Biblio

In recent year, there has been a growing need for intelligent systems that not only are able to provide reliable classifications but can also produce explanations for the decisions they make. The demand for increased explainability has led to the emergence of explainable artificial intelligence (XAI) as a specific research field. In this context, fuzzy logic systems represent a promising tool thanks to their inherently interpretable structure. The use of a rule-base and linguistic terms, in fact, have allowed researchers to create models that are able to produce explanations in natural language for each of the classifications they make. So far, however, designing systems that make use of interval type-2 (IT2) fuzzy logic and also give explanations for their outputs has been very challenging, partially due to the presence of the type-reduction step. In this paper, it will be shown how constrained interval type-2 (CIT2) fuzzy sets represent a valid alternative to conventional interval type-2 sets in order to address this issue. Through the analysis of two case studies from the medical domain, it is shown how explainable CIT2 classifiers are produced. These systems can explain which rules contributed to the creation of each of the endpoints of the output interval centroid, while showing (in these examples) the same level of accuracy as their IT2 counterpart.

Incident Handling for Cloud Infrastructures focuses on how the clustering based and non-clustering based algorithms can be implemented. Our research focuses in identifying anomalies and suspicious activities that might happen inside a Cloud Infrastructure over available datasets. A brief study has been conducted, where a network statistics dataset the NSL-KDD, has been chosen as the model to be worked upon, such that it can mirror the Cloud Infrastructure and its components. An important aspect of cloud security is to implement anomaly detection mechanisms, in order to monitor the incidents that inhibit the development and the efficiency of the cloud. Several methods have been discovered which help in achieving our present goal, some of these are highlighted as the following; by applying algorithm such as the Local Outlier Factor to cancel the noise created by irrelevant data points, by applying the DBSCAN algorithm which can detect less denser areas in order to identify their cause of clustering, the K-Means algorithm to generate positive and negative clusters to identify the anomalous clusters and by applying the Isolation Forest algorithm in order to implement decision based approach to detect anomalies. The best algorithm would help in finding and fixing the anomalies efficiently and would help us in developing an Incident Handling model for the Cloud.

Hyperspectral image is acquired with a special sensor in which the information is collected continuously. This sensor will provide abundant data from the scene captured. The high voluminous data in this image give rise to the extraction of materials and other valuable items in it. This paper proposes a methodology to extract rich information from the hyperspectral images. As the information collected in a contiguous manner, there is a need to extract spectral bands that are uncorrelated. A factor analysis based dimensionality reduction technique is employed to extract the spectral bands and a weight least square filter is used to get the spatial information from the data. Due to the preservation of edge property in the spatial filter, much information is extracted during the feature extraction phase. Finally, a nonlinear SVM is applied to assign a class label to the pixels in the image. The research work is tested on the standard dataset Indian Pines. The performance of the proposed method on this dataset is assessed through various accuracy measures. These accuracies are 96%, 92.6%, and 95.4%. over the other methods. This methodology can be applied to forestry applications to extract the various metrics in the real world.

Fault localization and repair are time-consuming and tedious. There is a significant and growing need for automated techniques to support such tasks. Despite significant progress in this area, existing fault localization techniques are not widely applied in practice yet and their effectiveness varies greatly from case to case. Existing work suggests new algorithms and ideas as well as adjustments to the test suites to improve the effectiveness of automated fault localization. However, important questions remain open: Why is the effectiveness of these techniques so unpredictable? What are the factors that influence the effectiveness of fault localization? Can we accurately predict fault localization effectiveness? In this paper, we try to answer these questions by collecting 70 static, dynamic, test suite, and fault-related metrics that we hypothesize are related to effectiveness. Our analysis shows that a combination of only a few static, dynamic, and test metrics enables the construction of a prediction model with excellent discrimination power between levels of effectiveness (eight metrics yielding an AUC of .86; fifteen metrics yielding an AUC of.88). The model hence yields a practically useful confidence factor that can be used to assess the potential effectiveness of fault localization. Given that the metrics are the most influential metrics explaining the effectiveness of fault localization, they can also be used as a guide for corrective actions on code and test suites leading to more effective fault localization.

Port scans are a persistent problem on contemporary communication networks. Typically used as an attack reconnaissance tool, they can also create problems with application performance and throughput. This paper describes an architecture that deploys sequential neural networks (NNs) to classify packets, separate TCP datagrams, determine the type of TCP packet and detect port scans. Sequential networks allow this lengthy task to learn from the current environment and to be broken up into component parts. Following classification, analysis is performed in order to discover scan attempts. We show that neural networks can be used to successfully classify general packetized traffic at recognition rates above 99% and more complex TCP classes at rates that are also above 99%. We demonstrate that this specific communications task can successfully be broken up into smaller work loads. When tested against actual NMAP scan pcap files, this model successfully discovers open ports and the scan attempts with the same high percentage and low false positives.

Device management in large networks is of growing importance to network administrators and security analysts alike. The composition of devices on a network can help forecast future traffic demand as well as identify devices that may pose a security risk. However, the sheer number and diversity of devices that comprise most modern networks have vastly increased the management complexity. Motivated by a need for an encryption-invariant device management strategy, we use affiliation graphs to develop a methodology that reveals key insights into the devices acting on a network using only the source and destination IP addresses. Through an empirical analysis of the devices on a university campus network, we provide an example methodology to infer a device's characteristics (e.g., operating system) through the services it communicates with via the Internet.

An attacker's success crucially depends on the reconnaissance phase of Distributed Denial of Service (DDoS) attacks, which is the first step to gather intelligence. Although several solutions have been proposed against network reconnaissance attacks, they fail to address the needs of legitimate users' requests. Thus, we propose a cloud-based deception framework which aims to confuse the attacker with reconnaissance replies while allowing legitimate uses. The deception is based on for-warding the reconnaissance packets to a cloud infrastructure through tunneling and SDN so that the returned IP addresses to the attacker will not be genuine. For handling legitimate requests, we create a reflected virtual topology in the cloud to match any changes in the original physical network to the cloud topology using SDN. Through experimentations on GENI platform, we show that our framework can provide reconnaissance responses with negligible delays to the network clients while also reducing the management costs significantly.

Named Data Networking (NDN) uses the content name to enable content sharing in a network using Interest and Data messages. In essence, NDN supports communication through multiple interfaces, therefore, it is imperative to think of the interface that better meets the communication requirements of the application. The current interface ranking is based on single static metric such as minimum number of hops, maximum satisfaction rate, or minimum network delay. However, this ranking may adversely affect the network performance. To fill the gap, in this paper, we propose a new multi-metric robust interface ranking scheme that combines multiple metrics with different objective functions. Furthermore, we also introduce different forwarding modes to handle the forwarding decision according to the available ranked interfaces. Extensive simulation experiments demonstrate that the proposed scheme selects the best and suitable forwarding interface to deliver content.

In modern grid systems which is a typical cyber-physical System (CPS), information space and physical space are closely related. Once the communication link is interrupted, it will make a great damage to the power system. If the service path is too concentrated, the risk will be greatly increased. In order to solve this problem, this paper constructs a route planning algorithm that combines node load pressure, link load balance and service delay risk. At present, the existing intelligent algorithms are easy to fall into the local optimal value, so we chooses the deep reinforcement learning algorithm (DRL). Firstly, we build a risk assessment model. The node risk assessment index is established by using the node load pressure, and then the link risk assessment index is established by using the average service communication delay and link balance degree. The route planning problem is then solved by a route planning algorithm based on DRL. Finally, experiments are carried out in a simulation scenario of a power grid system. The results show that our method can find a lower risk path than the original Dijkstra algorithm and the Constraint-Dijkstra algorithm.

A Distributed Denial of Service (DDoS) attack is an attack that compromised the bandwidth of the whole network by choking down all the available network resources which are publically available, thus makes access to that resource unavailable. The DDoS attack is more vulnerable than a normal DoS attack because here the sources of attack origin are more than one, so users cannot even estimate how to detect and where to take actions so that attacks can be dissolved. This paper proposed a unique approach for DDoS detection using the shortest path algorithm. This Paper suggests that the remedy that must be taken in order to counter-affect the DDoS attack in a smart home network.

Technology has developed to a very great extent, and the use of smart systems has introduced an increasing threat to data security and privacy. Most of the applications are built-in unsecured operating systems, and so there is a growing threat to information cloning, forging tampering counterfeiting, etc.. This will lead to an un-compensatory loss for end-users particularly in banking applications and personal data in social media. A robust and effective algorithm based on elliptic curve cryptography combined with Hill cipher has been proposed to mitigate such threats and increase information security. In this method, ciphertext and DCT coefficients of an image, embedded into the base image based on LSB watermarking. The ciphertext is generated based on the Hill Cipher algorithm. Hill Cipher can, however, be easily broken and has weak security and to add complexity, Elliptic curve cryptography (ECC), is combined with Hill cipher. Based on the ECC algorithm, the key is produced, and this key is employed to generate ciphertext through the Hill cipher algorithm. This combination of both steganography and cryptography results in increased authority and ownership of the data for sub-optimal media applications. It is hard to extract the hidden data and the image without the proper key. The performance for hiding text and image into an image data have been analyzed for sub-optimal multimedia applications.

In this study, a truncated singular value decomposition (TSVD) based computationally efficient through the wall imaging (TWI) is addressed. Mainly, two different scenarios with identical and non-identical multiple scatterers behind the wall have been considered. The scattered data are processed with special scheme in order to improve quality of the results and measurements are performed at four different frequencies. Next, effects of selecting truncation threshold in TSVD methods are analyzed and a detailed quantitative comparison is provided to demonstrate capabilities of these TSVD methods over selection of truncation threshold.

In accordance to the annual report by the Cisco 2018, web applications are exposed to several security vulnerabilities that are exploited by hackers in various ways. It is becoming more and more frequent, specific and sophisticated. Of all the vulnerabilities, more than 40% of attempts are performed via cross-site scripting (XSS). A number of methods have been postulated to examine such vulnerabilities. Therefore, this paper attempted to address an overview of one such vulnerability: the cookies in the XSS. The objective is to present an overview of the cookies, it's type, vulnerability, policies, discovering, protecting and their mitigation via different tools/methods and via cryptography, artificial intelligence techniques etc. While some future issues, directions, challenges and future research challenges were also being discussed.

Cryptojacking is currently being exploited by cyber-criminals. This form of malware runs in the computers of victims without their consent. It often infects browsers and does CPU-intensive computations to mine cryptocurrencies on behalf of the cyber-criminal, which takes the profits without paying for the resources consumed. Such attacks degrade computer performance and potentially reduce the hardware lifetime. We introduce a new cryptojacking detection mechanism based on monitoring the CPU usage of the visited web pages. This may look like an unreliable way to detect mining malware since many web sites are heavy computationally and that malware often throttles CPU usage. However, by combining a set of CPU monitoring features and using machine learning, we manage to obtain metrics like precision and recall close to 1.

Cryptojacking, the appropriation of users' computational resources without their knowledge or consent to obtain cryp-tocurrencies, is a widespread attack, relatively easy to implement and hard to detect. Either browser-based or binary, cryptojacking lacks robust and reliable detection solutions. This paper presents a hybrid approach to detect cryptojacking where no previous knowledge about the attacks or training data is needed. Our Cryp-tojacking Intrusion Detection Approach, Cryingjackpot, extracts and combines flow and performance counter-based features, aggregating hosts with similar behavior by using unsupervised machine learning algorithms. We evaluate Cryingjackpot experimentally with both an artificial and a hybrid dataset, achieving F1-scores up to 97%.

Cryptojacking is the exploitation of victims' computer resources to mine for cryptocurrency using malicious scripts. It had become popular after 2017 when attackers started to exploit legal mining scripts, especially Coinhive scripts. Coinhive was actually a legal mining service that provided scripts and servers for in-browser mining activities. Nevertheless, over 10 million web users had been victims every month before the Coinhive shutdown that happened in Mar 2019. This paper explores the new era of the cryptojacking world after Coinhive discontinued its service. We aimed to see whether and how attackers continue cryptojacking, generate new malicious scripts, and developed new methods. We used a capable cryptojacking detector named CMTracker that proposed by Hong et al. in 2018. We automatically and manually examined 2770 websites that had been detected by CMTracker before the Coinhive shutdown. The results revealed that 99% of sites no longer continue cryptojacking. 1% of websites still run 8 unique mining scripts. By tracking these mining scripts, we detected 632 unique cryptojacking websites. Moreover, open-source investigations (OSINT) demonstrated that attackers still use the same methods. Therefore, we listed the typical patterns of cryptojacking. We concluded that cryptojacking is not dead after the Coinhive shutdown. It is still alive, but not as attractive as it used to be.

Although it has been demonstrated in multiple studies that serious data leaks could occur to many-core systems thanks to the existence of the thermal covert channels (TCC), little has been done to produce effective countermeasures that are necessary to fight against such TCC attacks. In this paper, we propose a three-step countermeasure to address this critical defense issue. Specifically, the countermeasure includes detection based on signal frequency scanning, positioning affected cores, and blocking based on Dynamic Voltage Frequency Scaling (DVFS) technique. Our experiments have confirmed that on average 98% of the TCC attacks can be detected, and with the proposed defense, the bit error rate of a TCC attack can soar to 92%, literally shutting down the attack in practical terms. The performance penalty caused by the inclusion of the proposed countermeasures is only 3% for an 8×8 system.

Field-Programmable Gate Arrays (FPGAs) are versatile, reconfigurable integrated circuits that can be used as hardware accelerators to process highly-sensitive data. Leaking this data and associated cryptographic keys, however, can undermine a system's security. To prevent potentially unintentional interactions that could break separation of privilege between different data center tenants, FPGAs in cloud environments are currently dedicated on a per-user basis. Nevertheless, while the FPGAs themselves are not shared among different users, other parts of the data center infrastructure are. This paper specifically shows for the first time that powering FPGAs, CPUs, and GPUs through the same power supply unit (PSU) can be exploited in FPGA-to-FPGA, CPU-to-FPGA, and GPU-to-FPGA covert channels between independent boards. These covert channels can operate remotely, without the need for physical access to, or modifications of, the boards. To demonstrate the attacks, this paper uses a novel combination of "sensing" and "stressing" ring oscillators as receivers on the sink FPGA. Further, ring oscillators are used as transmitters on the source FPGA. The transmitting and receiving circuits are used to determine the presence of the leakage on off-the-shelf Xilinx boards containing Artix 7 and Kintex 7 FPGA chips. Experiments are conducted with PSUs by two vendors, as well as CPUs and GPUs of different generations. Moreover, different sizes and types of ring oscillators are also tested. In addition, this work discusses potential countermeasures to mitigate the impact of the cross-board leakage. The results of this paper highlight the dangers of shared power supply units in local and cloud FPGAs, and therefore a fundamental need to re-think FPGA security for shared infrastructures.

We present a covert (low probability of detection) communication scheme that exploits the node multiplicity and channel variations in wireless broadcast networks. The transmitter hides the covert (private) message by superimposing it onto a non-covert (public) message such that the total transmission power remains the same whether or not the covert message is transmitted. It makes the detection of the covert message impossible unless the non-covert message is decoded. We exploit the multiplicity of non-covert messages (users) to provide a degree of freedom in choosing the non-covert message such that the total detection error probability (sum of the probability of false alarm and missed detection) is maximized. We also exploit the channel variation to minimize the throughput loss on the non-covert message by sending the covert message only when the transmission rate of the non-covert message is low. We show that the total detection error probability converges fast to 1 as the number of non-covert users increases and that the total detection error probability increases as the transmit power increases, without requiring a pre-shared secret among the nodes.

This paper describes our design and implementation of a covert channel over LoRa physical layer (PHY). LoRa adopts a unique modulation scheme (chirp spread spectrum (CSS)) to enable long range communication at low-power consumption. CSS uses the initial frequencies of LoRa chirps to differentiate LoRa symbols, while simply ignoring other RF parameters (e.g., amplitude and phase). Our study reveals that the LoRa physical layer leaves sufficient room to build a covert channel by embedding covert information with a modulation scheme orthogonal to CSS. To demonstrate the feasibility of building a covert channel, we implement CloakLoRa. CloakLoRa embeds covert information into a regular LoRa packet by modulating the amplitudes of LoRa chirps while keeping the frequency intact. As amplitude modulation is orthogonal to CSS, a regular LoRa node receives the LoRa packet as if no secret information is embedded into the packet. Such an embedding method is transparent to all security mechanisms at upper layers in current LoRaWAN. As such, an attacker can create an amplitude modulated covert channel over LoRa without being detected by current LoRaWAN security mechanism. We conduct comprehensive evaluations with COTS LoRa nodes and receive-only software defined radios and experiment results show that CloakLoRa can send covert information over 250m.

The article is dedicated to covert channels of data communication in the protected operating system based on the Linux kernel with mandatory access control. The channel which is not intended by developers violates security policy and can lead to disclosure of confidential information. In this paper the covert storage channels are considered. Authors show opportunities to violate the secrecy policy in the protected operating system based on the Linux kernel experimentally. The first scenario uses time stamps of the last access to the files (“atime” stamp), the second scenario uses unreliable mechanism of the automatic login to the user session with another level of secrecy. Then, there are some recommendations to prevent these violations. The goal of this work is to analyze the methods of using covert channels, both previously known and new. The result of the article is recommendations allowing to eliminate security threats which can be embodied through covert channels.

Since the last few decades, several chaotic encryption techniques are reported by different researchers. Although the cryptanalysis of some techniques shows the feebler resistance of those algorithms against any weaker attackers. However, different hyper-chaotic based and DNA-coding based encrypting methods are introduced recently. Though, these methods are efficient against several attacks, but, increase complexity as well. On account of these drawbacks, we have proposed a novel technique of chaotic encryption of an image using the integer wavelet transform (IWT) and global bit scrambling (GBS). Here, the image is transformed and decomposed by IWT. Thereafter, a chaotic map is used in the encryption algorithm. A key-dependent bit scrambling (GBS) is introduced rather than pixel scrambling to make the encryption stronger. It enhances key dependency along with the increased resistance against intruder attacks. To check the fragility and dependability of the algorithm, a sufficient number of tests are done, which have given reassuring results. Some tests are done to check the similarity between the original and decrypted image to ensure the excellent outcome of the decryption algorithm. The outcomes of the proposed algorithm are compared with some recent works' outputs to demonstrate its eligibility.

The use of public key cryptosystems ranges from securely encrypting bitcoin transactions and creating digital signatures for non-repudiation. The cryptographic systems security of public key depends on the complexity in solving mathematical problems. Quantum computers pose a threat to the current day algorithms used. This research presents analysis of two Hash-based Signature Schemes (MSS and W-OTS) and provides a comparative analysis of them. The comparisons are based on their efficiency as regards to their key generation, signature generation and verification time. These algorithms are compared with two classical algorithms (RSA and ECDSA) used in bitcoin transaction security. The results as shown in table II indicates that RSA key generation takes 0.2012s, signature generation takes 0.0778s and signature verification is 0.0040s. ECDSA key generation is 0.1378s, signature generation takes 0.0187s, and verification time for the signature is 0.0164s. The W-OTS key generation is 0.002s. To generate a signature in W-OTS, it takes 0.001s and verification time for the signature is 0.0002s. Lastly MSS Key generation, signature generation and verification has high values which are 16.290s, 17.474s, and 13.494s respectively. Based on the results, W-OTS is recommended for bitcoin transaction security because of its efficiency and ability to resist quantum computer attacks on the bitcoin network.

The Internet has changed business, education, healthcare, banking etc. and it is the main part of technological evolution. Internet provides us a connecting world to perform our day to day life activities easily. Internet is designed in such a way that it can uniquely identify machine, not a person, on the network hence there is need to design a system that can perform entity identification on the Internet. Currently on Internet, service providers provide identity of a user with user name and password and store this information on a centralized server. These servers become honey pot for hackers to steal user’s personal identity information and service provider can utilize user identity information using data mining, artificial intelligence for economic benefits. Aim of Self sovereign identity system is to provide decentralized, user centric identity system which is controlled by identity owner that can be developed along with distributed ledger technology i.e. blockchain. In this paper, we intend to make an exhaustive study on different blockchain based self sovereign identity implementations (such as Sovrin, Uport, EverID, LifeID, Sora, SelfKey) along with its architectural components and discuss about use case of self sovereign identity.

Web technology has evolved to offer 360-degree immersive browsing experiences. This new technology, called WebVR, enables virtual reality by rendering a three-dimensional world on an HTML canvas. Unfortunately, there exists no browser-supported way of sharing this canvas between different parties. As a result, third-party library providers with ill intent (e.g., stealing sensitive information from end-users) can easily distort the entire WebVR site. To mitigate the new threats posed in WebVR, we propose CanvasMirror, which allows publishers to specify the behaviors of third-party libraries and enforce this specification. We show that CanvasMirror effectively separates the third-party context from the host origin by leveraging the privilege separation technique and safely integrates VR contents on a shared canvas.