Biblio

An IDS is a system that helps in detecting any kind of doubtful activity on a computer network. It is capable of identifying suspicious activities at both the levels i.e. locally at the system level and in transit at the network level. Since, the system does not have its own dataset as a result it is inefficient in identifying unknown attacks. In order to overcome this inefficiency, we make use of ML. ML assists in analysing and categorizing attacks on diverse datasets. In this study, the efficacy of eight machine learning algorithms based on KDD CUP99 is assessed. Based on our implementation and analysis, amongst the eight Algorithms considered here, Support Vector Machine (SVM), Random Forest (RF) and Decision Tree (DT) have the highest testing accuracy of which got SVM does have the highest accuracy

Evaluating the security gains brought by software diversity is one key issue of software diversity research, but the existing software diversity evaluation methods are generally based on conventional code features and are relatively single, which are difficult to accurately reflect the security gains brought by software diversity. To solve these problems, from the perspective of return-oriented programming (ROP) attack, we present a software diversity evaluation method which integrates metrics for the quality and distribution of gadgets. Based on the proposed evaluation method and SpiderMonkey JavaScript engine, we implement a software diversity evaluation system for compiled languages and script languages. Diversity techniques with different granularities are used to test. The evaluation results show that the proposed evaluation method can accurately and comprehensively reflect the security gains brought by software diversity.

The industrial Internet platform has been applied to various fields of industrial production, effectively improving the data flow of all elements in the production process, improving production efficiency, reducing production costs, and ensuring the market competitiveness of enterprises. The premise of the effective application of the industrial Internet platform is the interconnection of industrial equipment. In the industrial Internet platform, industrial robot is a very common industrial control device. These industrial robots are connected to the control network of the industrial Internet platform, which will have obvious advantages in production efficiency and equipment maintenance, but at the same time will cause more serious network security problems. The industrial robot system based on the industrial Internet platform not only increases the possibility of industrial robots being attacked, but also aggravates the loss and harm caused by industrial robots being attacked. At the same time, this paper illustrates the effects and scenarios of industrial robot attacks based on industrial interconnection platforms from four different scenarios of industrial robots being attacked. Availability and integrity are related to the security of the environment.

With the increasing awareness of privacy protection and data security, people’s concerns over the confidentiality of sensitive data still limit the application of distributed artificial intelligence. In fact, a new encryption form, called homomorphic encryption(HE), has achieved a balance between security and operability. In particular, one of the HE schemes named Paillier has been adopted to protect data privacy in distributed artificial intelligence. However, the massive computation of modular multiplication in Paillier greatly affects the speed of encryption and decryption. In this paper, we propose a fast CRT-Paillier scheme to accelerate its decryption process. We first introduce the Montgomery algorithm to the CRT-Paillier to improve the process of the modular exponentiation, and then compute the modular exponentiation in parallel by using OpenMP. The experimental results show that our proposed scheme has greatly heightened its decryption speed while preserving the same security level. Especially, when the key length is 4096-bit, its speed of decryption is about 148 times faster than CRT-Paillier.

The amount of information that is shared regularly has increased as a direct result of the rapid development of network administrators, Web of Things-related devices, and online users. Cybercriminals constantly work to gain access to the data that is stored and transferred online in order to accomplish their objectives, whether those objectives are to sell the data on the dark web or to commit another type of crime. After conducting a thorough writing analysis of the causes and problems that arise with wireless networks’ security and privacy, it was discovered that there are a number of factors that can make the networks unpredictable, particularly those that revolve around cybercriminals’ evolving skills and the lack of significant bodies’ efforts to combat them. It was observed. Wireless networks have a built-in security flaw that renders them more defenceless against attack than their wired counterparts. Additionally, problems arise in networks with hub mobility and dynamic network geography. Additionally, inconsistent availability poses unanticipated problems, whether it is accomplished through mobility or by sporadic hub slumber. In addition, it is difficult, if not impossible, to implement recently developed security measures due to the limited resources of individual hubs. Large-scale problems that arise in relation to wireless networks and flexible processing are examined by the Wireless Correspondence Network Security and Privacy research project. A few aspects of security that are taken into consideration include confirmation, access control and approval, non-disavowal, privacy and secrecy, respectability, and inspection. Any good or service should be able to protect a client’s personal information. an approach that emphasises quality, implements strategy, and uses a poll as a research tool for IT and public sector employees. This strategy reflects a higher level of precision in IT faculties.

Concurrency vulnerabilities caused by synchronization problems will occur in the execution of multi-threaded programs, and the emergence of concurrency vulnerabilities often cause great threats to the system. Once the concurrency vulnerabilities are exploited, the system will suffer various attacks, seriously affecting its availability, confidentiality and security. In this paper, we extract 839 concurrency vulnerabilities from Common Vulnerabilities and Exposures (CVE), and conduct a comprehensive analysis of the trend, classifications, causes, severity, and impact. Finally, we obtained some findings: 1) From 1999 to 2021, the number of concurrency vulnerabilities disclosures show an overall upward trend. 2) In the distribution of concurrency vulnerability, race condition accounts for the largest proportion. 3) The overall severity of concurrency vulnerabilities is medium risk. 4) The number of concurrency vulnerabilities that can be exploited for local access and network access is almost equal, and nearly half of the concurrency vulnerabilities (377/839) can be accessed remotely. 5) The access complexity of 571 concurrency vulnerabilities is medium, and the number of concurrency vulnerabilities with high or low access complexity is almost equal. The results obtained through the empirical study can provide more support and guidance for research in the field of concurrency vulnerabilities.

The long-living nature and byte-addressability of persistent memory (PM) amplifies the importance of strong memory protections. This paper develops temporal exposure reduction protection (TERP) as a framework for enforcing memory safety. Aiming to minimize the time when a PM region is accessible, TERP offers a complementary dimension of memory protection. The paper gives a formal definition of TERP, explores the semantics space of TERP constructs, and the relations with security and composability in both sequential and parallel executions. It proposes programming system and architecture solutions for the key challenges for the adoption of TERP, which draws on novel supports in both compilers and hardware to efficiently meet the exposure time target. Experiments validate the efficacy of the proposed support of TERP, in both efficiency and exposure time minimization.

With the global transition to the IPv6 (Internet Protocol version 6), IP (Internet Protocol) validation efficiency and IPv6 support from the aspect of network programming are gaining more importance. As global computer networks grow in the era of IoT (Internet of Things), IP address validation is an inevitable process for assuring strong network privacy and security. The complexity of IP validation has been increased due to the rather drastic change in the memory architecture needed for storing IPv6 addresses. Low-level programming languages like C/C++ are a great choice for handling memory spaces and working with simple devices connected in an IoT (Internet of Things) network. This paper analyzes some user-defined and open-source implementations of IP validation codes in Boost. Asio and POCO C++ networking libraries, as well as the IP security support provided for general networking purposes and IoT. Considering a couple of sample codes, the paper gives a conclusion on whether these C++ implementations answer the needs for flexibility and security of the upcoming era of IPv6 addressed computers.

All of us are familiar with the importance of social media in facilitating communication. e-mail is one of the safest social media platforms for online communications and information transfer over the internet. As of now, many people rely on email or communications provided by strangers. Because everyone may send emails or a message, spammers have a great opportunity to compose spam messages about our many hobbies and passions, interests, and concerns. Our internet speeds are severely slowed down by spam, which also collects personal information like our phone numbers from our contact list. There is a lot of work involved in identifying these fraudsters and also identifying spam content. Email spam refers to the practice of sending large numbers of messages via email. The recipient bears the bulk of the cost of spam, therefore it's practically free advertising. Spam email is a form of commercial advertising for hackers that is financially viable due of the low cost of sending email. Anti-spam filters have become increasingly important as the volume of unwanted bulk e-mail (also spamming) grows. We can define a message, if it is a spam or not using this proposed model. Machine learning algorithms can be discussed in detail, and our data sets will be used to test them all, with the goal of identifying the one that is most accurate and precise in its identification of email spam. Society of machine learning techniques for detecting unsolicited mass email and spam.

This paper shows that the modern high customizable Xtensa architecture for embedded devices is exploitable by Return-Oriented Programming (ROP) attacks. We used a simple Hello-World application written with the RIOT OS as an almost minimal code basis for determining if the number of gadgets that can be found in this code base is sufficient to build a reasonably complex attack. We determined 859 found gadgets which are sufficient to create a gadget catalog for the Xtensa. Despite the code basis used being really small, the presented gadget catalog provides Turing completeness, which allows an arbitrary computation of any exploit program.

Memory-based vulnerabilities are becoming more and more common in low-power and low-cost devices in IOT. We study several low-level vulnerabilities that lead to memory corruption in C and C++ programs, and how to use stack corruption and format string attack to exploit these vulnerabilities. Automatic methods for resisting memory attacks, such as stack canary and address space layout randomization ASLR, are studied. These methods do not need to change the source program. However, a return-oriented programming (ROP) technology can bypass them. Control flow integrity (CFI) can resist the destruction of ROP technology. In fact, the security design is holistic. Finally, we summarize the rules of security coding in embedded devices, and propose two novel methods of software anomaly detection process for IOT devices in the future.

Side-channel attacks have been a constant threat to computing systems. In recent times, vulnerabilities in the architecture were discovered and exploited to mount and execute a state-of-the-art attack such as Spectre. The Spectre attack exploits a vulnerability in the Intel-based processors to leak confidential data through the covert channel. There exist some defenses to mitigate the Spectre attack. Among multiple defenses, hardware-assisted attack/intrusion detection (HID) systems have received overwhelming response due to its low overhead and efficient attack detection. The HID systems deploy machine learning (ML) classifiers to perform anomaly detection to determine whether the system is under attack. For this purpose, a performance monitoring tool profiles the applications to record hardware performance counters (HPC), utilized for anomaly detection. Previous HID systems assume that the Spectre is executed as a standalone application. In contrast, we propose an attack that dynamically generates variations in the injected code to evade detection. The attack is injected into a benign application. In this manner, the attack conceals itself as a benign application and gen-erates perturbations to avoid detection. For the attack injection, we exploit a return-oriented programming (ROP)-based code-injection technique that reuses the code, called gadgets, present in the exploited victim's (host) memory to execute the attack, which, in our case, is the CR-Spectre attack to steal sensitive data from a target victim (target) application. Our work focuses on proposing a dynamic attack that can evade HID detection by injecting perturbations, and its dynamically generated variations thereof, under the cloak of a benign application. We evaluate the proposed attack on the MiBench suite as the host. From our experiments, the HID performance degrades from 90% to 16%, indicating our Spectre-CR attack avoids detection successfully.

Static analyzers have become increasingly popular both as developer tools and as subjects of empirical studies. Whereas static analysis tools exist for disparate programming languages, the bulk of the empirical research has focused on the popular Java programming language. In this paper, we investigate to what extent some known results about using static analyzers for Java change when considering C\#-another popular object-oriented language. To this end, we combine two replications of previous Java studies. First, we study which static analysis tools are most widely used among C\# developers, and which warnings are more commonly reported by these tools on open-source C\# projects. Second, we develop and empirically evaluate EagleRepair: a technique to automatically fix code in response to static analysis warnings; this is a replication of our previous work for Java [20]. Our replication indicates, among other things, that 1) static code analysis is fairly popular among C\# developers too; 2) Re-Sharper is the most widely used static analyzer for C\#; 3) several static analysis rules are commonly violated in both Java and C\# projects; 4) automatically generating fixes to static code analysis warnings with good precision is feasible in C\#. The EagleRepair tool developed for this research is available as open source.

The complexity and scale of modern software programs often lead to overlooked programming errors and security vulnerabilities. Developers often rely on automatic tools, like static analysis tools, to look for bugs and vulnerabilities. Static analysis tools are widely used because they can understand nontrivial program behaviors, scale to millions of lines of code, and detect subtle bugs. However, they are known to generate an excess of false alarms which hinder their utilization as it is counterproductive for developers to go through a long list of reported issues, only to find a few true positives. One of the ways proposed to suppress false positives is to use machine learning to identify them. However, training machine learning models requires good quality labeled datasets. For this purpose, we developed D2A [3], a differential analysis based approach that uses the commit history of a code repository to create a labeled dataset of Infer [2] static analysis output.

Conpot is a low-interaction SCADA honeypot system that mimics a Siemens S7-200 proprietary device on default deployments. Honeypots operating using standard configurations can be easily detected by adversaries using scanning tools such as Shodan. This study focuses on the capabilities of the Conpot honeypot, and how these competences can be used to lure attackers. In addition, the presented research establishes a framework that enables for the customized configuration, thereby enhancing its functionality to achieve a high degree of deceptiveness and realism when presented to the Shodan scanners. A comparison between the default and configured deployments is further conducted to prove the modified deployments' effectiveness. The resulting annotations can assist cybersecurity personnel to better acknowledge the effectiveness of the honeypot's artifacts and how they can be used deceptively. Lastly, it informs and educates cybersecurity audiences on how important it is to deploy honeypots with advanced deceptive configurations to bait cybercriminals.

Existing defense strategies against adversarial attacks (AAs) on AI/ML are primarily focused on examining the input data streams using a wide variety of filtering techniques. For instance, input filters are used to remove noisy, misleading, and out-of-class inputs along with a variety of attacks on learning systems. However, a single filter may not be able to detect all types of AAs. To address this issue, in the current work, we propose a robust, transferable, distribution-independent, and cross-domain supported framework for selecting Adaptive Filter Ensembles (AFEs) to minimize the impact of data poisoning on learning systems. The optimal filter ensembles are determined through a Multi-Objective Bi-Level Programming Problem (MOBLPP) that provides a subset of diverse filter sequences, each exhibiting fair detection accuracy. The proposed framework of AFE is trained to model the pristine data distribution to identify the corrupted inputs and converges to the optimal AFE without vanishing gradients and mode collapses irrespective of input data distributions. We presented preliminary experiments to show the proposed defense outperforms the existing defenses in terms of robustness and accuracy.

Recently, unmanned aerial vehicle (UAV) swarm has been advocated to provide diverse data-centric services including data relay, content caching and computing task offloading in vehicular networks due to their flexibility and conveniences. Since only offloading computing tasks to edge computing devices (ECDs) can not meet the real-time demand of vehicles in peak traffic flow, this paper proposes to combine edge computing and UAV swarm for cooperative task offloading in vehicular networks. Specifically, we first design a cooperative task offloading framework that vehicles' computing tasks can be executed locally, offloaded to UAV swarm, or offloaded to ECDs. Then, the selection of offloading strategy is formulated as a mixed integer nonlinear programming problem, the object of which is to maximize the utility of the vehicle. To solve the problem, we further decompose the original problem into two subproblems: minimizing the completion time when offloading to UAV swarm and optimizing the computing resources when offloading to ECD. For offloading to UAV swarm, the computing task will be split into multiple subtasks that are offloaded to different UAVs simultaneously for parallel computing. A Q-learning based iterative algorithm is proposed to minimize the computing task's completion time by equalizing the completion time of its subtasks assigned to each UAV. For offloading to ECDs, a gradient descent algorithm is used to optimally allocate computing resources for offloaded tasks. Extensive simulations are lastly conducted to demonstrate that the proposed scheme can significantly improve the utility of vehicles compared with conventional schemes.

Data leakage by employees is a matter of concern for companies and organizations today. Previous studies have shown that existing Data Leakage Protection (DLP) systems on the market, the more secure they are, the more intrusive and tedious they are to work with. This paper proposes and assesses the implementation of four technologies that enable the development of secure file systems for insider threat-focused, low-intrusive and user-transparent DLP tools. Two of these technologies are configurable features of the Windows operating system (Minifilters and Server Message Block), the other two are virtual file systems (VFS) Dokan and WinFsp, which mirror the real file system (RFS) allowing it to incorporate security techniques. In the assessment of the technologies, it was found that the implementation of VFS was very efficient and simple. WinFsp and Dokan presented a performance of 51% and 20% respectively, with respect to the performance of the operations in the RFS. This result may seem relatively low, but it should be taken into account that the calculation includes read and write encryption and decryption operations as appropriate for each prototype. Server Message Block (SMB) presented a low performance (3%) so it is not considered viable for a solution like this, while Minifilters present the best performance but require high programming knowledge for its evolution. The prototype presented in this paper and its strategy provides an acceptable level of comfort for the user, and a high level of security.

The Enterprise Architecture and Systems Engineering communities are often faced with complexity barriers that develop due to the fact that modern systems must be agile and resilient. This requires dynamic changes to the system so as to adapt to changing missions as well as changes in the internal and external environments. The requirement is not entirely new, but practitioners need guidance on how to manage the life cycle of such systems. This is a problem because we must be able to architect systems by alleviating the difficulties in systems life cycle management (e.g., by helping the enterprise- or systems engineer organise and maintain models and architecture descriptions of the system of interest). Building on Pask’s conversation theoretic model of aware (human or machine) individuals, the paper proposes a reference model for systems that maintain their own models real time, act efficiently, and create system-level awareness on all levers of aggregation.

Automatic Static Analysis Tools (ASATs) detect coding rule violations, including mistakes and bad practices that frequently occur during programming. While ASATs are widely used in both OSS and industry, the developers do not resolve more than 80% of the detected violations. As one of the reasons, most ASATs users do not customize their ASATs to their projects after installation; the ASATs with the default configuration report many rule violations that confuse developers. To reduce the ratio of such uninteresting warning messages, we propose a method to customize ASATs according to the product source code automatically. Our fundamental hypothesis is: A software project has interesting ASAT rules that are consistent over time. Our method takes source code as input and generates an ASAT configuration. In particular, the method enables optional (i.e., disabled by default) rules that detected no violations on the version because developers are likely to follow the rules in future development. Our method also disables violated rules because developers were unlikely to follow them. To evaluate the method, we applied our method to 643 versions of four JavaScript projects. The generated configurations for all four projects increased the ASAT precision. They also increased recall for two projects. The result shows that our method helps developers to focus on their attractive rule violations. Our implementation of the proposed method is available at https://github.com/devreplay/linter-maintainer

We present a scalable optimization algorithm and its parallel implementation for two-stage stochastic programming problems of large-scale, particularly the security constrained optimal power flow models routinely used in electrical power grid operations. Such problems can be prohibitively expensive to solve on industrial scale with the traditional methods or in serial. The algorithm decomposes the problem into first-stage and second-stage optimization subproblems which are then scheduled asynchronously for efficient evaluation in parallel. Asynchronous evaluations are crucial in achieving good balancing and parallel efficiency because the second-stage optimization subproblems have highly varying execution times. The algorithm employs simple local second-order approximations of the second-stage optimal value functions together with exact first- and second-order derivatives for the first-stage subproblems to accelerate convergence. To reduce the number of the evaluations of computationally expensive second-stage subproblems required by line search, we devised a flexible mechanism for controlling the step size that can be tuned to improve performance for individual class of problems. The algorithm is implemented in C++ using MPI non-blocking calls to overlap computations with communication and boost parallel efficiency. Numerical experiments of the algorithm are conducted on Summit and Lassen supercomputers at Oak Ridge and Lawrence Livermore National Laboratories and scaling results show good parallel efficiency.

This paper explores a practical approach to securing large wireless networks by applying Physical Layer Security (PLS). To date, PLS has mostly been seen as an information theory concept with few practical implementations. We present an Access Point (AP) selection algorithm that uses PLS to find an AP that offers the highest secrecy capacity to a legitimate user. We then propose an implementation of this algorithm using the novel concept of spectrum programming which extends Software-Defined Networking to the physical and data-link layers and makes wireless network management and control more flexible and scalable than traditional platforms. Our Wi-Fi network evaluation results show that our approach outperforms conventional solutions in terms of security, but at the expense of communication capacity, thus identifying a trade-off between security and performance. These results encourage implementation and extension to further wireless technologies.

Smart assistants, like Amazon's Alexa or Apple's Siri, have become commonplace in many people's lives, appearing in their phones and homes. Despite their ubiquity, these conversational AI agents still largely remain a mystery to many, in terms of how they work and what they can do. To lower the barrier to entry to understanding and creating these agents for young students, we expanded on Convo, a conversational programming agent that can respond to both voice and text inputs. The previous version of Convo focused on teaching only programming skills, so we created a simple, intuitive user interface for students to use those programming skills to train and create their own conversational AI agents. We also developed a curriculum to teach students about key concepts in AI and conversational AI in particular. We ran a 3-day workshop with 15 participating middle school students. Through the data collected from the pre- and post-workshop surveys as well as a mid-workshop brainstorming session, we found that after the workshop, students tended to think that conversational AI agents were less intelligent than originally perceived, gained confidence in their abilities to build these agents, and learned some key technical concepts about conversational AI as a whole. Based on these results, we are optimistic about CONVO'S ability to teach and empower students to develop conversational AI agents in an intuitive way.

Realizing flow security in a concurrent environment is extremely challenging, primarily due to non-deterministic nature of execution. The difficulty is further exacerbated from a security angle if sequential threads disclose control locations through publicly observable statements like print, sleep, delay, etc. Such observations lead to internal and external timing attacks. Inspired by previous works that use classical Hoare style proof systems for establishing correctness of distributed (real-time) programs, in this paper, we describe a method for finding information leaks in concurrent programs through the introduction of leaky assertions at observable program points. Specifying leaky assertions akin to classic assertions, we demonstrate how information leaks can be detected in a concurrent context. To our knowledge, this is the first such work that enables integration of different notions of non-interference used in functional and security context. While the approach is sound and relatively complete in the classic sense, it enables the use of algorithmic techniques that enable programmers to come up with leaky assertions that enable checking for information leaks in sensitive applications.

A number of approaches have been developed for analysing information flow in concurrent programs in a compositional manner, i.e., in terms of one thread at a time. Early approaches modelled the behaviour of a given thread's environment using simple read and write permissions on variables, or by associating specific behaviour with whether or not locks are held. Recent approaches allow more general representations of environmental behaviour, increasing applicability. This, however, comes at a cost. These approaches analyse the code in a forwards direction, from the start of the program to the end, constructing the program's entire state after each instruction. This process needs to take into account the environmental influence on all shared variables of the program. When environmental influence is modelled in a general way, this leads to increased complexity, hindering automation of the analysis. In this paper, we present a compositional information flow analysis for concurrent systems which is the first to support a general representation of environmental behaviour and be automated within a theorem prover. Our approach analyses the code in a backwards direction, from the end of the program to the start. Rather than constructing the entire state at each instruction, it generates only the security-related proof obligations. These are, in general, much simpler, referring to only a fraction of the program's shared variables and thus reducing the complexity introduced by environmental behaviour. For increased applicability, our approach analyses value-dependent information flow, where the security classification of a variable may depend on the current state. The resulting logic has been proved sound within the theorem prover Isabelle/HOL.