Biblio

Internet of things (IoT) is the smart network which connects smart objects over the Internet. The Internet is untrusted and unreliable network and thus IoT network is vulnerable to different kind of attacks. Conventional encryption and authentication techniques sometimes fail on IoT based network and intrusion may succeed to destroy the network. So, it is necessary to design intrusion detection system for such network. In our paper, we detect routing attacks such as sinkhole and selective forwarding. We have also tried to prevent our network from these attacks. We designed detection and prevention algorithm, i.e., KMA (Key Match Algorithm) and CBA (Cluster- Based Algorithm) in MatLab simulation environment. We gave two intrusion detection mechanisms and compared their results as well. True positive intrusion detection rate for our work is between 50% to 80% with KMA and 76% to 96% with CBA algorithm.

The emerging Internet of Things (IoT) applications that leverage ubiquitous connectivity and big data are facilitating the realization of smart everything initiatives. IoT-enabled infrastructures have naturally a multi-layer system architecture with an overlaid or underlaid device network and its coexisting infrastructure network. The connectivity between different components in these two heterogeneous networks plays an important role in delivering real-time information and ensuring a high-level situational awareness. However, IoT- enabled infrastructures face cyber threats due to the wireless nature of communications. Therefore, maintaining the network connectivity in the presence of adversaries is a critical task for the infrastructure network operators. In this paper, we establish a three-player three-stage game-theoretic framework including two network operators and one attacker to capture the secure design of multi- layer infrastructure networks by allocating limited resources. We use subgame perfect Nash equilibrium (SPE) to characterize the strategies of players with sequential moves. In addition, we assess the efficiency of the equilibrium network by comparing with its team optimal solution counterparts in which two network operators can coordinate. We further design a scalable algorithm to guide the construction of the equilibrium IoT-enabled infrastructure networks. Finally, we use case studies on the emerging paradigm of Internet of Battlefield Things (IoBT) to corroborate the obtained results.

Internet of Things (IoT) in military setting generally consists of a diverse range of Internet-connected devices and nodes (e.g. medical devices to wearable combat uniforms), which are a valuable target for cyber criminals, particularly state-sponsored or nation state actors. A common attack vector is the use of malware. In this paper, we present a deep learning based method to detect Internet Of Battlefield Things (IoBT) malware via the device's Operational Code (OpCode) sequence. We transmute OpCodes into a vector space and apply a deep Eigenspace learning approach to classify malicious and bening application. We also demonstrate the robustness of our proposed approach in malware detection and its sustainability against junk code insertion attacks. Lastly, we make available our malware sample on Github, which hopefully will benefit future research efforts (e.g. for evaluation of proposed malware detection approaches).

In this paper, the problem of network connectivity is studied for an adversarial Internet of Battlefield Things (IoBT) system in which an attacker aims at disrupting the connectivity of the network by choosing to compromise one of the IoBT nodes at each time epoch. To counter such attacks, an IoBT defender attempts to reestablish the IoBT connectivity by either deploying new IoBT nodes or by changing the roles of existing nodes. This problem is formulated as a dynamic multistage Stackelberg connectivity game that extends classical connectivity games and that explicitly takes into account the characteristics and requirements of the IoBT network. In particular, the defender's payoff captures the IoBT latency as well as the sum of weights of disconnected nodes at each stage of the game. Due to the dependence of the attacker's and defender's actions at each stage of the game on the network state, the feedback Stackelberg solution [feedback Stackelberg equilibrium (FSE)] is used to solve the IoBT connectivity game. Then, sufficient conditions under which the IoBT system will remain connected, when the FSE solution is used, are determined analytically. Numerical results show that the expected number of disconnected sensors, when the FSE solution is used, decreases up to 46% compared to a baseline scenario in which a Stackelberg game with no feedback is used, and up to 43% compared to a baseline equal probability policy.

The present study's primary objective is to try to determine whether gender, combined with the educational background of the Internet users, have an effect on the way online privacy is perceived and practiced within the cloud services and specifically in social networking, e-commerce, and online banking. An online questionnaire was distributed through e-mail and the social media (Facebook, LinkedIn, and Google+). Our primary hypothesis is that an interrelationship may exist among a user's gender, educational background, and the way an online user perceives and acts regarding online privacy. An analysis of a representative sample of Greek Internet users revealed that there is an effect by gender on the online users' awareness regarding online privacy, as well as on the way they act upon it. Furthermore, we found that a correlation exists, as well regarding the Educational Background of the users and the issue of online privacy.

Wireless networks in buildings suffer from congestion, interference, security and safety concerns, restricted propagation and poor in-door location accuracy. The Internet of Radio-Light (IoRL) project develops a safer, more secure, customizable and intelligent building network that reliably delivers increased throughput (greater than lOGbps) from access points pervasively located within buildings, whilst minimizing interference and harmful EM exposure and providing location accuracy of less than 10 cm. It thereby shows how to solve the problem of broadband wireless access in buildings and promotes the establishment of a global standard in ITU.

Wireless Sensor Network is the combination of small devices called sensor nodes, gateways and software. These nodes use wireless medium for transmission and are capable to sense and transmit the data to other nodes. Generally, WSN composed of two types of nodes i.e. generic nodes and gateway nodes. Generic nodes having the ability to sense while gateway nodes are used to route that information. IoT now extended to IoET (internet of Everything) to cover all electronics exist around, like a body sensor networks, VANET's, smart grid stations, smartphone, PDA's, autonomous cars, refrigerators and smart toasters that can communicate and share information using existing network technologies. The sensor nodes in WSN have very limited transmission range as well as limited processing speed, storage capacities and low battery power. Despite a wide range of applications using WSN, its resource constrained nature given birth to a number severe security attacks e.g. Selective Forwarding attack, Jamming-attack, Sinkhole attack, Wormhole attack, Sybil attack, hello Flood attacks, Grey Hole, and the most dangerous BlackHole Attacks. Attackers can easily exploit these vulnerabilities to compromise the WSN network.

SQL Injection is one of the most critical security vulnerability in web applications. Most web applications use SQL as web applications. SQL injection mainly affects these websites and web applications. An attacker can easily bypass a web applications authentication and authorization and get access to the contents they want by SQL injection. This unauthorised access helps the attacker to retrieve confidential data's, trade secrets and can even delete or modify valuable documents. Even though, to an extend many preventive measures are found, till now there are no complete solution for this problem. Hence, from the surveys and analyses done, an enhanced methodology is proposed against SQL injection disclosure and deterrence by ensuring proper authentication using Heisenberg analysis and password security using Honey pot mechanism.

In this paper, we examine the recent trend to- wards in-browser mining of cryptocurrencies; in particular, the mining of Monero through Coinhive and similar code- bases. In this model, a user visiting a website will download a JavaScript code that executes client-side in her browser, mines a cryptocurrency - typically without her consent or knowledge - and pays out the seigniorage to the website. Websites may consciously employ this as an alternative or to supplement advertisement revenue, may offer premium content in exchange for mining, or may be unwittingly serving the code as a result of a breach (in which case the seigniorage is collected by the attacker). The cryptocurrency Monero is preferred seemingly for its unfriendliness to large-scale ASIC mining that would drive browser-based efforts out of the market, as well as for its purported privacy features. In this paper, we survey this landscape, conduct some measurements to establish its prevalence and profitability, outline an ethical framework for considering whether it should be classified as an attack or business opportunity, and make suggestions for the detection, mitigation and/or prevention of browser-based mining for non- consenting users.

Having an effective security level for Embedded System (ES), helps a reliable and stable operation of this system. In order to identify, if the current security level for a given ES is effective or not, we need a proactive evaluation for this security level. The evaluation of the security level for ESs is not straightforward process, things like the heterogeneity among the components of ES complicate this process. One of the productive approaches, which overcame the complexity of evaluation for Security, Privacy and Dependability (SPD) is the Multi Metrics (MM). As most of SPD evaluation approaches, the MM approach bases on the experts knowledge for the basic evaluation. Regardless of its advantages, experts evaluation has some drawbacks, which foster the need for less experts-dependent evaluation. In this paper, we propose a framework for security measurability as a part of security, privacy and dependability evaluation. The security evaluation based on Multi Metric (MM) approach as being an effective approach for evaluations, thus, we call it MM framework. The art of evaluation investigated within MM framework, based also on systematic storing and retrieving of experts knowledge. Using MM framework, the administrator of the ES could evaluate and enhance the S-level of their system, without being an expert in security.

As one of the most commonly used protocols in VPN technology, IPsec has many advantages. However, certain difficulties are posed to the audit work by the protection of in-formation. In this paper, we propose an audit method via man-in-the-middle mechanism, and design a prototype system with DPDK technology. Experiments are implemented in an IPv4 network environment, using default configuration of IPsec VPN configured with known PSK, on operating systems such as windows 7, windows 10, Android and iOS. Experimental results show that the prototype system can obtain the effect of content auditing well without affecting the normal communication between IPsec VPN users.

This article examines Usage of Game Theory in The Internet Wide Scan. There is compiled model of “Network Scanning” game. There is described process of players interaction in the coalition antagonistic and network games. The concept of target system's cost is suggested. Moreover, there is suggested its application in network scanning, particularly, when detecting honeypot/honeynet systems.

Internet device graphs identify relationships between user-centric internet connected devices such as desktops, laptops, smartphones, tablets, gaming consoles, TV's, etc. The ability to create such graphs is compelling for online advertising, content customization, recommendation systems, security, and operations. We begin by describing an algorithm for generating a device graph based on IP-colocation, and then apply the algorithm to a corpus of over 2.5 trillion internet events collected over the period of six weeks in the United States. The resulting graph exhibits immense scale with greater than 7.3 billion edges (pair-wise relationships) between more than 1.2 billion nodes (devices), accounting for the vast majority of internet connected devices in the US. Next, we apply community detection algorithms to the graph resulting in a partitioning of internet devices into 100 million small communities representing physical households. We validate this partition with a unique ground truth dataset. We report on the characteristics of the graph and the communities. Lastly, we discuss the important issues of ethics and privacy that must be considered when creating and studying device graphs, and suggest further opportunities for device graph enrichment and application.

This paper suggests a conceptual mechanism for increasing the security level of the global information community, national information technology infrastructures (e-governments) and private cloud structures, which uses the logical characteristic of IPv6-protocol. The mechanism is based on the properties of the IPv6-header and, in particular, rules of coding IPv6-addresses.

One of the biggest problems of today's internet technologies is cyber attacks. In this paper whether DDoS attacks will be determined by deep packet inspection. Initially packets are captured by listening of network traffic. Packet filtering was achieved at desired number and type. These packets are recorded to database to be analyzed, daily values and average values are compared by known attack patterns and will be determined whether a DDoS attack attempts in real time systems.

Nowadays, Internet Service Providers (ISPs) have been depending on Deep Packet Inspection (DPI) approaches, which are the most precise techniques for traffic identification and classification. However, constructing high performance DPI approaches imposes a vigilant and an in-depth computing system design because the demands for the memory and processing power. Membership query data structures, specifically Bloom filter (BF), have been employed as a matching check tool in DPI approaches. It has been utilized to store signatures fingerprint in order to examine the presence of these signatures in the incoming network flow. The main issue that arise when employing Bloom filter in DPI approaches is the need to use k hash functions which, in turn, imposes more calculations overhead that degrade the performance. Consequently, in this paper, a new design and implementation for a DPI approach have been proposed. This DPI utilizes a membership query data structure called Cuckoo filter (CF) as a matching check tool. CF has many advantages over BF like: less memory consumption, less false positive rate, higher insert performance, higher lookup throughput, support delete operation. The achieved experiments show that the proposed approach offers better performance results than others that utilize Bloom filter.

Nowadays, the Internet is developed, so that the requirements for on- and offline data storage have increased. Large storage IT projects, are related to large costs and high level of business risk. A storage service provider (SSP) provides computer storage space and management. In addition to that, it offers also back-up and archiving. Despite this, many companies fears security, privacy and integrity of outsourced data. As a solution, File Assured Deletion (FADE) is a system built upon standard cryptographic issues. It aims to guarantee their privacy and integrity, and most importantly, assuredly deleted files to make them unrecoverable to anybody (including those who manage the cloud storage) upon revocations of file access policies, by encrypting outsourced data files. Unfortunately, This system remains weak, in case the key manager's security is compromised. Our work provides a new scheme that aims to improve the security of FADE by using the TPM (Trusted Platform Module) that stores safely keys, passwords and digital certificates.

Traffic classification, i.e. associating network traffic to the application that generated it, is an important tool for several tasks, spanning on different fields (security, management, traffic engineering, R&D). This process is challenged by applications that preserve Internet users' privacy by encrypting the communication content, and even more by anonymity tools, additionally hiding the source, the destination, and the nature of the communication. In this paper, leveraging a public dataset released in 2017, we provide (repeatable) classification results with the aim of investigating to what degree the specific anonymity tool (and the traffic it hides) can be identified, when compared to the traffic of the other considered anonymity tools, using machine learning approaches based on the sole statistical features. To this end, four classifiers are trained and tested on the dataset: (i) Naïve Bayes, (ii) Bayesian Network, (iii) C4.5, and (iv) Random Forest. Results show that the three considered anonymity networks (Tor, I2P, JonDonym) can be easily distinguished (with an accuracy of 99.99%), telling even the specific application generating the traffic (with an accuracy of 98.00%).

Today almost everyone is using internet for daily activities. Whether it's for social, academic, work or business. But only a few of us are aware that internet generally we access only a small part of the overall of internet access. The Internet or the world wide web is divided into several levels, such as web surfaces, deep web or dark web. Accessing internet into deep or dark web is a dangerous thing. This research will be conducted with research on web content and deep content. For a faster and safer search, in this research will be use crawler framework. From the search process will be obtained various kinds of data to be stored into the database. The database classification process will be implemented to know the level of the website. The classification process is done by using the fuzzy-KNN method. The fuzzy-KNN method classifies the results of the crawling framework that contained in the database. Crawling framework will generate data in the form of url address, page info and other. Crawling data will be compared with predefined sample data. The classification result of fuzzy-KNN will result in the data of the web level based on the value of the word specified in the sample data. From the research conducted on several data tests that found there are as much as 20% of the web surface, 7.5% web bergie, 20% deep web, 22.5% charter and 30% dark web. Research is only done on some test data, it is necessary to add some data in order to get better result. Better crawler frameworks can speed up crawling results, especially at certain web levels because not all crawler frameworks can work at a particular web level, the tor browser's can be used but the crawler framework sometimes can not work.

The following is a research conducted on the Dark Web to study and identify the ins and outs of the dark web, what the dark web is all about, the various methods available to access the dark web and many others. The researchers have also included the steps and precautions taken before the dark web was opened. Apart from that, the findings and the website links / URL are also included along with a description of the sites. The primary usage of the dark web and some of the researcher's experience has been further documented in this research paper.

Nowadays, robots are widely ubiquitous and integral part in our daily lives, which can be seen almost everywhere in industry, hospitals, military, etc. To provide remote access and control, usually robots are connected to local network or to the Internet through WiFi or Ethernet. As such, it is of great importance and of a critical mission to maintain the safety and the security access of such robots. Security threats may result in completely preventing the access and control of the robot. The consequences of this may be catastrophic and may cause an immediate physical damage to the robot. This paper aims to present a security risk assessment of the well-known PeopleBot; a mobile robot platform from Adept MobileRobots Company. Initially, we thoroughly examined security threats related to remote accessing the PeopleBot robot. We conducted an impact-oriented analysis approach on the wireless communication medium; the main method considered to remotely access the PeopleBot robot. Numerous experiments using SSH and server-client applications were conducted, and they demonstrated that certain attacks result in denying remote access service to the PeopleBot robot. Consequently and dangerously the robot becomes unavailable. Finally, we suggested one possible mitigation and provided useful conclusions to raise awareness of possible security threats on the robotic systems; especially when the robots are involved in critical missions or applications.

In this paper we discuss the Internet of Things (IoT) by exploring aspects which go beyond the proliferation of devices and information enabled by: the growth of the Internet, increased miniaturization, prolonged battery life and an IT literate user base. We highlight the role of feedback mechanisms and illustrate this with reference to implemented computer enabled factory control systems. As the technology has developed, the cost of computing has reduced drastically, programming interfaces have improved, sensors are simpler and more cost effective and high performance communications across a wide area are readily available. We illustrate this by considering an application based on the Raspberry Pi, which is a low cost, small, programmable and network capable computer based on a powerful ARM processor with a programmable I/O interface, which can provide access to sensors (and other devices). The prototype application running on this platform can sense the presence of human being, using inexpensive passive infrared detectors. This can be used to monitor the activity of vulnerable adults, logging the results to a central server using a domestic Internet solution over a Wireless LAN. Whilst this demonstrates the potential for the use of such control/monitoring systems, practical systems spanning thousands of sites will be more complex to deliver and will have more stringent data processing and management demands and security requirements. We will discuss these concepts in the context of delivery of a smart interconnected society.

With the development of cyber threats on the Internet, the number of malware, especially unknown malware, is also dramatically increasing. Since all of malware cannot be analyzed by analysts, it is very important to find out new malware that should be analyzed by them. In order to cope with this issue, the existing approaches focused on malware classification using static or dynamic analysis results of malware. However, the static and the dynamic analyses themselves are also too costly and not easy to build the isolated, secure and Internet-like analysis environments such as sandbox. In this paper, we propose a lightweight malware classification method based on detection results of anti-virus software. Since the proposed method can reduce the volume of malware that should be analyzed by analysts, it can be used as a preprocess for in-depth analysis of malware. The experimental showed that the proposed method succeeded in classification of 1,000 malware samples into 187 unique groups. This means that 81% of the original malware samples do not need to analyze by analysts.

As a vital component of variety cyber attacks, malicious domain detection becomes a hot topic for cyber security. Several recent techniques are proposed to identify malicious domains through analysis of DNS data because much of global information in DNS data which cannot be affected by the attackers. The attackers always recycle resources, so they frequently change the domain - IP resolutions and create new domains to avoid detection. Therefore, multiple malicious domains are hosted by the same IPs and multiple IPs also host same malicious domains in simultaneously, which create intrinsic association among them. Hence, using the labeled domains which can be traced back from queries history of all domains to verify and figure out the association of them all. Graphs seem the best candidate to represent for this relationship and there are many algorithms developed on graph with high performance. A graph-based interface can be developed and transformed to the graph mining task of inferring graph node's reputation scores using improvements of the belief propagation algorithm. Then higher reputation scores the nodes reveal, the more malicious probabilities they infer. For demonstration, this paper proposes a malicious domain detection technique and evaluates on a real-world dataset. The dataset is collected from DNS data servers which will be used for building a DNS graph. The proposed technique achieves high performance in accuracy rates over 98.3%, precision and recall rates as: 99.1%, 98.6%. Especially, with a small set of labeled domains (legitimate and malicious domains), the technique can discover a large set of potential malicious domains. The results indicate that the method is strongly effective in detecting malicious domains.

The rapid development of Internet has resulted in massive information overloading recently. These information is usually represented by high-dimensional feature vectors in many related applications such as recognition, classification and retrieval. These applications usually need efficient indexing and search methods for such large-scale and high-dimensional database, which typically is a challenging task. Some efforts have been made and solved this problem to some extent. However, most of them are implemented in a single machine, which is not suitable to handle large-scale database.In this paper, we present a novel data index structure and nearest neighbor search algorithm implemented on Apache Spark. We impose a grid on the database and index data by non-empty grid cells. This grid-based index structure is simple and easy to be implemented in parallel. Moreover, we propose to build a scalable KNN graph on the grids, which increase the efficiency of this index structure by a low cost in parallel implementation. Finally, experiments are conducted in both public databases and synthetic databases, showing that the proposed methods achieve overall high performance in both efficiency and accuracy.