Biblio

Virtual worlds was becoming increasingly popular in a variety of fields, including education, business, space exploration, and video games. Establishing the security of virtual worlds was becoming more critical as they become more widely used. Virtual users were identified using a behavioral biometric system. Improve the system's ability to identify objects by fusing scores from multiple sources. Identification was based on a review of user interactions in virtual environments and a comparison with previous recordings in the database. For behavioral biometric systems like the one described, it appears that score-level biometric fusion was a promising tool for improving system performance. As virtual worlds become more immersive, more people will want to participate in them, and more people will want to be able to interact with each other. Each region of the Meta-verse was given a glimpse of the current state of affairs and the trends to come. As hardware performance and institutional and public interest continue to improve, the Meta-verse's development is hampered by limitations like computational method limits and a lack of realized collaboration between virtual world stakeholders and developers alike. A major goal of the proposed research was to verify the accuracy of the biometric system to enhance the security in virtual world. In this study, the precision of the proposed work was compared to that of previous work.

This Innovative Practice Work-in-Progress paper presents a virtual, proactive, and collaborative learning paradigm that can engage learners with different backgrounds and enable effective retention and transfer of the multidisciplinary AI-cybersecurity knowledge. While progress has been made to better understand the trustworthiness and security of artificial intelligence (AI) techniques, little has been done to translate this knowledge to education and training. There is a critical need to foster a qualified cybersecurity workforce that understands the usefulness, limitations, and best practices of AI technologies in the cybersecurity domain. To address this import issue, in our proposed learning paradigm, we leverage multidisciplinary expertise in cybersecurity, AI, and statistics to systematically investigate two cohesive research and education goals. First, we develop an immersive learning environment that motivates the students to explore AI/machine learning (ML) development in the context of real-world cybersecurity scenarios by constructing learning models with tangible objects. Second, we design a proactive education paradigm with the use of hackathon activities based on game-based learning, lifelong learning, and social constructivism. The proposed paradigm will benefit a wide range of learners, especially underrepresented students. It will also help the general public understand the security implications of AI. In this paper, we describe our proposed learning paradigm and present our current progress of this ongoing research work. In the current stage, we focus on the first research and education goal and have been leveraging cost-effective Minecraft platform to develop an immersive learning environment where the learners are able to investigate the insights of the emerging AI/ML concepts by constructing related learning modules via interacting with tangible AI/ML building blocks.

With novel 3D imaging technology based on computed tomography (CT) set to replace the current 2D X-ray systems, airports face the challenge of adequately preparing airport security officers (screeners) through knowledge building. Virtual reality (VR) bears the potential to greatly facilitate this process by allowing learners to experience and engage in immersive virtual scenarios as if they were real. However, while general aspects of immersion have been explored frequently, less is known about the benefits of immersive technology for instructional purposes in practical settings such as airport security.In the present study, we evaluated how different display technologies (2D vs VR) and segmentation (system-paced vs learner-paced) affected screeners' objective and subjective knowledge gain, cognitive load, as well as aspects of motivation and technology acceptance. By employing a 2 x 2 between-subjects design, four experimental groups experienced uniform learning material featuring information about 3D CT technology and its application in airport security: 2D system-paced, 2D learner-paced, VR system-paced, and VR learner-paced. The instructional material was presented as an 11 min multimedia lesson featuring words (i.e., narration, onscreen text) and pictures in dynamic form (i.e., video, animation). Participants of the learner-paced groups were prompted to initialize the next section of the multimedia lesson by pressing a virtual button after short segments of information. Additionally, a control group experiencing no instructional content was included to evaluate the effectiveness of the instructional material. The data was collected at an international airport with screeners having no prior 3D CT experience (n=162).The results show main effects on segmentation for objective learning outcomes (favoring system-paced), germane cognitive load on display technology (supporting 2D). These results contradict the expected benefits of VR and segmentation, respectively. Overall, the present study offers valuable insight on how to implement instructional material for a practical setting.

This paper is a conceptual paper that explores how the sensemaking process by intelligence analysts completed within a cognitive immersive environment might be impacted by the inclusion of a progressive dialog system. The tools enabled in the sensemaking room (a specific instance within the cognitive immersive environment) were informed by tools from the intelligence analysis domain. We explore how a progressive dialog system would impact the use of tools such as the collaborative brainstorming exercise [1]. These structured analytic techniques are well established in intelligence analysis training literature, and act as ways to access the intended users' cognitive schema as they use the cognitive immersive room and move through the sensemaking process. A prior user study determined that the sensemaking room encouraged users to be more concise and representative with information while using the digital brainstorming tool. We anticipate that addition of the progressive dialog function will enable a more cohesive link between information foraging and sensemaking behaviors for analysts.

Remotely connected devices have been adopted in several industrial control systems (ICS) recently due to the advancement in the Industrial Internet of Things (IIoT). This led to new security vulnerabilities because of the expansion of the attack surface. Moreover, cybersecurity incidents in critical infrastructures are increasing. In the ICS, RS-485 cables are widely used in its network for serial communication between each component. However, almost 30 years ago, most of the industrial network protocols implemented over RS-485 such as Modbus were designed without security features. Therefore, anomaly detection is required in industrial control networks to secure communication in the systems. The goal of this paper is to study unsupervised anomaly detection in RS-485 traffic using autoencoders. Five threat scenarios in the physical layer of the industrial control network are proposed. The novelty of our method is that RS-485 traffic is collected indirectly by an analog-to-digital converter. In the experiments, multilayer perceptron (MLP), 1D convolutional, Long Short-Term Memory (LSTM) autoencoders are trained to detect anomalies. The results show that three autoencoders effectively detect anomalous traffic with F1-scores of 0.963, 0.949, and 0.928 respectively. Due to the indirect traffic collection, our method can be practically applied in the industrial control network.

An Industrial Control System (ICS) is essential in monitoring and controlling critical infrastructures such as safety and security. Internet of Things (IoT) in ICSs allows cyber-criminals to utilize systems' vulnerabilities towards deploying cyber-attacks. To distinguish risks and keep an eye on malicious activity in networking systems, An Intrusion Detection System (IDS) is essential. IDS shall be used by system admins to identify unwanted accesses by attackers in various industries. It is now a necessary component of each organization's security governance. The main objective of this intended work is to establish a deep learning-depended intrusion detection system that can quickly identify intrusions and other unwanted behaviors that have the potential to interfere with networking systems. The work in this paper uses One Hot encoder for preprocessing and the Auto encoder for feature extraction. On KDD99 CUP, a data - set for network intruding, we categorize the normal and abnormal data applying a Deep Convolutional Neural Network (DCNN), a deep learning-based methodology. The experimental findings demonstrate that, in comparison with SVM linear Kernel model, SVM RBF Kernel model, the suggested deep learning model operates better.

The development of industrial automation tools and the integration of industrial and corporate networks in order to improve the quality of production management have led to an increase in the risks of successful cyberattacks and, as a result, to the necessity to solve the problems of practical information security of industrial control systems (ICS). Detection of cyberattacks of both known and unknown types is could be implemented as anomaly detection in dynamic information processes recorded during the operation of ICS. Anomaly detection methods do not require preliminary analysis and labeling of the training sample. In the context of detecting attacks on ICS, cluster analysis is used as one of the methods that implement anomaly detection. The application of hierarchical cluster analysis for clustering data of ICS information processes exposed to various cyberattacks is studied, the problem of choosing the level of the cluster hierarchy corresponding to the minimum set of clusters aggregating separately normal and abnormal data is solved. It is shown that the Ward method of hierarchical cluster division produces the best division into clusters. The next stage of the study involves solving the problem of classifying the formed minimum set of clusters, that is, determining which cluster is normal and which cluster is abnormal.

Industrial control systems (ICSs) have become more complex due to their increasing connectivity, heterogeneity and, autonomy. As a result, cyber-threats against such systems have been significantly increased as well. Since a compromised industrial system can easily lead to hazardous safety and security consequences, it is crucial to develop security countermeasures to protect coexisting IT systems and industrial physical processes being involved in modern ICSs. Accordingly, in this study, we propose a deep learning-based semantic anomaly detection framework to model the complex behavior of ICSs. In contrast to the related work assuming only simpler security threats targeting individual controllers in an ICS, we address multi-PLC attacks that are harder to detect as requiring to observe the overall system state alongside single-PLC attacks. Using industrial simulation and emulation frameworks, we create a realistic setup representing both the production and networking aspects of industrial systems and conduct some potential attacks. Our experimental results indicate that our model can detect single-PLC attacks with 95% accuracy and multi-PLC attacks with 80% accuracy and nearly 1% false positive rate.

In recent years, cyber-attacks on modern industrial control systems (ICS) have become more common and it acts as a victim to various kind of attackers. The percentage of attacked ICS computers in the world in 2021 is 39.6%. To identify the anomaly in a large database system is a challenging task. Deep-learning model provides better solutions for handling the huge dataset with good accuracy. On the other hand, real time datasets are highly imbalanced with their sample proportions. In this research, GAN based model, a supervised learning method which generates new fake samples that is similar to real samples has been proposed. GAN based adversarial training would address the class imbalance problem in real time datasets. Adversarial samples are combined with legitimate samples and shuffled via proper proportion and given as input to the classifiers. The generated data samples along with the original ones are classified using various machine learning classifiers and their performances have been evaluated. Gradient boosting was found to classify with 98% accuracy when compared to other

Industrial Control Systems (ICS) are not secure by design–with recent developments requiring them to connect to the Internet, they tend to be highly vulnerable. Additionally, attacks on critical infrastructures such as power grids and nuclear plants can cause significant damage and loss of lives. Since such attacks tend to generate anomalies in the systems, an efficient way of attack detection is to monitor the systems and identify anomalies in real-time. An automated anomaly detection tool is introduced in this paper. Additionally, the functioning of the systems is viewed as Finite State Automata. Specific sensor measurements are used to determine permissible transitions, and statistical measures such as the Interquartile Range are used to determine acceptable boundaries for the remaining sensor measurements provided by the system. Deviations from the boundaries or permissible transitions are considered as anomalies. An additional feature is the provision of a finite state automata diagram that provides the operational constraints of a system, given a set of regulated input. This tool showed a high anomaly detection rate when tested with three types of ICS. The concepts are also benchmarked against a state-of-the-art anomaly detection algorithm called Isolation Forest, and the results are provided.

In recent years, the design of anomaly detectors has attracted a tremendous surge of interest due to security issues in industrial control systems (ICS). Restricted by hardware resources, most anomaly detectors can only be deployed at the remote monitoring ends, far away from the control sites, which brings potential threats to anomaly detection. In this paper, we propose an active real-time anomaly detection framework deployed in the controller of OpenPLC, which is a standardized open-source PLC and has high scalability. Specifically, we add adaptive active noises to control signals, and then identify a linear dynamic system model of the plant offline and implement it in the controller. Finally, we design two filters to process the estimated residuals based on the obtained model and use χ2 detector for anomaly detection. Extensive experiments are conducted on an industrial control virtual platform to show the effectiveness of the proposed detection framework.

Recently, hardware Trojan has become a serious security concern in the integrated circuit (IC) industry. Due to the globalization of semiconductor design and fabrication processes, ICs are highly vulnerable to hardware Trojan insertion by malicious third-party vendors. Therefore, the development of effective hardware Trojan detection techniques is necessary. Testability measures have been proven to be efficient features for Trojan nets classification. However, most of the existing machine-learning-based techniques use supervised learning methods, which involve time-consuming training processes, need to deal with the class imbalance problem, and are not pragmatic in real-world situations. Furthermore, no works have explored the use of anomaly detection for hardware Trojan detection tasks. This paper proposes a semi-supervised hardware Trojan detection method at the gate level using anomaly detection. We ameliorate the existing computation of the Sandia Controllability/Observability Analysis Program (SCOAP) values by considering all types of D flip-flops and adopt semi-supervised anomaly detection techniques to detect Trojan nets. Finally, a novel topology-based location analysis is utilized to improve the detection performance. Testing on 17 Trust-Hub Trojan benchmarks, the proposed method achieves an overall 99.47% true positive rate (TPR), 99.99% true negative rate (TNR), and 99.99% accuracy.

Anomaly detection for devices (e.g, sensors and actuators) plays a crucial role in Industrial Control Systems (ICS) for security protection. The typical framework of deep learning-based anomaly detection includes a model to predict or reconstruct the state of devices and a detection mechanism to determine anomalies. The majority of anomaly detection methods use a fixed threshold detection mechanism to detect anomalous points. However, the anomalies caused by cyberattacks in ICSs are usually continuous anomaly segments. In this paper, we propose a novel detection mechanism to detect continuous anomaly segments. Its core idea is to determine the start and end times of anomalies based on the continuity characteristics of anomalies and the dynamics of error. We conducted experiments on the two real-world datasets for performance evaluation using five baselines. The F1 score increased by 3.8% on average in the SWAT dataset and increased by 15.6% in the WADI dataset. The results show a significant improvement in the performance of baselines using an error neighborhood-based continuity detection mechanism in a real-time manner.

Industrial Control Systems (ICS) are increasingly facing the threat of False Data Injection (FDI) attacks. As an emerging intrusion detection scheme for ICS, process-based Intrusion Detection Systems (IDS) can effectively detect the anomalies caused by FDI attacks. Specifically, such IDS establishes anomaly detection model which can describe the normal pattern of industrial processes, then perform real-time anomaly detection on industrial process data. However, this method suffers low detection accuracy due to the complexity and instability of industrial processes. That is, the process data inherently contains sophisticated nonlinear spatial-temporal correlations which are hard to be explicitly described by anomaly detection model. In addition, the noise and disturbance in process data prevent the IDS from distinguishing the real anomaly events. In this paper, we propose an Anomaly Detection approach based on Robust Spatial-temporal Modeling (AD-RoSM). Concretely, to explicitly describe the spatial-temporal correlations within the process data, a neural based state estimation model is proposed by utilizing 1D CNN for temporal modeling and multi-head self attention mechanism for spatial modeling. To perform robust anomaly detection in the presence of noise and disturbance, a composite anomaly discrimination model is designed so that the outputs of the state estimation model can be analyzed with a combination of threshold strategy and entropy-based strategy. We conducted extensive experiments on two benchmark ICS security datasets to demonstrate the effectiveness of our approach.

To decrease the IoT attack surface and provide protection against security threats such as introduction of fake IoT nodes and identity theft, IoT requires scalable device identity and authentication management. This work proposes a blockchain-based identity management approach with consensus authentication as a scalable solution for IoT device authentication management. The proposed approach relies on having a blockchain secure tamper proof ledger and a novel lightweight consensus-based identity authentication. The results show that the proposed decentralised authentication system is scalable as we increase number of nodes.

With the rapid development of artificial intelligence technology, deepfake technology based on deep learning is receiving more and more attention from society or the industry. While enriching people's cultural and entertainment life, in-depth fakes technology has also caused many social problems, especially potential risks to managing network credible identities. With the continuous advancement of deep fakes technology, the security threats and trust crisis caused by it will become more serious. It is urgent to take adequate measures to curb the abuse risk of deep fakes. The article first introduces the principles and characteristics of deep fakes technology and then deeply analyzes its severe challenges to network trusted identity management. Finally, it researches the supervision and technical level and puts forward targeted preventive countermeasures.

The expansion of the internet has resulted in huge growth in every industry. It does, however, have a substantial impact on the downsides. Because of the internet's rapid growth, personally identifiable information (PII) should be kept secure in the coming years. Obtaining someone's personal information is rather simple nowadays. There are some established methods for keeping our personal information private. Further, it is essential because we must provide our identity cards to someone for every verification step. In this paper, we will look at some of the attempted methods for protecting our identities. We will highlight the research gaps and potential future enhancements in the research for more enhanced security based on our literature review.

Many cyber-related untoward incidents and multiple instances of a data breach of system are being reported. User identity and its usage for valid entry to system depend upon successful authentication. Researchers have explored many threats and vulnerabilities in a centralized system. It has initiated concept of a decentralized way to overcome them. In this work, we have explored application of Self-Sovereign Identity and Verifiable Credentials using decentralized identifiers over cloud.

Digital identity management system is the securi-ty infrastructure of computer and internet applications. However, currently, most of the digital identity management systems are faced with problems such as the difficulty of cross-domain authentication and interoperation, the lack of credibility of identity authentication, the weakness of the security of identity data. Although the advantages of block-chain technology have attached the attentions of experts and scholars in the field of digital identity management and many digital identity management systems based on block-chain have been built, the systems still can't completely solve the problems mentioned above. Therefore, in this pa-per, an effective digital identity management system model is proposed which combines technologies of self-sovereign identity and oracle with blockchain so as to pave a way in solving the problems mentioned above and constructing a secure and reliable digital identity management system.

The Internet of Things poses some of the biggest security challenges in the present day. Companies, users and infrastructures are constantly under attack by malicious actors. Increasingly, attacks are being launched by hacking into one vulnerable device and hence disabling entire networks resulting in great loss. A strong identity management framework can help better protect these devices by issuing a unique identity and managing the same through its lifecycle. Identity of Things (IDoT) is a term that has been used to describe the importance of device identities in IoT networks. Since the traditional identity and access management (IAM) solutions are inadequate in managing identities for IoT, the Identity of Things (IDoT) is emerging as the solution for issuance of Identities to every type of device within the IoT IAM infrastructure. This paper presents the survey of recent research works proposed in the area of device identities and various commercial solutions offered by organizations specializing in IoT device security.

Digitalization has occurred in almost all industries, one of them is health industry. Patients” medical records are now easier to be accessed and managed as all related data are stored in data storages or repositories. However, this system is still under development as number of patients still increasing. Lack of standardization might lead to patients losing their right to control their own data. Therefore, implementing private blockchain system with Self-Sovereign Identity (SSI) concept for identity management in health industry is a viable notion. With SSI, the patients will be benefited from having control over their own medical records and stored with higher security protocol. While healthcare providers will benefit in Know You Customer (KYC) process, if they handle new patients, who move from other healthcare providers. It will eliminate and shorten the process of updating patients' medical records from previous healthcare providers. Therefore, we suggest several flows in implementing blockchain for digital identity in healthcare industry to help overcome lack of patient's data control and KYC in current system. Nevertheless, implementing blockchain on health industry requires full attention from surrounding system and stakeholders to be realized.

The agricultural sector and other Micro, Small, and Medium Enterprises in India operate with more than 90% migrant workers searching for better employment opportunities far away from their native places. However, inherent challenges are far more for the migrant workers, most prominently their Identity. To the best of our knowledge, available literature lacks a comprehensive study on identity management components for user privacy and data protection mechanisms in identity management architecture. Self-Sovereign Identity is regarded as a new evolution in digital identity management systems. Blockchain technology and distributed ledgers bring us closer to realizing an ideal Self-Sovereign Identity system. This paper proposes a novel solution to address identity issues being faced by migrant workers. It also gives a holistic, coherent, and mutually beneficial Identity Management Solution for the migrant workforce in the Indian perspective towards e-Governance and Digital India.

Identity Management Systems (IdMS) have seemingly evolved in recent years, both in terms of modelling approach and in terms of used technology. The early centralized, later federated and user-centric Identity Management (IdM) was finally replaced by Self-Sovereign Identity (SSI). Solutions based on Distributed Ledger Technology (DLT) appeared, with prominent examples of uPort, Sovrin or ShoCard. In effect, users got more freedom in creation and management of their identities. IdM systems became more distributed, too. However, in the area of interoperability, dynamic and ad-hoc identity management there has been almost no significant progress. Quest for the best IdM system which will be used by all entities and organizations is deemed to fail. The environment of IdM systems is, and in the near future will still be, heterogenous. Therefore a person will have to manage her or his identities in multiple IdM systems. In this article authors argument that future-proof IdM systems should be able to interoperate with each other dynamically, i.e. be able to discover existence of different identities of a person across multiple IdM systems, dynamically build trust relations and be able to translate identity assertions and claims across various IdM domains. Finally, authors introduce identity relationship model and corresponding identity discovery algorithm, propose IdMS-agnostic identity discovery service design and its implementation with use of Ethereum and Smart Contracts.

One way to detect and assess software vulnerabilities is by extracting security-related information from commit messages. Automating the detection and assessment of vulnerabilities upon security commit messages is still challenging due to the lack of structured and clear messages. We created a convention, called SECOM, for security commit messages that structure and include bits of security-related information that are essential for detecting and assessing vulnerabilities for both humans and tools. The full convention and details are available here: https://tqrg.github.io/secom/.

In this work, we examine the following question: How can we improve the best data complexity among the impossible differential (ID) attacks on AES? One of the most efficient attacks on AES are ID attacks. We have seen that the Biham-Keller ID characteristics are frequently used in these ID attacks. We observe the following fact: The probability that a given pair with a wrong key produce an ID characteristic is closely correlated to the data usage negatively. So, we maximize this probability by exploiting a Biham-Keller ID characteristic in a different manner than the other attacks. As a result, we mount an ID attack on 7-round AES-192 and obtain the best data requirement among all the ID attacks on 7-round AES. We make use of only 2$^\textrm58$ chosen plaintexts.