Biblio

Web Scraping is the technique of extracting desired data in an automated way by scanning the internal links and content of a website, this activity usually performed by systematically programmed bots. This paper explains our proposed solution to protect the blog content from theft and from being copied to other destinations by mitigating the scraping bots. To achieve our purpose we applied two steps in two levels, the first one, on the main blog page level, mitigated the work of crawler bots by adding extra empty articles anchors among real articles, and the next step, on the article page level, we add a random number of empty and hidden spans with randomly generated text among the article's body. To assess this solution we apply it to a local project developed using PHP language in Laravel framework, and put four criteria that measure the effectiveness. The results show that the changes in the file size before and after the application do not affect it, also, the processing time increased by few milliseconds which still in the acceptable range. And by using the HTML-similarity tool we get very good results that show the symmetric over style, with a few bit changes over the structure. Finally, to assess the effects on the bots, scraper bot reused and get the expected results from the programmed middleware. These results show that the solution is feasible to be adopted and use to protect blogs content.

This paper describes the architecture and the fundamental methodology of an anomaly detector, which by continuously monitoring Simple Network Management Protocol data and by processing it as complex-events, is able to timely recognize patterns of faults and relevant cyber-attacks. This solution has been applied in the context of smart grids, and in particular as part of a security and resilience component of the Information and Communication Technologies (ICT) Gateway, a middleware-based architecture that correlates and fuses measurement data from different sources (e.g., Inverters, Smart Meters) to provide control coordination and to enable grid observability applications. The detector has been evaluated through experiments, where we selected some representative anomalies that can occur on the ICT side of the energy distribution infrastructure: non-malicious faults (indicated by patterns in the system resources usage), as well as effects of typical cyber-attacks directed to the smart grid infrastructure. The results show that the detection is promisingly fast and efficient.

Semantic data has semantic information about the relationship between information and resources of data collected in a smart city so that all different domains and data can be organically connected. Various services using semantic data such as public data integration of smart cities, semantic search, and linked open data are emerging, and services that open and freely use semantic data are also increasing. By using semantic data, it is possible to create a variety of services regardless of platform and resource characteristics. However, despite the many advantages of semantic data, it is not easy to use because it requires a high understanding of semantics such as SPARQL. Therefore, in this paper, we propose a semantic framework for users of semantic data so that new services can be created without a high understanding of semantics. The semantics framework includes a template-based annotator that supports automatically generating semantic data based on user input and a semantic REST API that allows you to utilize semantic data without understanding SPAROL.

As the traditional inverters are transforming toward more intelligent inverters with advanced information and communication technologies, the cyber-attack surface has been remarkably expanded. Specifically, securing firmware of smart inverters from cyber-attacks is crucial. This paper provides expanded firmware attack surface targeting smart inverters. Moreover, this paper proposes a security module for transforming a conventional inverter to a firmware security built-in smart inverter by preventing potential malware and unauthorized firmware update attacks as well as fast automated inverter recovery from zero-day attacks. Furthermore, the proposed security module as a client of blockchain is connected to blockchain severs to fully utilize blockchain technologies such as membership service, ledgers, and smart contracts to detect and mitigate the firmware attacks. The proposed security module framework is implemented in an Internet-of-Thing (IoT) device and validated by experiments.

The special feature of the thing-user centric communication is that thing-users can form a society autonomously and collaborate to solve problems. To share experiences and knowledge, thing-users form, join, and leave communities. The thing-user, who needs a help from other thing-users to accomplish a mission, searches thing-user communities and nominates thing-users of the discovered communities to organize a collaborative work group. Thing-user community should perform autonomously the social construction process and need principles and procedures for the community formation and collaboration within the thing-user communities. This paper defines thing-user communities and proposes an organizational structure for the thing-user community formation.

Insider threat is one of the most pernicious threat vectors to information and communication technologies (ICT) across the world due to the elevated level of trust and access that an insider is afforded. This type of threat can stem from both malicious users with a motive as well as negligent users who inadvertently reveal details about trade secrets, company information, or even access information to malignant players. In this paper, we propose a novel approach that uses system logs to detect insider behavior using a special recurrent neural network (RNN) model. Ground truth is established using DANTE and used as baseline for identifying anomalous behavior. For this, system logs are modeled as a natural language sequence and patterns are extracted from these sequences. We create workflows of sequences of actions that follow a natural language logic and control flow. These flows are assigned various categories of behaviors - malignant or benign. Any deviation from these sequences indicates the presence of a threat. We further classify threats into one of the five categories provided in the CERT insider threat dataset. Through experimental evaluation, we show that the proposed model can achieve 93% prediction accuracy.

As the amount of information distributed and processed through IoT(Internet of Things) devices is absolutely increased, various security issues are also emerging. Above all, since IoT technology is directly applied to our real life, there is a growing concern that the dangers of the existing cyberspace can be expanded into the real world. In particular, leaks of keys necessary for authentication and data protection of IoT devices are causing economic and industrial losses through illegal copying and data leakage. Therefore, this paper introduces the research trend of hardware and software based key hiding technology to respond to these security threats, and proposes IoT device authentication techniques using them. The proposed method fundamentally prevents the threat of exposure of the authentication key due to various security vulnerabilities by properly integrating hardware and software based key hiding technologies. That is, this paper provides a more reliable IoT device authentication scheme by using key hiding technology for authentication key management.

A synthetic aperture radar (SAR) target detection method based on the fusion of multiscale superpixel segmentations is proposed in this paper. SAR images are segmented between land and sea firstly by using superpixel technology in different scales. Secondly, image segmentation results together with the constant false alarm rate (CFAR) detection result are coalesced. Finally, target detection is realized by fusing different scale results. The effectiveness of the proposed algorithm is tested on Sentinel-1A data.

Proliferation of the Internet usage is rapidly increasing, and it is necessary to support the performance requirements for multimedia applications, including lower latency, improved security, faster content retrieval, and adjustability to the traffic load. Nevertheless, because the current Internet architecture is a host-oriented one, it often fails to support the necessary demands such as fast content delivery. A promising networking paradigm called Information-Centric Networking (ICN) focuses on the name of the content itself rather than the location of that content. A distinguished alternative to this ICN concept is Content-Centric Networking (CCN) that exploits more of the performance requirements by using in-network caching and outperforms the current Internet in terms of content transfer time, traffic load control, mobility support, and efficient network management. In this paper, instead of using the saturated method of validating a theory by simulation, we present a testbed-based performance evaluation of the ICN network. We used several new functions of the proposed testbed to improve the performance of the basic CCN. In this paper, we also show that the proposed testbed architecture performs better in terms of content delivery time compared to the basic CCN architecture through graphical results.

This paper presents hybrid system to minimize damage by zero-day attack. Proposed system consists of signature-based NIDPS, honeypot and temporary queue. When proposed system receives packet from external network, packet which is known for attack packet is dropped by signature-based NIDPS. Passed packets are redirected to honeypot, because proposed system assumes that all packets which pass NIDPS have possibility of zero-day attack. Redirected packet is stored in temporary queue and if the packet has possibility of zero-day attack, honeypot extracts signature of the packet. Proposed system creates rule that match rule format of NIDPS based on extracted signatures and updates the rule. After the rule update is completed, temporary queue sends stored packet to NIDPS then packet with risk of attack can be dropped. Proposed system can reduce time to create and apply rule which can respond to unknown attack packets. Also, it can drop packets that have risk of zero-day attack in real time.

During the Cold War era, countries with asymmetrical relationships often demonstrated how lower-tier nation states required the alliance and support from top-tier nation states. This statement no longer stands true as country such as North Korea has exploited global financial institutions through various malware such as WANNACRY V0, V1, V2, evtsys.exe, and BRAMBUL WORM. Top tier nation states such as the U.S. are unable to use diplomatic clout or to retaliate against the deferrer. Our study examined the affidavit filed against the North Korean hacker, Park Jin Hyok, which was provided by the FBI. Our paper focuses on the operations and campaigns that were carried out by the Lazarus Group by focusing on the key factors of the infrastructure and artifacts. Due to the nature of the cyber deterrence, deterrence in the cyber realm is far complex than the nuclear deterrence. We focused on the Sony Picture Entertainment’s incident for our study. In this study, we discuss how cyber deterrence can be employed when different nation states share an asymmetrical relationship. Furthermore, we focus on contestability and attribution that is a key factor that makes cyber deterrence difficult.

The emergence of Cyber-Physical Systems (CPSs) is a potential paradigm shift for the usage of Information and Communication Technologies (ICT). From predominantly a facilitator of information and communication services, the role of ICT in the present age has expanded to the management of objects and resources in the physical world. Thus, it is imperative to devise mechanisms to ensure the trustworthiness of data to secure vulnerable devices against security threats. This work presents an analytical framework based on non-cooperative game theory to evaluate the trustworthiness of individual sensor nodes that constitute the CPS. The proposed game-theoretic model captures the factors impacting the trustworthiness of CPS sensor nodes. Further, the model is used to estimate the Nash equilibrium solution of the game, to derive a trust threshold criterion. The trust threshold represents the minimum trust score required to be maintained by individual sensor nodes during CPS operation. Sensor nodes with trust scores below the threshold are potentially malicious and may be removed or isolated to ensure the secure operation of CPS.

In the era of Industry 4.0 (IR 4.0), information leakage has become a critical issue for information security. The basic approach to addressing information leakage threats is to implement an information security policy (ISP) that defines the standards, boundaries, and responsibilities of users of information and technology of an organization. ISPs are one of the most commonly used methods for controlling internal user security behaviours, which include, but not limited to, computer usage ethics; organizational system usage policies; Internet and email usage policies; and the use of social media. Human error is the main security threat to information security, resulting from negligence, ignorance, and failure to adhere to organizational information security policies. Information security incidents are a problem related to human behaviour because technology is designed and operated by humans, presenting the opportunities and spaces for human error. In addition to the factor of human error as the main source of information leakage, this study aims to systematically analyse the fundamental issues of information security policy compliance. An analysis of these papers identifies and categories critical factor that effect an employee's attitude toward compliance with ISP. The human, process, technology element and information governance should be thought as a significant scope for more efficiency of information security policy compliance and in any further extensive studies to improve on information security policy compliance. Therefore, to ensure these are properly understood, further study is needed to identity the information governance that needs to be included in organizations and current best practices for developing an information security policy compliance within organizations.

With the rapid progression of Information and Communication Technology (ICT) and especially of Internet of Things (IoT), the conventional electrical grid is transformed into a new intelligent paradigm, known as Smart Grid (SG). SG provides significant benefits both for utility companies and energy consumers such as the two-way communication (both electricity and information), distributed generation, remote monitoring, self-healing and pervasive control. However, at the same time, this dependence introduces new security challenges, since SG inherits the vulnerabilities of multiple heterogeneous, co-existing legacy and smart technologies, such as IoT and Industrial Control Systems (ICS). An effective countermeasure against the various cyberthreats in SG is the Intrusion Detection System (IDS), informing the operator timely about the possible cyberattacks and anomalies. In this paper, we provide an anomaly-based IDS especially designed for SG utilising operational data from a real power plant. In particular, many machine learning and deep learning models were deployed, introducing novel parameters and feature representations in a comparative study. The evaluation analysis demonstrated the efficacy of the proposed IDS and the improvement due to the suggested complex data representation.

{Information and Communications Technology (ICT) have rationalized government services into a more efficient and transparent government. However, a large part of the government services remained constant in the manual process due to the high cost of ICT. The purpose of this paper is to explore the role of e-governance and ICT in the legislative management of municipalities in the Philippines. This study adopted the phases of Princeton Project Management Methodology (PPMM) as the approach in the development of LeMTrac. This paper utilized the developmental- quantitative research design involving two (2) sets of respondents, which are the end-users and IT experts. Majority of the respondents perceived that the system as "highly acceptable" with an average Likert score of 4.72 for the ISO 9126 Software quality metric Usability. The findings also reveal that the integration of LeMTrac within the Sangguniang Bayan (SB) Office in the Municipal Local Government Units (LGU) of Nabua and Bula, Camarines Sur provided better accessibility, security, and management of documents.

In this study, we conducted a survey of those who have used E-Government Services (civil servants, employees of public institutions, and the public) to empirically identify the factors affecting the continuous use intention E-Government Services, and conducted an empirical analysis using SPSS and Smart PLS with 284 valid samples except for dual, error and poor answers. Based on the success model of the information system (IS access model), we set independent variables which were divided into quality factors (service quality, system quality, information quality) and risk factors (personal information and security), and perceived ease of use and reliability, which are the main variables based on the technology acceptance model (TAM) that best describes the parameter group, were established as useful parameters. In addition, we design the research model by setting user satisfaction and the continuous use intention as dependent variables, conducted the study about how affecting factors influence to the acceptance factors through 14 hypotheses.The study found that 12 from 14 hypotheses were adopted and 2 were rejected. Looking at the results derived, it was analyzed that, firstly, 3 quality factors all affect perceived ease of use in relation to the quality of service, system quality, information quality which are perceived ease of use of E-Government Services. Second, in relation to the quality of service quality, system quality, information quality and perceived usefulness which are the quality factors of E-Government Services, the quality of service and information quality affect perceived usefulness, but system quality does not affect perceived usefulness. Third, it was analyzed that both factors influence reliability in the relationship between Privacy and security and trust which are risk factors. Fourth, the relationship between perceived ease of use and perceived usefulness has shown that perceived ease of use does not affect perceived usefulness. Finally, the relationship between user value factors (perceptual usability, perceived usefulness and trust) and user satisfaction and the continuous use intention was analyzed that user value factors affect user satisfaction while user satisfaction affects the continuous use intention. This study can be meaningful in that it theoretically presented the factors influencing the continued acceptance of e-government services through precedent research, presented the variables and measurement items verified through the empirical analysis process, and verified the causal relationship between the variables. The e-government service can contribute to the implementation of e-government in line with the era of the 4th Industrial Revolution by using it as a reference to the establishment of policies to improve the quality of people's lives and provide convenient services to the people.

With the advancement in technology, inclusion of Information and Communication Technology (ICT) in the conventional Electrical Power Grid has become evident. The combination of communication system with physical system makes it cyber-physical system (CPS). Though the advantages of this improvement in technology are numerous, there exist certain issues with the system. Security and privacy concerns of a CPS are a major field and research and the insight of which is content of this paper.

We aim at creating a society where we can resolve various social challenges by incorporating the innovations of the fourth industrial revolution (e.g. IoT, big data, AI, robot, and the sharing economy) into every industry and social life. By doing so the society of the future will be one in which new values and services are created continuously, making people's lives more conformable and sustainable. This is Society 5.0, a super-smart society. Security and privacy are key issues to be addressed to realize Society 5.0. Privacy-preserving data analytics will play an important role. In this talk we show our recent works on privacy-preserving data analytics such as privacy-preserving logistic regression and privacy-preserving deep learning. Finally, we show our ongoing research project under JST CREST “AI”. In this project we are developing privacy-preserving financial data analytics systems that can detect fraud with high security and accuracy. To validate the systems, we will perform demonstration tests with several financial institutions and solve the problems necessary for their implementation in the real world.

With the tighter integration of power system and Information and Communication Technology (ICT), power grid is becoming a typical cyber physical system (CPS). It is important to analyze the impact of the cyber event on power system, so that it is necessary to build a co-simulation system for studying the interaction between power system and ICT. In this paper, a cyber physical power system (CPPS) co-simulation platform is proposed, which includes the hardware-in-the-loop (HIL) simulation function. By using flexible interface, various simulation software for power system and ICT can be interconnected into the platform to build co-simulation tools for various simulation purposes. To demonstrate it as a proof, one simulation framework for real life cyber-attack on power system control is introduced. In this case, the real life denial-of-service attack on a router in automatic voltage control (AVC) is simulated to demonstrate impact of cyber-attack on power system.

Trust management is a promising alternative solution to different complex security algorithms for Underwater Wireless Sensor Networks (UWSN) applications due to its several resource constraint behaviour. In this work, we have proposed a trust management model to improve location privacy of the UWSN. Adaptive Neuro Fuzzy Inference System (ANFIS) has been exploited to evaluate trustworthiness of a sensor node. Also Markov Decision Process (MDP) has been considered. At each state of the MDP, a sensor node evaluates trust behaviour of forwarding node utilizing the FIS learning rules and selects a trusted node. Simulation has been conducted in MATLAB and simulation results show that the detection accuracy of trustworthiness is 91.2% which is greater than Knowledge Discovery and Data Mining (KDD) 99 intrusion detection based dataset. So, in our model 91.2% trustworthiness is necessary to be a trusted node otherwise it will be treated as a malicious or compromised node. Our proposed model can successfully eliminate the possibility of occurring any compromised or malicious node in the network.

Verbal and non-verbal behaviors that we use in order to effectively communicate with other people are vital for our success in our daily lives. Despite the importance of social skills, creating standardized methods for training them and supporting their training is challenging. Information and Communications Technology (ICT) may have a good potential to support social and emotional learning (SEL) through virtual social demonstration games. This paper presents initial work involving the design of a pedagogical scenario to facilitate teaching of socially appropriate and inappropriate behaviors when entering and standing in a small group of people, a common occurrence in collaborative social situations. This is achieved through the use of virtual characters and, initially, virtual reality (VR) environments for supporting situated learning in multiple contexts. We describe work done thus far on the demonstrator scenario and anticipated potentials, pitfalls and challenges involved in the approach.

The ongoing digitalization of the power distribution grid will improve the operational support and automation which is believed to increase the system reliability. However, in an integrated and interdependent cyber-physical system, new threats appear which must be understood and dealt with. Of particular concern, in this paper, is the causes of an inconsistent view between the physical system (here power grid) and the Information and Communication Technology (ICT) system (here Distribution Management System). In this paper we align the taxonomy used in International Electrotechnical Commission (power eng.) and International Federation for Information Processing (ICT community), define a metric for inconsistencies, and present a modelling approach using Stochastic Activity Networks to assess the consequences of inconsistencies. The feasibility of the approach is demonstrated in a simple use case.

The area of military operations is presently a peculiar, heterogenic environment providing the decision-makers with varied data and information on the potential or the real enemy. However the vast number and diversity of the available information does not facilitate the decision process. The achievement of information advantage in line with the rule: the first to notice, the first to understand and the first to act depends among other things on the proper information processing. In the theory of Electronic Warfare, the processing of information about the electronic objects of the enemy emitting electromagnetic energy is realized by Signals Intelligence. The fastest processing of information in the information system of Signals Intelligence is presently provided by cybernetic environment. The construction of an information processing system in the cybernetic environment of Signals Intelligence is thus a very complex task. The article presents theoretical basis of information processing in cybernetic environment of Signals Intelligence based on research carried out by the authors. The article can be described as the added value since it presents and clarifies a complex concept of cybernetic environment of Signal Intelligence. Moreover, it provides a new definition of information process as a system of operations on intelligence information and data. It also presents the stages of information process as well as the structure of information processing process. In the further part it shows the factors and elements of the cybernetic environment of Signals Intelligence isolated in the process of research. The document provides a perspective for the processing of information in the cybernetic environment of Signals Intelligence, it fills the gap in research on information processing in the cybernetic environment of Signals Intelligence as well as assures strong theoretical basis and provides an incentive for further research on the information processing in the cybernetic environment of Signals Intelligence.

The existing radial topology makes the power system less reliable since any part in the system failure will disrupt electrical power delivery in the network. The increasing security concerns, electrical energy theft, and present advancement in Information and Communication Technologies are some factors that led to modernization of power system. In a smart grid, a network of smart sensors offers numerous opportunities that may include monitoring of power, consumer-side energy management, synchronization of dispersed power storage, and integrating sources of renewable energy. Smart sensor networks are low cost and are ease to deploy hence they are favorable contestants for deployment smart power grids at a larger scale. These networks will result in a colossal volume of dissimilar range of data that require an efficient processing and analyzing process in order to realize an efficient smart grid. The existing technology can be used to collect data but dealing with the collected information proficiently as well as mining valuable material out of it remains challenging. The paper investigates communication technologies that maybe deployed in a smart grid. In this paper simulations results for the Additive White Gaussian Noise (AWGN) channel are illustrated. We propose a model and a communication network domain riding on the power system domain. The model was interrogated by simulation in MATLAB.

With the recent advances in information and communication technology, Web and Mobile Internet applications have become a part of our daily lives. These developments have also emerged Information Security concept due to the necessity of protecting information of institutions from Internet attackers. There are many security approaches to provide information security in Enterprise applications. However, using only one of these approaches may not be efficient enough to obtain security. This paper describes a Multi-Layered Framework of implementing two-factor and single sign-on authentication together. The proposed framework generates unique one-time passwords (OTP), which are used to authenticate application data. Nevertheless, using only OTP mechanism does not meet security requirements. Therefore, implementing a separate authentication application which has single sign-on capability is necessary.