Biblio

This paper presents the Virtual Open Operating System (vf-OS) Input / Output (IO) Toolkit Generator, which is a design tool to develop vf-OS IO components that interact with all kinds of manufacturing assets, either physical devices like Program Logic Controllers (PLCs), software applications like Enterprise Resource Planning Systems (ERPs) or legacy file formats like STEP. The vf-OS IO Toolkit Generator is based on software scaffolding, a code generation technique that allows a developer to create a working component to interact with a manufacturing asset from the vf-OS Platform without writing a line of code. As described in this paper, software scaffolding not only simplifies the development of interoperability components, but it also fosters system security and platform integration automation. Another contribution of this paper is to propose possible integrations between the IO Toolkit Generator and the vf-OS Security Command Centre in charge of platform security. Additionally, this paper describes how the concept can be extended to address other digital manufacturing platforms like Fi-Ware.

Network security testing devices play important roles in Cyber security. Most of the current network security testing devices are based on proprietary hardware, however, the virtual network security tester needs high network I/O throughput performance. Therefore, the solution of the problem, which provides high-performance network I/O in the virtual scene will be explained in this paper. The method we proposed for virtualized network I/O performance optimization on a general hardware platform is able to achieve the I/O throughput performance of the proprietary hardware. The Single Root I/O Virtualization (SRIOV) of the physical network card is divided into a plurality of virtual network function of VF, furthermore, it can be added to different VF and VM. Extensive experiment illustrated that the virtualization and the physical network card sharing based on hardware are realized, and they can be used by Data Plane Development Kit (DPDK) and SRIOV technology. Consequently, the test instrument applications in virtual machines achieves the rate of 10Gps and meet the I/O requirement.

In this paper, we consider the runtime verification problem of safety hyperproperties for deterministic programs. Several security and information-flow policies such as data minimality, non-interference, integrity, and software doping are naturally expressed formally as safety hyperproperties. Although there are monitoring results for hyperproperties, the algorithms are very complex since these are properties over set of traces, and not over single traces. For the deterministic input-output programs that we consider, and the specific safety hyperproperties we are interested in, the problem can be reduced to monitoring of trace properties. In this paper, we present a simpler monitoring approach for safety hyperproperties of deterministic programs. The approach involves transforming the given safety hyperproperty into a trace property, extracting a characteristic predicate for the given hyperproperty, and providing a parametric monitor taking such predicate as parameter. For any hyperproperty in the considered subclass, we show how runtime verification monitors can be synthesised. We have implemented our approach in the form of a parameterised monitor for the given class, and have applied it to a number of hyperproperties including data minimisation, non-interference, integrity and software doping. We show results concerning both offline and online monitoring.

Mobile ad hoc network (MANET) requires extraneous energy effectualness and legion intelligence for which a best clustered based approach is pertained called the “Bee-Ad Hoc-C”. In MANET the mechanism of multi-hop routing is imperative but may leads to a challenging issue like lack of data privacy during communication. ECC (Elliptical Curve Cryptography) is integrated with the Bee clustering approach to provide an energy efficient and secure data delivery system. Even though it ensures data confidentiality, data reliability is still disputable such as data dropping attack, Black hole attack (Attacker router drops the data without forwarding to destination). In such cases the technique of overhearing is utilized by the neighbor routers and the packet forwarding statistics are measured based on the ratio between the received and forwarded packets. The presence of attack is detected if the packet forwarding ratio is poor in the network which paves a way to the alternate path identification for a reliable data transmission. The proposed work is an integration of SC-AODV along with ECC in Bee clustering approach with an extra added overhearing technique which n on the whole ensures data confidentiality, data reliability and energy efficiency.

Vehicular Ad-hoc Networks (VANETs) are generally acknowledged as an extraordinary sort of Mobile Ad hoc Network (MANET). VANETs have seen enormous development in a decade ago, giving a tremendous scope of employments in both military and in addition non-military personnel exercises. The temporary network in the vehicles can likewise build the driver's capability on the road. In this paper, an effective information dispersal approach is proposed which enhances the vehicle-to-vehicle availability as well as enhances the QoS between the source and the goal. The viability of the proposed approach is shown with regards to the noteworthy gets accomplished in the parameters in particular, end to end delay, packet drop ratio, average download delay and throughput in comparison with the existing approaches.

Ad hoc network is sensitive to attacks because it has temporary nature and frequently recognized insecure environment. Both Ad hoc On-demand Distance Vector (AODV) and Ad hoc On-demand Multipath Distance vector (AOMDV) routing protocols have the strategy to take help from Wireless and mobile ad hoc networks. A mobile ad hoc network (MANET) is recognized as an useful internet protocol and where the mobile nodes are self-configuring and self-organizing in character. This research paper has focused on the detection and influence of black hole attack on the execution of AODV and AOMDV routing protocols and has also evaluated the performance of those two on-demand routing protocols in MANETs. AODV has the characteristics for discovering a single path in single route discovery and AOMDV has the characteristics for discovering multiple paths in single route discovery. Here a proposed method for both AODV and AOMDV routing protocol, has been applied for the detection of the black hole attack, which is the merge of both SHA-3 and Diffie-Hellman algorithm. This merge technique has been applied to detect black hole attack in MANET. This technique has been applied to measure the performance matrices for both AODV and AOMDV and those performance matrices are Average Throughput, Average End to End delay and Normalized Routing Load. Both AODV and AOMDV routing protocol have been compared with each other to show that under black hole attack, AOMDV protocol always has better execution than AODV protocol. Here, NS-2.35 has been used as the Network Simulator tool for the simulation of these particular three types of performance metrics stated above.

Mobile ad-hoc network (MANETS) is generally appropriate in different territories like military tactical network, educational, home and entertainment and emergency operations etc. The MANETSs are simply the disintegration and designing kind of system in this portable hubs coming up and out the system whenever. Because of decentralized creation of the network, security, routing and Standard of service are the three noteworthy issues. MANETSs are helpless against security attack in light of the decentralized validation. The mobile hubs can enter or out the system and at some point malicious hubs enter the system, which are capable to trigger different dynamic and inactive attack. The flooding attack is the dynamic sort of attack in which malicious hubs transfers flooding packets on the medium. Because of this, medium gets over-burden and packets drop may happen inside the system. This decreases the throughput and increased packet loss. In this paper we illustrated different techniques and proposed various methods responsible for flooding attack. Our commitment in this paper is that we have investigated various flooding attacks in MANETs, their detection techniques with performance measure parameters.

The mobile ad-hoc networks comprised of nodes that are communicated through dynamic request and also by static table driven technique. The dynamic route discovery in AODV routing creates an unsecure transmission as well as reception. The reason for insecurity is the route request is given to all the nodes in the network communication. The possibility of the intruder nodes are more in the case of dynamic route request. Wormhole attacks in MANETs are creating challenges in the field of network analysis. In this paper the wormhole scenario is realized using high power transmission. This is implemented using energy model of ns2 simulator. The Apptool simulator identifies the energy level of each node and track the node of high transmission power. The performance curves for throughput, node energy for different encrypted values, packet drop ratio, and end to end delay are plotted.

As malware family classification methods, image-based classification methods have attracted much attention. Especially, due to the fast classification speed and the high classification accuracy, Convolutional Neural Network (CNN)-based malware family classification methods have been studied. However, previous studies on CNN-based classification methods focused only on improving the classification accuracy of malware families. That is, previous studies did not consider the cases that the accuracy of CNN-based malware classification methods can be decreased under the existence of adversarial attacks. In this paper, we analyze the robustness of various CNN-based malware family classification models under adversarial attacks. While adding imperceptible non-random perturbations to the input image, we measured how the accuracy of the CNN-based malware family classification model can be affected. Also, we showed the influence of three significant visualization parameters(i.e., the size of input image, dimension of input image, and conversion color of a special character)on the accuracy variation under adversarial attacks. From the evaluation results using the Microsoft malware dataset, we showed that even the accuracy over 98% of the CNN-based malware family classification method can be decreased to less than 7%.

The exponential growth rate of malware causes significant security concern in this digital era to computer users, private and government organizations. Traditional malware detection methods employ static and dynamic analysis, which are ineffective in identifying unknown malware. Malware authors develop new malware by using polymorphic and evasion techniques on existing malware and escape detection. Newly arriving malware are variants of existing malware and their patterns can be analyzed using the vision-based method. Malware patterns are visualized as images and their features are characterized. The alternative generation of class vectors and feature vectors using ensemble forests in multiple sequential layers is performed for classifying malware. This paper proposes a hybrid stacked multilayered ensembling approach which is robust and efficient than deep learning models. The proposed model outperforms the machine learning and deep learning models with an accuracy of 98.91%. The proposed system works well for small-scale and large-scale data since its adaptive nature of setting parameters (number of sequential levels) automatically. It is computationally efficient in terms of resources and time. The method uses very fewer hyper-parameters compared to deep neural networks.

Malware classification is the process of categorizing the families of malware on the basis of their signatures. This work focuses on classifying the emerging malwares on the basis of comparable features of similar malwares. This paper proposes a novel framework that categorizes malware samples into their families and can identify new malware samples for analysis. For this six diverse classification techniques of machine learning are used. To get more comparative and thus accurate classification results, analysis is done using two different tools, named as Knime and Orange. The work proposed can help in identifying and thus cleaning new malwares and classifying malware into their families. The correctness of family classification of malwares is investigated in terms of confusion matrix, accuracy and Cohen's Kappa. After evaluation it is analyzed that Random Forest gives the highest accuracy.

Knowing malware types in every malware attacks is very helpful to the administrators to have proper defense policies for their system. It must be a massive benefit for the organization as well as the social if the automatic protection systems could themselves detect, classify an existence of new malware types in the whole network system with a few malware samples. This feature helps to prevent the spreading of malware as soon as any damage is caused to the networks. An approach introduced in this paper takes advantage of One-shot/few-shot learning algorithms in solving the malware classification problems by using some well-known models such as Matching Networks, Prototypical Networks. To demonstrate an efficiency of the approach, we run the experiments on the two malware datasets (namely, MalImg and Microsoft Malware Classification Challenge), and both experiments all give us very high accuracies. We confirm that if applying models correctly from the machine learning area could bring excellent performance compared to the other traditional methods, open a new area of malware research.

Research in genetic improvement (GI) conventionally focuses on the improvement of software, including the automated repair of bugs and vulnerabilities as well as the refinement of software to increase performance. Eliminating or reducing vulnerabilities using GI has improved the security of benign software, but the growing volume and complexity of malicious software necessitates better analysis techniques that may benefit from a GI-based approach. Rather than focus on the use of GI to improve individual software artifacts, we believe GI can be applied to the tools used to analyze malicious code for its behavior. First, malware analysis is critical to understanding the damage caused by an attacker, which GI-based bug repair does not currently address. Second, modern malware samples leverage complex vectors for infection that cannot currently be addressed by GI. In this paper, we discuss an application of genetic improvement to the realm of automated malware analysis through the use of variable-strength covering arrays.

As time progresses, new and complex malware types are being generated which causes a serious threat to computer systems. Due to this drastic increase in the number of malware samples, the signature-based malware detection techniques cannot provide accurate results. Different studies have demonstrated the proficiency of machine learning for the detection and classification of malware files. Further, the accuracy of these machine learning models can be improved by using feature selection algorithms to select the most essential features and reducing the size of the dataset which leads to lesser computations. In this paper, we have developed a machine learning based malware analysis framework for efficient and accurate malware detection and classification. We used Cuckoo sandbox for dynamic analysis which executes malware in an isolated environment and generates an analysis report based on the system activities during execution. Further, we propose a feature extraction and selection module which extracts features from the report and selects the most important features for ensuring high accuracy at minimum computation cost. Then, we employ different machine learning algorithms for accurate detection and fine-grained classification. Experimental results show that we got high detection and classification accuracy in comparison to the state-of-the-art approaches.

IoT devices can be used to fulfil many of our daily tasks. IoT could be wearable devices, home appliances, or even light bulbs. With the introduction of this new technology, however, vulnerabilities are being introduced and can be leveraged or exploited by malicious users. One common vehicle of exploitation is malicious software, or malware. Malware can be extremely harmful and compromise the confidentiality, integrity and availability (CIA triad) of information systems. This paper analyzes the types of malware attacks, introduce some mitigation approaches and discusses future challenges.

The most common defenses against malware threats involves the use of signatures derived from instances of known malware. However, the constant evolution of the malware threat landscape necessitates defense against unknown malware, making a signature catalog of known threats insufficient to prevent zero-day vulnerabilities from being exploited. Recent research has applied machine learning approaches to identify malware through artifacts of malicious activity as observed through dynamic behavioral analysis. We have seen that these approaches mimic common malware defenses by simply offering a method of detecting known malware. We contribute a new method of identifying software as malicious or benign through analysis of the frequency of Windows API system function calls. We show that this is a powerful technique for malware detection because it generates learning models which understand the difference between malicious and benign software, rather than producing a malware signature classifier. We contribute a method of systematically comparing machine learning models against different datasets to determine their efficacy in accurately distinguishing the difference between malicious and benign software.

Most of the malware detection techniques use malware signatures for detection. It is easy to detect known malicious program in a system but the problem arises when the malware is unknown. Because, unknown malware cannot be detected by using available known malware signatures. Signature based detection techniques fails to detect unknown and zero-day attacks. A novel approach is required to represent malware features effectively to detect obfuscated, unknown, and mutated malware. This paper emphasizes malware behavior, characteristics and properties extracted by different analytic techniques and to decide whether to include them to create behavioral based malware signature. We have made an attempt to understand the malware behavior using a few openly available tools for malware analysis.

Network lifetime and energy consumption of sensor nodes have an inversely proportional relationship. Thus, it is important to ensure source location privacy (SLP) routing schemes are energy-efficient. This work performs an experimental evaluation of some existing routing schemes and proposes a new angle-based routing algorithm to modify the schemes. The dynamic route creation process of the modified schemes is characterized by processes which include determination of route and banned regions and computation of control angle and lead factor parameters. Results of the analysis show that the modified schemes are effective at obfuscating the adversaries to provide strong SLP protection. Furthermore, the modified schemes consume relatively lower energy and guarantee longer network lifetime.

In many applications, source nodes send the sensing information of the monitored objects and the sinks receive the transmitted data. Considering the limited resources of sensor nodes, location privacy preservation becomes an important issue. Although many schemes are proposed to preserve source or sink location security, few schemes can preserve the location security of source nodes and sinks. In order to solve this problem, we propose a novel of multi-branch source location privacy protection method based on random walk. This method hides the location of real source nodes by setting multiple proxy sources. And multiple neighbors are randomly selected by the real source node as receivers until a proxy source receives the packet. In addition, the proxy source is chosen randomly, which can prevent the attacker from obtaining the location-related data of the real source node. At the same time, the scheme sets up a branch interference area around the base station to interfere with the adversary by increasing routing branches. Simulation results describe that our scheme can efficiently protect source and sink location privacy, reduce the communication overhead, and prolong the network lifetime.

As more devices become connected to the internet and new technologies emerge to connect them, security must keep up to protect data during transmission and at rest. Several instances of security breaches have forced many companies to investigate the effectiveness of their security measures. In this paper, we discuss different methodologies for protecting data as it relates to wireless sensor networks (WSNs). Data collected from these sensors range in type from location data of an individual to surveillance for military applications. We propose a solution that protects the location of the base station and the nodes while transmitting data.

There exist numerous strategies for Source Location Privacy (SLP) routing schemes. In this study, an experimental analysis of a few routing schemes is done to investigate the influence of the routing scheme algorithms on the privacy protection level and the network lifetime performance. The analysis involved four categories of SLP routing schemes. Analysis results revealed that the algorithms used in the representative schemes for tree-based and angle-based routing schemes incur the highest influence. The tree-based algorithm stimulates the highest energy consumption with the lowest network lifetime while the angle-based algorithm does the opposite. Moreover, for the tree-based algorithm, the influence is highly dependent on the region of the network domain.

Wireless Sensor Networks (WSNs) are used in sensitive applications such as in asset monitoring applications. Due to the sensitivity of information in these applications, it is important to ensure that flow of data between sensor nodes is secure and does not expose any information about the source node or the monitored assets. This paper proposes a scheme to preserve the source location privacy based on random routing techniques. To achieve high privacy, the proposed scheme randomly sends packet to sink node through tactically positioned agent nodes. The position of agent nodes is designed to guarantee that successive packets are routed through highly random and perplexing routing paths as compared to other routing schemes. Simulation results demonstrate that proposed scheme provides longer safety period and higher privacy against both, patient and cautious adversaries.

Wireless Sensor Networks (WSNs) consist of low-cost, resource-constrained sensor nodes and a designated node called a sink which collects data from the sensor nodes. A WSN can be used in numerous applications such as subject tracking and monitoring, where it is often desirable to keep the location of the subject private. Without location privacy protection, an adversary can locate the subject. In this paper, we propose an algorithm that tries to keep the subject location private from a global adversary, which can see the entire network traffic, in an energy efficient way.

Performance and improved packet handling capacity against high traffic load are important requirements for an effective intrusion detection system (IDS). Snort is one of the most popular open-source intrusion detection system which runs on Linux. This research article discusses ways of enhancing the performance of Snort by modifying Linux key parameters related to NAPI packet reception mechanism within the Linux kernel networking subsystem. Our enhancement overcomes the current limitations related to NAPI throughput. We experimentally demonstrate that current default budget B value of 300 does not yield the best performance of Snort throughput. We show that a small budget value of 14 gives the best Snort performance in terms of packet loss both at Kernel subsystem and at the application level. Furthermore, we compare our results to those reported in the literature, and we show that our enhancement through tuning certain parameters yield superior performance.

The safety of critical cyber-physical IoT devices hinges on the security of their embedded software that implements control algorithms for monitoring and control of the associated physical processes, e.g., robotics and drones. Reverse engineering of the corresponding embedded controller software binaries enables their security analysis by extracting high-level, domain-specific, and cyber-physical execution semantic information from executables. We present MISMO, a domain-specific reverse engineering framework for embedded binary code in emerging cyber-physical IoT control application domains. The reverse engineering outcomes can be used for firmware vulnerability assessment, memory forensics analysis, targeted memory data attacks, or binary patching for dynamic selective memory protection (e.g., important control algorithm parameters). MISMO performs semantic-matching at an algorithmic level that can help with the understanding of any possible cyber-physical security flaws. MISMO compares low-level binary symbolic values and high-level algorithmic expressions to extract domain-specific semantic information for the binary's code and data. MISMO enables a finer-grained understanding of the controller by identifying the specific control and state estimation algorithms used. We evaluated MISMO on 2,263 popular firmware binaries by 30 commercial vendors from 6 application domains including drones, self-driving cars, smart homes, robotics, 3D printers, and the Linux kernel controllers. The results show that MISMO can accurately extract the algorithm-level semantics of the embedded binary code and data regions. We discovered a zero-day vulnerability in the Linux kernel controllers versions 3.13 and above.