Biblio

This paper discusses the outcome of combining insider threat agent taxonomies with the aim of enhancing insider threat detection. The objectives sought to explore taxonomy combinations and investigate threat sophistication from the taxonomy combinations. Investigations revealed the plausibility of combining the various taxonomy categories to derive a new taxonomy. An observation on category combinations yielded the introduction of the concept of a threat path. The proposed taxonomy tree consisted of more than a million threat-paths obtained using a formula from combinatorics analysis. The taxonomy category combinations thus increase the insider threat landscape and hence the gap between insider threat agent sophistication and countermeasures. On the defensive side, knowledge of insider threat agent taxonomy category combinations has the potential to enhance defensive countermeasure tactics, techniques and procedures, thus increasing the chances of insider threat detection.

Currently, research on 5G communication is focusing increasingly on communication techniques. The previous studies have primarily focused on the prevention of communications disruption. To date, there has not been sufficient research on network anomaly detection as a countermeasure against on security aspect. 5g network data will be more complex and dynamic, intelligent network anomaly detection is necessary solution for protecting the network infrastructure. However, since the AI-based network anomaly detection is dependent on data, it is difficult to collect the actual labeled data in the industrial field. Also, the performance degradation in the application process to real field may occur because of the domain shift. Therefore, in this paper, we research the intelligent network anomaly detection technique based on domain adaptation (DA) in 5G edge network in order to solve the problem caused by data-driven AI. It allows us to train the models in data-rich domains and apply detection techniques in insufficient amount of data. For Our method will contribute to AI-based network anomaly detection for improving the security for 5G edge network.

The (IoT) paradigm’s fundamental goal is to massively connect the “smart things” through standardized interfaces, providing a variety of smart services. Cyber-Physical Systems (CPS) include both physical and cyber components and can apply to various application domains (smart grid, smart transportation, smart manufacturing, etc.). The Digital Twin (DT) is a cyber clone of physical objects (things), which will be an essential component in CPS. This paper designs a systematic taxonomy to explore different attacks on DT-based CPS and how they affect the system from a four-layer architecture perspective. We present an attack space for DT-based CPS on four layers (i.e., object layer, communication layer, DT layer, and application layer), three attack objects (i.e., confidentiality, integrity, and availability), and attack types combined with strength and knowledge. Furthermore, some selected case studies are conducted to examine attacks on representative DT-based CPS (smart grid, smart transportation, and smart manufacturing). Finally, we propose a defense mechanism called Secured DT Development Life Cycle (SDTDLC) and point out the importance of leveraging other enabling techniques (intrusion detection, blockchain, modeling, simulation, and emulation) to secure DT-based CPS.

Java locking is an essential functionality and tool in the development of applications and systems, and this is mainly because several modules may run in a synchronized way inside an application and these modules need a good coordination manner in order for them to run properly and in order to make the whole application or system stable and normal. As such, this paper focuses on comparing various Java locking mechanisms in order to achieve a better understanding of how these locks work and how to conduct a proper locking mechanism. The comparison of locks is made according to CPU usage, memory consumption, and ease of implementation indicators, with the aim of providing guidance to developers in choosing locks for different scenarios. For example, if the Pessimistic Locks are used in any program execution environment, i.e., whenever a thread obtains resources, it needs to obtain the lock first, which can ensure a certain level of data security. However, it will bring great CPU overhead and reduce efficiency. Also, different locks have different memory consumption, and developers are sometimes faced with the need to choose locks rationally with limited memory, or they will cause a series of memory problems. In particular, the comparison of Java locks is able to lead to a systematic classification of these locks and can help improve the understanding of the taxonomy logic of the Java locks.

IoT connects a large number of physical objects with the Internet that capture and exchange real-time information for service provisioning. Traditional network management schemes face challenges to manage vast amounts of network traffic generated by IoT services. Software-defined networking (SDN) and information-centric networking (ICN) are two complementary technologies that could be integrated to solve the challenges of different aspects of IoT service provisioning. ICN offers a clean-slate design to accommodate continuously increasing network traffic by considering content as a network primitive. It provides a novel solution for information propagation and delivery for large-scale IoT services. On the other hand, SDN allocates overall network management responsibilities to a central controller, where network elements act merely as traffic forwarding components. An SDN-enabled network supports ICN without deploying ICN-capable hardware. Therefore, the integration of SDN and ICN provides benefits for large-scale IoT services. This article provides a comprehensive survey on software-defined information-centric Internet of Things (SDIC-IoT) for IoT service provisioning. We present critical enabling technologies of SDIC-IoT, discuss its architecture, and describe its benefits for IoT service provisioning. We elaborate on key IoT service provisioning requirements and discuss how SDIC-IoT supports different aspects of IoT services. We define different taxonomies of SDIC-IoT literature based on various performance parameters. Furthermore, we extensively discuss different use cases, synergies, and advances to realize the SDIC-IoT concept. Finally, we present current challenges and future research directions of IoT service provisioning using SDIC-IoT.

Explainable Artificial Intelligence (XAI) research focuses on effective explanation techniques to understand and build AI models with trust, reliability, safety, and fairness. Feature importance explanation summarizes feature contributions for end-users to make model decisions. However, XAI methods may produce varied summaries that lead to further analysis to evaluate the consistency across multiple XAI methods on the same model and data set. This paper defines metrics to measure the consistency of feature contribution explanation summaries under feature importance order and saliency map. Driven by these consistency metrics, we develop an XAI process oriented on the XAI criterion of feature importance, which performs a systematical selection of XAI techniques and evaluation of explanation consistency. We demonstrate the process development involving twelve XAI methods on three topics, including a search ranking system, code vulnerability detection and image classification. Our contribution is a practical and systematic process with defined consistency metrics to produce rigorous feature contribution explanations.

The phenomenon known as "Internet ossification" describes the process through which certain components of the Internet’s older design have become immovable at the present time. This presents considerable challenges to the adoption of IPv6 and makes it hard to implement IP multicast services. For new applications such as data centers, cloud computing and virtualized networks, improved network availability, improved internal and external domain routing, and seamless user connectivity throughout the network are some of the advantages of Internet growth. To meet these needs, we've developed Software Defined Networking for the Future Internet (SDN). When compared to current networks, this new paradigm emphasizes control plane separation from network-forwarding components. To put it another way, this decoupling enables the installation of control plane software (such as Open Flow controller) on computer platforms that are substantially more powerful than traditional network equipment (such as switches/routers). This research describes Mininet’s routing techniques for a virtualized software-defined network. There are two obstacles to overcome when attempting to integrate SDN in an LTE/WiFi network. The first problem is that external network load monitoring tools must be used to measure QoS settings. Because of the increased demand for real-time load balancing methods, service providers cannot adopt QoS-based routing. In order to overcome these issues, this research suggests a router configuration method. Experiments have proved that the network coefficient matrix routing arrangement works, therefore it may provide an answer to the above-mentioned concerns. The Java-based SDN controller outperforms traditional routing systems by nine times on average highest sign to sound ratio. The study’s final finding suggests that the field’s future can be forecast. We must have a thorough understanding of this emerging paradigm to solve numerous difficulties, such as creating the Future Internet and dealing with its obliteration problem. In order to address these issues, we will first examine current technologies and a wide range of current and future SDN projects before delving into the most important issues in this field in depth.

There is momentous attention from researchers and practitioners all over the world towards one of the most advanced trends in the world, Smart cities. A smart city is an efficient and sustainable city that offers a superior life quality to all human beings through the optimum management of all its resources. Optimum energy management technique within the smart city is a challenging environment that needs a full focus on basic important needs and supports of the smart city. This includes Smart Grid (SG) infrastructure, Distributed Generation (DG) technology, Smart Home Energy Management System (HEMS), Smart Transportation System (STS), and Energy Storage System (ESS). Out of these five taxonomies, there have been some disputes addressed in profitability and security due to the major involvement of electromobility in the smart transportation system. It creates a big impact on the smart city environment. The disputes in profitability can be effectively handled with the use of dynamic pricing techniques and peer-to-peer (P2P) energy trading mechanisms. On the other hand, security disputes can be overwhelmed by the use of blockchain technology. This paper reviews the energy management-related work on smart cities with the consideration of these basic important needs and supports.

Security evaluation can be performed using a variety of analysis methods, such as attack trees, attack graphs, threat propagation models, stochastic Petri nets, and so on. These methods analyze the effect of attacks on the system, and estimate security attributes from different perspectives. However, they require information from experts in the application domain for properly capturing the key elements of an attack scenario: i) the attack paths a system could be subject to, and ii) the different characteristics of the possible adversaries. For this reason, some recent works focused on the generation of low-level security models from a high-level description of the system, hiding the technical details from the modeler.In this paper we build on an existing ontology framework for security analysis, available in the ADVISE Meta tool, and we extend it in two directions: i) to cover the attack patterns available in the CAPEC database, a comprehensive dictionary of known patterns of attack, and ii) to capture all the adversaries’ profiles as defined in the Threat Agent Library (TAL), a reference library for defining the characteristics of external and internal threat agents ranging from industrial spies to untrained employees. The proposed extension supports a richer combination of adversaries’ profiles and attack paths, and provides guidance on how to further enrich the ontology based on taxonomies of attacks and adversaries.

The proliferation of linked devices in decisive infrastructure fields including health care and the electric grid is transforming public perceptions of critical infrastructure. As the world grows more mobile and connected, as well as as the Internet of Things (IoT) expands, the growing interconnectivity of new critical sectors is being fuelled. Interruptions in any of these areas can have ramifications across numerous sectors and potentially the world. Crucial industries are critical to contemporary civilization. In today's hyper-connected world, critical infrastructure is more vulnerable than ever to cyber assaults, whether they are state-sponsored, carried out by criminal organizations, or carried out by individuals. In a world where more and more gadgets are interconnected, hackers have more and more entry points via which they may damage critical infrastructure. Significant modifications to an organization's main technological systems have created a new threat surface. The study's goal is to raise awareness about the challenges of protecting digital infrastructure in the future while it is still in development. Fog architecture is designed based on functionality once the infrastructure that creates large data has been established. There's also an in-depth look of fog-enabled IoT network security requirements. The next section examines the security issues connected with fog computing, as well as the privacy and trust issues raised by fog-enabled Internet of Things (IoT). Block chain is also examined to see how it may help address IoT security problems, as well as the complimentary interrelationships between block-chain and fog computing. Additionally, Formalizes big data security goal and scope, develops taxonomy for identifying risks to fog-based Internet of Things systems, compares current development contributions to security service standards, and proposes interesting study areas for future studies, all within this framework

In this paper, we tried to summarize the practical experience of information security audits of nuclear power plants' automated process control system (I&C). The article presents a methodology for auditing the information security of instrumentation and control systems for nuclear power plants. The methodology was developed taking into account international and national Russian norms and rules and standards. The audit taxonomy, classification lifecycle are described. The taxonomy of information security audits shows that form, objectives of the I&C information security audit, and procedures can vary widely. A conceptual program is considered and discussed in details. The distinctive feature of the methodology is the mandatory consideration of the impact of information security on nuclear safety.

Shipboard marine radar systems are essential for safe navigation, helping seafarers perceive their surroundings as they provide bearing and range estimations, object detection, and tracking. Since onboard systems have become increasingly digitized, interconnecting distributed electronics, radars have been integrated into modern bridge systems. But digitization increases the risk of cyberattacks, especially as vessels cannot be considered air-gapped. Consequently, in-depth security is crucial. However, particularly radar systems are not sufficiently protected against harmful network-level adversaries. Therefore, we ask: Can seafarers believe their eyes? In this paper, we identify possible attacks on radar communication and discuss how these threaten safe vessel operation in an attack taxonomy. Furthermore, we develop a holistic simulation environment with radar, complementary nautical sensors, and prototypically implemented cyberattacks from our taxonomy. Finally, leveraging this environment, we create a comprehensive dataset (RadarPWN) with radar network attacks that provides a foundation for future security research to secure marine radar communication.

Any decentralized, biased distributed network is susceptible to the Sybil malicious attack, in which a malicious node masquerades as numerous different nodes, collectively referred to as Sybil nodes, causing the network to become unresponsive. Cloud computing environments are characterized by their loosely linked nature, which means that no node has comprehensive information of the entire system. In order to prevent Sybil attacks in cloud computing systems, it is necessary to detect them as soon as they occur. The network’s ability to function properly A Sybil attacker has the ability to construct. It is necessary to have multiple identities on a single physical device in order to execute a concerted attack on the network or switch between networks identities in order to make the detection process more difficult, and thereby lack of accountability is being promoted throughout the network. The purpose of this study is to Various varieties of Sybil assaults have been documented, including those that occur in Peer-to-peer reputation systems, self-organizing networks, and other similar technologies. The topic of social network systems is discussed. In addition, there are other approaches in which it has been urged over time that they be reduced or eliminated Their potential risks are also thoroughly investigated.

Email-based phishing is still a widespread problem, that affects many users worldwide. Although many aspects of phishing have been extensively studied in the past, they mainly focus on the execution and prevention of different types of phishing and do not consider the process how attackers collect the contact information of potential victims. In this paper, we analyze the collection process of email addresses in more detail. Based on the results of this analysis, we propose email address separation as a way for users to detect phishing emails, and reason about its effectiveness against several typical types of phishing attacks. We find, that email address separation has the potential to greatly reduce the perceived authenticity of general phishing emails, that target a large amount of users, e.g., by impersonating a popular service and spreading malware or links to phishing websites. It is, however, not likely to prevent more sophisticated phishing attacks, that do not depend on the impersonation of a previously known organization or entity. Our results motivate further studies to analyze the usability and applicability of the proposed method, and to determine, whether address separation has additional positive effects on users’ phishing awareness or automated phishing detection.

Over the years, human errors have been identified as one of the most critical factors impacting cybersecurity in an organization that has had a substantial impact. The research uses recent articles published on human resources and information cybersecurity. This research focuses on the vulnerabilities and the best solution to mitigate these threats based on literature review methodology. The study also focuses on identifying the human attitude and behavior towards cybersecurity and how that would impact the organization's financial impact. With the help of the Two-factor Taxonomy of the security behavior model developed in past research, the research aims to identify the best practices and compare the best practices with that of the attitude-behavior found and matched to the model. Finally, the study would compare the difference between best practices and the current practices from the model. This would help provide the organization with specific recommendations that would help change their attitude and behavior towards cybersecurity and ensure the organization is not fearful of the cyber threat of human error threat.

Mobile cloud computing has suggested as a viable technology as a result of the fast growth of mobile applications and the emergence of the cloud computing idea. Mobile cloud computing incorporates cloud computing into the mobile environment and addresses challenges in mobile cloud computing applications like (processing capacity, battery storage capacity, privacy, and security). We discuss the enabling technologies and obstacles that we will face when we transition from mobile computing to mobile cloud computing to develop next-generation mobile cloud applications. This paper provides an overview of the processes and open concerns for mobility in mobile cloud computing for augmented reality service provisioning. This paper outlines the concept, system architecture, and taxonomy of virtualization technology, as well as research concerns related to virtualization security, and suggests future study fields. Furthermore, we highlight open challenges to provide light on the future of mobile cloud computing and future development.

Cloud computing has become ubiquitous in the modern world and has offered a number of promising and transformative technological opportunities. However, organizations that use cloud platforms are also concerned about cloud security and new threats that arise due to cloud adoption. Digital forensic investigations (DFI) are undertaken when a security incident (i.e., successful attack) has been identified. Forensics data collection is an integral part of DFIs. This paper presents results from a survey of existing literature on challenges related to forensics data collection in cloud. A taxonomy of major challenges was developed to help organizations understand and thus better prepare for forensics data collection.

In the last few years, Cloud computing technology has benefited many organizations that have embraced it as a basis for revamping the IT infrastructure. Cloud computing utilizes Internet capabilities in order to use other computing resources. Amazon Web Services (AWS) is one of the most widely used cloud providers that leverages the endless computing capabilities that the cloud technology has to offer. AWS is continuously evolving to offer a variety of services, including but not limited to, infrastructure as a service (IaaS), platform as a service (PaaS) and packaged software as a service. Among the other important services offered by AWS is Video Surveillance as a Service (VSaaS) that is a hosted cloud-based video surveillance service. Even though this technology is complex and widely used, some security experts have pointed out that some of its vulnerabilities can be exploited in launching attacks aimed at cloud technologies. In this paper, we present a holistic security analysis of cloud-based video surveillance systems by examining the vulnerabilities, threats, and attacks that these technologies are susceptible to. We illustrate our findings by implementing several of these attacks on a test bed representing an AWS-based video surveillance system. The main contributions of our paper are: (1) we provided a holistic view of the security model of cloud based video surveillance summarizing the underlying threats, vulnerabilities and mitigation techniques (2) we proposed a novel taxonomy of attacks targeting such systems (3) we implemented several related attacks targeting cloud-based video surveillance system based on an AWS test environment and provide some guidelines for attack mitigation. The outcome of the conducted experiments showed that the vulnerabilities of the Internet Protocol (IP) and other protocols granted access to unauthorized VSaaS files. We aim that our proposed work on the security of cloud-based video surveillance systems will serve as a reference for cybersecurity researchers and practitioners who aim to conduct research in this field.

Nowadays, web vulnerability is a critical issue in web applications. Web developers develop web applications, but sometimes they are not very well-versed with security concerns, thereby creating loopholes for the vulnerabilities. If a web application is developed without considering security, it is harmful for the client and the company. Different types of vulnerabilities encounter during the web application development process. Therefore, vulnerability identification is a crucial and critical task from a web application development perspective. It is vigorous to secure them from the earliest development life cycle process. In this paper, we have analyzed and classified vulnerabilities related to web application security during the development phases. Here, the concern is to identify a weakness, countermeasure, confidentiality impact, access complexity, and severity level, which affect the web application security.

Software-defined networking (SDN) is a new networking architecture having the concept of separation of control plane and data plane that leads the existing networks to be programmable, dynamically configurable and extremely flexible. This paradigm has huge benefits to organizations and large networks, however, its security is major issue and Distributed Denial of Service (DDoS) Attack has become a serious concern for the working of SDN. In this article, we have proposed a taxonomy of DDoS Defense Mechanisms in SDN Environment. We have categorized the various DDoS detection and mitigation techniques with respect to switch intelligence, Defense Deployment, Defense Activity and Network Flow Activities.

The main aim of this report is to find how data security can be improved in a cloud environment using the remote data auditing technique. The research analysis of the existing journal articles that are peer-reviewed Q1 level of articles is selected to perform the analysis.The main taxonomy that is proposed in this project is being data, auditing, monitoring, and output i.e., DAMO taxonomy that is used and includes these components. The data component would include the type of data; the auditing would ensure the algorithm that would be used at the backend and the storage would include the type of database as single or the distributed server in which the data would be stored.As a result of this research, it would help understand how the data can be ensured to have the required level of privacy and security when the third-party database vendors would be used by the organizations to maintain their data. Since most of the organizations are looking to reduce their burden of the local level of data storage and to reduce the maintenance by the outsourcing of the cloud there are still many issues that occur when there comes the time to check if the data is accurate or not and to see if the data is stored with resilience. In such a case, there is a need to use the Remote Data Auditing techniques that are quite helpful to ensure that the data which is outsourced is reliable and maintained with integrity when the information is stored in the single or the distributed servers.

Given that an increasingly larger part of an organization's activity is taking place online, especially in the current situation caused by the COVID-19 pandemic, network log data collected by organizations contain an accurate image of daily activity patterns. In some scenarios, it may be useful to share such data with other parties in order to improve collaboration, or to address situations such as cyber-security incidents that may affect multiple organizations. However, in doing so, serious privacy concerns emerge. One can uncover a lot of sensitive information when analyzing an organization's network logs, ranging from confidential business interests to personal details of individual employees (e.g., medical conditions, political orientation, etc). Our objective is to enable organizations to share information about their network logs, while at the same time preserving data privacy. Specifically, we focus on enabling encrypted search at network flow granularity. We consider several state-of-the-art searchable encryption flavors for this purpose (including hidden vector encryption and inner product encryption), and we propose several customized encoding techniques for network flow information in order to reduce the overhead of applying state-of-the-art searchable encryption techniques, which are notoriously expensive.

Network on chip (NoC) is the communication infrastructure used in multicores which has been subject to a surfeit of security threats like degrading the system performance, changing the system functionality or leaking sensitive information. Because of the globalization of the advanced semiconductor industry, many third-party venders take part in the hardware design of system. As a result, a malicious circuit, called Hardware Trojans (HT) can be added anywhere into the NoC design and thus making the hardware untrusted. In this paper, a detailed study on the taxonomy of hardware trojans, its detection and prevention mechanisms are presented. Two case studies on HT-assisted Denial of service attacks and its analysis in the performance of network on Chip architecture is also presented in this paper.

Today we live in a hyper-connected world, where a large amount of applications and services are supported by ad hoc networks. They have a decentralized management, are flexible and versatile but their characteristics are in turn their main weaknesses. This work introduces a preliminary analysis of the evolution, trends and the state of the art in the context of the security in ad hoc networks. To this end, two different methodologies are applied: a bibliometric analysis and a Systematic Literature Review. Results show that security in MANETs and VANETs are still an appealing research field. In addition, we realized that there is no clear separation of solutions by line of defense. This is because they are sometimes misclassified by the authors or simply there is no line of defense that totally fit well with the proposed solution. Because of that, new taxonomies including novel definitions of lines of defense are needed. In this work, we propose the use of tolerant or survivable solutions which are the ones that preserve critical system or network services in presence of fault, malfunctions or attacks.

This paper is a systemization of knowledge of autonomic cybersecurity. Disruptive technologies, such as IoT, AI and autonomous systems, are becoming more prevalent and often have little or no cybersecurity protections. This lack of security is contributing to the expanding cybersecurity attack surface. The autonomic computing initiative was started to address the complexity of administering complex computing systems by making them self-managing. Autonomic systems contain attributes to address cyberattacks, such as self-protecting and self-healing that can secure new technologies. There has been a number of research projects on autonomic cybersecurity, with different approaches and target technologies, many of them disruptive. This paper reviews autonomic computing, analyzes research on autonomic cybersecurity, and provides a systemization of knowledge of the research. The paper concludes with identification of gaps in autonomic cybersecurity for future research.