Biblio

The widespread application of industrial Internet identifiers has increased the security risks of industrial Internet and identifier resolution system. In order to improve the security capabilities of identifier resolution system, this paper analyzes the security challenges faced by identifier resolution system at this stage, and in line with the concept of layered security defense in depth, divides the security domains of identifier resolution system and proposes a multi-level security strategy based on security domains by deploying appropriate protective measures in each security domain.

Many important security informatics problems require consideration of dynamical phenomena for their solution; examples include predicting the behavior of individuals in social networks and distinguishing malicious and innocent computer network activities based on activity traces. While information theory offers powerful tools for analyzing dynamical processes, to date the application of information-theoretic methods in security domains has focused on static analyses (e.g., cryptography, natural language processing). This paper leverages information-theoretic concepts and measures to quantify the similarity of pairs of stochastic dynamical systems, and shows that this capability can be used to solve important problems which arise in security applications. We begin by presenting a concise review of the information theory required for our development, and then address two challenging tasks: 1.) characterizing the way influence propagates through social networks, and 2.) distinguishing malware from legitimate software based on the instruction sequences of the disassembled programs. In each application, case studies involving real-world datasets demonstrate that the proposed techniques outperform standard methods.

Cybersecurity community is slowly leveraging Machine Learning (ML) to combat ever evolving threats. One of the biggest drivers for successful adoption of these models is how well domain experts and users are able to understand and trust their functionality. As these black-box models are being employed to make important predictions, the demand for transparency and explainability is increasing from the stakeholders.Explanations supporting the output of ML models are crucial in cyber security, where experts require far more information from the model than a simple binary output for their analysis. Recent approaches in the literature have focused on three different areas: (a) creating and improving explainability methods which help users better understand the internal workings of ML models and their outputs; (b) attacks on interpreters in white box setting; (c) defining the exact properties and metrics of the explanations generated by models. However, they have not covered, the security properties and threat models relevant to cybersecurity domain, and attacks on explainable models in black box settings.In this paper, we bridge this gap by proposing a taxonomy for Explainable Artificial Intelligence (XAI) methods, covering various security properties and threat models relevant to cyber security domain. We design a novel black box attack for analyzing the consistency, correctness and confidence security properties of gradient based XAI methods. We validate our proposed system on 3 security-relevant data-sets and models, and demonstrate that the method achieves attacker's goal of misleading both the classifier and explanation report and, only explainability method without affecting the classifier output. Our evaluation of the proposed approach shows promising results and can help in designing secure and robust XAI methods.

Nowadays interest in IoT solutions is growing. A significant barrier to the use of these solutions in military applications is to ensure the security of data transmission and authentication of data sources and recipients of the data. Developing an efficient solution to these problems requires finding a compromise between the facts that the sensors often are mobile, use wireless communication, usually have the small processing power and have little energy resources. The article presents the security domain designated for cooperating mobile sensor nodes. The domain has the following features: the strong authentication of each domain member, cryptographic protection of data exchange in the data link layer and protection of data stored in the sensor node resources. The domain is also prepared to perform diagnostic procedures and to exchange sensory data with other domains securely. At each node, the Trusted Platform Module (TPM) is used to support these procedures.

For multiple embedded computers working together, the functional failure resulting from the underlying hardware or system crash will cause a sudden abort of applications. Different types of applications may have security requirements for data isolation and access control. Therefore, we propose a scheme to implement multi-level security domain dynamic management oriented embedded computers based on MILS architecture. Firstly, the scheme builds local security policy items and access control lists according to type, function and security level. After that, security domain of all applications is constructed to achieve the safety purpose that applications can perform migration cross partitions and cross platforms. Our experiments and analysis show that the proposed scheme is feasible and correct.

Despite widespread use of commercial anti-virus products, the number of malicious files detected on home and corporate computers continues to increase at a significant rate. Recently, anti-virus companies have started investing in machine learning solutions to augment signatures manually designed by analysts. A malicious file's determination is often represented as a hierarchical structure consisting of a type (e.g. Worm, Backdoor), a platform (e.g. Win32, Win64), a family (e.g. Rbot, Rugrat) and a family variant (e.g. A, B). While there has been substantial research in automated malware classification, the aforementioned hierarchical structure, which can provide additional information to the classification models, has been ignored. In this paper, we propose the novel idea and study the performance of employing hierarchical learning algorithms for automated classification of malicious files. To the best of our knowledge, this is the first research effort which incorporates the hierarchical structure of the malware label in its automated classification and in the security domain, in general. It is important to note that our method does not require any additional effort by analysts because they typically assign these hierarchical labels today. Our empirical results on a real world, industrial-scale malware dataset of 3.6 million files demonstrate that incorporation of the label hierarchy achieves a significant reduction of 33.1% in the binary error rate as compared to a non-hierarchical classifier which is traditionally used in such problems.

There is no doubt that security issues are on the rise and defense mechanisms are becoming one of the leading subjects for academic and industry experts. In this paper, we focus on the security domain and envision a new way of looking at the security life cycle. We utilize our vision to propose an asset-based approach to countermeasure zero day attacks. To evaluate our proposal, we built a prototype. The initial results are promising and indicate that our prototype will achieve its goal of detecting zero-day attacks.