. Furthermore, OSHA uses dynamic parameters, which is difficult for adversaries to guess. Unlike conventional secure hash algorithms, OSHA does not depend on fixed constants. It replaces the fixed constant with the pseudo-random numbers. Also, the input message is not mixed with the pseudo-random numbers; hence, there is no way to recover and reverse the process for the adversaries.

Impactful data breaches that exposed the online accounts and financial information of billions of individuals have increased recently because of the digitization of numerous industries. As a result, the need for comprehensive cybersecurity measures has risen, particularly with regard to the safekeeping of user passwords. Strong password storage security ensures that even if an attacker has access to compromised data, they are unable to utilize the passwords in attack vectors like credential-stuffing assaults. Additionally, it will reduce the risk of threats like fraudulent account charges or account takeovers for users. This study compares the performance of several hashing algorithms, including Bcrypt, SHA-256 and MD5 and how bcrypt algorithm outperforms the other algorithms. Reversal of each of the results will be attempted using Rainbow Tables for better understanding of hash reversals and the comparisons are tabulated. The paper provides a detail implementation of bcrypt algorithm and sheds light on the methodology of BCRYPT hashing algorithm results in robust password security. While SHA-256 hashing algorithms are, easily susceptible to simple attacks such as brute force as it a fast algorithm and making bcrypt more favorable.