Biblio

Due to the rise of the internet a business model known as online advertising has seen unprecedented success. However, it has also become a prime method through which criminals can scam people. Often times even legitimate websites contain advertisements that are linked to scam websites since they are not verified by the website’s owners. Scammers have become quite creative with their attacks, using various unorthodox and inconspicuous methods such as I-frames, Favicons, Proxy servers, Domains, etc. Many modern Anti-viruses are paid services and hence not a feasible option for most users in 3rd world countries. Often people don’t possess devices that have enough RAM to even run such software efficiently leaving them without any options. This project aims to create a Browser extension that will be able to distinguish between safe and unsafe websites by utilizing Machine Learning algorithms. This system is lightweight and free thus fulfilling the needs of most people looking for a cheap and reliable security solution and allowing people to surf the internet easily and safely. The system will scan all the intermittent URL clicks as well, not just the main website thus providing an even greater degree of security.

In the world of information technology and the Internet, which has become a part of human life today and is constantly expanding, Attention to the users' requirements such as information security, fast processing, dynamic and instant access, and costs savings has become essential. The solution that is proposed for such problems today is a technology that is called cloud computing. Today, cloud computing is considered one of the most essential distributed tools for processing and storing data on the Internet. With the increasing using this tool, the need to schedule tasks to make the best use of resources and respond appropriately to requests has received much attention, and in this regard, many efforts have been made and are being made. To this purpose, various algorithms have been proposed to calculate resource allocation, each of which has tried to solve equitable distribution challenges while using maximum resources. One of these calculation methods is the DRF algorithm. Although it offers a better approach than previous algorithms, it faces challenges, especially with time-consuming resource allocation computing. These challenges make the use of DRF more complex than ever in the low number of requests with high resource capacity as well as the high number of simultaneous requests. This study tried to reduce the computations costs associated with the DRF algorithm for resource allocation by introducing a new approach to using this DRF algorithm to automate calculations by machine learning and artificial intelligence algorithms (Autonomic Dominant Resource Fairness or A-DRF).

Industry 4.0 is the latest industrial revolution primarily merging automation with advanced manufacturing to reduce direct human effort and resources. Predictive maintenance (PdM) is an industry 4.0 solution, which facilitates predicting faults in a component or a system powered by state-of-the- art machine learning (ML) algorithms (especially deep learning algorithms) and the Internet-of-Things (IoT) sensors. However, IoT sensors and deep learning (DL) algorithms, both are known for their vulnerabilities to cyber-attacks. In the context of PdM systems, such attacks can have catastrophic consequences as they are hard to detect due to the nature of the attack. To date, the majority of the published literature focuses on the accuracy of DL enabled PdM systems and often ignores the effect of such attacks. In this paper, we demonstrate the effect of IoT sensor attacks (in the form of false data injection attack) on a PdM system. At first, we use three state-of-the-art DL algorithms, specifically, Long Short-Term Memory (LSTM), Gated Recurrent Unit (GRU), and Convolutional Neural Network (CNN) for predicting the Remaining Useful Life (RUL) of a turbofan engine using NASA's C-MAPSS dataset. The obtained results show that the GRU-based PdM model outperforms some of the recent literature on RUL prediction using the C-MAPSS dataset. Afterward, we model and apply two different types of false data injection attacks (FDIA), specifically, continuous and interim FDIAs on turbofan engine sensor data and evaluate their impact on CNN, LSTM, and GRU-based PdM systems. The obtained results demonstrate that FDI attacks on even a few IoT sensors can strongly defect the RUL prediction in all cases. However, the GRU-based PdM model performs better in terms of accuracy and resiliency to FDIA. Lastly, we perform a study on the GRU-based PdM model using four different GRU networks with different sequence lengths. Our experiments reveal an interesting relationship between the accuracy, resiliency and sequence length for the GRU-based PdM models.

With the rapid development of the internet of things and cloud computing, users can instantly transmit a large amount of data to various fields, with the development of communication technology providing convenience for people's life, information security is becoming more and more important. Therefore, it is of great significance to study the technology of image hiding information detection. This paper mainly uses the support vector machine learning algorithm to detect the hidden information of the image, based on a standard image library, randomly selecting images for embedding secret information. According to the bit-plane correlation and the gradient energy change of a single bit-plane after encryption of an image LSB matching algorithm, gradient energy change is selected as characteristic change, and the gradient energy change is innovatively applied to a support vector machine classifier algorithm, and has very good detection effect and good stability on the dense image with the embedding rate of more than 40 percent.

Spear phishing emails target to specific individual or organization, they are more elaborated, targeted, and harmful than phishing emails. The attackers usually harvest information about the recipient in any available ways, then create a carefully camouflaged email and lure the recipient to perform dangerous actions. In this paper we present a new effective approach to detect spear phishing emails based on machine learning. Firstly we extracted 21 Stylometric features from email, 3 forwarding features from Email Forwarding Relationship Graph Database(EFRGD), and 3 reputation features from two third-party threat intelligence platforms, Virus Total(VT) and Phish Tank(PT). Then we made an improvement on Synthetic Minority Oversampling Technique(SMOTE) algorithm named KM-SMOTE to reduce the impact of unbalanced data. Finally we applied 4 machine learning algorithms to distinguish spear phishing emails from non-spear phishing emails. Our dataset consists of 417 spear phishing emails and 13916 non-spear phishing emails. We were able to achieve a maximum recall of 95.56%, precision of 98.85% and 97.16% of F1-score with the help of forwarding features, reputation features and KM-SMOTE algorithm.

Phishing URL is a type of cyberattack, based on falsified URLs. The number of phishing URL attacks continues to increase despite cybersecurity efforts. According to the Anti-Phishing Working Group (APWG), the number of phishing websites observed in 2020 is 1 520 832, doubling over the course of a year. Various algorithms, techniques and methods can be used to build models for phishing URL detection and classification. From our reading, we observed that Machine Learning (ML) is one of the recent approaches used to detect and classify phishing URL in an efficient and proactive way. In this paper, we evaluate eleven of the most adopted ML algorithms such as Decision Tree (DT), Nearest Neighbours (KNN), Gradient Boosting (GB), Logistic Regression (LR), Naïve Bayes (NB), Random Forest (RF), Support Vector Machines (SVM), Neural Network (NN), Ex-tra\_Tree (ET), Ada\_Boost (AB) and Bagging (B). To do that, we compute detection accuracy metric for each algorithm and we use lexical analysis to extract the URL features.

With an increasing number of adversarial attacks against Industrial Control Systems (ICS) networks, enhancing the security of such systems is invaluable. Although attack prevention strategies are often in place, protecting against all attacks, especially zero-day attacks, is becoming impossible. Intrusion Detection Systems (IDS) are needed to detect such attacks promptly. Machine learning-based detection systems, especially deep learning algorithms, have shown promising results and outperformed other approaches. In this paper, we study the efficacy of a deep learning approach, namely, Multi Layer Perceptron (MLP), in detecting abnormal behaviors in ICS network traffic. We focus on very common reconnaissance attacks in ICS networks. In such attacks, the adversary focuses on gathering information about the targeted network. To evaluate our approach, we compare MLP with isolation Forest (i Forest), a statistical machine learning approach. Our proposed deep learning approach achieves an accuracy of more than 99% while i Forest achieves only 75%. This helps to reinforce the promise of using deep learning techniques for anomaly detection.

Industrial Control Systems (ICSs) are used in several domains such as Transportation, Manufacturing, Defense and Power Generation and Distribution. ICSs deal with complex physical systems in order to achieve an industrial purpose with operational safety. Security has not been taken into account by design in these systems that makes them vulnerable to cyberattacks.In this paper, we rely on existing public ICS datasets as well as on the existing literature of Machine Learning (ML) applications for anomaly detection in ICSs in order to improve detection scores. To perform this purpose, we propose a systematic framework, relying on established ML algorithms and suitable data preprocessing methods, which allows us to quickly get efficient, and surprisingly, better results than the literature. Finally, some recommendations for future public ICS dataset generations end this paper, which would be fruitful for improving future attack detection models and then protect new ICSs designed in the next future.

The advent of IoT edge devices has enabled the collection of rich datasets, as part of Mobile Crowd Sensing (MCS), which has emerged as a key enabler for a wide gamut of safety-critical applications ranging from traffic control, environmental monitoring to assistive healthcare. Despite the clear advantages that such unprecedented quantity of data brings forth, it is also subject to inherent data trustworthiness challenges due to factors such as malevolent input and faulty sensors. Compounding this issue, there has been a plethora of proposed solutions, based on the use of traditional machine learning algorithms, towards assessing and sifting faulty data without any assumption on the trustworthiness of their source. However, there are still a number of open issues: how to cope with the presence of strong, colluding adversaries while at the same time efficiently managing this high influx of incoming user data. In this work, we meet these challenges by proposing the hybrid use of Deep Learning schemes (i.e., LSTMs) and conventional Machine Learning classifiers (i.e. One-Class Classifiers) for detecting and filtering out false data points. We provide a prototype implementation coupled with a detailed performance evaluation under various (attack) scenarios, employing both real and synthetic datasets. Our results showcase how the proposed solution outperforms various existing resilient aggregation and outlier detection schemes.

Differential privacy enables general statistical analysis of data with formal guarantees of privacy protection at the individual level. Tools that assist data analysts with utilizing differential privacy have frequently taken the form of programming languages and libraries. However, many existing programming languages designed for compositional verification of differential privacy impose significant burden on the programmer (in the form of complex type annotations). Supplementary library support for privacy analysis built on top of existing general-purpose languages has been more usable, but incapable of pervasive end-to-end enforcement of sensitivity analysis and privacy composition. We introduce DDuo, a dynamic analysis for enforcing differential privacy. DDuo is usable by non-experts: its analysis is automatic and it requires no additional type annotations. DDuo can be implemented as a library for existing programming languages; we present a reference implementation in Python which features moderate runtime overheads on realistic workloads. We include support for several data types, distance metrics and operations which are commonly used in modern machine learning programs. We also provide initial support for tracking the sensitivity of data transformations in popular Python libraries for data analysis. We formalize the novel core of the DDuo system and prove it sound for sensitivity analysis via a logical relation for metric preservation. We also illustrate DDuo's usability and flexibility through various case studies which implement state-of-the-art machine learning algorithms.

Social bots are computer algorithms able to produce content and interact with other users on social media autonomously, trying to emulate and possibly influence humans’ behavior. Indeed, bots are largely employed for malicious purposes, like spreading disinformation and conditioning electoral campaigns. Nowadays, bots’ capability of emulating human behaviors has become increasingly sophisticated, making their detection harder. In this paper, we aim at recognizing bot-driven accounts by evaluating the consistency of users’ writing style over time. In particular, we leverage the intuition that while bots compose posts according to fairly deterministic processes, humans are influenced by subjective factors (e.g., emotions) that can alter their writing style. To verify this assumption, by using stylistic consistency indicators, we characterize the writing style of more than 12,000 among bot-driven and human-operated Twitter accounts and find that statistically significant differences can be observed between the different types of users. Thus, we evaluate the effectiveness of different machine learning (ML) algorithms based on stylistic consistency features in discerning between human-operated and bot-driven Twitter accounts and show that the experimented ML algorithms can achieve high performance (i.e., F-measure values up to 98%) in social bot detection tasks.

This paper argues that the security management of the robot supply chain would preferably focus on Sino-US relations and technical bottlenecks based on a comprehensive security analysis through open-source intelligence and data mining of associated discourses. Through the lens of the newsboy model and game theory, this study reconstructs the risk appraisal model of the robot supply chain and rebalances the process of the Sino-US competition game, leading to the prediction of China's strategic movements under the supply risks. Ultimately, this paper offers a threefold suggestion: increasing the overall revenue through cost control and scaled expansion, resilience enhancement and risk prevention, and outreach of a third party's cooperation for confrontation capabilities reinforcement.

The CAN (Controller Area Network) bus, which transmits and receives ECU control information in vehicle, has a critical risk of external intrusion because there is no standardized security system. Recently, the need for IDS (Intrusion Detection System) to detect external intrusion of CAN bus is increasing, and high accuracy and real-time processing for intrusion detection are required. In this paper, we propose Hybrid MR (Machine learning and Ruleset) -IDS based on machine learning and ruleset to improve IDS performance. For high accuracy and detection rate, feature engineering was conducted based on the characteristics of the CAN bus, and the generated features were used in detection step. The proposed Hybrid MR-IDS can cope to various attack patterns that have not been learned in previous, as well as the learned attack patterns by using both advantages of rule set and machine learning. In addition, by collecting CAN data from an actual vehicle in driving and stop state, five attack scenarios including physical effects during all driving cycle are generated. Finally, the Hybrid MR-IDS proposed in this paper shows an average of 99% performance based on F1-score.

Phasor measurement units (PMUs) are used in power grids across North America to measure the amplitude, phase, and frequency of an alternating voltage or current. PMU's use the IEEE C37.118 protocol to send telemetry to phasor data collectors (PDC) and human machine interface (HMI) workstations in a control center. However, the C37.118 protocol utilizes the internet protocol stack without any authentication mechanism. This means that the protocol is vulnerable to false data injection (FDI) and false command injection (FCI). In order to study different scenarios in which C37.118 protocol's integrity and confidentiality can be compromised, we created a testbed that emulates a C37.118 communication network. In this testbed we conduct FCI and FDI attacks on real-time C37.118 data packets using a packet manipulation tool called Scapy. Using this platform, we generated C37.118 FCI and FDI datasets which are processed by multi-label machine learning classifier algorithms, such as Decision Tree (DT), k-Nearest Neighbor (kNN), and Naive Bayes (NB), to find out how effective machine learning can be at detecting such attacks. Our results show that the DT classifier had the best precision and recall rate.

The data revolution will continue in the near future and move from centralized big data to "small" datasets. This trend stimulates the emergence not only new machine learning methods but algorithms for processing data at the point of their origin. So the Compressed Sensing Problem must be investigated in some technology fields that produce the data flow for decision making in real time. In the paper, we compare the random and constant frequency deviation and highlight some circumstances where advantages of the random deviation become more obvious. Also, we propose to use the differential transformations aimed to restore a signal form by discrets of the differential spectrum of the received signal. In some cases for the investigated model, this approach has an advantage in the compress of information.

Machine learning algorithms are becoming more and more widespread in industrial as well as in societal settings. This diffusion is starting to become a critical aspect of new software-intensive applications due to the need of fast reactions to changes, even if temporary, in data. This paper investigates on the improvement of reliability in the Machine Learning based classification by extending Random Forests with Bayesian Network models. Such models, combined with a mechanism able to adjust the reputation level of single learners, may improve the overall classification trustworthiness. A small example taken from the healthcare domain is presented to demonstrate the proposed approach.

The paper describes a methodology for assessing non-functional requirements, such as trust characteristics for applications running on computationally constrained devices in the Internet of Things. The methodology is demonstrated through an example of a microcontroller-based temperature monitoring system. The concepts of trust and trustworthiness for software and devices of the Internet of Things are complex characteristics for describing the correct and secure operation of such systems and include aspects of operational and information security, reliability, resilience and privacy. Machine learning models, which are increasingly often used for such tasks in recent years, are resource-consuming software implementations. The paper proposes to use a logic circuit model to implement the above algorithms as an additional module for computationally constrained devices for checking the trustworthiness of applications running on them. Such a module could be implemented as a hardware, for example, as an FPGA in order to achieve more effectiveness.

Large open-source systems generate and operate on a plethora of sensitive enterprise data. Thus, security threats or vulnerabilities must not be present in open-source systems and must be resolved as early as possible in the development phases to avoid catastrophic consequences. One way to recognize security vulnerabilities is to predict them while developers write code to minimize costs and resources. This study examines the effectiveness of machine learning algorithms to predict potential security vulnerabilities by analyzing the source code of a system. We obtained the security vulnerabilities dataset from Apache Tomcat security reports for version 4.x to 10.x. We also collected the source code of Apache Tomcat 4.x to 10.x to compute 43 object-oriented metrics. We assessed four traditional supervised learning algorithms, i.e., Naive Bayes (NB), Decision Tree (DT), K-Nearest Neighbors (KNN), and Logistic Regression (LR), to understand their efficacy in predicting security vulnerabilities. We obtained the highest accuracy of 80.6% using the KNN. Thus, the KNN classifier was demonstrated to be the most effective of all the models we built. The DT classifier also performed well but under-performed when it came to multi-class classification.

With the rapid increase of practical problem complexity and code scale, the threat of software security is increasingly serious. Consequently, it is crucial to pay attention to the analysis of software source code vulnerability in the development stage and take efficient measures to detect the vulnerability as soon as possible. Machine learning techniques have made remarkable achievements in various fields. However, the application of machine learning in the domain of vulnerability static analysis is still in its infancy and the characteristics and performance of diverse methods are quite different. In this survey, we focus on a source code-oriented static vulnerability analysis method using machine learning techniques. We review the studies on source code vulnerability analysis based on machine learning in the past decade. We systematically summarize the development trends and different technical characteristics in this field from the perspectives of the intermediate representation of source code and vulnerability prediction model and put forward several feasible research directions in the future according to the limitations of the current approaches.

Relational database management systems not only support larger-than-memory data processing and very advanced query optimization, but also offer the benefits of data security, privacy, and consistency. When machine learning on large data sets is processed directly on an existing SQL database server, the data does not need to be exported and transferred to a separate big data processing platform. To achieve this, we implement a linear regression algorithm using SQL code generation such that the computation can be performed server-side and directly in the RDBMs. Our method and its implementation, programmed in Python, solves linear regression (LR) using the ordinary least squares (OLS) method directly in the RDBMS using SQL code generation, leaving most of the processing in the database. Only the matrix of the system of equations, whose size is equal to the number of variables squared, is transferred from the SQL server to the Python client to be solved for OLS regression. For evaluation purposes, our LR implementation was tested with artificially generated datasets and compared to an existing Python library (Scikit Learn). We found that our implementation consistently solves OLS regression faster than Scikit Learn for datasets with more than 10,000 input rows, and if the number of columns is less than 64. Moreover, under the same test conditions where the computation is larger than memory, our implementation showed a fast result, while Scikit returned an out-of-memory error. We conclude that SQL is a promising tool for in-database processing of large-volume, low-dimensional data sets with a particular class of machine learning algorithms, namely those that can be efficiently solved with map-reduce queries such as OLS regression.

A new method for the detection of ransomware in an infected host is described and evaluated. The method utilizes data streams from on-board sensors to fingerprint the initiation of a ransomware infection. These sensor streams, which are common in modern computing systems, are used as a side channel for understanding the state of the system. It is shown that ransomware detection can be achieved in a rapid manner and that the use of slight, yet distinguishable changes in the physical state of a system as derived from a machine learning predictive model is an effective technique. A feature vector, consisting of various sensor outputs, is coupled with a detection criteria to predict the binary state of ransomware present versus normal operation. An advantage of this approach is that previously unknown or zero-day version s of ransomware are vulnerable to this detection method since no apriori knowledge of the malware characteristics are required. Experiments are carried out with a variety of different system loads and with different encryption methods used during a ransomware attack. Two test systems were utilized with one having a relatively low amount of available sensor data and the other having a relatively high amount of available sensor data. The average time for attack detection in the "sensor-rich" system was 7.79 seconds with an average Matthews correlation coefficient of 0.8905 for binary system state predictions regardless of encryption method and system load. The model flagged all attacks tested.

The number of prominent ransomware attacks has increased recently. In this research, we detect ransomware by analyzing network traffic by using machine learning algorithms and comparing their detection performances. We have developed multi-class classification models to detect families of ransomware by using the selected network traffic features, which focus on the Transmission Control Protocol (TCP). Our experiment showed that decision trees performed best for classifying ransomware families with 99.83% accuracy, which is slightly better than the random forest algorithm with 99.61% accuracy. The experimental result without feature selection classified six ransomware families with high accuracy. On the other hand, classifiers with feature selection gave nearly the same result as those without feature selection. However, using feature selection gives the advantage of lower memory usage and reduced processing time, thereby increasing speed. We discovered the following ten important features for detecting ransomware: time delta, frame length, IP length, IP destination, IP source, TCP length, TCP sequence, TCP next sequence, TCP header length, and TCP initial round trip.

At present, in the face of the huge and complex data in cloud computing, the parallel computing ability of quantum computing is particularly important. Quantum principal component analysis algorithm is used as a method of quantum state tomography. We perform feature extraction on the eigenvalue matrix of the density matrix after feature decomposition to achieve dimensionality reduction, proposed quantum principal component extraction algorithm (QPCE). Compared with the classic algorithm, this algorithm achieves an exponential speedup under certain conditions. The specific realization of the quantum circuit is given. And considering the limited computing power of the client, we propose a quantum homomorphic ciphertext dimension reduction scheme (QHEDR), the client can encrypt the quantum data and upload it to the cloud for computing. And through the quantum homomorphic encryption scheme to ensure security. After the calculation is completed, the client updates the key locally and decrypts the ciphertext result. We have implemented a quantum ciphertext dimensionality reduction scheme implemented in the quantum cloud, which does not require interaction and ensures safety. In addition, we have carried out experimental verification on the QPCE algorithm on IBM's real computing platform. Experimental results show that the algorithm can perform ciphertext dimension reduction safely and effectively.

Modern smart grid systems are heavily dependent on Information and Communication Technology, and this dependency makes them prone to cyber-attacks. The occurrence of a cyber-attack has increased in recent years resulting in substantial damage to power systems. For a reliable and stable operation, cyber protection, control, and detection techniques are becoming essential. Automated detection of cyberattacks with high accuracy is a challenge. To address this, we propose a two-layer hierarchical machine learning model having an accuracy of 95.44 % to improve the detection of cyberattacks. The first layer of the model is used to distinguish between the two modes of operation - normal state or cyberattack. The second layer is used to classify the state into different types of cyberattacks. The layered approach provides an opportunity for the model to focus its training on the targeted task of the layer, resulting in improvement in model accuracy. To validate the effectiveness of the proposed model, we compared its performance against other recent cyber attack detection models proposed in the literature.

Because of the rise of the Monroe coin, many JavaScript files with embedded malicious code are used to mine cryptocurrency using the computing power of the browser client. This kind of script does not have any obvious behaviors when it is running, so it is difficult for common users to witness them easily. This feature could lead the browser side cryptocurrency mining abused without the user’s permission. Traditional browser security strategies focus on information disclosure and malicious code execution, but not suitable for such scenes. Thus, we present a novel detection method named MineDetector using a machine learning algorithm and static features for automatically detecting browser-side cryptojacking scripts on the websites. MineDetector extracts five static feature groups available from the abstract syntax tree and text of codes and combines them using the machine learning method to build a powerful cryptojacking classifier. In the real experiment, MineDetector achieves the accuracy of 99.41% and the recall of 93.55% and has better performance in time comparing with present dynamic methods. We also made our work user-friendly by developing a browser extension that is click-to-run on the Chrome browser.