Biblio

Internet of Things (IoT) development and the addition of billions of computationally limited devices prohibit the use of classical security measures such as Intrusion Detection Systems (IDS). In this paper, we study the influence of the implementation of different feed-forward type of Neural Networks (NNs) on the detection Rate of the Negative Selection Neural Network (NSNN) algorithm. Feed-forward and cascade forward NN structures with different number of neurons and different number of hidden layers are tested. For training and testing the NSNN algorithm the labeled KDD NSL dataset is applied. The detection rates provided by the algorithm with several NN structures to determine the optimal solution are calculated and compared. The results show how these different feed-forward based NN architectures impact the performance of the NSNN algorithm.

In the paper, an intrusion detection system to safeguard computer software is proposed. The detection is based on negative selection algorithm, inspired by the human immunity mechanism. It is composed of two stages, generation of receptors and anomaly detection. Experimental results of the proposed system are presented, analyzed, and concluded.

Computer worms pose a major threat to computer and communication networks due to the rapid speed at which they propagate. Biologically based epidemic models have been widely used to analyze the propagation of worms in computer networks. For an air-gapped network with an insider threat, we propose a modified Susceptible-Exposed-Infected-Quarantined-Vaccinated (SEIQV) model called the Susceptible-Exposed-Infected-Quarantined-Patched (SEIQP) model. We describe the assumptions that apply to this model, define a set of differential equations that characterize the system dynamics, and solve for the basic reproduction number. We then simulate and analyze the parameters controlled by the insider threat to determine where resources should be allocated to attain different objectives and results.

Mobile Ad hoc Networks (MANETs) are wireless networks that are void of fixed infrastructure as the communication between nodes are dependent on the liaison of each node in the network. The efficacy of MANET in critical scenarios like battlefield communications, natural disaster require new security strategies and policies to guarantee the integrity of nodes in the network. Due to the inherent frailty of MANETs, new security measures need to be developed to defend them. Intrusion Detection strategy used in wired networks are unbefitting for wireless networks due to reasons not limited to resource constraints of participating nodes and nature of communication. Nodes in MANET utilize multi hop communication to forward packets and this result in consumption of resources like battery and memory. The intruder or cheat nodes decide to cooperate or non-cooperate with other nodes. The cheat nodes reduce the overall effectiveness of network communications such as reduced packet delivery ratio and sometimes increase the congestion of the network by forwarding the packet to wrong destination and causing packets to take more times to reach the appropriate final destination. In this paper a decision tree based artificial immune system (AIS) strategy is utilized to detect such cheat nodes thereby improving the efficiency of packet delivery.

Software Defined Networking (SDN) is an emerging architecture providing services on a priority basis for real-time communication, by pulling out the intelligence from the hardware and developing a better management system for effective networking. Denial of service (DoS) attacks pose a significant threat to SDN, as it can disable the genuine hosts and routers by exhausting their resources. It is thus vital to provide efficient traffic management, both at the data layer and the control layer, thereby becoming more responsive to dynamic network threats such as DoS. Existing DoS prevention and mitigation models for SDN are computationally expensive and are slow to react. This paper introduces a novel biologically inspired architecture for SDN to detect DoS flooding attacks. The proposed biologically inspired architecture utilizes the concepts of the human immune system to provide a robust solution against DoS attacks in SDNs. The two layer immune inspired framework, viz innate layer and adaptive layer, is initiated at the data layer and the control layer of SDN, respectively. The proposed model is reactive and lightweight for DoS mitigation in SDNs.

Searchable encryption will become more important as medical services intensify their use of big data and artificial intelligence. To use searchable encryption safely, the resistance of terminals with embedded searchable encryption to illegal attacks (tamper resistance) is extremely important. This study proposes a searchable encryption system embedded in terminals and evaluate the tamper resistance of the proposed system. This study also proposes attack scenarios and quantitatively evaluates the tamper resistance of the proposed system by performing experiments following the proposed attack scenarios.

Nowadays, IoT has crossed all borders and become ubiquitous in everyday life. This emerging technology has a huge success in closing the gap between the digital and the real world. However, security and privacy become huge concerns especially in the medical field which prevent the healthcare industry from adopting it despite its benefits and potentials. This paper focuses on identifying potential security threats to the IoMT and presents the security mechanisms to remove any possible impediment from immune information security of IoMT. A summarized framework of the layered-security model is proposed followed by a specific assessment review of each layer.

Dendritic cell algorithm (DCA) is an immune-inspired classification algorithm which is developed for the purpose of anomaly detection in computer networks. The DCA uses a weighted function in its context detection phase to process three categories of input signals including safe, danger and pathogenic associated molecular pattern to three output context values termed as co-stimulatory, mature and semi-mature, which are then used to perform classification. The weighted function used by the DCA requires either manually pre-defined weights usually provided by the immunologists, or empirically derived weights from the training dataset. Neither of these is sufficiently flexible to work with different datasets to produce optimum classification result. To address such limitation, this work proposes an approach for computing the three output context values of the DCA by employing the recently proposed TSK+ fuzzy inference system, such that the weights are always optimal for the provided data set regarding a specific application. The proposed approach was validated and evaluated by applying it to the two popular datasets KDD99 and UNSW NB15. The results from the experiments demonstrate that, the proposed approach outperforms the conventional DCA in terms of classification accuracy.

An adaptable agent-based IDS (AAIDS) inspired by the danger theory of artificial immune system is proposed. The learning mechanism of AAIDS is designed by emulating how dendritic cells (DC) in immune systems detect and classify danger signals. AG agent, DC agent and TC agent coordinate together and respond to system calls directly rather than analyze network packets. Simulations show AAIDS can determine several critical scenarios of the system behaviors where packet analysis is impractical.

In Mobile Ad hoc Networks (MANET) the nodes act as a host as well as a router thereby forming a self-organizing network that does not rely upon fixed infrastructure, other than gateways to other networks. MANET provides a quick to deploy flexible networking capability with a dynamic topology due to node mobility. MANET nodes transmit, relay and receive traffic from neighbor nodes as the network topology changes. Security is important for MANET and trust computation is used to improve collaboration between nodes. MANET trust frameworks utilize real-time trust computations to maintain the trust state for nodes in the network. If the trust computation is not resilient against attack, the trust values computed could be unreliable. This paper proposes an Artificial Immune System based approach to compute trust and thereby provide a resilient reputation mechanism.

The paper presents a new technique for the botnets' detection in the corporate area networks. It is based on the usage of the algorithms of the artificial immune systems. Proposed approach is able to distinguish benign network traffic from malicious one using the clonal selection algorithm taking into account the features of the botnet's presence in the network. An approach present the main improvements of the BotGRABBER system. It is able to detect the IRC, HTTP, DNS and P2P botnets.

Software defined networking (SDN) is a networking paradigm to provide automated network management at run time through network orchestration and virtualization. SDN can also enhance system resilience through recovery from failures and maintaining critical operations during cyber attacks. SDN's self-healing mechanisms can be leveraged to realized autonomous attack containment, which dynamically modifies access control rules based on configurable trust levels. In this paper, we present an approach to aid in selection of security countermeasures dynamically in an SDN enabled Energy Delivery System (EDS) and achieving tradeoff between providing security and QoS. We present the modeling of security cost based on end-to-end packet delay and throughput. We propose a non-dominated sorting based multi-objective optimization framework which can be implemented within an SDN controller to address the joint problem of optimizing between security and QoS parameters by alleviating time complexity at O(M N2), where M is the number of objective functions and N is the number of population for each generation respectively. We present simulation results which illustrate how data availability and data integrity can be achieved while maintaining QoS constraints.

The network intrusion detection problem domain is described with mathematical knowledge in this paper, and a novel IDS detection model based on immune mechanism is designed. We study the key modules of IDS system, detector tolerance module and the algorithms of IDS detection intensively. Then, the continuous bit matching algorithm for computing affinity is improved by further analysis. At the same time, we adopt controllable variation and random variation, as well as dynamic demotion to improve the dynamic clonal selection algorithm. Finally the experimental simulations verify that the novel artificial immune algorithm has better detection rate and lower noise factor.

The damage caused by counterfeits of semiconductors has become a serious problem. Recently, a physical unclonable function (PUF) has attracted attention as a technique to prevent counterfeiting. The present study investigates an arbiter PUF, which is a typical PUF. The vulnerability of a PUF against machine-learning attacks has been revealed. It has also been indicated that the output of a PUF is inverted from its normal output owing to the difference in environmental variations, such as the changes in power supply voltage and temperature. The resistance of a PUF against machine-learning attacks due to the difference in environmental variation has seldom been evaluated. The present study evaluated the resistance of an arbiter PUF against machine-learning attacks due to the difference in environmental variation. By performing an evaluation experiment using a simulation, the present study revealed that the resistance of an arbiter PUF against machine-learning attacks due to environmental variation was slightly improved. However, the present study also successfully predicted more than 95% of the outputs by increasing the number of learning cycles. Therefore, an arbiter PUF was revealed to be vulnerable to machine-learning attacks even after environmental variation.

The Center for Strategic and International Studies estimates the annual cost from cyber crime to be more than \$400 billion. Most notable is the recent digital identity thefts that compromised millions of accounts. These attacks emphasize the security problems of using clonable static information. One possible solution is the use of a physical device known as a Physically Unclonable Function (PUF). PUFs can be used to create encryption keys, generate random numbers, or authenticate devices. While the concept shows promise, current PUF implementations are inherently problematic: inconsistent behavior, expensive, susceptible to modeling attacks, and permanent. Therefore, we propose a new solution by which an unclonable, dynamic digital identity is created between two communication endpoints such as mobile devices. This Physically Unclonable Digital ID (PUDID) is created by injecting a data scrambling PUF device at the data origin point that corresponds to a unique and matching descrambler/hardware authentication at the receiving end. This device is designed using macroscopic, intentional anomalies, making them inexpensive to produce. PUDID is resistant to cryptanalysis due to the separation of the challenge response pair and a series of hash functions. PUDID is also unique in that by combining the PUF device identity with a dynamic human identity, we can create true two-factor authentication. We also propose an alternative solution that eliminates the need for a PUF mechanism altogether by combining tamper resistant capabilities with a series of hash functions. This tamper resistant device, referred to as a Quasi-PUDID (Q-PUDID), modifies input data, using a black-box mechanism, in an unpredictable way. By mimicking PUF attributes, Q-PUDID is able to avoid traditional PUF challenges thereby providing high-performing physical identity assurance with or without a low performing PUF mechanism. Three different application scenarios with mobile devices for PUDID and Q-PUDI- have been analyzed to show their unique advantages over traditional PUFs and outline the potential for placement in a host of applications.

Healing Process is a major role in developing resiliency in cyber-physical system where the environment is diverse in nature. Cyber-physical system is modelled with Multi Agent Paradigm and biological inspired Danger Theory based-Artificial Immune Recognization2 Algorithm Methodology towards developing healing process. The Proposed methodology is implemented in a simulation environment and percentage of Convergence rates shown in achieving accuracy in the healing process to resiliency in cyber-physical system environment is shown.

With the growing observed success of big data use, many challenges appeared. Timeless, scalability and privacy are the main problems that researchers attempt to figure out. Privacy preserving is now a highly active domain of research, many works and concepts had seen the light within this theme. One of these concepts is the de-identification techniques. De-identification is a specific area that consists of finding and removing sensitive information either by replacing it, encrypting it or adding a noise to it using several techniques such as cryptography and data mining. In this report, we present a new model of de-identification of textual data using a specific Immune System algorithm known as CLONALG.

Industrial Control Systems (ICS) which among others are comprised of Supervisory Control and Data Acquisition (SCADA) and Distributed Control Systems (DCS) are used to control industrial processes. ICS have now been connected to other Information Technology (IT) systems and have as a result become vulnerable to Advanced Persistent Threats (APT). APTs are targeted attacks that use zero-day attacks to attack systems. Current ICS security mechanisms fail to deter APTs from infiltrating ICS. An analysis of possible solutions to deter APTs was done. This paper proposes the use of Artificial Immune Systems to secure ICS from APTs.