Biblio

Expressing Keystroke Dynamics (KD) in form of sound opens new avenues to apply sound analysis techniques on KD. However this mapping is not straight-forward as varied feature space, differences in magnitudes of features and human interpretability of the music bring in complexities. We present a musical interface to KD by mapping keystroke features to music features. Music elements like melody, harmony, rhythm, pitch and tempo are varied with respect to the magnitude of their corresponding keystroke features. A pitch embedding technique makes the music discernible among users. Using the data from 30 users, who typed fixed strings multiple times on a desktop, shows that these auditory signals are distinguishable between users by both standard classifiers (SVM, Random Forests and Naive Bayes) and humans alike.

In the present scenario, security is the biggest concern in any domain of applications. The latest and widely used system for user authentication is a biometric system. This includes fingerprint recognition, retina recognition, and voice recognition. But these systems can be bypassed by masqueraders. To avoid this, a combination of these systems is used which becomes very costly. To overcome these two drawbacks keystroke dynamics were introduced in this field. Keystroke dynamics is a biometric authentication-based system on behavior, which is an automated method in which the identity of an individual is identified and confirmed based on the way and the rhythm of passwords typed on a keyboard by the individual. The work in this paper focuses on identifying the best algorithm for implementing an authentication system with the help of machine learning for user identification based on keystroke dynamics. Our proposed model which uses XGBoost gives a comparatively higher accuracy of 93.59% than the other algorithms for the dataset used.

Wireless network is an alternative communication to cable, where radio wave is used as transmission media instead of copper medium. However, wireless network more vulnerable to risk in security compared to cable network. Wireless network mostly used by Internet of Things node as communication media between nodes. Hence, these nodes exposed to risk of flooding attack from third party person. Hence, a system which capability to detect flooding attack at IoT node is required. Many researches have been done before, but most of the research only focus to IPv4 and signature-based detection. IPv6-based attacks undetectable by the current research, due to different datagram structure. This paper proposed a conceptual detection method with reinforcement learning algorithm to detect IPv6-based attack targeting IoT nodes. This reward will decide whether the detection system is good or not. The assessment calculation equation is used to turn reward-based score into detection accuracy.

As the world is moving towards industry 4.0, it is estimated that in the near future billions of IoT devices will be interconnected over the Internet. The open and heterogeneous nature of IoT environment makes it vulnerable to adversarial attacks. To maintain sustainability in IoT ecosystem, this paper evaluates some of the recent IoT schemes based on key security features i.e. authentication, confidentiality, trust etc. These schemes are classified according to three-layer IoT architecture. Based on our findings, some of these solutions are applicable at physical layer while others are at network, and application layers. However, none of these schemes can provide end-to-end solution for IoT environment. Therefore, our work provides a roadmap for future research directions in IoT domain to design robust security schemes for IoT environment, thus can achieve sustainability in IoT ecosystem.

The number of Mobile device users in the word has evolved rapidly. Many internet users currently want to connect the internet for all utilities automatically. One of the technologies in the IPv6 network, which supports data access from moving users, is IPv6 Mobile protocol. In its mobility, the users on a range of networks can move the range to another network. High demand for this technology will interest to a hacker or a cracker to carry out an attack. One of them is a DoS attack that compromises a target to denial its services. A firewall is usually used to protect networks from external attacks. However, since the firewall based on the attacker database, the unknown may not be detected. In order to address the obstacle, a detection tool could be used. In this research, IDS as an intrusion detection tool was integrated with a firewall to be implemented in IPv6 Mobile to stop the DoS attack. The results of some experiments showed that the integration system could block the attack at 0.9 s in Correspondent Node and 1.2 s in Home Agent. The blocked attack can decrease the network throughput up to 27.44% when a Mobile Node in Home Agent, 28,87% when the Mobile Node in a Foreign Network. The final result of the blocked attack is reducing the average CPU utilization up to 30.99%.

The massive boom of Internet of Things (IoT) has led to the explosion of smart IoT devices and the emergence of various applications such as smart cities, smart grids, smart mining, connected health, and more. While the proliferation of IoT systems promises many benefits for different sectors, it also exposes a large attack surface, raising an imperative need to put security in the first place. It is impractical to heavily rely on manual operations to deal with security of massive IoT devices and applications. Hence, there is a strong need for securing IoT systems with minimum human intervention. In light of this situation, in this paper, we envision security automation and orchestration for IoT systems. After conducting a comprehensive evaluation of the literature and having conversations with industry partners, we envision a framework integrating key elements towards this goal. For each element, we investigate the existing landscapes, discuss the current challenges, and identify future directions. We hope that this paper will bring the attention of the academic and industrial community towards solving challenges related to security automation and orchestration for IoT systems.

As a new paradigm for the monitoring and troubleshooting of backbone networks, the multilayer in-band network telemetry (ML-INT) with deep learning (DL) based data analytics (DA) has recently been proven to be effective on realtime visualization and fine-grained monitoring. However, the existing studies on ML-INT&DA systems have overlooked the privacy and security issues, i.e., a malicious party can apply tapping in the data reporting channels between the data and control planes to illegally obtain plaintext ML-INT data in them. In this paper, we discuss a privacy-preserving DL-based ML-INT&DA system for realizing AI-assisted network automation in backbone networks in the form of IP-over-Optical. We first show a lightweight encryption scheme based on integer vector homomorphic encryption (IVHE), which is used to encrypt plaintext ML-INT data. Then, we architect a DL model for anomaly detection, which can directly analyze the ciphertext ML-INT data. Finally, we present the implementation and experimental demonstrations of the proposed system. The privacy-preserving DL-based ML-INT&DA system is realized in a real IP over elastic optical network (IP-over-EON) testbed, and the experimental results verify the feasibility and effectiveness of our proposal.

Existing logic-locking attacks are known to successfully decrypt functionally correct key of a locked combinational circuit. It is possible to extend these attacks to real-world Silicon-based Intellectual Properties (IPs, which are sequential circuits) through scan-chains by selectively initializing the combinational logic and analyzing the responses. In this paper, we propose SeqL, which achieves functional isolation and locks selective flip-flop functional-input/scan-output pairs, thus rendering the decrypted key functionally incorrect. We conduct a formal study of the scan-locking problem and demonstrate automating our proposed defense on any given IP. We show that SeqL hides functionally correct keys from the attacker, thereby increasing the likelihood of the decrypted key being functionally incorrect. When tested on pipelined combinational benchmarks (ISCAS, MCNC), sequential benchmarks (ITC) and a fully-fledged RISC-V CPU, SeqL gave 100% resilience to a broad range of state-of-the-art attacks including SAT [1], Double-DIP [2], HackTest [3], SMT [4], FALL [5], Shift-and-Leak [6] and Multi-cycle attacks [7].

Distributed denial of service (DDoS) attacks can bring tremendous damage to online services and ISPs. Existing adopted mitigation methods either require the victim to have a sufficient number of resources for traffic filtering or to pay a third party cloud service to filter the traffic. In our previous work we proposed CoFence, a collaborative network that allows member domains to help each other in terms of DDoS traffic handling. In that network, victim servers facing a DDoS attack can redirect excessive connection requests to other helping servers in different domains for filtering. Only filtered traffic will continue to interact with the victim server. However, sending traffic to third party servers brings up the issue of privacy: specifically leaked client source IP addresses. In this work we propose a privacy protection mechanism for defense so that the helping servers will not be able to see the IP address of the client traffic while it has minimum impact to the data filtering function. We implemented the design through a test bed to demonstrated the feasibility of the proposed design.

Directional Overcurrent Relays (DOCRs) play an essential role in the power system protection to guarantee the reliability, speed of relay operation and avoiding mal-trip in the primary and backup relays when unintentional fault conditions occur in the system. Moreover, the dual setting protection scheme is more efficient protection schemes for offering fast response protection and providing flexibility in the coordination of relay. In this paper, the Adaptive Modified Firefly Algorithm (AMFA) is used to determine the optimal coordination of dual setting DOCRs in the ring distribution system. The AMFA is completed by choosing the minimum value of pickup current (\textbackslashtextbackslashpmbI\textbackslashtextbackslashpmbP) and time dial setting (TDS). On the other hand, dual setting DOCRs protection scheme also proposed for operating in both forward and reverse directions that consisted of individual time current characteristics (TCC) curve for each direction. The previous method is applied to the ring distribution system network of PT. Pupuk Sriwidjaja by considering the fault on each bus. The result illustration that the AMFA within dual setting protection scheme is significantly reaching the optimized coordination and the relay coordination is certain for all simulation scenarios with the minimum operation. The AMFA has been successfully implemented in MATLAB software programming.

Distributed large-scale cyber attacks targeting the availability of computing and network resources still remain a serious threat. To limit the effects caused by those attacks and to provide a proactive defense, mitigation should move to the networks of Internet Service Providers (ISPs). In this context, this thesis focuses on a development of a collaborative, automated approach to mitigate the effects of Distributed Denial of Service (DDoS) attacks at Internet Scale. This thesis has the following contributions: i) a systematic and multifaceted study on mitigation of large-scale cyber attacks at ISPs. ii) A detailed guidance selecting an exchange format and protocol suitable to use to disseminate threat information. iii) To overcome the shortcomings of missing flow-based interoperability of current exchange formats, a development of the exchange format Flow-based Event Exchange Format (FLEX). iv) A communication process to facilitate the automated defense in response to ongoing network-based attacks, v) a model to select and perform a semi-automatic deployment of suitable response actions. vi) An investigation of the effectiveness of the defense techniques moving-target using Software Defined Networking (SDN) and their applicability in context of large-scale cyber attacks and the networks of ISPs. Finally, a trust model that determines a trust and a knowledge level of a security event to deploy semi-automated remediations and facilitate the dissemination of security event information using the exchange format FLEX in context of ISP networks.

Data analytics stands to benefit from the increasing availability of datasets that are held without their conceptual relationships being explicitly known. When collected, these datasets form a data lake from which, by processes like data wrangling, specific target datasets can be constructed that enable value- adding analytics. Given the potential vastness of such data lakes, the issue arises of how to pull out of the lake those datasets that might contribute to wrangling out a given target. We refer to this as the problem of dataset discovery in data lakes and this paper contributes an effective and efficient solution to it. Our approach uses features of the values in a dataset to construct hash- based indexes that map those features into a uniform distance space. This makes it possible to define similarity distances between features and to take those distances as measurements of relatedness w.r.t. a target table. Given the latter (and exemplar tuples), our approach returns the most related tables in the lake. We provide a detailed description of the approach and report on empirical results for two forms of relatedness (unionability and joinability) comparing them with prior work, where pertinent, and showing significant improvements in all of precision, recall, target coverage, indexing and discovery times.

Smart grid communication system deeply rely on information technologies which makes it vulnerable to variable cyber-attacks. Among possible attacks, False Data Injection (FDI) Attack has created a severe threat to smart grid control system. Attackers can manipulate smart grid measurements such as collected data of phasor measurement units (PMU) by implementing FDI attacks. Detection of FDI attacks with a simple and effective approach, makes the system more reliable and prevents network outages. In this paper we propose a Decomposed Nearest Neighbor algorithm to detect FDI attacks. This algorithm improves traditional k-Nearest Neighbor by using metric learning. Also it learns the local-optima free distance metric by solving a convex optimization problem which makes it more accurate in decision making. We test the proposed method on PMU dataset and compare the results with other beneficial machine learning algorithms for FDI attack detection. Results demonstrate the effectiveness of the proposed approach.

Software is frequently deployed with vulnerabilities that may allow hackers to gain access to the system or information, leading to money or reputation losses. Although there are many techniques to detect software vulnerabilities, their effectiveness is far from acceptable, especially in large software projects, as shown by several research works. This Ph.D. aims to study the combination of different techniques to improve the effectiveness of vulnerability detection (increasing the detection rate and decreasing the number of false-positives). Static Code Analysis (SCA) has a good detection rate and is the central technique of this work. However, as SCA reports many false-positives, we will study the combination of various SCA tools and the integration with other detection approaches (e.g., software metrics) to improve vulnerability detection capabilities. We will also study the use of such combination to prioritize the reported vulnerabilities and thus guide the development efforts and fixes in resource-constrained projects.

Internet of Things (IoT) has been growing exponentially in the commercial market in recent years. It is also a fact that people hold one or more computing devices at home. Many of them have been developed to operate through internet connectivity with cloud computing technologies that result in the demand for fast, robust, and secure services. In most cases, the lack of these services makes difficult the transfer of data to fulfill the devices' purposes. Under these conditions, an intermediate layer or middleware is needed to process, filter, and send data through a more efficient alternative. This paper presents the adaptive solution of a middleware architecture as an intermediate layer between smart devices and cloud computing to enhance the management of the heterogeneity of data provining from IoT devices. The proposed middleware provides easy configuration, adaptability, and bearability for different environments. Finally, this solution has been implemented in the healthcare domain, in which IoT solutions are deployed into Ambient Assisted Living (AAL) environments.

Classification of Misbehaving Nodes in wireless mobile adhoc networks (MANET) by applying machine learning techniques is an attempt to enhance security by detecting the presence of malicious nodes. MANETs are prone to many security vulnerabilities due to its significant features. The paper compares two machine learning techniques namely Support Vector Machine (SVM) and Back Propagation Neural Network (BPNN) and finds out the best technique to detect the misbehaving nodes. This paper is simulated with an on-demand routing protocol in NS2.35 and the results can be compared using parameters like packet Delivery Ratio (PDR), End-To-End delay, Average Throughput.

The Internet of Things (IoT) is more and more present in fundamental aspects of our societies and personal life. Billions of objects now have access to the Internet. This networking capability allows for new beneficial services and applications. However, it is also the entry-point for a wide variety of cyber-attacks that target these devices. The security measures present in real IoT systems lag behind those of the standard Internet. Security is sometimes completely absent. Moving Target Defense (MTD) is a 10-year-old cyber-defense paradigm. It proposes to randomize components of a system. Reasonably, an attacker will have a higher cost attacking an MTD-version of a system compared with a static-version of it. Even if MTD has been successfully applied to standard systems, its deployment for IoT is still lacking. In this paper, we propose a generic MTD framework suitable for IoT systems: IANVS (pronounced Janus). Our framework has a modular design. Its components can be adapted according to the specific constraints and requirements of a particular IoT system. We use it to instantiate two concrete MTD strategies. One that targets the UDP port numbers (port-hopping), and another a CoAP resource URI. We implement our proposal on real hardware using Pycom LoPy4 nodes. We expose the nodes to a remote Denial-of-Service attack and evaluate the effectiveness of the IANVS-based port-hopping MTD proposal.

Deep learning plays an increasingly important role in various fields due to its superior performance, and it also achieves advanced recognition performance in the field of image classification. However, the vulnerability of deep learning in the adversarial environment cannot be ignored, and the prediction result of the model is likely to be affected by the small perturbations added to the samples by the adversary. In this paper, we propose a two-layer dynamic defense method based on defensive techniques pool and retrained branch model pool. First, we randomly select defense methods from the defense pool to process the input. The perturbation ability of the adversarial samples preprocessed by different defense methods changed, which would produce different classification results. In addition, we conduct adversarial training based on the original model and dynamically generate multiple branch models. The classification results of these branch models for the same adversarial sample is inconsistent. We can detect the adversarial samples by using the inconsistencies in the output results of the two layers. The experimental results show that the two-layer dynamic defense method we designed achieves a good defense effect.

Balancing utility and differential privacy by shuffling or BUDS is an approach towards crowd sourced, statistical databases, with strong privacy and utility balance using differential privacy theory. Here, a novel algorithm is proposed using one-hot encoding and iterative shuffling with the loss estimation and risk minimization techniques, to balance both the utility and privacy. In this work, after collecting one-hot encoded data from different sources and clients, a step of novel attribute shuffling technique using iterative shuffling (based on the query asked by the analyst) and loss estimation with an updation function and risk minimization produces a utility and privacy balanced differential private report. During empirical test of balanced utility and privacy, BUDS produces ε = 0.02 which is a very promising result. Our algorithm maintains a privacy bound of ε = ln[t/((n1-1)S)] and loss bound of c'\textbackslashtextbareln[t/((n1-1)S)]-1\textbackslashtextbar.

Analyzing the security of closed source binaries is currently impractical for end-users, or even developers who rely on third-party libraries. Such analysis relies on automatic vulnerability discovery techniques, most notably fuzzing with sanitizers enabled. The current state of the art for applying fuzzing or sanitization to binaries is dynamic binary translation, which has prohibitive performance overhead. The alternate technique, static binary rewriting, cannot fully recover symbolization information and hence has difficulty modifying binaries to track code coverage for fuzzing or to add security checks for sanitizers.The ideal solution for binary security analysis would be a static rewriter that can intelligently add the required instrumentation as if it were inserted at compile time. Such instrumentation requires an analysis to statically disambiguate between references and scalars, a problem known to be undecidable in the general case. We show that recovering this information is possible in practice for the most common class of software and libraries: 64-bit, position independent code. Based on this observation, we develop RetroWrite, a binary-rewriting instrumentation to support American Fuzzy Lop (AFL) and Address Sanitizer (ASan), and show that it can achieve compiler-level performance while retaining precision. Binaries rewritten for coverage-guided fuzzing using RetroWrite are identical in performance to compiler-instrumented binaries and outperform the default QEMU-based instrumentation by 4.5x while triggering more bugs. Our implementation of binary-only Address Sanitizer is 3x faster than Valgrind's memcheck, the state-of-the-art binary-only memory checker, and detects 80% more bugs in our evaluation.

In this paper, an energy routing algorithm, called SAODV (secure Ad hoc On Demand Distance Vector) is designed for ad hoc mobile networks. SAODV is capable of both unicast and multicast routing. It is an on demand algorithm, meaning that it builds routes between nodes only as desired by source nodes. It maintains these routes as long as they are needed by the sources. Additionally, SAODV forms trees which connect multicast group members. The trees are composed of the group members and the nodes needed to connect the members. Extensive simulations are conducted to study the power consumption, the end-to-end delay, and the network throughput of our protocols compared with existing protocols. Efficiently handling losses in wireless environments, therefore, has significant importance. Even under benign conditions, various factors, like fading, interference, multi-path effects, and collisions, lead to heavy loss rates on wireless links.

In the current scenario, the data owners would like to access data from anywhere and anytime. Hence, they will store their data in public or private cloud along with encryption and particular set of attributes to access control on the cloud data. While uploading the data into public or private cloud they will assign some attribute set to their data. If any authorized cloud user wants to download their data they should enter that particular attribute set to perform further actions on the data owner's data. A cloud user wants to register their details under cloud organization to access the data owner's data. Users wants to submit their details as attributes along with their designation. Based on the Users details Semi-Trusted Authority generates decryption keys to get control on owner's data. A user can perform a lot of operation over the cloud data. If the user wants to read the cloud data he needs to be entering some read related, and if he wants to write the data he needs to be entering write related attribute. For each and every action user in an organization would be verified with their unique attribute set. These attributes will be stored by the admins to the authorized users in cloud organization. These attributes will be stored in the policy files in a cloud. Along with this attribute,a rule based engine is used, to provide the access control to user. If any user leaks their decryption key to the any malicious user data owners wants to trace by sending audit request to auditor and auditor will process the data owners request and concludes that who is the convict.

Cloud-based infrastructures have grown in popularity over the last decade leveraging virtualisation, server, storage, compute power and network components to develop flexible applications. The requirements for instantaneous deployment and reduced costs have led the shift from virtual machine deployment to containerisation, increasing the overall flexibility of applications and increasing performances. However, containers require a fully fleshed operating system to execute, increasing the attack surface of an application. Unikernels, on the other hand, provide a lightweight memory footprint, ease of application packaging and reduced start-up times. Moreover, Unikernels reduce the attack surface due to the self-contained environment only enabling low-level features. In this work, we provide an exhaustive description of the unikernel ecosystem; we demonstrate unikernel vulnerabilities and further discuss the security implications of Unikernel-enabled environments through different use-cases.

ATM transactions are verified using two-factor authentication. The PIN is one of the factors (something you know) and the ATM Card is the other factor (something you have). Therefore, banks make significant investments on PIN Mailers and HSMs to preserve the security and confidentiality in the generation, validation, management and the delivery of the PIN to their customers. Moreover, banks install surveillance cameras inside ATM cubicles as a physical security measure to prevent fraud and theft. However, in some cases, ATM PIN-Pad and the PIN entering process get revealed through the surveillance camera footage itself. We demonstrate that visibility of forearm movements is sufficient to infer PINs with a significant level of accuracy. Video footage of the PIN entry process simulated in an experimental setup was analyzed using two approaches. The human observer-based approach shows that a PIN can be guessed with a 30% of accuracy within 3 attempts whilst the computer-assisted analysis of footage gave an accuracy of 50%. The results confirm that ad-hoc installation of surveillance cameras can weaken ATM PIN security significantly by potentially exposing one factor of a two-factor authentication system. Our investigation also revealed that there are no guidelines, standards or regulations governing the placement of surveillance cameras inside ATM cubicles in Sri Lanka.

The recent advancements in ubiquitous sensing powered by Wireless Computing Technologies (WCT) and Cloud Computing Services (CCS) have introduced a new thinking ability amongst researchers and healthcare professionals for building secure and connected healthcare systems. The integration of Internet of Things (IoT) in healthcare services further brings in several challenges with it, mainly including encrypted communication through vulnerable wireless medium, authentication and access control algorithms and ownership transfer schemes (important patient information). Major concern of such giant connected systems lies in creating the data handling strategies which is collected from the billions of heterogeneous devices distributed across the hospital network. Besides, the resource constrained nature of IoT would make these goals difficult to achieve. Motivated by aforementioned deliberations, this paper introduces a novel approach in designing a security framework for edge-computing based connected healthcare systems. An efficient, multi-factor access control and ownership transfer mechanism for edge-computing based futuristic healthcare applications is the core of proposed framework. Data scalability is achieved by employing distributed approach for clustering techniques that analyze and aggregate voluminous data acquired from heterogeneous devices individually before it transits the to the cloud. Moreover, data/device ownership transfer scheme is considered to be the first time in its kind. During ownership transfer phase, medical server facilitates user to transfer the patient information/ device ownership rights to the other registered users. In order to avoid the existing mistakes, we propose a formal and informal security analysis, that ensures the resistance towards most common IoT attacks such as insider attack, denial of distributed service (DDoS) attack and traceability attacks.