Biblio

We study quantum-secure covert-communication over lossy thermal-noise bosonic channels, the quantum mechanical model for many practical channels. We derive the expressions for the covert capacity of these channels: Lno-EA, when Alice and Bob share only a classical secret, and LEA, when they benefit from entanglement assistance. Entanglement assistance alters the fundamental scaling law for covert communication. Instead of Lno-EA$\surd$n-rno-EA(n), rno-EA(n) = o($\surd$n), entanglement assistance allows LEA$\surd$n log n - rEA(n), rEA(n) = o($\surd$n log n), covert bits to be transmitted reliably over n channel uses. However, noise in entanglement storage erases the log n gain from our achievability; work on the matching converse is ongoing.

We study a problem of covert communication over binary symmetric channels (BSC) in an asynchronous setup. Here, Alice seeks to communicate to Bob over a BSC while trying to be covert with respect to Willie, who observes any communication through possibly a different BSC. When Alice communicates, she transmits a message (using a codeword of length n) at a random time uniformly distributed in a window of size Aw slots. We assume that Bob has side information about the time of transmission leading to a reduced uncertainty of Ab slots for Bob, where \$A\_b$\backslash$lt A\_w\$. In this setup, we seek to characterize the limits of covert communication as a function of the timing advantage. When Aw is increasing exponentially in n, we characterize the covert capacity as a function of Aw and Ab. When Aw is increasing sub-exponentially in n, we characterize lower and upper bounds on achievable covert bits and show that positive covert rates are not feasible irrespective of timing advantage. Using numerical work, we illustrate our results for different network scenarios, and also highlight a tradeoff between timing advantage and channel advantage (between Bob and Willie).

Cross-Site scripting (XSS) is a common class of vulnerabilities in the domain of web applications. As it re-mains prevalent despite continued efforts by practitioners and researchers, site operators often seek to protect their assets using web application firewalls (WAFs). These systems employ filtering mechanisms to intercept and reject requests that may be suitable to exploit XSS flaws and related vulnerabilities such as SQL injections. However, they generally do not offer complete protection and can often be bypassed using specifically crafted exploits. In this work, we evaluate the effectiveness of WAFs to detect XSS exploits. We develop an attack grammar and use a combinatorial testing approach to generate attack vectors. We compare our vectors with conventional counterparts and their ability to bypass different WAFs. Our results show that the vectors generated with combinatorial testing perform equal or better in almost all cases. They further confirm that most of the rule sets evaluated in this work can be bypassed by at least one of these crafted inputs.

Most famous malware defense tools depend on a large number of detect rules, which are time consuming to develop and require lots of professional experience. Meanwhile, even commercial tools may show high false-negative for some new coming malware, whose patterns were not curved in the prepared rules. This paper proposed the Normalized CNN based Malicious binary Detection method on condition of String, Feature mining (NCMDSF) to address the above problems. Firstly, amount of string feature was extracted from thousands of windows binary applications. Secondly, a 3-layer normalized CNN model, with normalization layer other than down sampling layer, was fit to detect malware. Finally, the proposed method NCMDSF was evaluated to discover malware from more than 1,000 windows binary applications by K-fold cross validation. Experimental results showed that, NCMDSF was superior to some other learning-based methods, including classical CNN, LSTM, normalized LSTM, and won higher true positive rate on the condition of same false positive rate. Furthermore, it successfully avoids over-fitting that occurs in deep learning methods without using normalization.

Sharding can significantly improve the blockchain scalability, by dividing nodes into small groups called shards that can handle transactions in parallel. However, all existing sharding systems adopt complete sharding, i.e., shards are isolated. It raises additional overhead to guarantee the atomicity and consistency of cross-shard transactions and seriously degrades the sharding performance. In this paper, we present Pyramid, the first layered sharding blockchain system, in which some shards can store the full records of multiple shards thus the cross-shard transactions can be processed and validated in these shards internally. When committing cross-shard transactions, to achieve consistency among the related shards, a layered sharding consensus based on the collaboration among several shards is presented. Compared with complete sharding in which each cross-shard transaction is split into multiple sub-transactions and cost multiple consensus rounds to commit, the layered sharding consensus can commit cross-shard transactions in one round. Furthermore, the security, scalability, and performance of layered sharding with different sharding structures are theoretically analyzed. Finally, we implement a prototype for Pyramid and its evaluation results illustrate that compared with the state-of-the-art complete sharding systems, Pyramid can improve the transaction throughput by 2.95 times in a system with 17 shards and 3500 nodes.

Radio-frequency (RF) sensing is a key technology for designing intelligent and secure wireless networks with high spectral efficiency and environment-aware adaptation capabilities. However, existing sensing techniques can extract only limited information from RF signals or assume that the RF signals are generated by certain known protocols. As a result, their applications are limited if proprietary protocols or encryption methods are adopted, or in environments subject to errors such as unintended interference. To address this challenge, we study protocol-agnostic cross-layer sensing to extract high-layer protocol information from raw RF samples without any a priori knowledge of the protocols. First, we present a framework for protocol-agnostic sensing for over-the-air (OTA) RF signals, by taking packet boundary recognition (PBR) as an example. The framework consists of three major components: OTA Signal Generator, Agnostic RF Sink, and Ground Truth Generator. Then, we develop a software-defined testbed using USRP SDRs, with eleven benchmark statistical algorithms implemented in the Agnostic RF Sink, including Kullback-Leibler divergence and cross-power spectral density, among others. Finally, we test the effectiveness of these statistical algorithms in PBR on OTA RF samples, considering a wide variety of transmission parameters, including modulation type, transmission distance, and packet length. It is found that none of these benchmark statistical algorithms can achieve consistently high PBR rate, and new algorithms are required particularly in next-generation low-latency wireless systems.

Wireless communication systems are inherently vulnerable to adversarial attacks since malevolent jammers might jam and disrupt the legitimate transmission intentionally. Of particular interest are so- called denial-of-service (DoS) attacks in which the jammer is able to completely disrupt the communication. Accordingly, it is of crucial interest for the legitimate users to detect such DoS attacks. Turing machines provide the fundamental limits of today's digital computers and therewith of the traditional signal processing. It has been shown that these are incapable of detecting DoS attacks. This stimulates the question of how powerful the signal processing must be to enable the detection of DoS attacks. This paper investigates the general computation framework of Blum-Shub-Smale machines which allows the processing and storage of arbitrary reals. It is shown that such real number signal processing then enables the detection of DoS attacks.

A conventional visible light communication system consists of a transmitter, a jammer that includes a few light emitting diodes, a legal listener and an eavesdropper. In this work, a similar system is designed with a collimating lens in order to create an extra layer of practical physical security measure. The use of a collimating lens makes it available to spatially limiting data transmission to an area under the lensed transmitter. Also focused data transmission through the optical lens, increases the secrecy rate. To investigate the applicability of the proposed design we designed a sample experimental setup using USRP and implemented in a laboratory environment. In the proposed set up, the receiver is in a fixed position. However, it is possible to implement an easy, practical and cheap hardware solution with respect to a beamforming type VLC that uses directional beam forming method to establish transmission to a dynamic target. In addition, it is achievable to control the size of the area where a receiver can access data by manipulating the distance between the optical lens and transmitter.

Software vulnerabilities have become a major problem for the security analysts, since the number of new vulnerabilities is constantly growing. Thus, there was a need for a categorization system, in order to group and handle these vulnerabilities in a more efficient way. Hence, the MITRE corporation introduced the Common Weakness Enumeration that is a list of the most common software and hardware vulnerabilities. However, the manual task of understanding and analyzing new vulnerabilities by security experts, is a very slow and exhausting process. For this reason, a new automated classification methodology is introduced in this paper, based on the vulnerability textual descriptions from National Vulnerability Database. The proposed methodology, combines textual analysis and tree-based machine learning techniques in order to classify vulnerabilities automatically. The results of the experiments showed that the proposed methodology performed pretty well achieving an overall accuracy close to 80%.

Security databases such as Common Vulnerabilities and Exposures (CVE), Common Weakness Enumeration (CWE), and Common Attack Pattern Enumeration and Classification (CAPEC) maintain diverse high-quality security concepts, which are treated as security entities. Meanwhile, security entities are documented with many potential relation types that profit for security analysis and comprehension across these three popular databases. To support reasoning security entity relationships, translation-based knowledge graph representation learning treats each triple independently for the entity prediction. However, it neglects the important semantic information about the neighbor entities around the triples. To address it, we propose a text-enhanced graph attention network model (text-enhanced GAT). This model highlights the importance of the knowledge in the 2-hop neighbors surrounding a triple, under the observation of the diversity of each entity. Thus, we can capture more structural and textual information from the knowledge graph about the security databases. Extensive experiments are designed to evaluate the effectiveness of our proposed model on the prediction of security entity relationships. Moreover, the experimental results outperform the state-of-the-art by Mean Reciprocal Rank (MRR) 0.132 for detecting the missing relationships.

Cyber-attacks toward cyber-physical systems are one of the main concerns of smart grid's operators. However, many of these cyber-attacks, are toward unmanned substations where the cyber-attackers needs to be close enough to substation to malfunction protection and control systems in substations, using Electromagnetic signals. Therefore, in this paper, a new threat detection algorithm is proposed to prevent possible cyber-attacks toward unmanned substations. Using surveillance camera's streams and based on You Only Look Once (YOLO) V3, suspicious objects in the image are detected. Then, using Intersection over Union (IOU) and Generalized Intersection Over Union (GIOU), threat distance is estimated. Finally, the estimated threats are categorized into three categories using color codes red, orange and green. The deep network used for detection consists of 106 convolutional layers and three output prediction with different resolutions for different distances. The pre-trained network is transferred from Darknet-53 weights trained on 80 classes.

New services and products are increasingly becoming integral parts of our daily lives rising our technological dependence, as well as our exposure to risks from cyber. Critical sectors such as transport are progressively depending on digital technologies to run their core operations and develop novel solutions to exploit the economic strengths of the European Union. However, despite the fact that the continuously increasing number of visitors, entering the European Union through land-border crossing points or seaports, brings tremendous economic benefits, novel border control solutions, such as mobile devices for passenger identification for land and sea border control, are essential to accurately identify passengers ``on the fly'' while ensuring their comfort. However, the highly confidential personal data managed by these devices makes them an attractive target for cyberattacks. Therefore, novel secure and usable user authentication mechanisms are required to increase the level of security of this kind of devices without interrupting border control activities. Towards this direction, we, firstly, discuss risk-based and adaptive authentication for mobile devices as a suitable approach to deal with the security vs. usability challenge. Besides that, a novel risk-based adaptive user authentication mechanism is proposed for mobile passenger identification devices used by border control officers at land and sea borders.

Most information systems rely on the Internet to provide users with various services. Distributed Denial-of-Service (DDoS) attacks are currently one of the main cyber threats, which causes the system or network disabled. To ensure that the information system can provide services for users normally, it is important to detect the occurrence of DDoS attacks quickly and accurately. Therefore, this research proposes a system based on packet continuity to detect DDoS attacks. On average, it only takes a few milliseconds to collect a certain number of consecutive packets, and then DDoS attacks can be detected. Experimental results show that the accuracy of detecting DDoS attacks based on packet continuity is higher than 99.9% and the system response time is about 5 milliseconds.

DDoS attack detection in a single dimension cannot cope with complex and new attacks. Aiming at the problems existing in single dimension detection, this paper proposes an algorithm to detect DDoS attack based on multi-dimensional entropy. Firstly, the algorithm selects multiple dimensions and establishes corresponding decision function for each dimension and calculates its information entropy. Secondly, the multidimensional sliding window CUSUM algorithm without parameters is used to synthesize the detection results of three dimensions to determine whether it is attacked by DDoS. Finally, the data set published by MIT Lincoln Laboratory is used for testing. Experimental results show that compared with single dimension detection algorithm, this method has good detection rate and low false alarm rate.

It has been a hot research topic to detect and mitigate Distributed Denial-of-Service (DDoS) attacks due to the significant increase of serious threat of such attacks. The rapid growth of Internet of Things (IoT) has intensified this trend, e.g. the Mirai botnet and variants. To address this issue, a light-weight DDoS mitigation mechanism was presented. In the proposed scheme, flooding attacks are detected by stochastic queue allocation which can be executed with widespread and inexpensive commercial products at a network edge. However, the detection process is delayed when the number of incoming flows is large because of the randomness of queue allocation. Thus, in this paper we propose an efficient queue allocation algorithm for rapid DDoS mitigation using limited resources. The idea behind the proposed scheme is to avoid duplicate allocation by decreasing the randomness of the existing scheme. The performance of the proposed scheme was confirmed via theoretical analysis and computer simulation. As a result, it was confirmed that malicious flows are efficiently detected and discarded with the proposed algorithm.

Due to the intrinsic properties of Solid-State Drives (SSDs), invalid data remain in SSDs before erased by a garbage collection process, which increases the risk of being attacked by adversaries. Previous studies use erase and cryptography based schemes to purposely delete target data but face extremely large overhead. In this paper, we propose a Workload-Aware Secure Deletion scheme, called WAS-Deletion, to reduce the overhead of secure deletion by three major components. First, the WAS-Deletion scheme efficiently splits invalid and valid data into different blocks based on workload characteristics. Second, the WAS-Deletion scheme uses a new encryption allocation scheme, making the encryption follow the same direction as the write on multiple blocks and vertically encrypts pages with the same key in one block. Finally, a new adaptive scheduling scheme can dynamically change the configurations of different regions to further reduce secure deletion overhead based on the current workload. The experimental results indicate that the newly proposed WAS-Deletion scheme can reduce the secure deletion cost by about 1.2x to 12.9x compared to previous studies.

Skyrmion racetrack memory (Sk-RM) is a new storage technology in which skyrmions are used to represent data bits to provide high storage density. During the reading procedure, the skyrmion is driven by a current and sensed by a fixed read head. However, synchronization errors may happen if the skyrmion does not pass the read head on time. In this paper, a polar coding scheme is proposed to correct the synchronization errors in the Sk-RM. Firstly, we build two error correction models for the reading operation of Sk-RM. By connecting polar codes with the marker codes, the number of deletion errors can be determined. We also redesign the decoding algorithm to recover the information bits from the readout sequence, where a tighter bound of the segmented deletion errors is derived and a novel parity check strategy is designed for better decoding performance. Simulation results show that the proposed coding scheme can efficiently improve the decoding performance.

The rapid increase in the use of IoT devices brings many benefits to the digital society, ranging from improved efficiency to higher productivity. However, the limited resources and the open nature of these devices make them vulnerable to various cyber threats. A single compromised device can have an impact on the whole network and lead to major security and physical damages. This paper explores the potential of using network profiling and machine learning to secure IoT against cyber attacks. The proposed anomaly-based intrusion detection solution dynamically and actively profiles and monitors all networked devices for the detection of IoT device tampering attempts as well as suspicious network transactions. Any deviation from the defined profile is considered to be an attack and is subject to further analysis. Raw traffic is also passed on to the machine learning classifier for examination and identification of potential attacks. Performance assessment of the proposed methodology is conducted on the Cyber-Trust testbed using normal and malicious network traffic. The experimental results show that the proposed anomaly detection system delivers promising results with an overall accuracy of 98.35% and 0.98% of false-positive alarms.

Aiming at the working mechanism of optical backbone network, based on the theory of complex network, the invulnerability evaluation index of optical backbone network is extracted from the physical topology of optical backbone network and the degree of bandwidth satisfaction, finally, the invulnerability evaluation model of optical backbone network is established. At the same time, the evaluation model is verified and analyzed with specific cases, through the comparison of 4 types of attack, the results show that the number of deliberate point attacks ( DP) is 16.7% lower than that of random point attacks ( RP) when the critical collapse state of the network is reached, and the number of deliberate edge attacks ( DE) is at least 10.4% lower than that of random edge attacks ( RE). Therefore, evaluating the importance of nodes and edges and strengthening the protection of key nodes and edges can help optical network effectively resist external attacks and significantly improve the anti-damage ability of optical network, which provides theoretical support for the anti-damage evaluation of optical network and has certain practical significance for the upgrade and reconstruction of optical network.

Among many application domains of machine learning in real-world settings, cyber security can benefit from more automated techniques to combat sophisticated adversaries. Modern network intrusion detection systems leverage machine learning models on network logs to proactively detect cyber attacks. However, the risk of adversarial attacks against machine learning used in these cyber settings is not fully explored. In this paper, we investigate poisoning attacks at training time against machine learning models in constrained cyber environments such as network intrusion detection; we also explore mitigations of such attacks based on training data sanitization. We consider the setting of poisoning availability attacks, in which an attacker can insert a set of poisoned samples at training time with the goal of degrading the accuracy of the deployed model. We design a white-box, realizable poisoning attack that reduced the original model accuracy from 95% to less than 50 % by generating mislabeled samples in close vicinity of a selected subset of training points. We also propose a novel Nested Training method as a defense against these attacks. Our defense includes a diversified ensemble of classifiers, each trained on a different subset of the training set. We use the disagreement of the classifiers' predictions as a data sanitization method, and show that an ensemble of 10 SVM classifiers is resilient to a large fraction of poisoning samples, up to 30% of the training data.

Strings are used to model genomic, natural language, and web activity data, and are thus often shared broadly. However, string data sharing has raised privacy concerns stemming from the fact that knowledge of length-k substrings of a string and their frequencies (multiplicities) may be sufficient to uniquely reconstruct the string; and from that the inference of such substrings may leak confidential information. We thus introduce the problem of protecting length-k substrings of a single string S by applying Differential Privacy (DP) while maximizing data utility for frequency-based mining tasks. Our theoretical and empirical evidence suggests that classic DP mechanisms are not suitable to address the problem. In response, we employ the order-k de Bruijn graph G of S and propose a sampling-based mechanism for enforcing DP on G. We consider the task of enforcing DP on G using our mechanism while preserving the normalized edge multiplicities in G. We define an optimization problem on integer edge weights that is central to this task and develop an algorithm based on dynamic programming to solve it exactly. We also consider two variants of this problem with real edge weights. By relaxing the constraint of integer edge weights, we are able to develop linear-time exact algorithms for these variants, which we use as stepping stones towards effective heuristics. An extensive experimental evaluation using real-world large-scale strings (in the order of billions of letters) shows that our heuristics are efficient and produce near-optimal solutions which preserve data utility for frequency-based mining tasks.

With the rapid growth of data sharing through social media networks, determining relevant data items concerning a particular subject becomes paramount. We address the issue of establishing which images represent an event of interest through a semi-supervised learning technique. The method learns consistent and shared features related to an event (from a small set of examples) to propagate them to an unlabeled set. We investigate the behavior of five image feature representations considering low- and high-level features and their combinations. We evaluate the effectiveness of the feature embedding approach on five collected datasets from real-world events.

The recent technological advances and changes in the daily human activities increased the production and sharing of data. In the ecosystem of interconnected systems, data can be circulated among systems for various reasons. This could lead to exchange of private or sensitive information between entities. Data Sanitisation involves processes and practices that remove sensitive and private information from documents before sharing them with entities that should not have access to this information. This paper presents the design and development of a data sanitisation and redaction solution for a Cyber Threat Intelligence sharing platform. The Data Sanitisation and Redaction Plugin has been designed with the purpose of operating as a plugin for the ECHO Project’s Early Warning System platform and enhancing its operative capabilities during information sharing. This plugin aims to provide automated security and privacy-based controls to the concept of CTI sharing over a ticketing system. The plugin has been successfully tested and the results are presented in this paper.

The rapid rise of the Dark Web and supportive technologies has served as the backbone facilitating online illegal activity worldwide. These illegal activities supported by anonymisation technologies such as Tor has made it increasingly elusive to law enforcement agencies. Despite several successful law enforcement operations, illegal activity on the Dark Web is still growing. There are approaches to monitor, mine, and research the Dark Web, all with varying degrees of success. Given the complexity and dynamics of the services offered, we recognize the need for in depth analysis of the Dark Web with regard to its infrastructures, actors, types of abuse and their relationships. This involves the challenging task of information extraction from the very heterogeneous collection of web pages that make up the Dark Web. Most providers develop their services on top of standard frameworks such as WordPress, Simple Machine Forum, phpBB and several other frameworks to deploy their services. As a result, these service providers publish significant number of pages based on similar structural and stylistic templates. We propose an efficient, scalable, repeatable and accurate approach to cluster Dark Web pages based on those structural and stylistic features. Extracting relevant information from those clusters should make it feasible to conduct in depth Dark Web analysis. This paper presents our clustering algorithm to accelerate information extraction, and as a result improve attribution of digital traces to infrastructures or individuals in the fight against cyber crime.

The need to achieve a suitable level of security in Cyber-Physical Systems (CPS) presents a major challenge for engineers. The unpredictable communication of highly constrained, but safety-relevant systems in a heterogeneous environment, significantly impacts the number and severity of vulnerabilities. Consequently, if security-related weaknesses can successfully be exploited by attackers, the functionality of critical infrastructure could be denied or malfunction. This might consequently threaten life or leak sensitive information. A toolkit to quantitatively express security is essential for security engineers in order to define security-enhancing measurements. For this purpose, security scoring frameworks, like the established Common Vulnerability Scoring System can be used. However, existing security scoring frameworks may not be able to handle the proposed challenges and characteristics of CPS. Therefore, in this work, we aim to elaborate a security scoring system that is tailored to the needs of CPS. In detail, we analyze security on a System-of-Systems level, while considering multiple attacks, as well as potential side effects to other security-related objects. The positive effects of integrated mitigation concepts should also be abbreviated by our proposed security score. Additionally, we generate the security score for interacting AUTOSAR platforms in a highly-connected Vehicle-to-everything (V2x) environment. We refer to this highly relevant use case scenario to underline the benefits of our proposed scoring framework and to prove its effectiveness in CPS.