Biblio

The paper considers the issue of increasing the level of trust to the user of the information system by applying profiling actions. The authors have developed the model of user behavior, which allows to identify the user by his actions in the operating system. The model uses a user's characteristic metric instead of binary identification. The user's characteristic demonstrates the degree to which the current actions of the user corresponding to the user's behavior model. To calculate the user's characteristic, several formulas have been proposed. The authors propose to implement the developed behavior model into the access control model. For this purpose, the authors create the prototype of the user action profiling system for Windows family operating systems. This system should control access to protected resources by analyzing user behavior. The authors performed a series of tests with this system. This allowed to evaluate the accuracy of the system based on the proposed behavior model. Test results showed the type I errors. Therefore, the authors invented and described a polymodel approach to profiling actions. Potentially, the polymodel approach should solve the problem of the accuracy of the user action profiling system.

An Intrusion Detection System (IDS) is a core element for securing critical systems. An IDS can use signatures of known attacks, or an anomaly detection model for detecting unknown attacks. Attacking an IDS is often the entry point of an attack against a critical system. Consequently, the security of IDSs themselves is imperative. To secure model-based IDSs, we propose a method to authenticate the anomaly detection model. The anomaly detection model is an autoencoder for which we only have access to input-output pairs. Inputs consist of time windows of values from sensors and actuators of an Industrial Control System. Our method is based on a multipath Neural Network (NN) classifier, a newly proposed deep learning technique. The idea is to characterize errors of an IDS's autoencoder by using a multipath NN's confidence measure \$c\$. We use the Wilcoxon-Mann-Whitney (WMW) test to detect a change in the distribution of the summary variable \$c\$, indicating that the autoencoder is not working properly. We compare our method to two baselines. They consist in using other summary variables for the WMW test. We assess the performance of these three methods using simulated data. Among others, our analysis shows that: 1) both baselines are oblivious to some autoencoder spoofing attacks while 2) the WMW test on a multipath NN's confidence measure enables detecting eventually any autoencoder spoofing attack.

Fault injection is a major threat to embedded system security since it can lead to modified control flows and leakage of critical security parameters, such as secret keys. However, injecting physical faults into devices is cumbersome and difficult since it requires a lot of preparation and manual inspection of the assembly instructions. Furthermore, a single fault injection method cannot cover all possible fault types. Simulating fault injection in comparison, is, in general, less costly, more time-efficient, and can cover a large amount of possible fault combinations. Hence, many different fault injection tools have been developed for this purpose. However, previous tools have several drawbacks since they target only individual architectures or cover merely a limited amount of the possible fault types for only specific memory types. In this paper, we present ARCHIE, a QEMU-based architecture-independent fault evaluation tool, that is able to simulate transient and permanent instruction and data faults in RAM, flash, and processor registers. ARCHIE supports dynamic code analysis and parallelized execution. It makes use of the Tiny Code Generator (TCG) plugin, which we extended with our fault plugin to enable read and write operations from and to guest memory. We demonstrate ARCHIE’s capabilities through automatic binary analysis of two exemplary applications, TinyAES and a secure bootloader, and validate our tool’s results in a laser fault injection experiment. We show that ARCHIE can be run both on a server with extensive resources and on a common laptop. ARCHIE can be applied to a wide range of use cases for analyzing and enhancing open source and proprietary firmware in white, grey, or black box tests.

5G and beyond 5G low power wireless networks make Internet of Things (IoT) and Cyber-Physical Systems (CPS) applications capable of serving massive amounts of devices and machines. Due to the broadcast nature of wireless networks, it is crucial to secure the communication between these devices and machines from spoofing and interception attacks. This paper is concerned with the security of carrier frequency offset (CFO) based continuous physical layer authentication. The interaction between an attacker and a defender is modeled as a dynamic discrete leader-follower game with imperfect information. In the considered model, a legitimate user (Alice) communicates with the defender/operator (Bob) and is authorized by her CFO continuously. The attacker (Eve), by listening/eavesdropping the communication between Alice and Bob, tries to learn the CFO characteristics of Alice and aims to inject malicious packets to Bob by impersonating Alice. First, by showing that the optimal attacker strategy is a threshold policy, an optimization problem of the attacker with exponentially growing action space is reduced to a tractable integer optimization problem with a single parameter, then the corresponding defender cost is derived. Extensive simulations illustrate the characteristics of optimal strategies/utilities of the players depending on the actions, and show that the defender’s optimal false positive rate causes attack success probabilities to be in the order of 0.99. The results show the importance of the parameters while finding the balance between system security and efficiency.

Users prefer to do e-banking and e-shopping now-a-days because of the exponential growth of the internet. Because of this paradigm shift, hackers are finding umpteen ways to steal our personal information and critical details like details of debit and credit cards, by disguising themselves as reputed websites, just by changing the spelling or making minor modifications to the URL. Identifying whether an URL is benign or malicious is a challenging job, because it makes use of the weakness of the user. While there are several works carried out to detect phishing websites, they only use heuristic methods and list based techniques and therefore couldn't avoid phishing effectively. In this paper an anti-phishing system was proposed to protect the users. It uses an ensemble model that uses both LSTM and CNN with a massive data set containing nearly 2,00,000 URLs, that is balanced. After analyzing the accuracy of different existing approaches, it has been found that the ensemble model that uses both LSTM and CNN performed better with an accuracy of 96% and the precision is 97% respectively which is far better than the existing solutions.

This paper investigates what cues people use to spot a phishing email when the email is spoken back to them by the Alexa voice assistant, instead of read on a screen. We configured Alexa to read there emails to a sample of 52 participants and ask for their phishing evaluations. We also asked a control group of another 52 participants to evaluate these emails on a regular screen to compare the plausibility of phishing pretexting in voice assistant environments. The results suggest that Alexa can be used for pretexting users that lack phishing awareness to receive and act upon a relatively urgent email from an authoritative sender. Inspecting the sender (authority cue”) and relying on their personal experiences helped participants with higher phishing awareness to use Alexa towards a preliminary email screening to flag an email as potentially “phishing.”

The report examines approaches to assessing the information security of data transmission networks (DTN). The analysis of methods for quantitative assessment of information security risks is carried out. A methodological approach to the assessment of IS DTN based on the risk-oriented method is presented. A method for assessing risks based on the mathematical apparatus of the queening systems (QS) is considered and the problem of mathematical modeling is solved.

With the development of information technology, the Internet of things (IOT) has gradually become the third wave of global information industry revolution after computer and Internet. Artificial intelligence (AI) and IOT technology is an important prerequisite for the rapid development of the current information society. However, while AI and IOT technologies bring convenient and intelligent services to people, they also have many defects and imperfect development. Therefore, it is necessary to pay more attention to the development of AI and IOT technologies, actively improve the application system, and create a network security management system for AI and IOT applications that can timely detect intrusion, assess risk and prevent viruses. In this paper, the network security risks caused by AI and IOT applications are analyzed. Therefore, in order to ensure the security of IOT environment, network security and privacy security have become the primary problems to be solved, and management should be strengthened from technical to legal aspects.

In the Internet of Things, it is more important than ever to effectively address the problem of secure transmission based on steganographic substitution by synthesizing digital sensor data. In this case, the degree to which the grayscale message is obscured is a necessary issue. To ensure information security in IoT systems, various methods are used and information security problems are solved to one degree or another. The article proposes a method and algorithm for a computer image in grayscale, in which the value of each pixel is one sample, representing the amount of light, carrying only information about the intensity. The proposed method in grayscale using steganographic coding provides a secure implementation of data transmission in the IoT system. Study results were analyzed using PSNR (Peak Signal to Noise Ratio).

Currently, statistical tests for random number generators (RNGs) are widely used in practice, and some of them are even included in information security standards. But despite the popularity of RNGs, consistent tests are known only for stationary ergodic deviations of randomness (a test is consistent if it detects any deviations from a given class when the sample size goes to infinity). However, the model of a stationary ergodic source is too narrow for some RNGs, in particular, for generators based on physical effects. In this article, we propose computable consistent tests for some classes of deviations more general than stationary ergodic and describe some general properties of statistical tests. The proposed approach and the resulting test are based on the ideas and methods of information theory.

The article describes an analytical model of the actions of an information security violator for the secret extraction of confidential information processed on the protected object in terms of the theory of Markov random processes. The characteristics of the existing models are given, as well as the requirements that are imposed on the model for simulating the process. All model states are described in detail, as well as the data flow that is used in the process simulation. The model is represented as a directed state graph. It also describes the option for evaluating the data obtained during modeling. In the modern world, with the developing methods and means of covert extraction of information, the problem of assessing the damage that can be caused by the theft of the organization's data is acute. This model can be used to build a model of information security threats.

To ensure comprehensive information protection, it is necessary to use various means of information protection, distributed by levels and segments of the information system. This creates a contradiction, which consists in the presence of many different means of information protection and the inability to ensure their joint coordinated application in ensuring the protection of information due to the lack of an automated control system. One of the tasks that contribute to the solution of this problem is the task of generating a feasible organizational structure and the structure of such an automated control system, the results of which would provide these options and choose the one that is optimal under given initial parameters and limitations. The problem is solved by reducing the General task with particular splitting the original graph of the automated cyber defense control system into subgraphs. As a result, the organizational composition and the automated cyber defense management system structures will provide a set of acceptable variants, on the basis of which the optimal choice is made under the given initial parameters and restrictions. As a result, admissible variants for the formation technique of organizational structure and structure by the automated control system of cyber defense is received.

Industrial Control System (ICS) transmits control and monitoring data between devices in an industrial environment that includes smart grids, water and gas distribution, or traffic control. Unlike traditional internet communication, ICS traffic is stable, periodical, and with regular communication patterns that can be described using statistical modeling. By observing selected features of ICS transmission, e.g., packet direction and inter-arrival times, we can create a statistical profile of the communication based on distribution of features learned from the normal ICS traffic. This paper demonstrates that using statistical modeling, we can detect various anomalies caused by irregular transmissions, device or link failures, and also cyber attacks like packet injection, scanning, or denial of service (DoS). The paper shows how a statistical model is automatically created from a training dataset. We present two types of statistical profiles: the master-oriented profile for one-to-many communication and the peer-to-peer profile that describes traffic between two ICS devices. The proposed approach is fast and easy to implement as a part of an intrusion detection system (IDS) or an anomaly detection (AD) module. The proof-of-concept is demonstrated on two industrial protocols: IEC 60870-5-104 (aka IEC 104) and IEC 61850 (Goose).

System logs record valuable information about the runtime status of IT systems. Therefore, system logs are a naturally excellent source of information for anomaly detection. Most of the existing studies on log-based anomaly detection construct a detection model to identify anomalous logs. Generally, the model treats historical logs as natural language sequences and learns the normal patterns from normal log sequences, and detects deviations from normal patterns as anomalies. However, the majority of existing methods focus on sequential and quantitative information and ignore semantic information hidden in log sequence so that they are inefficient in anomaly detection. In this paper, we propose a novel framework for automatically detecting log anomalies by utilizing an attention-based Bi-LSTM model. To demonstrate the effectiveness of our proposed model, we evaluate the performance on a public production log dataset. Extensive experimental results show that the proposed approach outperforms all comparison methods for anomaly detection.

Over the years, human errors have been identified as one of the most critical factors impacting cybersecurity in an organization that has had a substantial impact. The research uses recent articles published on human resources and information cybersecurity. This research focuses on the vulnerabilities and the best solution to mitigate these threats based on literature review methodology. The study also focuses on identifying the human attitude and behavior towards cybersecurity and how that would impact the organization's financial impact. With the help of the Two-factor Taxonomy of the security behavior model developed in past research, the research aims to identify the best practices and compare the best practices with that of the attitude-behavior found and matched to the model. Finally, the study would compare the difference between best practices and the current practices from the model. This would help provide the organization with specific recommendations that would help change their attitude and behavior towards cybersecurity and ensure the organization is not fearful of the cyber threat of human error threat.

Recently, the Distributed Denial of Service (DDOS) attacks has been used for different aspects to denial the number of services for the end-users. Therefore, there is an urgent need to design an effective detection method against this type of attack. A fuzzy inference system offers the results in a more readable and understandable form. This paper introduces an anomaly-based Intrusion Detection (IDS) system using fuzzy logic. The fuzzy logic inference system implemented as a detection method for Distributed Denial of Service (DDOS) attacks. The suggested method was applied to an open-source DDOS dataset. Experimental results show that the anomaly-based Intrusion Detection system using fuzzy logic obtained the best result by utilizing the InfoGain features selection method besides the fuzzy inference system, the results were 91.1% for the true-positive rate and 0.006% for the false-positive rate.

The main aim of the Internet of things is to improve the safety of the device through inter-Device communication (IDC). Various applications are emerging in Internet of things. Various aspects of Internet of things differ from Internet of things, especially the nodes have more velocity which causes the topology to change rapidly. The requirement of researches in the concept of Internet of things increases rapidly because Internet of things face many challenges on the security, protocols and technology. Despite the fact that the problem of organizing the interaction of IIoT devices has already attracted a lot of attention from many researchers, current research on routing in IIoT cannot effectively solve the problem of data exchange in a self-adaptive and self-organized way, because the number of connected devices is quite large. In this article, an adaptive neuro-fuzzy clustering algorithm is presented for the uniform distribution of load between interacting nodes. We synthesized fuzzy logic and neural network to balance the choice of the optimal number of cluster heads and uniform load distribution between sensors. Comparison is made with other load balancing methods in such wireless sensor networks.

The proposed method allows us to determine the predicted value of the complex systems information security risk and its confidence interval using regression analysis and fuzzy logic in terms of the risk dependence on various factors: the value of resources, the level of threats, potential damage, the level of costs for creating and operating the system, the information resources control level.

The article discusses an approach to identifying the uncertainty of initial information based on the theory of fuzzy logic. A system of criteria for initial information is proposed, calculated on the basis of the input sample, and characterizing the measure of uncertainty present in the system. The basic requirements for the choice of membership functions of the fuzzy inference system are indicated and the final integrated output membership function is obtained, which describes the type of uncertainty of the initial information.

Focusing on security management for supply chain under emergencies, this paper analyzes the characteristics of supply chain risk, clarifies the relationship between business continuity management and security management for supply chain, organizational resilience and security management for supply chain separately, so as to propose suggestions to promote the realization of security management for supply chain combined these two concepts, which is of guiding significance for security management for supply chain and quality assurance of products and services under emergencies.

The international Supply Chains (SC) have expanded rapidly over the decades and also consist of many entities and business partners. The increasing complexity of supply chain makes it more vulnerable to a security threat. Therefore, it is necessary to evaluate security management systems to ensure the flow of goods in SC. In this paper we used international standards to assess the security of the company's supply chain compliance with ISO 28001. Supply chain security that needs to be assessed includes all inbound logistics activities to outbound logistics. The aim of this research is to analyse the security management system by identifying security threat, consequences, and likelihood to develop adequate countermeasures for the security of the company's supply chain. Security risk assessment was done using methodology compliance with ISO 28001 which are identify scope of security assessment, conduct security assessment, list applicable threat scenario, determine consequences, determine likelihood, determine risk score, risk evaluation using risk matrix, determine counter measures, and estimation of risk matrix after countermeasures. This research conducted in one of the leather factory in Indonesia. In this research we divided security threat into five category: asset security, personnel security, information security, goods and conveyance security, and closed cargo transport units. The security assessment was conducted by considering the performance review according to ISO 28001: 2007 and the results show that there are 22 security threat scenarios in the company's supply chain. Based upon a system of priorities by risk score, countermeasures are designed to reduce the threat into acceptable level.

Under the background of "Internet +", in order to solve the problem of deeply mining credit risk behind online supply chain financial big data, this paper proposes an online supply chain financial credit risk assessment method based on deep belief network (DBN). First, a deep belief network evaluation model composed of Restricted Boltzmann Machine (RBM) and classifier SOFTMAX is established, and the performance evaluation test of three kinds of data sets is carried out by using this model. Using factor analysis to select 8 indicators from 21 indicators, and then input them into RBM for conversion to form a more scientific evaluation index, and finally input them into SOFTMAX for evaluation. This method of online supply chain financial credit risk assessment based on DBN is applied to an example for verification. The results show that the evaluation accuracy of this method is 96.04%, which has higher evaluation accuracy and better rationality compared with SVM method and Logistic method.

Military supply chains play a critical role in the acquisition and movement of goods for defence purposes. The disruption of these supply chain processes can have potentially devastating affects to the operational capability of military forces. The introduction and integration of new technologies into defence supply chains can serve to increase their effectiveness. However, the benefits posed by these technologies may be outweighed by significant consequences to the cyber security of the entire defence supply chain. Supply chains are complex Systems of Systems, and the introduction of an insecure technology into such a complex ecosystem may induce cascading system-wide failure, and have catastrophic consequences to military mission assurance. Subsequently, there is a need for an evaluative process to determine the extent to which a new technology will affect the cyber security of military supply chains. This work proposes a new model, the Military Supply Chain Cyber Implications Model (M-SCCIM), that serves to aid military decision makers in understanding the potential cyber security impact of introducing new technologies to supply chains. M-SCCIM is a multiphase model that enables understanding of cyber security and supply chain implications through the lenses of theoretical examinations, pilot applications and system wide implementations.

With the rapid development of cloud computing, IaaS (Infrastructure as a Service) becomes more and more popular. IaaS customers may not clearly know the actual performance of each cloud platform. Moreover, there are no unified standards in performance evaluation of IaaS VMs (virtual machine). The underlying virtualization technology of IaaS cloud is transparent to customers. In this paper, we will design an automated performance benchmarking platform which can automatically install, configure and execute each benchmarking tool with a configuration center. This platform can easily visualize multidimensional benchmarking parameters data of each IaaS cloud platform. We also rented four IaaS VMs from AliCloud-Beijing, AliCloud-Qingdao, UCloud and Huawei to validate our benchmarking system. Performance comparisons of multiple parameters between multiple platforms were shown in this paper. However, in practice, customers' applications running on VMs are often complex. Performance of complex applications may not depend on single benchmarking parameter (e.g. CPU, memory, disk I/O etc.). We ran a TPC-C test for example to get overall performance in MySQL application scenario. The effects of different benchmarking parameters differ in this specific scenario.

Authorship attribution is the problem of identifying the author of texts based on the author's writing style. It is usually assumed that the writing style contains traits inaccessible to conscious manipulation and can thus be safely used to identify the author of a text. Several style markers have been proposed in the literature, nevertheless, there is still no consensus on which best represent the choices of authors. Here we assume an agnostic viewpoint on the dispute for the best set of features that represents an author's writing style. We rather investigate how different sources of information may unveil different aspects of an author's style, complementing each other to improve the overall process of authorship attribution. For this we model authorship attribution as a multi-view learning task. We assess the effectiveness of our proposal applying it to a set of well-studied corpora. We compare the performance of our proposal to the state-of-the-art approaches for authorship attribution. We thoroughly analyze how the multi-view approach improves on methods that use a single data source. We confirm that our approach improves both in accuracy and consistency of the methods and discuss how these improvements are beneficial for linguists and domain specialists.