Biblio

In this research work, an advanced automatic multifunctional compact security system technology is developed using wireless networking system. The security system provides smart security and also alerts the user to avoid the critical circumstances in the daily security issues is held. This system provides a smart solution to the variety of different problems via remote control by the software name Cayenne. This software provides the user to control the system using smart mobile or computer from all over the world and needs to be connected via internet. The system provides general security for essential purposes as the Motion detecting system alerts for any kind of movement inside the area where it is installed, the gas detecting system alerts the user for any type of gas leakage inside the room and also clearing the leaking gas by exhaust fan automatically, the fire detection system detects instantly when a slight fire is emerged also warning the user with alarm, the LDR system is for electrical door lock and it can be controlled by Cayenne using mobile or computer and lastly a home light system which can be turned on/off by the user of Cayenne. Raspberry Pi has been used to connect and control all the necessary equipment. The system provides the most essential security for home and also for corporate world and it is very simple, easy to operate, and consumes small space.

The resilient output feedback control of linear networked control (NCS) system with uncertain dynamics in the presence of Gaussian noise is presented under the denial of service (DoS) attacks on communication networks. The DoS attacks on the sensor-to-controller (S-C) and controller- to-actuator (C-A) networks induce random packet losses. The NCS is viewed as a jump linear system, where the linear NCS matrices are a function of induced losses that are considered unknown. A set of novel correlation detectors is introduced to detect packet drops in the network channels using the property of Gaussian noise. By using an augmented system representation, the output feedback Q-learning based control scheme is designed for the jump linear NCS with uncertain dynamics to cope with the changing values of the mean packet losses. Simulation results are included to support the theoretical claims.

E-learning enables the transfer of skills, knowledge, and education to a large number of recipients. The E-Learning platform has the tendency to provide face-to-face learning through a learning management system (LMS) and facilitated an improvement in traditional educational methods. The LMS saves organization time, money and easy administration. LMS also saves user time to move across the learning place by providing a web-based environment. However, a few students could be willing to exploit such a system's weakness in a bid to cheat if the conventional authentication methods are employed. In this scenario user authentication and surveillance of end user is more challenging. A system with the simultaneous authentication is put forth through multifactor adaptive authentication methods. The proposed system provides an efficient, low cost and human intervention adaptive for e-learning environment authentication and monitoring system.

Applying machine learning techniques to detect malicious encrypted network traffic has become a challenging research topic. Traditional approaches based on studying network patterns fail to operate on encrypted data, especially without compromising the integrity of encryption. In addition, the requirement of rendering network-wide intelligent protection in a timely manner further exacerbates the problem. In this paper, we propose to leverage ×86 multicore platforms provisioned at enterprises' network edge with the software accelerators to design an encrypted traffic analytics (ETA) system with accelerated speed. Specifically, we explore a suite of data features and machine learning models with an open dataset. Then we show that by using Intel DAAL and OpenVINO libraries in model training and inference, we are able to reduce the training and inference time by a maximum order of 31× and 46× respectively while retaining the model accuracy.

The most common goal of malware analysis is to determine if a given binary is malware or benign. Another objective is similarity analysis of malware binaries to understand how new samples differ from known ones. Similarity analysis helps to analyze the malware with respect to those already analyzed and guides the discovery of novel aspects that should be analyzed more in depth. In this work, we are concerned with similarities and differences detection of malware binaries. Thousands of malware are created every day and machine learning is an indispensable tool for its analysis. Previous work has studied clustering and classification as competing paradigms. However, in this work, a malware similarity analysis technique (AltCC) is proposed that alternates the use of clustering and classification. In addition it assumes the malware are not available all at once but processed in batches. Initially, clustering is applied to the first batch to group similar binaries into novel malware classes. Then, the discovered classes are used to train a classifier. For the following batches, the classifier is used to decide if a new binary classifies to a known class or otherwise unclassified. The unclassified binaries are clustered and the process repeats. Malware clustering (i.e. labeling) may entail further human expert analysis but dramatically reduces the effort. The effectiveness of AltCC is studied using a dataset of 29,661 malware binaries that represent malware received in six consecutive days/batches. When KMeans is used to label the dataset all at once and its labeling is compared to AltCC's, the adjusted-rand-index scores 0.71.

Honeypots are the information system resources used for capturing and analysis of cyber attacks. Highinteraction Honeypots are capable of capturing attacks in their totality and hence are an ideal choice for capturing multi-stage cyber attacks. The term multi-stage attack is an abstraction that refers to a class of cyber attacks consisting of multiple attack stages. These attack stages are executed either by malicious codes, scripts or sometimes even inbuilt system tools. In the work presented in this paper we have proposed a framework for capturing, analysis and modelling of multi-stage cyber attacks. The objective of our work is to devise an effective mechanism for the classification of multi-stage cyber attacks. The proposed framework comprise of a network of high interaction honeypots augmented with an attack analysis engine. The analysis engine performs rule based labeling of captured honeypot data. The labeling engine labels the attack data as generic events. These events are further fused to generate attack graphs. The hence generated attack graphs are used to characterize and later classify the multi-stage cyber attacks.

In malware behavior analysis, there are limitations in the analysis method of control flow and data flow. Researchers analyzed data flow by dynamic taint analysis tools, however, it cost a lot. In this paper, we proposed a method of generating malware summary based on semantic behavior graphs (SBGs, Semantic Behavior Graphs) to address this issue. In this paper, we considered various situation where behaviors be capable of being associated, thus an algorithm of generating semantic behavior graphs was given firstly. Semantic behavior graphs are composed of behavior nodes and associated data edges. Then, we extracted behaviors and logical relationships between behaviors from semantic behavior graphs, and finally generated a summary of malware behaviors with true intension. Experimental results showed that our approach can effectively identify and describe malicious behaviors and generate accurate behavior summary.

In this modern, technological age, the internet has been adopted by the masses. And with it, the danger of malicious attacks by cybercriminals have increased. These attacks are done via Malware, and have resulted in billions of dollars of financial damage. This makes the prevention of malicious attacks an essential part of the battle against cybercrime. In this paper, we are applying machine learning algorithms to predict the malware infection rates of computers based on its features. We are using supervised machine learning algorithms and gradient boosting algorithms. We have collected a publicly available dataset, which was divided into two parts, one being the training set, and the other will be the testing set. After conducting four different experiments using the aforementioned algorithms, it has been discovered that LightGBM is the best model with an AUC Score of 0.73926.

Due to the steady growth of various sophisticated types of malware, different malware analysis systems are becoming more and more demanded. While there are various automatic approaches available to identify and detect malware, the malware analysis is still time-consuming process. The visualization-driven techniques may significantly increase the efficiency of the malware analysis process by involving human visual system which is a powerful pattern seeker. In this paper the authors reviewed different visualization methods, examined their features and tasks solved with their help. The paper presents the most commonly used approaches and discusses open challenges in malware visual analytics.

To harness the value of data generated from IoT, there is a crucial requirement of new mechanisms. Machine learning (ML) is among the most suitable paradigms of computation which embeds strong intelligence within IoT devices. Various ML techniques are being widely utilised for improving network security in IoT. These techniques include reinforcement learning, semi-supervised learning, supervised learning, and unsupervised learning. This report aims to critically analyse the role played by supervised and unsupervised ML for the enhancement of IoT security.

Countries are putting cyber-security at the forefront of their national issues. With the increase in cyber capabilities and infrastructure systems becoming cyber-enabled, threats now have a physical impact from the cyber dimension. This paper proposes an analytical framework for national cyber-security profiling by taking national governmental and technical threat modeling simulations. Applying thematic analysis towards national cybersecurity strategy helps further develop understanding, in conjunction with threat modeling methodology simulation, to gain insight into critical infrastructure threat impact.

The use of modeling techniques such as Knuth's Rule or Bayesian Blocks for the purposes of real-time traffic characterization in RFID networks has been proposed already. This study examines the applicability of using Voronoi polygon maps or alternatively, DBSCAN clustering, as initial density estimation techniques when computing 2-Dimentional Bayesian Blocks models of RFID traffic. Our results are useful for the purposes of extending the constant-piecewise adaptation of Bayesian Blocks into 2D piecewise models for the purposes of more precise detection of anomalies in RFID traffic based on multiple log features such as command type, location, UID values, security support, etc. Automatic anomaly detection of RFID networks is an essential first step in the implementation of intrusion detection as well as a timely response to equipment malfunction such as tag hardware failure.

Due to the rapid growth of using Internet of Things (IoT) devices in the daily life, the need to achieve an acceptable level of security and privacy according to the real security risks for these devices is rising. Security risks may include privacy threats like gaining sensitive information from a device, and authentication problems from counterfeit or cloned devices. It becomes more challenging to add strong security features to extremely constrained devices compared to battery operated devices that have more computational and storage capabilities. We propose a novel application specific instruction-set architecture that allows flexibility on many design levels and achieves the required security level for the Electronic Product Code (EPC) passive Radio Frequency Identification (RFID) tag device. Our solution moves a major design effort from hardware to software, which largely reduces the final unit cost. The proposed architecture can be implemented with 4,662 gate equivalent units (GEs) for 65 nm CMOS technology excluding the memory and the cryptographic units. The synthesis results fulfill the requirements of extremely constrained devices and allow the inclusion of cryptographic units into the datapath of the proposed application-specific instruction set processor (ASIP).

We introduce a lightweight architecture of Intrusion Detection Systems (IDS) for ad-hoc IoT networks. Current state-of-the-art IDS have been designed based on assumptions holding from conventional computer networks, and therefore, do not properly address the nature of IoT networks. In this work, we first identify the correlation between the communication overheads and the placement of an IDS (as captured by proper placement of active IDS agents in the network). We model such networks as Random Geometric Graphs. We then introduce a novel IDS architectural approach by having only a minimum subset of the nodes acting as IDS agents. These nodes are able to monitor the network and detect attacks at the networking layer in a collaborative manner by monitoring 1-hop network information provided by routing protocols such as RPL. Conducted experiments show that our proposed IDS architecture is resilient and robust against frequent topology changes due to node failures. Our detailed experimental evaluation demonstrates significant performance gains in terms of communication overhead and energy dissipation while maintaining high detection rates.

With current IoT architectures, once a single device in a network is compromised, it can be used to disrupt the behavior of other devices on the same network. Even though system administrators can secure critical devices in the network using best practices and state-of-the-art technology, a single vulnerable device can undermine the security of the entire network. The goal of this work is to limit the ability of an attacker to exploit a vulnerable device on an IoT network and fabricate deceitful messages to co-opt other devices. The approach is to limit attackers by using device proxies that are used to retransmit and control network communications. We present an architecture that prevents deceitful messages generated by compromised devices from affecting the rest of the network. The design assumes a centralized and trustworthy machine that can observe the behavior of all devices on the network. The central machine collects application layer data, as opposed to low-level network traffic, from each IoT device. The collected data is used to train models that capture the normal behavior of each individual IoT device. The normal behavioral data is then used to monitor the IoT devices and detect anomalous behavior. This paper reports on our experiments using both a binary classifier and a density-based clustering algorithm to model benign IoT device behavior with a realistic test-bed, designed to capture normal behavior in an IoT-monitored environment. Results from the IoT testbed show that both the classifier and the clustering algorithms are promising and encourage the use of application-level data for detecting compromised IoT devices.

In this paper, an adaptive fuzzy control scheme is proposed for one-quarter automotive active suspension system with full sate constraints and stochastic disturbance. In the considered active suspension system, to further improve the driving security and comfort, the problems of stochastic perturbation and full state constraints are considered simultaneously. In the framework of backstepping, the barrier Lyapunov function is proposed to constrain full state variables. Consequently, by combing the Itô differential formula and stochastic control theory, an adaptive controller is designed to adopt the uneven pavement surface. Ultimately, on the basis of Lyapunov stability theory, it proves that the designed controller not only can constrain the bodywork, the displacement of tires, the current of the electromagnetic actuator, the speeds of the car body and the tires within boundaries, but also can eliminate the stochastic disturbance.

This paper describes the development of a module for calculating security zones in the cloud service of APCS modeling. A mathematical model based on graph theory is used. This allows you to describe access relationships between objects and security policy subjects. A comparative analysis of algorithms for traversing graph vertices is performed in order to select a suitable method for allocating security zones. The implemented algorithm for calculating security zones was added to the cloud service omole.ws.

Network Function Virtualization or NFV gives numerous advantages over the conventional networking techniques by incorporating distinctive features of a network over the virtual machine (VM). It decreases capital and operational costs to give more noteworthy adaptability and flexibility. But all of these advantages come at the expense of the intrinsic system vulnerabilities because of specific sorts of cyber attacks like the Distributed Denial of Service (DDoS) attack. With the increased number of layers in NFV, it becomes easier for an attacker to execute DDoS attack. This study indicates a new model for mitigating the effects of DDoS attacks on NFV. The model has been designed specifically for the individual users especially gamers and online streamers who become victim of DDoS attack on adaily basis. However, the method can be used for a online service like a website in general as well after making certain changes which have been discussed in detail. ARDefense usually performs server migration and IP spoofing when it detects a DDoS attack on the application layer. Effectiveness of ARDefense was tested by measuring load migration and IP spoofing processing time.

Nowadays, machine learning is a popular method for DDoS detection. However, machine learning algorithms are very vulnerable under the attacks of adversarial samples. Up to now, multiple methods of generating adversarial samples have been proposed. However, they cannot be applied to LSTM-based DDoS detection directly because of the discrete property and the utility requirement of its input samples. In this paper, we propose two methods to generate DDoS adversarial samples, named Genetic Attack (GA) and Probability Weighted Packet Saliency Attack (PWPSA) respectively. Both methods modify original input sample by inserting or replacing partial packets. In GA, we evolve a set of modified samples with genetic algorithm and find the evasive variant from it. In PWPSA, we modify original sample iteratively and use the position saliency as well as the packet score to determine insertion or replacement order at each step. Experimental results on CICIDS2017 dataset show that both methods can bypass DDoS detectors with high success rate.

Industrial control systems (ICSs) are facing serious security challenges due to their inherent flaws, and emergence of vulnerabilities from the integration with commercial components and networks. To that end, assessing the security plays a vital role for current industrial enterprises which are responsible for critical infrastructure. This paper accomplishes a complex task of quantitative assessment based on attack graphs in order to look forward critical paths. For the purpose of application to a large-scale heterogeneous ICSs, we propose a flexible attack graph generation algorithm is proposed with the help of the graph data model. Hereafter, our quantitative assessment takes a consideration of graph indicators on specific nodes and edges to get the security metrics. In order to improve results of obtaining the critical attack path, we introduced a formulating selection rule, considering the asset value of industrial control devices. The experimental results show validation and verification of the proposed method.

This study investigates the relationship between resilience of control systems to attacks and the information available to malicious attackers. Specifically, it is shown that control systems are guaranteed to be secure in an asymptotic manner by rendering reactions against potentially harmful actions covert. The behaviors of the attacker and the defender are analyzed through a repeated signaling game with an undisclosed belief under covert reactions. In the typical setting of signaling games, reactions conducted by the defender are supposed to be public information and the measurability enables the attacker to accurately trace transitions of the defender's belief on existence of a malicious attacker. In contrast, the belief in the game considered in this paper is undisclosed and hence common equilibrium concepts can no longer be employed for the analysis. To surmount this difficulty, a novel framework for decision of reasonable strategies of the players in the game is introduced. Based on the presented framework, it is revealed that any reasonable strategy chosen by a rational malicious attacker converges to the benign behavior as long as the reactions performed by the defender are unobservable to the attacker. The result provides an explicit relationship between resilience and information, which indicates the importance of covertness of reactions for designing secure control systems.

In this work, we examine the method of enabling computers to understand human interaction by constructing a generative conversational agent. An experimental approach in trying to apply the techniques of natural language processing using recurrent neural networks (RNNs) to emulate the concept of textual entailment or human reasoning is presented. To achieve this functionality, our experiment involves developing an integrated Long Short-Term Memory cell neural network (LSTM) system enhanced with an attention mechanism. The results achieved by the model are shown in terms of the number of epochs versus loss graphs as well as a brief illustration of the model's conversational capabilities.

Finding a free path without obstacles or situation that pose minimal risk is critical for safe navigation. People who are sighted and people who are blind or visually impaired require navigation safety while walking on a sidewalk. In this paper we develop assistive navigation on a sidewalk by integrating sensory inputs using reinforcement learning. We train the reinforcement model in a simulated robotic environment which is used to avoid sidewalk obstacles. A conversational agent is built by training with real conversation data. The reinforcement learning model along with a conversational agent improved the obstacle avoidance experience about 2.5% from the base case which is 78.75%.

Using erasure codes increases consumption of network traffic and disk I/O tremendously when systems recover data, resulting in high latency of degraded reads. In order to mitigate this problem, we present an adaptive storage scheme based on data access skew, a fact that most data accesses are applied in a small fraction of data. In this scheme, we use both Local Reconstruction Code (LRC), whose recovery cost is low, to store frequently accessed data, and Hitchhiker (HH) code, which guarantees minimum storage cost, to store infrequently accessed data. Besides, an efficient switching algorithm between LRC and HH code with low network and computation costs is provided. The whole system will benefit from low degraded read latency while keeping a low storage overhead, and code-switching will not become a bottleneck.

Science DMZs are specialized networks that enable large-scale distributed scientific research, providing efficient and guaranteed performance while transferring large amounts of data at high rates. The high-speed performance of a Science DMZ is made viable via data transfer nodes (DTNs), therefore they are a critical point of failure. DTNs are usually monitored with network intrusion detection systems (NIDS). However, NIDS do not consider system performance data, such as network I/O interrupts and context switches, which can also be useful in revealing anomalous system performance potentially arising due to external network based attacks or insider attacks. In this paper, we demonstrate how system performance metrics can be applied towards securing a DTN in a Science DMZ network. Specifically, we evaluate the effectiveness of system performance data in detecting TCP-SYN flood attacks on a DTN using DBSCAN (a density-based clustering algorithm) for anomaly detection. Our results demonstrate that system interrupts and context switches can be used to successfully detect TCP-SYN floods, suggesting that system performance data could be effective in detecting a variety of attacks not easily detected through network monitoring alone.