Biblio

Nowadays, the Internet of Things (IoT) is playing an important role in our life. This inevitably generates mass data and requires a more secure transmission. As blockchain technology can build trust in a distributed environment and ensure the data traceability and tamper resistance, it is a promising way to support IoT data transmission and sharing. In this paper, edge computing is considered to provide adequate resources for end users to offload computing tasks in the blockchain enabled IoT system, and the node pairing problem between end users and edge computing servers is researched with the consideration of wireless channel quality and the service quality. From the perspective of the end users, the objective optimization is designed to maximize the profits and minimize the payments for completing the tasks and ensuring the resource limits of the edge servers at the same time. The deep reinforcement learning (DRL) method is utilized to train an intelligent strategy, and the policy gradient based node pairing (PG-NP) algorithm is proposed. Through a deep neural network, the well-trained policy matched the system states to the optimal actions. The REINFORCE algorithm with baseline is applied to train the policy network. According to the training results, as the comparison strategies are max-credit, max-SINR, random and max-resource, the PG-NP algorithm performs about 57% better than the second-best method. And testing results show that PGNP also has a good generalization ability which is negatively correlated with the training performance to a certain extend.

Due to the popularity of Windows system, BitLocker is widely used as a built-in disk encryption tool. As a commercial application, the design of BitLocker has to consider a capability of disaster recovery, which helps a user to recover data stored on encrypted disk when a regular access is not available. In this case, it will inevitably lead to some security risks when using BitLocker. We have a deep exploration of BitLocker encryption mechanism in this paper. We present the decryption method of encrypted VMK in case of system partition encryption and non-system partition encryption, respectively. VMK is the core key in BitLocker, with which the encrypted partition or the entire disk can be further decrypted. As for security analysis on BitLocker, we firstly make a difficulty analysis of brute force cracking on BitLocker keys, and then we analyze a possible threat caused by key theft. Based on this, we propose a few countermeasures about BitLocker usage. Additionally, we give some suggestions about security enhancement of BitLocker encryption.

Data integrity and recovery management is a more important issue in cloud computing because data is located in everywhere. There is a big challenge in backup recovery and security. It is required to provide an efficient and more reliable system in data storage. In this paper, a new methodology is focused and proposed data recovery and data management to assure high-level scalability and high order reliability to provide fault recognition and fault tolerance cloud-based systems. We propose a methodology of segmenting data and generating tokens for the data split-up by adding the address of the cloud or locations of the cloud storage using the tailing method. Thus the missing segment of any faulty node is easily recognized within a short range of limits and will get the data backup from the neighboring nodes.

This paper uses Endsley's situational awareness model as a starting point for creating a new cyber-security awareness model for risk maturity. This is used to model the relationship between risk management-based situational awareness and levels of maturity in making decisions to deal with potential cyber-attacks. The risk maturity related to cyber situational awareness using the fuzzy failure mode effect analysis (FMEA) method is needed as a basis for effective risk-based decision making and to measure the level of maturity in decision making using the Software Engineering Institute Capability Maturity Model Integration (SEI CMMI) approach. The novelty of this research is that it builds a model of the relationship between the level of maturity and the level of risk in cyber-situational awareness. Based on the data during the COVID-19 pandemic, there was a decrease in the number of incidents, including the following decreases: from 15-29 cases of malware attacks to 8-12 incidents, from 20-35 phishing cases to 12-15 cases and from 5-10 ransomware cases to 5-6 cases.

Analyzing the DNS traffic of Internet hosts has been a successful technique to counter cyberattacks and identify connections to malicious domains. However, recent stealthy attacks hide malicious activities within seemingly legitimate connections to popular web services made by benign programs. Traditional DNS monitoring and signature-based detection techniques are ineffective against such attacks. To tackle this challenge, we present a new program-level approach that can effectively detect such stealthy attacks. Our method builds a fine-grained Program-DNS profile for each benign program that characterizes what should be the “expected” DNS behavior. We find that malware-injected processes have DNS activities which significantly deviate from the Program-DNS profile of the benign program. We then develop six novel features based on the Program-DNS profile, and evaluate the features on a dataset of over 130 million DNS requests collected from a real-world enterprise and 8 million requests from malware-samples executed in a sandbox environment. We compare our detection results with that of previously-proposed features and demonstrate that our new features successfully detect 190 malware-injected processes which fail to be detected by previously-proposed features. Overall, our study demonstrates that fine-grained Program-DNS profiles can provide meaningful and effective features in building detectors for attack campaigns that bypass existing detection systems.

This paper presents a distributed adaptive algorithm for node-specific sound zoning in a wireless acoustic sensor and actuator network (WASAN), based on a network-wide acoustic contrast control (ACC) method. The goal of the ACC method is to simultaneously create node-specific zones with high signal power (bright zones) while minimizing power leakage in other node-specific zones (dark zones). To obtain this, a network-wide objective involving the acoustic coupling between all the loudspeakers and microphones in the WASAN is proposed where the optimal solution is based on a centralized generalized eigenvalue decomposition (GEVD). To allow for distributed processing, a gradient based GEVD algorithm is first proposed that minimizes the same objective. This algorithm can then be modified to allow for a fully distributed implementation, involving in-network summations and simple local processing. The algorithm is referred to as the distributed adaptive gradient based ACC algorithm (DAGACC). The proposed algorithm outperforms the non-cooperative distributed solution after only a few iterations and converges to the centralized solution, as illustrated by computer simulations.

One of the attacks in the RPL protocol is the Clone ID attack, that the attacker clones the node's ID in the network. In this research, a Clone ID detection system is designed for the Internet of Things (IoT), implemented in Contiki operating system, and evaluated using the Cooja emulator. Our evaluation shows that the proposed method has desirable performance in terms of energy consumption overhead, true positive rate, and detection speed. The overhead cost of the proposed method is low enough that it can be deployed in limited-resource nodes. The proposed method in each node has two phases, which are the steps of gathering information and attack detection. In the proposed scheme, each node detects this type of attack using control packets received from its neighbors and their information such as IP, rank, Path ETX, and RSSI, as well as the use of a routing table. The design of this system will contribute to the security of the IoT network.

As the configuration used for the Mobile Ad hoc Networks (MANET) does not have a fixed infrastructure as well, the mechanism varies for each MANET. The finding of the route in this mechanism also varies because it does not have any fixed path route for routing as well every node in this structure behaves like a base station. MANET has such freedom for its creation, so it also faces various types of attacks on it. Some of the attacks are a black hole, warm hole etc. The researchers have provided various methods to prevent warm hole attacks, as the warm hole attack is seen as difficult to prevent. So here a mechanism is proposed to detect and prevent the warm hole attack using the AODV protocol which is based on trust calculation. In our method, the multiple path selection is used for finding the best path for routing. The path is tested for the warm hole attack, as the node is detected the data packet sent in between the source and destination selects the path from the multi-paths available and the packet delivery is improved. The packet delivery ratio (PDR) is calculated for the proposed mechanism, and the results have improved the PDR by 71.25%, throughput by 74.09 kbps, and the E to E delay is decreased by 57.92ms for the network of 125 nodes.

Insider threat is one of the most pernicious threat vectors to information and communication technologies (ICT) across the world due to the elevated level of trust and access that an insider is afforded. This type of threat can stem from both malicious users with a motive as well as negligent users who inadvertently reveal details about trade secrets, company information, or even access information to malignant players. In this paper, we propose a novel approach that uses system logs to detect insider behavior using a special recurrent neural network (RNN) model. Ground truth is established using DANTE and used as baseline for identifying anomalous behavior. For this, system logs are modeled as a natural language sequence and patterns are extracted from these sequences. We create workflows of sequences of actions that follow a natural language logic and control flow. These flows are assigned various categories of behaviors - malignant or benign. Any deviation from these sequences indicates the presence of a threat. We further classify threats into one of the five categories provided in the CERT insider threat dataset. Through experimental evaluation, we show that the proposed model can achieve 93% prediction accuracy.

Machine learning and Artificial Intelligent techniques are the most used techniques. It gives opportunity to online sharing market where sharing and adopting model is being popular. It gives attackers many new opportunities. Deep neural network is the most used approached for artificial techniques. In this paper we are presenting a Proof of Concept method to detect Trojan attacks on the Deep Neural Network. Deploying trojan models can be dangerous in normal human lives (Application like Automated vehicle). First inverse the neuron network to create general trojan triggers, and then retrain the model with external datasets to inject Trojan trigger to the model. The malicious behaviors are only activated with the trojan trigger Input. In attack, original datasets are not required to train the model. In practice, usually datasets are not shared due to privacy or copyright concerns. We use five different applications to demonstrate the attack, and perform an analysis on the factors that affect the attack. The behavior of a trojan modification can be triggered without affecting the test accuracy for normal input datasets. After generating the trojan trigger and performing an attack. It's applying SHAP as defense against such attacks. SHAP is known for its unique explanation for model predictions.

Privacy and security have become the most important aspects in any sphere of technology today from embedded systems to VLS I circuits. One such an attack compromising the privacy, security and trust of a networked control system by making them vulnerable to unauthorized access is the Hardware Trojan Horses. Even cryptographic algorithms whose purpose is to safeguard information are susceptible to these Trojan attacks. This paper discusses hybrid supervised machine learning models that predict with great accuracy whether the RSA asymmetric cryptosystem implemented in Atmel XMega microcontroller is Trojan-free (Golden) or Trojan-infected by analyzing the power profiles of the golden algorithm and trojan-infected algorithm. The power profiles are obtained using the ChipWhisperer Lite Board. The features selected from the power profiles are used to create datasets for the proposed hybrid models and train the proposed models using the 70/30 rule. The proposed hybrid models can be concluded that it has an accuracy of more than 88% irrespective of the Trojan types and size of the datasets.

A distributed denial of service attack is a major security challenge in modern communications networks. In this article, we propose models that capture all the key performance indicators of synchronized denial of service protection mechanisms. As a result of the conducted researches, it is found out that thanks to the method of delay detection it is possible to recognize semi-open connections that are caused by synchronous flood and other attacks at an early stage. The study provides a mechanism for assessing the feasibility of introducing and changing the security system of a wireless sensor network. The proposed methodology will allow you to compare the mechanisms of combating denial of service for synchronized failures and choose the optimal protection settings in real-time.

This work focuses on the design and implementation of a microcontroller for apply all the knowledge acquired during Engineering Electronics career. In order to improve the knowledge about RF technologies, security system have been created, which increases the number of applications used in these days. This design utilizes light sensors as the end device for detecting any changes of resistance. The results show that the designed system can send and receive data until 100 meters of distance between module sides (receiver-transmitter). This security system designed using PIC 16F84 microcontroller as entire brain of the system with sensors, has been successfully designed and implement considering some factors such as economy, availability of components and durability in the design process.

We present a privacy-preserving distributed reinforcement learning-based control scheme to address the problem of frequency control and economic dispatch in power generation systems. The proposed control approach requires neither a priori system model knowledge nor the mathematical formulation of the generation cost functions. Due to not requiring the generation cost models, the control scheme is capable of dealing with scenarios in which the cost functions are hard to formulate and/or non-convex. Furthermore, it is privacy-preserving, i.e. none of the units in the network needs to communicate its cost function and/or control policy to its neighbors. To realize this, we propose an actor-critic algorithm with function approximation in which the actor step is performed individually by each unit with no need to infer the policies of others. Moreover, in the critic step each generation unit shares its estimate of the local measurements and the estimate of its cost function with the neighbors, and via performing a consensus algorithm, a consensual estimate is achieved. The performance of our proposed control scheme, in terms of minimizing the overall cost while persistently fulfilling the demand and fast reaction and convergence of our distributed algorithm, is demonstrated on a benchmark case study.

This paper analyzes the vulnerability in the process of key negotiation between the main mode and aggressive mode of IKEv1 protocol in IPSec VPN, and proposes a DOS attack method based on OSPF protocol adjacent route spoofing. The experiment verifies the insecurity of IPSec VPN using IKEv1 protocol. This attack method has the advantages of lower cost and easier operation compared with using botnet.

Deep Neural Networks (DNNs) have been widely used in variety of fields with great success. However, recent researches indicate that DNNs are susceptible to adversarial attacks, which can easily fool the well-trained DNNs without being detected by human eyes. In this paper, we propose to combine the target DNN model with robust bit plane classifiers to defend against adversarial attacks. It comes from our finding that successful attacks generate imperceptible perturbations, which mainly affects the low-order bits of pixel value in clean images. Hence, using bit planes instead of traditional RGB channels for convolution can effectively reduce channel modification rate. We conduct experiments on dataset CIFAR-10 and GTSRB. The results show that our defense method can effectively increase the model accuracy on average from 8.72% to 85.99% under attacks on CIFAR-10 without sacrificina accuracy of clean images.

When modeling information security systems (ISS), the vast majority of works offer various models of threats to the object of protection (threat trees, Petri nets, etc.). However, ISS is not only a mean to prevent threats or reduce damage from their implementation, but also other components - the qualifications of employees responsible for IS, the internal climate in the team, the company's position on the market, and many others. The article considers the cognitive model of the state of the information security system of an average organization. The model is a weighted oriented graph, its' vertices are standard elements of the organization's information security system. The most significant factors affecting the condition of information security of the organization are identified based on the model. Influencing these factors is providing the most effect if IS level.

With fast growing research in the area of application partitioning for offloading, determining which devices to prioritize over the other for mobile code offloading is fundamental. Multiple methods can be adopted using both single-criterion and multiple-criteria strategies. Due to the characteristics of pervasive environments, whereby devices having different computing capability, different level of privacy and security and the mobility nature in such environment makes the decision-making process complex. To this end, this paper proposes a method using a combination of the method Analytic Hierarchy Process (AHP) to calculate weights criteria of participating devices. Next the fuzzy technique for order preference by similarity to ideal solution (TOPSIS) is considered to sort in order of priority the participating devices, hence facilitating the decision to opt for which participating device first. An evaluation of the method is also presented.

In recent years, several trust management frame-works and models have been proposed for the Internet of Things (IoT). Focusing primarily on distributed trust management schemes; testing and validation of these models is still a challenging task. It requires the implementation of the proposed trust model for verification and validation of expected outcomes. Nevertheless, a stand-alone and standard IoT network simulator for testing of distributed trust management scheme is not yet available. In this paper, a .NET-based Distributed Trust Management Simulator for IoT Networks (DTMSim-IoT) is presented which enables the researcher to implement any static/dynamic trust management model to compute the trust value of a node. The trust computation will be calculated based on the direct-observation and trust value is updated after every transaction. Transaction history and logs of each event are maintained which can be viewed and exported as .csv file for future use. In addition to that, the simulator can also draw a graph based on the .csv file. Moreover, the simulator also offers to incorporate the feature of identification and mitigation of the On-Off Attack (OOA) in the IoT domain. Furthermore, after identifying any malicious activity by any node in the networks, the malevolent node is added to the malicious list and disseminated in the network to prevent potential On-Off attacks.

Blockchain is developing rapidly in various domains for its security. Nowadays, one of the most crucial fundamental concerns is internet security. Blockchain is a novel solution to enhance the security of network applications. However, there are no precise frameworks to secure the Internet of Vehicle (IoV) using Blockchain technology. In this paper, a blockchain-based smart internet of vehicle (BSIoV) framework has been proposed due to the cooperative, collaborative, transparent, and secure characteristics of Blockchain. The main contribution of the proposed work is to connect vehicle-related authorities together to fix a secure and transparent vehicle-to-everything (V2X) communication through the peer-to-peer network connection and provide secure services to the intelligent transport systems. A key management strategy has been included to identify a vehicle in this proposed system. The proposed framework can also provide a significant solution for the data security and safety of the connected vehicles in blockchain network.

The current state of the integrated circuit (IC) ecosystem is that only a handful of foundries are at the forefront, continuously pushing the state of the art in transistor miniaturization. Establishing and maintaining a FinFET-capable foundry is a billion dollar endeavor. This scenario dictates that many companies and governments have to develop their systems and products by relying on 3rd party IC fabrication. The major caveat within this practice is that the procured silicon cannot be blindly trusted: a malicious foundry can effectively modify the layout of the IC, reverse engineer its IPs, and overproduce the entire chip. The Hardware Security community has proposed many countermeasures to these threats. Notably, obfuscation has gained a lot of traction - here, the intent is to hide the functionality from the untrusted foundry such that the aforementioned threats are hindered or mitigated. In this paper, we summarize the research efforts of three independent research groups towards achieving trustworthy ICs, even when fabricated in untrusted offshore foundries. We extensively address the use of logic locking and its many variants, as well as the use of high-level synthesis (HLS) as an obfuscation approach of its own.

Industrial Internet of Things (IIoT) has arisen as an emerging trend in the industrial sector. Millions of sensors present in IIoT networks generate a massive amount of data that can open the doors for several cyber-attacks. An intrusion detection system (IDS) monitors real-time internet traffic and identify the behavior and type of network attacks. In this paper, we presented a deep random neural (DRaNN) based scheme for intrusion detection in IIoT. The proposed scheme is evaluated by using a new generation IIoT security dataset UNSW-NB15. Experimental results prove that the proposed model successfully classified nine different types of attacks with a low false-positive rate and great accuracy of 99.54%. To validate the feasibility of the proposed scheme, experimental results are also compared with state-of-the-art deep learning-based intrusion detection schemes. The proposed model achieved a higher attack detection rate of 99.41%.

With the great development of the information communication technology, power systems have been typical Cyber Physical Systems (CPSs). Although the control function of the grid side is becoming more intelligent, Grid Cyber Physical System (GCPS) brings the risk of potential cyberattacks. In this paper, the impacts of cyber-attacks against GCPS are analyzed based on confusion matrix model firstly, then a double-layer cyber physical collaboration control strategy adjustment methods is proposed considering the status of cyber modules and physical devices infected by cyber-attacks. Finally, the feasibility and effectiveness of the proposed method are verified on the IEEE standard system.

The current network security situation of the electric power dispatching and control system is becoming more and more severe. On the basis of the original network security management platform, to increase the collection of network security data information and improve the network security analysis ability, this article proposes the electric power dispatching and control system network security situation awareness analysis module. The perception layer accesses multi-source heterogeneous data sources. Upwards through the top layer, data standardization will be introduced, who realizes data support for security situation analysis, and forms an association mapping with situation awareness elements such as health situation, attack situation, behavior situation, and operation situation. The overall effect is achieving the construction goals of "full control of equipment status, source of security attacks can be traced, operational risks are identifiable, and abnormal behaviors can be found.".

Interconnection networks for multi/many-core processors or server systems are the backbone of the system as they enable data communication among the processing cores, caches, memory and other peripherals. Given the criticality of the interconnects, the system can be severely subverted if the interconnection is compromised. The threat of Hardware Trojans (HTs) penetrating complex hardware systems such as multi/many-core processors are increasing due to the increasing presence of third party players in a System-on-chip (SoC) design. Even by deploying naïve HTs, an adversary can exploit the Network-on-Chip (NoC) backbone of the processor and get access to communication patterns in the system. This information, if leaked to an attacker, can reveal important insights regarding the application suites running on the system; thereby compromising the user privacy and paving the way for more severe attacks on the entire system. In this paper, we demonstrate that one or more HTs embedded in the NoC of a multi/many-core processor is capable of leaking sensitive information regarding traffic patterns to an external malicious attacker; who, in turn, can analyze the HT payload data with machine learning techniques to infer the applications running on the processor. Furthermore, to protect against such attacks, we propose a Simulated Annealing-based randomized routing algorithm in the system. The proposed defense is capable of obfuscating the attacker's data processing capabilities to infer the user profiles successfully. Our experimental results demonstrate that the proposed randomized routing algorithm could reduce the accuracy of identifying user profiles by the attacker from \textbackslashtextgreater98% to \textbackslashtextless; 15% in multi/many-core systems.