Biblio

This paper deals with how to implement a system that extends insider threat behavior data using private blockchain technology to overcome the limitations of insider threat datasets. Currently, insider threat data is completely undetectable in existing datasets for new methods of insider threat due to the lack of insider threat scenarios and abstracted event behavior. Also, depending on the size of the company, it was difficult to secure a sample of data with the limit of a small number of leaks among many general users in other organizations. In this study, we consider insiders who pose a threat to all businesses as public enemies. In addition, we proposed a system that can use a private blockchain to expand insider threat behavior data between network participants in real-time to ensure reliability and transparency.

The Internet of Things poses some of the biggest security challenges in the present day. Companies, users and infrastructures are constantly under attack by malicious actors. Increasingly, attacks are being launched by hacking into one vulnerable device and hence disabling entire networks resulting in great loss. A strong identity management framework can help better protect these devices by issuing a unique identity and managing the same through its lifecycle. Identity of Things (IDoT) is a term that has been used to describe the importance of device identities in IoT networks. Since the traditional identity and access management (IAM) solutions are inadequate in managing identities for IoT, the Identity of Things (IDoT) is emerging as the solution for issuance of Identities to every type of device within the IoT IAM infrastructure. This paper presents the survey of recent research works proposed in the area of device identities and various commercial solutions offered by organizations specializing in IoT device security.

Passwords are generally used to keep unauthorized users out of the system. Password hacking has become more common as the number of internet users has extended, causing a slew of issues. These problems include stealing the confidential information of a company or a country by adversaries which harm the economy or the security of the organization. Hackers often use password hacking for criminal activities. It is indispensable to protect passwords from hackers. There are many hacking methods such as credential stuffing, social engineering, traffic interception, and password spraying for hacking the passwords. So, in order to control hacking, there are hashing algorithms that are mostly used to hash passwords making password cracking more difficult. In this proposed work, different hashing algorithms such as SHA-1, MD-5, Salted MD-5, SHA-256, and SHA-512 have been used. And the MySQL database is used to store the hash values of passwords that are generated using various hash functions. It is proven that SHA is better than MD-5 and Salted MD-5. Whereas in the SHA family, SHA-512 and SHA-256 have their own benefits. Four new hashing functions have been proposed using the combination of existing algorithms like SHA-256, and SHA-512 namely SHA-256\_with\_SHA-256, SHA-256\_ With\_SHA-512,SHA-512\_With\_SHA-512,and SHA-512\_ With\_SHA-256. They provide strong hash value for passwords by which the security of passwords increases, and hacking can be controlled to an extent.

Data security is the process of protecting data from loss, alteration, or unauthorised access during its entire lifecycle. It includes everything from the policies and practices of a company to the hardware, software, storage, and user devices used by that company. Data security tools and technology increase transparency into an organization's data and its usage. These tools can protect data by employing methods including encryption and data masking personally identifiable information.. Additionally, the method aids businesses in streamlining their auditing operations and adhering to the increasingly strict data protection rules.

Data security has become the most important issue in every institution or company. With the existence of hackers, intruders, and third parties on the cloud, securing data has become more challenging. This paper uses a hybrid encryption method that is based on the Elliptic Curve Cryptography (ECC) and Fully Homomorphic Encryption (FHE). ECC is used as a lightweight encryption algorithm that can provide a good level of security. Besides, FHE is used to enable data computation on the encrypted data in the cloud. In this paper, the concept of unique values is combined with the hybrid encryption method. Using the concept of unique values contributes to decreasing the encryption and decryption time obviously. To evaluate the performance of the combined encryption method, the provided results are compared with the ones in the encryption method without using the concept of unique values. Experiments show that the combined encryption method can reduce the encryption time up to 43% and the decryption time up to 56%.

Cyber Attack is the most challenging issue all over the world. Nowadays, Cyber-attacks are increasing on digital systems and organizations. Innovation and utilization of new digital technology, infrastructure, connectivity, and dependency on digital strategies are transforming day by day. The cyber threat scope has extended significantly. Currently, attackers are becoming more sophisticated, well-organized, and professional in generating malware programs in Python, C Programming, C++ Programming, Java, SQL, PHP, JavaScript, Ruby etc. Accurate attack modeling techniques provide cyber-attack planning, which can be applied quickly during a different ongoing cyber-attack. This paper aims to create a new cyber-attack model that will extend the existing model, which provides a better understanding of the network’s vulnerabilities.Moreover, It helps protect the company or private network infrastructure from future cyber-attacks. The final goal is to handle cyber-attacks efficacious manner using attack modeling techniques. Nowadays, many organizations, companies, authorities, industries, and individuals have faced cybercrime. To execute attacks using our model where honeypot, the firewall, DMZ and any other security are available in any environment.

At the end of the IT Security degree program a simulation game is conducted to repeat and consolidate the core skills of a Bachelor’s graduate. The focus is not on teaching content, but on the application of already learned skills. The scenario shows the students the risks of a completely networked world, which has come to a complete standstill due to a catastrophe. The participants occupy in groups the predefined companies, which are assigned with the reconstruction of the communication infrastructure (the internet). This paper describes the preparation, technical and organizational implementation of the. Also, the most important conclusions drawn by the authors.

International regulations specified in WP.29 and international standards specified in ISO/SAE 21434 require security operations such as cyberattack detection and incident responses to protect vehicles from cyberattacks. To meet these requirements, many vehicle manufacturers are planning to install Intrusion Detection Systems (IDSs) in the Controller Area Network (CAN), which is a primary component of in-vehicle networks, in the coming years. Besides, many vehicle manufacturers and information security companies are developing technologies to identify attack paths related to IDS alerts to respond to cyberattacks appropriately and quickly. To develop the IDSs and the technologies to identify attack paths, it is essential to grasp normal communications performed on in-vehicle networks. Thus, our study aims to develop a technology that can easily grasp normal communications performed on in-vehicle networks. In this paper, we propose the first message source identification method that easily identifies CAN-IDs used by each Electronic Control Unit (ECU) connected to the CAN for message transmissions. We realize the proposed method by utilizing diagnostic communications and an IDS installed in the CAN (CAN-IDS). We evaluate the proposed method using an ECU installed in an actual vehicle and four kinds of simulated CAN-IDSs based on typical existing intrusion detection methods for the CAN. The evaluation results show that the proposed method can identify the CAN-ID used by the ECU for CAN message transmissions if a suitable simulated CAN-IDS for the proposed method is connected to the vehicle.

With the rapid development of artificial intelligence (AI), many companies are moving towards automating their services using automated conversational agents. Dialogue-based conversational recommender agents, in particular, have gained much attention recently. The successful development of such systems in the case of natural language input is conditioned by the ability to understand the users’ utterances. Predicting the users’ intents allows the system to adjust its dialogue strategy and gradually upgrade its preference profile. Nevertheless, little work has investigated this problem so far. This paper proposes an LSTM-based Neural Network model and compares its performance to seven baseline Machine Learning (ML) classifiers. Experiments on a new publicly available dataset revealed The superiority of the LSTM model with 95% Accuracy and 94% F1-score on the full dataset despite the relatively small dataset size (9300 messages and 17 intents) and label imbalance.

A huge amount of stored and transferred data is expanding rapidly. Therefore, managing and securing the big volume of diverse applications should have a high priority. However, Structured Query Language Injection Attack (SQLIA) is one of the most common dangerous threats in the world. Therefore, a large number of approaches and models have been presented to mitigate, detect or prevent SQL injection attack but it is still alive. Most of old and current models are created based on static, dynamic, hybrid or machine learning techniques. However, SQL injection attack still represents the highest risk in the trend of web application security risks based on several recent studies in 2021. In this paper, we present a review of the latest research dealing with SQL injection attack and its types, and demonstrating several types of most recent and current techniques, models and approaches which are used in mitigating, detecting or preventing this type of dangerous attack. Then, we explain the weaknesses and highlight the critical points missing in these techniques. As a result, we still need more efforts to make a real, novel and comprehensive solution to be able to cover all kinds of malicious SQL commands. At the end, we provide significant guidelines to follow in order to mitigate such kind of attack, and we strongly believe that these tips will help developers, decision makers, researchers and even governments to innovate solutions in the future research to stop SQLIA.

IoT has been an efficient technology for interconnecting different physical objects with the internet. Several cyber-attacks have resulted in compromise in security. Blockchain distributed ledger provide immutability that can answer IoT security concerns. The paper aims at highlighting the challenges & problems currently associated with IoT implementation in real world and how these problems can be minimized by implementing Blockchain based solutions and smart contracts. Blockchain helps in creation of new highly robust IoT known as Blockchain of Things(BCoT). We will also examine presently employed projects working with integrating Blockchain & IoT together for creating desired solutions. We will also try to understand challenges & roadblocks preventing the further implementation of both technologies merger.

In this work, we discuss data breaches based on the “2012 SocialArks data breach” case study. Data leakage refers to the security violations of unauthorized individuals copying, transmitting, viewing, stealing, or using sensitive, protected, or confidential data. Data leakage is becoming more and more serious, for those traditional information security protection methods like anti-virus software, intrusion detection, and firewalls have been becoming more and more challenging to deal with independently. Nevertheless, fortunately, new IT technologies are rapidly changing and challenging traditional security laws and provide new opportunities to develop the information security market. The SocialArks data breach was caused by a misconfiguration of ElasticSearch Database owned by SocialArks, owned by “Tencent.” The attack methodology is classic, and five common Elasticsearch mistakes discussed the possibilities of those leakages. The defense solution focuses on how to optimize the Elasticsearch server. Furthermore, the ElasticSearch database’s open-source identity also causes many ethical problems, which means that anyone can download and install it for free, and they can install it almost anywhere. Some companies download it and install it on their internal servers, while others download and install it in the cloud (on any provider they want). There are also cloud service companies that provide hosted versions of Elasticsearch, which means they host and manage Elasticsearch clusters for their customers, such as Company Tencent.

HTTP flood DDoS (Distributed Denial of Service) attacks send illegitimate HTTP requests to the targeted site or server. These kinds of attacks corrupt the networks with the help of massive attacking nodes thus blocking incoming traffic. Computer network connected devices are the major source to distributed denial of service attacks (or) botnet attacks. The computer manufacturers rapidly increase the network devices as per the requirement increases in the different environmental needs. Generally the manufacturers cannot ship computer network products with high level security. Those network products require additional security to prevent the DDoS attacks. The present technology is filled with 4G that will impact DDoS attacks. The million DDoS attacks had experienced in every year by companies or individuals. DDoS attack in a network would lead to loss of assets, data and other resources. Purchasing the new equipment and repair of the DDoS attacked network is financially becomes high in the value. The prevention mechanisms like CAPTCHA are now outdated to the bots and which are solved easily by the advanced bots. In the proposed work a secured botnet prevention mechanism provides network security by prevent and mitigate the http flooding based DDoS attack and allow genuine incoming traffic to the application or server in a network environment with the help of integrating invisible challenge and Resource Request Rate algorithms to the application. It offers double security layer to handle malicious bots to prevent and mitigate.

At the same time as Big Data technologies are being constantly refined, the legislation relating to data privacy is changing. The invalidation by the Court of Justice of the European Union on October 6, 2015, of the agreement known as “Safe Harbor”, negotiated by the European Commission on behalf of the European Union with the United States has two consequences. The first is to announce its replacement by a new, still fragile, program, the “Privacy Shield”, which isn't yet definitive and which could also later be repealed by the Court of Justice of the European Union. For example, we are expecting to hear the opinion in mid-April 2016 of the group of data protection authorities for the various states of the European Union, known as G29. The second is to mobilize the Big Data community to take control of the question of data privacy management and to put in place an adequate internal program.

As the COVID-19 continues to spread globally, more and more companies are transforming into remote online offices, leading to the expansion of electronic signatures. However, the existing electronic signatures platform has the problem of data-centered management. The system is subject to data loss, tampering, and leakage when an attack from outside or inside occurs. In response to the above problems, this paper designs an electronic signature solution and implements a prototype system based on the consortium blockchain. The solution divides the contract signing process into four states: contract upload, initiation signing, verification signing, and confirm signing. The signing process is mapped with the blockchain-linked data. Users initiate the signature transaction by signing the uploaded contract's hash. The sign state transition is triggered when the transaction is uploaded to the blockchain under the consensus mechanism and the smart contract control, which effectively ensures the integrity of the electronic contract and the non-repudiation of the electronic signature. Finally, the blockchain performance test shows that the system can be applied to the business scenario of contract signing.

Financial technology (Fintech) is an amalgamation of financial management using a technology system. Fintech has become a public concern because this service provides many service features to make it easier from the financial side, such as being used in cooperative financial institutions, banking and insurance. This paper will analyze the opportunities and challenges of Fintech sharia in Indonesia. By exploring the existing literature, this article will try to answer that question. This research is carried out using a literature review approach and comparative qualitative method which will determined the results of the SWOT analysis of sharia financial technology in indonesia. It is needed to mitigate risk of funding in a peer to peer method in overcoming the security of funds and data from investors, firstly companies can perform transparency on the clarity of investor funds. This is done as one of the facilities provided to investors in the Fintech application. In the future, it is hoped that in facing competition, sharia-based fintech companies must be able to provide targeted services through the socialization of sharia fintech to the public, both online and offline. Investors are expected to be more careful before investing in choosing Fintech Peer to Peer (P2P) Lending services by checking the list of Fintech lending and lending companies registered and found by the Financial Services Authority (OJK).

Aiming at the big data security and privacy protection issues in the smart grid, the current key technologies for big data security and privacy protection in smart grids are sorted out, and a privacy-protecting smart grid association rule is proposed according to the privacy-protecting smart grid big data analysis and mining technology route The mining plan specifically analyzes the risk factors in the operation of the new power grid, and discusses the information security of power grid users from the perspective of the user, focusing on the protection of privacy and security, using safe multi-party calculation of the support and confidence of the association rules. Privacy-protecting smart grid big data mining enables power companies to improve service quality to 7.5% without divulging customer private information.

Currently, many organizations are moving to new digital management systems, which is accompanied not only by the introduction of new approaches based on the use of information technology, but also by a change in the organizational and management environment. Risk management is a process necessary to maintain the competitive advantage of an organization, but it can also become involved in the course of digitalization itself, which means that risk management also needs to change to meet modern conditions and ensure the effectiveness of the organization. This article discusses the risk management process in the digital environment. The main approach to the organization of this process is outlined, taking into account the use of information tools, together with the stages of this process, which directly affect the efficiency of the company. The risks that are specific to a digital organization are taken into account. Modern requirements for risk management for organizations are studied, ways of their implementation are outlined. The result is a risk management process that functions in a digital organization.

Cybersecurity insurance is one of the important means of cybersecurity risk management and the development of cyber insurance is inseparable from the support of cyber risk assessment technology. Cyber risk assessment can not only help governments and organizations to better protect themselves from related risks, but also serve as a basis for cybersecurity insurance underwriting, pricing, and formulating policy content. Aiming at the problem that cybersecurity insurance companies cannot conduct cybersecurity risk assessments on policyholders before the policy is signed without the authorization of the policyholder or in legal, combining with the need that cybersecurity insurance companies want to obtain network security vulnerability risk profiles of policyholders conveniently, quickly and at low cost before the policy signing, this study proposed a non-intrusive network security vulnerability risk assessment method based on ensemble machine learning. Our model uses only open source intelligence and publicly available network information data to rate cyber vulnerability risk of an organization, achieving an accuracy of 70.6% compared to a rating based on comprehensive information by cybersecurity experts.

As the COVID-19 pandemic scattered businesses and their workforces into new scales of remote work, vital security concerns arose surrounding remote access. Bring Your Own Device (BYOD) also plays a growing role in the ability of companies to support remote workforces. As more enterprises embrace concepts of zero trust in their network security posture, access control policy management problems become a more significant concern as it relates to BYOD security enforcement. This BYOD security policy must enable work from home, but enterprises have a vested interest in maintaining the security of their assets. Therefore, the BYOD security policy must strike a balance between access, security, and privacy, given the personal device use. This paper explores the challenges and opportunities of enabling zero trust in BYOD use cases. We present a BYOD policy specification to enable the zero trust access control known as BYOZ. Accompanying this policy specification, we have designed a network architecture to support enterprise zero trust BYOD use cases through the novel incorporation of continuous authentication & authorization enforcement. We evaluate our architecture through a demo implementation of BYOZ and demonstrate how it can meet the needs of existing enterprise networks using BYOD.

Companies store increasing amounts of data, requiring the implementation of mechanisms to protect them from malicious people. There are techniques and procedures that aim to increase the security of computer systems, such as network protection services, firewalls. They are intended to filter packets that enter and leave a network. Its settings depend on security policies, which consist of documents that describe what is allowed to travel on the network and what is prohibited. The transcription of security policies into rules, written in native firewall language, that represent them, is the main source of errors in firewall configurations. In this work, concepts related to security between networks and firewalls are presented. Related works on security policies and their translations into firewall rules are also referenced. Furthermore, the developed tool, named Fireasy, is presented, which allows the modeling of security policies through graphic elements, and the maintenance of rules written in native firewall language, also representing them in graphic elements. Finally, a controlled experiment was conducted to validate the approach, which indicated, in addition to the correct functioning of the tool, an improvement in the translation of security policies into firewall rules using the tool. In the task of understanding firewall rules, there was a homogenization of the participants' performance when they used the tool.

Cyber attacks keep states, companies and individuals at bay, draining precious resources including time, money, and reputation. Attackers thereby seem to have a first mover advantage leading to a dynamic defender attacker game. Automated approaches taking advantage of Cyber Threat Intelligence on past attacks bear the potential to empower security professionals and hence increase cyber security. Consistently, there has been a lot of research on automated approaches in cyber risk management including works on predictive attack algorithms and threat hunting. Combining data on countermeasures from “MITRE Detection, Denial, and Disruption Framework Empowering Network Defense” and adversarial data from “MITRE Adversarial Tactics, Techniques and Common Knowledge” this work aims at developing methods that enable highly precise and efficient automatic incident response. We introduce Attack Incident Responder, a methodology working with simple heuristics to find the most efficient sets of counter-measures for hypothesized attacks. By doing so, the work contributes to narrowing the attackers first mover advantage. Experimental results are promising high average precisions in predicting effiective defenses when using the methodology. In addition, we compare the proposed defense measures against a static set of defensive techniques offering robust security against observed attacks. Furthermore, we combine the approach of automated incidence response to an approach for threat hunting enabling full automation of security operation centers. By this means, we define a threshold in the precision of attack hypothesis generation that must be met for predictive defense algorithms to outperform the baseline. The calculated threshold can be used to evaluate attack hypothesis generation algorithms. The presented methodology for automated incident response may be a valuable support for information security professionals. Last, the work elaborates on the combination of static base defense with adaptive incidence response for generating a bio-inspired artificial immune system for computerized networks.

Throughout history, technological evolution has generated less desired side effects with impact on society. In the field of IT&C, there are ongoing discussions about the role of robots within economy, but also about their impact on the labour market. In the case of digital media systems, we talk about misinformation, manipulation, fake news, etc. Issues related to the protection of the citizen's life in the face of technology began more than 25 years ago; In addition to the many messages such as “the citizen is at the center of concern” or, “privacy must be respected”, transmitted through various channels of different entities or companies in the field of ICT, the EU has promoted a number of legislative and normative documents to protect citizens' rights and freedoms.

Forensic Science comprises a set of technical-scientific knowledge used to solve illicit acts. The increasing use of mobile devices as the main computing platform, in particular smartphones, makes existing information valuable for forensics. However, the blocking mechanisms imposed by the manufacturers and the variety of models and technologies make the task of reconstructing the data for analysis challenging. It is worth mentioning that the conclusion of a case requires more than the simple identification of evidence, as it is extremely important to correlate all the data and sources obtained, to confirm a suspicion or to seek new evidence. This work carries out a systematic review of the literature, identifying the different types of existing image acquisition and the main extraction and encryption methods used in smartphones with the Android operating system.

Vendor cybersecurity risk assessment is of critical importance to smart city infrastructure and sustainability of the autonomous mobility ecosystem. Lack of engagement in cybersecurity policies and process implementation by the tier companies providing hardware or services to OEMs within this ecosystem poses a significant risk to not only the individual companies but to the ecosystem overall. The proposed quantitative method of estimating cybersecurity risk allows vendors to have visibility to the financial risk associated with potential threats and to consequently allocate adequate resources to cybersecurity. It facilitates faster implementation of defense measures and provides a useful tool in the vendor selection process. The paper focuses on cybersecurity risk assessment as a critical part of the overall company mission to create a sustainable structure for maintaining cybersecurity health. Compound cybersecurity risk and impact on company operations as outputs of this quantitative analysis present a unique opportunity to strategically plan and make informed decisions towards acquiring a reputable position in a sustainable ecosystem. This method provides attack trees and assigns a risk factor to each vendor thus offering a competitive advantage and an insight into the supply chain risk map. This is an innovative way to look at vendor cybersecurity posture. Through a selection of unique industry specific parameters and a modular approach, this risk assessment model can be employed as a tool to navigate the supply base and prevent significant financial cost. It generates synergies within the connected vehicle ecosystem leading to a safe and sustainable economy.