Biblio

From an information-theoretic standpoint, the intrusion detection process can be examined. Given the IDS output(alarm data), we should have less uncertainty regarding the input (event data). We propose the Capability of Intrusion Detection (CID) measure, which is simply the ratio of mutual information between IDS input and output, and the input of entropy. CID has the desirable properties of (1) naturally accounting for all important aspects of detection capability, such as true positive rate, false positive rate, positive predictive value, negative predictive value, and base rate, (2) objectively providing an intrinsic measure of intrusion detection capability, and (3) being sensitive to IDS operation parameters. When finetuning an IDS, we believe that CID is the best performance metric to use. In terms of the IDS’ inherent ability to classify input data, the so obtained operation point is the best that it can achieve.

The advancement of modern multimedia and data-intensive classes of applications demands the development of hardware that delivers better performance. Due to the evolution of 5G, Edge-Computing, the Internet of Things, Software-Defined networks, etc., the data produced by the devices such as sensors are increasing. A software-Defined network is a powerful paradigm that is capable of automating networking and cloud computing. Software-Defined Network has controllers, devices, and applications which produce a huge amount of data. The processing of data inside the device as well as between the devices needs a better hardware architecture with more cores to ensure speedy performance. The System-on-Chip approach alone will not be capable to handle this dense core comprised of hardware. We have to blend Network-on-Chip along with System-on-Chip to increase the potential to include more cores capable to handle more threads. Artificial Intelligence, a key enabler in next-generation devices is capable of producing a better architecture design with optimized performance. In this paper, we are discussing and endeavouring how System-on-Chip, Network-on-Chip, Software-Defined Networks, and Artificial Intelligence can be physically, logically, and contextually incorporated to deliver improved computation and networking outcomes.

The problem of information privacy has grown more significant in terms of data storage and communication in the 21st century due to the technological explosion during which information has become a highly important strategic resource. The idea of employing DNA cryptography has been highlighted as a potential technology that offers fresh hope for unbreakable algorithms since standard cryptosystems are becoming susceptible to assaults. Due to biological DNA's outstanding energy efficiency, enormous storage capacity, and extensive parallelism, a new branch of cryptography based on DNA computing is developing. There is still more study to be done since this discipline is still in its infancy. This work proposes a DNA encryption strategy based on cryptographic key generation techniques and chaotic diffusion operation.

The data sharing is a helpful and financial assistance provided by CC. Information substance security also rises out of it since the information is moved to some cloud workers. To ensure the sensitive and important data; different procedures are utilized to improve access manage on collective information. Here strategies, Cipher text-policyattribute based encryption (CP-ABE) might create it very helpful and safe. The conventionalCP-ABE concentrates on information privacy only; whereas client's personal security protection is a significant problem as of now. CP-ABE byhidden access (HA) strategy makes sure information privacy and ensures that client's protection isn't exposed also. Nevertheless, the vast majority of the current plans are ineffectivein correspondence overhead and calculation cost. In addition, the vast majority of thismechanism takes no thought regardingabilityauthenticationor issue of security spillescapein abilityverificationstage. To handle the issues referenced over, a security protectsCP-ABE methodby proficient influenceauthenticationis presented in this manuscript. Furthermore, its privacy keys accomplish consistent size. In the meantime, the suggestedplan accomplishes the specific safetyin decisional n-BDHE issue and decisional direct presumption. The computational outcomes affirm the benefits of introduced method.

With the advent of the era of Internet of Things (IoT), the increasing data volume leads to storage outsourcing as a new trend for enterprises and individuals. However, data breaches frequently occur, bringing significant challenges to the privacy protection of the outsourced data management system. There is an urgent need for efficient and secure data sharing schemes for the outsourced data management infrastructure, such as the cloud. Therefore, this paper designs a dual-server-based data sharing scheme with data privacy and high efficiency for the cloud, enabling the internal members to exchange their data efficiently and securely. Dual servers guarantee that none of the servers can get complete data independently by adopting secure two-party computation. In our proposed scheme, if the data is destroyed when sending it to the user, the data will not be restored. To prevent the malicious deletion, the data owner adds a random number to verify the identity during the uploading procedure. To ensure data security, the data is transmitted in ciphertext throughout the process by using searchable encryption. Finally, the black-box leakage analysis and theoretical performance evaluation demonstrate that our proposed data sharing scheme provides solid security and high efficiency in practice.

Nowadays, data is essential in several fields, such as science, finance, medicine, and transportation, which means its value continues to rise. Relational databases are vulnerable to copyright threats when transmitted and shared as a carrier of data. The watermarking technique is seen as a partial solution to the problem of securing copyright ownership. However, most of them are currently restricted to numerical attributes in relational databases, limiting their versatility. Furthermore, they modify the source data to a large extent, failing to keep the characteristics of the original database, and they are susceptible to solid malicious attacks. This paper proposes a new robust reversible watermarking technique, Fields Based Inserting Position Tuples algorithm (FBIPT), for relational databases. FBIPT does not modify the original database directly; instead, it inserts some position tuples based on three Fields―Group Field, Feature Field, and Control Field. Field information can be calculated by numeric attributes and any attribute that can be transformed into binary bits. FBIPT technique retains all the characteristics of the source database, and experimental results prove the effectiveness of FBIPT and show its highly robust performance compared to state-of-the-art watermarking schemes.

Cyber security is turning into a significant angle in each industry like in banking part, force and computerization segments. Servers are basic resources in these enterprises where business basic touch information is put away. These servers frequently join web servers in them through which any business information and tasks are performed remotely. Thus, clearly for a solid activity, security of web servers is extremely basic. This paper gives another testing way to deal with defenselessness appraisal of web applications by methods for breaking down and utilizing a consolidated arrangement of apparatuses to address a wide scope of security issues.

Synthetic static code analysis test suites are important to test the basic functionality of tools. We present a framework that uses different source code patterns to generate Cross Site Scripting and SQL injection test cases. A decision tree is used to determine if the test cases are vulnerable. The test cases are split into two test suites. The first test suite contains 258,432 test cases that have influence on the decision trees. The second test suite contains 20 vulnerable test cases with different data flow patterns. The test cases are scanned with two commercial static code analysis tools to show that they can be used to benchmark and identify problems of static code analysis tools. Expert interviews confirm that the decision tree is a solid way to determine the vulnerable test cases and that the test suites are relevant.

Artificial intelligence is a subfield of computer science that refers to the intelligence displayed by machines or software. The research has influenced the rapid development of smart devices that have a significant impact on our daily lives. Science, engineering, business, and medicine have all improved their prediction powers in order to make our lives easier in our daily tasks. The quality and efficiency of regions that use artificial intelligence has improved, as shown in this study. It successfully handles data organisation and environment difficulties, allowing for the development of a more solid and rigorous model. The pace of life is quickening in the digital age, and the PC Internet falls well short of meeting people’s needs. Users want to be able to get convenient network information services at any time and from any location

Disinformation, fake news, and unverified rumors spread quickly in online social networks (OSNs) and manipulate people's opinions and decisions about life events. The solid mathematical solutions of the strategic decisions in OSNs have been provided under game theory models, including multiple roles and features. This work proposes a game-theoretic opinion framework to model subjective opinions and behavioral strategies of attackers, users, and a defender. The attackers use information deception models to disseminate disinformation. We investigate how different game-theoretic opinion models of updating people's subject opinions can influence a way for people to handle disinformation. We compare the opinion dynamics of the five different opinion models (i.e., uncertainty, homophily, assertion, herding, and encounter-based) where an opinion is formulated based on Subjective Logic that offers the capability to deal with uncertain opinions. Via our extensive experiments, we observe that the uncertainty-based opinion model shows the best performance in combating disinformation among all in that uncertainty-based decisions can significantly help users believe true information more than disinformation.

The use of AlNiCo alloys as the low coercive force (LCF) magnet in Variable Flux Memory Machines has been largely discussed in the literature, but similar magnetic materials as FeCrCo are still little explored. This paper proposes the study of a standstill magnetization strategy of a Variable Flux Memory Machine composed by a FeCrCo-based cylindrical rotor. An inverter in DC/DC mode is proposed for injecting short-time currents along the magnetization axis aiming the regulation of the magnetization state of the FeCrCo. A methodology for validating results obtained is defined from the estimation of the remanence and the excitation field characterizing the behavior of the internal recoil lines of the magnet used in the rotor. A study of the armature reaction affecting the machine when q-axis currents supply the machine is proposed by simulation.

Trusted Platform Modules (TPM) have grown to be crucial safeguards from the number of software-based strikes. By giving a restricted range of cryptographic providers by way of a well-defined user interface, divided as a result of the program itself, TPM and Infrastructure as a service (IaaS) can function as a root of loyalty so when a foundation aimed at advanced equal protection methods. This information studies the works aimed at uses on TPM within the cloud computing atmosphere, by journal times composed somewhere among 2013 as well as 2020. It identifies the present fashion as well as goals from these technologies within the cloud, as well as the kind of risks that it mitigates. The primary investigation is being focused on the TPM's association to the IaaS security based on the authorization and the enabling schema for integrity. Since integrity measurement is among the key uses of TPM and IaaS, particular focus is given towards the evaluation of operating period phases as well as S/W levels it's put on to. Finally, the deep survey on recent schemes can be applied on Cloud Environment.

This work establishes a game-theoretic framework to study cross-layer coordinated attacks on cyber-physical systems (CPSs). The attacker can interfere with the physical process and launch jamming attacks on the communication channels simultaneously. At the same time, the defender can dodge the jamming by dispensing with observations. The generic framework captures a wide variety of classic attack models on CPSs. Leveraging dynamic programming techniques, we fully characterize the Subgame Perfect Equilibrium (SPE) control strategies. We also derive the SPE observation and jamming strategies and provide efficient computational methods to compute them. The results demonstrate that the physical and cyber attacks are coordinated and depend on each other.On the one hand, the control strategies are linear in the state estimate, and the estimate error caused by jamming attacks will induce performance degradation. On the other hand, the interactions between the attacker and the defender in the physical layer significantly impact the observation and jamming strategies. Numerical examples illustrate the inter-actions between the defender and the attacker through their observation and jamming strategies.

Use of formal protocol description techniques and code generation can reduce bugs in network packet parsing code. However, such techniques are themselves complex, and don't see wide adoption in the protocol standards development community, where the focus is on consensus building and human-readable specifications. We explore the utility and effectiveness of new techniques for describing protocol data, specifically designed to integrate with the standards development process, and discuss how they can be used to generate code that is safer and more trustworthy, while maintaining correctness and performance.

Given the central importance of designing secure protocols, providing solid mathematical foundations and computer-assisted methods to attest for their correctness is becoming crucial. Here, we elaborate on the formal approach introduced by Bana and Comon in [10], [11], which was originally designed to analyze protocols for a fixed number of sessions, and lacks support for proof mechanization.In this paper, we present a framework and an interactive prover allowing to mechanize proofs of security protocols for an arbitrary number of sessions in the computational model. More specifically, we develop a meta-logic as well as a proof system for deriving security properties. Proofs in our system only deal with high-level, symbolic representations of protocol executions, similar to proofs in the symbolic model, but providing security guarantees at the computational level. We have implemented our approach within a new interactive prover, the Squirrel prover, taking as input protocols specified in the applied pi-calculus, and we have performed a number of case studies covering a variety of primitives (hashes, encryption, signatures, Diffie-Hellman exponentiation) and security properties (authentication, strong secrecy, unlinkability).

The COVID-19 pandemic has recently emerged as a worldwide health emergency that necessitates coordinated international measures. To contain the virus's spread, governments and health organisations raced to develop vaccines that would lower Covid-19 morbidity, relieve pressure on healthcare systems, and allow economies to open. Following the COVID-19 vaccine, the vaccination certificate has been adopted to help the authorities formulate policies by controlling cross-border travelling. To address serious privacy concerns and eliminate the need for third parties to retain the trust and govern user data, in this paper, we leverage blockchain technologies in developing a secure and verifiable vaccination certificate. Our approach has the advantage of utilising a hybrid approach that implements different advanced technologies, such as the self-sovereignty concept, smart contracts and interPlanetary File System (IPFS). We rely on verifiable credentials paired with smart contracts to make decisions about who can access the system and provide on-chain verification and validation of the user and issuer DIDs. The approach was further analysed, with a focus on performance and security. Our analysis shows that our solution satisfies the security requirements for immunisation certificates.

Over the last two decades, software development has moved away from centralized, plan-based management toward agile methodologies such as Scrum. Agile methodologies are founded on a shared set of core principles, including self-organizing software development teams. Such teams are promoted as a way to increase both developer productivity and team morale, which is echoed by academic research. However, recent works on agile neglect to consider strategic behavior among developers, particularly during task assignment-one of the primary functions of a self-organizing team. This paper argues that self-organizing software teams could be readily modeled using game theory, providing insight into how agile developers may act when behaving strategically. We support our argument by presenting a general model for self-assignment of development tasks based on and extending concepts drawn from established game theory research. We further introduce the software engineering community to two metrics drawn from game theory-the price-of-stability and price-of-anarchy-which can be used to gauge the efficiencies of self-organizing teams compared to centralized management. We demonstrate how these metrics can be used in a case study evaluating the hypothesis that smaller teams self-organize more efficiently than larger teams, with conditional support for that hypothesis. Our game-theoretic framework provides new perspective for the software engineering community, opening many avenues for future research.

To discuss secure key generation from imperfect random numbers, we address the secure key generation length. There are several studies for its asymptotic expansion up to the order √n or log n. However, these expansions have errors of the order o(√n) or o(log n), which does not go to zero asymptotically. To resolve this problem, we derive the asymptotic expansion up to the constant order for upper and lower bounds of these optimal values. While the expansions of upper and lower bonds do not match, they clarify the ranges of these optimal values, whose errors go to zero asymptotically.

Information on cyber incidents and threats are currently collected and processed with a strong technical focus. Threat and vulnerability information alone are not a solid base for effective, affordable or actionable security advice for decision makers. They need more than a small technical cut of a bigger situational picture to combat and not only to mitigate the cyber threat. We first give a short overview over the related work that can be found in the literature. We found that the approaches mostly analysed “what” has been done, instead of looking more generically beyond the technical aspects for the tactics, techniques and procedures to identify the “how” it was done, by whom and why. We examine then, what information categories and data already exist to answer the question for an adversary's capabilities and objectives. As traditional intelligence tries to serve a better understanding of adversaries' capabilities, actions, and intent, the same is feasible in the cyber space with cyber intelligence. Thus, we identify information sources in the military and civil environment, before we propose to link that traditional information with the technical data for a better situational picture. We give examples of information that can be collected from traditional intelligence for correlation with technical data. Thus, the same intelligence operational picture for the cyber sphere could be developed like the one that is traditionally fed from conventional intelligence disciplines. Finally we propose a way of including intelligence processing in cyber analysis. We finally outline requirements that are key for a successful exchange of information and intelligence between military/civil information providers.