Biblio

To ensure traffic safety and proper operation of vehicular networks, safety messages or beacons are periodically broadcasted in Vehicular Adhoc Networks (VANETs) to neighboring nodes and road side units (RSU). Thus, authenticity and integrity of received messages along with the trust in source nodes is crucial and highly required in applications where a failure can result in life-threatening situations. Several digital signature based approaches have been described in literature to achieve the authenticity of these messages. In these schemes, scenarios having high level of vehicle density are handled by RSU where aggregated signature verification is done. However, most of these schemes are centralized and PKI based where our goal is to develop a decentralized dynamic system. Along with authenticity and integrity, trust management plays an important role in VANETs which enables ways for secure and verified communication. A number of trust management models have been proposed but it is still an ongoing matter of interest, similarly authentication which is a vital security service to have during communication is not mostly present in the literature work related to trust management systems. This paper proposes a secure and publicly verifiable communication scheme for VANET which achieves source authentication, message authentication, non repudiation, integrity and public verifiability. All of these are achieved through digital signatures, Hash Message Authentication Code (HMAC) technique and logging mechanism which is aided by blockchain technology.

Denial-of-Service (DoS) attacks in wide-area control loops of electric power systems can cause temporary halting of information flow between the generators, leading to closed-loop instability. One way to counteract this issue would be to recreate the missing state information at the impacted generators by using the model of the entire system. However, that not only violates privacy but is also impractical from a scalability point of view. In this paper, we propose to resolve this issue by using a model-free technique employing neural networks. Specifically, a long short-term memory network (LSTM) is used. Once an attack is detected and localized, the LSTM at the impacted generator(s) predicts the magnitudes of the corresponding missing states in a completely decentralized fashion using offline training and online data updates. These predicted states are thereafter used in conjunction with the healthy states to sustain the wide-area feedback until the attack is cleared. The approach is validated using the IEEE 68-bus, 16-machine power system.

This paper provides an overview of the security service controls that are applied in a big data processing (BDP) system to defend against cyber security attacks. We validate this approach by modeling attacks and effectiveness of security service controls in a sequence of states and transitions. This Finite State Machine (FSM) approach uses the probable effectiveness of security service controls, as defined in the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF). The attacks used in the model are defined in the ATT&CK™ framework. Five different BDP security architecture configurations are considered, spanning from a low-cost default BDP configuration to a more expensive, industry supported layered security architecture. The analysis demonstrates the importance of a multi-layer approach to implementing security in BDP systems. With increasing interest in using BDP systems to analyze sensitive data sets, it is important to understand and justify BDP security architecture configurations with their significant costs. The output of the model demonstrates that over the run time, larger investment in security service controls results in significantly more uptime. There is a significant increase in uptime with a linear increase in security service control investment. We believe that these results support our recommended BDP security architecture. That is, a layered architecture with security service controls integrated into the user interface, boundary, central management of security policies, and applications that incorporate privacy preserving programs. These results enable making BDP systems operational for sensitive data accessed in a multi-tenant environment.

Nowadays the use of Wi-Fi has been widely used in public places, such as in restaurants. The use of Wi-Fi in public places has a very large security vulnerability because it is used by a wide variety of visitors. Therefore, this study was conducted to evaluate the security of the WLAN network in restaurants. The methods used are Vulnerability Assessment and Penetration Testing. Penetration Testing is done by conducting several attack tests such as Deauthentication Attack, Evil Twin Attack with Captive Portal, Evil Twin Attack with Sniffing and SSL stripping, and Unauthorized Access.

Risk management is an essential part of software security. Assemblyline is a software security tool developed by the Canadian Centre for Cyber Security (CCCS) for malware detection and analysis. In this paper, we examined the performance of Assemblyline for assessing the risk of executable files. We developed and examined use-cases where Assemblyline is included as part of a security safety net assessing vulnerabilities that would lead to risk. Finally, we considered Assemblyline’s utility in a continuous integration / delivery context using our test results.

Conventional systems has to be updated as the technology advances at quick pace. A smart grid is a renovated and digitalized version of a standard electrical infrastructure that allows two-way communication between customers and the utility, which overcomes huge manual hustle. Advanced Metering Infrastructure plays a major role in a smart grid by automatically reporting the power consumption readings to the utility through communication networks. However, there is always a trade-off. Security of AMI communication is a major problem that must be constantly monitored if this technology is to be fully utilized. This paper mainly focuses on developing a virtual setup of fully functional smart meter and a web application for generating electricity bill which allows consumer to obtain demand response, where the data is managed at server side. It also focuses on analyzing the potential security concerns posed by MITM-Arp-spoofing attacks on AMI systems and session hijacking attacks on web interfaces. This work also focusses on mitigating the vulnerabilities of session hijacking on web interface by restricting the cookies so that the attacker is unable to acquire any confidential data.

Internet of Things (IoT), Cloud and Augmented Reality (AR) are the emerging and developing technologies and are at the horizon and hype of their life cycle. Lots of commercial applications based on IoT, cloud and AR provide unrestricted access to data. The real-time applications based on these technologies are at the cusp of their innovations. The most frequent security attacks for IoT, cloud and AR applications are DDoS attacks. In this paper a detailed account of various DDoS attacks that can be the hindrance of many important sensitive services and can degrade the overall performance of recent services which are purely based on network communications. The DDoS attacks should be dealt with carefully and a set of a new generations of algorithm need to be developed to mitigate the problems caused by non-repudiation kinds of attacks.

Software and firmware vulnerabilities pose security threats to photovoltaic (PV) systems. When patches are not available or cannot be timely applied to fix vulnerabilities, it is important to mitigate vulnerabilities such that they cannot be exploited by attackers or their impacts will be limited when exploited. However, the vulnerability mitigation problem for PV systems has received little attention. This paper analyzes known security vulnerabilities in PV systems, proposes a multi-level mitigation framework and various mitigation strategies including neural network-based attack detection inside inverters, and develops a prototype system as a proof-of-concept for building vulnerability mitigation into PV system design.

Internet of Things (IoT) is a sophisticated concept of the traditional internet. In IoT, all things in our lives can be connected with the internet or with each other to exchange data and perform specific functions through the network. However, combining several devices-especially by unskilled users-may pose a number of security risks. In addition, some commonly used communication protocols in the IoT area are not secure. Security, on the other hand, increases overhead by definition, resulting in performance degradation. The Message Queuing Telemetry Transport (MQTT) protocol is a lightweight protocol and can be considered as one of the most popular IoT protocols, it is a publish/subscribe messaging transport protocol that uses a client-server architecture. MQTT is built to run over TCP protocol, thus it does not provide any level of security by default. Therefore, Transport Layer Security (TLS) can be used to ensure the security of the MQTT protocol. This paper analyzed the impact on the performance and security of the MQTT protocol in two cases. The first case, when using TLS protocol to support the security of the MQTT protocol. The second case, using the traditional MQTT without providing any level of security for the exchanged data. The results indicated that there is a tradeoff between the performance and the security when using MQTT protocol with and without the presence of TLS protocol.

With the spread of the Internet, various devices are now connected to it and the number of IoT devices is increasing. Data generated by IoT devices has traditionally been aggregated in the cloud and processed over time. However, there are two issues with using the cloud. The first is the response delay caused by the long distance between the IoT device and the cloud, and the second is the difficulty of implementing sufficient security measures on the IoT device side due to the limited resources of the IoT device at the end. To address these issues, fog computing, which is located in the middle between IoT devices and the cloud, has been attracting attention as a new network component. However, the risks associated with the introduction of fog computing have not yet been fully investigated. In this study, we conducted a risk assessment of fog computing, which is newly established to promote the use of IoT devices, and identified 24 risk factors. The main countermeasures include the gradual introduction of connected IoT connection protocols and security policy matching. We also demonstrated the effectiveness of the proposed risk measures by evaluating the risk values. The proposed risk countermeasures for fog computing should help us to utilize IoT devices in a safe and secure manner.

The presence of the Information Technology System (ITS) has become one of the components for basic needs that must be met in navigating through the ages. Organizational programs in responding to the industrial era 4.0 make the use of ITS is a must in order to facilitate all processes related to quality service in carrying out the main task of protecting and serving the community. The implementation of ITS is actually not easy forthe threat of challenges and disturbances in the form of risks haunts ITS's operations. These conditions must be able to be identified and analyzed and then action can be executed to reduce the negative impact, so the risks are acceptable. This research will study about ITS risk management using the the guideline of Information Technology Infrastructure Library (ITIL) to formulate an operational strategy in order ensure that STI services at the Papa Oscar Cikeas Data Center (DC) can run well in the form of recommendations. Based on a survey on the implementing elements of IT function, 82.18% of respondents considered that the IT services provided by DC were very important, 86.49% of respondents knew the importance of having an emergency plan to ensure their products and services were always available, and 67.17% of respondents believes that DC is well managed. The results of the study concludes that it is necessary to immediately form a structural DC organization to prepare a good path for the establishment of a professional data center in supporting public service information technology systems.

As permissioned blockchain becomes a common foundation of blockchain-based applications for current organizations, related stakeholders need a means to assess the security risks of the applications. Therefore, this study proposes a security risk management framework for permissioned blockchain applications. The framework divides itself into different implementation stacks and provides guidelines to control the security risks of permissioned blockchain applications. According to the best of our knowledge, this study is the first research that provides a means to evaluate the security risks of permissioned blockchain applications from a holistic point of view. If users can trust the applications that adopted this framework, this study can hopefully contribute to the adoption of permissioned blockchain technologies.

In recent years, a variety of information security incidents emerge in endlessly, with different types. Security vulnerability is an important factor leading to the security risk of information system, and is the most common and urgent security risk in information system. The research goal of this paper is to seamlessly integrate the security testing process and the integration process of software construction, deployment, operation and maintenance. Through the management platform, the security testing results are uniformly managed and displayed in reports, and the project management system is introduced to develop, regress and manage the closed-loop security vulnerabilities. Before the security vulnerabilities cause irreparable damage to the information system, the security vulnerabilities are found and analyzed Full vulnerability, the formation of security vulnerability solutions to minimize the threat of security vulnerabilities to the information system.

In the era of Big Data, opportunities and challenges are mixed. The data transfer is increasingly frequent and speedy, and the data lifecycle is also extended, bringing more challenges to security and privacy risk governance. Currently, the common measures of risk governance covering the entire data life cycle are the data-related staff management, equipment security management, data encryption codes, data content identification and de-identification processing, etc. With the trend of data globalization, regulations fragmentation and governance technologization, “International standards”, a measure of governance combining technology and regulation, has the potential to become the best practice. However, “voluntary compliance” of international standards derogates the effectiveness of risk governance through this measure. In order to strengthen the enforcement of the international standards, the paper proposes a governance approach which is “the framework regulated by international standards, and regulations and technologies specifically implemented by national legislation.” It aims to implement the security and privacy risk governance of Big Data effectively.

In recent years, new cyber attacks such as targeted attacks have caused extensive damage. With the continuing development of the IoT society, various devices are now connected to the network and are being used for various purposes. The Internet of Things has the potential to link cyber risks to actual property damage, as cyberspace risks are connected to physical space. With this increase in unknown cyber risks, the demand for cyber insurance is increasing. One of the most serious emerging risks is the silent cyber risk, and it is likely to increase in the future. However, at present, security measures against silent cyber risks are insufficient. In this study, we conducted a risk management of silent cyber risk for organizations with the objective of contributing to the development of risk management methods for new cyber risks that are expected to increase in the future. Specifically, we modeled silent cyber risk by focusing on state transitions to different risks. We newly defined two types of silent cyber risk, namely, Alteration risk and Combination risk, and conducted risk assessment. Our assessment identified 23 risk factors, and after analyzing them, we found that all of them were classified as Risk Transference. We clarified that the most effective risk countermeasure for Alteration risk was insurance and for Combination risk was measures to reduce the impact of the risk factors themselves. Our evaluation showed that the silent cyber risk could be reduced by about 50%, thus demonstrating the effectiveness of the proposed countermeasures.

This paper continues analysis of approaches of IT risk assessment and management in modern IT management frameworks. Building on systematicity principles and the review of concepts of risk and methods of risk analysis in the frameworks, we discuss applicability of the methods for business decision-making in the real world and propose ways to their improvement.

In order to ensure the security of information assets and standardize the risk assessment and inspection workflow of information assets. This paper has designed and developed a risk assessment system for information and communication equipment with simple operation, offline assessment, and diversified external interfaces. The process of risk assessment can be realized, which effectively improves the efficiency of risk assessment.

Currently, most companies systematically face challenges related to the loss of significant confidential information, including legally significant information, such as personal data of customers. To solve the problem of maintaining the confidentiality, integrity and availability of information, companies are increasingly using the methodology laid down in the basis of the international standard ISO / IEC 27001. Information security risk management is a process of continuous monitoring and systematic analysis of the internal and external environment of the IT environment, associated with the further adoption and implementation of management decisions aimed at reducing the likelihood of an unfavorable result and minimizing possible threats to business caused by the loss of manageability of information that is important for the organization. The article considers the problems and approaches to the development, practical implementation, and methodology of risk management based on the international standard ISO 31000 in the modern information security management system.

Learning a disentangled representation of the latent space has become one of the most fundamental problems studied in computer vision. Recently, many Generative Adversarial Networks (GANs) have shown promising results in generating high fidelity images. However, studies to understand the semantic layout of the latent space of pre-trained models are still limited. Several works train conditional GANs to generate faces with required semantic attributes. Unfortunately, in these attempts, the generated output is often not as photo-realistic as the unconditional state-of-the-art models. Besides, they also require large computational resources and specific datasets to generate high fidelity images. In our work, we have formulated a Markov Decision Process (MDP) over the latent space of a pre-trained GAN model to learn a conditional policy for semantic manipulation along specific attributes under defined identity bounds. Further, we have defined a semantic age manipulation scheme using a locally linear approximation over the latent space. Results show that our learned policy samples high fidelity images with required age alterations, while preserving the identity of the person.

As Internet technology gradually matures, the network structure becomes more complex. Therefore, the attack methods of malicious attackers are more diverse and change faster. Fortunately, due to the substantial increase in computer computing power, machine learning is valued and widely used in various fields. It has also been applied to intrusion detection systems. This study found that due to the imperfect data ratio of the unbalanced flow dataset, the model will be overfitting and the misjudgment rate will increase. In response to this problem, this research proposes to use the Cuckoo system to induce malicious samples to generate malicious traffic, to solve the data proportion defect of the unbalanced traffic dataset.

3D reconstruction has piqued the interest of many disciplines, and many researchers have spent the last decade striving to improve on latest automated three-dimensional reconstruction systems. Three Dimensional models can be utilized to tackle a wide range of visualization problems as well as other activities. In this paper, we have implemented a method of Digital Surface Map (DSM) generation from Aerial images using Conditional Generative Adversarial Networks (c-GAN). We have used Seg-net architecture of Convolutional Neural Network (CNN) to segment the aerial images and then the U-net generator of c-GAN generates final DSM. The dataset we used is ISPRS Potsdam-Vaihingen dataset. We also review different stages if 3D reconstruction and how Deep learning is now being widely used to enhance the process of 3D data generation. We provide binary cross entropy loss function graph to demonstrate stability of GAN and CNN. The purpose of our approach is to solve problem of DSM generation using Deep learning techniques. We put forth our method against other latest methods of DSM generation such as Semi-global Matching (SGM) and infer the pros and cons of our approach. Finally, we suggest improvements in our methods that might be useful in increasing the accuracy.

With the advancement in Generative Adversarial Networks (GAN), it has become easier than ever to generate fake images. These images are more realistic and non-discernible by untrained eyes and can be used to propagate fake information on the Internet. In this paper, we propose a novel method to detect GAN generated fake images by using a combination of frequency spectrum of image and deep learning. We apply Discrete Fourier Transform to each of 3 color channels of the image to obtain its frequency spectrum which shows if the image has been upsampled, a common trend in most GANs, and then train a Capsule Network model with it. Conducting experiments on a dataset of almost 1000 images based on Unconditional data modeling (StyleGan2 - ADA) gave results indicating that the model is promising with accuracy over 99% when trained on the state-of-the-art GAN model. In theory, our model should give decent results when trained with one dataset and tested on another.

We are interested in the design of generative networks. The training of these mathematical structures is mostly performed with the help of adversarial (min-max) optimization problems. We propose a simple methodology for constructing such problems assuring, at the same time, consistency of the corresponding solution. We give characteristic examples developed by our method, some of which can be recognized from other applications, and some are introduced here for the first time. We present a new metric, the likelihood ratio, that can be employed online to examine the convergence and stability during the training of different Generative Adversarial Networks (GANs). Finally, we compare various possibilities by applying them to well-known datasets using neural networks of different configurations and sizes.

Document-level relation extraction (RE) aims to extract relations among entities within a document, which is more complex than its sentence-level counterpart, especially in biomedical text mining. Chemical-disease relation (CDR) extraction aims to extract complex semantic relationships between chemicals and diseases entities in documents. In order to identify the relations within and across multiple sentences at the same time, existing methods try to build different document-level heterogeneous graph. However, the entity relation representations captured by these models do not make full use of the document information and disregard the noise introduced in the process of integrating various information. In this paper, we propose a novel model DAM-GAN to document-level biomedical RE, which can extract entity-level and mention-level representations of relation instances with R-GCN and Dual-Attention Multi-Instance Learning (DAM) respectively, and eliminate the noise with Generative Adversarial Network (GAN). Entity-level representations of relation instances model the semantic information of all entity pairs from the perspective of the whole document, while the mention-level representations from the perspective of mention pairs related to these entity pairs in different sentences. Therefore, entity- and mention-level representations can be better integrated to represent relation instances. Experimental results demonstrate that our model achieves superior performance on public document-level biomedical RE dataset BioCreative V Chemical Disease Relation(CDR).

How to obtain accurate travel time predictions is among the most critical problems in Intelligent Transportation Systems (ITS). Recent literature has shown the effectiveness of machine learning models on travel time forecasting problems. However, most of these models predict travel time in a point estimation manner, which is not suitable for real scenarios. Instead of a determined value, the travel time within a future time period is a distribution. Besides, they all use grid structure data to obtain the spatial dependency, which does not reflect the traffic network's actual topology. Hence, we propose GCGTTE to estimate the travel time in a distribution form with Graph Deep Learning and Generative Adversarial Network (GAN). We convert the data into a graph structure and use a Graph Neural Network (GNN) to build its spatial dependency. Furthermore, GCGTTE adopts GAN to approximate the real travel time distribution. We test the effectiveness of GCGTTE with other models on a real-world dataset. Thanks to the fine-grained spatial dependency modeling, GCGTTE outperforms the models that build models on a grid structure data significantly. Besides, we also compared the distribution approximation performance with DeepGTT, a Variational Inference-based model which had the state-of-the-art performance on travel time estimation. The result shows that GCGTTE outperforms DeepGTT on metrics and the distribution generated by GCGTTE is much closer to the original distribution.