Biblio

This paper describes the various malware datasets that we have obtained permissions to host at the University of Arizona as part of a National Science Foundation funded project. It also describes some other malware datasets that we are in the process of obtaining permissions to host at the University of Arizona. We have also discussed some preliminary work we have carried out on malware analysis using big data platforms.

Bayesian Network is the popular and important data mining model for representing uncertain knowledge. For large scale data it is often too costly to learn the accurate structure. To resolve this problem, much work has been done on migrating the structure learning algorithms to the MapReduce framework. In this paper, we introduce a distributed hybrid structure learning algorithm by combining the advantages of constraint-based and score-and-search-based algorithms. By reusing the intermediate results of MapReduce, the algorithm greatly simplified the computing work and got good results in both efficiency and accuracy.

Over the last decade, a globalization of the software industry took place, which facilitated the sharing and reuse of code across existing project boundaries. At the same time, such global reuse also introduces new challenges to the software engineering community, with not only components but also their problems and vulnerabilities being now shared. For example, vulnerabilities found in APIs no longer affect only individual projects but instead might spread across projects and even global software ecosystem borders. Tracing these vulnerabilities at a global scale becomes an inherently difficult task since many of the existing resources required for such analysis still rely on proprietary knowledge representation. In this research, we introduce an ontology-based knowledge modeling approach that can eliminate such information silos. More specifically, we focus on linking security knowledge with other software knowledge to improve traceability and trust in software products (APIs). Our approach takes advantage of the Semantic Web and its reasoning services, to trace and assess the impact of security vulnerabilities across project boundaries. We present a case study, to illustrate the applicability and flexibility of our ontological modeling approach by tracing vulnerabilities across project and resource boundaries.

We consider an underlay cognitive network with secondary users that support full-duplex communication. In this context, we propose the application of antenna selection at the secondary destination node to improve the secondary user secrecy performance. Antenna selection rules for cases where exact and average knowledge of the eavesdropping channels are investigated. The secrecy outage probabilities for the secondary eavesdropping network are analyzed, and it is shown that the secrecy performance improvement due to antenna selection is due to coding gain rather than diversity gain. This is very different from classical antenna selection for data transmission, which usually leads to a higher diversity gain. Numerical simulations are included to verify the performance of the proposed scheme.

This paper investigates the secrecy performance of full-duplex relay mode in underlay cognitive radio networks using decode-and-forward relay selection. The analytical results prove that full-duplex mode can guarantee security under critical conditions such as the bad residual self-interference and the presence of hi-tech eavesdropper. The secrecy outage probability is derived based on the statistical characteristics of channels in this considered system. The system is examined under five circumferences: 1) Different values of primary network's desired outage probability; 2) Different values of primary transmitter's transmit power; 3) Applying of multiple relays selection; 4) Systems undergo path-loss during the transmission process; 5) Systems undergo self-interference in relays. Simulation results are presented to verify the analysis.

We address secure resource allocation for an OFDMA cooperative cognitive radio network (CRN) with energy harvesting (EH) capability. In the network, one primary user (PU) cooperates with several untrusted secondary users (SUs) with one SU transmitter and several SU receivers, where the SU transmitter and all SU receivers may overhear the PU transmitter's information while all SU receivers may eavesdrop on each other's signals. We consider the scenario when SUs are wireless devices with small physical sizes; therefore to improve system performance we suppose that SUs are equipped with co-located orthogonally dual-polarized antennas (ODPAs). With ODPAs, on one hand, the SU transmitter can first harvest energy from radio frequency (RF) signals emitted by the PU transmitter, and then utilize the harvested energy to simultaneously serve the PU and all SU receivers. On the other hand, by exploiting polarization-based signal processing techniques, both the PU's and SUs' physical-layer security can be enhanced. In particular, to ensure the PU's communication security, the PU receiver also sends jamming signals to degrade the reception performance of SUs, and meanwhile the jamming signals can also become new sources of energy powering the SU transmitter. For the considered scenario, we investigate the joint allocation of subcarriers, powers, and power splitting ratios to maximize the total secrecy rate of all SUs while ensuring the PU's minimum secrecy rate requirement. Finally, we evaluate the performance of our resource allocation scheme through numerical analyses.

The exponential growth in the number of mobile devices, combined with the rapid demand for wireless services, has steadily stressed the wireless spectrum, calling for new techniques to improve spectrum utilization. A geo-location database has been proposed as a viable solution for wireless users to determine spectrum availability in cognitive radio networks. The protocol used by secondary users (SU) to request spectral availability for a specific location, time and duration, may reveal confidential information about these users. In this paper, we focus on SUs' location privacy in database-enabled wireless networks and propose a framework to address this threat. The basic tenet of the framework is obfuscation, whereby channel requests for valid locations are interwoven with requests for fake locations. Traffic redirection is also used to deliberately confuse potential query monitors from inferring users' location information. Within this framework, we propose two privacy-preserving schemes. The Master Device Enabled Location Privacy Preserving scheme utilizes trusted master devices to prevent leaking information of SUs' locations to attackers. The Crowd Sourced Location Privacy Preserving scheme builds a guided tour of randomly selected volunteers to deliver users channel availability queries and ensure location privacy. Security analysis and computational and communication overhead of these schemes are discussed.

Reliable detection of intrusion is the basis of safety in cognitive radio networks (CRNs). So far, few scholars applied intrusion detection systems (IDSs) to combat intrusion against CRNs. In order to improve the performance of intrusion detection in CRNs, a distributed intrusion detection scheme has been proposed. In this paper, a method base on Dempster-Shafer's (D-S) evidence theory to detect intrusion in CRNs is put forward, in which the detection data and credibility of different local IDS Agent is combined by D-S in the cooperative detection center, so that different local detection decisions are taken into consideration in the final decision. The effectiveness of the proposed scheme is verified by simulation, and the results reflect a noticeable performance improvement between the proposed scheme and the traditional method.

Primary user emulation (PUE) attack is one of the main threats affecting cognitive radio (CR) networks. The PUE can forge the same signal as the real primary user (PU) in order to use the licensed channel and cause deny of service (DoS). Therefore, it is important to locate the position of the PUE in order to stop and avoid any further attack. Several techniques have been proposed for localization, including the received signal strength indication RSSI, Triangulation, and Physical Network Layer Coding. However, the area surrounding the real PU is always affected by uncertainty. This uncertainty can be described as a lost (cost) function and conditional probability to be taken into consideration while proclaiming if a PU/PUE is the real PU or not. In this paper, we proposed a combination of a Bayesian model and trilateration technique. In the first part a trilateration technique is used to have a good approximation of the PUE position making use of the RSSI between the anchor nodes and the PU/PUE. In the second part, a Bayesian decision theory is used to claim the legitimacy of the PU based on the lost function and the conditional probability to help to determine the existence of the PUE attacker in the uncertainty area.

Recently, some papers that apply a multi-armed bandit algorithm for channel selection in a cognitive radio system have been reported. In those papers, channel selection based on Upper Confidence Bound (UCB) algorithm has been proposed. However, in those selection, secondary users are not allowed to transmit data over same channels at the same time. Moreover, they do not take security of wireless communication into account. In this paper, we propose secure channel selection methods based on UCB algorithm, taking secrecy capacity into account. In our model, secondary users can share same channel by using transmit time control or transmit power control. Our proposed methods lead to be secure against an eavesdropper compared to conventional channel selections based on only estimated channel availability. By computer simulation, we evaluate average system secrecy capacity. As a result, we show that our proposed channel selections improve average system secrecy capacity compared to conventional channel selection.

Cognitive radio networks (CRNs) have a great potential in supporting time-critical data delivery among the Internet of Things (IoT) devices and for emerging applications such as smart cities. However, the unique characteristics of different technologies and shared radio operating environment can significantly impact network availability. Hence, in this paper, we study the channel assignment problem in time-critical IoT-based CRNs under proactive jamming attacks. Specifically, we propose a probabilistic spectrum assignment algorithm that aims at minimizing the packet invalidity ratio of each cognitive radio (CR) transmission subject to delay constrains. We exploit the statistical information of licensed users' activities, fading conditions, and jamming attacks over idle channels. Simulation results indicate that network performance can be significantly improved by using a security- availability- and quality-aware channel assignment that provides communicating CR pair with the most secured channel of the lowest invalidity ratio.

Cognitive radio networks (CRNs) enable secondary users (SU) to make use of licensed spectrum without interfering with the signal generated by primary users (PUs). To avoid such interference, the SU is required to sense the medium for a period of time and eventually use it only if the band is perceived to be idle. In this context, the encryption process is carried out for the SU requests prior to their transmission whilst the strength of the security in CRNs is directly proportional to the length of the encryption key. If a request of a PU on arrival finds an SU request being either encrypted or transmitted, then the SU is preempted from service. However, excessive sensing time for the detection of free spectrum by SUs as well as extended periods of the CRN being at an insecure state have an adverse impact on network performance. To this end, a generalized stochastic Petri net (GSPN) is proposed in order to investigate sensing vs. security vs. performance trade-offs, leading to an efficient use of the spectrum band. Typical numerical simulation experiments are carried out, based on the application of the Mobius Petri Net Package and associated interpretations are made.

Cognitive radio network (CRN) is regarded as an emerging technology for better spectrum efficiency where unlicensed secondary users (SUs) sense RF spectrum to find idle channels and access them opportunistically without causing any harmful interference to licensed primary users (PUs). However, RF spectrum sensing and sharing along with reconfigurable capabilities of SUs bring severe security vulnerabilities in the network. In this paper, we analyze physical-layer security (secrecy rates) of SUs in CRN in the presence of eavesdroppers, jammers and PU emulators (PUEs) where SUs compete not only with jammers and eavesdroppers who are trying to reduce SU's secrecy rates but also against PUEs who are trying to compel the SUs from their current channel by imitating the behavior of PUs. In addition, a legitimate SU competes with other SUs with a sharing attitude for dynamic spectrum access to gain a high secrecy rate, however, the malicious users (i.e., attackers) attempt to abuse the channels egotistically. The main contribution of this work is the design of a game theoretic approach to maximize utilities (that is proportional to secrecy rates) of SUs in the presence of eavesdroppers, jammers and PUEs. Furthermore, SUs use signal energy and cyclostationary feature detection along with location verification technique to detect PUEs. As the proposed approach is generic and considers different attackers, it can be particularized to a situation with eavesdroppers only, jammers only or PUEs only while evaluating physical-layer security of SUs in CRN. We evaluate the performance of the proposed approach using results obtained from simulations. The results show that the proposed approach outperforms other existing methods.

This paper investigates physical layer security of non-orthogonal multiple access (NOMA) in cognitive radio (CR) networks. The techniques of NOMA and CR have improved the spectrum efficiency greatly in the traditional networks. Because of the difference in principles of spectrum improving, NOMA and CR can be combined together, i.e. CR NOMA network, and have great potential to improving the spectrum efficiency. However the physical layer security in CR NOMA network is different from any single network of NOMA or CR. We will study the physical layer security in underlay CR NOMA network. Firstly, the wiretap network model is constructed according to the technical characteristics of NOMA and CR. In addition, new exact and asymptotic expressions of the security outage probability are derived and been confirmed by simulation. Ultimately, we have studied the effect of some critical factors on security outage probability after simulation.

In order to ensure the security of electric power supervisory control and data acquisition (SCADA) system, this paper proposes a dynamic awareness security protection model based on security policy, the design idea of which regards safety construction protection as a dynamic analysis process and the security policy should adapt to the network dynamics. According to the current situation of the power SCADA system, the related security technology and the investigation results of system security threat, the paper analyzes the security requirements and puts forward the construction ideas of security protection based on policy protection detection response (P2DR) policy model. The dynamic awareness security protection model proposed in this paper is an effective and useful tool for protecting the security of power-SCADA system.

When clients interact with a cloud-based service, they expect certain levels of quality of service guarantees. These are expressed as security and privacy policies, interaction authorization policies, and service performance policies among others. The main security challenge in a cloud-based service environment, typically modeled using service-oriented architecture (SOA), is that it is difficult to trust all services in a service composition. In addition, the details of the services involved in an end-to-end service invocation chain are usually not exposed to the clients. The complexity of the SOA services and multi-tenancy in the cloud environment leads to a large attack surface. In this paper we propose a novel approach for end-to-end security and privacy in cloud-based service orchestrations, which uses a service activity monitor to audit activities of services in a domain. The service monitor intercepts interactions between a client and services, as well as among services, and provides a pluggable interface for different modules to analyze service interactions and make dynamic decisions based on security policies defined over the service domain. Experiments with a real-world service composition scenario demonstrate that the overhead of monitoring is acceptable for real-time operation of Web services.

SoCs implementing security modules should be both testable and secure. Oversights in a design's test structure could expose internal modules creating security vulnerabilities during test. In this paper, for the first time, we propose a novel automated security vulnerability analysis framework to identify violations of confidentiality, integrity, and availability policies caused by test structures and designer oversights during SoC integration. Results demonstrate existing information leakage vulnerabilities in implementations of various encryption algorithms and secure microprocessors. These can be exploited to obtain secret keys, control finite state machines, or gain unauthorized access to memory read/write functions.

Supercomputers are widely applied in various domains, which have advantage of high processing capability and mass storage. With growing supercomputing users, the system security receives comprehensive attentions, and becomes more and more important. In this paper, according to the characteristics of supercomputing environment, we perform an in-depth analysis of existing security problems in the process of using resources. To solve these problems, we propose a security analysis method and a prototype system for supercomputing users' behavior. The basic idea is to restore the complete users' behavior paths and operation records based on the supercomputing business process and track the use of resources. Finally, the method is evaluated and the results show that the security analysis method of users' behavior can help administrators detect security incidents in time and respond quickly. The final purpose is to optimize and improve the security level of the whole system.

Two emerging architectural paradigms, i.e., Software Defined Networking (SDN) and Network Function Virtualization (NFV), enable the deployment and management of Service Function Chains (SFCs). A SFC is an ordered sequence of abstract Service Functions (SFs), e.g., firewalls, VPN-gateways, traffic monitors, that packets have to traverse in the route from source to destination. While this appealing solution offers significant advantages in terms of flexibility, it also introduces new challenges such as the correct configuration and ordering of SFs in the chain to satisfy overall security requirements. This paper presents a formal model conceived to enable the verification of correct policy enforcements in SFCs. Software tools based on the model can then be designed to cope with unwanted network behaviors (e.g., security flaws) deriving from incorrect interactions of SFs of the same SFC. 

In distributed systems, there is often a need to combine the heterogeneous access control policies to offer more comprehensive services to users in the local or national level. A large scale healthcare system is usually distributed in a computer network and might require sophisticated access control policies to protect the system. Therefore, the need for integrating the electronic healthcare systems might be important to provide a comprehensive care for patients while preserving patients' privacy and data security. However, there are major impediments in healthcare systems concerning not well-defined and flexible access control policy implementations, hindering the progress towards secure integrated systems. In this paper, we introduce an access control policy combination framework for EHR systems that preserves patients' privacy and ensures data security. We achieve our goal through an access control mechanism which handles multiple access control policies through a similarity analysis phase. In that phase, we evaluate different XACML policies to decide whether or not a policy combination is applicable. We have provided a case study to show the applicability of our proposed approach based on XACML. Our study results can be applied to the electronic health record (EHR) access control policy, which fosters interoperability and scalability among healthcare providers while preserving patients' privacy and data security. 

Exploratory evaluation is an effective way to analyze and improve the security of information system. The information system structure model for security protection capability is set up in view of the exploratory evaluation requirements of security protection capability, and the requirements of agility, traceability and interpretation for exploratory evaluation are obtained by analyzing the relationship between information system, protective equipment and protection policy. Aimed at the exploratory evaluation description problem of security protection capability, the exploratory evaluation problem and exploratory evaluation process are described based on the Granular Computing theory, and a general mathematical description is established. Analysis shows that the standardized description established meets the exploratory evaluation requirements, and it can provide an analysis basis and description specification for exploratory evaluation of information system security protection capability.

Internet plays a crucial role in today's life, so the usage of online social network monotonically increasing. People can share multimedia information's fastly and keep in touch or communicate with friend's easily through online social network across the world. Security in authentication is a big challenge in online social network and authentication is a preliminary process for identifying legitimate user. Conventionally, we are using alphanumeric textbased password for authentication approach. But the main flaw points of text based password is highly vulnerable to attacks and difficulty of recalling password during authentication time due to the irregular use of passwords. To overcome the shortcoming of text passwords, we propose a Graphical Password authentication. An approach of Graphical Password is an authentication of amalgam of pictures. It is less vulnerable to attacks and human can easily recall pictures better than text. So the graphical password is a better alternative to text passwords. As the image uploads are increasing by users share through online site, privacy preserving has become a major problem. So we need a Caption Based Metadata Stratification of images for delivers an automatic suggestion of similar category already in database, it works by comparing the caption metadata of album with caption metadata already in database or extract the synonyms of caption metadata of new album for checking the similarity with caption metadata already in database. This stratification offers an enhanced automatic privacy prediction for uploaded images in online social network, privacy is an inevitable factor for uploaded images, and privacy violation is a major concern. So we propose an Automatic Policy Prediction for uploaded images that are classified by caption metadata. An automatic policy prediction is a hassle-free privacy setting proposed to the user.

The unauthorized access or theft of sensitive, personal information is becoming a weekly news item. The illegal dissemination of proprietary information to media outlets or competitors costs industry untold millions in remediation costs and losses every year. The 2013 data breach at Target, Inc. that impacted 70 million customers is estimated to cost upwards of 1 billion dollars. Stolen information is also being used to damage political figures and adversely influence foreign and domestic policy. In this paper, we offer some techniques for better understanding the health and security of our networks. This understanding will help professionals to identify network behavior, anomalies and other latent, systematic issues in their networks. Software-Defined Networks (SDN) enable the collection of network operation and configuration metrics that are not readily available, if available at all, in traditional networks. SDN also enables the development of software protocols and tools that increases visibility into the network. By accumulating and analyzing a time series data repository (TSDR) of SDN and traditional metrics along with data gathered from our tools we can establish behavior and security patterns for SDN and SDN hybrid networks. Our research helps provide a framework for a range of techniques for administrators and automated system protection services that give insight into the health and security of the network. To narrow the scope of our research, this paper focuses on a subset of those techniques as they apply to the confidence analysis of a specific network path at the time of use or inspection. This confidence analysis allows users, administrators and autonomous systems to decide whether a network path is secure enough for sending their sensitive information. Our testing shows that malicious activity can be identified quickly as a single metric indicator and consistently within a multi-factor indicator analysis. Our research includes the implementation of - hese techniques in a network path confidence analysis service, called Confidence Assessment as a Service. Using our behavior and security patterns, this service evaluates a specific network path and provides a confidence score for that path before, during and after the transmission of sensitive data. Our research and tools give administrators and autonomous systems a much better understanding of the internal operation and configuration of their networks. Our framework will also provide other services that will focus on detecting latent, systemic network problems. By providing a better understanding of network configuration and operation our research enables a more secure and dependable network and helps prevent the theft of information by malicious actors.

A problem in managing the ever growing computer networks nowadays is the analysis of events detected by intrusion detection systems and the classification whether an event was correctly detected or not. When a false positive is detected by the user, changes to the configuration must be made and evaluated before they can be adopted to productive use. This paper describes an approach for a visual analysis framework that integrates the monitoring and analysis of events and the resulting changes on the configuration of detection systems after finding false alarms, together with a preliminary simulation and evaluation of the changes.

The focus of this paper is to propose an integration between Internet of Things (IoT) and Video Surveillance, with the aim to satisfy the requirements of the future needs of Video Surveillance, and to accomplish a better use. IoT is a new technology in the sector of telecommunications. It is a network that contains physical objects, items, and devices, which are embedded with sensors and software, thus enabling the objects, and allowing for their data exchange. Video Surveillance systems collect and exchange the data which has been recorded by sensors and cameras and send it through the network. This paper proposes an innovative topology paradigm which could offer a better use of IoT technology in Video Surveillance systems. Furthermore, the contribution of these technologies provided by Internet of Things features in dealing with the basic types of Video Surveillance technology with the aim to improve their use and to have a better transmission of video data through the network. Additionally, there is a comparison between our proposed topology and relevant proposed topologies focusing on the security issue.