Biblio

Edge detection based embedding techniques are famous for data security and image quality preservation. These techniques use diverse edge detectors to classify edge and non-edge pixels in an image and then implant secrets in one or both of these classes. Image with conceived data is called stego image. It is noticeable that none of such researches tries to reform the original image from the stego one. Rather, they devote their concentration to extract the hidden message only. This research presents a solution to the raised reversibility problem. Like the others, our research, first, applies an edge detector e.g., canny, in a cover image. The scheme next collects \$n\$-LSBs of each of edge pixels and finally, concatenates them with encrypted message stream. This method applies a lossless compression algorithm to that processed stream. Compression factor is taken such a way that the length of compressed stream does not exceed the length of collected LSBs. The compressed message stream is then implanted only in the edge pixels by \$n\$-LSB substitution method. As the scheme does not destroy the originality of non-edge pixels, it presents better stego quality. By incorporation the mechanisms of encryption, concatenation, compression and \$n\$-LSB, the method has enriched the security of implanted data. The research shows its effectiveness while implanting a small sized message.

Conventional systems has to be updated as the technology advances at quick pace. A smart grid is a renovated and digitalized version of a standard electrical infrastructure that allows two-way communication between customers and the utility, which overcomes huge manual hustle. Advanced Metering Infrastructure plays a major role in a smart grid by automatically reporting the power consumption readings to the utility through communication networks. However, there is always a trade-off. Security of AMI communication is a major problem that must be constantly monitored if this technology is to be fully utilized. This paper mainly focuses on developing a virtual setup of fully functional smart meter and a web application for generating electricity bill which allows consumer to obtain demand response, where the data is managed at server side. It also focuses on analyzing the potential security concerns posed by MITM-Arp-spoofing attacks on AMI systems and session hijacking attacks on web interfaces. This work also focusses on mitigating the vulnerabilities of session hijacking on web interface by restricting the cookies so that the attacker is unable to acquire any confidential data.

STAMP (System Theoretic Accident Model and Processes) is one of the theories that has been attracting attention as a new safety analysis method for complex systems. CAST (Causal Analysis using System Theory) is a causal analysis method based on STAMP theory. The authors investigated an information security incident case, “AIST (National Institute of Advanced Industrial Science and Technology) report on unauthorized access to information systems,” and attempted accident analysis using CAST. We investigated whether CAST could be applied to the cyber security analysis. Since CAST is a safety accident analysis technique, this study was the first to apply CAST to cyber security incidents. Its effectiveness was confirmed from the viewpoint of the following three research questions. Q1:Features of CAST as an accident analysis method Q2:Applicability and impact on security accident analysis Q3:Understanding cyber security incidents with a five-layer model.

With the recognition of cyberspace as an operating domain, concerted effort is now being placed on addressing it in the whole-of-domain manner found in land, sea, undersea, air, and space domains. Among the first steps in this effort is applying the standard supporting concepts of security, defense, and deterrence to the cyber domain. This paper presents an architecture that helps realize forward defense in cyberspace, wherein adversarial actions are repulsed as close to the origin as possible. However, substantial work remains in making the architecture an operational reality including furthering fundamental research cyber science, conducting design trade-off analysis, and developing appropriate public policy frameworks.

In this information age, web crawling on the internet is a prime source for data collection. And with the surface web already being dominated by giants like Google and Microsoft, much attention has been on the Dark Web. While research on crawling approaches is generally available, a considerable gap is present for URL extraction on the dark web. With most literature using the regular expressions methodology or built-in parsers, the problem with these methods is the higher number of false positives generated with the Dark Web, which makes the crawler less efficient. This paper proposes the dedicated parsers methodology for extracting URLs from the dark web, which when compared proves to be better than the regular expression methodology. Factors that make link harvesting on the Dark Web a challenge are discussed in the paper.

Named Data Network (NDN) is considered to be the future of Internet architecture. The nature of NDN is to disseminate data based on the naming scheme rather than the location of the node. This feature caters to the need of vehicular applications, resulting in Vehicular Named Data Networks (VNDN). Although it is still in the initial stages of research, the collaboration has assured various advantages which attract the researchers to explore the architecture further. VNDN face challenges such as intermittent connectivity, mobility of nodes, design of efficient forwarding and naming schemes, among others. In order to develop effective forwarding strategies, behavior of data and interest packets under various circumstances needs to be studied. In this paper, propagation behavior of data and interest packets is analyzed by considering metrics such as Interest Satisfaction Ratio (ISR), Hop Count Difference (HCD) and Copies of Data Packets Processed (CDPP). These metrics are evaluated under network conditions such as varying network size, node mobility and amount of interest produced by each node. Simulation results show that data packets do not follow the reverse path of interest packets.

This chapter presents a game‐theoretic model to analyze attack–defense scenarios that use fake nodes (computing devices) for deception under consideration of the system deploying defense resources to protect individual nodes in a cost‐effective manner. The developed model has important applications in the Internet of Battlefield Things (IoBT). Our game‐theoretic model illustrates how the concept of the Nash equilibrium can be used by the defender to intelligently choose which nodes should be used for performing a computation task while deceiving the attacker into expending resources for attacking fake nodes. Our model considers the fact that defense resources may become compromised under an attack and suggests that the defender, in a probabilistic manner, may utilize unprotected nodes for performing a computation while the attacker is deceived into attacking a node with defense resources installed. The chapter also presents a deception‐based strategy to protect a target node that can be accessed via a tree network. Numerical results provide insights into the strategic deception techniques presented in this chapter.

In this chapter, we develop a defense strategy to secure Internet of Battlefield Things (IoBT) based on a hypergame employing deceptive techniques. The hypergame is played multiple rounds. At each round, the adversary updates its perception of the attack graph and chooses the next node to compromise. The defender updates its perceived list of compromised nodes and actively feeds false signals to the adversary to create deception. The hypergame developed in this chapter provides an important theoretical framework for us to model how a cyberattack spreads on a network and the interaction between the adversary and the defender. It also provides quantitative metrics such as the time it takes the adversary to explore the network and compromise the target nodes. Based on these metrics, the defender can reboot the network devices and reset the network topology in time to clean up all potentially compromised devices and to protect the critical nodes. The hypergame provides useful guidance on how to create cyber deceptions so that the adversary cannot obtain information about the correct network topology and can be deterred from reaching the target critical nodes on a military network while it is in service.

Through the widespread use of information technologies, institutions have started to offer most of their services electronically. The best example of this is e-government. Since institutions provide their services to the electronic environment, the quality of the services they provide increases and their access to services becomes easier. Since personal information can be verified with inter-agency information sharing systems, wrong or unfair transactions can be prevented. Since information sharing between institutions is generally done through web services, protection of personal data transmitted via web services is of great importance. There are comprehensive national and international regulations on the protection of personal data. According to these regulations, protection of personal data shared between institutions is a legal obligation; protection of personal data is an issue that needs to be handled comprehensively. This study, protection of personal data shared between institutions through web services against software developers is discussed. With a proposed application, it is aimed to take a new security measure for the protection of personal data. The proposed application consists of a web interface prepared using React and Java programming languages and rest services that provide anonymization of personal data.

A approach to research on the attack mechanism designs through attack surface technology due to the complexity of the attack mechanism. The attack mechanism of a mimic architecture is analyzed in a relative way using attack surface metrics to indicate whether mimic architectures are safer than non-mimic architectures. The definition of the architectures attack surface in terms of the mimic brackets along three abstract dimensions referenced the system attack surface. The larger the attack surface, the more likely the architecture will be attacked.