Biblio
Filters: Keyword is Metrics [Clear All Filters]
Employing Information Theoretic Metrics with Data-Driven Occupancy Detection Approaches: A Comparative Analysis. 2022 5th International Conference on Signal Processing and Information Security (ICSPIS). :50—54.
.
2022. Building occupancy data helps increase energy management systems’ performance, enabling lower energy use while preserving occupant comfort. The focus of this study is employing environmental data (e.g., including but not limited to temperature, humidity, carbon dioxide (CO2), etc.) to infer occupancy information. This will be achieved by exploring the application of information theory metrics with machine learning (ML) approaches to classify occupancy levels for a given dataset. Three datasets and six distinct ML algorithms were used in a comparative study to determine the best strategy for identifying occupancy patterns. It was determined that both k-nearest neighbors (kNN) and random forest (RF) identify occupancy labels with the highest overall level of accuracy, reaching 97.99% and 98.56%, respectively.
Development of a Model for Managing the Openness of an Information System in the Context of Information Security Risks of Critical Information Infrastructure Object. 2022 Conference of Russian Young Researchers in Electrical and Electronic Engineering (ElConRus). :431—435.
.
2022. The problem of information security of critical information infrastructure objects in the conditions of openness is formulated. The concept of information infrastructure openness is analyzed. An approach to assessing the openness of an information system is presented. A set-theoretic model of information resources openness was developed. The formulation of the control problem over the degree of openness with restrictions on risk was carried out. An example of solving the problem of finding the coefficient of openness is presented.
Compliance Checking Based Detection of Insider Threat in Industrial Control System of Power Utilities. 2022 7th Asia Conference on Power and Electrical Engineering (ACPEE). :1142—1147.
.
2022. Compare to outside threats, insider threats that originate within targeted systems are more destructive and invisible. More importantly, it is more difficult to detect and mitigate these insider threats, which poses significant cyber security challenges to an industry control system (ICS) tightly coupled with today’s information technology infrastructure. Currently, power utilities rely mainly on the authentication mechanism to prevent insider threats. If an internal intruder breaks the protection barrier, it is hard to identify and intervene in time to prevent harmful damage. Based on the existing in-depth security defense system, this paper proposes an insider threat protection scheme for ICSs of power utilities. This protection scheme can conduct compliance check by taking advantage of the characteristics of its business process compliance and the nesting of upstream and downstream business processes. Taking the Advanced Metering Infrastructures (AMIs) in power utilities as an example, the potential insider threats of violation and misoperation under the current management mechanism are identified after the analysis of remote charge control operation. According to the business process, a scheme of compliance check for remote charge control command is presented. Finally, the analysis results of a specific example demonstrate that the proposed scheme can effectively prevent the consumers’ power outage due to insider threats.
An Insider Threat Detection Method Based on Heterogeneous Graph Embedding. 2022 IEEE 8th Intl Conference on Big Data Security on Cloud (BigDataSecurity), IEEE Intl Conference on High Performance and Smart Computing, (HPSC) and IEEE Intl Conference on Intelligent Data and Security (IDS). :11—16.
.
2022. Insider threats have high risk and concealment characteristics, which makes traditional anomaly detection methods less effective in insider threat detection. Existing detection methods ignore the logical relationship between user behaviors and the consistency of behavior sequences among homogeneous users, resulting in poor model effects. We propose an insider threat detection method based on internal user heterogeneous graph embedding. Firstly, according to the characteristics of CERT data, comprehensively consider the relationship between users, the time sequence, and logical relationship, and construct a heterogeneous graph. In the second step, according to the characteristics of heterogeneous graphs, the embedding learning of graph nodes is carried out according to random walk and Word2vec. Finally, we propose an Insider Threat Detection Design (ITDD) model which can map and the user behavior sequence information into a high-dimensional feature space. In the CERT r5.2 dataset, compared with a variety of traditional machine learning methods, the effect of our method is significantly better than the final result.
Insider Attack Detection and Prevention using Server Authentication using Elgamal Encryption. 2022 International Conference on Inventive Computation Technologies (ICICT). :967—972.
.
2022. Web services are growing demand with fundamental advancements and have given more space to researchers for improving security of all real world applications. Accessing and get authenticated in many applications on web services, user discloses their password and other privacy data to the server for authentication purposes. These shared information should be maintained by the server with high security, otherwise it can be used for illegal purposes for any authentication breach. Protecting the applications from various attacks is more important. Comparing the security threats, insider attacks are most challenging to identify due to the fact that they use the authentication of legitimate users and their privileges to access the application and may cause serious threat to the application. Insider attacks has been studied in previous researchers with different security measures, however there is no much strong work proposed. Various security protocols were proposed for defending insider attackers. The proposed work focused on insider attack protection through Elgamal cryptography technique. The proposed work is much effective on insider attacks and also defends against various attacks. The proposed protocol is better than existing works. The key computation cost and communication cost is relatively low in this proposed work. The proposed work authenticates the application by parallel process of two way authentication mechanism through Elgamal algorithm.
An Analysis of Insider Attack Detection Using Machine Learning Algorithms. 2022 IEEE 2nd International Conference on Mobile Networks and Wireless Communications (ICMNWC). :1—7.
.
2022. Among the greatest obstacles in cybersecurity is insider threat, which is a well-known massive issue. This anomaly shows that the vulnerability calls for specialized detection techniques, and resources that can help with the accurate and quick detection of an insider who is harmful. Numerous studies on identifying insider threats and related topics were also conducted to tackle this problem are proposed. Various researches sought to improve the conceptual perception of insider risks. Furthermore, there are numerous drawbacks, including a dearth of actual cases, unfairness in drawing decisions, a lack of self-optimization in learning, which would be a huge concern and is still vague, and the absence of an investigation that focuses on the conceptual, technological, and numerical facets concerning insider threats and identifying insider threats from a wide range of perspectives. The intention of the paper is to afford a thorough exploration of the categories, levels, and methodologies of modern insiders based on machine learning techniques. Further, the approach and evaluation metrics for predictive models based on machine learning are discussed. The paper concludes by outlining the difficulties encountered and offering some suggestions for efficient threat identification using machine learning.
A Framework to Detect the Malicious Insider Threat in Cloud Environment using Supervised Learning Methods. 2022 9th International Conference on Computing for Sustainable Global Development (INDIACom). :354—358.
.
2022. A malicious insider threat is more vulnerable to an organization. It is necessary to detect the malicious insider because of its huge impact to an organization. The occurrence of a malicious insider threat is less but quite destructive. So, the major focus of this paper is to detect the malicious insider threat in an organization. The traditional insider threat detection algorithm is not suitable for real time insider threat detection. A supervised learning-based anomaly detection technique is used to classify, predict and detect the malicious and non-malicious activity based on highest level of anomaly score. In this paper, a framework is proposed to detect the malicious insider threat using supervised learning-based anomaly detection. It is used to detect the malicious insider threat activity using One-Class Support Vector Machine (OCSVM). The experimental results shows that the proposed framework using OCSVM performs well and detects the malicious insider who obtain huge anomaly score than a normal user.
Insider Threat Data Expansion Research using Hyperledger Fabric. 2022 International Conference on Platform Technology and Service (PlatCon). :25—28.
.
2022. This paper deals with how to implement a system that extends insider threat behavior data using private blockchain technology to overcome the limitations of insider threat datasets. Currently, insider threat data is completely undetectable in existing datasets for new methods of insider threat due to the lack of insider threat scenarios and abstracted event behavior. Also, depending on the size of the company, it was difficult to secure a sample of data with the limit of a small number of leaks among many general users in other organizations. In this study, we consider insiders who pose a threat to all businesses as public enemies. In addition, we proposed a system that can use a private blockchain to expand insider threat behavior data between network participants in real-time to ensure reliability and transparency.
Towards a New Taxonomy of Insider Threats. 2022 IST-Africa Conference (IST-Africa). :1—10.
.
2022. This paper discusses the outcome of combining insider threat agent taxonomies with the aim of enhancing insider threat detection. The objectives sought to explore taxonomy combinations and investigate threat sophistication from the taxonomy combinations. Investigations revealed the plausibility of combining the various taxonomy categories to derive a new taxonomy. An observation on category combinations yielded the introduction of the concept of a threat path. The proposed taxonomy tree consisted of more than a million threat-paths obtained using a formula from combinatorics analysis. The taxonomy category combinations thus increase the insider threat landscape and hence the gap between insider threat agent sophistication and countermeasures. On the defensive side, knowledge of insider threat agent taxonomy category combinations has the potential to enhance defensive countermeasure tactics, techniques and procedures, thus increasing the chances of insider threat detection.
An Exploratory Study of Security Data Analysis Method for Insider Threat Prevention. 2022 13th International Conference on Information and Communication Technology Convergence (ICTC). :611—613.
.
2022. Insider threats are steadily increasing, and the damage is also enormous. To prevent insider threats, security solutions, such as DLP, SIEM, etc., are being steadily developed. However, they have limitations due to the high rate of false positives. In this paper, we propose a data analysis method and methodology for responding to a technology leak incident. The future study may be performed based on the proposed methodology.
Introduction to Information Security: From Formal Curriculum to Organisational Awareness. 2022 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). :463–469.
.
2022. Many organisations responded to the recent global pandemic by moving operations online. This has led to increased exposure to information security-related risks. There is thus an increased need to ensure organisational information security awareness programs are up to date and relevant to the needs of the intended target audience. The advent of online educational providers has similarly placed increased pressure on the formal educational sector to ensure course content is updated to remain relevant. Such processes of academic reflection and review should consider formal curriculum standards and guidelines in order to ensure wide relevance. This paper presents a case study of the review of an Introduction to Information Security course. This review is informed by the Information Security and Assurance knowledge area of the ACM/IEEE Computer Science 2013 curriculum standard. The paper presents lessons learned during this review process to serve as a guide for future reviews of this nature. The authors assert that these lessons learned can also be of value during the review of organisational information security awareness programs.
ISSN: 2768-0657
Research on New Power System Network Security Guarantee System. 2022 International Conference on Informatics, Networking and Computing (ICINC). :91–94.
.
2022. Based on the characteristics of the new power system with many points, wide range and unattended, this paper studies the specific Cyberspace security risks faced by the disease control side, the station side and the site side, and proposes a new power system Cyberspace security assurance system of “integration of collection, network, side, end, industry and people”. The site side security access measures, the site side civil air defense technology integration measures, the whole business endogenous security mechanism, the whole domain communication security mechanism, the integrated monitoring and early warning and emergency response mechanism are specifically adopted to form a comprehensive integrated security mechanism for the new power system, form a sustainable protection model, effectively improve the security capability, while taking into account the cost and operational complexity of specific implementation links, Provide comprehensive guarantee capability for the safe operation of the new power system.
Overview Of Vanet Network Security. 2022 International Conference on Information Science and Communications Technologies (ICISCT). :1–6.
.
2022. This article provides an overview of the security of VANET, which is a vehicle network. When reviewing this topic, publications of various researchers were considered. The article provides information security requirements for VANET, an overview of security research, an overview of existing attacks, methods for detecting attacks and appropriate countermeasures against such threats.
Research on E-government Information Security Based on Cloud Computing. 2022 IEEE 10th Joint International Information Technology and Artificial Intelligence Conference (ITAIC). 10:312–316.
.
2022. As an important pillar of social informatization, e-government not only provides more convenient services for the public, but also effectively improves administrative efficiency. At the same time, the application of cloud computing technology also urgently requires the government to improve the level of digital construction. This paper proposes the concept of e-government based on cloud computing, analyze the possible hidden dangers that cloud computing brings to e-government in management, technology, and security, and build cloud computing e-government information security system from three aspects: cloud security management, cloud security technology, and cloud security assurance.
ISSN: 2693-2865
Factors Affecting Information Assurance for Big Data. 2022 1st International Conference on Software Engineering and Information Technology (ICoSEIT). :1–5.
.
2022. Big Data is a concept used in various sectors today, including the government sector in the Smart Government initiative. With a large amount of structured and unstructured data being managed, information assurance becomes important in adopting Big Data. However, so far, no research has focused on information assurance for Big Data. This paper identified information assurance factors for Big Data. This research used the systematic snapshot mapping approach to examine factors relating to information assurance from the literature related to Big Data from 2011 through 2021. The data extraction process in gathering 15 relevant papers. The findings revealed ten factors influencing the information assurance implementation for Big Data, with the security factor becoming the most concentrated factor with 18 sub-factors. The findings are expected to serve as a foundation for adopting information assurance for Big Data to develop an information assurance framework for Smart Government.
Fully Homomorphic Encryption for Data Security Over Cloud. 2022 6th International Conference on Electronics, Communication and Aerospace Technology. :782—787.
.
2022. From the past few years cloud services are so popular and are being used by many people from various domains for various purposes such as data storage, e-mails, backing up data and much more. While there were many options to perform such things why did people choose cloud? The answer is clouds are more flexible, convenient, reliable and efficient. Coming to security of data over cloud, it is secure to store data over cloud rather than storing data locally as there is chance of some computer breakdown or any natural disaster may also occur. There are also many threats for data security over cloud namely data breaching, lack of access-key management and much more. As the data has been processed and being stored online for various purposes, there is a clear requirement for data security. Many organizations face various challenges while storing their data over cloud such as data leakages, account hijacking, insufficient credentials and so on. So to overcome these challenges and safeguard the data, various encryption techniques were implemented. However, even though encryption is used, the data still needs to be decrypted in order to do any type of operation. As a result, we must choose a manner in which the data can be analyzed, searched for, or used in any other way without needing to be decoded. So, the objective is to introduce a technique that goes right for the above conditions mentioned and for data security over cloud.
A Safe Approach to Sensitive Dropout Data Collection Systems by Utilizing Homomorphic Encryption. 2022 International Symposium on Information Technology and Digital Innovation (ISITDI). :168—171.
.
2022. The student's fault is not the only cause of dropping out of school. Often, cases of dropping out of school are only associated with too general problems. However, sensitive issues that can be detrimental to certain parties in this regard, such as the institution's reputation, are usually not made public. To overcome this, an in-depth analysis of these cases is needed for proper handling. Many risks are associated with creating a single repository for this sensitive information. Therefore, some encryption is required to ensure data is not leaked. However, encryption at rest and in transit is insufficient as data leakage is a considerable risk during processing. In addition, there is also a risk of abuse of authority by insiders so that no single entity is allowed to have access to all data. Homomorphic encryption presents a viable solution to this challenge. Data may be aggregated under the security provided by Homomorphic Encryption. This method makes the data available for computation without being decrypted first and without paying the risk of having a single repository.
Known Plaintext Attacks on the Omar and abed Homomorphic Encryption Scheme. 2022 13th International Conference on Information and Communication Technology Convergence (ICTC). :1154—1157.
.
2022. In 2020, Omar and abed proposed a new noise-free fully homomorphic encryption scheme that allows arbitrary computations on encrypted data without decryption. However, they did not provide a sufficient security analysis of the proposed scheme and just stated that it is secure under the integer factorization assumption. In this paper, we present known plaintext attacks on their scheme and illustrate them with toy examples. Our attack algorithms are quite simple: They require several times of greatest common divisor (GCD) computations using only a few pair of message and ciphertext.
DPP: Data Privacy-Preserving for Cloud Computing based on Homomorphic Encryption. 2022 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC). :29—32.
.
2022. Cloud computing has been widely used because of its low price, high reliability, and generality of services. However, considering that cloud computing transactions between users and service providers are usually asynchronous, data privacy involving users and service providers may lead to a crisis of trust, which in turn hinders the expansion of cloud computing applications. In this paper, we propose DPP, a data privacy-preserving cloud computing scheme based on homomorphic encryption, which achieves correctness, compatibility, and security. DPP implements data privacy-preserving by introducing homomorphic encryption. To verify the security of DPP, we instantiate DPP based on the Paillier homomorphic encryption scheme and evaluate the performance. The experiment results show that the time-consuming of the key steps in the DPP scheme is reasonable and acceptable.
On the Feasibility of Homomorphic Encryption for Internet of Things. 2022 IEEE 8th World Forum on Internet of Things (WF-IoT). :1—6.
.
2022. Homomorphic encryption (HE) facilitates computing over encrypted data without using the secret keys. It is currently inefficient for practical implementation on the Internet of Things (IoT). However, the performance of these HE schemes may increase with optimized libraries and hardware capabilities. Thus, implementing and analyzing HE schemes and protocols on resource-constrained devices is essential to deriving optimized and secure schemes. This paper develops an energy profiling framework for homomorphic encryption on IoT devices. In particular, we analyze energy consumption and performance such as CPU and Memory utilization and execution time of numerous HE schemes using SEAL and HElib libraries on the Raspberry Pi 4 hardware platform and study energy-performance-security trade-offs. Our analysis reveals that HE schemes can incur a maximum of 70.07% in terms of energy consumption among the libraries. Finally, we provide guidelines for optimization of Homomorphic Encryption by leveraging multi-threading and edge computing capabilities for IoT applications. The insights obtained from this study can be used to develop secure and resource-constrained implementation of Homomorphic encryption depending on the needs of IoT applications.
Design of Portable Sensor Data Storage System Based on Homomorphic Encryption Algorithm. 2022 International Conference on Knowledge Engineering and Communication Systems (ICKES). :1—4.
.
2022. With the development of sensor technology, people put forward a higher level, more diversified demand for portable rangefinders. However, its data storage method has not been developed in a large scale and breakthrough. This paper studies the design of portable sensor data storage system based on homomorphic encryption algorithm, which aims to maintain the security of sensor data storage through homomorphic encryption algorithm. This paper analyzes the functional requirements of the sensor data storage system, puts forward the overall design scheme of the system, and explains in detail the requirements and indicators for the specific realization of each part of the function. Analyze the different technical resources currently used in the storage system field, and dig deep into the key technologies that match the portable sensor data storage system. This paper has changed the problem of cumbersome operation steps and inconvenient data recovery in the sensor data storage system. This paper mainly uses the method of control variables and data comparison to carry out the experiment. The experimental results show that the success rate of the sensor data storage system under the homomorphic encryption algorithm is infinitely close to 100% as the number of data blocks increases.
Rewrite Rules for Automated Depth Reduction of Encrypted Control Expressions with Somewhat Homomorphic Encryption. 2022 IEEE/ASME International Conference on Advanced Intelligent Mechatronics (AIM). :804—809.
.
2022. This paper presents topological sorting methods to minimize the multiplicative depth of encrypted arithmetic expressions. The research aims to increase compatibility between nonlinear dynamic control schemes and homomorphic encryption methods, which are known to be limited by the quantity of multiplicative operations. The proposed method adapts rewrite rules originally developed for encrypted binary circuits to depth manipulation of arithmetic circuits. The paper further introduces methods to normalize circuit paths that have incompatible depth. Finally, the paper provides benchmarks demonstrating the improved depth in encrypted computed torque control of a dynamic manipulator and discusses how achieved improvements translate to increased cybersecurity.
Implementation of Cyber Security for Enabling Data Protection Analysis and Data Protection using Robot Key Homomorphic Encryption. 2022 Sixth International Conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud) (I-SMAC). :170—174.
.
2022. Cloud computing plays major role in the development of accessing clouduser’s document and sensitive information stored. It has variety of content and representation. Cyber security and attacks in the cloud is a challenging aspect. Information security attains a vital part in Cyber Security management. It involves actions intended to reduce the adverse impacts of such incidents. To access the documents stored in cloud safely and securely, access control will be introduced based on cloud users to access the user’s document in the cloud. To achieve this, it is highly required to combine security components (e.g., Access Control, Usage Control) in the security document to get automatic information. This research work has proposed a Role Key Homomorphic Encryption Algorithm (RKHEA) to monitor the cloud users, who access the services continuously. This method provides access creation of session-based key to store the singularized encryption to reduce the key size from random methods to occupy memory space. It has some terms and conditions to be followed by the cloud users and also has encryption method to secure the document content. Hence the documents are encrypted with the RKHEA algorithm based on Service Key Access (SKA). Then, the encrypted key will be created based on access control conditions. The proposed analytics result shows an enhanced control over the documents in cloud and improved security performance.
Library of Fully Homomorphic Encryption on a Microcontroller. 2022 International Conference on Smart Information Systems and Technologies (SIST). :1—5.
.
2022. Fully homomorphic encryption technologies allow you to operate on encrypted data without disclosing it, therefore they have a lot of potential for solving personal data storage and processing issues. Because of the increased interest in these technologies, various software tools and libraries that allow completely homomorphic encryption have emerged. However, because this subject of cryptography is still in its early stages, standards and recommendations for the usage of completely homomorphic encryption algorithms are still being developed. The paper presents the main areas of application of homomorphic encryption. The analysis of existing developments in the field of homomorphic encryption is carried out. The analysis showed that existing library implementations do not support the division and subtraction operation. The analysis revealed the need to develop a library of fully homomorphic encryption, which allows performing all mathematical operations on them (addition, difference, multiplication and division), as well as the relevance of developing its own implementation of a library of homomorphic encryption on integers. Then, implement the development of a fully homomorphic encryption library in C++ and on an ESP 32 microcontroller. The ability to perform four operations (addition, difference, multiplication and division) on encrypted data will expand the scope of application of homomorphic encryption. A method of homomorphic division and subtraction is proposed that allows performing the division and subtraction operation on homomorphically encrypted data. The level of security, the types of operations executed, the maximum length of operands, and the algorithm's running time are all described as a consequence of numerical experimentation with parameters.
A Study on a DDH-Based Keyed Homomorphic Encryption Suitable to Machine Learning in the Cloud. 2022 IEEE International Conference on Consumer Electronics – Taiwan. :167—168.
.
2022. Homomorphic encryption is suitable for a machine learning in the cloud such as a privacy-preserving machine learning. However, ordinary homomorphic public key encryption has a problem that public key holders can generate ciphertexts and anyone can execute homomorphic operations. In this paper, we will propose a solution based on the Keyed Homomorphic-Public Key Encryption proposed by Emura et al.