Visible to the public Biblio

Filters: Keyword is Inspection  [Clear All Filters]
2022-01-10
Xu, Ling.  2021.  Application of Artificial Intelligence and Big Data in the Security of Regulatory Places. 2021 International Conference on Artificial Intelligence and Electromechanical Automation (AIEA). :210–213.
This paper analyzes the necessity of artificial intelligence and big data in the security application of regulatory places. The author studies the specific application of artificial intelligence and big data in ideological dynamics management, access control system, video surveillance system, emergency alarm system, perimeter control system, police inspection system, daily behavior management, and system implementation management. The author puts forward how to do technical integration, improve information sharing, strengthen the construction of talents, and increase management fund expenditure. The purpose of this paper is to enhance the security management level of regulatory places and optimize the management environment of regulatory places.
2021-12-21
Zhang, Pengfeng, Tian, Chuan, Shang, Tao, Liu, Lin, Li, Lei, Wang, Wenting, Zhao, Yiming.  2021.  Dynamic Access Control Technology Based on Zero-Trust Light Verification Network Model. 2021 International Conference on Communications, Information System and Computer Engineering (CISCE). :712–715.
With the rise of the cloud computing and services, the network environments tend to be more complex and enormous. Security control becomes more and more hard due to the frequent and various access and requests. There are a few techniques to solve the problem which developed separately in the recent years. Network Micro-Segmentation provides the system the ability to keep different parts separated. Zero Trust Model ensures the network is access to trusted users and business by applying the policy that verify and authenticate everything. With the combination of Segmentation and Zero Trust Model, a system will obtain the ability to control the access to organizations' or industrial valuable assets. To implement the cooperation, the paper designs a strategy named light verification to help the process to be painless for the cost of inspection. The strategy was found to be effective from the perspective of the technical management, security and usability.
Jeong, Jang Hyeon, Kim, Jong Beom, Choi, Seong Gon.  2021.  Zero-Day Attack Packet Highlighting System. 2021 23rd International Conference on Advanced Communication Technology (ICACT). :200–204.
This paper presents Zero-Day Attack Packet Highlighting System. Proposed system outputs zero-day attack packet information from flow extracted as result of regression inspection of packets stored in flow-based PCA. It also highlights raw data of the packet matched with rule. Also, we design communication protocols for sending and receiving data within proposed system. Purpose of the proposed system is to solve existing flow-based problems and provides users with raw data information of zero-day packets so that they can analyze raw data for the packets.
2021-09-21
Patil, Rajvardhan, Deng, Wei.  2020.  Malware Analysis using Machine Learning and Deep Learning techniques. 2020 SoutheastCon. 2:1–7.
In this era, where the volume and diversity of malware is rising exponentially, new techniques need to be employed for faster and accurate identification of the malwares. Manual heuristic inspection of malware analysis are neither effective in detecting new malware, nor efficient as they fail to keep up with the high spreading rate of malware. Machine learning approaches have therefore gained momentum. They have been used to automate static and dynamic analysis investigation where malware having similar behavior are clustered together, and based on the proximity unknown malwares get classified to their respective families. Although many such research efforts have been conducted where data-mining and machine-learning techniques have been applied, in this paper we show how the accuracy can further be improved using deep learning networks. As deep learning offers superior classification by constructing neural networks with a higher number of potentially diverse layers it leads to improvement in automatic detection and classification of the malware variants.In this research, we present a framework which extracts various feature-sets such as system calls, operational codes, sections, and byte codes from the malware files. In the experimental and result section, we compare the accuracy obtained from each of these features and demonstrate that feature vector for system calls yields the highest accuracy. The paper concludes by showing how deep learning approach performs better than the traditional shallow machine learning approaches.
2021-09-16
Ullman, Steven, Samtani, Sagar, Lazarine, Ben, Zhu, Hongyi, Ampel, Benjamin, Patton, Mark, Chen, Hsinchun.  2020.  Smart Vulnerability Assessment for Scientific Cyberinfrastructure: An Unsupervised Graph Embedding Approach. 2020 IEEE International Conference on Intelligence and Security Informatics (ISI). :1–6.
The accelerated growth of computing technologies has provided interdisciplinary teams a platform for producing innovative research at an unprecedented speed. Advanced scientific cyberinfrastructures, in particular, provide data storage, applications, software, and other resources to facilitate the development of critical scientific discoveries. Users of these environments often rely on custom developed virtual machine (VM) images that are comprised of a diverse array of open source applications. These can include vulnerabilities undetectable by conventional vulnerability scanners. This research aims to identify the installed applications, their vulnerabilities, and how they vary across images in scientific cyberinfrastructure. We propose a novel unsupervised graph embedding framework that captures relationships between applications, as well as vulnerabilities identified on corresponding GitHub repositories. This embedding is used to cluster images with similar applications and vulnerabilities. We evaluate cluster quality using Silhouette, Calinski-Harabasz, and Davies-Bouldin indices, and application vulnerabilities through inspection of selected clusters. Results reveal that images pertaining to genomics research in our research testbed are at greater risk of high-severity shell spawning and data validation vulnerabilities.
2021-08-11
Ngow, Y T, Goh, S H, Leo, J, Low, H W, Kamoji, Rupa.  2020.  Automated nets extraction for digital logic physical failure analysis on IP-secure products. 2020 IEEE International Symposium on the Physical and Failure Analysis of Integrated Circuits (IPFA). :1—6.
GDSII layouts of IP-confidential products are heavily controlled and access is only granted to certain privileged personnel. Failure analysts are generally excluded. Without guidance from GDSII, failure analysis, specifically physical inspection based on fault isolation findings cannot proceed. To overcome this challenge, we develop an automated approach that enables image snapshots relevant to failure analysts to be furnished without compromising the confidentiality of the GDSII content in this paper. Modules built are executed to trace the suspected nets and extract them into multiple images of different pre-defined frame specifications to facilitate failure analysis.
2021-04-27
Zhou, X..  2020.  Improvement of information System Audit to Deal With Network Information Security. 2020 International Conference on Communications, Information System and Computer Engineering (CISCE). :93–96.
With the rapid development of information technology and the increasing popularity of information and communication technology, the information age has come. Enterprises must adapt to changes in the times, introduce network and computer technologies in a timely manner, and establish more efficient and reasonable information systems and platforms. Large-scale information system construction is inseparable from related audit work, and network security risks have become an important part of information system audit concerns. This paper analyzes the objectives and contents of information system audits under the background of network information security through theoretical analysis, and on this basis, proposes how the IS audit work will be carried out.
2021-02-16
Grashöfer, J., Titze, C., Hartenstein, H..  2020.  Attacks on Dynamic Protocol Detection of Open Source Network Security Monitoring Tools. 2020 IEEE Conference on Communications and Network Security (CNS). :1—9.
Protocol detection is the process of determining the application layer protocol in the context of network security monitoring, which requires a timely and precise decision to enable protocol-specific deep packet inspection. This task has proven to be complex, as isolated characteristics, like port numbers, are not sufficient to reliably determine the application layer protocol. In this paper, we analyze the Dynamic Protocol Detection mechanisms employed by popular and widespread open-source network monitoring tools. On the example of HTTP, we show that all analyzed detection mechanisms are vulnerable to evasion attacks. This poses a serious threat to real-world monitoring operations. We find that the underlying fundamental problem of protocol disambiguation is not adequately addressed in two of three monitoring systems that we analyzed. To enable adequate operational decisions, this paper highlights the inherent trade-offs within Dynamic Protocol Detection.
2021-01-11
Malik, A., Fréin, R. de, Al-Zeyadi, M., Andreu-Perez, J..  2020.  Intelligent SDN Traffic Classification Using Deep Learning: Deep-SDN. 2020 2nd International Conference on Computer Communication and the Internet (ICCCI). :184–189.
Accurate traffic classification is fundamentally important for various network activities such as fine-grained network management and resource utilisation. Port-based approaches, deep packet inspection and machine learning are widely used techniques to classify and analyze network traffic flows. However, over the past several years, the growth of Internet traffic has been explosive due to the greatly increased number of Internet users. Therefore, both port-based and deep packet inspection approaches have become inefficient due to the exponential growth of the Internet applications that incurs high computational cost. The emerging paradigm of software-defined networking has reshaped the network architecture by detaching the control plane from the data plane to result in a centralised network controller that maintains a global view over the whole network on its domain. In this paper, we propose a new deep learning model for software-defined networks that can accurately identify a wide range of traffic applications in a short time, called Deep-SDN. The performance of the proposed model was compared against the state-of-the-art and better results were reported in terms of accuracy, precision, recall, and f-measure. It has been found that 96% as an overall accuracy can be achieved with the proposed model. Based on the obtained results, some further directions are suggested towards achieving further advances in this research area.
Chekashev, A., Demianiuk, V., Kogan, K..  2020.  Poster: Novel Opportunities in Design of Efficient Deep Packet Inspection Engines. 2020 IEEE 28th International Conference on Network Protocols (ICNP). :1–2.
Deep Packet Inspection (DPI) is an essential building block implementing various services on data plane [5]. Usually, DPI engines are centered around efficient implementation of regular expressions both from the required memory and lookup time perspectives. In this paper, we explore and generalize original approaches used for packet classifiers [7] to regular expressions. Our preliminary results establish a promising direction for the efficient implementation of DPI engines.
Khandait, P., Hubballi, N., Mazumdar, B..  2020.  Efficient Keyword Matching for Deep Packet Inspection based Network Traffic Classification. 2020 International Conference on COMmunication Systems NETworkS (COMSNETS). :567–570.
Network traffic classification has a range of applications in network management including QoS and security monitoring. Deep Packet Inspection (DPI) is one of the effective method used for traffic classification. DPI is computationally expensive operation involving string matching between payload and application signatures. Existing traffic classification techniques perform multiple scans of payload to classify the application flows - first scan to extract the words and the second scan to match the words with application signatures. In this paper we propose an approach which can classify network flows with single scan of flow payloads using a heuristic method to achieve a sub-linear search complexity. The idea is to scan few initial bytes of payload and determine potential application signature(s) for subsequent signature matching. We perform experiments with a large dataset containing 171873 network flows and show that it has a good classification accuracy of 98%.
2020-11-17
Radha, P., Selvakumar, N., Sekar, J. Raja, Johnsonselva, J. V..  2018.  Enhancing Internet of Battle Things using Ultrasonic assisted Non-Destructive Testing (Technical solution). 2018 IEEE International Conference on Computational Intelligence and Computing Research (ICCIC). :1—4.

The subsystem of IoMT (Internet of Military of Things) called IoBT (Internet of Battle of Things) is the major resource of the military where the various stack holders of the battlefield and different categories of equipment are tightly integrated through the internet. The proposed architecture mentioned in this paper will be helpful to design IoBT effectively for warfare using irresistible technologies like information technology, embedded technology, and network technology. The role of Machine intelligence is essential in IoBT to create smart things and provide accurate solutions without human intervention. Non-Destructive Testing (NDT) is used in Industries to examine and analyze the invisible defects of equipment. Generally, the ultrasonic waves are used to examine and analyze the internal defects of materials. Hence the proposed architecture of IoBT is enhanced by ultrasonic based NDT to study the properties of the things of the battlefield without causing any damage.

2020-10-26
Chen, Cheng-Yu, Hsiao, Shun-Wen.  2019.  IoT Malware Dynamic Analysis Profiling System and Family Behavior Analysis. 2019 IEEE International Conference on Big Data (Big Data). :6013–6015.
Not only the number of deployed IoT devices increases but also that of IoT malware increases. We eager to understand the threat made by IoT malware but we lack tools to observe, analyze and detect them. We design and implement an automatic, virtual machine-based profiling system to collect valuable IoT malware behavior, such as API call invocation, system call execution, etc. In addition to conventional profiling methods (e.g., strace and packet capture), the proposed profiling system adapts virtual machine introspection based API hooking technique to intercept API call invocation by malware, so that our introspection would not be detected by IoT malware. We then propose a method to convert the multiple sequential data (API calls) to a family behavior graph for further analysis.
2020-07-06
Mao, Zhong, Yan, Yujie, Wu, Jiahao, Hajjar, Jerome F., Padir, Taskin.  2019.  Automated Damage Assessment of Critical Infrastructure Using Online Mapping Technique with Small Unmanned Aircraft Systems. 2019 IEEE International Symposium on Technologies for Homeland Security (HST). :1–5.
Rapid inspection and assessment of critical infrastructure after man-made and natural disasters is a matter of homeland security. The primary aim of this paper is to demonstrate the potential of leveraging small Unmanned Aircraft System (sUAS) in support of the rapid recovery of critical infrastructure in the aftermath of catastrophic events. We propose our data collection, detection and assessment system, using a sUAS equipped with a Lidar and a camera. This method provides a solution in fast post-disaster response and assists human responders in damage investigation.
2020-07-03
El-Din Abd El-Raouf, Karim Alaa, Bahaa-Eldin, Ayman M., Sobh, Mohamed A..  2019.  Multipath Traffic Engineering for Software Defined Networking. 2019 14th International Conference on Computer Engineering and Systems (ICCES). :132—136.

ASA systems (firewall, IDS, IPS) are probable to become communication bottlenecks in networks with growing network bandwidths. To alleviate this issue, we suggest to use Application-aware mechanism based on Deep Packet Inspection (DPI) to bypass chosen traffic around firewalls. The services of Internet video sharing gained importance and expanded their share of the multimedia market. The Internet video should meet strict service quality (QoS) criteria to make the broadcasting of broadcast television a viable and comparable level of quality. However, since the Internet video relies on packet communication, it is subject to delays, transmission failures, loss of data and bandwidth restrictions that may have a catastrophic effect on the quality of multimedia.

Danilchenko, Victor, Theobald, Matthew, Cohen, Daniel.  2019.  Bootstrapping Security Configuration for IoT Devices on Networks with TLS Inspection. 2019 IEEE Globecom Workshops (GC Wkshps). :1—7.

In the modern security-conscious world, Deep Packet Inspection (DPI) proxies are increasingly often used on industrial and enterprise networks to perform TLS unwrapping on all outbound connections. However, enabling TLS unwrapping requires local devices to have the DPI proxy Certificate Authority certificates installed. While for conventional computing devices this is addressed via enterprise management, it's a difficult problem for Internet of Things ("IoT") devices which are generally not under enterprise management, and may not even be capable of it due to their resource-constrained nature. Thus, for typical IoT devices, being installed on a network with DPI requires either manual device configuration or custom DPI proxy configuration, both of which solutions have significant shortcomings. This poses a serious challenge to the deployment of IoT devices on DPI-enabled intranets. The authors propose a solution to this problem: a method of installing on IoT devices the CA certificates for DPI proxy CAs, as well as other security configuration ("security bootstrapping"). The proposed solution respects the DPI policies, while allowing the commissioning of IoT and IIoT devices without the need for additional manual configuration either at device scope or at network scope. This is accomplished by performing the bootstrap operation over unsecured connection, and downloading certificates using TLS validation at application level. The resulting solution is light-weight and secure, yet does not require validation of the DPI proxy's CA certificates in order to perform the security bootstrapping, thus avoiding the chicken-and-egg problem inherent in using TLS on DPI-enabled intranets.

Shaout, Adnan, Crispin, Brennan.  2019.  Markov Augmented Neural Networks for Streaming Video Classification. 2019 International Arab Conference on Information Technology (ACIT). :1—7.

With the growing number of streaming services, internet providers are increasingly needing to be able to identify the types of data and content providers that are being used on their networks. Traditional methods, such as IP and port scanning, are not always available for clients using VPNs or with providers using varying IP addresses. As such, in this paper we explore a potential method using neural networks and Markov Decision Process in order to augment deep packet inspection techniques in identifying the source and class of video streaming services.

KAO, Da-Yu.  2019.  Cybercrime Countermeasure of Insider Threat Investigation. 2019 21st International Conference on Advanced Communication Technology (ICACT). :413—418.

The threat of cybercrime is becoming increasingly complex and diverse on putting citizen's data or money in danger. Cybercrime threats are often originating from trusted, malicious, or negligent insiders, who have excessive access privileges to sensitive data. The analysis of cybercrime insider investigation presents many opportunities for actionable intelligence on improving the quality and value of digital evidence. There are several advantages of applying Deep Packet Inspection (DPI) methods in cybercrime insider investigation. This paper introduces DPI method that can help investigators in developing new techniques and performing digital investigation process in forensically sound and timely fashion manner. This paper provides a survey of the packet inspection, which can be applied to cybercrime insider investigation.

Yan, Haonan, Li, Hui, Xiao, Mingchi, Dai, Rui, Zheng, Xianchun, Zhao, Xingwen, Li, Fenghua.  2019.  PGSM-DPI: Precisely Guided Signature Matching of Deep Packet Inspection for Traffic Analysis. 2019 IEEE Global Communications Conference (GLOBECOM). :1—6.

In the field of network traffic analysis, Deep Packet Inspection (DPI) technology is widely used at present. However, the increase in network traffic has brought tremendous processing pressure on the DPI. Consequently, detection speed has become the bottleneck of the entire application. In order to speed up the traffic detection of DPI, a lot of research works have been applied to improve signature matching algorithms, which is the most influential factor in DPI performance. In this paper, we present a novel method from a different angle called Precisely Guided Signature Matching (PGSM). Instead of matching packets with signature directly, we use supervised learning to automate the rules of specific protocol in PGSM. By testing the performance of a packet in the rules, the target packet could be decided when and which signatures should be matched with. Thus, the PGSM method reduces the number of aimless matches which are useless and numerous. After proposing PGSM, we build a framework called PGSM-DPI to verify the effectiveness of guidance rules. The PGSM-DPI framework consists of PGSM method and open source DPI library. The framework is running on a distributed platform with better throughput and computational performance. Finally, the experimental results demonstrate that our PGSM-DPI can reduce 59.23% original DPI time and increase 21.31% throughput. Besides, all source codes and experimental results can be accessed on our GitHub.

León, Raquel, Domínguez, Adrián, Carballo, Pedro P., Núñez, Antonio.  2019.  Deep Packet Inspection Through Virtual Platforms using System-On-Chip FPGAs. 2019 XXXIV Conference on Design of Circuits and Integrated Systems (DCIS). :1—6.

Virtual platforms provide a full hardware/software platform to study device limitations in an early stages of the design flow and to develop software without requiring a physical implementation. This paper describes the development process of a virtual platform for Deep Packet Inspection (DPI) hardware accelerators by using Transaction Level Modeling (TLM). We propose two DPI architectures oriented to System-on-Chip FPGA. The first architecture, CPU-DMA based architecture, is a hybrid CPU/FPGA where the packets are filtered in the software domain. The second architecture, Hardware-IP based architecture, is mainly implemented in the hardware domain. We have created two virtual platforms and performed the simulation, the debugging and the analysis of the hardware/software features, in order to compare results for both architectures.

Yang, Bowen, Liu, Dong.  2019.  Research on Network Traffic Identification based on Machine Learning and Deep Packet Inspection. 2019 IEEE 3rd Information Technology, Networking, Electronic and Automation Control Conference (ITNEC). :1887—1891.

Accurate network traffic identification is an important basis for network traffic monitoring and data analysis, and is the key to improve the quality of user service. In this paper, through the analysis of two network traffic identification methods based on machine learning and deep packet inspection, a network traffic identification method based on machine learning and deep packet inspection is proposed. This method uses deep packet inspection technology to identify most network traffic, reduces the workload that needs to be identified by machine learning method, and deep packet inspection can identify specific application traffic, and improves the accuracy of identification. Machine learning method is used to assist in identifying network traffic with encryption and unknown features, which makes up for the disadvantage of deep packet inspection that can not identify new applications and encrypted traffic. Experiments show that this method can improve the identification rate of network traffic.

2020-04-10
Repetto, M., Carrega, A., Lamanna, G..  2019.  An architecture to manage security services for cloud applications. 2019 4th International Conference on Computing, Communications and Security (ICCCS). :1—8.
The uptake of virtualization and cloud technologies has pushed novel development and operation models for the software, bringing more agility and automation. Unfortunately, cyber-security paradigms have not evolved at the same pace and are not yet able to effectively tackle the progressive disappearing of a sharp security perimeter. In this paper, we describe a novel cyber-security architecture for cloud-based distributed applications and network services. We propose a security orchestrator that controls pervasive, lightweight, and programmable security hooks embedded in the virtual functions that compose the cloud application, pursuing better visibility and more automation in this domain. Our approach improves existing management practice for service orchestration, by decoupling the management of the business logic from that of security. We also describe the current implementation stage for a programmable monitoring, inspection, and enforcement framework, which represents the ground technology for the realization of the whole architecture.
2020-02-10
Niddodi, Chaitra, Lin, Shanny, Mohan, Sibin, Zhu, Hao.  2019.  Secure Integration of Electric Vehicles with the Power Grid. 2019 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids (SmartGridComm). :1–7.
This paper focuses on the secure integration of distributed energy resources (DERs), especially pluggable electric vehicles (EVs), with the power grid. We consider the vehicle-to-grid (V2G) system where EVs are connected to the power grid through an `aggregator' In this paper, we propose a novel Cyber-Physical Anomaly Detection Engine that monitors system behavior and detects anomalies almost instantaneously (worst case inspection time for a packet is 0.165 seconds1). This detection engine ensures that the critical power grid component (viz., aggregator) remains secure by monitoring (a) cyber messages for various state changes and data constraints along with (b) power data on the V2G cyber network using power measurements from sensors on the physical/power distribution network. Since the V2G system is time-sensitive, the anomaly detection engine also monitors the timing requirements of the protocol messages to enhance the safety of the aggregator. To the best of our knowledge, this is the first piece of work that combines (a) the EV charging/discharging protocols, the (b) cyber network and (c) power measurements from physical network to detect intrusions in the EV to power grid system.1Minimum latency on V2G network is 2 seconds.
2019-11-19
Wang, Jiye, Sun, Yuyan, Miao, Siwei, Shi, Zhiqiang, Sun, Limin.  2018.  Vulnerability and Protocol Association of Device Firmware in Power Grid. 2018 Electrical Power, Electronics, Communications, Controls and Informatics Seminar (EECCIS). :259-263.

The intelligent power grid is composed of a large number of industrial control equipment, and most of the industrial control equipment has security holes, which are vulnerable to malicious attacks and affect the normal operation of the power grid. By analyzing the security vulnerability of the firmware of industrial control equipment, the vulnerability can be detected in advance and the power grid's ability to resist attack can be improved. In this paper, a kind of industrial control device firmware protocol vulnerabilities associated technology, through the technology of information extraction from the mass grid device firmware device attributes and extract the industrial control system, the characteristics of the construction of industrial control system device firmware and published vulnerability information correlation, faster in the industrial control equipment safety inspection found vulnerabilities.

2019-11-04
Sallam, Asmaa, Bertino, Elisa.  2018.  Detection of Temporal Data Ex-Filtration Threats to Relational Databases. 2018 IEEE 4th International Conference on Collaboration and Internet Computing (CIC). :146–155.
According to recent reports, the most common insider threats to systems are unauthorized access to or use of corporate information and exposure of sensitive data. While anomaly detection techniques have proved to be effective in the detection of early signs of data theft, these techniques are not able to detect sophisticated data misuse scenarios in which malicious insiders seek to aggregate knowledge by executing and combining the results of several queries. We thus need techniques that are able to track users' actions across time to detect correlated ones that collectively flag anomalies. In this paper, we propose such techniques for the detection of anomalous accesses to relational databases. Our approach is to monitor users' queries, sequences of queries and sessions of database connection to detect queries that retrieve amounts of data larger than the normal. Our evaluation of the proposed techniques indicates that they are very effective in the detection of anomalies.