Biblio

The rapidly increasing malware threats must be coped with new effective malware detection methodologies. Current malware threats are not limited to daily personal transactions but dowelled deeply within large enterprises and organizations. This paper introduces a new methodology for detecting and discriminating malicious versus normal applications. In this paper, we employed Ant-colony optimization to generate two behavioural graphs that characterize the difference in the execution behavior between malware and normal applications. Our proposed approach relied on the API call sequence generated when an application is executed. We used the API calls as one of the most widely used malware dynamic analysis features. Our proposed method showed distinctive behavioral differences between malicious and non-malicious applications. Our experimental results showed a comparative performance compared to other machine learning methods. Therefore, we can employ our method as an efficient technique in capturing malicious applications.

The Internet of Vehicles (IoV) has a tremendous prospect for numerous vehicular applications. IoV enables vehicles to transmit data to improve roadway safety and efficiency. Data security is essential for increasing the security and privacy of vehicle and roadway infrastructures in IoV systems. Several researchers proposed numerous solutions to address security and privacy issues in IoV systems. However, these issues are not proper solutions that lack data authentication and verification protocols. In this paper, a blockchain-enabled automated data management system for vehicles has been proposed and demonstrated. This work enables automated data verification and authentication using smart contracts. Certified organizations can only access vehicle data uploaded by the vehicle user to the Interplanetary File System (IPFS) server through that vehicle user’s consent. The proposed system increases the security of vehicles and data. Vehicle privacy is also maintained here by increasing data privacy.

The goals, objectives and criteria of the effectiveness of the creation, maintenance and use of the Digital Information Fund of Intellectual Property (DIFIP) are considered. A formalized methodology is proposed for designing DIFIPs, increasing its efficiency and quality, based on a set of interconnected models, methods and algorithms for analysis, synthesis and normalization distributed information management of DIFIP's structure; classification of databases users of patent and scientific and technical information; synthesis of optimal logical structures of the DIFIP database and thematic databases; assessing the quality of the database and ensuring the required level of data security.

In Production System Engineering (PSE), domain experts from different disciplines reuse assets such as products, production processes, and resources. Therefore, PSE organizations aim at establishing reuse across engineering disciplines. However, the coordination of multi-disciplinary reuse tasks, e.g., the re-validation of related assets after changes, is hampered by the coarse-grained representation of tasks and by scattered, heterogeneous domain knowledge. This paper introduces the Multi-disciplinary Reuse Coordination (MRC) artifact to improve task management for multi-disciplinary reuse. For assets and their properties, the MRC artifact describes sub-tasks with progress and result states to provide references for detailed reuse task management across engineering disciplines. In a feasibility study on a typical robot cell in automotive manufacturing, we investigate the effectiveness of task management with the MRC artifact compared to traditional approaches. Results indicate that the MRC artifact is feasible and provides effective capabilities for coordinating multi-disciplinary re-validation after changes.

A malicious insider threat is more vulnerable to an organization. It is necessary to detect the malicious insider because of its huge impact to an organization. The occurrence of a malicious insider threat is less but quite destructive. So, the major focus of this paper is to detect the malicious insider threat in an organization. The traditional insider threat detection algorithm is not suitable for real time insider threat detection. A supervised learning-based anomaly detection technique is used to classify, predict and detect the malicious and non-malicious activity based on highest level of anomaly score. In this paper, a framework is proposed to detect the malicious insider threat using supervised learning-based anomaly detection. It is used to detect the malicious insider threat activity using One-Class Support Vector Machine (OCSVM). The experimental results shows that the proposed framework using OCSVM performs well and detects the malicious insider who obtain huge anomaly score than a normal user.

This paper discusses the outcome of combining insider threat agent taxonomies with the aim of enhancing insider threat detection. The objectives sought to explore taxonomy combinations and investigate threat sophistication from the taxonomy combinations. Investigations revealed the plausibility of combining the various taxonomy categories to derive a new taxonomy. An observation on category combinations yielded the introduction of the concept of a threat path. The proposed taxonomy tree consisted of more than a million threat-paths obtained using a formula from combinatorics analysis. The taxonomy category combinations thus increase the insider threat landscape and hence the gap between insider threat agent sophistication and countermeasures. On the defensive side, knowledge of insider threat agent taxonomy category combinations has the potential to enhance defensive countermeasure tactics, techniques and procedures, thus increasing the chances of insider threat detection.

Identity Management Systems (IdMS) have seemingly evolved in recent years, both in terms of modelling approach and in terms of used technology. The early centralized, later federated and user-centric Identity Management (IdM) was finally replaced by Self-Sovereign Identity (SSI). Solutions based on Distributed Ledger Technology (DLT) appeared, with prominent examples of uPort, Sovrin or ShoCard. In effect, users got more freedom in creation and management of their identities. IdM systems became more distributed, too. However, in the area of interoperability, dynamic and ad-hoc identity management there has been almost no significant progress. Quest for the best IdM system which will be used by all entities and organizations is deemed to fail. The environment of IdM systems is, and in the near future will still be, heterogenous. Therefore a person will have to manage her or his identities in multiple IdM systems. In this article authors argument that future-proof IdM systems should be able to interoperate with each other dynamically, i.e. be able to discover existence of different identities of a person across multiple IdM systems, dynamically build trust relations and be able to translate identity assertions and claims across various IdM domains. Finally, authors introduce identity relationship model and corresponding identity discovery algorithm, propose IdMS-agnostic identity discovery service design and its implementation with use of Ethereum and Smart Contracts.

From the past few years cloud services are so popular and are being used by many people from various domains for various purposes such as data storage, e-mails, backing up data and much more. While there were many options to perform such things why did people choose cloud? The answer is clouds are more flexible, convenient, reliable and efficient. Coming to security of data over cloud, it is secure to store data over cloud rather than storing data locally as there is chance of some computer breakdown or any natural disaster may also occur. There are also many threats for data security over cloud namely data breaching, lack of access-key management and much more. As the data has been processed and being stored online for various purposes, there is a clear requirement for data security. Many organizations face various challenges while storing their data over cloud such as data leakages, account hijacking, insufficient credentials and so on. So to overcome these challenges and safeguard the data, various encryption techniques were implemented. However, even though encryption is used, the data still needs to be decrypted in order to do any type of operation. As a result, we must choose a manner in which the data can be analyzed, searched for, or used in any other way without needing to be decoded. So, the objective is to introduce a technique that goes right for the above conditions mentioned and for data security over cloud.

One of the most challenging issues facing Internet of Medical Things (IoMT) cyber defense is the complexity of their ecosystem coupled with the development of cyber-attacks. Medical equipments lack built-in security and are increasingly becoming connected. Moving beyond traditional security solutions becomes a necessity to protect patients and organizations. In order to effectively deal with the security risks of networked medical devices in such a complex and heterogeneous system, we need to measure security risks and prioritize mitigation actions. In this context, we propose a Fuzzy AHP-based method to assess security attributes of connected medical devices and compare different device models against a selected profile with regards to the user requirements. The proposal aims to empower user security awareness to make well-educated decisions.

Over the years, false news has polluted the online media landscape across the world. In this “post-truth” era, the narratives created by false news have now come into fruition through dismantled democracies, disbelief in science, and hyper-polarized societies. Despite increased efforts in fact-checking & labeling, strengthening detection systems, de-platforming powerful users, promoting media literacy and awareness of the issue, false news continues to be spread exponentially. This study models the behaviors of both the victims of false news and the platform in which it is spread— through the system dynamics methodology. The model was used to develop a policy design by evaluating existing and proposed solutions. The results recommended actively countering confirmation bias, restructuring social networking sites’ recommendation algorithms, and increasing public trust in news organizations.

Artificial intelligence (AI) has been successfully employed in industries for decades, beginning with the invention of expert systems in the 1960s and continuing through the present ubiquity of deep learning. Data-driven AI solutions have grown increasingly common as a means of supporting ever-more complicated industrial processes owing to the accessibility of affordable computer and storage infrastructure. Despite recent optimism, implementing AI to smart industrial applications still offers major difficulties. The present paper gives an executive summary of AI methodologies with an emphasis on deep learning before detailing unresolved issues in AI safety, data privacy, and data quality — all of which are necessary for completely automated commercial AI systems.

Cloud Computing revolutionize the usage of Internet of Things enabled devices integrated via Internet. Providing everything in an outsourced fashion, Cloud also lends infrastructures such as storage. Though cloud makes it easy for us to store and access the data faster and easier, yet there exist various security and privacy risks. Such issues if not handled may become more threatening as it could even disclose the privacy of an individual/ organization. Strengthening the security of data is need of the hour. The work proposes a novel architecture enhancing the security of Cloud data in an IoT integrated environment. In order to enhance the security, systematic use of a modified hybrid mechanism based on DNA code and Elliptic Curve Cryptography along with Third Party Audit is proposed. The performance of the proposed mechanism has been analysed. The results ensures that proposed IoT Cloud architecture performs better while providing strong security which is the major aspect of the work.

Current intrusion detection techniques cannot keep up with the increasing amount and complexity of cyber attacks. In fact, most of the traffic is encrypted and does not allow to apply deep packet inspection approaches. In recent years, Machine Learning techniques have been proposed for post-mortem detection of network attacks, and many datasets have been shared by research groups and organizations for training and validation. Differently from the vast related literature, in this paper we propose an early classification approach conducted on CSE-CIC-IDS2018 dataset, which contains both benign and malicious traffic, for the detection of malicious attacks before they could damage an organization. To this aim, we investigated a different set of features, and the sensitivity of performance of five classification algorithms to the number of observed packets. Results show that ML approaches relying on ten packets provide satisfactory results.

In recent years, new types of cyber attacks called targeted attacks have been observed. It targets specific organizations or individuals, while usual large-scale attacks do not focus on specific targets. Organizations have published many Word or PDF files on their websites. These files may provide the starting point for targeted attacks if they include hidden data unintentionally generated in the authoring process. Adhatarao and Lauradoux analyzed hidden data found in the PDF files published by security agencies in many countries and showed that many PDF files potentially leak information like author names, details on the information system and computer architecture. In this study, we analyze hidden data of PDF files published on the website of police agencies in Japan and compare the results with Adhatarao and Lauradoux's. We gathered 110989 PDF files. 56% of gathered PDF files contain personal names, organization names, usernames, or numbers that seem to be IDs within the organizations. 96% of PDF files contain software names.

Cyber-Physical Systems (CPS) are complex systems of computational, physical, and human components integrated to achieve some function over one or more networks. The use of distributed simulation, or co-simulation, is one method often used to analyze the behavior and properties of these systems. High-Level Architecture (HLA) is an IEEE co-simulation standard that supports the development and orchestration of distributed simulations. However, a simple HLA federation constructed with the component simulations (i.e., federates) does not satisfy several requirements that arise in real-world use cases such as the shared use of limited physical and computational resources, the need to selectively hide information from participating federates, the creation of reusable federates and federations for supporting configurable shared services, achieving performant distributed simulations, organizing federations across different model types or application concerns, and coordinating federations across organizations with different information technology policies. This paper describes these core requirements that necessitate the use of multiple HLA federations and presents various mechanisms for constructing such integrated HLA federations. An example use case is implemented using a model-based rapid simulation integration framework called the Universal CPS Environment for Federation (UCEF) to illustrate these requirements and demonstrate techniques for integrating multiple HLA federations.

Information security construction is a social issue, and the most urgent task is to do an excellent job in information risk assessment. The bayesian neural network currently plays a vital role in enterprise information security risk assessment, which overcomes the subjective defects of traditional assessment results and operates efficiently. The risk quantification method based on fuzzy theory and Bayesian regularization BP neural network mainly uses fuzzy theory to process the original data and uses the processed data as the input value of the neural network, which can effectively reduce the ambiguity of language description. At the same time, special neural network training is carried out for the confusion that the neural network is easy to fall into the optimal local problem. Finally, the risk is verified and quantified through experimental simulation. This paper mainly discusses the problem of enterprise information security risk assessment based on a Bayesian neural network, hoping to provide strong technical support for enterprises and organizations to carry out risk rectification plans. Therefore, the above method provides a new information security risk assessment idea.

The ever-evolving capabilities of cyber attackers force security administrators to focus on the early identification of emerging threats. Targeted cyber attacks usually consist of several phases, from initial reconnaissance of the network environment to final impact on objectives. This paper investigates the identification of multi-step cyber threat scenarios using kill chain and attack graphs. Kill chain and attack graphs are threat modeling concepts that enable determining weak security defense points. We propose a novel kill chain attack graph that merges kill chain and attack graphs together. This approach determines possible chains of attacker’s actions and their materialization within the protected network. The graph generation uses a categorization of threats according to violated security properties. The graph allows determining the kill chain phase the administrator should focus on and applicable countermeasures to mitigate possible cyber threats. We implemented the proposed approach for a predefined range of cyber threats, especially vulnerability exploitation and network threats. The approach was validated on a real-world use case. Publicly available implementation contains a proof-of-concept kill chain attack graph generator.

Software supply chain attacks occur during the processes of producing software is compromised, resulting in vulnerabilities that target downstream customers. While the number of successful exploits is limited, the impact of these attacks is significant. Despite increased awareness and research into software supply chain attacks, there is limited information available on mitigating or architecting for these risks, and existing information is focused on singular and independent elements of the supply chain. In this paper, we extensively review software supply chain security using software development tools and infrastructure. We investigate the path that attackers find is least resistant followed by adapting and finding the next best way to complete an attack. We also provide a thorough discussion on how common software supply chain attacks can be prevented, preventing malicious hackers from gaining access to an organization's development tools and infrastructure including the development environment. We considered various SSC attacks on stolen code-sign certificates by malicious attackers and prevented unnoticed malware from passing by security scanners. We are aiming to extend our research to contribute to preventing software supply chain attacks by proposing novel techniques and frameworks.

Today, social communication through the Internet has become more popular and has become a crucial part of our daily life. Naturally, sending and receiving various data through the Internet has also grown a lot. Keeping important data secure in transit has become a challenge for individuals and even organizations. Therefore, the trinity of confidentiality, integrity, and availability will be essential, and encryption will definitely be one of the best solutions to this problem. Of course, for image data, it will not be possible to use conventional encryption methods for various reasons, such as the redundancy of image data, the strong correlation of adj acent pixels, and the large volume of image data. Therefore, special methods were developed for image encryption. Among the prevalent methods for image encryption is the use of DNA sequences as well as chaos signals. In this paper, a cycling 3D chaotic map and DNA sequences are used to present a new method for color image encryption. Several experimental analyses were performed on the proposed method, and the results proved that the presented method is secure and efficient.

Since data security is an important branch of the wide concept of security, using simple and interpretable data security methods is deemed necessary. A considerable volume of data that is transferred through the internet is in the form of image. Therefore, several methods have focused on encrypting and decrypting images but some of the conventional algorithms are complex and time consuming. On the other hand, denial method or steganography has attracted the researchers' attention leading to more security for transferring images. This is because attackers are not aware of encryption on images and therefore they do not try to decrypt them. Here, one of the most effective and simplest operators (XOR) is employed. The received shares in destination only with XOR operation can recover original images. Users are not necessary to be familiar with computer programing, data coding and the execution time is lesser compared to chaos-based methods or coding table. Nevertheless, for designing the key when we have messy images, we use chaotic functions. Here, in addition to use the XOR operation, eliminating the pixel expansion and meaningfulness of the shared images is of interest. This method is simple and efficient and use both encryption and steganography; therefore, it can guarantee the security of transferred images.

Requirement Elicitation is a key phase in software development. The fundamental goal of security requirement elicitation is to gather appropriate security needs and policies from stakeholders or organizations. The majority of systems fail due to incorrect elicitation procedures, affecting development time and cost. Security requirement elicitation is a major activity of requirement engineering that requires the attention of developers and other stakeholders. To produce quality requirements during software development, the authors suggested a methodology for effective requirement elicitation. Many challenges surround requirement engineering. These concerns can be connected to scope, preconceptions in requirements, etc. Other difficulties include user confusion over technological specifics, leading to confusing system aims. They also don't realize that the requirements are dynamic and prone to change. To protect the privacy of medical images, the proposed image cryptosystem uses a CCM-generated chaotic key series to confuse and diffuse them. A hexadecimal pre-processing technique is used to increase the security of color images utilising a hyper chaos-based image cryptosystem. Finally, a double-layered security system for biometric photos is built employing chaos and DNA cryptography.

Data security is a vast term that doesn’t have any limits, but there are a certain amount of tools and techniques that could help in gaining security. Honeypot is among one of the tools that are designated and designed to protect the security of a network but in a very dissimilar manner. It is a system that is designed and developed to be compromised and exploited. Honeypots are meant to lure the invaders, but due to advancements in computing systems parallelly, the intruding technologies are also attaining their gigantic influence. In this research work, an approach involving apache-spark (a Big Data Technique) would be introduced in order to use it with the Honeypot System. This work includes an extensive study based on several research papers, through which elaborated experiment-based result has been expressed on the best known open-source honeypot systems. The preeminent possible method of using The Honeypot with apache spark in the sequential channel would also be proposed with the help of a framework diagram.

To detect human behaviour and measure accuracy of classification rate. Materials and Methods: A novel deep belief network with sample size 10 and support vector machine with sample size of 10. It was iterated at different times predicting the accuracy percentage of human behaviour. Results: Human behaviour detection utilizing novel deep belief network 87.9% accuracy compared with support vector machine 87.0% accuracy. Deep belief networks seem to perform essentially better compared to support vector machines \$(\textbackslashmathrmp=0.55)(\textbackslashtextPiˆ0.05)\$. The deep belief algorithm in computer vision appears to perform significantly better than the support vector machine algorithm. Conclusion: Within this human behaviour detection novel deep belief network has more precision than support vector machine.

In this paper, we proposed a data security model of a big data analytical environment in the financial sector. Big Data can be seen as a trend in the advancement of technology that has opened the door to a new approach to understanding and decision making that is used to describe the vast amount of data (structured, unstructured and semi-structured) that is too time consuming and costly to load a relational database for analysis. The increase in cybercriminal attacks on an organization’s assets results in organizations beginning to invest in and care more about their cybersecurity points and controls. The management of business-critical data is an important point for which robust cybersecurity controls should be considered. The proposed model is applied in a datalake and allows the identification of security gaps on an analytical repository, a cybersecurity risk analysis, design of security components and an assessment of inherent risks on high criticality data in a repository of a regulated financial institution. The proposal was validated in financial entities in Lima, Peru. Proofs of concept of the model were carried out to measure the level of maturity focused on: leadership and commitment, risk management, protection control, event detection and risk management. Preliminary results allowed placing the entities in level 3 of the model, knowing their greatest weaknesses, strengths and how these can affect the fulfillment of business objectives.

There is an increase in interest and necessity for an interoperable and efficient railway network across Europe, creating a key distribution problem between train and trackside entities’ key management centres (KMC). Train and trackside entities establish a secure session using symmetric keys (KMAC) loaded beforehand by their respective KMC using procedures that are not scalable and prone to operational mistakes. A single system would simplify the KMAC distribution between KMCs; nevertheless, it is difficult to place the responsibility for such a system for the whole European area within one central organization. A single system could also expose relationships between KMCs, revealing information, such as plans to use an alternative route or serve a new region, jeopardizing competitive advantage. This paper proposes a scalable and decentralised key management system that allows KMC to share cryptographic keys using transactions while keeping relationships anonymous. Using non-interactive proofs of knowledge and assigning each entity a private and public key, private key owners can issue valid transactions while all system actors can validate them. Our performance analysis shows that the proposed system is scalable when a proof of concept is implemented with settings close to the expected railway landscape in 2030.