Biblio

Cyber threats directly affect the critical reliability and availability of modern Industry Control Systems (ICS) in respects of operations and processes. Where there are a variety of vulnerabilities and cyber threats, it is necessary to effectively evaluate cyber security risks, and control uncertainties of cyber environments, and quantitative evaluation can be helpful. To effectively and timely control the spread and impact produced by attacks on ICS networks, a probabilistic Multi-Attribute Vulnerability Criticality Analysis (MAVCA) model for impact estimation and prioritised remediation is presented. This offer a new approach for combining three major attributes: vulnerability severities influenced by environmental factors, the attack probabilities relative to the vulnerabilities, and functional dependencies attributed to vulnerability host components. A miniature ICS testbed evaluation illustrates the usability of the model for determining the weakest link and setting security priority in the ICS. This work can help create speedy and proactive security response. The metrics derived in this work can serve as sub-metrics inputs to a larger quantitative security metrics taxonomy; and can be integrated into the security risk assessment scheme of a larger distributed system.

The Common Vulnerability Scoring System (CVSS) is the de facto standard for vulnerability severity measurement today and is crucial in the analytics driving software fortification. Required by the U.S. National Vulnerability Database, over 75,000 vulnerabilities have been scored using CVSS. We compare how the CVSS correlates with another, closely-related measure of security impact: bounties. Recent economic studies of vulnerability disclosure processes show a clear relationship between black market value and bounty payments. We analyzed the CVSS scores and bounty awarded for 703 vulnerabilities across 24 products. We found a weak (Spearman’s ρ = 0.34) correlation between CVSS scores and bounties, with CVSS being more likely to underestimate bounty. We believe such a negative result is a cause for concern. We investigated why these measurements were so discordant by (a) analyzing the individual questions of CVSS with respect to bounties and (b) conducting a qualitative study to find the similarities and differences between CVSS and the publicly-available criteria for awarding bounties. Among our findings were that the bounty criteria were more explicit about code execution and privilege escalation whereas CVSS makes no explicit mention of those. We also found that bounty valuations are evaluated solely by project maintainers, whereas CVSS has little provenance in practice.

High frequency of network security incidents has also brought a lot of negative effects and even huge economic losses to countries, enterprises and individuals in recent years. Therefore, more and more attention has been paid to the problem of network security. In order to evaluate the newly included vulnerability text information accurately, and to reduce the workload of experts and the false negative rate of the traditional method. Multiple deep learning methods for vulnerability text classification evaluation are proposed in this paper. The standard Cross Site Scripting (XSS) vulnerability text data is processed first, and then classified using three kinds of deep neural networks (CNN, LSTM, TextRCNN) and one kind of traditional machine learning method (XGBoost). The dropout ratio of the optimal CNN network, the epoch of all deep neural networks and training set data were tuned via experiments to improve the fit on our target task. The results show that the deep learning methods evaluate vulnerability risk levels better, compared with traditional machine learning methods, but cost more time. We train our models in various training sets and test with the same testing set. The performance and utility of recurrent convolutional neural networks (TextRCNN) is highest in comparison to all other methods, which classification accuracy rate is 93.95%.

Vulnerability being the buzz word in the modern time is the most important jargon related to software and operating system. Since every now and then, software is developed some loopholes and incompleteness lie in the development phase, so there always remains a vulnerability of abruptness in it which can come into picture anytime. Detecting vulnerability is one thing and predicting its occurrence in the due course of time is another thing. If we get to know the vulnerability of any software in the due course of time then it acts as an active alarm for the developers to again develop sound and improvised software the second time. The proposal talks about the implementation of the idea using the artificial neural network, where different data sets are being given as input for being used for further analysis for successful results. As of now, there are models for studying the vulnerabilities in the software and networks, this paper proposal in addition to the current work, will throw light on the predictability of vulnerabilities over the due course of time.

To build a secure communications software, Vulnerability Prediction Models (VPMs) are used to predict vulnerable software modules in the software system before software security testing. At present many software security metrics have been proposed to design a VPM. In this paper, we predict vulnerable classes in a software system by establishing the system's weighted software network. The metrics are obtained from the nodes' attributes in the weighted software network. We design and implement a crawler tool to collect all public security vulnerabilities in Mozilla Firefox. Based on these data, the prediction model is trained and tested. The results show that the VPM based on weighted software network has a good performance in accuracy, precision, and recall. Compared to other studies, it shows that the performance of prediction has been improved greatly in Pr and Re.

Traffic signals were originally standalone hardware devices running on fixed schedules, but by now, they have evolved into complex networked systems. As a consequence, traffic signals have become susceptible to attacks through wireless interfaces or even remote attacks through the Internet. Indeed, recent studies have shown that many traffic lights deployed in practice have easily exploitable vulnerabilities, which allow an attacker to tamper with the configuration of the signal. Due to hardware-based failsafes, these vulnerabilities cannot be used to cause accidents. However, they may be used to cause disastrous traffic congestions. Building on Daganzo's well-known traffic model, we introduce an approach for evaluating vulnerabilities of transportation networks, identifying traffic signals that have the greatest impact on congestion and which, therefore, make natural targets for attacks. While we prove that finding an attack that maximally impacts congestion is NP-hard, we also exhibit a polynomial-time heuristic algorithm for computing approximately optimal attacks. We then use numerical experiments to show that our algorithm is extremely efficient in practice. Finally, we also evaluate our approach using the SUMO traffic simulator with a real-world transportation network, demonstrating vulnerabilities of this network. These simulation results extend the numerical experiments by showing that our algorithm is extremely efficient in a microsimulation model as well.

With the further development in the fields of computer vision, network security, natural language processing and so on so forth, deep learning technology gradually exposed certain security risks. The existing deep learning algorithms cannot effectively describe the essential characteristics of data, making the algorithm unable to give the correct result in the face of malicious input. Based on current security threats faced by deep learning, this paper introduces the problem of adversarial examples in deep learning, sorts out the existing attack and defense methods of black box and white box, and classifies them. It briefly describes the application of some adversarial examples in different scenarios in recent years, compares several defense technologies of adversarial examples, and finally summarizes the problems in this research field and prospects its future development. This paper introduces the common white box attack methods in detail, and further compares the similarities and differences between the attack of black and white boxes. Correspondingly, the author also introduces the defense methods, and analyzes the performance of these methods against the black and white box attack.

Person re-identification (re-ID) is a key problem in smart supervision of camera networks. Over the past years, models using deep learning have become state of the art. However, it has been shown that deep neural networks are flawed with adversarial examples, i.e. human-imperceptible perturbations. Extensively studied for the task of image closed- set classification, this problem can also appear in the case of open-set retrieval tasks. Indeed, recent work has shown that we can also generate adversarial examples for metric learning systems such as re-ID ones. These models remain vulnerable: when faced with adversarial examples, they fail to correctly recognize a person, which represents a security breach. These attacks are all the more dangerous as they are impossible to detect for a human operator. Attacking a metric consists in altering the distances between the feature of an attacked image and those of reference images, i.e. guides. In this article, we investigate different possible attacks depending on the number and type of guides available. From this metric attack family, two particularly effective attacks stand out. The first one, called Self Metric Attack, is a strong attack that does not need any image apart from the attacked image. The second one, called FurthestNegative Attack, makes full use of a set of images. Attacks are evaluated on commonly used datasets: Market1501 and DukeMTMC. Finally, we propose an efficient extension of adversarial training protocol adapted to metric learning as a defense that increases the robustness of re-ID models.1

The secure functioning of automotive systems is vital to the safety of their passengers and other roadway users. One of the critical functions for safety is the controller area network (CAN), which interconnects the safety-critical electronic control units (ECUs) in the majority of ground vehicles. Unfortunately CAN is known to be vulnerable to several attacks. One such attack is the bus-off attack, which can be used to cause a victim ECU to disconnect itself from the CAN bus and, subsequently, for an attacker to masquerade as that ECU. A limitation of the bus-off attack is that it requires the attacker to achieve tight synchronization between the transmission of the victim and the attacker's injected message. In this paper, we introduce a schedule-based attack framework for the CAN bus-off attack that uses the real-time schedule of the CAN bus to predict more attack opportunities than previously known. We describe a ranking method for an attacker to select and optimize its attack injections with respect to criteria such as attack success rate, bus perturbation, or attack latency. The results show that vulnerabilities of the CAN bus can be enhanced by schedule-based attacks.

Common vulnerability scoring system (CVSS) is an industry standard that can assess the vulnerability of nodes in traditional computer systems. The metrics computed by CVSS would determine critical nodes and attack paths. However, traditional IT security models would not fit IoT embedded networks due to distinct nature and unique characteristics of IoT systems. This paper analyses the application of CVSS for IoT embedded systems and proposes an improved vulnerability scoring system based on CVSS v3 framework. The proposed framework, named CVSSIoT, is applied to a realistic IT supply chain system and the results are compared with the actual vulnerabilities from the national vulnerability database. The comparison result validates the proposed model. CVSSIoT is not only effective, simple and capable of vulnerability evaluation for traditional IT system, but also exploits unique characteristics of IoT devices.

The paper aims to discover vulnerabilities by application of supervisory control theory and to design a defensive supervisor against vulnerability attacks. Supervisory control restricts the system behavior to satisfy the control specifications. The existence condition of the supervisor, sometimes results in undesirable plant behavior, which can be regarded as a vulnerability of the control specifications. We aim to design a more robust supervisor against this vulnerability.

SMS (Short Message Service)-based authentication is widely used as a simple and secure multi-factor authentication, where OTP (One Time Password) is sent to user’s mobile phone via SMS. However, SMS authentication is vulnerable to Password Reset Man in the Middle Attack (PRMitM). In this attack, the attacker makes a victim perform password reset OTP for sign-up verification OTP. If the victim enters OTP to a malicious man-in-the-middle site, the attacker can overtake the victim’s account.We find new smartphone useful functions may increase PR-MitM attack risks. SMS push notification informs us an arrival of message by showing only beginning of the message. Hence, those who received SMS OTP do not notice the cautionary notes and the name of the sender that are supposed to show below the code, which may lead to be compromised. Auto-fill function, which allow us to input authentication code with one touch, is also vulnerable for the same reason.In this study, we conduct a user study to investigate the effect of new smartphone functions incurring PRMitM attack.

Web browsers are primary targets of attacks because of their extensive uses and the fact that they interact with sensitive data. Vulnerabilities present in a web browser can pose serious risk to millions of users. Thus, it is pertinent to address these vulnerabilities to provide adequate protection for personally identifiable information. Research done in the past has showed that few vulnerability discovery models (VDMs) highlight the characterization of vulnerability discovery process. In these models, severity which is one of the most crucial properties has not been considered. Vulnerabilities can be categorized into different levels based on their severity. The discovery process of each kind of vulnerabilities is different from the other. Hence, it is essential to incorporate the severity of the vulnerabilities during the modelling of the vulnerability discovery process. This paper proposes a model to assess the vulnerabilities present in the software quantitatively with consideration for the severity of the vulnerabilities. It is possible to apply the proposed model to approximate the number of vulnerabilities along with vulnerability discovery rate, future occurrence of vulnerabilities, risk analysis, etc. Vulnerability data obtained from one of the major web browsers (Google Chrome) is deployed to examine goodness-of-fit and predictive capability of the proposed model. Experimental results justify the fact that the model proposed herein can estimate the required information better than the existing VDMs.

Vulnerability detection is an import issue in information system security. In this work, we propose the deep learning method for vulnerability detection. We present three deep learning models, namely, convolution neural network (CNN), long short term memory (LSTM) and convolution neural network — long short term memory (CNN-LSTM). In order to test the performance of our approach, we collected 9872 sequences of function calls as features to represent the patterns of binary programs during their execution. We apply our deep learning models to predict the vulnerabilities of these binary programs based on the collected data. The experimental results show that the prediction accuracy of our proposed method reaches 83.6%, which is superior to that of traditional method like multi-layer perceptron (MLP).

Although the importance of mobile applications grows every day, recent vulnerability reports argue the application's deficiency to meet modern security standards. Testing strategies alleviate the problem by identifying security violations in software implementations. This paper proposes a novel testing methodology that applies state machine learning of mobile Android applications in combination with algorithms that discover attack paths in the learned state machine. The presence of an attack path evidences the existence of a vulnerability in the mobile application. We apply our methods to real-life apps and show that the novel methodology is capable of identifying vulnerabilities.

Vulnerability Detection Tools (VDTs) have been researched and developed to prevent problems with respect to security. Such tools identify vulnerabilities that exist on the server in advance. By using these tools, administrators must protect their servers from attacks. They have, however, different results since methods for detection of different tools are not the same. For this reason, it is recommended that results are gathered from many tools rather than from a single tool but the installation which all of the tools have requires a great overhead. In this paper, we propose a novel vulnerability detection mechanism using Open API and use OpenVAS for actual testing.

With the development of Internet technology, software vulnerabilities have become a major threat to current computer security. In this work, we propose the vulnerability detection for source code using Contextual LSTM. Compared with CNN and LSTM, we evaluated the CLSTM on 23185 programs, which are collected from SARD. We extracted the features through the program slicing. Based on the features, we used the natural language processing to analysis programs with source code. The experimental results demonstrate that CLSTM has the best performance for vulnerability detection, reaching the accuracy of 96.711% and the F1 score of 0.96984.

As a modern power transmission network, smart grid connects abundant terminal devices and plays an important role in our daily life. However, along with its growth are the security threats. Different from the separated environment previously, an adversary nowadays can destroy the power system by attacking its terminal devices. As a result, it's critical to ensure the security and safety of terminal devices. To achieve it, detecting the pre-existing vulnerabilities in the terminal program and enhancing its security, are of great importance and necessity. In this paper, we introduce Cker, a novel vulnerability detection tool for smart grid devices, which generates an program model based on device sources and sets rules to perform model checking. We utilize the static analysis to extract necessary information and build corresponding program models. By further checking the model with pre-defined vulnerability patterns, we achieve security detection and error reporting. The evaluation results demonstrate that our method can effectively detect vulnerabilities in smart devices with an acceptable accuracy and false positive rate. In addition, as Cker is realized by pure python, it can be easily scaled to other platforms.

The security of Internet of Things (IoT) devices has become a matter of great concern in recent years. The existence of security holes in the executable programs in the IoT devices has resulted in difficult to estimate security risks. For a long time, vulnerability detection is mainly completed by manual debugging and analysis, and the detection efficiency is low and the accuracy is difficult to guarantee. In this paper, the mainstream automated vulnerability analysis methods in recent years are studied, and a vulnerability detection algorithm based on symbol execution is presented. The detection algorithm is suitable for lightweight applications in small and medium-sized IoT devices. It realizes three functions: buffer overflow vulnerability detection, encryption reliability detection and protection state detection. The robustness of the detection algorithm was tested in the experiment, and the detection of overflow vulnerability program was completed within 2.75 seconds, and the detection of encryption reliability was completed within 1.79 seconds. Repeating the test with multiple sets of data showed a small difference of less than 6.4 milliseconds. The results show that the symbol execution detection algorithm presented in this paper has high detection efficiency and more robust accuracy and robustness.

Cyber-physical systems (CPS) data privacy protection during sharing, aggregating, and publishing is a challenging problem. Several privacy protection mechanisms have been developed in the literature to protect sensitive data from adversarial analysis and eliminate the risk of re-identifying the original properties of shared data. However, most of the existing solutions have drawbacks, such as (i) lack of a proper vulnerability characterization model to accurately identify where privacy is needed, (ii) ignoring data providers privacy preference, (iii) using uniform privacy protection which may create inadequate privacy for some provider while over-protecting others, and (iv) lack of a comprehensive privacy quantification model assuring data privacy-preservation. To address these issues, we propose a personalized privacy preference framework by characterizing and quantifying the CPS vulnerabilities as well as ensuring privacy. First, we introduce a Standard Vulnerability Profiling Library (SVPL) by arranging the nodes of an energy-CPS from maximum to minimum vulnerable based on their privacy loss. Based on this model, we present our personalized privacy framework (PDP) in which Laplace noise is added based on the individual node's selected privacy preferences. Finally, combining these two proposed methods, we demonstrate that our privacy characterization and quantification model can attain better privacy preservation by eliminating the trade-off between privacy, utility, and risk of losing information.

Despite the fact that the power grid is typically regarded as a relatively stable system, outages and electricity shortages are common occurrences. Grid security is mainly dependent on accurate vulnerability assessment. The vulnerability can be assessed in terms of topology-based metrics and flow-based metrics. In this work, power flow analysis is used to calculate the metrics under single line contingency (N-1) conditions. The effect of load uncertainty on system vulnerability is checked. The IEEE 30 bus power network has been used for the case study. It has been found that the variation in load demand affects the system vulnerability.

The power cyber-physical system combines the cyber network with the traditional electrical power network, which can monitor and control the operation of the power grid stably and efficiently. Since the system's structure and function is complicated and large, it becomes fragile as a result. Therefore, establishing a reasonable and effective CPS model and discussing its vulnerability performance under external attacks is essential and vital for power grid operation. This paper uses the theory of complex networks to establish a independent system model by IEEE-118-node power network and 200-node scale-free information network, introducing information index to identify and sort important nodes in the network, and then cascade model of the power cyber-physical system based on the node load capacity is constructed and the vulnerability assessment analysis is carried out. The simulation shows that the disintegration speed of the system structure under deliberate attacks is faster than random attacks; And increasing the node threshold can effectively inhibit the propagation of failure.

The Internet of Things (IoT) can be described as the ever-growing global network of objects with built-in sensing and communication interfaces such as sensors, Global Positioning devices (GPS) and Local Area Network (LAN) interfaces. Security is by far one of the biggest challenges in IoT networks. This includes secure routing which involves the secure creation of traffic routes and secure transmission of routed packets from a source to a destination. The Routing Protocol for Low-power and Lossy network (RPL) is one of the popular IoT's routing protocol that supports IPv6 communication. However, it suffers from having a basic system for supporting secure routing procedure which makes the RPL vulnerable to many attacks. This includes rank attack manipulation. Objective Function (OF) is one of the extreme importance features of RPL which influences an IoT network in terms of routing strategies as well as network topology. However, current literature lacks study of vulnerability analysis of OFs. Therefore, this paper aims to investigate the vulnerability assessment of OF of RPL protocol. For this, we focus on the rank attack manipulation and two popular OFs: Objective Function Zero (OF0) and the Minimum Rank with Hysteresis Objective Function (MRHOF).

In order to protect power grid network, the security assessment techniques which include both cyber side and the physical side should be considered. In this paper, we present a method for evaluating the dynamic vulnerability of cyber-physical power system (CPPS) considering the power grid infrastructures failure. First, according to the functional characteristics of different components, the impact of a single component function failure on CPPS operation is analyzed and quantified, such as information components, communication components and power components; then, the dynamic vulnerability of multiple components synchronization function failure is calculated, and the full probability evaluation formula of CPPS operational dynamic vulnerability is built; Thirdly, from an attacker's perspective to identify the most hazardous component combinations for CPPS multi-node collaborative attack; Finally, a local CPPS model is established based on the IEEE-9 bus system to quantify its operational dynamic vulnerability, and the effectiveness of proposed method is verified.

In order to make up for the shortcomings of traditional evaluation methods neglecting node difference, a vulnerability assessment method considering node heterogeneity for cyber physical power system (CPPS) is proposed. Based on the entropy of the power flow and complex network theory, we establish heterogeneity evaluation index system for CPPS, which considers the survivability of island survivability and short-term operation of the communication network. For mustration, hierarchical CPPS model and distributed CPPS model are established respectively based on partitioning characteristic and different relationships of power grid and communication network. Simulation results show that distributed system is more robust than hierarchical system of different weighting factor whether under random attack or deliberate attack and a hierarchical system is more sensitive to the weighting factor. The proposed method has a better recognition effect on the equilibrium of the network structure and can assess the vulnerability of CPPS more accurately.