Biblio

In the crowdsourced testing system, due to the openness of crowdsourced testing platform and other factors, the security of crowdsourced testing intellectual property cannot be effectively protected. We proposed an attribute-based double encryption scheme, combined with the blockchain technology, to achieve the data access control method of the code to be tested. It can meet the privacy protection and traceability of specific intellectual property in the crowdsourced testing environment. Through the experimental verification, the access control method is feasible, and the performance test is good, which can meet the normal business requirements.

A Cyber Attack is a sudden attempt launched by cybercriminals against multiple computers or networks. According to evolution of cyber space, insider attack is the most serious attack faced by end users, all over the world. Cyber Security reports shows that both US federal Agency as well as different organizations faces insider threat. Machine learning (ML) provide an important technology to secure data from insider threats. Random Forest is the best algorithm that focus on user's action, services and ability for insider attack detection based on data granularity. Substantial raise in the count of decision tree, increases the time consumption and complexity of Random Forest. A novel algorithm Known as Random Forest With Randomized Weighted Fuzzy Feature Set (RF-RWFF) is developed. Fuzzy Membership Function is used for feature aggregation and Randomized Weighted Majority Algorithm (RWMA) is used in the prediction part of Random Forest (RF) algorithm to perform voting. RWMA transform conventional Random Forest, to a perceptron like algorithm and increases the miliage. The experimental results obtained illustrate that the proposed model exhibits an overall improvement in accuracy and recall rate with very much decrease in time complexity compared to conventional Random Forest algorithm. This algorithm can be used in organization and government sector to detect insider fastly and accurately.

Insider threat makes enterprises or organizations suffer from the loss of property and the negative influence of reputation. User behavior analysis is the mainstream method of insider threat detection, but due to the lack of fine-grained detection and the inability to effectively capture the behavior patterns of individual users, the accuracy and precision of detection are insufficient. To solve this problem, this paper designs an insider threat detection method based on user historical behavior and attention mechanism, including using Long Short Term Memory (LSTM) to extract user behavior sequence information, using Attention-based on user history behavior (ABUHB) learns the differences between different user behaviors, uses Bidirectional-LSTM (Bi-LSTM) to learn the evolution of different user behavior patterns, and finally realizes fine-grained user abnormal behavior detection. To evaluate the effectiveness of this method, experiments are conducted on the CMU-CERT Insider Threat Dataset. The experimental results show that the effectiveness of this method is 3.1% to 6.3% higher than that of other comparative model methods, and it can detect insider threats in different user behaviors with fine granularity.

Internal attacks are one of the biggest cybersecurity issues to companies and businesses. Despite the implemented perimeter security systems, the risk of adversely affecting the security and privacy of the organization’s information remains very high. Actually, the detection of such a threat is known to be a very complicated problem, presenting many challenges to the research community. In this paper, we investigate the effectiveness and usefulness of using Autoencoder and Variational Autoencoder deep learning algorithms to automatically defend against insider threats, without human intervention. The performance evaluation of the proposed models is done on the public CERT dataset (CERT r4.2) that contains both benign and malicious activities generated from 1000 simulated users. The comparison results with other models show that the Variational Autoencoder neural network provides the best overall performance with a higher detection accuracy and a reasonable false positive rate.

In recent years, insider threat incidents and losses of companies or organizations are on the rise, and internal network security is facing great challenges. Traditional intrusion detection methods cannot identify malicious behaviors of insiders. As an effective method, insider threat detection technology has been widely concerned and studied. In this paper, we use the tree structure method to analyze user behavior, form feature sequences, and combine the Copula Based Outlier Detection (COPOD) method to detect the difference between feature sequences and identify abnormal users. We experimented on the insider threat dataset CERT-IT and compared it with common methods such as Isolation Forest.

Human-in-the-Loop has been receiving special attention from the data science and machine learning community. It is essential to realize the advantages of human feedback and the pressing need for manual annotation to improve machine learning performance. Recent advancements in natural language processing (NLP) and machine learning have created unique challenges and opportunities for digital humanities research. In particular, there are ample opportunities for NLP and machine learning researchers to analyze data from literary texts and use these complex source texts to broaden our understanding of human sentiment using the human-in-the-loop approach. This paper presents our understanding of how human annotators differ from machine annotators in sentiment analysis tasks and how these differences can contribute to designing systems for the "human in the loop" sentiment analysis in complex, unstructured texts. We further explore the challenges and benefits of the human-machine collaboration for sentiment analysis using a case study in Greek tragedy and address some open questions about collaborative annotation for sentiments in literary texts. We focus primarily on (i) an analysis of the challenges in sentiment analysis tasks for humans and machines, and (ii) whether consistent annotation results are generated from multiple human annotators and multiple machine annotators. For human annotators, we have used a survey-based approach with about 60 college students. We have selected six popular sentiment analysis tools for machine annotators, including VADER, CoreNLP's sentiment annotator, TextBlob, LIME, Glove+LSTM, and RoBERTa. We have conducted a qualitative and quantitative evaluation with the human-in-the-loop approach and confirmed our observations on sentiment tasks using the Greek tragedy case study.

Deep learning has undergone tremendous advancements in computer vision studies. The training of deep learning neural networks depends on a considerable amount of ground truth datasets. However, labeling ground truth data is a labor-intensive task, particularly for large-volume video analytics applications such as video surveillance and vehicles detection for autonomous driving. This paper presents a rapid and accurate method for associative searching in big image data obtained from security monitoring systems. We developed a semi-automatic moving object annotation method for improving deep learning models. The proposed method comprises three stages, namely automatic foreground object extraction, object annotation in subsequent video frames, and dataset construction using human-in-the-loop quick selection. Furthermore, the proposed method expedites dataset collection and ground truth annotation processes. In contrast to data augmentation and data generative models, the proposed method produces a large amount of real data, which may facilitate training results and avoid adverse effects engendered by artifactual data. We applied the constructed annotation dataset to train a deep learning you-only-look-once (YOLO) model to perform vehicle detection on street intersection surveillance videos. Experimental results demonstrated that the accurate detection performance was improved from a mean average precision (mAP) of 83.99 to 88.03.

Digital images are becoming the backbone of the social platform. To day of life of the people, the high impact of the images has raised the concern of its authenticity. Image forensics need to be done to assure the authenticity. In this paper, a novel technique is proposed for digital image forensics. The proposed technique is applied for detection of median, averaging and Gaussian filtering in the images. In the proposed method, a first image is normalized using optimal range to obtain a better statistical information. Further, difference arrays are calculated on the normalized array and a proposed thresholding is applied on the normalized arrays. In the last, co-occurrence features are extracted from the thresholding difference arrays. In experimental analysis, significant performance gain is achieved. The detection capability of the proposed method remains upstanding on small size images even with low quality JPEG compression.

IoT applications are changing our daily lives. These innovative applications are supported by new communication technologies and protocols. Particularly, the information-centric network (ICN) paradigm is well suited for many IoT application scenarios that involve large-scale wireless sensor networks (WSNs). Even though the ICN approach can significantly reduce the network traffic by optimizing the process of information recovery from network nodes, it is also possible to apply data aggregation strategies. This paper proposes an unsupervised machine learning-based data aggregation strategy for multi-hop information-centric WSNs. The results show that the proposed algorithm can significantly reduce the ICN data traffic while having reduced information degradation.

To meet the application need of dynamic visualization VR display of 3D time-varying field, this paper designed an immersive visualization VR system of 3D time-varying field based on the Unity 3D framework. To reduce visual confusion caused by 3D time-varying field flow line drawing and improve the quality and efficiency of visualization rendering drawing, deep learning was used to extract features from the mesoscale vortex of the 3D time-varying field. Moreover, the 3D flow line dynamic visualization drawing was implemented through the Unity Visual Effect Graph particle system.

Stress-related disorders are increasing because of work load, forces in teamwork, surroundings pressures and health related conditions. Thus, to avoid people living under heavy stress and develop more severe stress-related disorders, different internet and applications of stress management interventions are offered. Mobile applications with self-assessed health, burnout-scores and well-being are commonly used as outcome measures. Few studies have used sickleave to compare effects of stress interventions. A new approach is to use nature and garden in a multimodal stress management context. This study aimed to explore the effects of immersive and non-immersive games application by using nature theme virtual stress therapy in reducing stress level. Two weeks’ of experiments had involved 18 participants. Nine (9) of them were invited to join the first experiment which focused on immersive virtual reality (VR) experience. Their Blood Volume Pulse with Heart Rate (BVP+HR) and Skin Conductance (SC) were recorded using BioGraph Infiniti Biofeedback System that comes with three (3) sensors attached to the fingers. The second experiment were joined by another nine (9) participants. This experiment was testing on non-immersive desktop control experience. The same protocol measurements were taken which are BVP+HR and SC. Participants were given the experience to feel and get carried into the virtual nature as a therapy so that they will reduce stress. The result of this study points to whether immersive or non-immersive VR display using nature theme virtual therapy would reduce individuals stress level. After conducted series of experiments, results showed that both immersive and non-immersive VR display reduced stress level. However, participants were satisfied of using the immersive version as it provided a 360 degree of viewing, immersed experiences and feeling engaged. Thus, this showed and proved that applications developed with nature theme affect successfully reduce stress level no matter it is put in immersive or non-immersive display.

Static analysis is a general name for various methods of program examination without actually executing it. In particular, it is widely used to discover errors and vulnerabilities in software. Taint analysis usually denotes the process of checking the flow of user-provided data in the program in order to find potential vulnerabilities. It can be performed either statically or dynamically. In the paper we evaluate several improvements for the static taint analyzer Irbis [1], which is based on a special case of interprocedural graph reachability problem - the so-called IFDS problem, originally proposed by Reps et al. [2]. The analyzer is currently being developed at the Ivannikov Institute for System Programming of the Russian Academy of Sciences (ISP RAS). The evaluation is based on several real projects with known vulnerabilities and a subset of the Juliet Test Suite for C/C++ [3]. The chosen subset consists of more than 5 thousand tests for 11 different CWEs.

Nowadays, smart contracts manage more and more digital assets and have become an attractive target for adversaries. To prevent smart contracts from malicious attacks, a thorough test is indispensable and must be finished before deployment because smart contracts cannot be modified after being deployed. Fuzzing is an important testing approach, but most existing smart contract fuzzers can hardly solve the constraints which involve deeply nested conditional statements, resulting in low coverage. To address this problem, we propose Targy, an efficient targeted mutation strategy based on dynamic taint analysis. We obtain the taint flow by dynamic taint propagation, and generate a more accurate mutation strategy for the input parameters of functions to simultaneously satisfy all conditional statements. We implemented Targy on sFuzz with 3.6 thousand smart contracts running on Ethereum. The numbers of covered branches and detected vulnerabilities increase by 6% and 7% respectively, and the average time required for covering a branch is reduced by 11 %.

Various algorithms and models have been proposed to address text classification tasks; however, they rarely consider incorporating the additional knowledge hidden in class labels. We argue that hidden information in class labels leads to better classification accuracy. In this study, instead of encoding the labels into numerical values, we incorporated the knowledge in the labels into the original model without changing the model architecture. We combined the output of an original classification model with the relatedness calculated based on the embeddings of a sequence and a keyword set. A keyword set is a word set to represent knowledge in the labels. Usually, it is generated from the classes while it could also be customized by the users. The experimental results show that our proposed method achieved statistically significant improvements in text classification tasks. The source code and experimental details of this study can be found on Github11https://github.com/HeroadZ/KiL.

At present, machine learning (ML) algorithms are essential components in designing the sophisticated intrusion detection system (IDS). They are building-blocks to enhance cyber threat detection and help in classification at host-level and network-level in a short period. The increasing global connectivity and advancements of network technologies have added unprecedented challenges and opportunities to network security. Malicious attacks impose a huge security threat and warrant scalable solutions to thwart large-scale attacks. These activities encourage researchers to address these imminent threats by analyzing a large volume of the dataset to tackle all possible ranges of attack. In this proposed method, we calculated the fitness value of each feature from the population by using a genetic algorithm (GA) and selected them according to the fitness value. The fitness values are presented in hierarchical order to show the effectiveness of problem decomposition. We implemented Support Vector Machine (SVM) to verify the consistency of the system outcome. The well-known NSL-knowledge discovery in databases (KDD) was used to measure the performance of the system. From the experiments, we achieved a notable classification accuracies using a SVM of the current state of the art intrusion detection.

One of the significant difficulties in network safety is the arrangement of a mechanized and viable digital danger's location strategy. This paper presents an AI procedure for digital dangers recognition, in light of fake neural organizations. The proposed procedure changes large number of gathered security occasions over to singular occasion profiles and utilize a profound learning-based discovery strategy for upgraded digital danger identification. This research work develops an AI-SIEM framework dependent on a blend of occasion profiling for information preprocessing and distinctive counterfeit neural organization techniques by including FCNN, CNN, and LSTM. The framework centers around separating between obvious positive and bogus positive cautions, consequently causing security examiners to quickly react to digital dangers. All trials in this investigation are performed by creators utilizing two benchmark datasets (NSLKDD and CICIDS2017) and two datasets gathered in reality. To assess the presentation correlation with existing techniques, tests are carried out by utilizing the five ordinary AI strategies (SVM, k-NN, RF, NB, and DT). Therefore, the exploratory aftereffects of this examination guarantee that our proposed techniques are fit for being utilized as learning-based models for network interruption discovery and show that despite the fact that it is utilized in reality, the exhibition beats the traditional AI strategies.

Containers that can be easily created, transported and scaled with the use of container-based virtualization technologies work better than classical virtualization technologies and provide efficient resource usage. The Docker platform is one of the most widely used solutions among container-based virtualization technologies. The OS-level virtualization of the Docker platform and the container’s use of the host operating system kernel may cause security problems. In this study, a method including static and dynamic analysis has been proposed to ensure Docker image and container security. In the static analysis phase of the method, the packages of the images are scanned for vulnerabilities and malware. In the dynamic analysis phase, Docker containers are run for a certain period of time, after the open port scanning, network traffic is analyzed with the Snort3. Seven Docker images are analyzed and the results are shared.

Security is a requirement in society, yet its wide implementation is held back because of high expenses, and barriers to the use of technology. Experimental implementation of security at low cost will only help in promoting the technology at more affordable prices. This paper describes the design of a security system of surveillance using Raspberry Pi and Arduino UNO. The design senses the presence of \$a\$ human in a surveillance area and immediately sets off the buzzer and simultaneously starts capturing video of the motion it had detected and stores it in a folder. When the design senses a motion, it immediately sends an SMS to the user. The user of this design can see the live video of the motion it detects using the internet connection from a remote area. Our objective of making a low-cost surveillance area security system has been mostly fulfilled. Although this is a low-cost project, features can be compared with existing commercially available systems.

With the rapid development of cloud computing which has been extensively applied in the health research, the concept of medical cloud has become widespread. In this paper, we proposed an integrated medical cloud architecture with multiple applications based on privacy protection. The scheme in this paper adopted attribute encryption to ensure the PHR files encrypted all the time in order to protect the health privacy of the PHR owners not leaked. In addition, the medical cloud architecture proposed in this paper is suitable for multiple application scenarios. Different from the traditional domain division which has public domain (PUD) and private domain (PSD), the PUD domain is further divided into PUD1and PUD2 with finer granularity based on different permissions of the PHR users. In the PUD1, the PHR users have read or write access to the PHR files, while the PHR users in the PUD2 only have read permissions. In the PSD, we use key aggregation encryption (KAE) to realize the access control. For PHR users of PUD1 and PUD2, the outsourcable ABE technology is adopted to greatly reduce the computing burden of users. The results of function and performance test show that the scheme is safe and effective.

Underwater networks have the potential to allow previously unexplored applications as well as improve our ability to observe and forecast the ocean. Underwater acoustic sensor networks (UASNs) are often deployed in unprecedented and hostile waters and face many security threats. Applications based on UASNs such as coastal defense, pollution monitoring, assisted navigation to name a few, require secure communication. A new set of communication protocols and cooperative coordination algorithms have been proposed to enable collaborative monitoring tasks. However, such protocols overlook security as a key performance indicator. Spoofing, altering, or replaying routing information can affect the entire network, making UASN vulnerable to routing attacks such as selective forwarding, sinkhole attack, Sybil attack, acknowledgement spoofing and HELLO flood attack. The lack of security against such threats is startling if it is observed that security is indeed an important requirement in many emerging civilian and military applications. In this work, the sinkhole attack prevalent among UASNs is looked at and discuss mitigation approaches that can feasibly be implemented in UnetStack3.

There have been developed image encryption algorithm using chaotic map and DNA pseudo-symbols sequence gained on the basis of real DNA symbols. In the suggested algorithm, the address for the selecting of DNA symbols sequence from Gene Bank, encoding rule of the DNA symbols, also the initial parameters of the chaotic map are determined on the secret key basis. Image pixels modification is based on the numerical values of the chaotic points sets coordinates obtained with the chaos play description of the DNA pseudo-symbols and the transference of pixels is based on displacement table constructed with the chaotic map.

In the field of image steganography, edge detection based implantation methods play vital rules in providing stronger security of hided data. In this arena, researcher applies a suitable edge detection method to detect edge pixels in an image. Those detected pixels then conceive secret message bits. A very recent trend is to employ multiple edge detection methods to increase edge pixels in an image and thus to enhance the embedding capacity. The uses of multiple edge detectors additionally boost up the data security. Like as the demand for embedding capacity, many applications need to have the modified image, i.e., stego image, with good quality. Indeed, when the message payload is low, it will not be a better idea to finds more local pixels for embedding that small payload. Rather, the image quality will look better, visually and statistically, if we could choose a part but sufficient pixels to implant bits. In this article, we propose an algorithm that uses multiple edge detection algorithms to find edge pixels separately and then selects pixels which are common to all edges. This way, the proposed method decreases the number of embeddable pixels and thus, increases the image quality. The experimental results provide promising output.

In this work, the algorithm of increasing the information security of a communication system with Orthogonal Frequency Division Multiplexing (OFDM) was achieved by using a discrete-nonlinear Duffing system with dynamic chaos. The main idea of increasing information security is based on scrambling input information on three levels. The first one is mixing up data order, the second is scrambling data values and the final is mixing symbols at the Quadrature Amplitude Modulation (QAM) plot constellation. Each level's activities were made with the use of pseudorandom numbers set, generated by the discrete-nonlinear Duffing system with dynamic chaos.

Nowadays, video surveillance cameras are widely used in many smart city applications for ensuring road safety. We can use video data from them to solve such tasks as traffic management, driving control, environmental monitoring, etc. Most of these applications are based on object recognition and tracking algorithms. However, the video image quality is not always meet the requirements of such algorithms due to the influence of different external factors. A variety of adverse weather conditions produce noise on the images, which often makes it difficult to detect objects correctly. Lately, deep learning methods show good results in image processing, including denoising tasks. This work is devoted to the study of using these methods for image quality enhancement in difficult weather conditions such as snow, rain, fog. Different deep learning techniques were evaluated in terms of their impact on the quality of object detection/recognition. Finally, the system for automatic image denoising was developed.

Digitization has pioneered to drive exceptional changes across all industries in the advancement of analytics, automation, and Artificial Intelligence (AI) and Machine Learning (ML). However, new business requirements associated with the efficiency benefits of digitalization are forcing increased connectivity between IT and OT networks, thereby increasing the attack surface and hence the cyber risk. Cyber threats are on the rise and securing industrial networks are challenging with the shortage of human resource in OT field, with more inclination to IT/OT convergence and the attackers deploy various hi-tech methods to intrude the control systems nowadays. We have developed an innovative real-time ICS cyber test kit to obtain the OT industrial network traffic data with various industrial attack vectors. In this paper, we have introduced the industrial datasets generated from ICS test kit, which incorporate the cyber-physical system of industrial operations. These datasets with a normal baseline along with different industrial hacking scenarios are analyzed for research purposes. Metadata is obtained from Deep packet inspection (DPI) of flow properties of network packets. DPI analysis provides more visibility into the contents of OT traffic based on communication protocols. The advancement in technology has led to the utilization of machine learning/artificial intelligence capability in IDS ICS SCADA. The industrial datasets are pre-processed, profiled and the abnormality is analyzed with DPI. The processed metadata is normalized for the easiness of algorithm analysis and modelled with machine learning-based latest deep learning ensemble LSTM algorithms for anomaly detection. The deep learning approach has been used nowadays for enhanced OT IDS performances.