Biblio

On the current website, there are many undeniable conditions and there is the existence of new plot holes. If data link is normally extracted on each of the websites, it becomes difficult to evaluate each vulnerability, with tolls such as XS S, SQLI, and other such existing tools for vulnerability assessment. Integrated testing criteria for vulnerabilities are met. In addition, the response should be automated and systematic. The primary value of vulnerability Buffer will be made of predefined and self-formatted code written in python, and the software is automated to send reports to their respective users. The vulnerabilities are tried to be classified as accessible. OWASP is the main resource for developing and validating web security processes.

Per the National Energy Policy, Demand Side Management (DSM) is one of the energy conservations that performs a function to manage electric power of demand-side resources. One of the DSM solutions is a demand response program, which is a part of Thailand Smart Grid Action Plan 2017 - 2021. Demand response program such as peak demand reduction plays a role in both the management of the electricity crisis and enhance energy security. This paper presents a pilot project for a fully automated demand response program at MEA Rat Burana District Office. The system is composed of a Building Energy Management System (BEMS) with Demand Response Client gateway and 5 energy controllers at the air conditioner by using the OpenADR2.0b protocol. Also, this concept leads to automatic or semi-automatic demand response program in the future. The result shows the total energy consumption reduction for air conditioners by 53.5%. The future works to be carried out are to implement into other MEA District Office such as Khlong Toei, Yan Nawa and Bang Khun Thian and to test with a Load Aggregator Management System (LAMS).

In recent years, Artificial Intelligence has disruptively changed information technology and software engineering with a proliferation of technologies and applications based-on it. However, recent researches show that AI models in general and the most greatest invention since sliced bread - Deep Learning models in particular, are vulnerable to being hacked and can be misused for bad purposes. In this paper, we carry out a brief review of data poisoning attack - one of the two recently dangerous emerging attacks - and the state-of-the-art defense methods for this problem. Finally, we discuss current challenges and future developments.

This paper discusses formulations and algorithms which allow a number of agents to collectively solve problems involving both (non-convex) minimization and (concave) maximization operations. These problems have a number of interesting applications in information processing and machine learning, and in particular can be used to model an adversary learning problem called network data poisoning. We develop a number of algorithms to efficiently solve these non-convex min-max optimization problems, by combining techniques such as gradient tracking in the decentralized optimization literature and gradient descent-ascent schemes in the min-max optimization literature. Also, we establish convergence to a first order stationary point under certain conditions. Finally, we perform experiments to demonstrate that the proposed algorithms are effective in the data poisoning attack.

Software applications continue to challenge user privacy when users interact with them. Privacy practices (e.g. Data Minimisation (DM), Privacy by Design (PbD) or General Data Protection Regulation (GDPR)) and related “privacy engineering” methodologies exist and provide clear instructions for developers to implement privacy into software systems they develop that preserve user privacy. However, those practices and methodologies are not yet a common practice in the software development community. There has been no previous research focused on developing “educational” interventions such as serious games to enhance software developers' coding behaviour. Therefore, this research proposes a game design framework as an educational tool for software developers to improve (secure) coding behaviour, so they can develop privacy-preserving software applications that people can use. The elements of the proposed framework were incorporated into a gaming application scenario that enhances the software developers' coding behaviour through their motivation. The proposed work not only enables the development of privacy-preserving software systems but also helping the software development community to put privacy guidelines and engineering methodologies into practice.

Robot networks are susceptible to fail under the presence of malicious or defective robots. Resilient networks in the literature require high connectivity and large communication ranges, leading to high energy consumption in the communication network. This paper presents robot formations with guaranteed resiliency that use smaller communication ranges than previous results in the literature. The formations can be built on triangular and square lattices in the plane, and cubic lattices in the three-dimensional space. We support our theoretical framework with simulations.

We study the optimal control problem of the maximum a posteriori (MAP) state sequence detection of an adversary using smart meter data. The privacy leakage is measured using the Bayesian risk and the privacy-enhancing control is achieved in real-time using an energy storage system. The control strategy is designed to minimize the expected performance of a non-causal adversary at each time instant. With a discrete-state Markov model, we study two detection problems: when the adversary is unaware or aware of the control. We show that the adversary in the former case can be controlled optimally. In the latter case, where the optimal control problem is shown to be non-convex, we propose an adaptive-grid approximation algorithm to obtain a sub-optimal strategy with reduced complexity. Although this work focuses on privacy in smart meters, it can be generalized to other sensor networks.

In order to significantly improve the reliable interaction and fast processing when TT&C(Tracking, Telemetry and Command) Resource Scheduling and Management System (TRSMS) communicate with external systems which are diverse, multiple directional and high concurrent, this paper designs and implements a highly concurrent and secure middleware for TT&C Resource Automatic Scheduling Interface (TRASI). The middleware designs memory pool, data pool, thread pool and task pool to improve the efficiency of concurrent processing, uses the rule dictionary, communication handshake and wait retransmission mechanism to ensure the data interaction security and reliability. This middleware can effectively meet the requirements of TRASI for data exchange with external users and system, significantly improve the data processing speed and efficiency, and promote the information technology and automation level of Aerospace TT&C Network Management Center (TNMC).

Statistical structure learning (SSL)-based approaches have been employed in the recent years to detect different types of anomalies in a variety of cyber-physical systems (CPS). Although these approaches outperform conventional methods in the literature, their computational complexity, need for large number of measurements and centralized computations have limited their applicability to large-scale networks. In this work, we propose a distributed, multi-agent maximum likelihood (ML) approach to detect anomalies in smart grid applications aiming at reducing computational complexity, as well as preserving data privacy among different players in the network. The proposed multi-agent detector breaks the original ML problem into several local (smaller) ML optimization problems coupled by the alternating direction method of multipliers (ADMM). Then, these local ML problems are solved by their corresponding agents, eventually resulting in the construction of the global solution (network's information matrix). The numerical results obtained from two IEEE test (power transmission) systems confirm the accuracy and efficiency of the proposed approach for anomaly detection.

Learning-enabled components (LECs) are widely used in cyber-physical systems (CPS) since they can handle the uncertainty and variability of the environment and increase the level of autonomy. However, it has been shown that LECs such as deep neural networks (DNN) are not robust and adversarial examples can cause the model to make a false prediction. The paper considers the problem of efficiently detecting adversarial examples in LECs used for regression in CPS. The proposed approach is based on inductive conformal prediction and uses a regression model based on variational autoencoder. The architecture allows to take into consideration both the input and the neural network prediction for detecting adversarial, and more generally, out-of-distribution examples. We demonstrate the method using an advanced emergency braking system implemented in an open source simulator for self-driving cars where a DNN is used to estimate the distance to an obstacle. The simulation results show that the method can effectively detect adversarial examples with a short detection delay.

This paper presents a user-friendly design method for accurately sizing the distributed energy resources of a stand-alone microgrid to meet the critical load demands of a military, commercial, industrial, or residential facility when the utility power is not available. The microgrid combines renewable resources such as photovoltaics (PV) with an energy storage system to increase energy security for facilities with critical loads. The design tool's novelty includes compliance with IEEE standards 1562 and 1013 and addresses resilience, which is not taken into account in existing design methods. Several case studies, simulated with a physics-based model, validate the proposed design method. Additionally, the design and the simulations were validated by 24-hour laboratory experiments conducted on a microgrid assembled using commercial off the shelf components.

The dummy-based method has been commonly used to protect the users location privacy in location-based services, since it can provide precise results and generally do not rely on a third party or key sharing. However, the close spatiotemporal correlation between the consecutively reported locations enables the adversary to identify some dummies, which lead to the existing dummy-based schemes fail to protect the users location privacy completely. To address this limit, this paper proposes a new algorithm to produce dummy location by generating dummy trajectory, which naturally takes into account of the spatiotemporal correlation all round. Firstly, the historical trajectories similar to the user's travel route are chosen as the dummy trajectories which depend on the distance between two trajectories with the help of home gateway. Then, the dummy is generated from the dummy trajectory by taking into account of time reachability, historical query similarity and the computation of in-degree/out-degree. Security analysis shows that the proposed scheme successfully perturbs the spatiotemporal correlation between neighboring location sets, therefore, it is infeasible for the adversary to distinguish the users real location from the dummies. Furthermore, extensive experiments indicate that the proposal is able to protect the users location privacy effectively and efficiently.

The time-varying properties of the wireless channel are a powerful source of information that can complement and enhance traditional security mechanisms. Therefore, we propose a cross-layer authentication mechanism that combines physical layer channel information and traditional authentication mechanism in LTE. To verify the feasibility of the proposed mechanism, we build a cross-layer authentication system that extracts the phase shift information of a typical UE and use the ensemble learning method to train the fingerprint map based on OAI LTE. Experimental results show that our cross-layer authentication mechanism can effectively prompt the security of LTE system.

Nowadays the use of the Internet is growing; E-voting system has been used by different countries because it reduces the cost and the time which used to consumed by using traditional voting. When the voter wants to access the E-voting system through the web application, there are requirements such as a web browser and a server. The voter uses the web browser to reach to a centralized database. The use of a centralized database for the voting system has some security issues such as Data modification through the third party in the network due to the use of the central database system as well as the result of the voting is not shown in real-time. However, this paper aims to provide an E-voting system with high security by using blockchain. Blockchain provides a decentralized model that makes the network Reliable, safe, flexible, and able to support real-time services.

Phishing sends malicious links or attachments through emails that can perform various functions, including capturing the victim's login credentials or account information. These emails harm the victims, cause money loss, and identity theft. In this paper, we contribute to solving the phishing problem by developing an extension for the Google Chrome web browser. In the development of this feature, we used JavaScript PL. To be able to identify and prevent the fishing attack, a combination of Blacklisting and semantic analysis methods was used. Furthermore, a database for phishing sites is generated, and the text, links, images, and other data on-site are analyzed for pattern recognition. Finally, our proposed solution was tested and compared to existing approaches. The results validate that our proposed method is capable of handling the phishing issue substantially.

Wearable technology, such as Fitbit devices, log a user's daily activities, heart rate, calories burned, step count, and sleep activity. This information is valuable to digital forensic investigators as it may serve as evidence to a crime, to either support a suspect's innocence or guilt. It is important for an investigator to find and analyze every piece of data for accuracy and integrity; however, there is no standard for conducting a forensic investigation for wearable technology. In this paper, we conduct a forensic analysis of two different Fitbit devices using open-source tools. It is the responsibility of the investigator to show how the data was obtained and to ensure that the data was not modified during the analysis. This paper will guide investigators in understanding what data is collected by a Fitbit device (specifically the Ionic smartwatch and Alta tracker), how to handle Fitbit devices, and how to extract and forensically analyze said devices using open-source tools, Autopsy Sleuth Kit and Bulk Extractor Viewer.

The DES is a symmetric cryptosystem which encrypts data in blocks of 64 bits using 48 bit keys in 16 rounds. It comprises a key schedule, encryption and decryption components. The key schedule, in particular, uses three static component units, the PC-1, PC-2 and rotation tables. However, can these three static components of the key schedule be altered? The DES development team never explained most of these component units. Understanding the DES key schedule is, thus, hard. In addition, reproducing the DES model with unknown component units is challenging, making it hard to adapt and bring implementation of the DES model closer to novice developers' context. We propose an alternative approach for re-implementing the DES key schedule using, rather, dynamic instead of static tables. We investigate the design features of the DES key schedule and implement the same. We then propose a re-engineering view towards a more white-box design. Precisely, generation of the PC-1, rotation and PC-2 tables is revisited to random dynamic tables created at run time. In our views, randomly generated component units eliminate the feared concerns regarding perpetrators' possible knowledge of the internal structures of the static component units. Comparison of the performances of the hybrid DES key schedule to that of the original DES key schedule shows closely related outcomes, connoting the hybrid version as a good alternative to the original model. Memory usage and CPU time were measured. The hybrid insignificantly out-performs the original DES key schedule. This outcome may inspire further researches on possible alterations to other DES component units as well, bringing about completely white-box designs to the DES model.

Machine-to-Machine (M2M) communication is a essential subset of the Internet of Things (IoT). Secure access to communication network systems by M2M devices requires the support of a secure and efficient anonymous authentication protocol. The Direct Anonymous Attestation (DAA) scheme in Trustworthy Computing is a verified security protocol. However, the existing defense system uses a static architecture. The “mimic defense” strategy is characterized by active defense, which is not effective against continuous detection and attack by the attacker. Therefore, in this paper, we propose a Mimic-DAA scheme that incorporates mimic defense to establish an active defense scheme. Multiple heterogeneous and redundant actuators are used to form a DAA verifier and optimization is scheduled so that the behavior of the DAA verifier unpredictable by analysis. The Mimic-DAA proposed in this paper is capable of forming a security mechanism for active defense. The Mimic-DAA scheme effectively safeguard the unpredictability, anonymity, security and system-wide security of M2M communication networks. In comparison with existing DAA schemes, the scheme proposed in this paper improves the safety while maintaining the computational complexity.

We propose a novel attestation architecture for the Internet of Things (IoT). Our distributed attestation network (DAN) utilizes blockchain technology to store and share device information. We present the design of this new attestation architecture as well as a prototype system chosen to emulate an IoT deployment with a network of Raspberry Pi, Infineon TPMs, and a Hyperledger Fabric blockchain.

System safety and cyber security have a great effect on the availability of devices that are interconnected. With the rising interconnection of critical infrastructures new risks occur, which have to be detected and warded. Therefore, attack vectors are defined to determine deviations to the nominal values of a cyber-physical system in this paper. Through an elaborated cyber security concept, the tasks of a simple motor protecting switch and additional tasks to detect cyber-attacks can be implemented. The simulative result of an exemplary overvoltage shows the impact on the RMS and phase voltages of a monitored drive.

False data injection attack (FDIA) destroys the automatic generation control (AGC) system and leads to unstable operation of the power system. Fast and accurate detection can help prevent and disrupt malicious attacks. This paper proposes an improved detection method, which is combined with fuzzy theory and support vector machine (SVM) to identify various types of attacks. The impacts of different types of FDIAs on the AGC system are analyzed, and the reliability of the method is proved by a large number of experimental data. This experiment is simulated on a single-area LFC system and the effects of adding a wind storage system were compared in a dynamic model. Simulation studies also show a higher accuracy of fuzzy support vector machine (FSVM) than traditional SVM and fuzzy pattern trees (FPTs).

In recent times cloud services are used widely and due to which there are so many attacks on the cloud devices. One of the major attacks is DDos (distributed denial-of-service) -attack which mainly targeted the Memcached which is a caching system developed for speeding the websites and the networks through Memcached's database. The DDoS attack tries to destroy the database by creating a flood of internet traffic at the targeted server end. Attackers send the spoofing applications to the vulnerable UDP Memcached server which even manipulate the legitimate identity of the sender. In this work, we have proposed a vector quantization approach based on a supervised deep learning approach to detect the Memcached attack performed by the use of malicious firmware on different types of Cloud attached devices. This vector quantization approach detects the DDoas attack performed by malicious firmware on the different types of cloud devices and this also classifies the applications which are vulnerable to attack based on cloud-The Hackbeased services. The result computed during the testing shows the 98.2 % as legally positive and 0.034% as falsely negative.

Artificial intelligence has been widely used in industries such as smart manufacturing, medical care and home furnishings. Among them, the value of the application in communication security is very important. This paper makes a further exploration of the artificial intelligence technology and its application, and gives a detailed analysis of its development, standardization and the application.

Current cyber attribution approaches proposed to use a variety of datasets and analytical techniques to distill the information that will be useful to identify cyber attackers. In contrast, practitioners and researchers in cyber attribution face several technical and regulation challenges. In this paper, we describe the main challenges of cyber attribution and present a state of the art of used approaches to face these challenges. Then, we will present an exploratory study to perform cyber attacks attribution based on pattern recognition from real data. In our study, we are using attack pattern discovery and identification based on real data collection and analysis.

Recent advances in generative adversarial networks have made detecting fake videos a challenging task. In this paper, we propose the application of the state-of-the-art attribution based confidence (ABC) metric for detecting deepfake videos. The ABC metric does not require access to the training data or training the calibration model on the validation data. The ABC metric can be used to draw inferences even when only the trained model is available. Here, we utilize the ABC metric to characterize whether a video is original or fake. The deep learning model is trained only on original videos. The ABC metric uses the trained model to generate confidence values. For, original videos, the confidence values are greater than 0.94.