Biblio

Searchable encryption is one of the most important techniques for the sensitive data outsourced to cloud server, and has been widely used in cloud storage which brings huge convenience and saves bandwidth and computing resources. A novel searchable cryptographic scheme is proposed by which data owner can control the search and use of the outsourced encrypted data according to its access control policy. The scheme is called searchable ciphertext-policy attribute-based encryption with multikeywords (CPABMKS). In the scheme, CP-ABE and keywords are combined together through the way that the keywords are regarded as the file attributes. To overcome the previous problems in cloud storage, access structures are hidden so that receivers cannot extract sensitive information from the ciphertext. At the same time, this scheme supports the multi-keywords search, and the data owner can outsource the encryption operations to the private cloud that can reduce the data owner' calculation. The security of this scheme is proved based on the DBDH assumption. Finally, scheme evaluation shows that the CPABMKS scheme is practical

Attributes-based encryption (ABE) is a promising cryptographic mechanism that provides a fine-grained access control for cloud environment. Since most of the parties exchange sensitive data among them by using cloud computing, data protection is very important for data confidentiality. Ciphertext policy attributes-based encryption (CP-ABE) is one of the ABE schemes, which performs an access control of security mechanisms for data protection in cloud storage. In CP-ABE, each user has a set of attributes and data encryption is associated with an access policy. The secret key of a user and the ciphertext are dependent upon attributes. A user is able to decrypt a ciphertext if and only if his attributes satisfy the access structure in the ciphertext. The practical applications of CP-ABE have still requirements for attributes policy management and user revocation. This paper proposed an important issue of policy revocation in CP-ABE scheme. In this paper, sensitive parts of personal health records (PHRs) are encrypted with the help of CP-ABE. In addition, policy revocation is considered to add in CP-ABE and generates a new secret key for authorized users. In proposed attributes based encryption scheme, PHRs owner changes attributes policy to update authorized user lists. When policy revocation occurs in proposed PHRs sharing system, a trusted authority (TA) calculates a partial secret token key according to a policy updating level and then issues new or updated secret keys for new policy. Proposed scheme emphasizes on key management, policy management and user revocation. It provides a full control on data owner according to a policy updating level what he chooses. It helps both PHRs owner and users for flexible policy revocation in CP-ABE without time consuming.

The rapidly growing body of research in adversarial machine learning has demonstrated that deep neural networks (DNNs) are highly vulnerable to adversarially generated images. This underscores the urgent need for practical defense techniques that can be readily deployed to combat attacks in real-time. Observing that many attack strategies aim to perturb image pixels in ways that are visually imperceptible, we place JPEG compression at the core of our proposed SHIELD defense framework, utilizing its capability to effectively "compress away" such pixel manipulation. To immunize a DNN model from artifacts introduced by compression, SHIELD "vaccinates" the model by retraining it with compressed images, where different compression levels are applied to generate multiple vaccinated models that are ultimately used together in an ensemble defense. On top of that, SHIELD adds an additional layer of protection by employing randomization at test time that compresses different regions of an image using random compression levels, making it harder for an adversary to estimate the transformation performed. This novel combination of vaccination, ensembling, and randomization makes SHIELD a fortified multi-pronged defense. We conducted extensive, large-scale experiments using the ImageNet dataset, and show that our approaches eliminate up to 98% of gray-box attacks delivered by strong adversarial techniques such as Carlini-Wagner's L2 attack and DeepFool. Our approaches are fast and work without requiring knowledge about the model.

Deep neural networks (DNNs) are known vulnerable to adversarial attacks. That is, adversarial examples, obtained by adding delicately crafted distortions onto original legal inputs, can mislead a DNN to classify them as any target labels. In a successful adversarial attack, the targeted mis-classification should be achieved with the minimal distortion added. In the literature, the added distortions are usually measured by \$L\_0\$, \$L\_1\$, \$L\_2\$, and \$L\_$\backslash$infty \$ norms, namely, L\_0, L\_1, L\_2, and L\_$ınfty$ attacks, respectively. However, there lacks a versatile framework for all types of adversarial attacks. This work for the first time unifies the methods of generating adversarial examples by leveraging ADMM (Alternating Direction Method of Multipliers), an operator splitting optimization approach, such that \$L\_0\$, \$L\_1\$, \$L\_2\$, and \$L\_$\backslash$infty \$ attacks can be effectively implemented by this general framework with little modifications. Comparing with the state-of-the-art attacks in each category, our ADMM-based attacks are so far the strongest, achieving both the 100% attack success rate and the minimal distortion.

Nowadays, network is one of the essential parts of life, and lots of primary activities are performed by using the network. Also, network security plays an important role in the administrator and monitors the operation of the system. The intrusion detection system (IDS) is a crucial module to detect and defend against the malicious traffics before the system is affected. This system can extract the information from the network system and quickly indicate the reaction which provides real-time protection for the protected system. However, detecting malicious traffics is very complicating because of their large quantity and variants. Also, the accuracy of detection and execution time are the challenges of some detection methods. In this paper, we propose an IDS platform based on convolutional neural network (CNN) called IDS-CNN to detect DoS attack. Experimental results show that our CNN based DoS detection obtains high accuracy at most 99.87%. Moreover, comparisons with other machine learning techniques including KNN, SVM, and Naïve Bayes demonstrate that our proposed method outperforms traditional ones.

This paper proposes a deep learning based method for efficient malware classification. Specially, we convert the malware classification problem into the image classification problem, which can be addressed through leveraging convolutional neural networks (CNNs). For many malware families, the images belonging to the same family have similar contours and textures, so we convert the Binary files of malware samples to uncompressed gray-scale images which possess complete information of the original malware without artificial feature extraction. We then design classifier based on Tensorflow framework of Google by combining the deep learning (DL) and malware detection technology. Experimental results show that the uncompressed gray-scale images of the malware are relatively easy to distinguish and the CNN based classifier can achieve a high success rate of 98.2%

In this study, we have used the Image Similarity technique to detect the unknown or new type of malware using CNN ap- proach. CNN was investigated and tested with three types of datasets i.e. one from Vision Research Lab, which contains 9458 gray-scale images that have been extracted from the same number of malware samples that come from 25 differ- ent malware families, and second was benign dataset which contained 3000 different kinds of benign software. Benign dataset and dataset vision research lab were initially exe- cutable files which were converted in to binary code and then converted in to image files. We obtained a testing ac- curacy of 98% on Vision Research dataset.

Deep neural network based steganalysis has developed rapidly in recent years, which poses a challenge to the security of steganography. However, there is no steganography method that can effectively resist the neural networks for steganalysis at present. In this paper, we propose a new strategy that constructs enhanced covers against neural networks with the technique of adversarial examples. The enhanced covers and their corresponding stegos are most likely to be judged as covers by the networks. Besides, we use both deep neural network based steganalysis and high-dimensional feature classifiers to evaluate the performance of steganography and propose a new comprehensive security criterion. We also make a tradeoff between the two analysis systems and improve the comprehensive security. The effectiveness of the proposed scheme is verified with the evidence obtained from the experiments on the BOSSbase using the steganography algorithm of WOW and popular steganalyzers with rich models and three state-of-the-art neural networks.

Deep learning technologies, which are the key components of state-of-the-art Artificial Intelligence (AI) services, have shown great success in providing human-level capabilities for a variety of tasks, such as visual analysis, speech recognition, and natural language processing and etc. Building a production-level deep learning model is a non-trivial task, which requires a large amount of training data, powerful computing resources, and human expertises. Therefore, illegitimate reproducing, distribution, and the derivation of proprietary deep learning models can lead to copyright infringement and economic harm to model creators. Therefore, it is essential to devise a technique to protect the intellectual property of deep learning models and enable external verification of the model ownership. In this paper, we generalize the "digital watermarking'' concept from multimedia ownership verification to deep neural network (DNNs) models. We investigate three DNN-applicable watermark generation algorithms, propose a watermark implanting approach to infuse watermark into deep learning models, and design a remote verification mechanism to determine the model ownership. By extending the intrinsic generalization and memorization capabilities of deep neural networks, we enable the models to learn specially crafted watermarks at training and activate with pre-specified predictions when observing the watermark patterns at inference. We evaluate our approach with two image recognition benchmark datasets. Our framework accurately (100$\backslash$%) and quickly verifies the ownership of all the remotely deployed deep learning models without affecting the model accuracy for normal input data. In addition, the embedded watermarks in DNN models are robust and resilient to different counter-watermark mechanisms, such as fine-tuning, parameter pruning, and model inversion attacks.

Automated network control and management has been a long standing target of network protocols. We address in this paper the question of automated protocol design, where distributed networked nodes have to cooperate to achieve a common goal without a priori knowledge on which information to exchange or the network topology. While reinforcement learning has often been proposed for this task, we propose here to apply recent methods from semi-supervised deep neural networks which are focused on graphs. Our main contribution is an approach for applying graph-based deep learning on distributed routing protocols via a novel neural network architecture named Graph-Query Neural Network. We apply our approach to the tasks of shortest path and max-min routing. We evaluate the learned protocols in cold-start and also in case of topology changes. Numerical results show that our approach is able to automatically develop efficient routing protocols for those two use-cases with accuracies larger than 95%. We also show that specific properties of network protocols, such as resilience to packet loss, can be explicitly included in the learned protocol.

Silicon Physical Unclonable Function (PUF) is arguably the most promising hardware security primitive. In particular, PUFs that are capable of generating a large amount of challenge response pairs (CRPs) can be used in many security applications. However, these CRPs can also be exploited by machine learning attacks to model the PUF and predict its response. In this paper, we first show that, based on data in the public domain, two popular PUFs that can generate CRPs (i.e., arbiter PUF and reconfigurable ring oscillator (RO) PUF) can be broken by simple logistic regression (LR) attack with about 99% accuracy. We then propose a feedback structure to XOR the PUF response with the challenge and challenge the PUF again to generate the response. Results show that this successfully reduces LR's learning accuracy to the lower 50%, but artificial neural network (ANN) learning attack still has an 80% success rate. Therefore, we propose a configurable ring oscillator based dual-mode PUF which works with both odd number of inverters (like the reconfigurable RO PUF) and even number of inverters (like a bistable ring (BR) PUF). Since currently there are no known attacks that can model both RO PUF and BR PUF, the dual-mode PUF will be resistant to modeling attacks as long as we can hide its working mode from the attackers, which we achieve with two practical methods. Finally, we implement the proposed dual-mode PUF on Nexys 4 FPGA boards and collect real measurement to show that it reduces the learning accuracy of LR and ANN to the mid-50% and low 60%, respectively. In addition, it meets the PUF requirements of uniqueness, randomness, and robustness.

The power of artificial neural networks to form predictive models for phenomenon that exhibit non-linear relationships is a given fact. Despite this advantage, artificial neural networks are known to suffer drawbacks such as long training times and computational intensity. The researchers propose a two-tiered approach to enhance the learning performance of artificial neural networks for phenomenon with time series where data exhibits predictable changes that occur every calendar year. This paper focuses on the initial results of the first phase of the proposed algorithm which incorporates clustering and classification prior to application of the backpropagation algorithm. The 2016–2017 zonal load data of France is used as the data set. K-means is chosen as the clustering algorithm and a comparison is made between Naïve Bayes and k-Nearest Neighbors to determine the better classifier for this data set. The initial results show that electrical load behavior is not necessarily reflective of calendar clustering even without using the min-max temperature recorded during the inclusive months. Simulating the day-type classification process using one cluster, initial results show that the k-nearest neighbors outperforms the Naïve Bayes classifier for this data set and that the best feature to be used for classification into day type is the daily min-max load. These classified load data is expected to reduce training time and improve the overall performance of short-term load demand predictive models in a future paper.

The Cyber Transport Systems (CTSs) have made significant advancement along with the development of the information technology and transportation industries worldwide. The rapid proliferation of cyber transportation technology provides rich information and infinite possibilities for our society to understand and use the complex inherent mechanism, which governs the novel intelligence world. In addition, applying information technology to cyber transportation applications open a range of new application scenarios, such as vehicular safety, energy efficiency, reduced pollution, and intelligent maintenance services. However, while enjoying the services and convenience provided by CTS, users, vehicles, even the systems might lose privacy during information transmitting and processing. This paper summarizes the state-of-art research findings on information privacy issues in a broad range. We firstly introduce the typical types of information and the basic mechanisms of information communication in CTS. Secondly, considering the information privacy issues of CTS, we present the literature on information privacy issues and privacy protection approaches in CTS. Thirdly, we discuss the emerging challenges and the opportunities for the information technology community in CTS.

Big data is a buzzword used to describe massive volumes of data that provides opportunities of exploring new insights through data analytics. However, big data is mostly structured but can be semi-structured or unstructured. It is normally so large that it is not only difficult but also slow to process using traditional computing systems. One of the solutions is to format the data as graph data structures and process them on shared memory architecture to use fast and novel policies such as transactional memory. In most graph applications in big data type problems such as bioinformatics, social networks, and cybersecurity, graphs are sparse in nature. Due to this sparsity, we have the opportunity to use Transactional Memory (TM) as the synchronization policy for critical sections to speedup applications. At low conflict probability TM performs better than most synchronization policies due to its inherent non-blocking characteristics. TM can be implemented in Software, Hardware or a combination of both. However, hardware TM implementations are fast but limited by scarce hardware resources while software implementations have high overheads which can degrade performance. In this paper, we develop a low overhead, yet simple, dynamically adaptive (i.e., at runtime) hybrid (i.e., combines hardware and software) TM (DyAd-HyTM) scheme that combines the best features of both Hardware TM (HTM) and Software TM (STM) while adapting to application's requirements. It performs better than coarse-grain lock by up to 8.12x, a low overhead STM by up to 2.68x, a couple of implementations of HTMs (by up to 2.59x), and other HyTMs (by up to 1.55x) for SSCA-2 graph benchmark running on a multicore machine with a large shared memory.

A recent paper (Oakland 2017) discussed science and security research in the context of the government-funded Science of Security movement, and the history and prospects of security as a scientific pursuit. It drew on literature from within the security research community, and mature history and philosophy of science literature. The paper sparked debate in numerous organizations and the security community. Here we consider some of the main ideas, provide a summary list of relevant literature, and encourage discussion within the Moving Target Defense (MTD) sub-community1.

Process anomaly is used for detecting cyber-physical attacks on critical infrastructure such as plants for water treatment and electric power generation. Identification of process anomaly is possible using rules that govern the physical and chemical behavior of the process within a plant. These rules, often referred to as invariants, can be derived either directly from plant design or from the data generated in an operational. However, for operational legacy plants, one might consider a data-centric approach for the derivation of invariants. The study reported here is a comparison of design-centric and data-centric approaches to derive process invariants. The study was conducted using the design of, and the data generated from, an operational water treatment plant. The outcome of the study supports the conjecture that neither approach is adequate in itself, and hence, the two ought to be integrated.

In a world of ever-increasing systems interdependence, effective cybersecurity policy design seems to be one of the most critically understudied elements of our national security strategy. Enterprise cyber technologies are often implemented without much regard to the interactions that occur between humans and the new technology. Furthermore, the interactions that occur between individuals can often have an impact on the newly employed technology as well. Without a rigorous, evidence-based approach to ground an employment strategy and elucidate the emergent organizational needs that will come with the fielding of new cyber capabilities, one is left to speculate on the impact that novel technologies will have on the aggregate functioning of the enterprise. In this paper, we will explore a scenario in which a hypothetical government agency applies a complexity science perspective, supported by agent-based modeling, to more fully understand the impacts of strategic policy decisions. We present a model to explore the socio-technical dynamics of these systems, discuss lessons using this platform, and suggest further research and development.

The U.S. federal governments and agencies face increasingly sophisticated and persistent cyber threats and cyberattacks from black hat hackers who breach cybersecurity for malicious purposes or for personal gain. With the rise of malicious attacks that caused untold financial damage and substantial reputational damage, private-sector high-tech firms such as Google, Microsoft and Yahoo have adopted an innovative practice known as vulnerability reward program (VRP) or bug bounty program which crowdsources software bug detection from the cybersecurity community. In an alignment with the 2016 U.S. Cybersecurity National Action Plan, the Department of Defense adopted a pilot VRP in 2016. This paper examines the Pentagon's VRP and examines how it may fit with the national cybersecurity policy and the need for new and enhanced cybersecurity capability development. Our case study results show the feasibility of the government adoption and implementation of the innovative concept of VRP to enhance the government cybersecurity posture.

Today cyber security is one of the most active fields of re- search due to its wide range of impact in business, govern- ment and everyday life. In recent years machine learning methods and algorithms have been quite successful in a num- ber of security areas. In this paper, we explore an approach to classify intrusion called multi-perspective machine learn- ing (MPML). For any given cyber-attack there are multiple methods of detection. Every method of detection is built on one or more network characteristic. These characteristics are then represented by a number of network features. The main idea behind MPML is that, by grouping features that support the same characteristics into feature subsets called perspectives, this will encourage diversity among perspectives (classifiers in the ensemble) and improve the accuracy of prediction. Initial results on the NSL- KDD dataset show at least a 4% improvement over other ensemble methods such as bagging boosting rotation forest and random for- est.

Organizations develop technical and procedural measures to protect information systems. Relying only on technical based security solutions is not enough. Organizations must consider technical security solutions along with social, human, and organizational factors. The human element represents the employees (insiders) who use the information systems and other technology resources in their day-to-day operations. ISP awareness is essential to protect organizational information systems. This study adapts the Innovation Diffusion Theory to examine the antecedents of ISP awareness and its impact on the satisfaction with ISP and security practices. A sample of 236 employees in universities in the United States is collected to evaluate the research model. Results indicated that ISP quality, self-efficacy, and technology security awareness significantly impact ISP awareness. The current study presents significant contributions toward understanding the antecedents of ISP awareness and provides a starting point toward including satisfaction aspect in information security behavioral domain.

This paper suggests a conceptual mechanism for increasing the security level of the global information community, national information technology infrastructures (e-governments) and private cloud structures, which uses the logical characteristic of IPv6-protocol. The mechanism is based on the properties of the IPv6-header and, in particular, rules of coding IPv6-addresses.

This study seeks to investigate how the development of e-government services impacts on cybersecurity. The study uses the methods of correlation and multiple regression to analyse two sets of global data, the e-government development index of the 2015 United Nations e-government survey and the 2015 International Telecommunication Union global cybersecurity development index (GCI 2015). After analysing the various contextual factors affecting e-government development, the study found that, various composite measures of e-government development are significantly correlated with cybersecurity development. The therefore study contributes to the understanding of the relationship between e-government and cybersecurity development. The authors developed a model to highlight this relationship and have validated the model using empirical data. This is expected to provide guidance on specific dimensions of e-government services that will stimulate the development of cybersecurity. The study provided the basis for understanding the patterns in cybersecurity development and has implication for policy makers in developing trust and confidence for the adoption e-government services.

Mobile cloud computing paradigm enables cloud servers to extend the limited hardware resources of mobile devices improving availability and reliability of the services provided. Consequently, private, financial, business and critical data pass through wireless access media exposed to malicious attacks. Mobile cloud infrastructure requires new security mechanisms, at the same time as offloading operations need to maintain the advantages of saving processing and energy of the device. Thus, this paper implements a middleware-based computational offloading with cryptographic algorithms and evaluates two mechanisms (symmetric and asymmetric), to provide the integrity and authenticity of data that a smartphone offloads to mobile cloud servers. Also, the paper discusses the factors that impact on power consumption and performance on smartphones that's run resource-intensive applications.

Application-level data management middleware solutions are becoming increasingly compelling to deal with the complexity of a multi-cloud or federated cloud storage and multitenant storage architecture. However, these systems typically support traditional data mapping strategies that are created under the assumption of a fixed and rigorous database schema, and mapping data objects while supporting varying data confidentiality requirements therefore leads to fragmentation of data over distributed storage nodes. This introduces performance over-head at the level of individual database transactions and negatively affects the overall scalability. This paper discusses these challenges and highlights the potential of leveraging the data schema flexibility of NoSQL databases to accomplish dynamic and fine-grained data encryption in a more efficient and scalable manner. We illustrate these ideas in the context of an industrial multi-tenant SaaS application.

The increase of sensitive data in the current Internet of Things (IoT) raises demands of computation, communication and storage capabilities. Indeed, thanks to RFID tags and wireless sensor networks, anything can be part of IoT. As a result, a large amount of data is generated, which is hard for many IoT devices to handle, as many IoT devices are resource-constrained and cannot use the existing standard security protocols. Cloud computing might seem like a convenient solution, since it offers on-demand access to a shared pool of resources such as processors, storage, applications and services. However this comes as a cost, as unnecessary communications not only burden the core network, but also the data center in the cloud. Therefore, considering suitable approaches such as fog computing and security middleware solutions is crucial. In this paper, we propose a novel middleware architecture to solve the above issues, and discuss the generic concept of using fog computing along with cloud in order to achieve a higher security level. Our security middleware acts as a smart gateway as it is meant to pre-process data at the edge of the network. Depending on the received information, data might either be processed and stored locally on fog or sent to the cloud for further processing. Moreover, in our scheme, IoT constrained devices communicate through the proposed middleware, which provide access to more computing power and enhanced capability to perform secure communications. We discuss these concepts in detail, and explain how our proposal is effective to cope with some of the most relevant IoT security challenges.