Biblio

Found 493 results

Filters: Keyword is Monitoring  [Clear All Filters]
2021-02-10
Tanana, D., Tanana, G..  2020.  Advanced Behavior-Based Technique for Cryptojacking Malware Detection. 2020 14th International Conference on Signal Processing and Communication Systems (ICSPCS). :1—4.
With rising value and popularity of cryptocurrencies, they inevitably attract cybercriminals seeking illicit profits within blockchain ecosystem. Two of the most popular methods are ransomware and cryptojacking. Ransomware, being the first and more obvious threat has been extensively studied in the past. Unlike that, scientists have often neglected cryptojacking, because it’s less obvious and less harmful than ransomware. In this paper, we’d like to propose enhanced detection program to combat cryptojacking, additionally briefly touching history of cryptojacking, also known as malicious mining and reviewing most notable previous attempts to detect and combat cryptojacking. The review would include out previous work on malicious mining detection and our current detection program is based on its previous iteration, which mostly used CPU usage heuristics to detect cryptojacking. However, we will include additional metrics for malicious mining detection, such as network usage and calls to cryptographic libraries, which result in a 93% detection rate against the selected number of cryptojacking samples, compared to 81% rate achieved in previous work. Finally, we’ll discuss generalization of proposed detection technique to include GPU cryptojackers.
2021-02-16
Grashöfer, J., Titze, C., Hartenstein, H..  2020.  Attacks on Dynamic Protocol Detection of Open Source Network Security Monitoring Tools. 2020 IEEE Conference on Communications and Network Security (CNS). :1—9.
Protocol detection is the process of determining the application layer protocol in the context of network security monitoring, which requires a timely and precise decision to enable protocol-specific deep packet inspection. This task has proven to be complex, as isolated characteristics, like port numbers, are not sufficient to reliably determine the application layer protocol. In this paper, we analyze the Dynamic Protocol Detection mechanisms employed by popular and widespread open-source network monitoring tools. On the example of HTTP, we show that all analyzed detection mechanisms are vulnerable to evasion attacks. This poses a serious threat to real-world monitoring operations. We find that the underlying fundamental problem of protocol disambiguation is not adequately addressed in two of three monitoring systems that we analyzed. To enable adequate operational decisions, this paper highlights the inherent trade-offs within Dynamic Protocol Detection.
2021-03-01
Raj, C., Khular, L., Raj, G..  2020.  Clustering Based Incident Handling For Anomaly Detection in Cloud Infrastructures. 2020 10th International Conference on Cloud Computing, Data Science Engineering (Confluence). :611–616.
Incident Handling for Cloud Infrastructures focuses on how the clustering based and non-clustering based algorithms can be implemented. Our research focuses in identifying anomalies and suspicious activities that might happen inside a Cloud Infrastructure over available datasets. A brief study has been conducted, where a network statistics dataset the NSL-KDD, has been chosen as the model to be worked upon, such that it can mirror the Cloud Infrastructure and its components. An important aspect of cloud security is to implement anomaly detection mechanisms, in order to monitor the incidents that inhibit the development and the efficiency of the cloud. Several methods have been discovered which help in achieving our present goal, some of these are highlighted as the following; by applying algorithm such as the Local Outlier Factor to cancel the noise created by irrelevant data points, by applying the DBSCAN algorithm which can detect less denser areas in order to identify their cause of clustering, the K-Means algorithm to generate positive and negative clusters to identify the anomalous clusters and by applying the Isolation Forest algorithm in order to implement decision based approach to detect anomalies. The best algorithm would help in finding and fixing the anomalies efficiently and would help us in developing an Incident Handling model for the Cloud.
2021-09-07
Mueller, Felicitas, Hentschel, Paul, de Jongh, Steven, Held, Lukas, Suriyah, Michael, Leibried, Thomas.  2020.  Congestion Management of the German Transmission Grid through Sector Coupling: A Modeling Approach. 2020 55th International Universities Power Engineering Conference (UPEC). :1–6.
The progressive expansion of renewable energies, especially wind power plants being promoted in Germany as part of the energy transition, places new demands on the transmission grid. As an alternative to grid expansion, sector coupling of the gas and electricity sector through Power-to-Gas (PtG) technology is seen as a great opportunity to make the energy transmission more flexible and reliable in the future as well as make use of already existing gas infrastructure. In this paper, PtG plants are dimensioned and placed in a model of the German transmission grid. Time series based load flow calculations are performed allowing conclusions about the line loading for the exemplary year 2016.
2021-09-16
Venkataramanan, Venkatesh, Hahn, Adam, Srivastava, Anurag.  2020.  CP-SAM: Cyber-Physical Security Assessment Metric for Monitoring Microgrid Resiliency. IEEE Transactions on Smart Grid. 11:1055–1065.
Trustworthy and secure operation of the cyber-power system calls for resilience against malicious and accidental failures. The objective of a resilient system is to withstand and recover operation of the system to supply critical loads despite multiple contingencies in the system. To take timely actions, we need to continuously measure the cyberphysical security of the system. We propose a cyber-physical security assessment metric (CP-SAM) based on quantitative factors affecting resiliency and utilizing concepts from graph theoretic analysis, probabilistic model of availability, attack graph metrics, and vulnerabilities across different layers of the microgrid system. These factors are integrated into a single metric using a multi-criteria decision making (MCDM) technique, Choquet Integral to compute CP-SAM. The developed metric will be valuable for i) monitoring the microgrid resiliency considering a holistic cyber-physical model; and ii) enable better decision-making to select best possible mitigation strategies towards resilient microgrid system. Developed CP-SAM can be extended for active distribution system and has been validated in a real-world power-grid test-bed to monitor the microgrid resiliency.
Conference Name: IEEE Transactions on Smart Grid
2021-07-07
Wang, Guodong, Tian, Dongbo, Gu, Fengqiang, Li, Jia, Lu, Yang.  2020.  Design of Terminal Security Access Scheme based on Trusted Computing in Ubiquitous Electric Internet of Things. 2020 IEEE 9th Joint International Information Technology and Artificial Intelligence Conference (ITAIC). 9:188–192.
In the Ubiquitous Electric Internet of Things (UEIoT), the terminals are very easy to be accessed and attacked by attackers due to the lack of effective monitoring and safe isolation methods. Therefore, in the implementation of UEIoT, the security protection of terminals is particularly important. Therefore, this paper proposes a dual-system design scheme for terminal active immunity based on trusted computing. In this scheme, the terminal node in UEIoT is composed of two parts: computing part and trusted protection part. The computing component and the trusted protection component are logically independent of each other, forming a trusted computing active immune dual-system structure with both computing and protection functions. The Trusted Network Connection extends the trusted state of the terminal to the network, thus providing a solution for terminal secure access in the UEIoT.
2021-04-27
Putz, B., Pernul, G..  2020.  Detecting Blockchain Security Threats. 2020 IEEE International Conference on Blockchain (Blockchain). :313—320.
In many organizations, permissioned blockchain networks are currently transitioning from a proof-of-concept stage to production use. A crucial part of this transition is ensuring awareness of potential threats to network operations. Due to the plethora of software components involved in distributed ledgers, threats may be difficult or impossible to detect without a structured monitoring approach. To this end, we conduct a survey of attacks on permissioned blockchains and develop a set of threat indicators. To gather these indicators, a data processing pipeline is proposed to aggregate log information from relevant blockchain components, enriched with data from external sources. To evaluate the feasibility of monitoring current blockchain frameworks, we determine relevant data sources in Hyperledger Fabric. Our results show that the required data is mostly available, but also highlight significant improvement potential with regard to threat intelligence, chaincode scanners and built-in metrics.
2021-08-02
Billah, Mohammad Masum, Khan, Niaz Ahmed, Ullah, Mohammad Woli, Shahriar, Faisal, Rashid, Syed Zahidur, Ahmed, Md Razu.  2020.  Developing a Secured and Reliable Vehicular Communication System and Its Performance Evaluation. 2020 IEEE Region 10 Symposium (TENSYMP). :60–65.
The Ad-hoc Vehicular networks (VANET) was developed through the implementation of the concepts of ad-hoc mobile networks(MANET), which is swiftly maturing, promising, emerging wireless communication technology nowadays. Vehicular communication enables us to communicate with other vehicles and Roadside Infrastructure Units (RSU) to share information pertaining to the safety system, traffic analysis, Authentication, privacy, etc. As VANETs operate in an open wireless connectivity system, it increases permeable of variant type's security issues. Security concerns, however, which are either generally seen in ad-hoc networks or utterly unique to VANET, present significant challenges. Access Control List (ACL) can be an efficient feature to solve such security issues by permitting statements to access registered specific IP addresses in the network and deny statement unregistered IP addresses in the system. To establish such secured VANETs, the License number of the vehicle will be the Identity Number, which will be assigned via a DNS server by the Traffic Certification Authority (TCA). TCA allows registered vehicles to access the nearest two or more regions. For special vehicles, public access should be restricted by configuring ACL on a specific IP. Smart-card given by TCA can be used to authenticate a subscriber by checking previous records during entry to a new network area. After in-depth analysis of Packet Delivery Ratio (PDR), Packet Loss Ratio (PLR), Average Delay, and Handover Delay, this research offers more secure and reliable communication in VANETs.
2021-02-16
Wang, Y., Kjerstad, E., Belisario, B..  2020.  A Dynamic Analysis Security Testing Infrastructure for Internet of Things. 2020 Sixth International Conference on Mobile And Secure Services (MobiSecServ). :1—6.
IoT devices such as Google Home and Amazon Echo provide great convenience to our lives. Many of these IoT devices collect data including Personal Identifiable Information such as names, phone numbers, and addresses and thus IoT security is important. However, conducting security analysis on IoT devices is challenging due to the variety, the volume of the devices, and the special skills required for hardware and software analysis. In this research, we create and demonstrate a dynamic analysis security testing infrastructure for capturing network traffic from IoT devices. The network traffic is automatically mirrored to a server for live traffic monitoring and offline data analysis. Using the dynamic analysis security testing infrastructure, we conduct extensive security analysis on network traffic from Google Home and Amazon Echo. Our testing results indicate that Google Home enforces tighter security controls than Amazon Echo while both Google and Amazon devices provide the desired security level to protect user data in general. The dynamic analysis security testing infrastructure presented in the paper can be utilized to conduct similar security analysis on any IoT devices.
2021-09-16
Ambareen, Javeria, M, Prabhakar, Ara, Tabassum.  2020.  Edge Data Security for RFID-Based Devices. 2020 International Conference on Smart Technologies in Computing, Electrical and Electronics (ICSTCEE). :272–277.
Radio-frequency identification (RFID) has become a preferred technology for monitoring in industrial internet of things (IIoT) applications like supply chain, medical industry, vehicle tracking and warehouse monitoring where information is required continually. Typical security threats seen in these applications are denial of service (DOS) attack, transmission attack etc. We propose a novel edge data security schema based on spike modulation along with backscatter communication technique to modulate both sensor and identification (ID) information. It is observed that this data encoding schema works well even in a multi-tag single-reader environment. Further, it uses lower power and offers a low-cost solution for Industrial IoT applications.
2021-08-31
AlSabeh, Ali, Safa, Haidar, Bou-Harb, Elias, Crichigno, Jorge.  2020.  Exploiting Ransomware Paranoia For Execution Prevention. ICC 2020 - 2020 IEEE International Conference on Communications (ICC). :1–6.
Ransomware attacks cost businesses more than \$75 billion/year, and it is predicted to cost \$6 trillion/year by 2021. These numbers demonstrate the havoc produced by ransomware on a large number of sectors and urge security researches to tackle it. Several ransomware detection approaches have been proposed in the literature that interchange between static and dynamic analysis. Recently, ransomware attacks were shown to fingerprint the execution environment before they attack the system to counter dynamic analysis. In this paper, we exploit the behavior of contemporary ransomware to prevent its attack on real systems and thus avoid the loss of any data. We explore a set of ransomware-generated artifacts that are launched to sniff the surrounding. Furthermore, we design, develop, and evaluate an approach that monitors the behavior of a program by intercepting the called Windows APIs. Consequently, we determine in real-time if the program is trying to inspect its surrounding before the attack, and abort it immediately prior to the initiation of any malicious encryption or locking. Through empirical evaluations using real and recent ransomware samples, we study how ransomware and benign programs inspect the environment. Additionally, we demonstrate how to prevent ransomware with a low false positive rate. We make the developed approach available to the research community at large through GitHub to strongly promote cyber security defense operations and for wide-scale evaluations and enhancements.
2020-12-14
Efendioglu, H. S., Asik, U., Karadeniz, C..  2020.  Identification of Computer Displays Through Their Electromagnetic Emissions Using Support Vector Machines. 2020 International Conference on INnovations in Intelligent SysTems and Applications (INISTA). :1–5.
As a TEMPEST information security problem, electromagnetic emissions from the computer displays can be captured, and reconstructed using signal processing techniques. It is necessary to identify the display type to intercept the image of the display. To determine the display type not only significant for attackers but also for protectors to prevent display compromising emanations. This study relates to the identification of the display type using Support Vector Machines (SVM) from electromagnetic emissions emitted from computer displays. After measuring the emissions using receiver measurement system, the signals were processed and training/test data sets were formed and the classification performance of the displays was examined with the SVM. Moreover, solutions for a better classification under real conditions have been proposed. Thus, one of the important step of the display image capture can accomplished by automatically identification the display types. The performance of the proposed method was evaluated in terms of confusion matrix and accuracy, precision, F1-score, recall performance measures.
2021-08-11
Flora, José.  2020.  Improving the Security of Microservice Systems by Detecting and Tolerating Intrusions. 2020 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW). :131–134.
Microservice architectures adoption is growing expeditiously in market size and adoption, including in business-critical systems. This is due to agility in development and deployment further increased by containers and their characteristics. Ensuring security is still a major concern due to challenges faced such as resource separation and isolation, as improper access to one service might compromise complete systems. This doctoral work intends to advance the security of microservice systems through research and improvement of methodologies for detection, tolerance and mitigation of security intrusions, while overcoming challenges related to multi-tenancy, heterogeneity, dynamicity of systems and environments. Our preliminary research shows that host-based IDSes are applicable in container environments. This will be extended to dynamic scenarios, serving as a steppingstone to research intrusion tolerance techniques suited to these environments. These methodologies will be demonstrated in realistic microservice systems: complex, dynamic, scalable and elastic.
2021-04-27
Dilshan, D., Piumika, S., Rupasinghe, C., Perera, I., Siriwardena, P..  2020.  MSChain: Blockchain based Decentralized Certificate Transparency for Microservices. 2020 Moratuwa Engineering Research Conference (MERCon). :1–6.
Microservices architecture has become one of the most prominent software architectures in the software development processes due to its features such as scalability, maintainability, resilience, and composability. It allows developing business applications in a decentralized manner by dividing the important business logic into separate independent services. Digital certificates are used to verify the identity of microservices in most cases. However, the certificate authorities (CA) who issue the certificates to microservices cannot be trusted always since they can issue certificates without the consent of the relevant microservice. Nevertheless, existing implementations of certificate transparency are mostly centralized and has the vulnerability of the single point of failure. The distributed ledger technologies such as blockchain can be used to achieve decentralized nature in certificate transparency implementations. A blockchain-based decentralized certificate transparency system specified for microservices architecture is proposed in this paper to ensure secure communication among services. After the implementation and deployment in a cloud service, the system expressed average certificate querying time of 643 milliseconds along with the highly secured service provided.
2021-06-28
Lehrfeld, Michael R..  2020.  Preventing the Insider – Blocking USB Write Capabilities to Prevent IP Theft. 2020 SoutheastCon. 2:1–7.
The Edward Snowden data breach of 2013 clearly illustrates the damage that insiders can do to an organization. An insider's knowledge of an organization allows them legitimate access to the systems where valuable information is stored. Because they belong within an organizations security perimeter, an insider is inherently difficult to detect and prevent information leakage. To counter this, proactive measures must be deployed to limit the ability of an insider to steal information. Email monitoring at the edge is can easily be monitored for large file exaltation. However, USB drives are ideally suited for large-scale file extraction in a covert manner. This work discusses a process for disabling write-access to USB drives while allowing read-access. Allowing read-access for USB drives allows an organization to adapt to the changing security posture of the organization. People can still bring USB devices into the organization and read data from them, but exfiltration is more difficult.
2021-07-08
Kunz, Immanuel, Schneider, Angelika, Banse, Christian.  2020.  Privacy Smells: Detecting Privacy Problems in Cloud Architectures. 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). :1324—1331.
Many organizations are still reluctant to move sensitive data to the cloud. Moreover, data protection regulations have established considerable punishments for violations of privacy and security requirements. Privacy, however, is a concept that is difficult to measure and to demonstrate. While many privacy design strategies, tactics and patterns have been proposed for privacy-preserving system design, it is difficult to evaluate an existing system with regards to whether these strategies have or have not appropriately been implemented. In this paper we propose indicators for a system's non-compliance with privacy design strategies, called privacy smells. To that end we first identify concrete metrics that measure certain aspects of existing privacy design strategies. We then define smells based on these metrics and discuss their limitations and usefulness. We identify these indicators on two levels of a cloud system: the data flow level and the access control level. Using a cloud system built in Microsoft Azure we show how the metrics can be measured technically and discuss the differences to other cloud providers, namely Amazon Web Services and Google Cloud Platform. We argue that while it is difficult to evaluate the privacy-awareness in a cloud system overall, certain privacy aspects in cloud systems can be mapped to useful metrics that can indicate underlying privacy problems. With this approach we aim at enabling cloud users and auditors to detect deep-rooted privacy problems in cloud systems.
2021-08-11
Pan, Xiaoqin, Tang, Shaofei, Zhu, Zuqing.  2020.  Privacy-Preserving Multilayer In-Band Network Telemetry and Data Analytics. 2020 IEEE/CIC International Conference on Communications in China (ICCC). :142—147.
As a new paradigm for the monitoring and troubleshooting of backbone networks, the multilayer in-band network telemetry (ML-INT) with deep learning (DL) based data analytics (DA) has recently been proven to be effective on realtime visualization and fine-grained monitoring. However, the existing studies on ML-INT&DA systems have overlooked the privacy and security issues, i.e., a malicious party can apply tapping in the data reporting channels between the data and control planes to illegally obtain plaintext ML-INT data in them. In this paper, we discuss a privacy-preserving DL-based ML-INT&DA system for realizing AI-assisted network automation in backbone networks in the form of IP-over-Optical. We first show a lightweight encryption scheme based on integer vector homomorphic encryption (IVHE), which is used to encrypt plaintext ML-INT data. Then, we architect a DL model for anomaly detection, which can directly analyze the ciphertext ML-INT data. Finally, we present the implementation and experimental demonstrations of the proposed system. The privacy-preserving DL-based ML-INT&DA system is realized in a real IP over elastic optical network (IP-over-EON) testbed, and the experimental results verify the feasibility and effectiveness of our proposal.
2021-07-07
Suciu, George, Hussain, Ijaz, Petrescu, Gabriel.  2020.  Role of Ubiquitous Computing and Mobile WSN Technologies and Implementation. 2020 International Conference on Electrical, Communication, and Computer Engineering (ICECCE). :1–6.
Computing capabilities such as real time data, unlimited connection, data from sensors, environmental analysis, automated decisions (machine learning) are demanded by many areas like industry for example decision making, machine learning, by research and military, for example GPS, sensor data collection. The possibility to make these features compatible with each domain that demands them is known as ubiquitous computing. Ubiquitous computing includes network topologies such as wireless sensor networks (WSN) which can help further improving the existing communication, for example the Internet. Also, ubiquitous computing is included in the Internet of Things (IoT) applications. In this article, it is discussed the mobility of WSN and its advantages and innovations, which make possible implementations for smart home and office. Knowing the growing number of mobile users, we place the mobile phone as the key factor of the future ubiquitous wireless networks. With secure computing, communicating, and storage capacities of mobile devices, they can be taken advantage of in terms of architecture in the sense of scalability, energy efficiency, packet delay, etc. Our work targets to present a structure from a ubiquitous computing point of view for researchers who have an interest in ubiquitous computing and want to research on the analysis, to implement a novel method structure for the ubiquitous computing system in military sectors. Also, this paper presents security and privacy issues in ubiquitous sensor networks (USN).
2021-01-25
Lanotte, R., Merro, M., Munteanu, A..  2020.  Runtime Enforcement for Control System Security. 2020 IEEE 33rd Computer Security Foundations Symposium (CSF). :246–261.
With the explosion of Industry 4.0, industrial facilities and critical infrastructures are transforming into “smart” systems that dynamically adapt to external events. The result is an ecosystem of heterogeneous physical and cyber components, such as programmable logic controllers, which are more and more exposed to cyber-physical attacks, i.e., security breaches in cyberspace that adversely affect the physical processes at the core of industrial control systems. We apply runtime enforcement techniques, based on an ad-hoc sub-class of Ligatti et al.'s edit automata, to enforce specification compliance in networks of potentially compromised controllers, formalised in Hennessy and Regan's Timed Process Language. We define a synthesis algorithm that, given an alphabet P of observable actions and an enforceable regular expression e capturing a timed property for controllers, returns a monitor that enforces the property e during the execution of any (potentially corrupted) controller with alphabet P and complying with the property e. Our monitors correct and suppress incorrect actions coming from corrupted controllers and emit actions in full autonomy when the controller under scrutiny is not able to do so in a correct manner. Besides classical properties, such as transparency and soundness, the proposed enforcement ensures non-obvious properties, such as polynomial complexity of the synthesis, deadlock- and diverge-freedom of monitored controllers, together with scalability when dealing with networks of controllers.
2021-03-01
Khoukhi, L., Khatoun, R..  2020.  Safe Traffic Adaptation Model in Wireless Mesh Networks. 2020 4th Cyber Security in Networking Conference (CSNet). :1–4.
Wireless mesh networks (WMNs) are dynamically self-organized and self-configured technology ensuring efficient connection to Internet. Such networks suffer from many issues, like lack of performance efficiency when huge amount of traffic are injected inside the networks. To deal with such issues, we propose in this paper an adapted fuzzy framework; by monitoring the rate of change in queue length in addition to the current length of the queue, we are able to provide a measure of future queue state. Furthermore, by using explicit rate messages we can make node sources more responsive to unexpected changes in the network traffic load. The simulation results show the efficiency of the proposed model.
2021-02-16
Mace, J. C., Czekster, R. Melo, Morisset, C., Maple, C..  2020.  Smart Building Risk Assessment Case Study: Challenges, Deficiencies and Recommendations. 2020 16th European Dependable Computing Conference (EDCC). :59—64.
Inter-networked control systems make smart buildings increasingly efficient but can lead to severe operational disruptions and infrastructure damage. It is vital the security state of smart buildings is properly assessed so that thorough and cost effective risk management can be established. This paper uniquely reports on an actual risk assessment performed in 2018 on one of the world's most densely monitored, state-of-the-art, smart buildings. From our observations, we suggest that current practice may be inadequate due to a number of challenges and deficiencies, including the lack of a recognised smart building risk assessment methodology. As a result, the security posture of many smart buildings may not be as robust as their risk assessments suggest. Crucially, we highlight a number of key recommendations for a more comprehensive risk assessment process for smart buildings. As a whole, we believe this practical experience report will be of interest to a range of smart building stakeholders.
2021-04-27
Saganowski, S..  2020.  A Three-Stage Machine Learning Network Security Solution for Public Entities. 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). :1097–1104.
In the era of universal digitization, ensuring network and data security is extremely important. As a part of the Regional Center for Cybersecurity initiative, a three-stage machine learning network security solution is being developed and will be deployed in March 2021. The solution consists of prevention, monitoring, and curation stages. As prevention, we utilize Natural Language Processing to extract the security-related information from social media, news portals, and darknet. A deep learning architecture is used to monitor the network in real-time and detect any abnormal traffic. A combination of regular expressions, pattern recognition, and heuristics are applied to the abuse reports to automatically identify intrusions that passed other security solutions. The lessons learned from the ongoing development of the system, alongside the results, extensive analysis, and discussion is provided. Additionally, a cybersecurity-related corpus is described and published within this work.
2020-12-14
Wang, H., Ma, L., Bai, H..  2020.  A Three-tier Scheme for Sybil Attack Detection in Wireless Sensor Networks. 2020 5th International Conference on Computer and Communication Systems (ICCCS). :752–756.
Wireless sensor network (WSN) is a wireless self-organizing multi-hop network that can sense and collect the information of the monitored environment through a certain number of sensor nodes which deployed in a certain area and transmit the collected information to the client. Due to the limited power and data capacity stored by the micro sensor, it is weak in communication with other nodes, data storage and calculation, and is very vulnerable to attack and harm to the entire network. The Sybil attack is a classic example. Sybil attack refers to the attack in which malicious nodes forge multiple node identities to participate in network operation. Malicious attackers can forge multiple node identities to participate in data forwarding. So that the data obtained by the end user without any use value. In this paper, we propose a three-tier detection scheme for the Sybil node in the severe environment. Every sensor node will determine whether they are Sybil nodes through the first-level and second-level high-energy node detection. Finally, the base station determines whether the Sybil node detected by the first two stages is true Sybil node. The simulation results show that our proposed scheme significantly improves network lifetime, and effectively improves the accuracy of Sybil node detection.
2021-04-09
Yamato, K., Kourai, K., Saadawi, T..  2020.  Transparent IDS Offloading for Split-Memory Virtual Machines. 2020 IEEE 44th Annual Computers, Software, and Applications Conference (COMPSAC). :833—838.
To enable virtual machines (VMs) with a large amount of memory to be flexibly migrated, split migration has been proposed. It divides a large-memory VM into small pieces and transfers them to multiple hosts. After the migration, the VM runs across those hosts and exchanges memory data between hosts using remote paging. For such a split-memory VM, however, it becomes difficult to securely run intrusion detection systems (IDS) outside the VM using a technique called IDS offloading. This paper proposes VMemTrans to support transparent IDS offloading for split-memory VMs. In VMemTrans, offloaded IDS can monitor a split-memory VM as if that memory were not distributed. To achieve this, VMemTrans enables IDS running in one host to transparently access VM's remote memory. To consider a trade-off, it provides two methods for obtaining memory data from remote hosts: self paging and proxy paging. We have implemented VMemTrans in KVM and compared the execution performance between the two methods.
2021-06-28
P N, Renjith, K, Ramesh.  2020.  Trust based Security framework for IoT data. 2020 4th International Conference on Computer, Communication and Signal Processing (ICCCSP). :1–5.
With an incredible growth in MEMS and Internet, IoT has developed to an inevitable invention and resource for human needs. IoT reframes the communication and created a new way of machine to machine communication. IoT utilizes smart sensor to monitor and track environmental changes in any area of interest. The high volume of sensed information is processed, formulated and presented to the user for decision making. In this paper a model is designed to perform trust evaluation and data aggregation with confidential transmission of secured information in to the network and enables higher secure and reliable data transmission for effective analysis and decision making. The Sensors in IoT devices, senses the same information and forwards redundant data in to the network. This results in higher network congestion and causes transmission overhead. This could be control by introducing data aggregation. A gateway sensor node can act as aggregator and a forward unique information to the base station. However, when the network is adulterated with malicious node, these malicious nodes tend to injects false data in to the network. In this paper, a trust based malicious node detection technique has been introduced to isolate the malicious node from forwarding false information into the network. Simulation results proves the proposed protocol can be used to reduce malicious attack with increased throughput and performance.