Biblio

Computer networks and surging advancements of innovative information technology construct a critical infrastructure for network transactions of business entities. Information exchange and data access though such infrastructure is scrutinized by adversaries for vulnerabilities that lead to cyber-attacks. This paper presents an agent-based system modelling to conceptualize and extract explicit and latent structure of the complex enterprise systems as well as human interactions within the system to determine common vulnerabilities of the entity. The model captures emergent behavior resulting from interactions of multiple network agents including the number of workstations, regular, administrator and third-party users, external and internal attacks, defense mechanisms for the network setting, and many other parameters. A risk-based approach to modelling cybersecurity of a business entity is utilized to derive the rate of attacks. A neural network model will generalize the type of attack based on network traffic features allowing dynamic state changes. Rules of engagement to generate self-organizing behavior will be leveraged to appoint a defense mechanism suitable for the attack-state of the model. The effectiveness of the model will be depicted by time-state chart that shows the number of affected assets for the different types of attacks triggered by the entity risk and the time it takes to revert into normal state. The model will also associate a relevant cost per incident occurrence that derives the need for enhancement of security solutions.

Almost all smart appliances are operated through wireless sensor networks. With the passage of time, due to various applications, the WSN becomes prone to various external attacks. Preventing such attacks, Intrusion Detection strategy (IDS) is very crucial to secure the network from the malicious attackers. The proposed IDS methodology discovers the pattern in large data corpus which works for different types of algorithms to detect four types of Denial of service (DoS) attacks, namely, Grayhole, Blackhole, Flooding, and TDMA. The state-of-the-art detection algorithms, such as KNN, Naïve Bayes, Logistic Regression, Support Vector Machine (SVM), and ANN are applied to the data corpus and analyze the performance in detecting the attacks. The analysis shows that these algorithms are applicable for the detection and prediction of unavoidable attacks and can be recommended for network experts and analysts.

Resilience and security of infrastructures depend not only on their constituent systems but also on interdependencies among them. This paper studies how these interdependencies in infrastructures affect the defense effort needed to counter external attacks, by formulating a simultaneous game between a service provider (i.e., defender) and an attacker. Effects of interdependencies in three basic topological structures, namely, bus, star and ring, are considered and compared in terms of the game-theoretic defense strategy. Results show that in a star topology, the attacker's and defender's pure strategies at Nash Equilibrium (NE) are sensitive to interdependency levels whereas in a bus structure, the interdependencies show little impact on both defender's and attacker's pure strategies. The sensitivity estimates of defense and attack strategies at NE with respect to target valuation and unit cost are also presented. The results provide insights into infrastructure design and resource allocation for reinforcement of constituent systems.

Mobile ad hoc network (MANET) is a kind of mobile multi-hop network which can transmit data through intermediate nodes, it has been widely used and become important since the growing of the market of Internet of Things (IoT). However, the transmissions on MANET are vulnerable, it usually suffered with many internal or external attacks, and the research on security topics of MANET are becoming more and more hot recently. Blackhole Attack is one of the most famous attacks to MANET. In this paper, we focus on the Blackhole Attack in AODV protocol, and use NS-3 network simulator to study the impact of Blackhole Attack on network performance parameters, such as the Throughput, End-to-End Delay and Packet Loss Rate. We further analyze the changes in network performance by adjusting the number of blackhole nodes and total nodes, and the movement speed of mobile nodes. The experimental results not only reflect the behaviors of the Blackhole Attack and its damage to the network, but also provide the characteristics of Blackhole Attacks clearly. This is helpful to the research of Blackhole Attack feature extraction and MANET security measurement.

Graphical passwords are most widely used as a mechanism for authentication in today's mobile computing environment. This methodology was introduced to enhance security element and overcome the vulnerabilities of textual passwords, pins, or other trivial password methodologies which were difficult to remember and prone to external attacks. There are many graphical password schemes that are proposed over time, however, most of them suffer from shoulder surfing and could be easily guessed which is quite a big problem. The proposed technique in this paper allows the user to keep the ease-to-use property of the pattern lock while minimizing the risk of shoulder surfing and password guessing. The proposed technique allows the user to divide a picture into multiple chunks and while unlocking, selecting the previously defined chunks results successfully in unlocking the device. This technique can effectively resist the shoulder surfing and smudge attacks, also it is resilient to password guessing or dictionary attacks. The proposed methodology can significantly improve the security of the graphical password system with no cost increase in terms of unlocking time.

Wireless Sensor Network has a wide range of applications including environmental monitoring and data gathering in hostile environments. This kind of network is easily leaned to different external and internal attacks because of its open nature. Sink node is a receiving and collection point that gathers data from the sensor nodes present in the network. Thus, it forms bridge between sensors and the user. A complete sensor network can be made useless if this sink node is attacked. To ensure continuous usage, it is very important to preserve the location privacy of sink nodes. A very good approach for securing location privacy of sink node is proposed in this paper. The proposed scheme tries to modify the traditional Blast technique by adding shortest path algorithm and an efficient clustering mechanism in the network and tries to minimize the energy consumption and packet delay.