Biblio

Permissioned Blockchain (PBC) has become a prevalent data structure to ensure that the records are immutable and secure. However, PBC still has significant challenges before it can be realized in different applications. One of such challenges is the overhead of the communication which is required to execute the Byzantine Agreement (BA) protocol that is needed for consensus building. As such, it may not be feasible to implement PBC for resource constrained environments such as Internet-of-Things (IoT). In this paper, we assess the communication overhead of running BA in an IoT environment that consists of wireless nodes (e.g., Raspberry PIs) with meshing capabilities. As the the packet loss ratio is significant and makes BA unfeasible to scale, we propose a network coding based approach that will reduce the packet overhead and minimize the consensus completion time of the BA. Specifically, various network coding approaches are designed as a replacement to TCP protocol which relies on unicasting and acknowledgements. The evaluation on a network of Raspberry PIs demonstrates that our approach can significantly improve scalability making BA feasible for medium size IoT networks.

Vulnerabilities in hypervisors are crucial in multi-tenant clouds since they can undermine the security of all virtual machines (VMs) consolidated on a vulnerable hypervisor. Unfortunately, 107 vulnerabilitiesin KVM+QEMU and 38 vulnerabilities in Xen have been reported in 2016. The device-emulation layer in hypervisors is a hotbed of vulnerabilities because the code for virtualizing devices is complicated and requires knowledge on the device internals. We propose a "device request filter", called Nioh, that raises the bar for attackers to exploit the vulnerabilities in hypervisors. The key insight behind Nioh is that malicious I/O requests attempt to exploit vulnerabilities and violate device specifications in many cases. Nioh inspects I/O requests from VMs and rejects those that do not conform to a device specification. A device specification is modeled as a device automaton in Nioh, an extended automaton to facilitate the description of device specifications. The software framework is also provided to encapsulate the interactions between the device request filter and the underlying hypervisors. The results of our attack evaluation suggests that Nioh can defend against attacks that exploit vulnerabilities in device emulation, i.e., CVE-2015-5158, CVE-2016-1568, CVE-2016-4439, and CVE-2016-7909. This paper shows that the notorious VENOM attack can be detected and rejected by using Nioh.

Nowadays data is always stored in a computer in the hyper-connected world and, a company or an organization or a person can come across financial loss, reputation loss, business disruption and intellectual property loss because of data leakage or data disclosure. Remote Access Trojans are used to invade a victim's PC and collect information from it. There have been signatures for these that have already emerged and defined as malwares, but there is no available signature yet if a malware or a remote access Trojan is a zero-day threat. In this circumstance network behavioral analysis is more useful than signature-based anti-virus scanners in order to detect the different behavior of malware. When the traffic will be cut or stoppedis important in capturing network traffic. In this paper, effective features for detecting RATs are proposed. These features are extracted from the first twenty packets. Our approach achieves 98% accuracy and 10% false negative rate by random forest algorithm.

This paper proposes a new cryptosystem that combines Diffie-Hellman protocol implemented with hyperelliptic curves over a Galois field GF(2n) with Tree Parity Machine synchronization for a Visible Light Communication indoor channel. The proposed cryptosystem security focuses on overcoming a weakness of neuronal synchronization; specifically, the stimulus vector that is public, which allows an attacker to try to synchronize with one of the participants of the synchronization. Real data receptions of the Visible Light Communication channel are included. In addition, there is an improvement of 115% over a range of 100 $łeq$ tsync$łeq$ 400 of the average synchronization time t\_sync, compared to the classic Tree Parity Machine synchronization.

The evolution of cloud gaming systems is substantially the security requirements for computer games. Although online game development often utilizes artificial intelligence and human computer interaction, game developers and providers often do not pay much attention to security techniques. In cloud gaming, location-based games are augmented reality games which take the original principals of the game and applies them to the real world. In other terms, it uses the real world to impact the game experience. Because the execution of such games is distributed in cloud computing, users cannot be certain where their input and output data are managed. This introduces the possibility to input incorrect data in the exchange between the gamer's terminal and the gaming platform. In this context, we propose a new gaming concept for augmented reality and location-based games in order to solve the aforementioned cheating scenario problem. The merit of our approach is to establish an accurate and verifiable proof that the gamer reached the goal or found the target. The major novelty in our method is that it allows the gamer to submit an authenticated proof related to the game result without altering the privacy of positioning data.

Configuring and maintaining an enterprise network is a challenging and error-prone process. Administrators must often consider security policies from a variety of sources simultaneously, including regulatory requirements, industry standards, and to mitigate attack vectors. Erroneous implementation of a policy, however, can result in costly data breaches and intrusions. Relying on humans to discover and troubleshoot violations is slow and prone to error, considering the speed at which new attack vectors propagate and the increasing network dynamics, partly an effect of SDN. To ensure the network is always in a state consistent with the desired policies, administrators need frameworks to automatically diagnose and repair violations in real-time. To address this problem, we present NEAt, a system analogous to a smartphone's autocorrect feature that enables on-the-fly repair to policy-violating updates. NEAt modifies the forwarding behavior of updates to automatically repair violations of properties such as reachability, service chaining, and segmentation. NEAt sits between an SDN controller and the forwarding devices, and intercepts updates proposed by SDN applications. If an update violates the policy defined by an administrator, such as reachability or segmentation, NEAt transforms the update into one that complies with the policy. Unlike domain-specific languages or synthesis platforms, NEAt allows enterprise networks to leverage the advanced functionality of SDN applications while simultaneously achieving strong, automated enforcement of general policies.

A general approach to the synthesis of the conditionally unstable fuzzy controller is introduced in this paper. This approach allows tuning the output signal of the system for both fast and smooth transient. Fuzzy logic allows combining the properties of several strategies of system tuning dependent on the state of the system. The utilization of instability allows achieving faster transient when the error of the system output is beyond the predefined value. Later the system roots are smoothly moved to the left-hand side of the complex s-plane due to the change of the membership function values. The results of the proposed approaches are compared with the results obtained using traditional methods of controller synthesis.

Nowadays, data has become more important as the core resource for the information society. However, with the development of data analysis techniques, the privacy violation such as leakage of sensitive data and personal identification exposure are also increasing. Differential privacy is the technique to satisfy the requirement that any additional information should not be disclosed except information from the database itself. It is well known for protecting the privacy from arbitrary attack. However, recent research argues that there is a several ways to infer sensitive information from data although the differential privacy is applied. One of this inference method is to use the correlation between the data. In this paper, we investigate the new privacy threats using attribute correlation which are not covered by traditional studies and propose a privacy preserving technique that configures the differential privacy's noise parameter to solve this new threat. In the experiment, we show the weaknesses of traditional differential privacy method and validate that the proposed noise parameter configuration method provide a sufficient privacy protection and maintain an accuracy of data utility.

Distributed data aggregation via summation (counting) helped us to learn the insights behind the raw data. However, such computing suffered from a high privacy risk of malicious collusion attacks. That is, the colluding adversaries infer a victim's privacy from the gaps between the aggregation outputs and their source data. Among the solutions against such collusion attacks, Distributed Differential Privacy (DDP) shows a significant effect of privacy preservation. Specifically, a DDP scheme guarantees the global differential privacy (the presence or absence of any data curator barely impacts the aggregation outputs) by ensuring local differential privacy at the end of each data curator. To guarantee an overall privacy performance of a distributed data aggregation system against malicious collusion attacks, part of the existing work on such DDP scheme aim to provide an estimated lower bound of privacy budget for the global differential privacy. However, there are two main problems: low data utility from using a large global function sensitivity; unknown privacy guarantee when the aggregation sensitivity of the whole system is less than the sum of the data curator's aggregation sensitivity. To address these problems while ensuring distributed differential privacy, we provide a new lower bound of privacy budget, which works with an unconditional aggregation sensitivity of the whole distributed system. Moreover, we study the performance of our privacy bound in different scenarios of data updates. Both theoretical and experimental evaluations show that our privacy bound offers better global privacy performance than the existing work.

The traditional block-based compressive sensing (BCS) approach considers the image to be segmented. However, there is not much literature available on how many numbers of blocks or segments per image would be the best choice for the compression and recovery methods. In this article, we propose a BCS method to find out the optimal way of image retrieval, and the number of the blocks to which into image should be divided. In the theoretical analysis, we analyzed the effect of noise under compression perspective and derived the range of error probability. Experimental results show that the number of blocks of an image has a strong correlation with the image recovery process. As the sampling rate M/N increases, we can find the appropriate number of image blocks by comparing each line.

With the continuous development of mobile based Wireless technologies, Bluetooth plays a vital role in smart-phone Era. In such scenario, the security measures are needed to be enhanced for Bluetooth. We propose a Node Energy Based Virus Propagation Model (NBV) for Bluetooth. The algorithm works with key features of node capacity and node energy in Bluetooth network. This proposed NBV model works along with E-mail worm Propagation model. Finally, this work simulates and compares the virus propagation with respect to Node Energy and network traffic.

Nowadays, Malware has become a serious threat to the digitization of the world due to the emergence of various new and complex malware every day. Due to this, the traditional signature-based methods for detection of malware effectively becomes an obsolete method. The efficiency of the machine learning model in context to the detection of malware files has been proved by different researches and studies. In this paper, a framework has been developed to detect and classify different files (e.g exe, pdf, php, etc.) as benign and malicious using two level classifier namely, Macro (for detection of malware) and Micro (for classification of malware files as a Trojan, Spyware, Adware, etc.). Cuckoo Sandbox is used for generating static and dynamic analysis report by executing files in the virtual environment. In addition, a novel model is developed for extracting features based on static, behavioral and network analysis using analysis report generated by the Cuckoo Sandbox. Weka Framework is used to develop machine learning models by using training datasets. The experimental results using proposed framework shows high detection rate with an accuracy of 100% using J48 Decision tree model, 99% using SMO (Sequential Minimal Optimization) and 97% using Random Forest tree. It also shows effective classification rate with accuracy 100% using J48 Decision tree, 91% using SMO and 66% using Random Forest tree. These results are used for detecting and classifying unknown files as benign or malicious.

A Local Area Network (LAN) consists of wireless mobile nodes that can communicate with each other through electromagnetic radio waves. Mobile Ad hoc Network (MANET) consists of mobile nodes, the network is infrastructure less. It dynamically self organizes in arbitrary and temporary network topologies. Security is extremely vital for MANET. Attacks pave way for security. Among all the potential attacks on MANET, detection of wormhole attack is very difficult.One malicious node receives packets from a particular location, tunnels them to a different contagious nodes situated in another location of the network and distorts the full routing method. All routes are converged to the wormhole established by the attackers. The complete routing system in MANET gets redirected. Many existing ways have been surveyed to notice wormhole attack in MANET. Our proposed methodology is a unique wormhole detection and prevention algorithm that shall effectively notice the wormhole attack in theMANET. Our notion is to extend the detection as well as the quantitative relation relative to the existing ways.

The MANET that is Mobile Ad hoc Network are forming a group of many nodes. They can interact with each other in limited area. All the Malicious nodes present in the MANET always disturb the usual performance of routing and that cause the degradation of dynamic performance of the network. Nodes which are malicious continuously try to stump the neighbor nodes during the process of routing as all neighbor nodes in the network merely forward the reply and response of neighboring. The intermediate nodes work is very responsible in routing procedure with continuous movement. During the work we have recommended one security scheme against the attack of packet dropping by malicious node in the network. The scheme which is recommended here will work to find attacker by using the concept of detection of link to forward the data or information between sender and receiver. The packet dropping on link, through node is detected and prevented by IDS security system. The scheme not only works to identify the nodes performing malicious activity however prevent them also. The identification of attacker is noticed by dropping of data packets in excsssessive quantity. The prevention of it can be done via choosing the alternate route somewhere the attacker performing malicious activity not available among the senders to receivers. The neighbor nodes or intermediary identify the malicious activity performer by the way of reply of malicious nodes which is confirmed. The recommended IDS system secures the network and also increases the performance after blocking malicious nodes that perform malicious activity in the network. The network performance measures in the presence of attack and secure IDS with the help of performance metrics like PDR, throughput etc. Planned secure routing improves data receiving and minimizes dropping data in network.

In recent years the use of wireless ad hoc networks has seen an increase of applications. A big part of the research has focused on Mobile Ad Hoc Networks (MAnETs), due to its implementations in vehicular networks, battlefield communications, among others. These peer-to-peer networks usually test novel communications protocols, but leave out the network security part. A wide range of attacks can happen as in wired networks, some of them being more damaging in MANETs. Because of the characteristics of these networks, conventional methods for detection of attack traffic are ineffective. Intrusion Detection Systems (IDSs) are constructed on various detection techniques, but one of the most important is anomaly detection. IDSs based only in past attacks signatures are less effective, even more if these IDSs are centralized. Our work focuses on adding a novel Machine Learning technique to the detection engine, which recognizes attack traffic in an online way (not to store and analyze after), re-writing IDS rules on the fly. Experiments were done using the Dockemu emulation tool with Linux Containers, IPv6 and OLSR as routing protocol, leading to promising results.

Tactical MANETs are deployed in several challenging situations such as node mobility, presence of radio interference together with malicious jamming attacks, and execrable terrain features etc. Jamming attacks are especially harmful to the reliability of wireless communication, as they can effectively disrupt communication between any node pairs. The nature of Tactical MANETs hinders ineffective most of existing reliable routing schemes for ordinary wireless mobile networks. Routing Protocols in Tactical MANET s face serious security and reliability challenges. Selecting a long lasting and steady-going route is a critical task. Due to the lack of accurate acquisition and evaluation of the transmission characteristics, routing algorithms may result in continual reconstruction and high control overhead. This paper studies the impact of jamming and interference on the common protocols of tactical communications and presents a neighbor dependency-based reliable routing algorithm. According to the neighbor dependency based on channel state information evaluated by Exponential Smoothing Method, how to select a neighboring node as the next hop will greatly affect the transmission reliability. Finally, the performance of the reliable routing protocol based on neighbor dependency is tested in OPNET, and compared with the classical AODV algorithm and the improved AODV based on link Cost (CAODV) algorithm. The simulation results show that the protocol presented in this paper has better data transmission reliability.

The increase of sensitive data in the current Internet of Things (IoT) raises demands of computation, communication and storage capabilities. Indeed, thanks to RFID tags and wireless sensor networks, anything can be part of IoT. As a result, a large amount of data is generated, which is hard for many IoT devices to handle, as many IoT devices are resource-constrained and cannot use the existing standard security protocols. Cloud computing might seem like a convenient solution, since it offers on-demand access to a shared pool of resources such as processors, storage, applications and services. However this comes as a cost, as unnecessary communications not only burden the core network, but also the data center in the cloud. Therefore, considering suitable approaches such as fog computing and security middleware solutions is crucial. In this paper, we propose a novel middleware architecture to solve the above issues, and discuss the generic concept of using fog computing along with cloud in order to achieve a higher security level. Our security middleware acts as a smart gateway as it is meant to pre-process data at the edge of the network. Depending on the received information, data might either be processed and stored locally on fog or sent to the cloud for further processing. Moreover, in our scheme, IoT constrained devices communicate through the proposed middleware, which provide access to more computing power and enhanced capability to perform secure communications. We discuss these concepts in detail, and explain how our proposal is effective to cope with some of the most relevant IoT security challenges.

Named Data Networking (NDN) is a future Internet architecture, NDN forwarding strategy is a hot research topic in MANET. At present, there are two categories of forwarding strategies in NDN. One is the blind forwarding(BF), the other is the aware forwarding(AF). Data packet return by the way that one came forwarding strategy(DRF) as one of the BF strategy may fail for the interruptions of the path that are caused by the mobility of nodes. Consumer need to wait until the interest packet times out to request the data packet again. To solve the insufficient of DRF, in this paper a Forwarding Strategy, called FN based on Neighbor-aware is proposed for NDN MANET. The node maintains the neighbor information and the request information of neighbor nodes. In the phase of data packet response, in order to improve request satisfaction rate, node specifies the next hop node; Meanwhile, in order to reduce packet loss rate, node assists the last hop node to forward packet to the specific node. The simulation results show that compared with DRF and greedy forwarding(GF) strategy, FN can improve request satisfaction rate when node density is high.

As a proposed Internet architecture, Named Data Networking must provide effective security support: data authenticity, confidentiality, and availability. This poster focuses on supporting data confidentiality via encryption. The main challenge is to provide an easy-to-use key management mechanism that ensures only authorized parties are given the access to protected data. We describe the design of name-based access control (NAC) which provides automated key management by developing systematic naming conventions for both data and cryptographic keys. We also discuss an enhanced version of NAC that leverages attribute-based encryption mechanisms (NAC-ABE) to improve the flexibility of data access control and reduce communication, storage, and processing overheads.

Unlike traditional routing where packets are only stored and forward, network coding allows packets to mix together. New packets can be formed by combining other packets. This technique can provide benefits to the network. Network coding has been shown to improve network throughput, reduce energy consumption, improve network robustness and achieve the network capacity. 5G Network is foreseen as a novel network paradigm enabling massive device connectivity and enabling device-to-device communication (D2D). It has many potential applications ranging from ultra high definition video to virtual reality applications. In this paper, we present the advantages, benefits, scenarios, and applications of Network coding for 5G Network and device-to-device communication. We present the state-of-art research, the theoretical benefits, and detail how network coding can improve 5G Networks and D2D communication. Our results show that network coding can almost double the network throughput while increasing network robustness and decreasing the overall time to disseminate messages.

Intrusion detection systems do not perform well when it comes to detecting zero-day attacks, therefore improving their performance in that regard is an active research topic. In this study, to detect zero-day attacks with high accuracy, we proposed two deep learning based anomaly detection models using autoencoder and denoising autoencoder respectively. The key factor that directly affects the accuracy of the proposed models is the threshold value which was determined using a stochastic approach rather than the approaches available in the current literature. The proposed models were tested using the KDDTest+ dataset contained in NSL-KDD, and we achieved an accuracy of 88.28% and 88.65% respectively. The obtained results show that, as a singular model, our proposed anomaly detection models outperform any other singular anomaly detection methods and they perform almost the same as the newly suggested hybrid anomaly detection models.

The problem of cross-platform binary code similarity detection aims at detecting whether two binary functions coming from different platforms are similar or not. It has many security applications, including plagiarism detection, malware detection, vulnerability search, etc. Existing approaches rely on approximate graph-matching algorithms, which are inevitably slow and sometimes inaccurate, and hard to adapt to a new task. To address these issues, in this work, we propose a novel neural network-based approach to compute the embedding, i.e., a numeric vector, based on the control flow graph of each binary function, then the similarity detection can be done efficiently by measuring the distance between the embeddings for two functions. We implement a prototype called Gemini. Our extensive evaluation shows that Gemini outperforms the state-of-the-art approaches by large margins with respect to similarity detection accuracy. Further, Gemini can speed up prior art's embedding generation time by 3 to 4 orders of magnitude and reduce the required training time from more than 1 week down to 30 minutes to 10 hours. Our real world case studies demonstrate that Gemini can identify significantly more vulnerable firmware images than the state-of-the-art, i.e., Genius. Our research showcases a successful application of deep learning on computer security problems.

Generating synthetic data is a well-known option to limit disclosure risk in sensitive data releases. The usual approach is to build a model for the population and then generate a synthetic data set solely based on the model. We argue that building an accurate population model is difficult and we propose instead to approximate the original data as closely as privacy constraints permit. To enforce an ex ante privacy level when generating synthetic data, we introduce a new privacy model called $ε$ synthetic privacy. Then, we describe a synthetic data generation method that satisfies $ε$-synthetic privacy. Finally, we evaluate the utility of the synthetic data generated with our method.

Now a days transferring of texts, documents over the internet are the tasks in common. The transferred text must be cryptographically protected so that cannot be accessed by the invaders. In the communication medium, protected data uses cryptographic techniques and random bit generators. Once the key is generated by the random generators, how well we can secure and transmit fast in the network plays a vital role by applying appropriate algorithm. As a solution, a system is developed by symmetric algorithmic approach, uses AES and Fiestel content and also implements three different ways of random generators such as pseudorandom number generator (PRNG), linear multiples of prime sequence based method and nonlinear prime methods. Multilevel encryption and decryption techniques are adopted in the solution to transfer the information over the network securely with reduced delay. This method provides very strong technique against different kinds of attacks.

Data clustering is an important topic in data science in general, but also in user modeling and recommendation systems. Some clustering algorithms like K-means require the adjustment of many parameters, and force the clustering without considering the clusterability of the dataset. Others, like DBSCAN, are adjusted to a fixed density threshold, so can't detect clusters with different densities. In this paper we propose a new clustering algorithm based on the mutual vote, which adjusts itself automatically to the dataset, demands a minimum of parameterizing, and is able to detect clusters with different densities in the same dataset. We test our algorithm and compare it to other clustering algorithms for clustering users, and predict their purchases in the context of recommendation systems.