Visible to the public Biblio

Filters: Keyword is Behavioral sciences  [Clear All Filters]
2023-09-20
Mantoro, Teddy, Fahriza, Muhammad Elky, Agni Catur Bhakti, Muhammad.  2022.  Effective of Obfuscated Android Malware Detection using Static Analysis. 2022 IEEE 8th International Conference on Computing, Engineering and Design (ICCED). :1—5.
The effective security system improvement from malware attacks on the Android operating system should be updated and improved. Effective malware detection increases the level of data security and high protection for the users. Malicious software or malware typically finds a means to circumvent the security procedure, even when the user is unaware whether the application can act as malware. The effectiveness of obfuscated android malware detection is evaluated by collecting static analysis data from a data set. The experiment assesses the risk level of which malware dataset using the hash value of the malware and records malware behavior. A set of hash SHA256 malware samples has been obtained from an internet dataset and will be analyzed using static analysis to record malware behavior and evaluate which risk level of the malware. According to the results, most of the algorithms provide the same total score because of the multiple crime inside the malware application.
2023-09-18
Amer, Eslam, Samir, Adham, Mostafa, Hazem, Mohamed, Amer, Amin, Mohamed.  2022.  Malware Detection Approach Based on the Swarm-Based Behavioural Analysis over API Calling Sequence. 2022 2nd International Mobile, Intelligent, and Ubiquitous Computing Conference (MIUCC). :27—32.
The rapidly increasing malware threats must be coped with new effective malware detection methodologies. Current malware threats are not limited to daily personal transactions but dowelled deeply within large enterprises and organizations. This paper introduces a new methodology for detecting and discriminating malicious versus normal applications. In this paper, we employed Ant-colony optimization to generate two behavioural graphs that characterize the difference in the execution behavior between malware and normal applications. Our proposed approach relied on the API call sequence generated when an application is executed. We used the API calls as one of the most widely used malware dynamic analysis features. Our proposed method showed distinctive behavioral differences between malicious and non-malicious applications. Our experimental results showed a comparative performance compared to other machine learning methods. Therefore, we can employ our method as an efficient technique in capturing malicious applications.
Cao, Michael, Ahmed, Khaled, Rubin, Julia.  2022.  Rotten Apples Spoil the Bunch: An Anatomy of Google Play Malware. 2022 IEEE/ACM 44th International Conference on Software Engineering (ICSE). :1919—1931.
This paper provides an in-depth analysis of Android malware that bypassed the strictest defenses of the Google Play application store and penetrated the official Android market between January 2016 and July 2021. We systematically identified 1,238 such malicious applications, grouped them into 134 families, and manually analyzed one application from 105 distinct families. During our manual analysis, we identified malicious payloads the applications execute, conditions guarding execution of the payloads, hiding techniques applications employ to evade detection by the user, and other implementation-level properties relevant for automated malware detection. As most applications in our dataset contain multiple payloads, each triggered via its own complex activation logic, we also contribute a graph-based representation showing activation paths for all application payloads in form of a control- and data-flow graph. Furthermore, we discuss the capabilities of existing malware detection tools, put them in context of the properties observed in the analyzed malware, and identify gaps and future research directions. We believe that our detailed analysis of the recent, evasive malware will be of interest to researchers and practitioners and will help further improve malware detection tools.
Ding, Zhenquan, Xu, Hui, Guo, Yonghe, Yan, Longchuan, Cui, Lei, Hao, Zhiyu.  2022.  Mal-Bert-GCN: Malware Detection by Combining Bert and GCN. 2022 IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). :175—183.
With the dramatic increase in malicious software, the sophistication and innovation of malware have increased over the years. In particular, the dynamic analysis based on the deep neural network has shown high accuracy in malware detection. However, most of the existing methods only employ the raw API sequence feature, which cannot accurately reflect the actual behavior of malicious programs in detail. The relationship between API calls is critical for detecting suspicious behavior. Therefore, this paper proposes a malware detection method based on the graph neural network. We first connect the API sequences executed by different processes to build a directed process graph. Then, we apply Bert to encode the API sequences of each process into node embedding, which facilitates the semantic execution information inside the processes. Finally, we employ GCN to mine the deep semantic information based on the directed process graph and node embedding. In addition to presenting the design, we have implemented and evaluated our method on 10,000 malware and 10,000 benign software datasets. The results show that the precision and recall of our detection model reach 97.84% and 97.83%, verifying the effectiveness of our proposed method.
2023-08-25
Zheng, Chaofan, Hu, Wenhui, Li, Tianci, Liu, Xueyang, Zhang, Jinchan, Wang, Litian.  2022.  An Insider Threat Detection Method Based on Heterogeneous Graph Embedding. 2022 IEEE 8th Intl Conference on Big Data Security on Cloud (BigDataSecurity), IEEE Intl Conference on High Performance and Smart Computing, (HPSC) and IEEE Intl Conference on Intelligent Data and Security (IDS). :11—16.
Insider threats have high risk and concealment characteristics, which makes traditional anomaly detection methods less effective in insider threat detection. Existing detection methods ignore the logical relationship between user behaviors and the consistency of behavior sequences among homogeneous users, resulting in poor model effects. We propose an insider threat detection method based on internal user heterogeneous graph embedding. Firstly, according to the characteristics of CERT data, comprehensively consider the relationship between users, the time sequence, and logical relationship, and construct a heterogeneous graph. In the second step, according to the characteristics of heterogeneous graphs, the embedding learning of graph nodes is carried out according to random walk and Word2vec. Finally, we propose an Insider Threat Detection Design (ITDD) model which can map and the user behavior sequence information into a high-dimensional feature space. In the CERT r5.2 dataset, compared with a variety of traditional machine learning methods, the effect of our method is significantly better than the final result.
Yoon, Wonseok, Chang, Hangbae.  2022.  Insider Threat Data Expansion Research using Hyperledger Fabric. 2022 International Conference on Platform Technology and Service (PlatCon). :25—28.
This paper deals with how to implement a system that extends insider threat behavior data using private blockchain technology to overcome the limitations of insider threat datasets. Currently, insider threat data is completely undetectable in existing datasets for new methods of insider threat due to the lack of insider threat scenarios and abstracted event behavior. Also, depending on the size of the company, it was difficult to secure a sample of data with the limit of a small number of leaks among many general users in other organizations. In this study, we consider insiders who pose a threat to all businesses as public enemies. In addition, we proposed a system that can use a private blockchain to expand insider threat behavior data between network participants in real-time to ensure reliability and transparency.
2023-08-24
Cao, Yaofu, Li, Tianquan, Li, Xiaomeng, Zhao, Jincheng, Liu, Junwen, Yan, Junlu.  2022.  Research on network security behavior audit method of power industrial control system operation support cloud platform based on FP-Growth association rule algorithm. 2022 International Conference on Artificial Intelligence, Information Processing and Cloud Computing (AIIPCC). :409–412.
With the introduction of the national “carbon peaking and carbon neutrality” strategic goals and the accelerated construction of the new generation of power systems, cloud applications built on advanced IT technologies play an increasingly important role in meeting the needs of digital power business. In view of the characteristics of the current power industrial control system operation support cloud platform with wide coverage, large amount of log data, and low analysis intelligence, this paper proposes a cloud platform network security behavior audit method based on FP-Growth association rule algorithm, aiming at the uniqueness of the operating data of the cloud platform that directly interacts with the isolated system environment of power industrial control system. By using the association rule algorithm to associate and classify user behaviors, our scheme formulates abnormal behavior judgment standards, establishes an automated audit strategy knowledge base, and improves the security audit efficiency of power industrial control system operation support cloud platform. The intelligent level of log data analysis enables effective discovery, traceability and management of internal personnel operational risks.
Trifonov, Roumen, Manolov, Slavcho, Tsochev, Georgi, Pavlova, Galya, Raynova, Kamelia.  2022.  Analytical Choice of an Effective Cyber Security Structure with Artificial Intelligence in Industrial Control Systems. 2022 10th International Scientific Conference on Computer Science (COMSCI). :1–6.
The new paradigm of industrial development, called Industry 4.0, faces the problems of Cybersecurity, and as it has already manifested itself in Information Systems, focuses on the use of Artificial Intelligence tools. The authors of this article build on their experience with the use of the above mentioned tools to increase the resilience of Information Systems against Cyber threats, approached to the choice of an effective structure of Cyber-protection of Industrial Systems, primarily analyzing the objective differences between them and Information Systems. A number of analyzes show increased resilience of the decentralized architecture in the management of large-scale industrial processes to the centralized management architecture. These considerations provide sufficient grounds for the team of the project to give preference to the decentralized structure with flock behavior for further research and experiments. The challenges are to determine the indicators which serve to assess and compare the impacts on the controlled elements.
Veeraiah, Vivek, Kumar, K Ranjit, Lalitha Kumari, P., Ahamad, Shahanawaj, Bansal, Rohit, Gupta, Ankur.  2022.  Application of Biometric System to Enhance the Security in Virtual World. 2022 2nd International Conference on Advance Computing and Innovative Technologies in Engineering (ICACITE). :719–723.
Virtual worlds was becoming increasingly popular in a variety of fields, including education, business, space exploration, and video games. Establishing the security of virtual worlds was becoming more critical as they become more widely used. Virtual users were identified using a behavioral biometric system. Improve the system's ability to identify objects by fusing scores from multiple sources. Identification was based on a review of user interactions in virtual environments and a comparison with previous recordings in the database. For behavioral biometric systems like the one described, it appears that score-level biometric fusion was a promising tool for improving system performance. As virtual worlds become more immersive, more people will want to participate in them, and more people will want to be able to interact with each other. Each region of the Meta-verse was given a glimpse of the current state of affairs and the trends to come. As hardware performance and institutional and public interest continue to improve, the Meta-verse's development is hampered by limitations like computational method limits and a lack of realized collaboration between virtual world stakeholders and developers alike. A major goal of the proposed research was to verify the accuracy of the biometric system to enhance the security in virtual world. In this study, the precision of the proposed work was compared to that of previous work.
Briggs, Shannon, Chabot, Sam, Sanders, Abraham, Peveler, Matthew, Strzalkowski, Tomek, Braasch, Jonas.  2022.  Multiuser, multimodal sensemaking cognitive immersive environment with a task-oriented dialog system. 2022 IEEE International Symposium on Technologies for Homeland Security (HST). :1–3.
This paper is a conceptual paper that explores how the sensemaking process by intelligence analysts completed within a cognitive immersive environment might be impacted by the inclusion of a progressive dialog system. The tools enabled in the sensemaking room (a specific instance within the cognitive immersive environment) were informed by tools from the intelligence analysis domain. We explore how a progressive dialog system would impact the use of tools such as the collaborative brainstorming exercise [1]. These structured analytic techniques are well established in intelligence analysis training literature, and act as ways to access the intended users' cognitive schema as they use the cognitive immersive room and move through the sensemaking process. A prior user study determined that the sensemaking room encouraged users to be more concise and representative with information while using the digital brainstorming tool. We anticipate that addition of the progressive dialog function will enable a more cohesive link between information foraging and sensemaking behaviors for analysts.
2023-08-18
Gawehn, Philip, Ergenc, Doganalp, Fischer, Mathias.  2022.  Deep Learning-based Multi-PLC Anomaly Detection in Industrial Control Systems. GLOBECOM 2022 - 2022 IEEE Global Communications Conference. :4878—4884.
Industrial control systems (ICSs) have become more complex due to their increasing connectivity, heterogeneity and, autonomy. As a result, cyber-threats against such systems have been significantly increased as well. Since a compromised industrial system can easily lead to hazardous safety and security consequences, it is crucial to develop security countermeasures to protect coexisting IT systems and industrial physical processes being involved in modern ICSs. Accordingly, in this study, we propose a deep learning-based semantic anomaly detection framework to model the complex behavior of ICSs. In contrast to the related work assuming only simpler security threats targeting individual controllers in an ICS, we address multi-PLC attacks that are harder to detect as requiring to observe the overall system state alongside single-PLC attacks. Using industrial simulation and emulation frameworks, we create a realistic setup representing both the production and networking aspects of industrial systems and conduct some potential attacks. Our experimental results indicate that our model can detect single-PLC attacks with 95% accuracy and multi-PLC attacks with 80% accuracy and nearly 1% false positive rate.
2023-08-16
Nisha, T N, Pramod, Dhanya.  2022.  Sequential event-based detection of network attacks on CSE CIC IDS 2018 data set – Application of GSP and IPAM Algorithm. 2022 International Conference on Computing, Communication, Security and Intelligent Systems (IC3SIS). :1—7.
Network attacks are always a nightmare for the network administrators as it eats away a huge wavelength and disturbs the normal working of many critical services in the network. Network behavior based profiling and detection is considered to be an accepted method; but the modeling data and method is always a big concern. The network event-based profiling is getting acceptance as they are sequential in nature and the sequence depicts the behavior of the system. This sequential network events can be analyzed using different techniques to create a profile for anomaly detection. In this paper we examine the possibility of two techniques for sequential event analysis using Modified GSP and IPAM algorithm. We evaluate the performance of these algorithms on the CSE-CIC-IDS 2018 data set to benchmark the performance. This experiment is different from other anomaly-based detection which evaluates the features of the dataset to detect the abnormalities. The performance of the algorithms on the dataset is then confirmed by the pattern evolving from the analysis and the indications it provides for early detection of network attacks.
2023-08-04
Zhang, Hengwei, Zhang, Xiaoning, Sun, Pengyu, Liu, Xiaohu, Ma, Junqiang, Zhang, Yuchen.  2022.  Traceability Method of Network Attack Based on Evolutionary Game. 2022 International Conference on Networking and Network Applications (NaNA). :232–236.
Cyberspace is vulnerable to continuous malicious attacks. Traceability of network attacks is an effective defense means to curb and counter network attacks. In this paper, the evolutionary game model is used to analyze the network attack and defense behavior. On the basis of the quantification of attack and defense benefits, the replication dynamic learning mechanism is used to describe the change process of the selection probability of attack and defense strategies, and finally the evolutionary stability strategies and their solution curves of both sides are obtained. On this basis, the attack behavior is analyzed, and the probability curve of attack strategy and the optimal attack strategy are obtained, so as to realize the effective traceability of attack behavior.
2023-07-21
Liu, Mingchang, Sachidananda, Vinay, Peng, Hongyi, Patil, Rajendra, Muneeswaran, Sivaanandh, Gurusamy, Mohan.  2022.  LOG-OFF: A Novel Behavior Based Authentication Compromise Detection Approach. 2022 19th Annual International Conference on Privacy, Security & Trust (PST). :1—10.
Password-based authentication system has been praised for its user-friendly, cost-effective, and easily deployable features. It is arguably the most commonly used security mechanism for various resources, services, and applications. On the other hand, it has well-known security flaws, including vulnerability to guessing attacks. Present state-of-the-art approaches have high overheads, as well as difficulties and unreliability during training, resulting in a poor user experience and a high false positive rate. As a result, a lightweight authentication compromise detection model that can make accurate detection with a low false positive rate is required.In this paper we propose – LOG-OFF – a behavior-based authentication compromise detection model. LOG-OFF is a lightweight model that can be deployed efficiently in practice because it does not include a labeled dataset. Based on the assumption that the behavioral pattern of a specific user does not suddenly change, we study the real-world authentication traffic data. The dataset contains more than 4 million records. We use two features to model the user behaviors, i.e., consecutive failures and login time, and develop a novel approach. LOG-OFF learns from the historical user behaviors to construct user profiles and makes probabilistic predictions of future login attempts for authentication compromise detection. LOG-OFF has a low false positive rate and latency, making it suitable for real-world deployment. In addition, it can also evolve with time and make more accurate detection as more data is being collected.
Concepcion, A. R., Sy, C..  2022.  A System Dynamics Model of False News on Social Networking Sites. 2022 IEEE International Conference on Industrial Engineering and Engineering Management (IEEM). :0786—0790.
Over the years, false news has polluted the online media landscape across the world. In this “post-truth” era, the narratives created by false news have now come into fruition through dismantled democracies, disbelief in science, and hyper-polarized societies. Despite increased efforts in fact-checking & labeling, strengthening detection systems, de-platforming powerful users, promoting media literacy and awareness of the issue, false news continues to be spread exponentially. This study models the behaviors of both the victims of false news and the platform in which it is spread— through the system dynamics methodology. The model was used to develop a policy design by evaluating existing and proposed solutions. The results recommended actively countering confirmation bias, restructuring social networking sites’ recommendation algorithms, and increasing public trust in news organizations.
Benfriha, Sihem, Labraoui, Nabila.  2022.  Insiders Detection in the Uncertain IoD using Fuzzy Logic. 2022 International Arab Conference on Information Technology (ACIT). :1—6.
Unmanned aerial vehicles (UAVs) and various network entities deployed on the ground can communicate with each other over the Internet of Drones (IoD), a network architecture designed expressly to allow communications between heterogenous entities. Drone technology has a wide range of uses, including on-demand package delivery, traffic and wild life surveillance, inspection of infrastructure and search, rescue and agriculture. However, IoD systems are vulnerable to numerous attacks, The main goal is to develop an all-encompassing security model that can be used to analyze security concerns in various UAV-based systems. With exceptional flexibility and increasing efficiency, trust management is a promising alternative to traditional detection methods. In a heterogeneous environment, it is also compatible with other security mechanisms. In this article, we present a fuzzy logic as an Insider Detection technique which calculate sensor data trust and assessing node behavior. To build confidence throughout the entire IoD, our proposal divides trust into two parts: Data trust and Node trust. This is in contrast to earlier models. Experimental results show that our solution is effective in terms of False positive ratio and Average of end-to-end delay.
Huang, Fanwei, Li, Qiuping, Zhao, Junhui.  2022.  Trust Management Model of VANETs Based on Machine Learning and Active Detection Technology. 2022 IEEE/CIC International Conference on Communications in China (ICCC Workshops). :412—416.
With the continuous development of vehicular ad hoc networks (VANETs), it brings great traffic convenience. How-ever, it is still a difficult problem for malicious vehicles to spread false news. In order to ensure the reliability of the message, an effective trust management model must be established, so that malicious vehicles can be detected and false information can be identified in the vehicle ad hoc network in time. This paper presents a trust management model based on machine learning and active detection technology, which evaluates the trust of vehicles and events to ensure the credibility of communication. Through the active detection mechanism, vehicles can detect the indirect trust of their neighbors, which improves the filtering speed of malicious nodes. Bayesian classifier can judge whether a vehicle is a malicious node by the state information of the vehicle, and can limit the behavior of the malicious vehicle at the first time. The simulation results show that our scheme can obviously restrict malicious vehicles.
2023-07-13
Zhang, Zhun, Hao, Qiang, Xu, Dongdong, Wang, Jiqing, Ma, Jinhui, Zhang, Jinlei, Liu, Jiakang, Wang, Xiang.  2022.  Real-Time Instruction Execution Monitoring with Hardware-Assisted Security Monitoring Unit in RISC-V Embedded Systems. 2022 8th Annual International Conference on Network and Information Systems for Computers (ICNISC). :192–196.

Embedded systems involve an integration of a large number of intellectual property (IP) blocks to shorten chip's time to market, in which, many IPs are acquired from the untrusted third-party suppliers. However, existing IP trust verification techniques cannot provide an adequate security assurance that no hardware Trojan was implanted inside the untrusted IPs. Hardware Trojans in untrusted IPs may cause processor program execution failures by tampering instruction code and return address. Therefore, this paper presents a secure RISC-V embedded system by integrating a Security Monitoring Unit (SMU), in which, instruction integrity monitoring by the fine-grained program basic blocks and function return address monitoring by the shadow stack are implemented, respectively. The hardware-assisted SMU is tested and validated that while CPU executes a CoreMark program, the SMU does not incur significant performance overhead on providing instruction security monitoring. And the proposed RISC-V embedded system satisfies good balance between performance overhead and resource consumption.

2023-06-30
Lonergan, Erica D., Montgomery, Mark.  2022.  The Promise and Perils of Allied Offensive Cyber Operations. 2022 14th International Conference on Cyber Conflict: Keep Moving! (CyCon). 700:79–92.
NATO strategy and policy has increasingly focused on incorporating cyber operations to support deterrence, warfighting, and intelligence objectives. However, offensive cyber operations in particular have presented a delicate challenge for the alliance. As cyber threats to NATO members continue to grow, the alliance has begun to address how it could incorporate offensive cyber operations into its strategy and policy. However, there are significant hurdles to meaningful cooperation on offensive cyber operations, in contrast with the high levels of integration in other operational domains. Moreover, there is a critical gap in existing conceptualizations of the role of offensive cyber operations in NATO policy. Specifically, NATO cyber policy has focused on cyber operations in a warfighting context at the expense of considering cyber operations below the level of conflict. In this article, we explore the potential role for offensive cyber operations not only in wartime but also below the threshold of armed conflict. In doing so, we systematically explore a number of challenges at the political/strategic as well as the operational/tactical levels and provide policy recommendations for next steps for the alliance.
ISSN: 2325-5374
Azghandi, Seif.  2022.  Deterrence of Cycles in Temporal Knowledge Graphs. 2022 IEEE Aerospace Conference (AERO). :01–09.
Temporal Knowledge Graph Embedding (TKGE) is an extensible (continuous vector space) time-sensitive data structure (tree) and is used to predict future event given historical events. An event consists of current state of a knowledge (subject), and a transition (predicate) that morphs the knowledge to the next state (object). The prediction is accomplished when the historical event data conform to structural model of Temporal Points Processes (TPP), followed by processing it by the behavioral model of Conditional Intensity Function (CIF). The formidable challenge in constructing and maintaining a TKGE is to ensure absence of cycles when historical event data are formed/structured as logical paths. Variations of depth-first search (DFS) are used in constructing TKGE albeit with the challenge of maintaining it as a cycle-free structure. This article presents a simple (tradeoff-based) design that creates and maintains a single-rooted isolated-paths TKGE: ipTKGE. In ipTKGE, isolated-paths have their own (local) roots. The local roots trigger the break down of the traditionally-constructed TKGE into isolated (independent) paths alleviating the necessity for using DFS - or its variational forms. This approach is possible at the expense of subject/objec t and predicates redun-dancies in ipTKGE. Isolated-paths allow for simpler algorithmic detection and avoidance of potential cycles in TKGE.
ISSN: 1095-323X
Libicki, Martin C..  2022.  Obnoxious Deterrence. 2022 14th International Conference on Cyber Conflict: Keep Moving! (CyCon). 700:65–77.
The reigning U.S. paradigm for deterring malicious cyberspace activity carried out by or condoned by other countries is to levy penalties on them. The results have been disappointing. There is little evidence of the permanent reduction of such activity, and the narrative behind the paradigm presupposes a U.S./allied posture that assumes the morally superior role of judge upon whom also falls the burden of proof–-a posture not accepted but nevertheless exploited by other countries. In this paper, we explore an alternative paradigm, obnoxious deterrence, in which the United States itself carries out malicious cyberspace activity that is used as a bargaining chip to persuade others to abandon objectionable cyberspace activity. We then analyze the necessary characteristics of this malicious cyberspace activity, which is generated only to be traded off. It turns out that two fundamental criteria–that the activity be sufficiently obnoxious to induce bargaining but be insufficiently valuable to allow it to be traded away–may greatly reduce the feasibility of such a ploy. Even if symmetric agreements are easier to enforce than pseudo-symmetric agreements (e.g., the XiObama agreement of 2015) or asymmetric red lines (e.g., the Biden demand that Russia not condone its citizens hacking U.S. critical infrastructure), when violations occur, many of today’s problems recur. We then evaluate the practical consequences of this approach, one that is superficially attractive.
ISSN: 2325-5374
2023-06-23
Pashamokhtari, Arman, Sivanathan, Arunan, Hamza, Ayyoob, Gharakheili, Hassan Habibi.  2022.  PicP-MUD: Profiling Information Content of Payloads in MUD Flows for IoT Devices. 2022 IEEE 23rd International Symposium on a World of Wireless, Mobile and Multimedia Networks (WoWMoM). :521–526.
The Manufacturer Usage Description (MUD) standard aims to reduce the attack surface for IoT devices by locking down their behavior to a formally-specified set of network flows (access control entries). Formal network behaviors can also be systematically and rigorously verified in any operating environment. Enforcing MUD flows and monitoring their activity in real-time can be relatively effective in securing IoT devices; however, its scope is limited to endpoints (domain names and IP addresses) and transport-layer protocols and services. Therefore, misconfigured or compromised IoTs may conform to their MUD-specified behavior but exchange unintended (or even malicious) contents across those flows. This paper develops PicP-MUD with the aim to profile the information content of packet payloads (whether unencrypted, encoded, or encrypted) in each MUD flow of an IoT device. That way, certain tasks like cyber-risk analysis, change detection, or selective deep packet inspection can be performed in a more systematic manner. Our contributions are twofold: (1) We analyze over 123K network flows of 6 transparent (e.g., HTTP), 11 encrypted (e.g., TLS), and 7 encoded (e.g., RTP) protocols, collected in our lab and obtained from public datasets, to identify 17 statistical features of their application payload, helping us distinguish different content types; and (2) We develop and evaluate PicP-MUD using a machine learning model, and show how we achieve an average accuracy of 99% in predicting the content type of a flow.
2023-06-09
Plambeck, Swantje, Fey, Görschwin, Schyga, Jakob, Hinckeldeyn, Johannes, Kreutzfeldt, Jochen.  2022.  Explaining Cyber-Physical Systems Using Decision Trees. 2022 2nd International Workshop on Computation-Aware Algorithmic Design for Cyber-Physical Systems (CAADCPS). :3—8.
Cyber-Physical Systems (CPS) are systems that contain digital embedded devices while depending on environmental influences or external configurations. Identifying relevant influences of a CPS as well as modeling dependencies on external influences is difficult. We propose to learn these dependencies with decision trees in combination with clustering. The approach allows to automatically identify relevant influences and receive a data-related explanation of system behavior involving the system's use-case. Our paper presents a case study of our method for a Real-Time Localization System (RTLS) proving the usefulness of our approach, and discusses further applications of a learned decision tree.
2023-05-12
Gao, Lin, Battistelli, Giorgio, Chisci, Luigi.  2022.  Resilience of multi-object density fusion against cyber-attacks. 2022 11th International Conference on Control, Automation and Information Sciences (ICCAIS). :7–12.
Recently, it has been proposed to deal with fusion of multi-object densities exploiting the minimum information loss (MIL) rule, which has shown its superiority over generalized covariance intersection (GCI) fusion whenever sensor nodes have low detection probability. On the contrary, GCI shows better performance than MIL when dense clutter is involved in the measurements. In this paper, we are going to study the behavior of multi-object fusion with MIL and, respectively, GCI rules in the situation wherein the sensor network is exposed to cyber-attacks. Both theoretical and numerical analyses demonstrate that MIL is more robust than GCI fusion when the multi-sensor system is subject to a packet substitution attack.
ISSN: 2475-7896
Zhang, Xinyan.  2022.  Access Control Mechanism Based on Game Theory in the Internet of Things Environment. 2022 IEEE 8th International Conference on Computer and Communications (ICCC). :1–6.
In order to solve the problem that the traditional “centralized” access control technology can no longer guarantee the security of access control in the current Internet of Things (IoT)environment, a dynamic access control game mechanism based on trust is proposed. According to the reliability parameters of the recommended information obtained by the two elements of interaction time and the number of interactions, the user's trust value is dynamically calculated, and the user is activated and authorized to the role through the trust level corresponding to the trust value. The trust value and dynamic adjustment factor are introduced into the income function to carry out game analysis to avoid malicious access behavior of users. The hybrid Nash equilibrium strategy of both sides of the transaction realizes the access decision-making work in the IoT environment. Experimental results show that the game mechanism proposed in this paper has a certain restraining effect on malicious nodes and can play a certain incentive role in the legitimate access behavior of IoT users.