Biblio

The fundamental aim of digital forensics is to discover, investigate and protect an evidence, increasing cybercrime enforces digital forensics team to have more accurate evidence handling. This makes digital evidence as an important factor to link individual with criminal activity. In this procedure of forensics investigation, maintaining integrity of the evidence plays an important role. A chain of custody refers to a process of recording and preserving details of digital evidence from collection to presenting in court of law. It becomes a necessary objective to ensure that the evidence provided to the court remains original and authentic without tampering. Aim is to transfer these digital evidences securely using encryption techniques.

The world is continuously developing, and people's needs are increasing as well; so too are the number of thieves increasing, especially electronic thieves. For that reason, companies and individuals are always searching for experts who will protect them from thieves, and these experts are called digital investigators. Digital forensics has a number of branches and different parts, and image forensics is one of them. The budget for the images branch goes up every day in response to the need. In this paper we offer some information about images and image forensics, image components and how they are stored in digital devices and how they can be deleted and recovered. We offer general information about digital forensics, focusing on image forensics.

Tensor operations, such as matrix multiplication, are central to large-scale machine learning applications. These operations can be carried out on a distributed computing platform with a master server at the user side and multiple workers in the cloud operating in parallel. For distributed platforms, it has been recently shown that coding over the input data matrices can reduce the computational delay, yielding a tradeoff between recovery threshold and communication load. In this work, we impose an additional security constraint on the data matrices and assume that workers can collude to eavesdrop on the content of these data matrices. Specifically, we introduce a novel class of secure codes, referred to as secure generalized PolyDot codes, that generalizes previously published non-secure versions of these codes for matrix multiplication. These codes extend the state-of-the-art by allowing a flexible trade-off between recovery threshold and communication load for a fixed maximum number of colluding workers.

A honeypot system is used to trapping hackers, track and analyze new hacking methods. However, it does not only take time for construction and deployment but also costs for maintenance because these systems are always online even when there is no attack. Since the main purpose of honeypot systems is to collect more and more attack trafc if possible, the limitation of system capacity is also a major problem. In this paper, we propose Dynamic Virtual Network Honeypot (DVNH) which leverages emerging technologies, Network Function Virtualization and Software-Defined Networking. DVNH redirects the attack to the honeypot system thereby protects the targeted system. Our experiments show that DVNH enables efficient resource usage and dynamic provision of the Honeypot system.

Now-a-days Internet has become mostly content centric. Named Data Network (NDN) has emerged as a promising candidate to cope with the use of today's Internet. Several NDN features such as in-network caching, easier data forwarding, etc. in the routing method bring potential advantages over conventional networks. Despite the advantages, there are many challenges in NDN which are yet to be addressed. In this paper, we address two of such challenges in NDN routing: (1) Huge storage overhead in NDN router (2) High communication over-heads in the network during propagation of routing information updates. We propose changes in existing NDN routing with the aim to provide a low-overhead solution to these problems. Here instead of storing the Link State Data Base (LSDB) in all the routers, it is kept in selected special nodes only. The use of special nodes lowers down the overall storage and update overheads. We also provide supporting algorithms for data forwarding and update for grid network. The performance of the proposed method is evaluated in terms of storage and communication overheads. The results show the overheads are reduced by almost one third as compared to the existing routing method in NDN.

Mobile Ad hoc Networks (MANETs) are wireless networks that are void of fixed infrastructure as the communication between nodes are dependent on the liaison of each node in the network. The efficacy of MANET in critical scenarios like battlefield communications, natural disaster require new security strategies and policies to guarantee the integrity of nodes in the network. Due to the inherent frailty of MANETs, new security measures need to be developed to defend them. Intrusion Detection strategy used in wired networks are unbefitting for wireless networks due to reasons not limited to resource constraints of participating nodes and nature of communication. Nodes in MANET utilize multi hop communication to forward packets and this result in consumption of resources like battery and memory. The intruder or cheat nodes decide to cooperate or non-cooperate with other nodes. The cheat nodes reduce the overall effectiveness of network communications such as reduced packet delivery ratio and sometimes increase the congestion of the network by forwarding the packet to wrong destination and causing packets to take more times to reach the appropriate final destination. In this paper a decision tree based artificial immune system (AIS) strategy is utilized to detect such cheat nodes thereby improving the efficiency of packet delivery.

A plethora of recent work has shown that convolutional networks are not robust to adversarial images: images that are created by perturbing a sample from the data distribution as to maximize the loss on the perturbed example. In this work, we hypothesize that adversarial perturbations move the image away from the image manifold in the sense that there exists no physical process that could have produced the adversarial image. This hypothesis suggests that a successful defense mechanism against adversarial images should aim to project the images back onto the image manifold. We study such defense mechanisms, which approximate the projection onto the unknown image manifold by a nearest-neighbor search against a web-scale image database containing tens of billions of images. Empirical evaluations of this defense strategy on ImageNet suggest that it very effective in attack settings in which the adversary does not have access to the image database. We also propose two novel attack methods to break nearest-neighbor defense settings and show conditions under which nearest-neighbor defense fails. We perform a series of ablation experiments, which suggest that there is a trade-off between robustness and accuracy between as we use features from deeper in the network, that a large index size (hundreds of millions) is crucial to get good performance, and that careful construction of database is crucial for robustness against nearest-neighbor attacks.

Large graphs are increasingly prevalent in mobile networks, social networks, traffic networks and biological networks. These graphs are often uncertain, where edges are augmented with probabilities that indicates the chance to exist. Recently k-nearest neighbor search has been studied within the field of uncertain graphs, but the scalability and efficiency issues are not well solved. Moreover, solutions are implemented on a single machine and thus cannot fit large uncertain graphs. In this paper, we develop a framework, called DURS, to distribute k-nearest neighbor search into several machines and re-partition the uncertain graphs to balance the work loads and reduce the communication costs. Evaluation results show that DURS is essential to make the system scalable when answering k-nearest neighbor queries on uncertain graphs.

Phishing attacks are one of the most common and least defended security threats today. We present an approach which uses natural language processing techniques to analyze text and detect inappropriate statements which are indicative of phishing attacks. Our approach is novel compared to previous work because it focuses on the natural language text contained in the attack, performing semantic analysis of the text to detect malicious intent. To demonstrate the effectiveness of our approach, we have evaluated it using a large benchmark set of phishing emails.

The choice of threshold is an important part of fault diagnosis. Most of the current methods use a constant threshold for detection and it is difficult to meet the robustness and sensitivity requirements of the diagnosis system. This article develops a dynamic threshold algorithm for aircraft engine fault detection and isolation systems. The algorithm firstly analyzes the bounded norm uncertainty that may appear in the process of model based on the state space equation, and gives the time domain response range calculation formula under the influence of uncertain parameters; then the Kalman filter is combined to calculate the threshold with the real-time change of state; the simulation is performed at the end. The simulation results show that dynamic threshold range changes with status in real time.

As Multi-Processor Systems-on-Chip (MPSoCs) permeate the Internet by powering IoT devices, they are exposed to new threats. One major threat is Denial-of-Service (DoS) attacks, which make communication services slow or even unavailable. While mainly studied on desktop and server systems, some DoS attacks on mobile devices and Network-on-Chip (NoC) platforms have also been considered. In the context of NoC-based MPSoC architectures, previous works have explored flooding DoS attacks and their countermeasures, however, these protection techniques are ineffective to mitigate new DoS attacks. Recently, a shift of the network attack paradigm from flooding DoS to Low-and-Slow DoS has been observed. To this end, we present two contributions. First, we demonstrate, for the first time, the impact of Low-and-Slow DoS attacks in NoC environments. Second, we propose a lightweight online monitor able to detect and mitigate these attacks. Results show that our countermeasure is feasible and that it effectively mitigates this new attack. Moreover, since the monitors are placed at the entry points of the network, both, single- and multi-source attacks can be neutralized.

pubcrawl, Network on Chip Security, Scalability, resiliency, resilience, metrics, Tasks on NoC (Network-on-Chip) are less efficient because of long-distance data synchronization. An inefficient task schedule strategy can lead to a large number of remote data accessing that ruins the speedup of parallel execution of multiple tasks. Thus, we propose an energy efficient task schedule to reduce task traffic with a diffusional pattern. The task mapping algorithm can optimize traffic distribution by limit tasks into a small area to reduce NoC activities. Comparing to application-layer optimization, our task mapping can obtain 20% energy saving and 15% latency reduction on average.

In this paper we investigate deceptive defense strategies for web servers. Web servers are widely exploited resources in the modern cyber threat landscape. Often these servers are exposed in the Internet and accessible for a broad range of valid as well as malicious users. Common security strategies like firewalls are not sufficient to protect web servers. Deception based Information Security enables a large set of counter measures to decrease the efficiency of intrusions. In this work we depict several techniques out of the reconnaissance process of an attacker. We match these with deceptive counter measures. All proposed measures are implemented in an experimental web server with deceptive counter measure abilities. We also conducted an experiment with honeytokens and evaluated delay strategies against automated scanner tools.

Reconnaissance phase is where attackers identify their targets and how to collect information from professional social networks which can be used to select and exploit targeted employees to penetrate in an organization. Here, a framework is proposed for the early detection of attackers in the reconnaissance phase, highlighting the common characteristic behavior among attackers in professional social networks. And to create artificial honeypot profiles within the organizational social network which can be used to detect a potential incoming threat. By analyzing the dataset of social Network profiles in combination of machine learning techniques, A DspamRPfast model is proposed for the creation of a classifier system to predict the probabilities of the profiles being fake or malicious and to filter them out using XGBoost and for the faster classification and greater accuracy of 84.8%.

The next generation military environment requires a delay-tolerant network for sharing data and resources using an interoperable computerized, Command, Control, Communications, Intelligence, Surveillance and Reconnaissance (C4ISR) infrastructure. In this paper, we propose a new distributed SDN (Software-Defined Networks) architecture for tactical environments based on distributed cloudlets. The objective is to reduce the end-to-end delay of tactical traffic flow, and improve management capabilities, allowing flexible control and network resource allocation. The proposed SDN architecture is implemented over three layers: decentralized cloudlets layer where each cloudlet has its SDRN (Software-Defined Radio Networking) controller, decentralized MEC (Mobile Edge Computing) layer with an SDN controller for each MEC, and a centralized private cloud as a trusted third-part authority controlled by a centralized SDN controller. The experimental validations are done via relevant and realistic tactical scenarios based on strategic traffics loads, i.e., Tactical SMS (Short Message Service), UVs (Unmanned Vehicle) patrol deployment and high bite rate ISR (Intelligence, Surveillance, and Reconnaissance) video.

Internet of Things (IoT) has an immense potential for a plethora of applications ranging from healthcare automation to defence networks and the power grid. The security of an IoT network is essentially paramount to the security of the underlying computing and communication infrastructure. However, due to constrained resources and limited computational capabilities, IoT networks are prone to various attacks. Thus, safeguarding the IoT network from adversarial attacks is of vital importance and can be realised through planning and deployment of effective security controls; one such control being an intrusion detection system. In this paper, we present a novel intrusion detection scheme for IoT networks that classifies traffic flow through the application of deep learning concepts. We adopt a newly published IoT dataset and generate generic features from the field information in packet level. We develop a feed-forward neural networks model for binary and multi-class classification including denial of service, distributed denial of service, reconnaissance and information theft attacks against IoT devices. Results obtained through the evaluation of the proposed scheme via the processed dataset illustrate a high classification accuracy.

Logistic regression (LR) is used in many areas due to its simplicity and interpretability. While at the same time, those two properties limit its classification accuracy. Deep neural networks (DNNs), instead, achieve state-of-the-art performance in many domains. However, the nonlinearity and complexity of DNNs make it less interpretable. To balance interpretability and classification performance, we propose a novel nonlinear model, Deep Embedding Logistic Regression (DELR), which augments LR with a nonlinear dimension-wise feature embedding. In DELR, each feature embedding is learned through a deep and narrow neural network and LR is attached to decide feature importance. A compact and yet powerful model, DELR offers great interpretability: it can tell the importance of each input feature, yield meaningful embedding of categorical features, and extract actionable changes, making it attractive for tasks such as market analysis and clinical prediction.

Computer and network accountability is to make every action in computers and networks accountable. In order to achieve accountability, we need to answer the following questions: what did it happen? When did it happen? Who did it? In order to achieve accountability, the first step is to record what exactly happened. Therefore, an accountable logging is needed and implemented in computers and networks. Our previous work proposed a novel accountable logging methodology called Flow-Net. However, how to storage the huge amount of Flow-net logs into databases is not clear. In this paper, we try to answer this question.

The metallic interface for between core messages expends wealth influence and lesser throughput which are huge in Network-on Chip (NoC) structures. We proposed a remote Network-on-Chip (NoC) building Wireless Network-on Chip that uses power and imperatives gainful remote handsets to improve higherenergy and throughput by altering channels as indicated by traffic plans. Our proposed computations uses interface use bits of knowledge to redispensreal platforms, and a vitality funds of 29-35%. Wireless channels and a token sharing arrangement to totally use the remote information transmission successfully. Remote/electrical topological with results demonstrates a through-put advancement of 69%, a speedup between 1.7-2.9X on real platform, and an power savings of 25-38%.

A local area network (LAN) computer security control circuit is designed for the practical problem of LAN computer users "one machine crosses two networks" on this paper, which provides a protection barrier for the information security of LAN computers on the hardware. This paper briefly analyzes the risks and challenges faced by LAN security. The overall design idea, circuit design and working principle of LAN computer security control circuit are described in detail. The characteristics of the system are summarized. Finally, the design circuit is verified by practical application in the unit. The application results show that the circuit is stable in operation, simple in operation, safe and reliable, and convenient in installation and maintain, etc., which has achieved the design effect and played a good role in ensuring the security of the network information of the local area network.

In this paper, a dynamic cybersecurity protection method based on software-defined networking (SDN) is proposed, according to the protection requirement analysis for industrial control systems (ICSs). This method can execute security response measures by SDN, such as isolation, redirection etc., based on the real-time intrusion detection results, forming a detecting-responding closed-loop security control. In addition, moving target defense (MTD) concept is introduced to the protection for ICSs, where topology transformation and IP/port hopping are realized by SDN, which can confuse and deceive the attackers and prevent attacks at the beginning, protection ICSs in an active manner. The simulation results verify the feasibility of the proposed method.

In order to enhance the network security protection level of intelligent substation, this paper puts forward a model of intelligent substation network security defense system through the analysis of intelligent substation network security risk and protection demand, and using example proved the feasibility and effectiveness of the defense system. It is intelligent substation network security protection provides a new solution.

Digital ant technology is a new distributed and self-organization cyberspace defense paradigm. This paper describes digital ants system's developing process, characteristics, system architecture and mechanisms to illustrate its superiority, searches the possible applications of digital ants system. The summary of the paper and the trends of digital ants system are pointed out.

The modern power system is experiencing rapid development towards a smarter cyber-physical power grid. How to comprehensively and effectively identify the vulnerable components under various cyber attacks has attracted widespread interest and attention around the world. In this paper, a game-theoretical scheme is developed to analyze the vulnerabilities of transmission lines and cyber elements under locally coordinated cyber-physical attacks in a cyber-physical power infrastructure. A two-step scenario including resources allocation made by system defender in advance and subsequent coordinated cyber-physical attacks are designed elaborately. The designed scenario is modeled as a game of incomplete information, which is then converted into a bi-level mathematical programming problem. In the lower level model, the attacker aims at maximizing system losses by attacking some transmission lines. While in the higher level model, the defender allocates defensive resources, trying to maximally reduce the losses considering the possible attacks. The payoffs of the game are calculated by leveraging a strategy of searching accident chains caused by cascading failure analyzed in this paper. A particle swarm optimization algorithm is applied to solve the proposed nonlinear bi-level programming model, and the case studies on a 34-bus system are conducted to verify the effectiveness of the proposed scheme.

Inductive contactless energy transfer (CET) systems show a certain oscillating transient behavior of inrush currents on both system sides. This causes current overshoots in the electrical components and has to be considered for the system dimensioning. This paper presents a simple and yet very accurate model, which describes the dynamic behavior of series-series compensated inductive CET systems. This model precisely qualifies the systems current courses for both sides in time domain. Additionally, an analysis in frequency domain allows further knowledge for parameter estimation. Since this model is applicable for purely resistive loads and constant voltage loads with bridge rectifiers, it is very practicable and can be useful for control techniques and narameter estimation.