Biblio

With the booming of Internet technology, the continuous emergence of new technologies and new algorithms greatly expands the application boundaries of cyberspace. While enjoying the convenience brought by informatization, the society is also facing increasingly severe threats to the security of cyberspace. In cyber security defense, cyberspace operators rely on the discovered vulnerabilities, attack patterns, TTPs, and other knowledge to observe, analyze and determine the current threats to the network and security situation in cyberspace, and then make corresponding decisions. However, most of such open-source knowledge is distributed in different data sources in the form of text or web pages, which is not conducive to the understanding, query and correlation analysis of cyberspace operators. In this paper, a knowledge graph for cyber security is constructed to solve this problem. At first, in the process of obtaining security data from multi-source heterogeneous cyberspaces, we adopt efficient crawler to crawl the required data, paving the way for knowledge graph building. In order to establish the ontology required by the knowledge graph, we abstract the overall framework of security data sources in cyberspace, and depict in detail the correlations among various data sources. Then, based on the \$$\backslash$mathbfOWL +$\backslash$mathbfSWRL\$ language, we construct the cyber security knowledge graph. On this basis, we design an analysis system for situation in cyberspace based on knowledge graph and the Snort intrusion detection system (IDS), and study the rules in Snort. The system integrates and links various public resources from the Internet, including key information such as general platforms, vulnerabilities, weaknesses, attack patterns, tactics, techniques, etc. in real cyberspace, enabling the provision of comprehensive, systematic and rich cyber security knowledge to security researchers and professionals, with the expectation to provide a useful reference for cyber security defense.

In order to identify potential weakness in communication and data in transit, a microgrid testbed is being developed at Boise State University. This testbed will be used to verify microgrid models and communication methods in an effort to increase the resiliency of these systems to cyber-attacks. If vulnerabilities are found in these communication methods, then risk mitigation techniques will be developed to address them.

Peer code review has been found to be effective in identifying security vulnerabilities. However, despite practicing mandatory code reviews, many Open Source Software (OSS) projects still encounter a large number of post-release security vulnerabilities, as some security defects escape those. Therefore, a project manager may wonder if there was any weakness or inconsistency during a code review that missed a security vulnerability. Answers to this question may help a manager pinpointing areas of concern and taking measures to improve the effectiveness of his/her project's code reviews in identifying security defects. Therefore, this study aims to identify the factors that differentiate code reviews that successfully identified security defects from those that missed such defects. With this goal, we conduct a case-control study of Chromium OS project. Using multi-stage semi-automated approaches, we build a dataset of 516 code reviews that successfully identified security defects and 374 code reviews where security defects escaped. The results of our empirical study suggest that the are significant differences between the categories of security defects that are identified and that are missed during code reviews. A logistic regression model fitted on our dataset achieved an AUC score of 0.91 and has identified nine code review attributes that influence identifications of security defects. While time to complete a review, the number of mutual reviews between two developers, and if the review is for a bug fix have positive impacts on vulnerability identification, opposite effects are observed from the number of directories under review, the number of total reviews by a developer, and the total number of prior commits for the file under review.

Software vulnerabilities have become a major problem for the security analysts, since the number of new vulnerabilities is constantly growing. Thus, there was a need for a categorization system, in order to group and handle these vulnerabilities in a more efficient way. Hence, the MITRE corporation introduced the Common Weakness Enumeration that is a list of the most common software and hardware vulnerabilities. However, the manual task of understanding and analyzing new vulnerabilities by security experts, is a very slow and exhausting process. For this reason, a new automated classification methodology is introduced in this paper, based on the vulnerability textual descriptions from National Vulnerability Database. The proposed methodology, combines textual analysis and tree-based machine learning techniques in order to classify vulnerabilities automatically. The results of the experiments showed that the proposed methodology performed pretty well achieving an overall accuracy close to 80%.

Security databases such as Common Vulnerabilities and Exposures (CVE), Common Weakness Enumeration (CWE), and Common Attack Pattern Enumeration and Classification (CAPEC) maintain diverse high-quality security concepts, which are treated as security entities. Meanwhile, security entities are documented with many potential relation types that profit for security analysis and comprehension across these three popular databases. To support reasoning security entity relationships, translation-based knowledge graph representation learning treats each triple independently for the entity prediction. However, it neglects the important semantic information about the neighbor entities around the triples. To address it, we propose a text-enhanced graph attention network model (text-enhanced GAT). This model highlights the importance of the knowledge in the 2-hop neighbors surrounding a triple, under the observation of the diversity of each entity. Thus, we can capture more structural and textual information from the knowledge graph about the security databases. Extensive experiments are designed to evaluate the effectiveness of our proposed model on the prediction of security entity relationships. Moreover, the experimental results outperform the state-of-the-art by Mean Reciprocal Rank (MRR) 0.132 for detecting the missing relationships.

Federated learning (FL) has nourished a promising scheme to solve the data silo, which enables multiple clients to construct a joint model without centralizing data. The critical concerns for flourishing FL applications are that build a security and privacy-preserving learning environment. It is thus highly necessary to comprehensively identify and classify potential threats to utilize FL under security guarantees. This paper starts from the perspective of launched attacks with different computing participants to construct the unique threats classification, highlighting the significant attacks, e.g., poisoning attacks, inference attacks, and generative adversarial networks (GAN) attacks. Our study shows that existing FL protocols do not always provide sufficient security, containing various attacks from both clients and servers. GAN attacks lead to larger significant threats among the kinds of threats given the invisible of the attack process. Moreover, we summarize a detailed review of several defense mechanisms and approaches to resist privacy risks and security breaches. Then advantages and weaknesses are generalized, respectively. Finally, we conclude the paper to prospect the challenges and some potential research directions.

Security of data and information in servers connected to networks that provide services to user computers, is the most important thing to maintain data privacy and security in network security management mechanisms. Weaknesses in the server security system can be exploited by intruders to disrupt the security of the server. One way to maintain server security is to implement an intrusion detection system using the Intrusion Detection System. This research is experimenting to create a security system prototype, monitoring, and evaluating server security systems using Snort and alert notifications that can improve security monitoring for server security. The system can detect intrusion attacks and provide warning messages and attack information through the Intrusion Detection System monitoring system. The results show that snort and alert notifications on the security server can work well, efficiently, and can be handled quickly. Testing attacks with Secure Shell Protocol and File Transfer Protocol Brute Force, Ping of Death and scanning port attacks requires a detection time of no more than one second, and all detection test results are detected and send real-time notification alerts to the Administrator.

Network security policies provide high-level directives regarding acceptable and unacceptable use of the network. Organizations specify these high-level directives in policy documents written using human-readable natural language. The challenge is to convert these natural language policies to the network configurations/specifications needed to enforce the policy. Network administrators, who are responsible for enforcing the policies, typically translate the policies manually, which is a challenging and error-prone process. As a result, network operators (as well as the policy authors) often want to verify that network policies are being correctly enforced. In this paper, we propose Network Policy Conversation Engine (NPCE), a system designed to help network operators (or policy writers) interact with the network using natural language (similar to the language used in the network policy statements themselves) to understand whether policies are being correctly enforced. The system leverages emerging big data collection and analysis techniques to record flow and packet level activity throughout the network that can be used to answer users policy questions. The system also takes advantage of recent advances in Natural Language Processing (NLP) to translate natural language policy questions into the corresponding network queries. To evaluate our system, we demonstrate a wide range of policy questions – inspired by actual networks policies posted on university websites – that can be asked of the system to determine if a policy violation has occurred.

Companies like Netflix increasingly use the cloud to deploy their business processes. Those processes often involve partnerships with other companies, and can be modeled as workflows where the owner of the data at risk interacts with contractors to realize a sequence of tasks on the data to be secured.In practice, access control is an essential building block to deploy these secured workflows. This component is generally managed by administrators using high-level policies meant to represent the requirements and restrictions put on the workflow. Handling access control with a high-level scheme comes with the benefit of separating the problem of specification, i.e. defining the desired behavior of the system, from the problem of implementation, i.e. enforcing this desired behavior. However, translating such high-level policies into a deployed implementation can be error-prone.Even though semi-automatic and automatic tools have been proposed to assist this translation, policy verification remains highly challenging in practice. In this paper, our aim is to define and propose structures assisting the checking and correction of potential errors introduced on the ground due to a faulty translation or corrupted deployments. In particular, we investigate structures with formal foundations able to naturally model policies. Metagraphs, a generalized graph theoretic structure, fulfill those requirements: their usage enables to compare high-level policies to their implementation. In practice, we consider Rego, a language used by companies like Netflix and Plex for their release process, as a valuable representative of most common policy languages. We propose a suite of tools transforming and checking policies as metagraphs, and use them in a global framework to show how policy verification can be achieved with such structures. Finally, we evaluate the performance of our verification method.

Being compliant with the GDPR (and data protection regulations in general) is a difficult task, that calls for manifold, computer-based automated support. In this context, several use cases related to the management and the enforcement of privacy policies and consent call for a machine-understandable policy language, equipped with reliable algorithms for compliance checking and explanations. In this paper, we outline a set of requirements for such languages and algorithms, and address such requirements with a framework based on a profile of OWL2 and a set of policy serializations based on popular formats such as ODRL and JSON. Such ``external'' policy syntax is translated into the ``internal'' OWL2 syntax, thereby enabling semantic compliance checking and explanations using specialized OWL2 reasoners. We provide a precise definition of both the OWL2 profile and the external policy language based on JSON.

Nowadays security of shared resources and big data is an important and critical issue. With the growth of information technology and social networks, data and resources are shared in the distributed environment such as cloud and fog computing. Various access control models protect the shared resources from unauthorized users or malicious intruders. Despite the attribute-based access control model that meets the complex security requirement of todays' new computing technologies, considerable anomalies and conflicts in ABAC policies affect the efficiency of the security system. One important and toughest task is policy validation thus to detect and eliminate anomalies and conflicts in policies. Though the previous researches identified anomalies, failed to detect and analyze all considerable anomalies that results vulnerable to hacks and attacks. The primary objective of this paper is to study and analyze the possible anomalies and conflicts in ABAC security policies. We have discussed and analyzed considerable conflicts in policies based on previous researches. This paper can provide a detailed review of anomalies and conflicts in security policies.

In this research a secured framework is developed to support effective digital service delivery for government to stakeholders. It is developed to provide secured network to the remote area of Bangladesh. The proposed framework has been tested through the rough simulation of the network infrastructure. Each and every part of the digital service network has been analyzed in the basis of security purpose. Through the simulation the security issues are identified and proposed a security policy framework for effective service. Basing on the findings the issues are included and the framework has designed as the solution of security issues. A complete security policy framework has prepared on the basis of the network topology. As the output the stakeholders will get a better and effective data service. This model is better than the other expected network infrastructure. Till now in Bangladesh none of the network infrastructure are security policy based. This is needed to provide the secured network to remote area from government.

Employees' compliance with information security policies (ISP) which may minimize the information security threats has always been a major concern for organizations. Numerous research and theoretical models had been investigated in the related field of study to identify factors that influence ISP compliance behavior. The study presented in this paper is the first to apply the Theory of Interpersonal Behavior (TIB) for predicting ISP compliance, despite a few studies suggested its strong explanatory power. Taking on the prior results of the literature review, we adopt the TIB and aim to further the theoretical advancement in this field of study. Besides, previous studies had only focused on individuals as well as organizations in which the role of government, from the aspect of its effectiveness in enforcing data protection regulation, so far has not been tested on its influence on individuals' intention to comply with ISP. Hence, we propose an exploratory study to integrate government effectiveness with TIB to explain ISP compliance in a Malaysian context. Our results show a significant influence of government effectiveness in ISP compliance, and the TIB is a promising model as well as posing strong explanatory power in predicting ISP compliance.

Renewed focus on spacecraft networking by government and private industry promises to establish interoperable communications infrastructures and enable distributed computing in multi-nodal systems. Planned near-Earth and cislunar missions by NASA and others evidence the start of building this networking vision. Working with space agencies, academia, and industry, NASA has developed a suite of communications protocols and algorithms collectively referred to as Delay-Tolerant Networking (DTN) to support an interoperable space network. Included in the DTN protocol suite is a security protocol - the Bundle Protocol Security Protocol - which provides the kind of delay-tolerant, transport-layer security needed for cislunar and deep-space trusted networking. We present an analysis of the lifecycle of security operations inherent in a space network with a focus on the DTN-enabled space networking paradigm. This analysis defines three security-related roles for spacecraft (Security Sources, verifiers, and acceptors) and associates a series of critical processing events with each of these roles. We then define the set of required and optional actions associated with these security events. Finally, we present a series of best practices associated with policy configurations that are unique to the space-network security problem. Framing space network security policy as a mapping of security actions to security events provides the details necessary for making trusted networks semantically interoperable. Finally, this method is flexible enough to allow for customization even while providing a unifying core set of mandatory security actions.

Firewall is the first defense line for network security. Packet filtering is a basic function in firewall, which filter network packets according to a series of rules called firewall policy. The design of firewall policy is invariably under the instruction of security policy, which is a generic guideline that lists the needs for network access permissions. The design of firewall policy should observe the regulations of security policy. However, even for IPv4 firewall policy, it is extremely difficult to keep the consistency between security policy and firewall policy. Some consistency decision methods of security policy and IPv4 firewall policy were proposed. However, the address space of IPv6 address is a very large, the existing consistency decision methods can not be directly used to deal with IPv6 firewall policy. To resolve the above problem, in this paper, we use a formal technique to decide the consistency between IPv6 firewall policy and security policy effectively and rapidly. We also developed a prototype model and evaluated the effectiveness of the proposed method.

The Interface to Network Security Functions (I2NSF) Working Group in Internet Engineering Task Force (IETF) provides data models of interfaces to easily configure Network Security Functions (NSF). The Working Group presents a high-level data model and a low-level data model for configuring the NSFs. The high-level data model is used for the users to manipulate the NSFs configuration easily without any security expertise. But the NSFs cannot be configured using the high-level data model as it needs a low-level data model to properly deploy their security operation. For that reason, the I2NSF Framework needs a security policy translator to translate the high-level data model into the corresponding low-level data model. This paper improves the previously proposed Security Policy Translator by adding an Automatic Data Model Mapper. The proposed mapper focuses on the mapping between the elements in the high-level data model and the elements in low-level data model to automate the translation without the need for a security administrator to create a mapping table.

Protection of an organization's assets and information technology infrastructure is always crucial to any business. Securing and protecting businesses from cybersecurity threats became very challenging during the Covid-19 Pandemic. Organizations suddenly shifted towards remote work to maintain continuity and protecting against new cyber threats became a big concern for most business owners. This research looks into the following areas (i) outlining the shift from In-person to online work risks (ii) determine the cyber-attack type based on the list of 10 most prominent cybersecurity threats during the Covid-19 Pandemic (iii) and design a security policy to securing business continuity.

With the rapid development of Internet scale and technology, people pay more and more attention to network security. At present, the general method in the field of network security is to use NSS(Network Security Situation) to describe the security situation of the target network. Because NSSA (Network Security Situation Awareness) has not formed a unified optimal solution in architecture design and algorithm design, many ideas have been put forward continuously, and there is still a broad research space. In this paper, the improved LSTM(long short-term memory) neural network is used to analyze and process NSS data, and effectively utilize the attack logic contained in sequence data. Build NSSF (Network Security Situation Forecast) framework based on NAWL-ILSTM. The framework is to directly output the quantified NSS change curve after processing the input original security situation data. Modular design and dual discrimination engine reduce the complexity of implementation and improve the stability. Simulation results show that the prediction model not only improves the convergence speed of the prediction model, but also greatly reduces the prediction error of the model.

Anomalous users detection in social network is an imperative task for security problems. Motivated by the great power of Graph Neural Networks(GNNs), many current researches adopt GNN-based detectors to reveal the anomalous users. However, the increasing scale of social activities, explosive growth of users and manifold technical disguise render the user detection a difficult task. In this paper, we propose an innovate Relevance-aware Anomalous Users Detection model (RAU-GNN) to obtain a fine-grained detection result. RAU-GNN first extracts multiple relations of all types of users in social network, including both benign and anomalous users, and accordingly constructs the multiple user relation graph. Secondly, we employ relevance-aware GNN framework to learn the hidden features of users, and discriminate the anomalous users after discriminating. Concretely, by integrating Graph Convolution Network(GCN) and Graph Attention Network(GAT), we design a GCN-based relation fusion layer to aggregate initial information from different relations, and a GAT-based embedding layer to obtain the high-level embeddings. Lastly, we feed the learned representations to the following GNN layer in order to consolidate the node embedding by aggregating the final users' embeddings. We conduct extensive experiment on real-world datasets. The experimental results show that our approach can achieve high accuracy for anomalous users detection.

Verification code recognition system based on convolutional neural network. In order to strengthen the network security defense work, this paper proposes a novel verification code recognition system based on convolutional neural network. The system combines Internet technology and big data technology, combined with advanced captcha technology, can prevent hackers from brute force cracking behavior to a certain extent. In addition, the system combines convolutional neural network, which makes the verification code combine numbers and letters, which improves the complexity of the verification code and the security of the user account. Based on this, the system uses threshold segmentation method and projection positioning method to construct an 8-layer convolutional neural network model, which enhances the security of the verification code input link. The research results show that the system can enhance the complexity of captcha, improve the recognition rate of captcha, and improve the security of user accounting.

The purpose of the study is to improve the security of the network, and make the state of network security predicted in advance. First, the theory of neural networks is studied, and its shortcomings are analyzed by the standard Elman neural network. Second, the layers of the feedback nodes of the Elman neural network are improved according to the problems that need to be solved. Then, a network security perception system based on GA-Elman (Genetic Algorithm-Elman) neural network is proposed to train the network by global search method. Finally, the perception ability is compared and analyzed through the model. The results show that the model can accurately predict network security based on the experimental charts and corresponding evaluation indexes. The comparative experiments show that the GA-Elman neural network security perception system has a better prediction ability. Therefore, the model proposed can be used to predict the state of network security and provide early warnings for network security administrators.

This work seeks to advance the state of the art in HPC I/O performance analysis and interpretation. In particular, we demonstrate effective techniques to: (1) model output performance in the presence of I/O interference from production loads; (2) build features from write patterns and key parameters of the system architecture and configurations; (3) employ suitable machine learning algorithms to improve model accuracy. We train models with five popular regression algorithms and conduct experiments on two distinct production HPC platforms. We find that the lasso and random forest models predict output performance with high accuracy on both of the target systems. We also explore use of the models to guide adaptation in I/O middleware systems, and show potential for improvements of at least 15% from model-guided adaptation on 70% of samples, and improvements up to 10 x on some samples for both of the target systems.

The number of devices in the Internet of Things (IoT) immensely grew in recent years. A frequent challenge in the assurance of the dependability of IoT systems is that components of the system appear as a black box. This paper presents a semi-automatic testing methodology for black-box systems that combines automata learning and fuzz testing. Our testing technique uses stateful fuzzing based on a model that is automatically inferred by automata learning. Applying this technique, we can simultaneously test multiple implementations for unexpected behavior and possible security vulnerabilities.We show the effectiveness of our learning-based fuzzing technique in a case study on the MQTT protocol. MQTT is a widely used publish/subscribe protocol in the IoT. Our case study reveals several inconsistencies between five different MQTT brokers. The found inconsistencies expose possible security vulnerabilities and violations of the MQTT specification.

Phishing URLs mainly target individuals and/or organizations through social engineering attacks by exploiting the humans' weaknesses in information security awareness. These URLs lure online users to access fake websites, and harvest their confidential information, such as debit/credit card numbers and other sensitive information. In this work, we introduce a phishing detection technique based on URL lexical analysis and machine learning classifiers. The experiments were carried out on a dataset that originally contained 1056937 labeled URLs (phishing and legitimate). This dataset was processed to generate 22 different features that were reduced further to a smaller set using different features reduction techniques. Random Forest, Gradient Boosting, Neural Network and Support Vector Machine (SVM) classifiers were all evaluated, and results show the superiority of SVMs, which achieved the highest accuracy in detecting the analyzed URLs with a rate of 99.89%. Our approach can be incorporated within add-on/middleware features in Internet browsers for alerting online users whenever they try to access a phishing website using only its URL.

With the development of communication technology, the disadvantages of traditional notification methods such as low efficiency gradually appear. With the introduction of WAP with WTLS security and its development and maintenance, more and more notification systems are using this technology. Through the analysis, design and implementation of notification system for large user groups, this paper studies how to collect and notify data without affecting the business system, and proposes a scheme of real-time data acquisition and filtering based on trigger. The middleware and application server implementation transaction management and database operation to separate CICS middleware technology based on research using UNIXC, Socket programming, SQL statements, SYBASE database technology, from the system requirements, business process, function structure, database and data structure, the input and output of the system, system testing the aspects such as design of practical significance to intelligent notification system for large user groups. Finally, the paper describes the test effect of the system in detail. 10 users send 1, 5, 10 and 20 strokes at the same time, and the completion time is 0.28, 1.09, 1.58 and 2.20 seconds, which proves that the system has practical significance.