Biblio

In this paper, we will describe the design and implementation of a secure payment system based on QR codes. These QR codes have been extensively used in recent years since they speed up the payment process and provide users with ultimate convenience. However, as convenient as they may sound, QR-based online payment systems are vulnerable to different types of attacks. Therefore, transaction processing needs to be secure enough to protect the integrity and confidentiality of every payment process. Moreover, the online payment system must provide authenticity for both the sender and receiver of each transaction. In this paper, the security of the proposed QR-based system is provided using visual cryptography. The proposed system consists of a mobile application and a payment gateway server that implements visual cryptography. The application provides a simple and user-friendly interface for users to carry out payment transactions in user-friendly secure environment.

In the present paper the exponentiation algorithm “To Center and Back” based on the idea of the additive chains exponentiation method is developed. The created by authors algorithm allows to reduce the calculation time and to improve the performance of conventional and cryptographic algorithms, as pre-quantum and quantum, and then post-quantum, in which it is necessary to use the fast exponentiation algorithm.

Bitcoin and other digital cryptocurrencies have de-veloped rapidly in recent years. To reduce hardware and power costs, many criminals use the botnet to infect other hosts to mine cryptocurrency for themselves, which has led to the proliferation of mining botnets and is referred to as cryptojacking. At present, the mechanisms specific to cryptojacking detection include host-based, Deep Packet Inspection (DPI) based, and dynamic network characteristics based. Host-based detection requires detection installation and running at each host, and the other two are heavyweight. Besides, DPI-based detection is a breach of privacy and loses efficacy if encountering encrypted traffic. This paper de-signs a lightweight cryptojacking traffic detection method based on network behavior features for an ISP, without referring to the payload of network traffic. We set up an environment to collect cryptojacking traffic and conduct a cryptojacking traffic study to obtain its discriminative network traffic features extracted from only the first four packets in a flow. Our experimental study suggests that the machine learning classifier, random forest, based on the extracted discriminative network traffic features can accurately and efficiently detect cryptojacking traffic.

The false data injection attacks (FDIAs) in smart grids can offset the power measurement data and it can bypass the traditional bad data detection mechanism. To solve this problem, a new detection mechanism called cosine similarity ratio which is based on the dynamic estimation algorithm of square root cubature Kalman filter (SRCKF) is proposed in this paper. That is, the detection basis is the change of the cosine similarity between the actual measurement and the predictive measurement before and after the attack. When the system is suddenly attacked, the actual measurement will have an abrupt change. However, the predictive measurement will not vary promptly with it owing to the delay of Kalman filter estimation. Consequently, the cosine similarity between the two at this moment has undergone a change. This causes the ratio of the cosine similarity at this moment and that at the initial moment to fluctuate considerably compared to safe operation. If the detection threshold is triggered, the system will be judged to be under attack. Finally, the standard IEEE-14bus test system is used for simulation experiments to verify the effectiveness of the proposed detection method.

As a typical cyber-physical system, the power system utilizes advanced information and communication technologies to transmit crucial control signals in communication channels. However, many adversaries can construct false data injection attacks (FDIA) to circumvent traditional bad data detection and break the stability of the power grid. In this paper, we proposed a threat-maximizing FDIA model from the view of attackers. The proposed FDIA can not only circumvent bad data detection but can also cause a terrible fluctuation in the power system. Furthermore, in order to eliminate potential attack threats, the Spatio-temporal correlations of measurement matrices are considered. To extract the Spatio-temporal features, a data-driven detection method using a deep convolutional neural network was proposed. The effectiveness of the proposed FDIA model and detection are assessed by a simulation on the New England 39 bus system. The results show that the FDIA can cause a negative effect on the power system’s stable operation. Besides, the results reveal that the proposed FDIA detection method has an outstanding performance on Spatio-temporal features extraction and FDIA recognition.

In power networks, it is important to detect a cyber attack. In this paper, we propose a detection method of false data injection (FDI) attacks. FDI attacks cannot be detected from the estimation error in power networks. The proposed method is based on the distributed state estimation, and is used the tentative estimated state. The proposed method is demonstrated by a numerical example on the IEEE 14-bus system.

In recent years web applications that are hacked every day estimated to be 30 000, and in most cases, web developers or website owners do not even have enough knowledge about what is happening on their sites. Web hackers can use many attacks to gain entry or compromise legitimate web applications, they can also deceive people by using phishing sites to collect their sensitive and private information. In response to this, the need is raised to take proper measures to understand the risks and be aware of the vulnerabilities that may affect the website and hence the normal business flow. In the scope of this study, mitigations against the most common web application attacks are set, and the web administrator is provided with ways to detect phishing links which is a social engineering attack, the study also demonstrates the generation of web application logs that simplifies the process of analyzing the actions of abnormal users to show when behavior is out of bounds, out of scope, or against the rules. The methods of mitigation are accomplished by secure coding techniques and the methods for phishing link detection are performed by various machine learning algorithms and deep learning techniques. The developed application has been tested and evaluated against various attack scenarios, the outcomes obtained from the test process showed that the website had successfully mitigated these dangerous web application attacks, and for the detection of phishing links part, a comparison is made between different algorithms to find the best one, and the outcome of the best model gave 98% accuracy.

This note addresses the problem of distributed control for a class of nonlinear multi-agent systems over a communication graph. In many real practical systems, owing to communication limits and the vulnerability of communication networks to be overheard and modified by the adversary, consideration of communication delays and cyber-attacks in designing of the controller is important. To consider these challenges, in the presented approach, a distributed controller for a group of one-link flexible joint manipulators is provided which are connected via data delaying communication network in the presence of cyber-attacks. Sufficient conditions are provided to guarantee that the closed-loop system is stable with prescribed disturbance attenuation, and the parameter of the control law can be obtained by solving a set of linear matrix inequities (LMIs). Eventually, simulations results of four single-link manipulators are provided to demonstrate the performance of the introduced method.

Consider the identification (ID) via channels problem, where a receiver wants to decide whether the transmitted identifier is its identifier, rather than decoding the identifier. This model allows to transmit identifiers whose size scales doubly-exponentially in the blocklength, unlike common transmission (or channel) codes whose size scales exponentially. It suffices to use binary constant-weight codes (CWCs) to achieve the ID capacity. By relating the parameters of a binary CWC to the minimum distance of a code and using higher-order correlation moments, two upper bounds on the binary CWC size are proposed. These bounds are shown to be upper bounds also on the identifier sizes for ID codes constructed by using binary CWCs. We propose two code constructions based on optical orthogonal codes, which are used in optical multiple access schemes, have constant-weight codewords, and satisfy cyclic cross-correlation and autocorrelation constraints. These constructions are modified and concatenated with outer Reed-Solomon codes to propose new binary CWCs optimal for ID. Improvements to the finite-parameter performance of both our and existing code constructions are shown by using outer codes with larger minimum distance vs. blocklength ratios. We also illustrate ID performance regimes for which our ID code constructions perform significantly better than existing constructions.

Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA) is a type of automatic program to determine whether the user is human or not. The most common type of CAPTCHA is a kind of message interpretation by twisting the letters and adding slight noises in the background, plays a role of verification code. In this paper, we will introduce the basis of Convolutional Neural Network first. Then based on the handwritten digit recognition using CNN, we will develop a network for CAPTCHA image recognition.

CAPTCHA or Completely Automated Public Turing test to Tell Computers and Humans Apart is a technique to distinguish between humans and computers by generating and evaluating tests that can be passed by humans but not computer bots. However, captchas are not foolproof, and they can be bypassed which raises security concerns. Hence, sites over the internet remain open to such vulnerabilities. This research paper identifies the vulnerabilities found in some of the commonly used captcha schemes by cracking them using Deep Learning techniques. It also aims to provide solutions to safeguard against these vulnerabilities and provides recommendations for the generation of secure captchas.

CAPTCHA (Completely Automated Public Turing Test to tell Computers and Humans Apart) is a widely used challenge-measures to distinguish humans and computer automated programs apart. Several existing CAPTCHAs are reliable for normal users, whereas visually impaired users face a lot of problems with the CAPTCHA authentication process. CAPTCHAs such as Google reCAPTCHA alternatively provides audio CAPTCHA, but many users find it difficult to decipher due to noise, language barrier, and accent of the audio of the CAPTCHA. Existing CAPTCHA systems lack user satisfaction on smartphones thus limiting its use. Our proposed system potentially solves the problem faced by visually impaired users during the process of CAPTCHA authentication. Also, our system makes the authentication process generic across users as well as platforms.

With the developing of computer technology, Convolutional Neural Network (CNN) has made big development in both application region and research field. However, CAPTCHA (one Turing Test to tell difference between computer and human) technology is also widely used in many websites verification process and it has received great attention from researchers. In this essay, we introduced the CNN based on tensorflow framework and use the MINIST data set which is used in handwritten digit recognition to analyze the parameters and the structure of the CNN model. Moreover, we use different activation functions and compares them with different epochs. We also analyze many problems during the experiment to make the original data and the result more accurate.

Malicious Webpages have been a serious threat on Internet for the past few years. As per the latest Google Transparency reports, they continue to be top ranked amongst online threats. Various techniques have been used till date to identify malicious sites, to include, Static Heuristics, Honey Clients, Machine Learning, etc. Recently, with the rapid rise of Deep Learning, an interest has aroused to explore Deep Learning techniques for detecting Malicious Webpages. In this paper Deep Learning has been utilized for such classification. The model proposed in this research has used a Deep Neural Network (DNN) with two hidden layers to distinguish between Malicious and Benign Webpages. This DNN model gave high accuracy of 99.81% with very low False Positives (FP) and False Negatives (FN), and with near real-time response on test sample. The model outperformed earlier machine learning solutions in accuracy, precision, recall and time performance metrics.

We present a simple approach for detecting brute force attacks in the CSE-CIC-IDS2018 Big Data dataset. We show our approach is preferable to more complex approaches since it is simpler, and yields stronger classification performance. Our contribution is to show that it is possible to train and test simple Decision Tree models with two independent variables to classify CSE-CIC-IDS2018 data with better results than reported in previous research, where more complex Deep Learning models are employed. Moreover, we show that Decision Tree models trained on data with two independent variables perform similarly to Decision Tree models trained on a larger number independent variables. Our experiments reveal that simple models, with AUC and AUPRC scores greater than 0.99, are capable of detecting brute force attacks in CSE-CIC-IDS2018. To the best of our knowledge, these are the strongest performance metrics published for the machine learning task of detecting these types of attacks. Furthermore, the simplicity of our approach, combined with its strong performance, makes it an appealing technique.

Data and veracious information are an important feature of any organization; it takes special care as a like asset of the organization. Cloud computing system main target to provide service to the user like high-speed access user data for storage and retrieval. Now, big concern is data protection in cloud computing technology as because data leaking and various malicious attacks happened in cloud computing technology. This study provides user data protection in the cloud storage device. The article presents the architecture of a data security hybrid infrastructure that protects and stores the user data from the unauthenticated user. In this hybrid model, we use a different type of security model.

Cloud computing has become ubiquitous in the modern world and has offered a number of promising and transformative technological opportunities. However, organizations that use cloud platforms are also concerned about cloud security and new threats that arise due to cloud adoption. Digital forensic investigations (DFI) are undertaken when a security incident (i.e., successful attack) has been identified. Forensics data collection is an integral part of DFIs. This paper presents results from a survey of existing literature on challenges related to forensics data collection in cloud. A taxonomy of major challenges was developed to help organizations understand and thus better prepare for forensics data collection.

With the increased use of social robots in critical applications, like elder care and rehabilitation, it becomes necessary to investigate the user's trust in robots to prevent over- and under-utilization of the robotic systems. While several studies have shown how trust increases through personalised behaviour, there is a lack of research concerned with the influence of personalised physical appearance. This study explores the effect of personalised physical appearance on trust in human-robot-interaction (HRI). In an online game, 60 participants interacted with a robot, where half of the participants were asked to personalise the robot prior to the game. Trust was measured through a trust-related questionnaire as well as by evaluating user behaviour during the game. Results indicate that personalised physical appearance does not directly correlate to higher trust perceptions, however, there was significant evidence that players exhibit more trusting behaviours in a game against a personalised robot.

Trust in autonomous teammates has been shown to be a key factor in human-autonomy team (HAT) performance, and anthropomorphism is a closely related construct that is underexplored in HAT literature. This study investigates whether perceived anthropomorphism can be measured from team communication behaviors in a simulated remotely piloted aircraft system task environment, in which two humans in unique roles were asked to team with a synthetic (i.e., autonomous) pilot agent. We compared verbal and self-reported measures of anthropomorphism with team error handling performance and trust in the synthetic pilot. Results for this study show that trends in verbal anthropomorphism follow the same patterns expected from self-reported measures of anthropomorphism, with respect to fluctuations in trust resulting from autonomy failures.

The process of Big data storage has become challenging due to the expansion of extensive data; data providers will offer encrypted data and upload to Big data. However, the data exchange mechanism is unable to accommodate encrypted data. Particularly when a large number of users share the scalable data, the scalability becomes extremely limited. Using a contemporary privacy protection system to solve this issue and ensure the security of encrypted data, as well as partially homomorphic re-encryption and decryption (PHRED). This scheme has the flexibility to share data by ensuring user's privacy with partially trusted Big Data. It can access to strong unforgeable scheme it make the transmuted cipher text have public and private key verification combined identity based Augmented Homomorphic Re Encryption Decryption(AHRED) on paillier crypto System with Laplacian noise filter the performance of the data provider for privacy preserving big data.

A secure hash code or message authentication code is a one-way hash algorithm. It is producing a fixed-size hash function to be used to check verification, the integrity of electronic data, password storage. Numerous researchers have proposed hashing algorithms. They have a very high time complexity based on several steps, initial value, and key constants which are publically known. We are focusing here on the many exiting algorithms that are dependent on the initial value and key constant usage to increasing the security strength of the hash function which is publically known. Therefore, we are proposing autonomous initial value proposed secure hash algorithm (AIVPSHA64) in this research paper to produce sixty-four-bit secure hash code without the need of initial value and key constant, it is very useful for a smart card to verify their identity which has limited memory space. Then evaluate the performance of hash function using autonomous initial value proposed secure hash algorithm (AIVPSHA64) and will compare the result, which is found by python-3.9.0 programming language.

The cloud storage system is a very big boon for the organizations and individuals who are all in the need of storage space to accommodate huge volume of digital data. The cloud storage space can handle various types of digital data like text, image, video and audio. Since the storage space can be shared among different users, it is possible to have duplicate copies of data in the storage space. An efficient mechanism is required to identify the digital data uniquely in order to check the duplicity. There are various ways by which the digital data can be identified. One among such technique is hash-based identification. Using cryptographic hashing algorithms, every data can be uniquely identified. The unique property of hashing algorithm helps to identify the data uniquely. In this research work, we are going to discuss the advantage of using cryptographic hashing algorithm for digital data identification and the comparison of various hashing algorithms.

Wireless communications networks are an integral part of intelligent systems that enhance the automation of various activities and operations embarked by humans. For example, the development of intelligent devices imbued with sensors leverages emerging technologies such as machine learning (ML) and artificial intelligence (AI), which have proven to enhance military operations through communication, control, intelligence gathering, and situational awareness. However, growing concerns in cybersecurity imply that attackers are always seeking to take advantage of the widened attack surface to launch adversarial attacks which compromise the activities of legitimate users. To address this challenge, we leverage on deep learning (DL) and the principle of cyber-deception to propose a method for defending wireless networks from the activities of jammers. Specifically, we use DL to regulate the power allocated to users and the channel they use to communicate, thereby luring jammers into attacking designated channels that are considered to guarantee maximum damage when attacked. Furthermore, by directing its energy towards the attack on a specific channel, other channels are freed up for actual transmission, ensuring secure communication. Through simulations and experiments carried out, we conclude that this approach enhances security in wireless communication systems.

Algorithms for unsupervised anomaly detection have proven their effectiveness and flexibility, however, first it is necessary to calculate with what ratio a certain class begins to be considered anomalous by the autoencoder. For this reason, we propose to conduct a study of the efficiency of autoencoders depending on the ratio of anomalous and non-anomalous classes. The emergence of high-speed networks in electric power systems creates a tight interaction of cyberinfrastructure with the physical infrastructure and makes the power system susceptible to cyber penetration and attacks. To address this problem, this paper proposes an innovative approach to develop a specification-based intrusion detection framework that leverages available information provided by components in a contemporary power system. An autoencoder is used to encode the causal relations among the available information to create patterns with temporal state transitions, which are used as features in the proposed intrusion detection. This allows the proposed method to detect anomalies and cyber attacks.

The transportation system is becoming tremendously important in today's human activities and the number of urban vehicles grows rapidly. The vehicle theft also has become a shared concern for all vehicle owners. However, the present anti-theft system which maybe high reliable, lack of proper mechanism for preventing theft before it happens. This work proposes the internet of things based smart vehicle security staring system; efficient security provided to the vehicle owners relies on securing car ignition system by using a developed android application running on smart phone connected to the designed system installed in vehicle. With this system it is non- viable to access the vehicle's functional system in case the ignition key has been stolen or lost. It gives the drivers the ability to stay connected with their vehicle. Whenever the ignition key is stolen or lost, it is impossible to start the vehicle as the ignition system is still locked on the vehicle start and only the authorized person will be able to start the vehicle at convenient time with the combination of ignition key and smart phone application. This study proposes to design the system that uses node MCU, Bluetooth low energy (BLE), transistors, power relays and android smartphone in system testing. In addition, it is cost effective and once installed in the vehicle there is no more cost of maintenance.