Biblio

Deep learning classifiers are hugely vulnerable to adversarial examples, and their existence raised cybersecurity concerns in many tasks with an emphasis on malware detection, computer vision, and speech recognition. While there is a considerable effort to investigate attacks and defense strategies in these tasks, only limited work explores the influence of targeted attacks on input data (e.g., images, textual descriptions, audio) used in multimedia recommender systems (MR). In this work, we examine the consequences of applying targeted adversarial attacks against the product images of a visual-based MR. We propose a novel adversarial attack approach, called Target Adversarial Attack against Multimedia Recommender Systems (TAaMR), to investigate the modification of MR behavior when the images of a category of low recommended products (e.g., socks) are perturbed to misclassify the deep neural classifier towards the class of more recommended products (e.g., running shoes) with human-level slight images alterations. We explore the TAaMR approach studying the effect of two targeted adversarial attacks (i.e., FGSM and PGD) against input pictures of two state-of-the-art MR (i.e., VBPR and AMR). Extensive experiments on two real-world recommender fashion datasets confirmed the effectiveness of TAaMR in terms of recommendation lists changing while keeping the original human judgment on the perturbed images.

This Transparent Data Encryption (TDE) can provide enormous benefits to the Relational Databases in the aspects of Data Security, Cryptographic Encryption, and Compliances. For every transaction, the stored data must be decrypted before applying the updates as well as should be encrypted before permanently storing back at the storage level. By adding this extra functionality to the database, the general thinking denotes that the Database (DB) going to hit some performance overhead at the CPU and storage level. However, The Oracle Corporation has adversely claimed that their latest Oracle DB version 19c TDE feature can provide significant improvement in the optimization of CPU and no overhead at the storage level for data processing. Impressively, it is true. the results of this paper prove too. Most interestingly the results also revealed about highly impacted components in the servers which are not yet disclosed in any of the previous research work. This paper completely concentrates on CPU, IO, and RAM performance analysis and identifying the bottlenecks along with possible solutions.

As the world is moving towards industry 4.0, it is estimated that in the near future billions of IoT devices will be interconnected over the Internet. The open and heterogeneous nature of IoT environment makes it vulnerable to adversarial attacks. To maintain sustainability in IoT ecosystem, this paper evaluates some of the recent IoT schemes based on key security features i.e. authentication, confidentiality, trust etc. These schemes are classified according to three-layer IoT architecture. Based on our findings, some of these solutions are applicable at physical layer while others are at network, and application layers. However, none of these schemes can provide end-to-end solution for IoT environment. Therefore, our work provides a roadmap for future research directions in IoT domain to design robust security schemes for IoT environment, thus can achieve sustainability in IoT ecosystem.

Fast IPv4 scanning has made sufficient progress in network measurement and security research. However, it is infeasible to perform brute-force scanning of the IPv6 address space. We can find active IPv6 addresses through scanning candidate addresses generated by the state-of-the-art algorithms, whose probing efficiency of active IPv6 addresses, however, is still very low. In this paper, we aim to improve the probing efficiency of IPv6 addresses in two ways. Firstly, we perform a longitudinal active measurement study over four months, building a high-quality dataset called hitlist with more than 1.3 billion IPv6 addresses distributed in 45.2k BGP prefixes. Different from previous work, we probe the announced BGP prefixes using a pattern-based algorithm, which makes our dataset overcome the problems of uneven address distribution and low active rate. Secondly, we propose an efficient address generation algorithm DET, which builds a density space tree to learn high-density address regions of the seed addresses in linear time and improves the probing efficiency of active addresses. On the public hitlist and our hitlist, we compare our algorithm DET against state-of-the-art algorithms and find that DET increases the de-aliased active address ratio by 10%, and active address (including aliased addresses) ratio by 14%, by scanning 50 million addresses.

The massive boom of Internet of Things (IoT) has led to the explosion of smart IoT devices and the emergence of various applications such as smart cities, smart grids, smart mining, connected health, and more. While the proliferation of IoT systems promises many benefits for different sectors, it also exposes a large attack surface, raising an imperative need to put security in the first place. It is impractical to heavily rely on manual operations to deal with security of massive IoT devices and applications. Hence, there is a strong need for securing IoT systems with minimum human intervention. In light of this situation, in this paper, we envision security automation and orchestration for IoT systems. After conducting a comprehensive evaluation of the literature and having conversations with industry partners, we envision a framework integrating key elements towards this goal. For each element, we investigate the existing landscapes, discuss the current challenges, and identify future directions. We hope that this paper will bring the attention of the academic and industrial community towards solving challenges related to security automation and orchestration for IoT systems.

While the Internet of Things (IoT) applications and devices expanded rapidly, security and privacy of the IoT devices emerged as a major problem. Current studies reveal that there are significant weaknesses detected in several types of IoT devices moreover in several situations there are no security mechanisms to protect these devices. The IoT devices' users utilize the internet for the purpose of control and connect their machines. IoT application utilization has risen exponentially over time and our sensitive data is captured by IoT devices continuously, unknowingly or knowingly. The motivation behind this paper was the vulnerabilities that exist at the IP cameras. In this study, we undertake a more extensive investigation of IP cameras' vulnerabilities and demonstrate their effect on users' security and privacy through the use of the Kali Linux penetration testing platform and its tools. For this purpose, the paper performs a hands-on test on an IP camera with the name (“Intelligent Onvif YY HD”) to analyzes the security elements of this device. The results of this paper show that IP cameras have several security lacks and weaknesses which these flaws have multiple security impacts on users.

In modern internet-scale computing, interaction between a large number of parties that are not known a-priori is predominant, with each party functioning both as a provider and consumer of services and information. In such an environment, traditional access control mechanisms face considerable limitations, since granting appropriate authorizations to each distinct party is infeasible both due to the high number of grantees and the dynamic nature of interactions. Trust management has emerged as a solution to this issue, offering aids towards the automated verification of actions against security policies. In this paper, we present a trust- and risk-based approach to security, which considers status, behavior and associated risk aspects in the trust computation process, while additionally it captures user-to-user trust relationships which are propagated to the device level, through user-to-device ownership links.

Software is frequently deployed with vulnerabilities that may allow hackers to gain access to the system or information, leading to money or reputation losses. Although there are many techniques to detect software vulnerabilities, their effectiveness is far from acceptable, especially in large software projects, as shown by several research works. This Ph.D. aims to study the combination of different techniques to improve the effectiveness of vulnerability detection (increasing the detection rate and decreasing the number of false-positives). Static Code Analysis (SCA) has a good detection rate and is the central technique of this work. However, as SCA reports many false-positives, we will study the combination of various SCA tools and the integration with other detection approaches (e.g., software metrics) to improve vulnerability detection capabilities. We will also study the use of such combination to prioritize the reported vulnerabilities and thus guide the development efforts and fixes in resource-constrained projects.

The objective of the proposed research is to develop an IOT based security system with a two-point authentication. Human face recognition and fingerprint is a known method for access authentication. A combination of both technologies and integration of the system with IoT make will make the security system more efficient and reliable. Use of online platform google firebase is made for saving database and retrieving it in real-time. In this system access to the fingerprint (touch sensor) from mobile is proposed using an android app developed in android studio and authentication for the same is also proposed. On identification of both face and fingerprint together, access to door or locker is provided.

Deep learning plays an increasingly important role in various fields due to its superior performance, and it also achieves advanced recognition performance in the field of image classification. However, the vulnerability of deep learning in the adversarial environment cannot be ignored, and the prediction result of the model is likely to be affected by the small perturbations added to the samples by the adversary. In this paper, we propose a two-layer dynamic defense method based on defensive techniques pool and retrained branch model pool. First, we randomly select defense methods from the defense pool to process the input. The perturbation ability of the adversarial samples preprocessed by different defense methods changed, which would produce different classification results. In addition, we conduct adversarial training based on the original model and dynamically generate multiple branch models. The classification results of these branch models for the same adversarial sample is inconsistent. We can detect the adversarial samples by using the inconsistencies in the output results of the two layers. The experimental results show that the two-layer dynamic defense method we designed achieves a good defense effect.

Mobile data offloading using opportunistic network has recently gained its significance to increase mobile data needs. Such offloaders need to be properly incentivized to encourage more and more users to act as helpers in such networks. The extent of help offered by mobile data offloading alternatives using appropriate incentive mechanisms is significant in such scenarios. The limitation of existing incentive mechanisms is that they are partial in implementation while most of them use third party intervention based derivation. However, none of the papers considers trust as an essential factor for incentive distribution. Although few works contribute to the trust analysis, but the implementation is limited to offloading determination only while the incentive is independent of trust. We try to investigate if trust could be related to the Nash equilibrium based incentive evaluation. Our analysis results show that trust-based incentive distribution encourages more than 50% offloaders to act positively and contribute successfully towards efficient mobile data offloading. We compare the performance of our algorithm with literature based salary-bonus scheme implementation and get optimum incentive beyond 20% dependence over trust-based output.

In the current state of communication technology, the abuse of VoIP has led to the emergence of telecommunications fraud. We urgently need an end-to-end identity authentication mechanism to verify the identity of the caller. This paper proposes an end-to-end, dual identity authentication mechanism to solve the problem of telecommunications fraud. Our first technique is to use the Hermes algorithm of data transmission technology on an unknown voice channel to transmit the certificate, thereby authenticating the caller's phone number. Our second technique uses voice-print recognition technology and a Gaussian mixture model (a general background probabilistic model) to establish a model of the speaker to verify the caller's voice to ensure the speaker's identity. Our solution is implemented on the Android platform, and simultaneously tests and evaluates transmission efficiency and speaker recognition. Experiments conducted on Android phones show that the error rate of the voice channel transmission signature certificate is within 3.247 %, and the certificate signature verification mechanism is feasible. The accuracy of the voice-print recognition is 72%, making it effective as a reference for identity authentication.

Current paradigms for client-server authentication often rely on username/password schemes. Studies show such schemes are increasingly vulnerable to heuristic and brute-force attacks. This is either due to poor practices by users such as insecure weak passwords, or insecure systems by server operators. A recurring problem in any system which retains information is insecure management policies for sensitive information, such as logins and passwords, by both hosts and users. Increased processing power on the horizon also threatens the security of many popular hashing algorithms. Furthermore, increasing reliance on applications that exchange sensitive information has resulted in increased urgency. This is demonstrated by a large number of mobile applications being deemed insecure by Open Web Application Security Project (OWASP) standards. This paper proposes a secure alternative technique of authentication that retains the current ecosystem, while minimizes attack vectors without inflating responsibilities on users or server operators. Our proposed authentication scheme uses layered encryption techniques alongside a two-part verification process. In addition, it provides dynamic protection for preventing against common cyber-attacks such as replay and man-in-the-middle attacks. Results show that our proposed authentication mechanism outperform other schemes in terms of deployability and resilience to cyber-attacks, without inflating transaction's speed.

User identity and personal information remain to be hot targets for attackers. From recent surveys, we can categorize that 65.5% of all cyberattacks in 2018 target user information. Sadly, most of the time, the system's security depends on how secure it is the implementation from the provider-side. One defense technique that the user can take part in is applying a two-factor authentication (2FA) system for their account. However, we observe that state-of-the-art 2FAs have several weaknesses and limitations. In this paper, we propose TwoChain, a blockchain-based 2FA system for web services to overcome those issues. Our implementation facilitates an alternative 2FA system that is more secure, disposable, and decentralized. Finally, we release TwoChain for public use.

Two-factor authentication (2FA) systems implement by verifying at least two factors. A factor is something a user knows (password, or phrase), something a user possesses (smart card, or smartphone), something a user is (fingerprint, or iris), something a user does (keystroke), or somewhere a user is (location). In the existing 2FA system, a user is required to act in order to implement the second layer of authentication which is not very user-friendly. Smart devices (phones, laptops, tablets, etc.) can receive signals from different radio frequency technologies within range. As these devices move among networks (Wi-Fi access points, cellphone towers, etc.), they receive broadcast messages, some of which can be used to collect information. This information can be utilized in a variety of ways, such as establishing a connection, sharing information, locating devices, and, most appropriately, identifying users in range. The principal benefit of broadcast messages is that the devices can read and process the embedded information without being connected to the broadcaster. Moreover, the broadcast messages can be received only within range of the wireless access point sending the broadcast, thus inherently limiting access to those devices in close physical proximity and facilitating many applications dependent on that proximity. In the proposed research, a new factor is used - something that is in the user's environment with minimal user involvement. Data from these broadcast messages is utilized to implement a 2FA scheme by determining whether two devices are proximate or not to ensure that they belong to the same user.

Internet of Medical Things (IoMT) are getting popular in the smart healthcare domain. These devices are resource-constrained and are vulnerable to attack. As the IoMTs are connected to the healthcare network infrastructure, it becomes the primary target of the adversary due to weak security and privacy measures. In this regard, this paper proposes a security architecture for smart healthcare network infrastructures. The architecture uses various security components or services that are developed and deployed as virtual network functions. This makes the security architecture ready for future network frameworks such as OpenMANO. Besides, in this security architecture, only authenticated and trusted IoMTs serve the patients along with an encryption-based communication protocol, thus creating a secure, privacy-preserving and trusted healthcare network infrastructure.

An Internet of Things (IoT) architecture comprised of cloud, fog and resource constrained IoT end devices. The exponential development of IoT has increased the processing and footprint overhead in IoT end devices. All the components of IoT end devices that establish Chain of Trust (CoT) to ensure security are termed as Trusted Computing Base (TCB). The increased overhead in the IoT end device has increased the demand to increase the size of TCB surface area hence increases complexity of TCB surface area and also the increased the visibility of TCB surface area to the external world made the IoT end devices architecture over-architectured and unsecured. The TCB surface area minimization that has been remained unfocused reduces the complexity of TCB surface area and visibility of TCB components to the external un-trusted world hence ensures security in terms of confidentiality, integrity, authenticity (CIA) at the IoT end devices. The TCB minimization thus will convert the over-architectured IoT end device into lightweight and secured architecture highly desired for resource constrained IoT end devices. In this paper we review the IoT end device architectures proposed in the recent past and concluded that these architectures of resource constrained IoT end devices are over-architectured due to larger TCB and ignored bugs and vulnerabilities in TCB hence un-secured. We propose the Novel levelled architecture with TCB minimization by replacing oversized hypervisor with lightweight Micro(μ)-hypervisor i.e. μ-visor and transferring μ-hypervisor based virtualization over fog node for light weight and secured IoT End device architecture. The bug free TCB components confirm stable CoT for guaranteed CIA resulting into robust Trusted Execution Environment (TEE) hence secured IoT end device architecture. Thus the proposed resulting architecture is secured with minimized SRAM and flash memory combined footprint 39.05% of the total available memory per device. In this paper we review the IoT end device architectures proposed in the recent past and concluded that these architectures of resource constrained IoT end devices are over-architectured due to larger TCB and ignored bugs and vulnerabilities in TCB hence un-secured. We propose the Novel levelled architecture with TCB minimization by replacing oversized hypervisor with lightweight Micro(μ)-hypervisor i.e. μ-visor and transferring μ-hypervisor based virtualization over fog node for light weight and secured IoT End device architecture. The bug free TCB components confirm stable CoT for guaranteed CIA resulting into robust Trusted Execution Environment (TEE) hence secured IoT end device architecture. Thus the proposed resulting architecture is secured with minimized SRAM and flash memory combined footprint 39.05% of the total available memory per device.

The concept behind the Internet of Things (IoT) is taking everything and connecting to the internet so that all devices would be able to send and receive data online. Internet of Vehicles (IoV) is a key component of smart city which is an outcome of IoT. Nowadays the concept of IoT has plaid an important role in our daily life in different sectors like healthcare, agriculture, smart home, wearable, green computing, smart city applications, etc. The emerging IoV is facing a lack of rigor in data processing, limitation of anonymity, privacy, scalability, security challenges. Due to vulnerability IoV devices must face malicious hackers. Nowadays with the help of blockchain (BC) technology energy system become more intelligent, eco-friendly, transparent, energy efficient. This paper highlights two major challenges i.e. scalability and security issues. The flavor of edge computing (EC) considered here to deal with the scalability issue. A BC is a public, shared database that records transactions between two parties that confirms owners through cryptography. After a transaction is validated and cryptographically verified generates “block” on the BC and transactions are ordered chronologically and cannot be altered. Implementing BC and smart contracts technologies will bring security features for IoV. It plays a role to implement the rules and policies to govern the IoV information and transactions and keep them into the BC to secure the data and for future uses.

A synthetic aperture radar (SAR) target detection method based on the fusion of multiscale superpixel segmentations is proposed in this paper. SAR images are segmented between land and sea firstly by using superpixel technology in different scales. Secondly, image segmentation results together with the constant false alarm rate (CFAR) detection result are coalesced. Finally, target detection is realized by fusing different scale results. The effectiveness of the proposed algorithm is tested on Sentinel-1A data.

The security of energy supply in a power grid critically depends on the ability to accurately estimate the state of the system. However, manipulated power flow measurements can potentially hide overloads and bypass the bad data detection scheme to interfere the validity of estimated states. In this paper, we use an autoencoder neural network to detect anomalous system states and investigate the impact of hyperparameters on the detection performance for false data injection attacks that target power flows. Experimental results on the IEEE 118 bus system indicate that the proposed mechanism has the ability to achieve satisfactory learning efficiency and detection accuracy.

Due to environmental influence and technology limitation, a wireless sensor/sensors module can neither store or process all raw data locally nor reliably forward it to a destination in heterogeneous IoT environment. As a result, the data collected by the IoT's sensors are inherently noisy, unreliable, and may trigger many false alarms. These false or misleading data can lead to wrong decisions once the data reaches end entities. Therefore, it is highly recommended and desirable to acquire trustworthy data before data transmission, aggregation, and data storing at the end entities/cloud. In this paper, we propose an In-network Generalized Trustworthy Data Collection (IGTDC) framework for trustworthy data acquisition and faulty sensor detection in the IoT environment. The key idea of IGTDC is to allow a sensor's module to examine locally whether the raw data is trustworthy before transmitting towards upstream nodes. It further distinguishes whether the acquired data can be trusted or not before data aggregation at the sink/edge node. Besides, IGTDC helps to recognize a faulty or compromised sensor. For a reliable data collection, we use collaborative IoT technique, gate-level modeling, and programmable logic device (PLD) to ensure that the acquired data is reliable before transmitting towards upstream nodes/cloud. We use a hardware-based technique called “Gray Code” to detect a faulty sensor. Through simulations we reveal that the acquired data in IGTDC framework is reliable that can make a trustworthy data collection for event detection, and assist to distinguish a faulty sensor.

In this paper, a new intrusion detection mechanism is proposed based on Trust and Packet Loss Rate at Sensor Node in WSNs. To find the true malicious nodes, the proposed mechanism performs a deep analysis on the packet loss. Two independent metrics such as buffer capacity metric and residual energy metric are considered for packet loss rate evaluation. Further, the trust evaluation also considers the basic communication interactions between sensor nodes. Based on these three metrics, a new composite metric called Packet Forwarding Probability (PFP) is derived through which the malicious nodes are identified. Simulation experiments are conducted over the proposed mechanism and the performance is evaluated through False Positive Rate (FPR) and Malicious Detection Rate (MDR). The results declare that the proposed mechanism achieves a better performance compared to the conventional approaches.

With a storage space limit on the sensors, WSN has some drawbacks related to bandwidth and computational skills. This limited resources would reduce the amount of data transmitted across the network. For this reason, data aggregation is considered as a new process. Iterative filtration (IF) algorithms, which provide trust assessment to the various sources from which the data aggregation has been performed, are efficient in the present data aggregation algorithms. Trust assessment is done with weights from the simple average method to aggregation, which treats attack susceptibility. Iteration filter algorithms are stronger than the ordinary average, but they do not handle the current advanced attack that takes advantage of false information with many compromise nodes. Iterative filters are strengthened by an initial confidence estimate to track new and complex attacks, improving the solidity and accuracy of the IF algorithm. The new method is mainly concerned with attacks against the clusters and not against the aggregator. In this process, if an aggregator is attacked, the current system fails, and the information is eventually transmitted to the aggregator by the cluster members. This problem can be detected when both cluster members and aggregators are being targeted. It is proposed to choose an aggregator which chooses a new aggregator according to the remaining maximum energy and distance to the base station when an aggregator attack is detected. It also save time and energy compared to the current program against the corrupted aggregator node.

With an incredible growth in MEMS and Internet, IoT has developed to an inevitable invention and resource for human needs. IoT reframes the communication and created a new way of machine to machine communication. IoT utilizes smart sensor to monitor and track environmental changes in any area of interest. The high volume of sensed information is processed, formulated and presented to the user for decision making. In this paper a model is designed to perform trust evaluation and data aggregation with confidential transmission of secured information in to the network and enables higher secure and reliable data transmission for effective analysis and decision making. The Sensors in IoT devices, senses the same information and forwards redundant data in to the network. This results in higher network congestion and causes transmission overhead. This could be control by introducing data aggregation. A gateway sensor node can act as aggregator and a forward unique information to the base station. However, when the network is adulterated with malicious node, these malicious nodes tend to injects false data in to the network. In this paper, a trust based malicious node detection technique has been introduced to isolate the malicious node from forwarding false information into the network. Simulation results proves the proposed protocol can be used to reduce malicious attack with increased throughput and performance.

As a key technology in cognitive radio, cooperative spectrum sensing has been paid more and more attention. In cooperative spectrum sensing, multi-user cooperative spectrum sensing can effectively alleviate the performance degradation caused by multipath effect and shadow fading, and improve the spectrum utilization. However, as there may be malicious users in the cooperative sensing users, sending forged false messages to the fusion center or neighbor nodes to mislead them to make wrong judgments, which will greatly reduce the spectrum utilization. To solve this problem, this paper proposes an intelligent anti spectrum sensing data falsification (SSDF) attack algorithm using trust-based non consensus message passing algorithm. In this scheme, only one perception is needed, and the historical propagation path of each message is taken as the basis to calculate the reputation of each cognitive user. Every time a node receives different messages from the same cognitive user, there must be malicious users in its propagation path. We reward the nodes that appear more times in different paths with reputation value, and punish the nodes that appear less. Finally, the real value of the tampered message is restored according to the calculated reputation value. The MATLAB results show that the proposed scheme has a high recovery rate for messages and can identify malicious users in the network at the same time.