Biblio

Internet of Things (IoT) and those protocol CoAP and MQTT has security issues that have entirely changed the security strategy should be utilized and behaved for devices restriction. Several challenges have been observed in multiple domains of security, but Distributed Denial of Service (DDoS) have actually dangerous in IoT that have RT. Thus, the IoT paradigm and those protocols CoAP and MQTT have been investigated to seek whether network services could be efficiently delivered for resources usage, managed, and disseminated to the devices. Internet of Things is justifiably joined with the best practices augmentation to make this task enriched. However, factors behaviors related to traditional networks have not been effectively mitigated until now. In this paper, we present and deep, qualitative, and comprehensive systematic mapping to find the answers to the following research questions, such as, (i) What is the state-of-the-art in IoT security, (ii) How to solve the restriction devices challenges via infrastructure involvement, (iii) What type of technical/protocol/ paradigm needs to be studied, and (iv) Security profile should be taken care of, (v) As the proposals are being evaluated: A. If in simulated/virtualized/emulated environment or; B. On real devices, in which case which devices. After doing a comparative study with other papers dictate that our work presents a timely contribution in terms of novel knowledge toward an understanding of formulating IoT security challenges under the IoT restriction devices take care.

Cloud computing provides a great platform for the users to utilize the various computational services in order accomplish their requests. However it is difficult to utilize the computational storage services for the file handling due to the increased protection issues. Here Distributed Denial of Service (DDoS) attacks are the most commonly found attack which will prevent from cloud service utilization. Thus it is confirmed that the DDoS attack detection and load balancing in cloud are most extreme issues which needs to be concerned more for the improved performance. This attained in this research work by measuring up the trust factors of virtual machines in order to predict the most trustable VMs which will be combined together to form the trustable source vector. After trust evaluation, in this work Bat algorithm is utilized for the optimal load distribution which will predict the optimal VM resource for the task allocation with the concern of budget. This method is most useful in the process of detecting the DDoS attacks happening on the VM resources. Finally prevention of DDOS attacks are performed by introducing the Fuzzy Extreme Learning Machine Classifier which will learn the cloud resource setup details based on which DDoS attack detection can be prevented. The overall performance of the suggested study design is performed in a Java simulation model to demonstrate the superiority of the proposed algorithm over the current research method.

A classification issue in machine learning is the issue of spotting Distributed Denial of Service (DDos) attacks. A Denial of Service (DoS) assault is essentially a deliberate attack launched from a single source with the implied intent of rendering the target's application unavailable. Attackers typically aims to consume all available network bandwidth in order to accomplish this, which inhibits authorized users from accessing system resources and denies them access. DDoS assaults, in contrast to DoS attacks, include several sources being used by the attacker to launch an attack. At the network, transportation, presentation, and application layers of a 7-layer OSI architecture, DDoS attacks are most frequently observed. With the help of the most well-known standard dataset and multiple regression analysis, we have created a machine learning model in this work that can predict DDoS and bot assaults based on traffic.

One of the major threats in the cyber security and networking world is a Distributed Denial of Service (DDoS) attack. With massive development in Science and Technology, the privacy and security of various organizations are concerned. Computer Intrusion and DDoS attacks have always been a significant issue in networked environments. DDoS attacks result in non-availability of services to the end-users. It interrupts regular traffic flow and causes a flood of flooded packets, causing the system to crash. This research presents a Machine Learning-based DDoS attack detection system to overcome this challenge. For the training and testing purpose, we have used the NSL-KDD Dataset. Logistic Regression Classifier, Support Vector Machine, K Nearest Neighbour, and Decision Tree Classifier are examples of machine learning algorithms which we have used to train our model. The accuracy gained are 90.4, 90.36, 89.15 and 82.28 respectively. We have added a feature called BOTNET Prevention, which scans for Phishing URLs and prevents a healthy device from being a part of the botnet.

Cloud provides access to shared pool of resources like storage, networking, and processing. Distributed denial of service attacks are dangerous for Cloud services because they mainly target the availability of resources. It is important to detect and prevent a DDoS attack for the continuity of Cloud services. In this review, we analyze the different mechanisms of detection and prevention of the DDoS attacks in Clouds. We identify the major DDoS attacks in Clouds and compare the frequently-used strategies to detect, prevent, and mitigate those attacks that will help the future researchers in this area.

Cyber-Physical Systems (CPS) are systems that contain digital embedded devices while depending on environmental influences or external configurations. Identifying relevant influences of a CPS as well as modeling dependencies on external influences is difficult. We propose to learn these dependencies with decision trees in combination with clustering. The approach allows to automatically identify relevant influences and receive a data-related explanation of system behavior involving the system's use-case. Our paper presents a case study of our method for a Real-Time Localization System (RTLS) proving the usefulness of our approach, and discusses further applications of a learned decision tree.

Legacy programs are normally monolithic (that is, all code runs in a single process and is not partitioned), and a bug in a program may result in the entire program being vulnerable and therefore untrusted. Program partitioning can be used to separate a program into multiple partitions, so as to isolate sensitive data or privileged operations. Manual program partitioning requires programmers to rewrite the entire source code, which is cumbersome, error-prone, and not generic. Automatic program partitioning tools can separate programs according to the dependency graph constructed based on data or programs. However, programmers still need to manually implement remote service interfaces for inter-partition communication. Therefore, in this paper, we propose AutoSlicer, whose purpose is to partition a program more automatically, so that the programmer is only required to annotate sensitive data. AutoSlicer constructs accurate data dependency graphs (DDGs) by enabling execution flow graphs, and the DDG-based partitioning algorithm can compute partition information based on sensitive annotations. In addition, the code refactoring toolchain can automatically transform the source code into sensitive and insensitive partitions that can be deployed on the remote procedure call framework. The experimental evaluation shows that AutoSlicer can effectively improve the accuracy (13%-27%) of program partitioning by enabling EFG, and separate real-world programs with a relatively smaller performance overhead (0.26%-9.42%).

Third-party libraries with rich functionalities facilitate the fast development of JavaScript software, leading to the explosive growth of the NPM ecosystem. However, it also brings new security threats that vulnerabilities could be introduced through dependencies from third-party libraries. In particular, the threats could be excessively amplified by transitive dependencies. Existing research only considers direct dependencies or reasoning transitive dependencies based on reachability analysis, which neglects the NPM-specific dependency resolution rules as adapted during real installation, resulting in wrongly resolved dependencies. Consequently, further fine-grained analysis, such as precise vulnerability propagation and their evolution over time in dependencies, cannot be carried out precisely at a large scale, as well as deriving ecosystem-wide solutions for vulnerabilities in dependencies. To fill this gap, we propose a knowledge graph-based dependency resolution, which resolves the inner dependency relations of dependencies as trees (i.e., dependency trees), and investigates the security threats from vulnerabilities in dependency trees at a large scale. Specifically, we first construct a complete dependency-vulnerability knowledge graph (DVGraph) that captures the whole NPM ecosystem (over 10 million library versions and 60 million well-resolved dependency relations). Based on it, we propose a novel algorithm (DTResolver) to statically and precisely resolve dependency trees, as well as transitive vulnerability propagation paths, for each package by taking the official dependency resolution rules into account. Based on that, we carry out an ecosystem-wide empirical study on vulnerability propagation and its evolution in dependency trees. Our study unveils lots of useful findings, and we further discuss the lessons learned and solutions for different stakeholders to mitigate the vulnerability impact in NPM based on our findings. For example, we implement a dependency tree based vulnerability remediation method (DTReme) for NPM packages, and receive much better performance than the official tool (npm audit fix).

Steady advancement in Artificial Intelligence (AI) development over recent years has caused AI systems to become more readily adopted across industry and military use-cases globally. As powerful as these algorithms are, there are still gaping questions regarding their security and reliability. Beyond adversarial machine learning, software supply chain vulnerabilities and model backdoor injection exploits are emerging as potential threats to the physical safety of AI reliant CPS such as autonomous vehicles. In this work in progress paper, we introduce the concept of AI supply chain vulnerabilities with a provided proof of concept autonomous exploitation framework. We investigate the viability of algorithm backdoors and software third party library dependencies for applicability into modern AI attack kill chains. We leverage an autonomous vehicle case study for demonstrating the applicability of our offensive methodologies within a realistic AI CPS operating environment.

Modern vehicles have multiple electronic control units (ECUs) that are connected together as part of a complex distributed cyber-physical system (CPS). The ever-increasing communication between ECUs and external electronic systems has made these vehicles particularly susceptible to a variety of cyber-attacks. In this work, we present a novel anomaly detection framework called TENET to detect anomalies induced by cyber-attacks on vehicles. TENET uses temporal convolutional neural networks with an integrated attention mechanism to learn the dependency between messages traversing the in-vehicle network. Post deployment in a vehicle, TENET employs a robust quantitative metric and classifier, together with the learned dependencies, to detect anomalous patterns. TENET is able to achieve an improvement of 32.70% in False Negative Rate, 19.14% in the Mathews Correlation Coefficient, and 17.25% in the ROC-AUC metric, with 94.62% fewer model parameters, and 48.14% lower inference time compared to the best performing prior works on automotive anomaly detection.

To solve the problem of an excessive number of component vulnerabilities and limited defense resources in industrial cyber physical systems, a method for analyzing security critical components of system is proposed. Firstly, the components and vulnerability information in the system are modeled based on SysML block definition diagram. Secondly, as SysML block definition diagram is challenging to support direct analysis, a block security dependency graph model is proposed. On this basis, the transformation rules from SysML block definition graph to block security dependency graph are established according to the structure of block definition graph and its vulnerability information. Then, the calculation method of component security importance is proposed, and a security critical component analysis tool is designed and implemented. Finally, an example of a Drone system is given to illustrate the effectiveness of the proposed method. The application of this method can provide theoretical and technical support for selecting key defense components in the industrial cyber physical system.

Cyber Attack is the most challenging issue all over the world. Nowadays, Cyber-attacks are increasing on digital systems and organizations. Innovation and utilization of new digital technology, infrastructure, connectivity, and dependency on digital strategies are transforming day by day. The cyber threat scope has extended significantly. Currently, attackers are becoming more sophisticated, well-organized, and professional in generating malware programs in Python, C Programming, C++ Programming, Java, SQL, PHP, JavaScript, Ruby etc. Accurate attack modeling techniques provide cyber-attack planning, which can be applied quickly during a different ongoing cyber-attack. This paper aims to create a new cyber-attack model that will extend the existing model, which provides a better understanding of the network’s vulnerabilities.Moreover, It helps protect the company or private network infrastructure from future cyber-attacks. The final goal is to handle cyber-attacks efficacious manner using attack modeling techniques. Nowadays, many organizations, companies, authorities, industries, and individuals have faced cybercrime. To execute attacks using our model where honeypot, the firewall, DMZ and any other security are available in any environment.

Deep learning models rely on single word features and location features of text to achieve good results in text relation extraction tasks. However, previous studies have failed to make full use of semantic information contained in sentence dependency syntax trees, and data sparseness and noise propagation still affect classification models. The BERT(Bidirectional Encoder Representations from Transformers) pretrained language model provides a better representation of natural language processing tasks. And entity enhancement methods have been proved to be effective in relation extraction tasks. Therefore, this paper proposes a combination of the shortest dependency path and entity-enhanced BERT pre-training language model for model construction to reduce the impact of noise terms on the classification model and obtain more semantically expressive feature representation. The algorithm is tested on SemEval-2010 Task 8 English relation extraction dataset, and the F1 value of the final experiment can reach 0. 881.

Guidelines, directives, and policy statements are usually presented in “linear” text form - word after word, page after page. However necessary, this practice impedes full understanding, obscures feedback dynamics, hides mutual dependencies and cascading effects and the like-even when augmented with tables and diagrams. The net result is often a checklist response as an end in itself. All this creates barriers to intended realization of guidelines and undermines potential effectiveness. We present a solution strategy using text as “data”, transforming text into a structured model, and generate network views of the text(s), that we then can use for vulnerability mapping, risk assessments and note control point analysis. For proof of concept we draw on NIST conceptual model and analysis of guidelines for smart grid cybersecurity, more than 600 pages of text.

Unsupervised cross-domain NER task aims to solve the issues when data in a new domain are fully-unlabeled. It leverages labeled data from source domain to predict entities in unlabeled target domain. Since training models on large domain corpus is time-consuming, in this paper, we consider an alternative way by introducing syntactic dependency structure. Such information is more accessible and can be shared between sentences from different domains. We propose a novel framework with dependency-aware GNN (DGNN) to learn these common structures from source domain and adapt them to target domain, alleviating the data scarcity issue and bridging the domain gap. Experimental results show that our method outperforms state-of-the-art methods.

The Internet of Things is an emerging technology for recent marketplace. In IoT, the heterogeneous devices are connected through the medium of the Internet for seamless communication. The devices used in IoT are resource-constrained in terms of memory, power and processing. Due to that, IoT system is unable to implement hi-end security for malicious cyber-attacks. The recent era is all about connecting IoT devices in various domains like medical, agriculture, transport, power, manufacturing, supply chain, education, etc. and thus need to be prevented from attacks and analyzed after attacks for legal action. The legal analysis of IoT data, devices and communication is called IoT forensics which is highly indispensable for various types of attacks on IoT system. This paper will review types of IoT attacks and its preventive measures in cyber security. It will also help in ascertaining IoT forensics and its challenges in detail. This paper will conclude with the high requirement of cyber security in IoT domains with implementation of standard rules for IoT forensics.

This study explores the Critical Success Factors (CSFs) for Security Education, Training and Awareness (SETA) programmes. Data is gathered from 20 key informants (using semi-structured interviews) from various geographic locations including the Gulf nations, Middle East, USA, UK, and Ireland. The analysis of these key informant interviews produces eleven CSFs for SETA programmes. These CSFs are mapped along the phases of a SETA programme lifecycle (design, development, implementation, and evaluation).

Security is a critical aspect in the process of designing, developing, and testing software systems. Due to the increasing need for security-related skills within software systems, there is a growing demand for these skills to be taught in computer science. A series of security modules was developed not only to meet the demand but also to assess the impact of these modules on teaching critical cyber security topics in computer science courses. This full paper in the innovative practice category presents the outcomes of six security modules in a freshman-level course at two institutions. The study adopts a Model-Eliciting Activity (MEA) as a project for students to demonstrate an understanding of the security concepts. Two experimental studies were conducted: 1) Teaching effectiveness of implementing cyber security modules and MEA project, 2) Students’ experiences in conceptual modeling tasks in problem-solving. In measuring the effectiveness of teaching security concepts with the MEA project, students’ performance, attitudes, and interests as well as the instructor’s effectiveness were assessed. For the conceptual modeling tasks in problem-solving, the results of student outcomes were analyzed. After implementing the security modules with the MEA project, students showed a great understanding of cyber security concepts and an increased interest in broader computer science concepts. The instructor’s beliefs about teaching, learning, and assessment shifted from teacher-centered to student-centered during their experience with the security modules and MEA project. Although 64.29% of students’ solutions do not seem suitable for real-world implementation, 76.9% of the developed solutions showed a sufficient degree of creativity.

Large volumes of private data are gathered, processed, and stored on computers by governments, the military, organizations, financial institutions, colleges, and other enterprises. This data is then sent through networks to other computers. Urgent measures are required to safeguard sensitive personal and company data as well as national security due to the exponential development in number and complexity of cyber- attacks. The essay discusses the characteristics of the Internet and demonstrates how private and financial data can be transmitted over it while still being safeguarded. We show that robbery has spread throughout India and the rest of the world, endangering the global economy and security and giving rise to a variety of cyber-attacks.

In the 21st century, world-leading industries are under the accelerated development of digital transformation. Along with information and data resources becoming more transparent on the Internet, many new network technologies were introduced, but cyber-attack also became a severe problem in cyberspace. Over time, industrial control networks are also forced to join the nodes of the Internet. Therefore, cybersecurity is much more complicated than before, and suffering risk of browsing unknown websites also increases. To practice defenses against cyber-attack effectively, Cyber Range is the best platform to emulate all cyber-attacks and defenses. This article will use VMware virtual machine emulation technology, research cyber range systems under industrial control network architecture, and design and implement an industrial control cyber range system. Using the industrial cyber range to perform vulnerability analyses and exploits on web servers, web applications, and operating systems. The result demonstrates the consequences of the vulnerability attack and raises awareness of cyber security among government, enterprises, education, and other related fields, improving the practical ability to defend against cybersecurity threats.

At the end of the IT Security degree program a simulation game is conducted to repeat and consolidate the core skills of a Bachelor’s graduate. The focus is not on teaching content, but on the application of already learned skills. The scenario shows the students the risks of a completely networked world, which has come to a complete standstill due to a catastrophe. The participants occupy in groups the predefined companies, which are assigned with the reconstruction of the communication infrastructure (the internet). This paper describes the preparation, technical and organizational implementation of the. Also, the most important conclusions drawn by the authors.

There is a stark contrast between the state of cyber security of national infrastructure in Ireland and the efforts underway to support cyber security technologists to work in the country. Notable attacks have recently occurred against the national health service, universities, and various other state bodies, prompting an interest in changing the current situation. This paper presents an overview of the security projects, commercial establishments, and policy in Ireland.

Cyber-Physical Power System (CPPS) is one of the most critical infrastructure systems due to deep integration between power grids and communication networks. In the power system, cascading failure is spreading more readily in CPPS, even leading to blackouts as well as there are new difficulties with the power system security simulation and faults brought by physical harm or network intrusions. The current study summarized the cross- integration of several fields such as computer and cyberspace security in terms of the robustness of Cyber-Physical Systems, viewed as Interconnected and secure network systems. Therefore, the security events that significantly influenced the power system were evaluated in this study, besides the challenges and future directions of power system security simulation technologies were investigated for posing both challenges and opportunities for simulation techniques of power system security like building a new power system to accelerate the transformation of the existing energy system to a clean, low-carbon, safe, and efficient energy system which is used to assure power system stability through fusion systems that combine the cyber-physical to integrate the battery power station, power generation and renewable energy resources through the internet with the cyber system that contains Smart energy system control and attacks.

Owing to the decreasing costs of distributed energy resources (DERs) as well as decarbonization policies, power systems are undergoing a modernization process. The large deployment of DERs together with internet of things (IoT) devices provide a platform for peer-to-peer (P2P) energy trading in active distribution networks. However, P2P energy trading with IoT devices have driven the grid more vulnerable to cyber-physical threats. To this end, in this paper, a resilience-oriented P2P energy exchange model is developed considering three phase unbalanced distribution systems. In addition, various scenarios for vulnerability assessment of P2P energy exchanges considering adverse prosumers and consumers, who provide false information regarding the price and quantity with the goal of maximum financial benefit and system operation disruption, are considered. Techno-economic survivability analysis against these attacks are investigated on a IEEE 13-node unbalanced distribution test system. Simulation results demonstrate that adverse peers can affect the physical operation of grid, maximize their benefits, and cause financial loss of other agents.

Cyber threats have been a major issue in the cyber security domain. Every hacker follows a series of cyber-attack stages known as cyber kill chain stages. Each stage has its norms and limitations to be deployed. For a decade, researchers have focused on detecting these attacks. Merely watcher tools are not optimal solutions anymore. Everything is becoming autonomous in the computer science field. This leads to the idea of an Autonomous Cyber Resilience Defense algorithm design in this work. Resilience has two aspects: Response and Recovery. Response requires some actions to be performed to mitigate attacks. Recovery is patching the flawed code or back door vulnerability. Both aspects were performed by human assistance in the cybersecurity defense field. This work aims to develop an algorithm based on Reinforcement Learning (RL) with a Convoluted Neural Network (CNN), far nearer to the human learning process for malware images. RL learns through a reward mechanism against every performed attack. Every action has some kind of output that can be classified into positive or negative rewards. To enhance its thinking process Markov Decision Process (MDP) will be mitigated with this RL approach. RL impact and induction measures for malware images were measured and performed to get optimal results. Based on the Malimg Image malware, dataset successful automation actions are received. The proposed work has shown 98% accuracy in the classification, detection, and autonomous resilience actions deployment.