Biblio

Intrusion detection is a traditional practice of security experts, however, there are several issues which still need to be tackled. Therefore, in this paper, after highlighting these issues, we present an architecture for a hybrid Intrusion Detection System (IDS) for an adaptive and incremental detection of both known and unknown attacks. The IDS is composed of supervised and unsupervised modules, namely, a Deep Neural Network (DNN) and the K-Nearest Neighbors (KNN) algorithm, respectively. The proposed system is near-autonomous since the intervention of the expert is minimized through the active learning (AL) approach. A query strategy for the labeling process is presented, it aims at teaching the supervised module to detect unknown attacks and improve the detection of the already-known attacks. This teaching is achieved through sliding windows (SW) in an incremental fashion where the DNN is retrained when the data is available over time, thus rendering the IDS adaptive to cope with the evolutionary aspect of the network traffic. A set of experiments was conducted on the CICIDS2017 dataset in order to evaluate the performance of the IDS, promising results were obtained.

With the rapid development of power Internet of Things (IoT), the ubiquitous edge agents are frequently exposed in a risky environment, where the white-box attacker could steal all the internal information by full observation of dynamic execution of the cryptographic software. In this situation, a new table-based white-box cryptography implementation of SM4 algorithm is proposed to prevent the attacker from extracting the secret key, which hides the encryption and decryption process in obfuscated lookup tables. Aiming to improve the diversity and ambiguity of the lookup tables as well as resist different types of white-box attacks, the random bijective nonlinear mappings are applied as scrambling encodings of the lookup tables. Moreover, in order to make our implementation more practical in the resource-constrained edge IoT agent, elaborate design is proposed to make some tables reusability, leading to less memory occupation while guaranteeing the security. The validity and security of the proposed implementation will be illustrated through several evaluation indicators.

Protecting and preventing sensitive data from being used inappropriately has become a challenging task. Even a small mistake in securing data can be exploited by phishing attacks to release private information such as passwords or financial information to a malicious actor. Phishing has now proven so successful, it is the number one attack vector. Many approaches have been proposed to protect against this type of cyber-attack, from additional staff training, enriched spam filters to large collaborative databases of known threats such as PhishTank and OpenPhish. However, they mostly rely upon a user falling victim to an attack and manually adding this new threat to the shared pool, which presents a constant disadvantage in the fight back against phishing. In this paper, we propose a novel approach to protect against phishing attacks using binary visualisation and machine learning. Unlike previous work in this field, our approach uses an automated detection process and requires no further user interaction, which allows faster and more accurate detection process. The experiment results show that our approach has high detection rate.

Currently and particularly with remote working scenarios during COVID-19, phishing attack has become one of the most significant threats faced by internet users, organizations, and service providers. In a phishing attack, the attacker tries to steal client sensitive data (such as login, passwords, and credit card details) using spoofed emails and fake websites. Cybercriminals, hacktivists, and nation-state spy agencies have now got a fertilized ground to deploy their latest innovative phishing attacks. Timely detection of phishing attacks has become most crucial than ever. Machine learning algorithms can be used to accurately detect phishing attacks before a user is harmed. This paper presents a novel ensemble model to detect phishing attacks on the website. We select three machine learning classifiers: Artificial Neural Network (ANN), K-Nearest Neighbors (KNN), and Decision Tree (C4.5) to use in an ensemble method with Random Forest Classifier (RFC). This ensemble method effectively detects website phishing attacks with better accuracy than existing studies. Experimental results demonstrate that the ensemble of KNN and RFC detects phishing attacks with 97.33% accuracy.

Email-based phishing is still a widespread problem, that affects many users worldwide. Although many aspects of phishing have been extensively studied in the past, they mainly focus on the execution and prevention of different types of phishing and do not consider the process how attackers collect the contact information of potential victims. In this paper, we analyze the collection process of email addresses in more detail. Based on the results of this analysis, we propose email address separation as a way for users to detect phishing emails, and reason about its effectiveness against several typical types of phishing attacks. We find, that email address separation has the potential to greatly reduce the perceived authenticity of general phishing emails, that target a large amount of users, e.g., by impersonating a popular service and spreading malware or links to phishing websites. It is, however, not likely to prevent more sophisticated phishing attacks, that do not depend on the impersonation of a previously known organization or entity. Our results motivate further studies to analyze the usability and applicability of the proposed method, and to determine, whether address separation has additional positive effects on users’ phishing awareness or automated phishing detection.

With the increase of the number of network threats, the knowledge graph is an effective method to quickly analyze the network threats from the mass of network security texts. Named entity recognition in network security domain is an important task to construct knowledge graph. Aiming at the problem that key Chinese entity information in network security related text is difficult to identify, a named entity recognition model in network security domain based on BERT-BiLSTM-CRF is proposed to identify key named entities in network security related text. This model adopts the BERT pre-training model to obtain the word vectors of the preceding and subsequent text information, and the obtained word vectors will be input to the subsequent BiLSTM module and CRF module for encoding and sorting. The test results show that this model has a good effect on the data set of network security domain. The recognition effect of this model is better than that of LSTM-CRF, BERT-LSTM-CRF, BERT-CRF and other models, and the F1=93.81%.

Modern IoT infrastructure consists of different sub-systems, devices, applications, platforms, varied connectivity protocols with distinct operating environments scattered across different subsystems within the whole network. Each of these subsystems of the global system has its peculiar computational and security challenges. A security loophole in one subsystem has a directly negative impact on the security of the whole system. The nature and intensity of recent cyber-attacks within IoT networks have increased in recent times. Blockchain technology promises several security benefits including a decentralized authentication mechanism that addresses almost readily the challenges with a centralized authentication mechanism that has the challenges of introducing a single point of failure that affects data and system availability anytime such systems are compromised. The different design specifications and the unique functional requirements for most IoT devices require a strong yet universal authentication mechanism for multimedia data that assures an additional security layer to IoT data. In this paper, the authors propose a decentralized authentication to validate data integrity at the IoT node level. The proposed mechanism guarantees integrity, privacy, and availability of IoT node data.

Nowadays, biometric-based authentication systems are widely used. This fact has led to increased attacks on biometric data of users. Therefore, biometric template protection is sure to keep the attention of researchers for the security of the authentication systems. Many previous works proposed the biometric template protection schemes by transforming the original biometric data into a secure domain, or establishing a cryptographic key with the use of biometric data. The main purpose was that fulfill the all three requirements: cancelability, security, and performance as many as possible. In this paper, using random projection merged with fuzzy commitment, we will introduce a hybrid scheme of biometric template protection. We try to limit their own drawbacks and take full advantages of these techniques at the same time. In addition, an analysis of non-invertibility property will be exercised with regards to the use of random projection aiming at enhancing the security of the system while preserving the discriminability of the original biometric template.

With the proliferation of false redundant information on various e-commerce platforms, ineffective recommendations and other untrustworthy behaviors have seriously hindered the healthy development of e-commerce platforms. Modern recommendation systems often use side information to alleviate these problems and also increase prediction accuracy. One such piece of side information, which has been widely investigated, is trust. However, it is difficult to obtain explicit trust relationship data, so researchers infer trust values from other methods, such as the user-to-item relationship. In this paper, addressing the problems, we proposed a novel trust-based recommender model called UITrust, which uses user-item relationship value to improve prediction accuracy. With the improvement the traditional similarity measures by employing the entropies of user and item history ratings to reflect the global rating behavior on both. We evaluate the proposed model using two real-world datasets. The proposed model performs significantly better than the baseline methods. Also, we can use the UITrust to alleviate the sparsity problem associated with correlation-based similarity. In addition to that, the proposed model has a better computational complexity for making predictions than the k-nearest neighbor (kNN) method.

Internet always remains the target for the cyberattacks, and attackers are getting equipped with more potent tools due to the advancement of technology to preach the security of the Internet. Industries and organizations are sponsoring many projects to avoid these kinds of problems. As a result, SDN (Software Defined Network) architecture is becoming an acceptable alternative for the traditional IP based networks which seems a better approach to defend the Internet. However, SDN is also vulnerable to many new threats because of its architectural concept. SDN might be a primary target for DoS (Denial of Service) and DDoS (Distributed Denial of Service) attacks due to centralized control and linking of data plane and control plane. In this paper, the we propose a novel technique for detection of DDoS attacks using information theory metric. We compared our approach with widely used Intrusion Detection Systems (IDSs) based on Shannon entropy and Renyi entropy, and proved that our proposed methodology has more power to detect malicious flows in SDN based networks. We have used precision, detection rate and FPR (False Positive Rate) as performance parameters for comparison, and validated the methodology using a topology implemented in Mininet network emulator.

The presence of experts, such as a data protection officer (DPO) and a privacy engineer is essential in Privacy Requirements Engineering. This task is carried out in various forms including threat modeling and privacy impact assessment. The knowledge required for performing privacy threat modeling can be a serious challenge for a novice privacy engineer. We aim to bridge this gap by developing an automated approach via machine learning that is able to detect privacy-related entities in the user stories. The relevant entities include (1) the Data Subject, (2) the Processing, and (3) the Personal Data entities. We use a state-of-the-art Named Entity Recognition (NER) model along with contextual embedding techniques. We argue that an automated approach can assist agile teams in performing privacy requirements engineering techniques such as threat modeling, which requires a holistic understanding of how personally identifiable information is used in a system. In comparison to other domain-specific NER models, our approach achieves a reasonably good performance in terms of precision and recall.

Recently, the informatics infrastructure of INRiM Time and Frequency Laboratory has been completely renewed with particular attention to network security and software architecture aspects, with the aims to improve the reliability, robustness and automation of the overall set-up. This upgraded infrastructure has allowed, since January 2020, a fully automated generation and monitoring of the Italian time scale UTC(IT), based on dedicated software developed in-house [1]. We focus in this work on the network and software aspects of our set-up, which enable a robust and reliable automatic time scale generation with continuous monitoring and minimal human intervention.

{With the rapid development of cyberspace, cyber security incidents are increasing, and the means and types of network attacks are becoming more and more complex and refined, which brings greater challenges to security risk control. First, the knowledge graph technology is used to construct a cyber security knowledge graph based on ontology to realize multi-source heterogeneous security big data fusion calculation, and accurately express the complex correlation between different security entities. Furthermore, for cyber security risk control, a key node assessment method for security risk diffusion is proposed. From the perspectives of node communication correlation and topological level, the calculation method of node communication importance based on improved PageRank Algorithm and based on the improved K-shell Algorithm calculates the importance of node topology are studied, and then organically combine the two calculation methods to calculate the importance of different nodes in security risk defense. Experiments show that this method can evaluate the importance of nodes more accurately than the PageRank algorithm and the K-shell algorithm.

Background: Most of the people are not medically qualified for studying or understanding the extremity of their diseases or symptoms. This is the place where natural language processing plays a vital role in healthcare. These chatbots collect patients' health data and depending on the data, these chatbot give more relevant data to patients regarding their body conditions and recommending further steps also. Purposes: In the medical field, AI powered healthcare chatbots are beneficial for assisting patients and guiding them in getting the most relevant assistance. Chatbots are more useful for online search that users or patients go through when patients want to know for their health symptoms. Methods: In this study, the health assistant system was developed using Dialogflow application programming interface (API) which is a Google's Natural language processing powered algorithm and the same is deployed on google assistant, telegram, slack, Facebook messenger, and website and mobile app. With this web application, a user can make health requests/queries via text message and might also get relevant health suggestions/recommendations through it. Results: This chatbot acts like an informative and conversational chatbot. This chatbot provides medical knowledge such as disease symptoms and treatments. Storing patients personal and medical information in a database for further analysis of the patients and patients get real time suggestions from doctors. Conclusion: In the healthcare sector AI-powered applications have seen a remarkable spike in recent days. This covid crisis changed the whole healthcare system upside down. So this NLP powered chatbot system reduced office waiting, saving money, time and energy. Patients might be getting medical knowledge and assisting ourselves within their own time and place.

Many critical industrial control systems integrate a mixture of state-of-the-art and legacy equipment. Legacy installations lack advanced, and often even basic security features, risking entire system security. Existing research primarily focuses on the development of secure protocols for emerging devices or protocol translation proxies for legacy equipment. However, a robust security framework not only needs encryption but also mechanisms to prevent reconnaissance and unauthorized access to industrial devices. This paper proposes a novel Edge Security Gateway (ESG) that provides both, communication and endpoint security. The ESG is based on double ratchet algorithm and encrypts every message with a different key. It manages the ongoing renewal of short-lived session keys and provides localized firewall protection to individual devices. The ESG is easily customizable for a wide range of industrial application. As a use case, this paper presents the design and validation for synchrophasor technology in smart grid. The ESG effectiveness is practically validated in detecting reconnaissance, manipulation, replay, and command injection attacks due to its perfect forward and backward secrecy properties.

Recent projects regarding the exploration of the functions of microbiomes within communities brought about a plethora of new data. That specific field of study is called Metagenomics and one of its more advancing approach is the application of network analysis. The paper introduces NAMData which is a web-application tool for the network analysis of microbiome data. The system handles the compositionality and sparsity nature of microbiome data by applying taxa filtration, normalization, and zero treatment. Furthermore, compositionally aware correlation estimators were used to compute for the correlation between taxa and the system divides the network into the positive and negative correlation network. NAMData aims to capitalize on the unique network features namely network visualization, centrality scores, and community detection. The system enables researchers to include network analysis in their analysis pipelines even without any knowledge of programming. Biological concepts can be integrated with the network findings gathered from the system to either support existing facts or form new insights.

Evolutionary computation (EC) is a kind of advanced computational intelligence (CI) algorithm and advanced artificial intelligence (AI) algorithm. EC algorithms have been widely studied for solving optimization and scheduling problems in various real-world applications, which act as one of the Big Three in CI and AI, together with fuzzy systems and neural networks. Even though EC has been fast developed in recent years, there is an assumption that the algorithm designer can obtain the objective function of the optimization problem so that they can calculate the fitness values of the individuals to follow the “survival of the fittest” principle in natural selection. However, in a real-world application scenario, there is a kind of problem that the objective function is privacy so that the algorithm designer can not obtain the fitness values of the individuals directly. This is the privacy-preserving optimization problem (PPOP) where the assumption of available objective function does not check out. How to solve the PPOP is a new emerging frontier with seldom study but is also a challenging research topic in the EC community. This paper proposes a rank-based cryptographic function (RCF) to protect the fitness value information. Especially, the RCF is adopted by the algorithm user to encrypt the fitness values of all the individuals as rank so that the algorithm designer does not know the exact fitness information but only the rank information. Nevertheless, the RCF can protect the privacy of the algorithm user but still can provide sufficient information to the algorithm designer to drive the EC algorithm. We have applied the RCF privacy-preserving method to two typical EC algorithms including particle swarm optimization (PSO) and differential evolution (DE). Experimental results show that the RCF-based privacy-preserving PSO and DE can solve the PPOP without performance loss.

This paper presents the results of a multifaceted study of the behavior of a novel hydrokinetic energy harvester that utilizes vertical oscillations. Unlike traditional rotating turbines used in hydrokinetic energy, this particular device utilizes the fluid structure interactions of vortex-induced-vibration and gallop. Due to the unique characteristics of this vertical motion, a thorough examination of the proposed system was conducted via a three-pronged approach of simulation, emulation, and field testing. Using a permanent magnet synchronous generator as the electrical power generation source, an electrical power conversion system was simulated, emulated, and tested to achieve appropriate power smoothing for use in microgrid systems present in many Alaskan rural locations.

The majority of systems rely on user authentication on passwords, but passwords have so many weaknesses and widespread use that easily raise significant security concerns, regardless of their encrypted form. Users hold the same password for different accounts, administrators never check password files for flaws that might lead to a successful cracking, and the lack of a tight security policy regarding regular password replacement are a few problems that need to be addressed. The proposed research work aims at enhancing this security mechanism, prevent penetrations, password theft, and attempted break-ins towards securing computing systems. The selected solution approach is two-folded; it implements a two-factor authentication scheme to prevent unauthorized access, accompanied by Honeyword principles to detect corrupted or stolen tokens. Both can be integrated into any platform or web application with the use of QR codes and a mobile phone.

Preventing the cyberattacks has been a concern for any organization. In this research, the authors propose a novel method to detect cyberattacks by monitoring and analyzing the network traffic. It was observed that the various log files that are created in the server does not contain all the relevant traces to detect a cyberattack. Hence, the HTTP traffic to the web server was analyzed to detect any potential cyberattacks. To validate the research, a web server was simulated using the Opensource Damn Vulnerable Web Application (DVWA) and the cyberattacks were simulated as per the OWASP standards. A python program was scripted that captured the network traffic to the DVWA server. This traffic was analyzed in real-time by reading the various HTTP parameters viz., URLs, Get / Post methods and the dependencies. The results were found to be encouraging as all the simulated attacks in real-time could be successfully detected. This work can be used as a template by various organizations to prevent any insider threat by monitoring the internal HTTP traffic.

Automated analysis of facial expressions is one of the most interesting and challenging problems in many areas such as human-computer interaction. Facial images are affected by many factors, such as intensity, pose and facial expressions. These factors make facial expression recognition problem a challenge. The aim of this paper is to propose a new method based on the pyramid local binary pattern (PLBP) and the pyramid local phase quantization (PLPQ), which are the extension of the local binary pattern (LBP) and the local phase quantization (LPQ) as two methods for extracting texture features. LBP operator is used to extract LBP feature in the spatial domain and LPQ operator is used to extract LPQ feature in the frequency domain. The combination of features in spatial and frequency domains can provide important information in both domains. In this paper, PLBP and PLPQ operators are separately used to extract features. Then, these features are combined to create a new feature vector. The advantage of pyramid transform domain is that it can recognize facial expressions efficiently and with high accuracy even for very low-resolution facial images. The proposed method is verified on the CK+ facial expression database. The proposed method achieves the recognition rate of 99.85% on CK+ database.

Deep learning models have been successful and shown to perform better in terms of accuracy and efficiency for facial recognition applications. However, they require huge amount of data samples that were well annotated to be successful. Their data requirements have led to some complications which include increased processing demands of the systems where such systems were to be deployed. Reducing the training sample sizes of deep learning models is still an open problem. This paper proposes the reduction of the number of samples required by the convolutional neutral network used in training a facial recognition system using a new Facial Image Deviation Estimation and Image Selection Algorithm (FIDE-ISA). The algorithm was used to select appropriate facial image training samples incrementally based on their facial deviation. This will reduce the need for huge dataset in training deep learning models. Preliminary results indicated a 100% accuracy for models trained with 54 images (at least 3 images per individual) and above.

State estimation algorithm ensures an effective realtime monitoring of the modern smart grid leading to an accurate determination of the current operating states. Recently, a new genre of data integrity attacks namely false data injection attack (FDIA) has shown its deleterious effects by bypassing the traditional bad data detection technique. Modern grid operators must detect the presence of such attacks in the raw field measurements to guarantee a safe and reliable operation of the grid. State forecasting based FDIA identification schemes have recently shown its efficacy by determining the deviation of the estimated states due to an attack. This work emphasizes on a scalable deep learning state forecasting model which can accurately determine the presence of FDIA in real-time. An optimal set of hyper-parameters of the proposed architecture leads to an effective forecasting of the operating states with minimal error. A diligent comparison between other state of the art forecasting strategies have promoted the effectiveness of the proposed neural network. A comprehensive analysis on the IEEE 14 bus test bench effectively promotes the proposed real-time attack identification strategy.

Real time data analysis in the context of e.g. realtime monitoring or computational steering is an important tool in many fields of science, allowing scientists to make the best use of limited resources such as sensors and HPC platforms. These tools typically rely on large amounts of continuously collected data that needs to be processed in near-real time to avoid wasting compute, storage, and networking resources. Streaming pipelines are a natural fit for this use case but are inconvenient to use on high-performance computing (HPC) systems because of the diverging system software environment with big data, increasing both the cost and the complexity of the solution. In this paper we propose Neon, a clean-slate design of a streaming data processing framework for HPC systems that enables users to create arbitrarily large streaming pipelines. The experimental results on the Bebop supercomputer show significant performance improvements compared with Apache Storm, with up to 2x increased throughput and reduced latency.

Recently, network usage has evolved from resource sharing between hosts to content distribution and retrieval. Some emerging network architectures, like Named Data Networking (NDN), focus on the design of content-oriented network paradigm. However, these clean-slate network architectures are difficult to be deployed progressively and deal with the new communication requirements. Multi-Identifier Network (MIN) is a promising network architecture that contains push and pull communication semantics and supports the resolution, routing and extension of multiple network identifiers. MIN's original design was proposed in 2019, which has been improved over the past two years. In this paper, we present the current design and implementation of MIN. We also propose a fallback-based identifier extension scheme to improve the extensibility of the network. We demonstrate that MIN outperforms NDN in the scenario of progressive deployment via IP tunnel.