Biblio

Despite the surging development and utilization of IoT devices, the security of IoT devices is still in infancy. The security pitfalls of IoT devices have made it easy for hackers to take over IoT devices and use them for malicious activities like botnet attacks. With the rampant emergence of IoT devices, botnet attacks are surging. The botnet attacks are not only catastrophic for IoT device users but also for the rest of the world. Therefore, there is a crucial need to identify and mitigate the possible threats in IoT devices during the design phase. Threat modelling is a technique that is used to identify the threats in the earlier stages of the system design activity. In this paper, we propose a threat modelling approach to analyze and mitigate the botnet attacks in an IoT smart home use case. The proposed methodology identifies the development-level and application-level threats in smart home use case using STRIDE and VAST threat modelling methods. Moreover, we reticulate the identified threats with botnet attacks. Finally, we propose the mitigation techniques for all identified threats including the botnet threats.

With the development of smart grid technologies and the fast adoption of household IoT devices in recent years, new threats, attacks, and security challenges arise. While a large number of vulnerabilities, threats, attacks and controls have been discussed in the literature, there lacks an abstract and generalizable framework that can be used to model the cyber-physical interactions of attacks and guide the design of defense mechanisms. In this paper, we propose a new modeling approach for security attacks in smart grids and IoT devices using a Cyber-Physical Systems (CPS) perspective. The model considers both the cyber and physical aspects of the core components of the smart grid system and the household IoT devices, as well as the interactions between the components. In particular, our model recognizes the two parallel attack channels via the cyber world and the physical world, and identifies the potential crossing routes between these two attack channels. We further discuss all possible attack surfaces, attack objectives, and attack paths in this newly proposed model. As case studies, we examine from the perspective of this new model three representative attacks proposed in the literature. The analysis demonstrates the applicability of the model, for instance, to assist the design of detection and defense mechanisms against smart grid cyber-attacks.

The paper discusses a prototype of a database, which can be used for operation in a decentralized mode for an information system. In this project, the focus is on creation of a data structure model that provides flexibility of business processes. The research is based on the development of a model for decentralized access rights distribution by including users in groups where they are assigned similar roles using consensus of other group members. This paper summarizes the main technologies that were used to ensure information security of the decentralized storage, the mechanisms for fixing access rights to an object access (the minimum entity of the system), describes a process of the data access control at the role level and an algorithm for managing the consensus for applying changes.

With the development of technology, application of the Internet in daily life is increasing, making our connection with the Internet closer. However, with the improvement of convenience, information security has become more and more important. How to ensure information security in a convenient living environment is a question worth discussing. For instance, the widespread deployment of IP-cameras has made great progress in terms of convenience. On the contrary, it increases the risk of privacy exposure. Poorly designed surveillance devices may be implanted with suspicious software, which might be a thorny issue to human life. To effectively identify vulnerable devices, we design an SDN-based identification system that uses machine learning technology to identify brands and probable model types by identifying packet features. The identifying results make it possible for further vulnerability analysis.

Operating system (OS) classification is of growing importance to network administrators and cybersecurity analysts alike. The composition of OSs on a network allows for a better quality of device management to be achieved. Additionally, it can be used to identify devices that pose a security risk to the network. However, the sheer number and diversity of OSs that comprise modern networks have vastly increased this management complexity. We leverage insights from social networking theory to provide an encryption-invariant OS classification technique that is quick to train and widely deployable on various network configurations. In particular, we show how an affiliation graph can be used as an input to a machine learning classifier to predict the OS of a device using only the IP addresses for which the device communicates with.We examine the effectiveness of our approach through an empirical analysis of 498 devices on a university campus’ wireless network. In particular, we show our methodology can classify different OS families (i.e., Apple, Windows, and Android OSs) with an accuracy of 99.3%. Furthermore, we extend this study by: 1) examining distinct OSs (e.g., iOS, OS X, and Windows 10); 2) investigating the interval of time required to make an accurate prediction; and, 3) determining the effectiveness of our approach after six months.

Browsers collects information for better user experience by allowing JavaScript's and other extensions. Advertiser and other trackers take advantage on this useful information to tracked users across the web from remote devices on the purpose of individual unique identifications the so-called browser fingerprinting. Our work explores the diversity and stability of browser fingerprint by modifying the rule-based algorithm. Browser fingerprint rely only from the gathered data through browser, it is hard to tell that this piece of information still the same when upgrades and or downgrades are happening to any browsers and software's without user consent, which is stability and diversity are the most important usage of generating browser fingerprint. We implemented device fingerprint to identify consenting visitors in our website and evaluate individual devices attributes by calculating entropy of each selected attributes. In this research, it is noted that we emphasize only on data collected through a web browser by employing twenty (20) attributes to identify promising high value information to track how device information evolve and consistent in a period of time, likewise, we manually selected device information for evaluation where we apply the modified rules. Finally, this research is conducted and focused on the devices having the closest configuration and device information to test how devices differ from each other after several days of using on the basis of individual user configurations, this will prove in our study that every device is unique.

The security of wireless network devices has received widespread attention, but most existing schemes cannot achieve fine-grained device identification. In practice, the security vulnerabilities of a device are heavily depending on its model and firmware version. Motivated by this issue, we propose a universal, extensible and device-independent framework called SCAFFISD, which can provide fine-grained identification of wireless routers. It can generate access rules to extract effective information from the router admin page automatically and perform quick scans for known device vulnerabilities. Meanwhile, SCAFFISD can identify rogue access points (APs) in combination with existing detection methods, with the purpose of performing a comprehensive security assessment of wireless networks. We implement the prototype of SCAFFISD and verify its effectiveness through security scans of actual products.

Physical Unclonable Function is an innovative hardware security primitives that exploit the physical characteristics of a physical object to generate a unique identifier, which play the role of the object's fingerprint. Silicon PUF, a popular type of PUFs, exploits the variation in the manufacturing process of integrated circuits (ICs). It needs an input called challenge to generate the response as an output. In addition, of classical attacks, PUFs are vulnerable to physical and modeling attacks. The performance of the PUFs is measured by several metrics like reliability, uniqueness and uniformity. So as an evidence, the main goal is to provide a complete tool that checks the strength and quantifies the performance of a given physical unconscionable function. This paper provides a tool and develops a set of metrics that can achieve safely the proposed goal.

Throughout the life cycle of any technical project, the enterprise needs to assess the risks associated with its development, commissioning, operation and decommissioning. This article defines the task of researching risks in relation to the operation of a data storage subsystem in the cloud infrastructure of a geographically distributed company and the tools that are required for this. Analysts point out that, compared to 2018, in 2019 there were 3.5 times more cases of confidential information leaks from storages on unprotected (freely accessible due to incorrect configuration) servers in cloud services. The total number of compromised personal data and payment information records increased 5.4 times compared to 2018 and amounted to more than 8.35 billion records. Moreover, the share of leaks of payment information has decreased, but the percentage of leaks of personal data has grown and accounts for almost 90% of all leaks from cloud storage. On average, each unsecured service identified resulted in 33.7 million personal data records being leaked. Leaks are mainly related to misconfiguration of services and stored resources, as well as human factors. These impacts can be minimized by improving the skills of cloud storage administrators and regularly auditing storage. Despite its seeming insecurity, the cloud is a reliable way of storing data. At the same time, leaks are still occurring. According to Kaspersky Lab, every tenth (11%) data leak from the cloud became possible due to the actions of the provider, while a third of all cyber incidents in the cloud (31% in Russia and 33% in the world) were due to gullibility company employees caught up in social engineering techniques. Minimizing the risks associated with the storage of personal data is one of the main tasks when operating a company's cloud infrastructure.

Manufacturing limitations, configuration and maintenance flaws associated with the Internet of Things (IoT) devices have resulted in an ever-expanding attack surface. Attackers exploit IoT devices to steal private information, take part in botnets, perform Denial of Service (DoS) attacks and use their resources for the mining of cryptocurrency. In this paper, we experimentally evaluate a hypothesis that attacks on IoT devices follow the generalised Cyber Kill Chain (CKC) model. We used a medium-interaction honeypot to capture and analyse more than 30,000 attacks targeting IoT devices. We classified the steps taken by the attackers using the CKC model and extended CKC to an IoT Kill Chain (IoTKC) model. The IoTKC provides details about IoT-specific attack characteristics and attackers' activities in the exploitation of IoT devices.

Explainable artificial intelligence (XAI) methods rely on access to model architecture and parameters that is not always feasible for most users, practitioners, and regulators. Inspired by cognitive psychology, we present a case for response times (RTs) as a technique for XAI. RTs are observable without access to the model. Moreover, dynamic inference models performing conditional computation generate variable RTs for visual learning tasks depending on hierarchical representations. We show that MSDNet, a conditional computation model with early-exit architecture, exhibits slower RT for images with more complex features in the ObjectNet test set, as well as the human phenomenon of scene grammar, where object recognition depends on intrascene object-object relationships. These results cast light on MSDNet's feature space without opening the black box and illustrate the promise of RT methods for XAI.

Automatic Image Analysis, Image Classification, Automatic Object Recognition are some of the aspiring research areas in various fields of Engineering. Many Industrial and biological applications demand Image Analysis and Image Classification. Sample images available for classification may be complex, image data may be inadequate or component regions in the image may have poor visibility. With the available information each Digital Image Processing application has to analyze, classify and recognize the objects appropriately. Pre-processing, Image segmentation, feature extraction and classification are the most common steps to follow for Classification of Images. In this study we applied various existing edge detection methods like Robert, Sobel, Prewitt, Canny, Otsu and Laplacian of Guassian to crab images. From the conducted analysis of all edge detection operators, it is observed that Sobel, Prewitt, Robert operators are ideal for enhancement. The paper proposes Enhanced Sobel operator, Enhanced Prewitt operator and Enhanced Robert operator using morphological operations and masking. The novelty of the proposed approach is that it gives thick edges to the crab images and removes spurious edges with help of m-connectivity. Parameters which measure the accuracy of the results are employed to compare the existing edge detection operators with proposed edge detection operators. This approach shows better results than existing edge detection operators.

Unilateral spatial neglect (USN) is a higher cognitive dysfunction that can occur after a stroke. It is defined as an impairment in finding, reporting, reacting to, and directing stimuli opposite the damaged side of the brain. We have proposed a system to identify neglected regions in USN patients in three dimensions using three-dimensional virtual reality. The objectives of this study are twofold: first, to propose a system for numerically identifying the neglected regions using an object detection task in a virtual space, and second, to compare the neglected regions during object detection when the patient's neck is immobilized (‘fixed-neck’ condition) versus when the neck can be freely moved to search (‘free-neck’ condition). We performed the test using an immersive virtual reality system, once with the patient's neck fixed and once with the patient's neck free to move. Comparing the results of the study in two patients, we found that the neglected areas were similar in the fixed-neck condition. However, in the free-neck condition, one patient's neglect improved while the other patient’s neglect worsened. These results suggest that exploratory ability affects the symptoms of USN and is crucial for clinical evaluation of USN patients.

Object recognition with the help of outdoor video surveillance cameras is an important task in the context of ensuring the security at enterprises, public places and even private premises. There have long existed systems that allow detecting moving objects in the image sequence from a video surveillance system. Such a system is partially considered in this research. It detects moving objects using a background model, which has certain problems. Due to this some objects are missed or detected falsely. We propose to combine the moving objects detection results with the classification, using a deep neural network. This will allow determining whether a detected object belongs to a certain class, sorting out false detections, discarding the unnecessary ones (sometimes individual classes are unwanted), to divide detected people into the employees in the uniform and all others, etc. The authors perform a network training in the Keras developer-friendly environment that provides for quick building, changing and training of network architectures. The performance of the Keras integration into a video analysis system, using direct Python script execution techniques, is between 6 and 52 ms, while the precision is between 59.1% and 97.2% for different architectures. The integration, made by freezing a selected network architecture with weights, is selected after testing. After that, frozen architecture can be imported into video analysis using the TensorFlow interface for C++. The performance of such type of integration is between 3 and 49 ms. The precision is between 63.4% and 97.8% for different architectures.

In the Internet of Things architecture, devices are frequently connected to the Internet either directly or indirectly. However, many IoT devices lack built-in security features such as device level encryption, user authentication and basic firewall protection. This paper discusses security risks in the layers of general Internet of Things architecture and shows examples of potential risks at each level of the architecture. The paper also compares IoT security solutions provided by three major vendors and shows that the solutions are mutually complementary. Nevertheless, none of the examined IoT solutions provides security at the device level of the IoT architecture model. In order to address risks at the device level of the architecture, an implementation of Trusted Platform Module and Unique Device Identifier on IoT devices and gateways for encryption, authentication and device management is advocated in the paper.

Efficient application of Internet of Battlefield Things (IoBT) technology on the battlefield calls for innovative solutions to control and manage the deluge of heterogeneous IoBT devices. This paper presents an innovative paradigm to address heterogeneity in controlling IoBT and IoT devices, enabling multi-force cooperation in challenging battlefield scenarios.

Most of the data manipulation attacks on deep neural networks (DNNs) during the training stage introduce a perceptible noise that can be catered by preprocessing during inference, or can be identified during the validation phase. There-fore, data poisoning attacks during inference (e.g., adversarial attacks) are becoming more popular. However, many of them do not consider the imperceptibility factor in their optimization algorithms, and can be detected by correlation and structural similarity analysis, or noticeable (e.g., by humans) in multi-level security system. Moreover, majority of the inference attack rely on some knowledge about the training dataset. In this paper, we propose a novel methodology which automatically generates imperceptible attack images by using the back-propagation algorithm on pre-trained DNNs, without requiring any information about the training dataset (i.e., completely training data-unaware). We present a case study on traffic sign detection using the VGGNet trained on the German Traffic Sign Recognition Benchmarks dataset in an autonomous driving use case. Our results demonstrate that the generated attack images successfully perform misclassification while remaining imperceptible in both “subjective” and “objective” quality tests.

In order to solve the interference of burrs, aliasing and other noises in the background area of millimeter wave human security inspection on the objects identification, an adaptive template matching filtering method is proposed. First, the preprocessed original image is segmented by level set algorithm, then the result is used as a template to filter the background of the original image. Finally, the image after background filtered is used as the input of bilateral filtering. The contrast experiments based on the actual millimeter wave image verifies the improvement of this algorithm compared with the traditional filtering method, and proves that this algorithm can filter the background noise of the human security image, retain the image details of the human body area, and is conducive to the object recognition and location in the millimeter wave security image.

While enjoying the convenience brought by mobile phones, users have been exposed to high risk of private information leakage. It is known that many applications on mobile devices read private data and send them to remote servers. However how, when and in what scale the private data are leaked are not investigated systematically in the real-world scenario. In this paper, a framework is proposed to analyze the usage data from mobile devices and the traffic data from the mobile network and make a comprehensive privacy leakage detection and privacy inference mining on a large scale of realworld mobile data. Firstly, this paper sets up a training dataset and trains a privacy detection model on mobile traffic data. Then classical machine learning tools are used to discover private usage patterns. Based on our experiments and data analysis, it is found that i) a large number of private information is transmitted in plaintext, and even passwords are transmitted in plaintext by some applications, ii) more privacy types are leaked in Android than iOS, while GPS location is the most leaked privacy in both Android and iOS system, iii) the usage pattern is related to mobile device price. Through our experiments and analysis, it can be concluded that mobile privacy leakage is pervasive and serious.

Internet of Things (IoT) is transforming the way we live today, improving the quality of living standard and growing the world economy by having smart devices around us making decisions and performing our daily tasks and chores. However, securing the IoT system from malicious attacks is a very challenging task. Some of the most common malicious attacks are Denial of service (DoS), and Distributed Denial of service (DDoS) attacks, which have been causing major security threats to all networks and specifically to limited resource IoT devices. As security will always be a primary factor for enabling most IoT applications, developing a comprehensive detection method that effectively defends against DDoS attacks and can provide 100% detection for DDoS attacks in IoT is a primary goal for the future of IoT. The development of such a method requires a deep understanding of the methods that have been used thus far in the detection of DDoS attacks in the IoT environment. In our survey, we try to emphasize some of the most recent Machine Learning (ML) approaches developed for the detection of DDoS attacks in IoT networks along with their advantage and disadvantages. Comparison between the performances of selected approaches is also provided.

This work takes a novel approach to classifying the behavior of devices by exploiting the single-purpose nature of IoT devices and analyzing the complexity and variance of their network traffic. We develop a formalized measurement of complexity for IoT devices, and use this measurement to precisely tune an anomaly detection algorithm for each device. We postulate that IoT devices with low complexity lead to a high confidence in their behavioral model and have a correspondingly more precise decision boundary on their predicted behavior. Conversely, complex general purpose devices have lower confidence and a more generalized decision boundary. We show that there is a positive correlation to our complexity measure and the number of outliers found by an anomaly detection algorithm. By tuning this decision boundary based on device complexity we are able to build a behavioral framework for each device that reduces false positive outliers. Finally, we propose an architecture that can use this tuned behavioral model to rank each flow on the network and calculate a trust score ranking of all traffic to and from a device which allows the network to autonomously make access control decisions on a per-flow basis.

This paper analyzes information network security risk assessment methods and models. Firstly an improved AHP method is proposed to assign the value of assets for solving the problem of risk judgment matrix consistency effectively. And then the neural network technology is proposed to construct the neural network model corresponding to the risk judgment matrix for evaluating the individual risk of assets objectively, the methods for calculating the asset risk value and system risk value are given. Finally some application results are given. Practice proves that the methods are correct and effective, which has been used in information network security risk assessment application and offers a good foundation for the implementation of the automatic assessment.

Software Defined Networking (SDN) has introduced both innovative opportunities and additional risks in the computer networking. Among disadvantages of SDNs one can mention their susceptibility to vulnerabilities associated with both virtualization and the traditional networking. Selecting a proper controller for an organization may not be a trivial task as there is a variety of SDN controllers on the market and each of them may come with its own pros and cons from the security point of view. This research proposes a comprehensive methodology for organizations to evaluate security-related features available in SDN controllers. The methodology can serve as a guideline in the decisions related to SDN choice. The proposed security assessment follows a structured approach to evaluate each layer of the SDN architecture and each metrics defined in presented research has been matched with the security controls defined in NIST 800-53. Through the tests on actual controllers the paper provides an example on how the proposed methodology can be used to evaluate existing SDN solutions.

The Industrial Control System (ICS) and Supervisory Control and Data Acquisition (SCADA) systems are the backbones for monitoring and supervising factories, power grids, water distribution systems, nuclear plants, and other critical infrastructures. These systems are installed by third party contractors, maintained by site engineers, and operate for a long time. This makes tracing the documentation of the systems' changes and updates challenging since some of their components' information (type, manufacturer, model, etc.) may not be up-to-date, leading to possibly unaccounted security vulnerabilities in the systems. Device recognition is useful first step in vulnerability identification and defense augmentation, but due to the lack of full traceability in case of legacy ICS/SCADA systems, the typical device recognition based on document inspection is not applicable. In this paper, we propose a hybrid approach involving the mix of communication-patterns and passive-fingerprinting to identify the unknown devices' types, manufacturers, and models. The algorithm uses the ICS/SCADA devices's communication-patterns to recognize the control hierarchy levels of the devices. In conjunction, certain distinguishable features in the communication-packets are used to recognize the device manufacturer, and model. We have implemented this hybrid approach in Python, and tested on traffic data from a water treatment SCADA testbed in Singapore (iTrust).

To protect sensitive information of an organization, we need to have proper access controls since several data breach incidents were happened because of broken access controls. Normally, the IT auditing process would be used to identify security weaknesses and should be able to detect any potential access control violations in advance. However, most auditing processes are done manually and not performed consistently since lots of resources are required; thus, the auditing is performed for quality assurance purposes only. This paper proposes an automated process to audit the access controls on the Windows server operating system. We define the audit checklist and use the controls defined in ISO/IEC 27002:2013 as a guideline for identifying audit objectives. In addition, an automated audit tool is developed for checking security controls against defined security policies. The results of auditing are the list of automatically generated passed and failed policies. If the auditing is done consistently and automatically, the intrusion incidents could be detected earlier and essential damages could be prevented. Eventually, it would help increase the reliability of the system.