Biblio

Web services are growing demand with fundamental advancements and have given more space to researchers for improving security of all real world applications. Accessing and get authenticated in many applications on web services, user discloses their password and other privacy data to the server for authentication purposes. These shared information should be maintained by the server with high security, otherwise it can be used for illegal purposes for any authentication breach. Protecting the applications from various attacks is more important. Comparing the security threats, insider attacks are most challenging to identify due to the fact that they use the authentication of legitimate users and their privileges to access the application and may cause serious threat to the application. Insider attacks has been studied in previous researchers with different security measures, however there is no much strong work proposed. Various security protocols were proposed for defending insider attackers. The proposed work focused on insider attack protection through Elgamal cryptography technique. The proposed work is much effective on insider attacks and also defends against various attacks. The proposed protocol is better than existing works. The key computation cost and communication cost is relatively low in this proposed work. The proposed work authenticates the application by parallel process of two way authentication mechanism through Elgamal algorithm.

Among the greatest obstacles in cybersecurity is insider threat, which is a well-known massive issue. This anomaly shows that the vulnerability calls for specialized detection techniques, and resources that can help with the accurate and quick detection of an insider who is harmful. Numerous studies on identifying insider threats and related topics were also conducted to tackle this problem are proposed. Various researches sought to improve the conceptual perception of insider risks. Furthermore, there are numerous drawbacks, including a dearth of actual cases, unfairness in drawing decisions, a lack of self-optimization in learning, which would be a huge concern and is still vague, and the absence of an investigation that focuses on the conceptual, technological, and numerical facets concerning insider threats and identifying insider threats from a wide range of perspectives. The intention of the paper is to afford a thorough exploration of the categories, levels, and methodologies of modern insiders based on machine learning techniques. Further, the approach and evaluation metrics for predictive models based on machine learning are discussed. The paper concludes by outlining the difficulties encountered and offering some suggestions for efficient threat identification using machine learning.

A malicious insider threat is more vulnerable to an organization. It is necessary to detect the malicious insider because of its huge impact to an organization. The occurrence of a malicious insider threat is less but quite destructive. So, the major focus of this paper is to detect the malicious insider threat in an organization. The traditional insider threat detection algorithm is not suitable for real time insider threat detection. A supervised learning-based anomaly detection technique is used to classify, predict and detect the malicious and non-malicious activity based on highest level of anomaly score. In this paper, a framework is proposed to detect the malicious insider threat using supervised learning-based anomaly detection. It is used to detect the malicious insider threat activity using One-Class Support Vector Machine (OCSVM). The experimental results shows that the proposed framework using OCSVM performs well and detects the malicious insider who obtain huge anomaly score than a normal user.

This paper deals with how to implement a system that extends insider threat behavior data using private blockchain technology to overcome the limitations of insider threat datasets. Currently, insider threat data is completely undetectable in existing datasets for new methods of insider threat due to the lack of insider threat scenarios and abstracted event behavior. Also, depending on the size of the company, it was difficult to secure a sample of data with the limit of a small number of leaks among many general users in other organizations. In this study, we consider insiders who pose a threat to all businesses as public enemies. In addition, we proposed a system that can use a private blockchain to expand insider threat behavior data between network participants in real-time to ensure reliability and transparency.

This paper discusses the outcome of combining insider threat agent taxonomies with the aim of enhancing insider threat detection. The objectives sought to explore taxonomy combinations and investigate threat sophistication from the taxonomy combinations. Investigations revealed the plausibility of combining the various taxonomy categories to derive a new taxonomy. An observation on category combinations yielded the introduction of the concept of a threat path. The proposed taxonomy tree consisted of more than a million threat-paths obtained using a formula from combinatorics analysis. The taxonomy category combinations thus increase the insider threat landscape and hence the gap between insider threat agent sophistication and countermeasures. On the defensive side, knowledge of insider threat agent taxonomy category combinations has the potential to enhance defensive countermeasure tactics, techniques and procedures, thus increasing the chances of insider threat detection.

Insider threats are steadily increasing, and the damage is also enormous. To prevent insider threats, security solutions, such as DLP, SIEM, etc., are being steadily developed. However, they have limitations due to the high rate of false positives. In this paper, we propose a data analysis method and methodology for responding to a technology leak incident. The future study may be performed based on the proposed methodology.

Many organisations responded to the recent global pandemic by moving operations online. This has led to increased exposure to information security-related risks. There is thus an increased need to ensure organisational information security awareness programs are up to date and relevant to the needs of the intended target audience. The advent of online educational providers has similarly placed increased pressure on the formal educational sector to ensure course content is updated to remain relevant. Such processes of academic reflection and review should consider formal curriculum standards and guidelines in order to ensure wide relevance. This paper presents a case study of the review of an Introduction to Information Security course. This review is informed by the Information Security and Assurance knowledge area of the ACM/IEEE Computer Science 2013 curriculum standard. The paper presents lessons learned during this review process to serve as a guide for future reviews of this nature. The authors assert that these lessons learned can also be of value during the review of organisational information security awareness programs.

Based on the characteristics of the new power system with many points, wide range and unattended, this paper studies the specific Cyberspace security risks faced by the disease control side, the station side and the site side, and proposes a new power system Cyberspace security assurance system of “integration of collection, network, side, end, industry and people”. The site side security access measures, the site side civil air defense technology integration measures, the whole business endogenous security mechanism, the whole domain communication security mechanism, the integrated monitoring and early warning and emergency response mechanism are specifically adopted to form a comprehensive integrated security mechanism for the new power system, form a sustainable protection model, effectively improve the security capability, while taking into account the cost and operational complexity of specific implementation links, Provide comprehensive guarantee capability for the safe operation of the new power system.

This article provides an overview of the security of VANET, which is a vehicle network. When reviewing this topic, publications of various researchers were considered. The article provides information security requirements for VANET, an overview of security research, an overview of existing attacks, methods for detecting attacks and appropriate countermeasures against such threats.

As an important pillar of social informatization, e-government not only provides more convenient services for the public, but also effectively improves administrative efficiency. At the same time, the application of cloud computing technology also urgently requires the government to improve the level of digital construction. This paper proposes the concept of e-government based on cloud computing, analyze the possible hidden dangers that cloud computing brings to e-government in management, technology, and security, and build cloud computing e-government information security system from three aspects: cloud security management, cloud security technology, and cloud security assurance.

Big Data is a concept used in various sectors today, including the government sector in the Smart Government initiative. With a large amount of structured and unstructured data being managed, information assurance becomes important in adopting Big Data. However, so far, no research has focused on information assurance for Big Data. This paper identified information assurance factors for Big Data. This research used the systematic snapshot mapping approach to examine factors relating to information assurance from the literature related to Big Data from 2011 through 2021. The data extraction process in gathering 15 relevant papers. The findings revealed ten factors influencing the information assurance implementation for Big Data, with the security factor becoming the most concentrated factor with 18 sub-factors. The findings are expected to serve as a foundation for adopting information assurance for Big Data to develop an information assurance framework for Smart Government.

In recent years, data security incidents caused by insider threats in distributed file systems have attracted the attention of academia and industry. The most common way to detect insider threats is based on user profiles. Through analysis, we realize that based on existing user profiles are not efficient enough, and there are many false positives when a stable user profile has not yet been formed. In this work, we propose personalized user profiles and design an insider threat detection framework, which can intelligently detect insider threats for securing distributed file systems in real-time. To generate personalized user profiles, we come up with a time window-based clustering algorithm and a weighted kernel density estimation algorithm. Compared with non-personalized user profiles, both the Recall and Precision of insider threat detection based on personalized user profiles have been improved, resulting in their harmonic mean F1 increased to 96.52%. Meanwhile, to reduce the false positives of insider threat detection, we put forward operation recommendations based on user similarity to predict new operations that users will produce in the future, which can reduce the false positive rate (FPR). The FPR is reduced to 1.54% and the false positive identification rate (FPIR) is as high as 92.62%. Furthermore, to mitigate the risks caused by inaccurate authorization for users, we present user tags based on operation content and permission. The experimental results show that our proposed framework can detect insider threats more effectively and precisely, with lower FPR and high FPIR.

Password-based authentication system has been praised for its user-friendly, cost-effective, and easily deployable features. It is arguably the most commonly used security mechanism for various resources, services, and applications. On the other hand, it has well-known security flaws, including vulnerability to guessing attacks. Present state-of-the-art approaches have high overheads, as well as difficulties and unreliability during training, resulting in a poor user experience and a high false positive rate. As a result, a lightweight authentication compromise detection model that can make accurate detection with a low false positive rate is required.In this paper we propose – LOG-OFF – a behavior-based authentication compromise detection model. LOG-OFF is a lightweight model that can be deployed efficiently in practice because it does not include a labeled dataset. Based on the assumption that the behavioral pattern of a specific user does not suddenly change, we study the real-world authentication traffic data. The dataset contains more than 4 million records. We use two features to model the user behaviors, i.e., consecutive failures and login time, and develop a novel approach. LOG-OFF learns from the historical user behaviors to construct user profiles and makes probabilistic predictions of future login attempts for authentication compromise detection. LOG-OFF has a low false positive rate and latency, making it suitable for real-world deployment. In addition, it can also evolve with time and make more accurate detection as more data is being collected.

Recently, internet services have increased rapidly due to the Covid-19 epidemic. As a result, cloud computing applications, which serve end-users as subscriptions, are rising. Cloud computing provides various possibilities like cost savings, time and access to online resources via the internet for end-users. But as the number of cloud users increases, so does the potential for attacks. The availability and efficiency of cloud computing resources may be affected by a Distributed Denial of Service (DDoS) attack that could disrupt services' availability and processing power. DDoS attacks pose a serious threat to the integrity and confidentiality of computer networks and systems that remain important assets in the world today. Since there is no effective way to detect DDoS attacks, it is a reliable weapon for cyber attackers. However, the existing methods have limitations, such as relatively low accuracy detection and high false rate performance. To tackle these issues, this paper proposes a Deep Generative Radial Neural Network (DGRNN) with a sigmoid activation function and Mutual Information Gain based Feature Selection (MIGFS) techniques for detecting DDoS attacks for the cloud environment. Specifically, the proposed first pre-processing step uses data preparation using the (Network Security Lab) NSL-KDD dataset. The MIGFS algorithm detects the most efficient relevant features for DDoS attacks from the pre-processed dataset. The features are calculated by trust evaluation for detecting the attack based on relative features. After that, the proposed DGRNN algorithm is utilized for classification to detect DDoS attacks. The sigmoid activation function is to find accurate results for prediction in the cloud environment. So thus, the proposed experiment provides effective classification accuracy, performance, and time complexity.

Over the years, false news has polluted the online media landscape across the world. In this “post-truth” era, the narratives created by false news have now come into fruition through dismantled democracies, disbelief in science, and hyper-polarized societies. Despite increased efforts in fact-checking & labeling, strengthening detection systems, de-platforming powerful users, promoting media literacy and awareness of the issue, false news continues to be spread exponentially. This study models the behaviors of both the victims of false news and the platform in which it is spread— through the system dynamics methodology. The model was used to develop a policy design by evaluating existing and proposed solutions. The results recommended actively countering confirmation bias, restructuring social networking sites’ recommendation algorithms, and increasing public trust in news organizations.

New malware increasingly adopts novel fileless techniques to evade detection from antivirus programs. Process injection is one of the most popular fileless attack techniques. This technique makes malware more stealthy by writing malicious code into memory space and reusing the name and port of the host process. It is difficult for traditional security software to detect and intercept process injections due to the stealthiness of its behavior. We propose a novel framework called ProcGuard for detecting process injection behaviors. This framework collects sensitive function call information of typical process injection. Then we perform a fine-grained analysis of process injection behavior based on the function call chain characteristics of the program, and we also use the improved RCNN network to enhance API analysis on the tampered memory segments. We combine API analysis with deep learning to determine whether a process injection attack has been executed. We collect a large number of malicious samples with process injection behavior and construct a dataset for evaluating the effectiveness of ProcGuard. The experimental results demonstrate that it achieves an accuracy of 81.58% with a lower false-positive rate compared to other systems. In addition, we also evaluate the detection time and runtime performance loss metrics of ProcGuard, both of which are improved compared to previous detection tools.

Unmanned aerial vehicles (UAVs) and various network entities deployed on the ground can communicate with each other over the Internet of Drones (IoD), a network architecture designed expressly to allow communications between heterogenous entities. Drone technology has a wide range of uses, including on-demand package delivery, traffic and wild life surveillance, inspection of infrastructure and search, rescue and agriculture. However, IoD systems are vulnerable to numerous attacks, The main goal is to develop an all-encompassing security model that can be used to analyze security concerns in various UAV-based systems. With exceptional flexibility and increasing efficiency, trust management is a promising alternative to traditional detection methods. In a heterogeneous environment, it is also compatible with other security mechanisms. In this article, we present a fuzzy logic as an Insider Detection technique which calculate sensor data trust and assessing node behavior. To build confidence throughout the entire IoD, our proposal divides trust into two parts: Data trust and Node trust. This is in contrast to earlier models. Experimental results show that our solution is effective in terms of False positive ratio and Average of end-to-end delay.

The fast-evolving Intelligent Transportation Systems (ITS) are crucial in the 21st century, promising answers to congestion and accidents that bother people worldwide. ITS applications such as Connected and Autonomous Vehicle (CAVs) update and broadcasts road incident event messages, and this requires significant data to be transmitted between vehicles for a decision to be made in real-time. However, broadcasting trusted incident messages such as accident alerts between vehicles pose a challenge for CAVs. Most of the existing-trust solutions are based on the vehicle's direct interaction base reputation and the psychological approaches to evaluate the trustworthiness of the received messages. This paper provides a scheme for improving trust in the received incident alert messages for real-time decision-making to detect malicious alerts between CAVs using direct and indirect interactions. This paper applies artificial intelligence and statistical data classification for decision-making on the received messages. The model is trained based on the US Department of Technology Safety Pilot Deployment Model (SPMD). An Autonomous Decision-making Trust Scheme (ADmTS) that incorporates a machine learning algorithm and a local trust manager for decision-making has been developed. The experiment showed that the trained model could make correct predictions such as 98% and 0.55% standard deviation accuracy in predicting false alerts on the 25% malicious data

Intelligent connected vehicle platoon technology can reduce traffic congestion and vehicle fuel. However, attacks on the data transmitted by the platoon are one of the primary challenges encountered by the platoon during its travels. The false data injection (FDI) attack can lead to road congestion and even vehicle collisions, which can impact the platoon. However, the complexity of the cellular - vehicle to everything (C-V2X) environment, the single source of the message and the poor data processing capability of the on board unit (OBU) make the traditional detection methods’ success rate and response time poor. This study proposes a platoon state information fusion method using the communication characteristics of the platoon in C-V2X and proposes a novel platoon intrusion detection model based on this fusion method combined with sequential importance sampling (SIS). The SIS is a measured strategy of Monte Carlo integration sampling. Specifically, the method takes the status information of the platoon members as the predicted value input. It uses the leader vehicle status information as the posterior probability of the observed value to the current moment of the platoon members. The posterior probabilities of the platoon members and the weights of the platoon members at the last moment are used as input to update the weights of the platoon members at the current moment and obtain the desired platoon status information at the present moment. Moreover, it compares the status information of the platoon members with the desired status information to detect attacks on the platoon. Finally, the effectiveness of the method is demonstrated by simulation.

In Wireless Sensor Networks (WSNs), energy and security are two critical concerns that must be addressed. Because of the scarcity of energy, several security measures are restricted. For secure data routing in WSN, it becomes vital to identify insider packet drop attacks. The trust mechanism is an effective strategy for detecting this assault. Each node in this system validates the trustworthiness of its neighbors before transmitting packets, ensuring that only trust-worthy nodes get packets. With such a trust-aware scheme, however, there is a risk of false alarm. This work develops an adaptive trust computation model (TCM)which is implemented in our already proposed Chimp Optimization Algorithm-based Energy-Aware Secure Routing Protocol (COA-EASRP) for WSN. The proposed technique computes the optimal path using the hybrid combination of COA-EASRP and AODV as well as TCM is used to indicate false alarms in detecting selfish nodes. Our Proposed approach provides the series of Simulation outputs carried out based on various parameters

With the continuous development of vehicular ad hoc networks (VANETs), it brings great traffic convenience. How-ever, it is still a difficult problem for malicious vehicles to spread false news. In order to ensure the reliability of the message, an effective trust management model must be established, so that malicious vehicles can be detected and false information can be identified in the vehicle ad hoc network in time. This paper presents a trust management model based on machine learning and active detection technology, which evaluates the trust of vehicles and events to ensure the credibility of communication. Through the active detection mechanism, vehicles can detect the indirect trust of their neighbors, which improves the filtering speed of malicious nodes. Bayesian classifier can judge whether a vehicle is a malicious node by the state information of the vehicle, and can limit the behavior of the malicious vehicle at the first time. The simulation results show that our scheme can obviously restrict malicious vehicles.

The security control problem of cyber-physical system (CPS) under actuator attacks is studied in the paper. Considering the strict-feedback cyber-physical systems with external disturbance, a security control scheme is proposed by combining backstepping method and super-twisting sliding mode technology when the transmission control input signal of network layer is under false data injection(FDI) attack. Firstly, the unknown nonlinear function of the CPS is identified by Radial Basis Function Neural Network. Secondly, the backstepping method and super-twisting sliding mode algorithm are combined to eliminate the influence of actuator attack and ensure the robustness of the control system. Then, by Lyapunov stability theory, it is proved that the proposed control scheme can ensure that all signals in the closed-loop system are semi-global and ultimately uniformly bounded. Finally, the effectiveness of the proposed control scheme is verified by the inverted pendulum simulation.

In this paper, a data-driven security detection approach is proposed in a simple manner. The detector is designed to deal with false data injection attacks suffered by industrial cyber-physical systems with unknown model information. First, the attacks are modeled from the perspective of the generalized plant mismatch, rather than the operating data being tampered. Second, some subsystems are selected to reduce the design complexity of the detector, and based on them, an output estimator with iterative form is presented in a theoretical way. Then, a security detector is constructed based on the proposed estimator and its cost function. Finally, the effectiveness of the proposed approach is verified by simulations of a Western States Coordinated Council 9-bus power system.

Since the cyber and physical layers in the distribution system are deeply integrated, the traditional distribution system has gradually developed into the cyber-physical distribution system (CPDS), and the failures of the cyber layer will affect the reliable and safe operation of the whole distribution system. Therefore, this paper proposes an CPDS planning method considering the reliability of the cyber-physical system. First, the reliability evaluation model of CPDS is proposed. Specifically, the functional reliability model of the cyber layer is introduced, based on which the physical equipment reliability model is further investigated. Second, an optimal planning model of CPDS considering cyber-physical random failures is developed, which is solved using the Monte Carlo Simulation technique. The proposed model is tested on the modified IEEE 33-node distribution system, and the results demonstrate the effectiveness of the proposed method.

A methodology for studying the level of security for various types of CPS through the analysis of the consequences was developed during the research process. An analysis of the architecture of cyber-physical systems was carried out, vulnerabilities and threats of specific devices were identified, a list of possible information attacks and their consequences after the exploitation of vulnerabilities was identified. The object of research is models of cyber-physical systems, including IoT devices, microcomputers, various sensors that function through communication channels, organized by cyber-physical objects. The main subjects of this investigation are methods and means of security testing of cyber-physical systems (CPS). The main objective of this investigation is to update the problem of security in cyber-physical systems, to analyze the security of these systems. In practice, the testing methodology for the cyber-physical system “Smart Factory” was implemented, which simulates the operation of a real CPS, with different types of links and protocols used.