Biblio

A reliable database of Indicators of Compromise (IoC’s) is a cornerstone of almost every malware detection system. Building the database and keeping it up-to-date is a lengthy and often manual process where each IoC should be manually reviewed and labeled by an analyst. In this paper, we focus on an automatic way of identifying IoC’s intended to save analysts’ time and scale to the volume of network data. We leverage relations of each IoC to other entities on the internet to build a heterogeneous graph. We formulate a classification task on this graph and apply graph neural networks (GNNs) in order to identify malicious domains. Our experiments show that the presented approach provides promising results on the task of identifying high-risk malware as well as legitimate domains classification.

The rapidly increasing malware threats must be coped with new effective malware detection methodologies. Current malware threats are not limited to daily personal transactions but dowelled deeply within large enterprises and organizations. This paper introduces a new methodology for detecting and discriminating malicious versus normal applications. In this paper, we employed Ant-colony optimization to generate two behavioural graphs that characterize the difference in the execution behavior between malware and normal applications. Our proposed approach relied on the API call sequence generated when an application is executed. We used the API calls as one of the most widely used malware dynamic analysis features. Our proposed method showed distinctive behavioral differences between malicious and non-malicious applications. Our experimental results showed a comparative performance compared to other machine learning methods. Therefore, we can employ our method as an efficient technique in capturing malicious applications.

With the development of urbanization, the number of vehicles is gradually increasing, and vehicles are gradually developing in the direction of intelligence. How to ensure that the data of intelligent vehicles is not tampered in the process of transmission to the cloud is the key problem of current research. Therefore, we have established a data security transmission system based on blockchain. First, we collect and filter vehicle data locally, and then use blockchain technology to transmit key data. Through the smart contract, the key data is automatically and accurately transmitted to the surrounding node vehicles, and the vehicles transmit data to each other to form a transaction and spread to the whole network. The node data is verified through the node data consensus protocol of intelligent vehicle data security transmission system, and written into the block to form a blockchain. Finally, the vehicle user can query the transaction record through the vehicle address. The results show that we can safely and accurately transmit and query vehicle data in the blockchain database.

WhatsApp is one of the rare applications that has managed to become one of the most popular instant messaging applications all over the world. While inherently designed for simple and fast communication, privacy features such as end-to-end encryption have made confidential communication easy for criminals aiming to commit illegal acts. However, as it meets many daily communication and communication needs, it has a great potential to be digital evidence in interpersonal disputes. In this study, in parallel with the potential of WhatsApp application to contain digital evidence, the abuse of this situation and the manipulation method of multimedia files, which may cause wrong decisions by the judicial authorities, are discussed. The dangerous side of this method, which makes the analysis difficult, is that it can be applied by anyone without the need for high-level root authority or any other application on these devices. In addition, it is difficult to detect as no changes can be made in the database during the analysis phase. In this study, a controlled experimental environment was prepared on the example scenario, the manipulation was carried out and the prepared system analysis was included. The results obtained showed that the evidence at the forensic analysis stage is open to misinterpretation.

Common Vulnerabilities and Exposures (CVE) databases contain information about vulnerabilities of software products and source code. If individual elements of CVE descriptions can be extracted and structured, then the data can be used to search and analyze CVE descriptions. Herein we propose a method to label each element in CVE descriptions by applying Named Entity Recognition (NER). For NER, we used BERT, a transformer-based natural language processing model. Using NER with machine learning can label information from CVE descriptions even if there are some distortions in the data. An experiment involving manually prepared label information for 1000 CVE descriptions shows that the labeling accuracy of the proposed method is about 0.81 for precision and about 0.89 for recall. In addition, we devise a way to train the data by dividing it into labels. Our proposed method can be used to label each element automatically from CVE descriptions.

Passwords are generally used to keep unauthorized users out of the system. Password hacking has become more common as the number of internet users has extended, causing a slew of issues. These problems include stealing the confidential information of a company or a country by adversaries which harm the economy or the security of the organization. Hackers often use password hacking for criminal activities. It is indispensable to protect passwords from hackers. There are many hacking methods such as credential stuffing, social engineering, traffic interception, and password spraying for hacking the passwords. So, in order to control hacking, there are hashing algorithms that are mostly used to hash passwords making password cracking more difficult. In this proposed work, different hashing algorithms such as SHA-1, MD-5, Salted MD-5, SHA-256, and SHA-512 have been used. And the MySQL database is used to store the hash values of passwords that are generated using various hash functions. It is proven that SHA is better than MD-5 and Salted MD-5. Whereas in the SHA family, SHA-512 and SHA-256 have their own benefits. Four new hashing functions have been proposed using the combination of existing algorithms like SHA-256, and SHA-512 namely SHA-256\_with\_SHA-256, SHA-256\_ With\_SHA-512,SHA-512\_With\_SHA-512,and SHA-512\_ With\_SHA-256. They provide strong hash value for passwords by which the security of passwords increases, and hacking can be controlled to an extent.

The student's fault is not the only cause of dropping out of school. Often, cases of dropping out of school are only associated with too general problems. However, sensitive issues that can be detrimental to certain parties in this regard, such as the institution's reputation, are usually not made public. To overcome this, an in-depth analysis of these cases is needed for proper handling. Many risks are associated with creating a single repository for this sensitive information. Therefore, some encryption is required to ensure data is not leaked. However, encryption at rest and in transit is insufficient as data leakage is a considerable risk during processing. In addition, there is also a risk of abuse of authority by insiders so that no single entity is allowed to have access to all data. Homomorphic encryption presents a viable solution to this challenge. Data may be aggregated under the security provided by Homomorphic Encryption. This method makes the data available for computation without being decrypted first and without paying the risk of having a single repository.

Face recognition technology is widely employed in a variety of applications, including public security, criminal identification, multimedia data management, and so on. Because of its importance for practical applications and theoretical issues, the facial recognition system has received a lot of attention. Furthermore, numerous strategies have been offered, each of which has shown to be a significant benefit in the field of facial and pattern recognition systems. Face recognition still faces substantial hurdles in unrestricted situations, despite these advancements. Deep learning techniques for facial recognition are presented in this paper for accurate detection and identification of facial images. The primary goal of facial recognition is to recognize and validate facial features. The database consists of 500 color images of people that have been pre-processed and features extracted using Linear Discriminant Analysis. These features are split into 70 percent for training and 30 percent for testing of decision tree classifiers for the computation of face recognition system performance.

Facial is the most dynamic part of the human body that conveys information about emotions. The level of diversity in facial geometry and facial look makes it possible to detect various human expressions. To be able to differentiate among numerous facial expressions of emotion, it is crucial to identify the classes of facial expressions. The methodology used in this article is based on convolutional neural networks (CNN). In this paper Deep Learning CNN is used to examine Alex net architectures. Improvements were achieved by applying the transfer learning approach and modifying the fully connected layer with the Support Vector Machine(SVM) classifier. The system succeeded by achieving satisfactory results on icv-the MEFED dataset. Improved models achieved around 64.29 %of recognition rates for the classification of the selected expressions. The results obtained are acceptable and comparable to the relevant systems in the literature provide ideas a background for further improvements.

Child facial expression recognition is a relatively less investigated area within affective computing. Children’s facial expressions differ significantly from adults; thus, it is necessary to develop emotion recognition frameworks that are more objective, descriptive and specific to this target user group. In this paper we propose the first approach that (i) constructs video-level heterogeneous graph representation for facial expression recognition in children, and (ii) predicts children’s facial expressions using the automatically detected Action Units (AUs). To this aim, we construct three separate length-independent representations, namely, statistical, spectral and graph at video-level for detailed multi-level facial behaviour decoding (AU activation status, AU temporal dynamics and spatio-temporal AU activation patterns, respectively). Our experimental results on the LIRIS Children Spontaneous Facial Expression Video Database demonstrate that combining these three feature representations provides the highest accuracy for expression recognition in children.

Research on intelligent accounting system based on intelligent financial data sheet analysis system considering complex data mining is conducted in the paper. The expert audit system extracts business records from the business database according to the specified audit conditions, and the program automatically calculates the total amount of the amount data items, and then compares it with the standard or normal business, reflecting the necessary information such as differences and also possible audit trails. In order to find intrusion behaviors and traces, data collection is carried out from multiple points in the network system. The collection content includes system logs, network data packets, important files, and the status and the behavior of the user activities. Furthermore, complex data mining model is combined for the systematic analysis on the system performance. The simulation on the collected data is provided to the validate the performance.

As the nature of the website, the EJBCA digital signatures may have vulnerabilities. The list of web-based vulnerabilities can be found in OWASP's Top 10 2021. Anticipating the attack with an effective and efficient forensics application is necessary. The concept of digital forensic readiness can be applied as a pre-incident plan with a digital forensic lifecycle pipeline to establish an efficient forensic process. Managing digital evidence in the pre-incident plan includes data collection, examination, analysis, and findings report. Based on this concept, we implemented it in designing an information system that carries out the entire flow, provides attack evidence collection, visualization of attack statistics in executive summary, mitigation recommendation, and forensic report generation in a physical form when needed. This research offers an information system that can help the digital forensic process and maintain the integrity of the EJBCA digital signature server web.

Distributed Denial-of-Service (DDoS) attacks aim to cause downtime or a lack of responsiveness for web services. DDoS attacks targeting the application layer are amongst the hardest to catch as they generally appear legitimate at lower layers and attempt to take advantage of common application functionality or aspects of the HTTP protocol, rather than simply send large amounts of traffic like with volumetric flooding. Attacks can focus on functionality such as database operations, file retrieval, or just general backend code. In this paper, we examine common forms of application layer attacks, preventative and detection measures, and take a closer look specifically at HTTP Flooding attacks by the High Orbit Ion Cannon (HOIC) and “low and slow” attacks through slowloris.

To solve the problem of an excessive number of component vulnerabilities and limited defense resources in industrial cyber physical systems, a method for analyzing security critical components of system is proposed. Firstly, the components and vulnerability information in the system are modeled based on SysML block definition diagram. Secondly, as SysML block definition diagram is challenging to support direct analysis, a block security dependency graph model is proposed. On this basis, the transformation rules from SysML block definition graph to block security dependency graph are established according to the structure of block definition graph and its vulnerability information. Then, the calculation method of component security importance is proposed, and a security critical component analysis tool is designed and implemented. Finally, an example of a Drone system is given to illustrate the effectiveness of the proposed method. The application of this method can provide theoretical and technical support for selecting key defense components in the industrial cyber physical system.

Currently, the Dark Web is one key platform for the online trading of illegal products and services. Analysing the .onion sites hosting marketplaces is of interest for law enforcement and security researchers. This paper presents a study on 123k listings obtained from 6 different Dark Web markets. While most of current works leverage existing datasets, these are outdated and might not contain new products, e.g., those related to the 2020 COVID pandemic. Thus, we build a custom focused crawler to collect the data. Being able to conduct analyses on current data is of considerable importance as these marketplaces continue to change and grow, both in terms of products offered and users. Also, there are several anti-crawling mechanisms being improved, making this task more difficult and, consequently, reducing the amount of data obtained in recent years on these marketplaces. We conduct a data analysis evaluating multiple characteristics regarding the products, sellers, and markets. These characteristics include, among others, the number of sales, existing categories in the markets, the origin of the products and the sellers. Our study sheds light on the products and services being offered in these markets nowadays. Moreover, we have conducted a case study on one particular productive and dynamic drug market, i.e., Cannazon. Our initial goal was to understand its evolution over time, analyzing the variation of products in stock and their price longitudinally. We realized, though, that during the period of study the market suffered a DDoS attack which damaged its reputation and affected users' trust on it, which was a potential reason which lead to the subsequent closure of the market by its operators. Consequently, our study provides insights regarding the last days of operation of such a productive market, and showcases the effectiveness of a potential intervention approach by means of disrupting the service and fostering mistrust.

One major tool of Energy Management Systems for monitoring the status of the power grid is State Estimation (SE). Since the results of state estimation are used within the energy management system, the security of the power system state estimation tool is most important. The research in this area is targeting detection of False Data Injection attacks on measurements. Though this aspect is crucial, SE also depends on database that are used to describe the relationship between measurements and systems' states. This paper presents a two-stage optimization framework to not only detect, but also correct cyber-attacks pertaining the measurements' model parameters used by the SE routine. In the first stage, an estimate of the line parameters ratios are obtained. In the second stage, the estimated ratios from stage I are used in a Bi-Level model for obtaining a final estimate of the measurements' model parameters. Hence, the presented framework does not only unify the detection and correction in a single optimization run, but also provide a monitoring scheme for the SE database that is typically considered static. In addition, in the two stages, linear programming framework is preserved. For validation, the IEEE 118 bus system is used for implementation. The results illustrate the effectiveness of the proposed model for detecting attacks in the database used in the state estimation process.

Concurrency vulnerabilities caused by synchronization problems will occur in the execution of multi-threaded programs, and the emergence of concurrency vulnerabilities often cause great threats to the system. Once the concurrency vulnerabilities are exploited, the system will suffer various attacks, seriously affecting its availability, confidentiality and security. In this paper, we extract 839 concurrency vulnerabilities from Common Vulnerabilities and Exposures (CVE), and conduct a comprehensive analysis of the trend, classifications, causes, severity, and impact. Finally, we obtained some findings: 1) From 1999 to 2021, the number of concurrency vulnerabilities disclosures show an overall upward trend. 2) In the distribution of concurrency vulnerability, race condition accounts for the largest proportion. 3) The overall severity of concurrency vulnerabilities is medium risk. 4) The number of concurrency vulnerabilities that can be exploited for local access and network access is almost equal, and nearly half of the concurrency vulnerabilities (377/839) can be accessed remotely. 5) The access complexity of 571 concurrency vulnerabilities is medium, and the number of concurrency vulnerabilities with high or low access complexity is almost equal. The results obtained through the empirical study can provide more support and guidance for research in the field of concurrency vulnerabilities.

In today’s world, digital data are enormous due to technologies that advance data collection, storage, and analyses. As more data are shared or publicly available, privacy is of great concern. Having privacy means having control over your data. The first step towards privacy protection is to understand various aspects of privacy and have the ability to quantify them. Much work in structured data, however, has focused on approaches to transforming the original data into a more anonymous form (via generalization and suppression) while preserving the data integrity. Such anonymization techniques count data instances of each set of distinct attribute values of interest to signify the required anonymity to protect an individual’s identity or confidential data. While this serves the purpose, our research takes an alternative approach to provide quick privacy measures by way of anonymity especially when dealing with large-scale data. This paper presents a study of anonymity measures based on their relevant properties that impact privacy. Specifically, we identify three properties: uniformity, variety, and diversity, and formulate their measures. The paper provides illustrated examples to evaluate their validity and discusses the use of multi-aspects of anonymity and privacy measures.

Vulnerability assessment is an important process for network security. However, most commonly used vulnerability assessment methods still rely on expert experience or rule-based automated scripts, which are difficult to meet the security requirements of increasingly complex network environment. In recent years, although scientists and engineers have made great progress on artificial intelligence in both theory and practice, it is a challenging to manufacture a mature high-quality intelligent products in the field of network security, especially in penetration testing based vulnerability assessment for enterprises. Therefore, in order to realize the intelligent penetration testing, Vul.AI with its rich experience in cyber attack and defense for many years has designed and developed a set of intelligent penetration and attack simulation system Ai.Scan, which is based on attack chain, knowledge graph and related evaluation algorithms. In this paper, the realization principle, main functions and application scenarios of Ai.Scan are introduced in detail.

Audit trails are critical components in enterprise business applications, typically used for storing, tracking, and auditing data. Entities in the audit trail applications have weak trust boundaries, which expose them to various security risks and attacks. To harden the security and develop secure by design applications, blockchain technology has been recently introduced in the audit trails. Blockchains take a consensus-driven clean slate approach to equip audit trails with secure and transparent data processing, without a trusted intermediary. On a downside, blockchains significantly increase the space-time complexity of the audit trails, leading to high storage costs and low transaction throughput. In this article, we introduce BlockTrail, a novel blockchain architecture that fragments the legacy blockchain systems into layers of codependent hierarchies, thereby reducing the space-time complexity and increasing the throughput. BlockTrail is prototyped on the “practical Byzantine fault tolerance” protocol with a custom-built blockchain. Experiments with BlockTrail show that compared to the conventional schemes, BlockTrail is secure and efficient, with low storage footprint.

In this work, we discuss data breaches based on the “2012 SocialArks data breach” case study. Data leakage refers to the security violations of unauthorized individuals copying, transmitting, viewing, stealing, or using sensitive, protected, or confidential data. Data leakage is becoming more and more serious, for those traditional information security protection methods like anti-virus software, intrusion detection, and firewalls have been becoming more and more challenging to deal with independently. Nevertheless, fortunately, new IT technologies are rapidly changing and challenging traditional security laws and provide new opportunities to develop the information security market. The SocialArks data breach was caused by a misconfiguration of ElasticSearch Database owned by SocialArks, owned by “Tencent.” The attack methodology is classic, and five common Elasticsearch mistakes discussed the possibilities of those leakages. The defense solution focuses on how to optimize the Elasticsearch server. Furthermore, the ElasticSearch database’s open-source identity also causes many ethical problems, which means that anyone can download and install it for free, and they can install it almost anywhere. Some companies download it and install it on their internal servers, while others download and install it in the cloud (on any provider they want). There are also cloud service companies that provide hosted versions of Elasticsearch, which means they host and manage Elasticsearch clusters for their customers, such as Company Tencent.

The 2021 T-Mobile breach conducted by John Erin Binns resulted in the theft of 54 million customers' personal data. The attacker gained entry into T-Mobile's systems through an unprotected router and used brute force techniques to access the sensitive information stored on the internal servers. The data stolen included names, addresses, Social Security Numbers, birthdays, driver's license numbers, ID information, IMEIs, and IMSIs. We analyze the data breach and how it opens the door to identity theft and many other forms of hacking such as SIM Hijacking. SIM Hijacking is a form of hacking in which bad actors can take control of a victim's phone number allowing them means to bypass additional safety measures currently in place to prevent fraud. This paper thoroughly reviews the attack methodology, impact, and attempts to provide an understanding of important measures and possible defense solutions against future attacks. We also detail other social engineering attacks that can be incurred from releasing the leaked data.

In the era of Internet usage growth, storage services are widely used where users' can store their data, while hackers techniques pose massive threats to users' data security. The proposed system introduces multiple layers of security where data confidentiality, integrity and availability are achieved using honey encryption, hashed random passwords as well as detecting intruders and preventing them. The used techniques can ensure security against brute force and denial of service attacks. Our proposed methodology proofs the efficiency for storing and retrieving data using honey words and password hashing with less execution time and more security features achieved compared with other systems. Other systems depend on user password leading to easily predict it, we avoid this approach by making the password given to the user is randomly generated which make it unpredictable and hard to break. Moreover, we created a simple user interface to interact with users to take their inputs and store them along with the given password in true database, if an adversary detected, he will be processed as a normal user but with fake information taken from another database called false database, after that, the admin will be notified about this illegitimate access by providing the IP address. This approach will make the admin have continuous detection and ensure availability and confidentiality. Our execution time is efficient as the encryption process takes 244 ms and decryption 229 ms.

Face recognition is a biometric technique that uses a computer or machine to facilitate the recognition of human faces. The advantage of this technique is that it can detect faces without direct contact with the device. In its application, the security of face recognition data systems is still not given much attention. Therefore, this study proposes a technique for securing data stored in the face recognition system database. It implements the Viola-Jones Algorithm, the Kanade-Lucas-Tomasi Algorithm (KLT), and the Principal Component Analysis (PCA) algorithm by applying a database security algorithm using XOR encryption. Several tests and analyzes have been performed with this method. The histogram analysis results show no visual information related to encrypted images with plain images. In addition, the correlation value between the encrypted and plain images is weak, so it has high security against statistical attacks with an entropy value of around 7.9. The average time required to carry out the introduction process is 0.7896 s.

Cancelable biometric is a new era of technology that deals with the protection of the privacy content of a person which itself helps in protecting the identity of a person. Here the biometric information instead of being stored directly on the authentication database is transformed into a non-invertible coded format that will be utilized for providing access. The conversion into an encrypted code requires the provision of an encryption key from the user side. Both invertible and non-invertible coding techniques are there but non-invertible one provides additional security to the user. In this paper, a non-invertible cancelable biometric method has been proposed where the biometric image information is canceled and encoded into a code using a user-provided encryption key. This code is generated from the image histogram after continuous bin updation to the maximal value and then it is encrypted by the Hill cipher. This code is stored on the database instead of biometric information. The technique is applied to a set of retinal information taken from the Indian Diabetic Retinopathy database.