Biblio

Insider threats result from legitimate users abusing their privileges, causing tremendous damage or losses. Malicious insiders can be the main threats to an organization. This paper presents an anomaly detection system for detecting insider threat activities in an organization using an ensemble that consists of negative selection algorithms (NSA). The proposed system classifies a selected user activity into either of two classes: "normal" or "malicious." The effectiveness of our proposed detection system is evaluated using case studies from the computer emergency response team (CERT) synthetic insider threat dataset. Our results show that the proposed method is very effective in detecting insider threats.

In practical wireless communication systems, the channel conditions of legitimate users can not always be better than those of eavesdroppers. This realistic fact brings the challenge for the design of secure transmission over wiretap channels which requires that the eavesdropping channel conditions should be worse than legitimate channels. In this paper, we present a robust chaos-based information masking polar coding scheme for enhancing reliability and security performances under realistic channel conditions for practical systems. In our design, we mask the original information, wherein the masking matrix is determined by chaotic sequences. Then the masked information is encoded by the secure polar coding scheme. After the channel polarization achieved by the polar coding, we could identify the bit-channels providing good transmission conditions for legitimate users and the bit-channels with bad conditions for eavesdroppers. Simulations are performed over the additive white Gaussian noise (AWGN) and slow flat-fading Rayleigh channels. The results demonstrate that compared with existing schemes, the proposed scheme can achieve better reliability and security even when the eavesdroppers have better channel conditions than legitimate users, hence the practicability is greatly enhanced.

With the rapid development of micro-electronics and Information and Communication Technology (ICT), users can utilize various service such as Internet of Things(IoT), smart-healthcare and smart-home using wearable devices. However, the sensitive information of user are revealed by attackers because the medical services are provided through open channel. Therefore, secure mutual authentication and key establishment are essential to provide secure services for legitimate users in Wireless Body Area Networks(WBAN). In 2019, Gupta et al. proposed a lightweight anonymous user authentication and key establishment scheme for wearable devices. We demonstrate that their scheme cannot withstand user impersonation, session key disclosure and wearable device stolen attacks. We also propose a secure and lightweight mutual authentication and key establishment scheme using wearable devices to resolve the security shortcomings of Gupta et al.'s scheme. The proposed scheme can be suitable to resource-limited environments.

In this paper, we propose a frozen bit selection scheme for polar coding scheme combined with physical layer security that enhances the security of two legitimate users on a wiretap channel. By flipping certain frozen bits, the bit-error rate (BER) of an eavesdropper is maximized while the BER of the legitimate receiver is unaffected. An ARQ protocol is proposed that only feeds back a small proportion of the frozen bits to the transmitter, which increases the secrecy rate. The scheme is evaluated on a wiretap channel affected by impulsive noise and we consider cases where the eavesdropper's channel is actually more impulsive than the main channel. Simulation results show that the proposed scheme ensures the eavesdropper's BER is high even when only one frozen bit is flipped and this is achieved even when their channel is more impulsive than the main channel.

Information Centric Networking (ICN) changed the communication model from host-based to content-based to cope with the high volume of traffic due to the rapidly increasing number of users, data objects, devices, and applications. ICN communication model requires new security solutions that will be integrated with ICN architectures. In this paper, we present a security framework to manage ICN traffic by detecting, preventing, and responding to ICN attacks. The framework consists of three components: availability, access control, and privacy. The availability component ensures that contents are available for legitimate users. The access control component allows only legitimate users to get restrictedaccess contents. The privacy component prevents attackers from knowing content popularities or user requests. We also show our specific solutions as examples of the framework components.

Next generation 5G wireless networks pose several important security challenges. One fundamental challenge is key management between the two communicating parties. The goal is to establish a common secret key through an unsecured wireless medium. In this paper, we introduce a new physical layer paradigm for secure key exchange between the legitimate communication parties in the presence of a passive eavesdropper. The proposed method ensures secrecy via pre-equalization and guarantees reliable communications by the use of Low Density Parity Check (LDPC) codes. One of the main findings of this paper is to demonstrate through simulations that the diversity order of the eavesdropper will be zero unless the main and eavesdropping channels are almost correlated, while the probability of key mismatch between the legitimate transmitter and receiver will be low. Simulation results demonstrate that the proposed approach achieves very low secret key mismatch between the legitimate users, while ensuring very high error probability at the eavesdropper.

Distributed Denial of Service (DDoS) attack is a congestion-based attack that makes both the network and host-based resources unavailable for legitimate users, sending flooding attack packets to the victim's resources. The non-existence of predefined rules to correctly identify the genuine network flow made the task of DDoS attack detection very difficult. In this paper, a combination of unsupervised data mining techniques as intrusion detection system are introduced. The entropy concept in term of windowing the incoming packets is applied with data mining technique using Clustering Using Representative (CURE) as cluster analysis to detect the DDoS attack in network flow. The data is mainly collected from DARPA2000, CAIDA2007 and CAIDA2008 datasets. The proposed approach has been evaluated and compared with several existing approaches in terms of accuracy, false alarm rate, detection rate, F. measure and Phi coefficient. Results indicates the superiority of the proposed approach with four out five detected phases, more than 99% accuracy rate 96.29% detection rate, around 0% false alarm rate 97.98% F-measure, and 97.98% Phi coefficient.

Twitter is one of the most popular microblogging social systems, which provides a set of distinctive posting services operating in real time. The flexibility of these services has attracted unethical individuals, so-called "spammers", aiming at spreading malicious, phishing, and misleading information. Unfortunately, the existence of spam results non-ignorable problems related to search and user's privacy. In the battle of fighting spam, various detection methods have been designed, which work by automating the detection process using the "features" concept combined with machine learning methods. However, the existing features are not effective enough to adapt spammers' tactics due to the ease of manipulation in the features. Also, the graph features are not suitable for Twitter based applications, though the high performance obtainable when applying such features. In this paper, beyond the simple statistical features such as number of hashtags and number of URLs, we examine the time property through advancing the design of some features used in the literature, and proposing new time based features. The new design of features is divided between robust advanced statistical features incorporating explicitly the time attribute, and behavioral features identifying any posting behavior pattern. The experimental results show that the new form of features is able to classify correctly the majority of spammers with an accuracy higher than 93% when using Random Forest learning algorithm, applied on a collected and annotated data-set. The results obtained outperform the accuracy of the state of the art features by about 6%, proving the significance of leveraging time in detecting spam accounts.