Biblio

Today's global network is filled with attackers both live and automated seeking to identify and compromise vulnerable devices, with initial scanning and attack activity occurring within minutes or even seconds of being connected to the Internet. To better understand these events, honeypots can be deployed to monitor and log activity by simulating actual Internet facing services such as SSH, Telnet, HTTP, or FTP, and malicious activity can be logged as attempts are made to compromise them. In this study six multi-service honeypots are deployed in locations around the globe to collect and catalog traffic over a period of several months between March and December, 2020. Analysis is performed on various characteristics including source and destination IP addresses and port numbers, usernames and passwords utilized, commands executed, and types of files downloaded. In addition, Cowrie log data is restructured to observe individual attacker sessions, study command sequences, and monitor tunneling activity. This data is then correlated across honeypots to compare attack and traffic patterns with the goal of learning more about the tactics being employed. By gathering data gathered from geographically separate zones over a long period of time a greater understanding can be developed regarding attacker intent and methodology, can aid in the development of effective approaches to identifying malicious behavior and attack sources, and can serve as a cyber-threat intelligence feed.

The extensive utilization of network by smart devices, computers and servers makes it vulnerable to malicious activities where intruders and attackers tends to violate system security policies and authenticity to slither essential information. Honeypots are designed to create a virtual trap against hackers. The trap is to attract intruders and gather information about attackers and attack features. Honeypots mimics as a computer application, billing systems, webpages and client server-based applications to understand attackers behavior by gathering attack features and common foot prints used by hackers to forge information. In this papers, authors analyse amazon web services honeypot (AWSH) data to determine geo-spatial distribution of targeted attacks originated from different locations. The categorization of attacks is made on the basis of internet protocols and frequency of attack occurrences worldwide.

The npm ecosystem has the largest number of third-party packages for making node.js-based web apps. Due to its free and open nature, it can raise diversity of security concerns. Adversaries can take advantage of existing software APIs included in node.js web apps for achieving their own malicious targets. More specifically, attackers may inject malicious data into its client requests and then submit them to a victim node.js server. It then may manipulate program states to reuse sensitive APIs as gadgets required in the node.js web app executed on the victim server. Once such sensitive APIs can be successfully accessed, it may indirectly raise security threats such as code injection attacks, software-layer DoS attacks, private data leaks, etc. For example, when the sensitive APIs are implemented as pattern matching operations and are called with hard-to-match input string submitted by clients, it may launch application-level DoS attacks.In this paper, we would like to introduce software reuse exploits through reusing packages available in node.js web apps for posing security threats to servers. In addition, we propose an approach based on data flow analysis to detect vulnerable npm packages that can be exposed to such exploits. To evaluate its effectiveness, we collected a dataset of 15,000 modules from the ecosystem to conduct the experiments. As a result, it discovered out 192 vulnerable packages. By manual analysis, we identified 156 true positives of 192 that can be exposed to code reuse exploits for remotely causing software-layer DoS attacks with 128 modules of 156, for code injection with 18 modules, and for private data leaks including 10 vulnerable ones.

Static information flow analysis (IFA) and dynamic information flow tracking (DIFT) have been widely employed in offline security analysis of computer programs. As security attacks become more sophisticated, there is a rising need for IFA and DIFT in production environment. However, existing systems usually deal with IFA and DIFT separately, and most DIFT systems incur significant performance overhead. We propose MIT to facilitate IFA and DIFT in online production environment. MIT offers mixed-mode information flow tracking at byte-granularity and incurs moderate runtime performance overhead. The core techniques consist of the extraction of taint semantics intermediate representation (TSIR) at compile-time and the decoupled execution of TSIR for information flow analysis. We conducted an extensive performance overhead evaluation on MIT to confirm its applicability in production environment. We also outline potential applications of MIT, including the implementation of data provenance checking and information flow based anomaly detection in real-world applications.

Edge computing promises higher bandwidth and lower latency to end-users. However, edge servers usually have limited computing resources and are geographically distributed over the edge. This imposes new challenges for efficient system monitoring and control of edge servers.In this paper, we propose EdgeVMI, a framework to monitor and control services running on edge servers with lightweight virtual machine introspection(VMI). The key of our technique is to run the monitor in a lightweight virtual machine which can leverage hardware events for monitoring memory read and writes. In addition, the small binary size and memory footprints of the monitor could reduce the start/stop time of service, the runtime overhead, as well as the deployment efforts.Inspired by unikernels, we build our monitor with only the necessary system modules, libraries, and functionalities of a specific monitor task. To reduce the security risk of the monitoring behavior, we separate the monitor into two isolated modules: one acts as a sensor to collect security information and another acts as an actuator to conduct control commands. Our evaluation shows the effectiveness and the efficiency of the monitoring system, with an average performance overhead of 2.7%.

How to analyze users' data without compromising individual privacy is an important issue in cloud computing. In order to protect privacy and enable the cloud to perform computing, users can apply homomorphic encryption schemes to their data. Most of existing homomorphic encryption-based cloud computing methods require that users' data are encrypted with the same key. While in practice, different users may prefer to use different keys. In this paper, we propose a privacy-preserving cloud computing method which adopts a double-trapdoor homomorphic encryption scheme to deal with the multi-key issue. The proposed method uses two cloud servers to analyze users' encrypted data. And we propose to use blockchain to monitor the information exchanged between the servers. Security analysis shows that the introduction of blockchain can help to prevent the two servers from colluding with each other, hence data privacy is further enhanced. And we conduct simulations to demonstrate the feasibility of the propose method.

Cloud based cyber physical system (CPS) enables individuals to store and share data collected from both cyberspace and the physical world. This leads to the proliferation of massive data at a user's local site. Since local storage systems can't store and maintain huge data, it is a wise and practical way to outsource such huge data to the cloud. Cloud storage provides scalable storage space to manage data economically and flexibly. However, the integrity of outsourced data is a critical challenge because user's lose control of their data once it's transferred to cloud servers. Several auditing schemes have been put forward based on public key infrastructure (PKI) or identity-based cryptography to verify data integrity. However, “the PKI-based schemes suffer from certificate management problem and identity-based schemes face the key escrow” problem. Therefore, to address these problems, certificateless public auditing schemes have been introduced on the basis of bilinear pairing, which incur high computation overhead, and thus it is not suitable for CPS. To reduce the computation overhead, in this paper, Using elliptic curve cryptography, we propose an efficient pairing-free certificateless public auditing scheme for cloud-based CPS. The proposed scheme is more secure against type I/II/III adversaries and efficient compared to other certificateless based schemes.

In cyberspace, a digital signature is a mathematical technique that plays a significant role, especially in validating the authenticity of digital messages, emails, or documents. Furthermore, the digital signature mechanism allows the recipient to trust the authenticity of the received message that is coming from the said sender and that the message was not altered in transit. Moreover, a digital signature provides a solution to the problems of tampering and impersonation in digital communications. In a real-life example, it is equivalent to a handwritten signature or stamp seal, but it offers more security. This paper proposes a scheme to enable users to digitally sign their communications by validating their identity through users’ mobile devices. This is done by utilizing the user’s ambient Wi-Fi-enabled devices. Moreover, the proposed scheme depends on something that a user possesses (i.e., Wi-Fi-enabled devices), and something that is in the user’s environment (i.e., ambient Wi-Fi access points) where the validation process is implemented, in a way that requires no effort from users and removes the "weak link" from the validation process. The proposed scheme was experimentally examined.

With the rapid development of 5G, the Internet of Things (IoT) and edge computing technologies dramatically improve smart industries' efficiency, such as healthcare, smart agriculture, and smart city. IoT is a data-driven system in which many smart devices generate and collect a massive amount of user privacy data, which may be used to improve users' efficiency. However, these data tend to leak personal privacy when people send it to the Internet. Differential privacy (DP) provides a method for measuring privacy protection and a more flexible privacy protection algorithm. In this paper, we study an estimation problem and propose a new frequency estimation algorithm named MFEA that redesigns the publish process. The algorithm maps a finite data set to an integer range through a hash function, then initializes the data vector according to the mapped value and adds noise through the randomized response. The frequency of all interference data is estimated with maximum likelihood. Compared with the current traditional frequency estimation, our approach achieves better algorithm complexity and error control while satisfying differential privacy protection (LDP).

The privacy leakage resulting from location-based service (LBS) has become a critical issue. To preserve user privacy, many previous studies have investigated to prevent LBS servers from user privacy theft. However, they only consider whether the peers are innocent or malicious but ignore the relationship between the peers, whereas such a relationship between each pairwise of users affects the privacy leakage tremendously. For instance, a user has less concern of privacy leakage from a social friend than a stranger. In this paper, we study cyber-physical-social (CPS) aware method to address the privacy preserving in the case that not only LBS servers but also every other participant in the network has the probability to be malicious. Furthermore, by exploring the physical coupling and social ties among users, we construct CPS-aware privacy utility maximization (CPUM) game. We then study the potential Nash equilibrium of the game and show the existence of Nash equilibrium of CPUM game. Finally, we design a CPS-aware algorithm to find the Nash equilibrium for the maximization of privacy utility. Extensive evaluation results show that the proposed approach reduces privacy leakage by 50% in the case that malicious servers and users exist in the network.

With the processes of collecting, analyzing, and transmitting the data in the Internet of Things (IoT), the Internet of Medical Things (IoMT) comprises the medical equipment and applications connected to the healthcare system and offers an entity with real time, remote measurement, and analysis of healthcare data. However, the IoMT ecosystem deals with some great challenges in terms of security, such as privacy leaking, eavesdropping, unauthorized access, delayed detection of life-threatening episodes, and so forth. All these negative effects seriously impede the implementation of the IoMT ecosystem. To overcome these obstacles, this article presents an efficient, outsourced online/offline revocable ciphertext policy attribute-based encryption scheme with the aid of cloud servers and blockchains in the IoMT ecosystem. Our proposal achieves the characteristics of fine-grained access control, fast encryption, outsourced decryption, user revocation, and ciphertext verification. It is noteworthy that based on the chameleon hash function, we construct the private key of the data user with collision resistance, semantically secure, and key-exposure free to achieve revocation. To the best of our knowledge, this is the first protocol for a revocation mechanism by means of the chameleon hash function. Through formal analysis, it is proven to be secure in a selectively replayable chosen-ciphertext attack (RCCA) game. Finally, this scheme is implemented with the Java pairing-based cryptography library, and the simulation results demonstrate that it enables high efficiency and practicality, as well as strong reliability for the IoMT ecosystem.

As the public cloud becomes one of the leading ways in data sharing nowadays, data confidentiality and user privacy are increasingly critical. Partially policy-hidden ciphertext policy attribute-based encryption (CP-ABE) can effectively protect data confidentiality while reducing privacy leakage by hiding part of the access structure. However, it cannot satisfy the need of data sharing in the public cloud with complex users and large amounts of data, both in terms of less expressive access structures and limited granularity of policy hiding. Moreover, the verification of access right to shared data and correctness of decryption are ignored or conducted by an untrusted third party, and the prime-order groups are seldom considered in the expressive policy-hidden schemes. This paper proposes a fully policy-hidden CP-ABE scheme constructed on LSSS access structure and prime-order groups for public cloud data sharing. To help users decrypt, HVE with a ``convert step'' is applied, which is more compatible with CP-ABE. Meanwhile, decentralized credible verification of access right to shared data and correctness of decryption based on blockchain are also provided. We prove the security of our scheme rigorously and compare the scheme with others comprehensively. The results show that our scheme performs better.

Recently, with the development of the cloud environment, users can store their data or share it with other users. However, various security threats can occur in data sharing systems in the cloud environment. To solve this, data sharing systems and access control methods using the CP-ABE method are being studied, but the following problems may occur. First, in an outsourcing server that supports computation, it is not possible to prove that the computed result is a properly computed result when performing the partial decryption process of the ciphertext. Therefore, the user needs to verify the message obtained by performing the decryption process, and verify that the data is uploaded by the data owner through verification. As another problem, because the data owner encrypts data with attribute-based encryption, the number of attributes included in the access structure increases. This increases the size of the ciphertext, which can waste space in cloud storage. Therefore, a ciphertext of a constant size must be output regardless of the number of attributes when generating the ciphertext. In this paper, we proposes a CP-ABE based data sharing system that provides signature-based verifiable outsourcing. It aims at a system that allows multiple users to share data safely and efficiently in a cloud environment by satisfying verifiable outsourcing and constant-sized ciphertext output among various security requirements required by CP-ABE.

Ciphertext Policy Attribute-Based Encryption (CPABE) has gained popularity in the research area among the many proposed security models for providing fine-grained access control of data. Lightweight ECC-based CP-ABE schemes can provide feasible selective sharing from resource-constrained devices. However, the existing schemes lack support for a complete revocation mechanism at the user and attribute levels. We propose a novel scheme called Ecc Proxy based Scalable Attribute Revocation (EPSAR-CP-ABE) scheme. It extends an existing ECC-based CP-ABE scheme for lightweight IoT and smart-card devices to implement scalable attribute revocation. The scheme does not require re-distribution of secret keys and re-encryption of ciphertext. It uses a proxy server to furnish a proxy component for decryption. The dependency of the proposed scheme is minimal on the proxy server compared to the other related schemes. The storage and computational overhead due to the attribute revocation feature are negligible. Hence, the proposed EPSAR-CP-ABE scheme can be deployed practically for resource-constrained devices.

The availability of FPGAs in cloud data centers offers rapid, on-demand access to hardware compute resources that users can configure to their own needs. However, the low-level access to the hardware FPGA and associated resources such as PCIe, SSD, or DRAM also opens up threats of malicious attackers uploading designs that are able to infer information about other users or about the cloud infrastructure itself. In particular, this work presents a new, fast PCIe-contention-based channel that is able to transmit data between different FPGA-accelerated virtual machines with bandwidths reaching 2 kbps with 97% accuracy. This paper further demonstrates that the PCIe receiver circuits are able to not just receive covert transmissions, but can also perform fine-grained monitoring of the PCIe bus or detect different types of activities from other users' FPGA-accelerated virtual machines based on their PCIe traffic signatures. Beyond leaking information across different virtual machines, the ability to monitor the PCIe bandwidth over hours or days can be used to estimate the data center utilization and map the behavior of the other users. The paper also introduces further novel threats in FPGA-accelerated instances, including contention due to shared NVMe SSDs as well as thermal monitoring to identify FPGA co-location using the DRAM modules attached to the FPGA boards. This is the first work to demonstrate that it is possible to break the separation of privilege in FPGA-accelerated cloud environments, and highlights that defenses for public clouds using FPGAs need to consider PCIe, SSD, and DRAM resources as part of the attack surface that should be protected.

With meteoric advancement in quantum computing, the traditional data integrity verifying schemes are no longer safe for cloud data storage. A large number of the current techniques are dependent on expensive Public Key Infrastructure (PKI). They cost computationally and communicationally heavy for verification which do not stand with the advantages when quantum computing techniques are applied. Hence, a quantum safe and efficient integrity verification protocol is a research hotspot. Lattice-based signature constructions involve matrix-matrix or matrix vector multiplications making computation competent, simple and resistant to quantum computer attacks. Study in this paper uses Bloom Filter which offers high efficiency in query and search operations. Further, we propose an Identity-Based Integrity Verification (IBIV) protocol for cloud storage from Lattice and Bloom filter. We focus on security against attacks from Cloud Service Provider (CSP), data privacy attacks against Third Party Auditor (TPA) and improvement in efficiency.

Antivirus software is considered to be the primary line of defense against malicious software in modern computing systems. The purpose of this paper is to expose exploitation that can evade Antivirus software that uses signature-based detection algorithms. In this paper, a novel approach was proposed to change the source code of a common Metasploit-Framework used to compile the reverse shell payload without altering its functionality but changing its signature. The proposed method introduced an additional stage to the shellcode program. Instead of the shellcode being generated and stored within the program, it was generated separately and stored on a remote server and then only accessed when the program is executed. This approach was able to reduce its detectability by the Antivirus software by 97% compared to a typical reverse shell program.

Security of data and information in servers connected to networks that provide services to user computers, is the most important thing to maintain data privacy and security in network security management mechanisms. Weaknesses in the server security system can be exploited by intruders to disrupt the security of the server. One way to maintain server security is to implement an intrusion detection system using the Intrusion Detection System. This research is experimenting to create a security system prototype, monitoring, and evaluating server security systems using Snort and alert notifications that can improve security monitoring for server security. The system can detect intrusion attacks and provide warning messages and attack information through the Intrusion Detection System monitoring system. The results show that snort and alert notifications on the security server can work well, efficiently, and can be handled quickly. Testing attacks with Secure Shell Protocol and File Transfer Protocol Brute Force, Ping of Death and scanning port attacks requires a detection time of no more than one second, and all detection test results are detected and send real-time notification alerts to the Administrator.

In this research a secured framework is developed to support effective digital service delivery for government to stakeholders. It is developed to provide secured network to the remote area of Bangladesh. The proposed framework has been tested through the rough simulation of the network infrastructure. Each and every part of the digital service network has been analyzed in the basis of security purpose. Through the simulation the security issues are identified and proposed a security policy framework for effective service. Basing on the findings the issues are included and the framework has designed as the solution of security issues. A complete security policy framework has prepared on the basis of the network topology. As the output the stakeholders will get a better and effective data service. This model is better than the other expected network infrastructure. Till now in Bangladesh none of the network infrastructure are security policy based. This is needed to provide the secured network to remote area from government.

Customer Relationship Management (CRM), Supply Chain Management (SCM), banking, and e-commerce are just a few of the internet-primarily based commercial enterprise programmes that make use of distributed computing generation. These programmes are the principal target of large-scale attacks known as DDoS attacks, which cause the denial of service (DoS) of resources to legitimate customers. Servers that provide dependable services to real consumers in distributed environments are vulnerable to such attacks, which send phoney requests that appear legitimate. Flash crowd, on the other hand, is a massive collection of traffic generated by flash events that imitate Distributed Denial of Service assaults. Detecting and distinguishing between Distributed Denial of Service assaults and flash crowds is a difficult problem to tackle, as is preventing DDoS attacks. Existing solutions are generally intended for DDoS attacks or flash crowds, and more research is required to have a thorough understanding. This study presents a technique for distinguishing between different types of Distributed Denial of Service attacks and Flash Crowds. This research work has suggested an approach to prevent DDOS attacks in addition to detecting and discriminating. The performance of the suggested technique is validated using NS-2 simulations.

Distributed Denial of service attack(DDoS)is a network security attack and now the attackers intruded into almost every technology such as cloud computing, IoT, and edge computing to make themselves stronger. As per the behaviour of DDoS, all the available resources like memory, cpu or may be the entire network are consumed by the attacker in order to shutdown the victim`s machine or server. Though, the plenty of defensive mechanism are proposed, but they are not efficient as the attackers get themselves trained by the newly available automated attacking tools. Therefore, we proposed a classification based machine learning approach for detection of DDoS attack in cloud computing. With the help of three classification machine learning algorithms K Nearest Neighbor, Random Forest and Naive Bayes, the mechanism can detect a DDoS attack with the accuracy of 99.76%.

Distributed Denial of Service (DDoS) attacks became a true threat to network infrastructure. DDoS attacks are capable of inflicting major disruption to the information communication technology infrastructure. DDoS attacks aim to paralyze networks by overloading servers, network links, and network devices with illegitimate traffic. Therefore, it is important to detect and mitigate DDoS attacks to reduce the impact of DDoS attacks. In traditional networks, the hardware and software to detect and mitigate DDoS attacks are expensive and difficult to deploy. Software-Defined Network (SDN) is a new paradigm in network architecture by separating the control plane and data plane, thereby increasing scalability, flexibility, control, and network management. Therefore, SDN can dynamically change DDoS traffic forwarding rules and improve network security. In this study, a DDoS attack detection and mitigation system was built on the SDN architecture using the random forest machine-learning algorithm. The random forest algorithm will classify normal and attack packets based on flow entries. If packets are classified as a DDoS attack, it will be mitigated by adding flow rules to the switch. Based on tests that have been done, the detection system can detect DDoS attacks with an average accuracy of 98.38% and an average detection time of 36 ms. Then the mitigation system can mitigate DDoS attacks with an average mitigation time of 1179 ms and can reduce the average number of attack packets that enter the victim host by 15672 packets and can reduce the average number of CPU usage on the controller by 44,9%.

Scalability is one of the effective features of the Software Defined Network (SDN) that allows several devices to communicate with each other. In SDN scalable networks, the number of hosts keeps increasing as per networks need. This increment makes network administrators take a straightforward action to ensure these hosts' authenticity in the network. To address this issue, we proposed a technique to authenticate SDN hosts before permitting them to establish communication with the SDN controller. In this technique, we used the Kerberos authentication protocol to ensure the authenticity of the hosts. Kerberos verifies the hosts' credentials using a centralized server contains all hosts IDs and passwords. This technique eases the secure communication between the hosts and controller and allows the hosts to safely get network rules and policies. The proposed technique ensures the immunity of the network against network attacks.

Cloud computing is a modern computing mode based on network, which is widely participated by the public, and provides virtualized dynamic computing resources in the form of services. Cloud computing builds an effective communication platform with the help of computer internet, so that users can get the same computing resources even if they are in different areas. With its unique technical characteristics and advantages, cloud computing has been deployed to practical applications more and more, and the consequent security problems of cloud computing have become increasingly prominent. In addition to the original cloud computing environment, this paper proposes to build a secure cloud with cloud technology, deploy security agents in the business cloud, connect the business cloud, security cloud and security agents through SDN (software defined network) technology, and dynamically divide the business cloud into logically isolated business areas through security agents. Therefore, security is separated from the specific implementation technology and deployment scheme of business cloud, and an information security protection scheme under cloud computing environment is proposed according to the characteristics of various factors, so as to enhance the security of network information.

The growing adoption of IoT devices is creating a huge positive impact on human life. However, it is also making the network more vulnerable to security threats. One of the major threats is malicious traffic injection attack, where the hacked IoT devices overwhelm the application servers causing large-scale service disruption. To address such attacks, we propose a Software Defined Networking based predictive alarm manager solution for malicious traffic detection and mitigation at the IoT Gateway. Our experimental results with the proposed solution confirms the detection of malicious flows with nearly 95% precision on average and at its best with around 99% precision.