Biblio

The whole Software-Defined Networking (SDN) system might be out of service when the control plane is overloaded by control plane saturation attacks. In this attack, a malicious host can manipulate massive table-miss packets to exhaust the control plane resources. Even though many studies have focused on this problem, systems still suffer from more influenced switches because of centralized mitigation policies, and long recovery delay because of the remaining attack flows. To solve these problems, we propose FSDM, a Fast recovery Saturation attack Detection and Mitigation framework. For detection, FSDM extracts the distribution of Control Channel Occupation Rate (CCOR) to detect the attack and locates the port that attackers come from. For mitigation, with the attacker's location and distributed Mitigation Agents, FSDM adopts different policies to migrate or block attack flows, which influences fewer switches and protects the control plane from resource exhaustion. Besides, to reduce the system recovery delay, FSDM equips a novel functional module called Force\_Checking, which enables the whole system to quickly clean up the remaining attack flows and recovery faster. Finally, we conducted extensive experiments, which show that, with the increasing of attack PPS (Packets Per Second), FSDM only suffers a minor recovery delay increase. Compared with traditional methods without cleaning up remaining flows, FSDM saves more than 81% of ping RTT under attack rate ranged from 1000 to 4000 PPS, and successfully reduced the delay of 87% of HTTP requests time under large attack rate ranged from 5000 to 30000 PPS.

Flow correlation can identify attackers who use anonymous networks or stepping stones. The current flow correlation scheme based on watermark can effectively trace the network traffic. But it is difficult to balance robustness and invisibility. This paper presents an innovative flow correlation scheme that guarantees invisibility. First, the scheme generates a two-dimensional feature matrix by segmenting the network flow. Then, features of frequency and time are extracted from the matrix and mapped into perceptual hash sequences. Finally, by comparing the hash sequence similarity to correlate the network flow, the scheme reduces the complexity of the correlation while ensuring the accuracy of the flow correlation. Experimental results show that our scheme is robust to jitter, packet insertion and loss.

Smart cities and societies are driving unprecedented technological and socioeconomic growth in everyday life albeit making us increasingly vulnerable to infinitely and incomprehensibly diverse threats. Short Message Service (SMS) spam is one such threat that can affect mobile security by propagating malware on mobile devices. A security breach could also cause a mobile device to send spam messages. Many works have focused on classifying incoming SMS messages. This paper proposes a tool to detect spam from outgoing SMS messages, although the work can be applied to both incoming and outgoing SMS messages. Specifically, we develop a system that comprises multiple machine learning (ML) based classifiers built by us using three classification methods – Naïve Bayes (NB), Support Vector Machine (SVM), and Naïve Bayes Multinomial (NBM)- and five preprocessing and feature extraction methods. The system is built to allow its execution in cloud, fog or edge layers, and is evaluated using 15 datasets built by 4 widely-used public SMS datasets. The system detects spam SMSs and gives recommendations on the spam filters and classifiers to be used based on user preferences including classification accuracy, True Negatives (TN), and computational resource requirements.

Existing cyber security solutions have been basically developed using knowledge-based models that often cannot trigger new cyber-attack families. With the boom of Artificial Intelligence (AI), especially Deep Learning (DL) algorithms, those security solutions have been plugged-in with AI models to discover, trace, mitigate or respond to incidents of new security events. The algorithms demand a large number of heterogeneous data sources to train and validate new security systems. This paper presents the description of new datasets, the so-called ToNİoT, which involve federated data sources collected from Telemetry datasets of IoT services, Operating system datasets of Windows and Linux, and datasets of Network traffic. The paper introduces the testbed and description of TONİoT datasets for Windows operating systems. The testbed was implemented in three layers: edge, fog and cloud. The edge layer involves IoT and network devices, the fog layer contains virtual machines and gateways, and the cloud layer involves cloud services, such as data analytics, linked to the other two layers. These layers were dynamically managed using the platforms of software-Defined Network (SDN) and Network-Function Virtualization (NFV) using the VMware NSX and vCloud NFV platform. The Windows datasets were collected from audit traces of memories, processors, networks, processes and hard disks. The datasets would be used to evaluate various AI-based cyber security solutions, including intrusion detection, threat intelligence and hunting, privacy preservation and digital forensics. This is because the datasets have a wide range of recent normal and attack features and observations, as well as authentic ground truth events. The datasets can be publicly accessed from this link [1].

This paper presents an introduction to functional safety through ISO 26262 focusing on system, software and hardware possible failures that bring security threats and discussion on DO 254. It discusses the approach to bridge the gap between different other hazard level and system ability to identify the particular fault and resolve it minimum time span possible. Results are analyzed by designing models to check and avoid all the failures, loophole prior development.

Cyber-Physical Systems (CPS) such as intelligent connected vehicles, smart farming and smart logistics are constantly generating tons of data and requiring real-time data processing capabilities. Therefore, Edge Computing which provisions computing resources close to the End Devices from the network edge is becoming the ideal platform for CPS. However, it also brings many issues and one of the most prominent challenges is how to ensure the development of trustworthy smart services given the dynamic and distributed nature of Edge Computing. To tackle this challenge, this paper proposes a novel Federated Learning based Edge Computing platform for CPS, named “FengHuoLun”. Specifically, based on FengHuoLun, we can: 1) implement smart services where machine learning models are trained in a trusted Federated Learning framework; 2) assure the trustworthiness of smart services where CPS behaviours are tested and monitored using the Federated Learning framework. As a work in progress, we have presented an overview of the FengHuoLun platform and also some preliminary studies on its key components, and finally discussed some important future research directions.

The industrial Internet of Things (IIoT) can facilitate industrial upgrading, intelligent manufacturing, and lean production. Industrial control system (ICS) is a vital support mechanism for many key infrastructures in the IIoT. However, natural defects in the ICS network security mechanism and the susceptibility of the programmable logic controller (PLC) program to malicious attack pose a threat to the safety of national infrastructure equipment. To improve the security of the underlying equipment in ICS, a model checking method based on timed automata is proposed in this work, which can effectively model the control process and accurately simulate the system state when incorporating time factors. Formal analysis of the ICS and PLC is then conducted to formulate malware detection rules which can constrain the normal behavior of the system. The model checking tool UPPAAL is then used to verify the properties by detecting whether there is an exception in the system and determine the behavior of malware through counter-examples. The chemical reaction control system in Tennessee-Eastman process is taken as an example to carry out modeling, characterization, and verification, and can effectively detect multiple patterns of malware and propose relevant security policy recommendations.

Development of malware protection tools requires a more advanced test environment comparing to safe software. This kind of development includes a safe execution of many malware samples in order to evaluate the protective power of the tool. The host machine needs to be protected from the harmful effects of malware samples and provide a realistic simulation of the execution environment. In this paper, a framework for automated malware analysis on Linux is presented. Different types of malware analysis methods are discussed, as well as the properties of a good framework for dynamic malware analysis.

Malware is a kind of software that, if installed on a malware victim's device, might carry malicious actions. The malicious actions might be data theft, system failure, or denial of service. Malware analysis is a process to identify whether a piece of software is a malware or not. However, with the advancement of malware technologies, there are several evasion techniques that could be implemented by malware developers to prevent analysis, such as polymorphic and oligomorphic. Therefore, this research proposes an automatic malware detection system. In the system, the malware characteristics data were obtained through both static and dynamic analysis processes. Data from the analysis process were classified using Naive Bayes algorithm to identify whether the software is a malware or not. The process of identifying malware and benign files using the Naive Bayes machine learning method has an accuracy value of 93 percent for the detection process using static characteristics and 85 percent for detection through dynamic characteristics.

This work adopts an online resiliency monitoring framework employing metric temporal logic (MTL) under cyber-physical anomalies, namely false-data injection attacks, denial-of-service attacks, and physical faults. Such anomalies adversely affect the frequency synchronization, load sharing, and voltage regulation in microgrids. MTL formalism is adopted to monitor the outputs of inverters/converters against operational bounds, detect and quantify cyber-physical anomalies, monitor the microgrid's resiliency during runtime, and compare mitigation strategies. Since the proposed framework does not require system knowledge, it can be deployed on a complex microgrid. This is verified using an IEEE 34-bus feeder system and a DC microgrid cluster in a controller/hardware-in-the-loop environment.

Recently, dielectric/ferroelectric (DE/FE) bilayer systems have been extensively investigated for achieving high remanent polarization in Hf0.5Zr0.5O2(HZO) based MFM capacitors. Herein, we report significant enhancement in the ferroelectric property of HZO capacitors by incorporating Ta2O5as the dielectric seed layer. Thickness of the Ta2O5layer was incorporated at both top and bottom of the HZO films and the thickness of the seed layer was varied from 10 to 50 Å. When the Ta2O5dielectric films were inserted at the top, the highest remanent polarization 16.83 μC/cm2 was observed in case of 20 Å films as compared to that of 13.21 μC/cm2 of the reference HZO device. Similarly, for bottom Ta2O5dielectric films, the highest remanent polarization 15.24 μC/cm2 was observed in case of 20 Å films. When we compared both the stacks, the best result was observed in case of top Ta2O5. The coercive field (Ec) was also found to be nearly same with the HZO based device despite the incorporation of the dielectric layer. The enhanced ferroelectricity of these devices can be used in memory devices, FeFETs, FTJ and sensors applications.

Key Management in Delay Tolerant Networks (DTN) still remains an unsolved complex problem. Due to peculiar characteristics of DTN, important challenges that make it difficult to design key management architecture are: 1) no systematic requirement analysis is undertaken to define its components, their composition and prescribed functions; and 2) no framework is available for its seamless integration with Bundle Security Protocol (BSP). This paper proposes a Key Management Architecture for DTN (KMAD) to address challenges in DTN key management. The proposed architecture not only provides guidelines for key management in DTN but also caters for seamless integration with BSP. The framework utilizes public key cryptography to provide required security services to enable exchange of keying material, and information about security policy and cipher suites. The framework also supports secure exchange of control and data information in DTNs.

The essence of network security is the asymmetric online confrontation with the partial observable cyber threats, which requires the defense ability against unexpected security incidents. The existing network intrusion detection systems are mostly static centralized structure, and usually faced with problems such as high pressure of central processing node, low fault tolerance, low damage resistance and high construction cost. In this paper, exploiting the advantage of collaborative decision-making of decentralized multiagent coordination, we design a collaborative cyber threat perception model, DI-MDPs, which is based on the decentralized coordination, and the core idea is initiative information interaction among agents. Then, we analysis the relevance and transformation conditions between the proposed model, then contribute a reinforcement learning algorithm HTI that takes advantage of the particular structure of DI-MDPs in which agent updates policies by learning both its local cognition and the additional information obtained through interaction. Finally, we compare and verify the performance of the designed algorithm under typical scenario setting.

The High Efficiency File Format (HEIF) was adopted by Apple in 2017 as their favoured means of capturing images from their camera application, with Android devices such as the Galaxy S10 providing support more recently. The format is positioned to replace JPEG as the de facto image compression file type, touting many modern features and better compression ratios over the aging standard. However, while millions of devices across the world are already able to produce HEIF files, digital forensics research has not given the format much attention. As HEIF is a complex container format, much different from traditional still picture formats, this leaves forensics practitioners exposed to risks of potentially mishandling evidence. This paper describes the forensically relevant features of the HEIF format, including those which could be used to hide data, or cause issues in an investigation, while also providing commentary on the state of software support for the format. Finally, suggestions for current best-practice are provided, before discussing the requirements of a forensically robust HEIF analysis tool.

Static system configuration provides a significant advantage for the adversaries to discover the assets and launch attacks. Configuration-based moving target defense (MTD) reverses the cyber warfare asymmetry by mutating certain configuration parameters to disrupt the attack planning or increase the attack cost significantly. In this research, we present a methodology for the formal verification of MTD techniques. We formally modeled MTD techniques and verified them against constraints. We use Random Host Mutation (RHM) as a case study for MTD formal verification. The RHM transparently mutates the IP addresses of end-hosts and turns into untraceable moving targets. We apply the formal methodology to verify the correctness, safety, mutation, mutation quality, and deadlock-freeness of RHM using the model checking tool. An adversary is also modeled to validate the effectiveness of the MTD technique. Our experimentation validates the scalability and feasibility of the formal verification methodology.

In this ever updating digitalized world, everything is connected with just few touches away. Our phone is connected with things around us, even we can see live video of our home, shop, institute or company on the phone. But we can't track suspicious activity 24*7 hence needed a smart system to track down any suspicious activity taking place, so it automatically notifies us before any robbery or dangerous activity takes place. We have proposed a framework to tackle down this security matter with the help of sensors enabled cameras(IoT) connected through a FOG layer hence called FOGIoT which consists of small servers configured with Human Activity Analysis Algorithm. Any suspicious activity analyzed will be reported to responsible personnel and the due action will be taken place.

False data injection (FDI) attacks could happen in decode-and-forward (DF) wireless cooperative relay networks. Although physical integrity check (PIC) can combat that by applying physical layer detection, the detector depends on the decoding results and low signal-to-noise ratio (SNR) further deteriorates the detecting results. In this paper, a physical layer detect-before-decode (DbD) method is proposed, which has low computational complexity with no sacrifice of false alarm and miss detection rates. One significant advantage of this method is the detector does not depend on the decoding results. In order to implement the proposed DbD method, a unified error sufficient statistic (UESS) containing the full information of FDI attacks is constructed. The proposed UESS simplifies the detector because it is applicable to all link conditions, which means there is no need to deal each link condition with a specialized sufficient statistic. Moreover, the source to destination outage probability (S2Dop) of the DF cooperative relay network utilizing the proposed DbD method is studied. Finally, numerical simulations verify the good performance of this DbD method.

The state estimation technology is utilized to estimate the grid state based on the data of the meter and grid topology structure. The false data injection attack (FDIA) is an information attack method to disturb the security of the power system based on the meter measurement. Current FDIA detection researches pay attention on detecting its presence. The location information of FDIA is also important for power system security. In this paper, locating the FDIA of the meter is regarded as a multi-label classification problem. Each label represents the state of the corresponding meter. The ensemble model, the multi-label decision tree algorithm, is utilized as the classifier to detect the exact location of the FDIA. This method does not need the information of the power topology and statistical knowledge assumption. The numerical experiments based on the IEEE-14 bus system validates the performance of the proposed method.

Modern embedded systems include on-chip FPGA along with processors to meet the high computation demand by providing flexibility to users to add custom hardware accelerators. Any confidential or sensitive information may be processed by those custom accelerators or hardware Intellectual Properties (IPs). Existing accelerator usage models in embedded systems do not prevent illegal access to the IPs, which can be a severe security breach. In this paper, we present a hardware-software co-design approach for secured FPGA accelerated embedded system design. Our proposed security framework inherits Mandatory Access Control (MAC) based authentication policies running at software down to hardware accelerators in FPGA. It ensures secured processing of confidential data in the hardware to prevent software originated attacks at hardware IPs and information leaks. We have implemented a prototype of our proposed framework, which shows that it can be easily integrated while designing an embedded system with custom accelerator IPs. The experimental results show that the proposed framework establishes secured hardware execution with a negligible amount of area and performance overhead.

The Fog is an emergent computing architecture that will support the mobility and geographic distribution of Internet of Things (IoT) nodes and deliver context-aware applications with low latency to end-users. It forms an intermediate layer between IoT devices and the Cloud. However, Fog computing brings many requirements that increase the cost of security management. It inherits the security and trust issues of Cloud and acquires some of the vulnerable features of IoT that threaten data and application confidentiality, integrity, and availability. Several existing solutions address some of the security challenges following adequate adaptation, but others require new and innovative mechanisms. These reflect the need for a Fog architecture that provides secure access, efficient authentication, reliable and secure communication, and trust establishment among IoT devices and Fog nodes. The Fog might be more convenient to deploy decentralized authentication solutions for IoT than the Cloud if appropriately designed. In this short survey, we highlight the Fog security challenges related to IoT security requirements and architectural design. We conduct a comparative study of existing Fog architectures then perform a critical analysis of different authentication schemes in Fog computing, which confirms some of the fundamental requirements for effective authentication of IoT devices based on the Fog, such as decentralization, less resource consumption, and low latency.

The advent of Internet and recent technological developments have paved the way for IoT devices in different sectors. The demand for real-time response led to the development of fog computing which is now a popular computing technique. It provides processing, computing and storage at the network edge for latency-sensitive applications such as banking transactions, healthcare etc. This has further led to the pool of user's sensitive data across the web that needs to be secured. In order to find an efficient security solution, it is mandatory to prioritize amongst different fog-level security factors. The authors have therefore, adopted a fuzzy-based Analytical Hierarchy Approach (AHP) for ranking the security attributes in fog-driven IoT environment. The results have also been compared to the ones obtained from classical-AHP and are found to be correlated.

Most applications of Internet of Vehicles (IoVs) rely on collaboration between nodes. Therefore, false information flow in-between these nodes poses the challenging trust issue in rapidly moving IoV nodes. To resolve this issue, a number of mechanisms have been proposed in the literature for the detection of false information and establishment of trust in IoVs, most of which employ reputation scores as one of the important factors. However, it is critical to have a robust and consistent scheme that is suitable to aggregate a reputation score for each node based on the accuracy of the shared information. Such a mechanism has therefore been proposed in this paper. The proposed system utilises the results of any false message detection method to generate and share feedback in the network, this feedback is then collected and filtered to remove potentially malicious feedback in order to produce a dynamic reputation score for each node. The reputation system has been experimentally validated and proved to have high accuracy in the detection of malicious nodes sending false information and is robust or negligibly affected in the presence of spurious feedback.

Federated learning (FL) is the rapidly developing machine learning technique that is used to perform collaborative model training over decentralized datasets. FL enables privacy-preserving model development whereby the datasets are scattered over a large set of data producers (i.e., devices and/or systems). These data producers train the learning models, encapsulate the model updates with differential privacy techniques, and share them to centralized systems for global aggregation. However, these centralized models are always prone to adversarial attacks (such as data-poisoning and model poisoning attacks) due to a large number of data producers. Hence, FL methods need to ensure fairness and high-quality model availability across all the participants in the underlying AI systems. In this paper, we propose a novel FL framework, called FairFed, to meet fairness and high-quality data requirements. The FairFed provides a fairness mechanism to detect adversaries across the devices and datasets in the FL network and reject their model updates. We use a Python-simulated FL framework to enable large-scale training over MNIST dataset. We simulate a cross-device model training settings to detect adversaries in the training network. We used TensorFlow Federated and Python to implement the fairness protocol, the deep neural network, and the outlier detection algorithm. We thoroughly test the proposed FairFed framework with random and uniform data distributions across the training network and compare our initial results with the baseline fairness scheme. Our proposed work shows promising results in terms of model accuracy and loss.

Cloud Computing is considered as a business model for providing IT resources as services through the Internet based on pay-as-you-go principle. These IT resources are provided by Cloud Service Providers (CSPs) and requested by Cloud Service Consumers (CSCs). Selecting the proper CSP to deliver services is a critical and strategic process. According to the work in this paper, a framework for trust management in cloud computing has been introduced. The proposed framework consists of five stages; Filtrating, Trusting, Similarity, Ranking and Monitoring. In the Filtrating stage, the existing CSPs in the system will be filtered based on their parameters. The CSPs trust values are calculated in the Trusting stage. Then, the similarity between the CSC requirements and the CSPs data is calculated in the Similarity stage. The ranking of CSPs will be performed in Ranking stage. According to the Monitoring stage, after finishing the service, the CSC sends his feedbacks about the CSP who delivered the service to be used to monitor this CSP. To evaluate the performance of the proposed framework, a comparative study has been done for the Ranking and Monitoring stages using Armor dataset. According to the comparative results it is found that the proposed framework increases the reliability and performance of the cloud environment.

This paper presents Foggy, an anonymous communication system focusing on providing users with anonymous web browsing. Foggy provides a microservice-based proxy for web browsing and other low-latency network activities without exposing users' metadata and browsed content to adversaries. It is designed with decentralized information management, web caching, and configurable service selection. Although Foggy seems to be more centralized compared with Tor, it gains an advantage in manageability while retaining anonymity. Foggy can be deployed by several agencies to become more decentralized. We prototype Foggy and test its performance. Our experiments show Foggy's low latency and deployability, demonstrating its potential to be a commercial solution for real-world deployment.