Biblio

Performance measures commonly used in systems security engineering tend to be static, linear, and have limited utility in addressing challenges to security performance from increasingly complex risk environments, adversary innovation, and disruptive technologies. Leveraging key concepts from resilience science offers an opportunity to advance next-generation systems security engineering to better describe the complexities, dynamism, and nonlinearity observed in security performance—particularly in response to these challenges. This article introduces a multilayer network model and modified Continuous Time Markov Chain model that explicitly captures interdependencies in systems security engineering. The results and insights from a multilayer network model of security for a hypothetical nuclear power plant introduce how network-based metrics can incorporate resilience concepts into performance metrics for next generation systems security engineering.

Nowadays, peoples are very concerned about their data privacy. Hence, all the current security methods should be improved to stay relevant in this fast-growing technology world. Visual Cryptography (VC) is a cryptographic technique that using the image processing method. The implementation of VC can be varying and flexible to be applied to the system that requires an extra security precaution as it is one of the effective solutions in securing the data exchange between two or more parties. The main purpose of the development of V-CRYPT System is to improve the current VC technique and make it more complex in the encryption and decryption process. V-CRYPT system will let the user enter the key, then select the image that they want to encrypt, and the system will split the image into four shares: share0, share1, share2, share3. Each pixel of the image will be splatted into a smaller block of subpixels in each of the four shares and encrypted as two subpixels in each of the shares. The decryption will work only when the user selects all the shares, and the correct text key is entered. The system will superimpose all the shares and producing one perfect image. If the incorrect key is entered, the resulted image will be unidentified. The results show that V- CRYPT is a valuable alternative to existing methods where its security level is higher in terms of adding a secure key and complexity.

The risk posed by high-profile data breaches has raised the stakes for adhering to data access policies for many organizations, but the complexity of both the policies themselves and the applications that must obey them raises significant challenges. To mitigate this risk, fine-grained audit of access to private data has become common practice, but this is a costly, time-consuming, and error-prone process.We propose an approach for automating much of the work required for fine-grained audit of private data access. Starting from the assumption that the auditor does not have an explicit, formal description of the correct policy, but is able to decide whether a given policy fragment is partially correct, our approach gradually infers a policy from audit log entries. When the auditor determines that a proposed policy fragment is appropriate, it is added to the system's mechanized policy, and future log entries to which the fragment applies can be dealt with automatically. We prove that for a general class of attribute-based data policies, this inference process satisfies a monotonicity property which implies that eventually, the mechanized policy will comprise the full set of access rules, and no further manual audit is necessary. Finally, we evaluate this approach using a case study involving synthetic electronic medical records and the HIPAA rule, and show that the inferred mechanized policy quickly converges to the full, stable rule, significantly reducing the amount of effort needed to ensure compliance in a practical setting.

Despite the recent introduction of biometric identification technology, Personal Identification Numbers (PIN) are the standard for granting access to restricted areas and for authorizing operations on most systems, including mobile phones, payment devices, smart locks. Unfortunately, PINs have several inherent vulnerabilities and expose users to different types of social engineering attacks. Specifically, the risk of shoulder surfing in PIN-based authentication is especially high for individuals who are blind. In this paper, we introduce a new method for improving the trade-off between security and accessibility in PIN-based authentication systems. Our proposed solution aims at minimizing the threats posed by malicious agents while maintaining a low level of complexity for the user. We present the method and discuss the results of an evaluation study that demonstrates the advantages of our solution compared to state-of-the-art systems.

The rapid expansion and diversity of technology throughout society have impacted the growing knowledge gap in conducting analysis on IoT devices. The IoT digital forensic field lacks the necessary tools and guidance to perform digital forensics on these devices. This is mainly attributed to their level of complexity and heterogeneity that is abundant within IoT devices-making the use of a JTAG technique one of the only ways to acquire information stored on an IoT device effectively. Nonetheless, utilizing a JTAG technique can be challenging, especially when having multiple devices with each possibly having its own configuration. To alleviate these issues within the field, we propose the development of an Internet of Things - Forensics Recovery Assistant (IoT-FRA). The IoT-FRA will offer the capabilities of an expert system to assist inexperienced users in performing forensics recovery of IoT devices through a JTAG technique and analysis on the device's capabilities to develop an organized method that will prioritize IoT devices to be analyzed.

In order to realize Intelligent Disaster Recovery and break the traditional reactive backup mode, it is necessary to forecast the potential system anomalies, and proactively backup the real-time datas and configurations. System logs record the running status as well as the critical events (including errors and warnings), which can help to detect system performance, debug system faults and analyze the causes of anomalies. What's more, with the features of real-time, hierarchies and easy-access, log data can be an ideal source for monitoring system status. To reduce the complexity and improve the robustness and practicability of existing log-based anomaly detection methods, we propose a new anomaly detection mechanism based on hierarchical weights, which can deal with unstable log data. We firstly extract semantic information of log strings, and get the word-level weights by SIF algorithm to embed log strings into vectors, which are then feed into attention-based Long Short-Term Memory(LSTM) deep learning network model. In addition to get sentence-level weight which can be used to explore the interdependence between different log sequences and improve the accuracy, we utilize attention weights to help with building workflow to diagnose the abnormal points in the execution of a specific task. Our experimental results show that the hierarchical weights mechanism can effectively improve accuracy of perdition task and reduce complexity of the model, which provides the feasibility foundation support for Intelligent Disaster Recovery.

Natural Language Processing is being used in every field of human to machine interaction. Database queries although have a confined set of instructions, but still found to be complex and dedicated human resources are required to write, test, optimize and execute structured query language statements. This makes it difficult, time-consuming and many a time inaccurate too. Such difficulties can be overcome if the queries are formed dynamically with standard procedures. In this work, parsing, lexical analysis, synonym detection and formation processes of the natural language processing are being proposed to be used for dynamically generating SQL queries and optimization of them for fast processing with high accuracy. NLP parsing of the user inputted text for retrieving, creation and insertion of data are being proposed to be created dynamically from English text inputs. This will help users of the system to generate reports from the data as per the requirement without the complexities of SQL. The proposed system will not only generate queries dynamically but will also provide high accuracy and performance.

Verification code recognition system based on convolutional neural network. In order to strengthen the network security defense work, this paper proposes a novel verification code recognition system based on convolutional neural network. The system combines Internet technology and big data technology, combined with advanced captcha technology, can prevent hackers from brute force cracking behavior to a certain extent. In addition, the system combines convolutional neural network, which makes the verification code combine numbers and letters, which improves the complexity of the verification code and the security of the user account. Based on this, the system uses threshold segmentation method and projection positioning method to construct an 8-layer convolutional neural network model, which enhances the security of the verification code input link. The research results show that the system can enhance the complexity of captcha, improve the recognition rate of captcha, and improve the security of user accounting.

In protocol verification we observe a wide spectrum from fully automated methods to interactive theorem proving with proof assistants like Isabelle/HOL. The latter provide overwhelmingly high assurance of the correctness, which automated methods often cannot: due to their complexity, bugs in such automated verification tools are likely and thus the risk of erroneously verifying a flawed protocol is non-negligible. There are a few works that try to combine advantages from both ends of the spectrum: a high degree of automation and assurance. We present here a first step towards achieving this for a more challenging class of protocols, namely those that work with a mutable long-term state. To our knowledge this is the first approach that achieves fully automated verification of stateful protocols in an LCF-style theorem prover. The approach also includes a simple user-friendly transaction-based protocol specification language embedded into Isabelle, and can also leverage a number of existing results such as soundness of a typed model

Security plays a paradigmatic role in the area of networking. The main goal of security is to protect these networks which contains confidential data against various kinds of attacks. By changing parameters like key size, increasing the rounds of iteration and finally using confusion box as the S-box, the strength of the cryptographic algorithms can be incremented. By using the Data Encryption Standard (DES), the images can be secured with the help of Dynamic S-boxes. Each of these 8 S-boxes contain 64 elements. Each row contains elements in the range 0–15 and are unique. Our proposed system generates these S-boxes dynamically depending on the key. The evaluation of this Dynamic S-box and DES shows much fruitful results over factors like Non-linearity, Strict Avalanche criterion, Balance, memory and time required for implementation using images.

Recent technological advancement demands organizations to have measures in place to manage their Information Technology (IT) systems. Enterprise Architecture Frameworks (EAF) offer companies an efficient technique to manage their IT systems aligning their business requirements with effective solutions. As a result, experts have developed multiple EAF's such as TOGAF, Zachman, MoDAF, DoDAF, SABSA to help organizations to achieve their objectives by reducing the costs and complexity. These frameworks however, concentrate mostly on business needs lacking holistic enterprise-wide security practices, which may cause enterprises to be exposed for significant security risks resulting financial loss. This study focuses on evaluating business capabilities in TOGAF, NIST, COBIT, MoDAF, DoDAF, SABSA, and Zachman, and identify essential security requirements in TOGAF, SABSA and COBIT19 frameworks by comparing their resiliency processes, which helps organization to easily select applicable framework. The study shows that; besides business requirements, EAF need to include precise cybersecurity guidelines aligning EA business strategies. Enterprises now need to focus more on building resilient approach, which is beyond of protection, detection and prevention. Now enterprises should be ready to withstand against the cyber-attacks applying relevant cyber resiliency approach improving the way of dealing with impacts of cybersecurity risks.

Human-machine teaming (HMT) operates in a context defined by the mission. Varying from the complexity and disturbance in the cooperation between humans and machines, a single machine has difficulty handling work with humans in the scales of efficiency and workload. Swarm of machines provides a more feasible solution in such a mission. Human-swarm teaming (HST) extends the concept of HMT in the mission, such as persistent surveillance, search-and-rescue, warfare. Bringing the concept of HST faces several scientific challenges. For example, the strategies of allocation on the high-level decision making. Here, human usually plays the supervisory or decision making role. Performance of such fixed structure of HST in actual mission operation could be affected by the supervisor’s status from many aspects, which could be considered in three general parts: workload, situational awareness, and trust towards the robot swarm teammate and mission performance. Besides, the complexity of a single human operator in accessing multiple machine agents increases the work burdens. An interface between swarm teammates and human operators to simplify the interaction process is desired in the HST.In this paper, instead of purely considering the workload of human teammates, we propose the computational model of human swarm interaction (HSI) in the simulated map surveillance mission. UAV swarm and human supervisor are both assigned in searching a predefined area of interest (AOI). The workload allocation of map monitoring is adjusted based on the status of the human worker and swarm teammate. Workload, situation awareness ability, trust are formulated as independent models, which affect each other. A communication-aware UAV swarm persistent surveillance algorithm is assigned in the swarm autonomy portion. With the different surveillance task loads, the swarm agent’s thrust parameter adjusts the autonomy level to fit the human operator’s needs. Reinforcement learning is applied in seeking the relative balance of workload in both human and swarm sides. Metrics such as mission accomplishment rate, human supervisor performance, mission performance of UAV swarm are evaluated in the end. The simulation results show that the algorithm could learn the human-machine trust interaction to seek the workload balance to reach better mission execution performance. This work inspires us to leverage a more comprehensive HST model in more practical HMT application scenarios.

Background: Researchers and practitioners have been using code complexity metrics for decades to predict how developers comprehend a program. While it is plausible and tempting to use code metrics for this purpose, their validity is debated, since they rely on simple code properties and rarely consider particularities of human cognition. Aims: We investigate whether and how code complexity metrics reflect difficulty of program comprehension. Method: We have conducted a functional magnetic resonance imaging (fMRI) study with 19 participants observing program comprehension of short code snippets at varying complexity levels. We dissected four classes of code complexity metrics and their relationship to neuronal, behavioral, and subjective correlates of program comprehension, overall analyzing more than 41 metrics. Results: While our data corroborate that complexity metrics can-to a limited degree-explain programmers' cognition in program comprehension, fMRI allowed us to gain insights into why some code properties are difficult to process. In particular, a code's textual size drives programmers' attention, and vocabulary size burdens programmers' working memory. Conclusion: Our results provide neuro-scientific evidence supporting warnings of prior research questioning the validity of code complexity metrics and pin down factors relevant to program comprehension. Future Work: We outline several follow-up experiments investigating fine-grained effects of code complexity and describe possible refinements to code complexity metrics.

Modern vehicles become increasingly digitalized with advanced information technology-based solutions like advanced driving assistance systems and vehicle-to-x communications. These systems are complex and interconnected. Rising complexity and increasing outside exposure has created a steadily rising demand for more cyber-secure systems. Thus, also standardization bodies and regulators issued standards and regulations to prescribe more secure development processes. This security, however, also has to be validated and verified. In order to keep pace with the need for more thorough, quicker and comparable testing, today's generally manual testing processes have to be structured and optimized. Based on existing and emerging standards for cybersecurity engineering, this paper therefore outlines a structured testing process for verifying and validating automotive cybersecurity, for which there is no standardized method so far. Despite presenting a commonly structured framework, the process is flexible in order to allow implementers to utilize their own, accustomed toolsets.

This paper is a systemization of knowledge of autonomic cybersecurity. Disruptive technologies, such as IoT, AI and autonomous systems, are becoming more prevalent and often have little or no cybersecurity protections. This lack of security is contributing to the expanding cybersecurity attack surface. The autonomic computing initiative was started to address the complexity of administering complex computing systems by making them self-managing. Autonomic systems contain attributes to address cyberattacks, such as self-protecting and self-healing that can secure new technologies. There has been a number of research projects on autonomic cybersecurity, with different approaches and target technologies, many of them disruptive. This paper reviews autonomic computing, analyzes research on autonomic cybersecurity, and provides a systemization of knowledge of the research. The paper concludes with identification of gaps in autonomic cybersecurity for future research.

Aiming at the disadvantages of traditional methods such as low penetration path generation efficiency and low attack type recognition accuracy, an optimal penetration path generation algorithm based on the knowledge map power WEB system unknown attack is proposed. First, establish a minimum penetration path test model. And use the model to test the unknown attack of the penetration path under the power WEB system. Then, the ontology of the knowledge graph is designed. Finally, the design of the optimal penetration path generation algorithm based on the knowledge graph is completed. Experimental results show that the algorithm improves the efficiency of optimal penetration path generation, overcomes the shortcomings of traditional methods that can only describe known attacks, and can effectively guarantee the security of power WEB systems.

Network information security pipeline based on the grey relational cluster and neural networks is designed and implemented in this paper. This method is based on the principle that the optimal selected feature set must contain the feature with the highest information entropy gain to the data set category. First, the feature with the largest information gain is selected from all features as the search starting point, and then the sample data set classification mark is fully considered. For the better performance, the neural networks are considered. The network learning ability is directly determined by its complexity. The learning of general complex problems and large sample data will bring about a core dramatic increase in network scale. The proposed model is validated through the simulation.

Explainable Artificial Intelligence (XAI) is expected to play a key role in the design phase of next generation cellular networks. As 5G is being implemented and 6G is just in the conceptualization stage, it is increasingly clear that AI will be essential to manage the ever-growing complexity of the network. However, AI models will not only be required to deliver high levels of performance, but also high levels of explainability. In this paper we show how fuzzy models may be well suited to address this challenge. We compare fuzzy and classical decision tree models with a Random Forest (RF) classifier on a Quality of Experience classification dataset. The comparison suggests that, in our setting, fuzzy decision trees are easier to interpret and perform comparably or even better than classical ones in identifying stall events in a video streaming application. The accuracy drop with respect to RF classifier, which is considered to be a black-box ensemble model, is counterbalanced by a significant gain in terms of explainability.

Under the background of increasingly severe security situation, the new working mode of power mobile internet business anytime and anywhere has greatly increased the complexity of network interaction. At the same time, various means of breaking through the boundary protection and moving laterally are emerging in an endless stream. The existing boundary-based mobility The security protection architecture is difficult to effectively respond to the current complex and diverse network attacks and threats, and faces actual combat challenges. This article first analyzes the security risks faced by the existing power mobile Internet services, and conducts a collaborative analysis of the key points of zero-trust based security protection from multiple perspectives such as users, terminals, and applications; on this basis, from identity security authentication, continuous trust evaluation, and fine-grained access The dimension of control, fine-grained access control based on identity trust, and the design of a zero-trust-based power mobile interconnection business security protection framework to provide theoretical guidance for power mobile business security protection.

Distributed denial of service attacks are still one of the greatest threats for computer systems and networks. We propose an intelligent moving target solution against DDOS flooding attacks. Our solution will use a fast-flux approach combined with moving target techniques to increase attack cost and complexity by bringing dynamics and randomization in network address space. It continually increases attack costs and makes it harder and almost infeasible for botnets to launch an attack. Along with performing selective proxy server replication and shuffling clients among this proxy, our solution can successfully separate and isolate attackers from benign clients and mitigate large-scale and complex flooding attacks. Our approach effectively stops both network and application-layer attacks at a minimum cost. However, while we try to make prevalent attack launches difficult and expensive for Bot Masters, this approach is good enough to combat zero-day attacks, too. Using DNS capabilities to change IP addresses frequently along with the proxy servers included in the proposed architecture, it is possible to hide the original server address from the attacker and invalidate the data attackers gathered during the reconnaissance phase of attack and make them repeat this step over and over. Our simulations demonstrate that we can mitigate large-scale attacks with minimum possible cost and overhead.

We study the problem of randomized Leader Election in synchronous distributed networks with indistinguishable nodes. We consider algorithms that work on networks of arbitrary topology in two settings, depending on whether the size of the network, i.e., the number of nodes \$n\$, is known or not. In the former setting, we present a new Leader Election protocol that improves over previous work by lowering message complexity and making it close to a lower bound by a factor in \$$\backslash$widetildeO($\backslash$sqrtt\_mix$\backslash$sqrt$\backslash$Phi)\$, where $\Phi$ is the conductance and \textsubscriptmix is the mixing time of the network graph. We then show that lacking the network size no Leader Election algorithm can guarantee that the election is final with constant probability, even with unbounded communication. Hence, we further classify the problem as Leader Election (the classic one, requiring knowledge of \$n\$ - as is our first protocol) or Revocable Leader Election, and present a new polynomial time and message complexity Revocable Leader Election algorithm in the setting without knowledge of network size. We analyze time and message complexity of our protocols in the CONGEST model of communication.

Nowadays energy systems in many countries improve and develop being based on the concept of deep integration of energy as well as infocomm grids. Thus, energy grids find the possibility to analyze the state of the whole system in real time, to predict the processes in it, to have interactive cooperation with the clients and to run the appliance. Such concept has been named Smart Grid. This work highlights the concept of Smart Grid, possible vectors of attacks and identification of attack of false data injection (FDI) into the flow of measuring received from the sensors. Identification is based on the use of spatial and temporal correlations in Smart Grids.

With the increasing deployment of enterprise-scale distributed systems, effective and practical defenses for such systems against various security vulnerabilities such as sensitive data leaks are urgently needed. However, most existing solutions are limited to centralized programs. For real-world distributed systems which are of large scales, current solutions commonly face one or more of scalability, applicability, and portability challenges. To overcome these challenges, we develop a novel dynamic taint analysis for enterprise-scale distributed systems. To achieve scalability, we use a multi-phase analysis strategy to reduce the overall cost. We infer implicit dependencies via partial-ordering method events in distributed programs to address the applicability challenge. To achieve greater portability, the analysis is designed to work at an application level without customizing platforms. Empirical results have shown promising scalability and capabilities of our approach.

Cryptographic protocols are utilized for establishing a secure session between “honest” agents which communicate strictly according to the protocol rules as well as for ensuring the authenticated and confidential transmission of messages. The specification of a cryptographic protocol is usually presented as a set of requirements for the sequences of transmitted messages including the format of such messages. Note that protocol can describe several execution scenarios. All these requirements lead to a huge formal specification for a real cryptographic protocol and therefore, it is difficult to verify the security of the whole cryptographic protocol at once. In this paper, to overcome this problem, we suggest verifying the protocol security for its fragments. Namely, we verify the security properties for a special set of so-called traces of the cryptographic protocol. Intuitively, a trace of the cryptographic protocol is a sequence of computations, value checks, and transmissions on the sides of “honest” agents permitted by the protocol. In order to choose such set of traces, we introduce an Adversary model and the notion of a similarity relation for traces. We then verify the security properties of selected traces with Tamarin Prover. Experimental results for the EAP and Noise protocols clearly show that this approach can be promising for automatic verification of large protocols.

Multi-factor authentication (MFA) systems are being deployed for user authentication in online and personal device systems, whereas physical spaces mostly rely on single-factor authentication; examples are entering offices and homes, airport security, and classroom attendance. The Internet of Things (IoT) growth and market interest has created a diverse set of low-cost and flexible sensors and actuators that can be used for MFA. However, combining multiple authentication factors in a physical space adds several challenges, such as complex deployment, reduced usability, and increased energy consumption. We introduce MAFIA (Multi-layered Architecture For IoT-based Authentication), a novel architecture for co-located user authentication composed of multiple IoT devices. In MAFIA, we improve the security of physical spaces while considering usability, privacy, energy consumption, and deployment complexity. MAFIA is composed of three layers that define specific purposes for devices, guiding developers in the authentication design while providing a clear understanding of the trade-offs for different configurations. We describe a case study for an Automated Classroom Attendance System, where we evaluated three distinct types of authentication setups and showed that the most secure setup had a greater usability penalty, while the other two setups had similar attributes in terms of security, privacy, complexity, and usability but varied highly in their energy consumption.