Biblio

Found 315 results

Filters: Keyword is Conferences  [Clear All Filters]
2021-02-16
Grashöfer, J., Titze, C., Hartenstein, H..  2020.  Attacks on Dynamic Protocol Detection of Open Source Network Security Monitoring Tools. 2020 IEEE Conference on Communications and Network Security (CNS). :1—9.
Protocol detection is the process of determining the application layer protocol in the context of network security monitoring, which requires a timely and precise decision to enable protocol-specific deep packet inspection. This task has proven to be complex, as isolated characteristics, like port numbers, are not sufficient to reliably determine the application layer protocol. In this paper, we analyze the Dynamic Protocol Detection mechanisms employed by popular and widespread open-source network monitoring tools. On the example of HTTP, we show that all analyzed detection mechanisms are vulnerable to evasion attacks. This poses a serious threat to real-world monitoring operations. We find that the underlying fundamental problem of protocol disambiguation is not adequately addressed in two of three monitoring systems that we analyzed. To enable adequate operational decisions, this paper highlights the inherent trade-offs within Dynamic Protocol Detection.
2021-08-02
Kong, Tong, Wang, Liming, Ma, Duohe, Chen, Kai, Xu, Zhen, Lu, Yijun.  2020.  ConfigRand: A Moving Target Defense Framework against the Shared Kernel Information Leakages for Container-based Cloud. 2020 IEEE 22nd International Conference on High Performance Computing and Communications; IEEE 18th International Conference on Smart City; IEEE 6th International Conference on Data Science and Systems (HPCC/SmartCity/DSS). :794—801.
Lightweight virtualization represented by container technology provides a virtual environment for cloud services with more flexibility and efficiency due to the kernel-sharing property. However, the shared kernel also means that the system isolation mechanisms are incomplete. Attackers can scan the shared system configuration files to explore vulnerabilities for launching attacks. Previous works mainly eliminate the problem by fixing operating systems or using access control policies, but these methods require significant modifications and cannot meet the security needs of individual containers accurately. In this paper, we present ConfigRand, a moving target defense framework to prevent the information leakages due to the shared kernel in the container-based cloud. The ConfigRand deploys deceptive system configurations for each container, bounding the scan of attackers aimed at the shared kernel. In design of ConfigRand, we (1) propose a framework applying the moving target defense philosophy to periodically generate, distribute, and deploy the deceptive system configurations in the container-based cloud; (2) establish a model to formalize these configurations and quantify their heterogeneity; (3) present a configuration movement strategy to evaluate and optimize the variation of configurations. The results show that ConfigRand can effectively prevent the information leakages due to the shared kernel and apply to typical container applications with minimal system modification and performance degradation.
2021-04-27
Lekshmi, M. M., Subramanian, N..  2020.  Data Auditing in Cloud Storage using Smart Contract. 2020 Third International Conference on Smart Systems and Inventive Technology (ICSSIT). :999–1002.
In general, Cloud storage is considered as a distributed model. Here, the data is usually stored on remote servers to properly maintain, back up and make it accessible to clients over a network, whenever required. Cloud storage providers keep the data and processes to oversee it on capacity servers based on secure virtualization methods. A security framework is proposed for auditing the cloud data, which makes use of the proposed blockchain technology. This ensures to efficiently maintain the data integrity. The blockchain structure inspects the mutation of operational information and thereby ensures the data security. Usually, the data auditing scheme is widely used in a Third Party Auditor (TPA), which is a centralized entity that the client is forced to trust, even if the credibility is not guaranteed. To avoid the participation of TPA, a decentralised scheme is suggested, where it uses a smart contract for auditing the cloud data. The working of smart contracts is based on blockchain. Ethereum is used to deploy a smart contract thereby eliminating the need of a foreign source in the data auditing process.
2021-03-04
Patil, A. P., Karkal, G., Wadhwa, J., Sawood, M., Reddy, K. Dhanush.  2020.  Design and Implementation of a Consensus Algorithm to build Zero Trust Model. 2020 IEEE 17th India Council International Conference (INDICON). :1—5.
Zero Trust Model ensures each node is responsible for the approval of the transaction before it gets committed. The data owners can track their data while it’s shared amongst the various data custodians ensuring data security. The consensus algorithm enables the users to trust the network as malicious nodes fail to get approval from all nodes, thereby causing the transaction to be aborted. The use case chosen to demonstrate the proposed consensus algorithm is the college placement system. The algorithm has been extended to implement a diversified, decentralized, automated placement system, wherein the data owner i.e. the student, maintains an immutable certificate vault and the student’s data has been validated by a verifier network i.e. the academic department and placement department. The data transfer from student to companies is recorded as transactions in the distributed ledger or blockchain allowing the data to be tracked by the student.
2021-07-07
Wang, Guodong, Tian, Dongbo, Gu, Fengqiang, Li, Jia, Lu, Yang.  2020.  Design of Terminal Security Access Scheme based on Trusted Computing in Ubiquitous Electric Internet of Things. 2020 IEEE 9th Joint International Information Technology and Artificial Intelligence Conference (ITAIC). 9:188–192.
In the Ubiquitous Electric Internet of Things (UEIoT), the terminals are very easy to be accessed and attacked by attackers due to the lack of effective monitoring and safe isolation methods. Therefore, in the implementation of UEIoT, the security protection of terminals is particularly important. Therefore, this paper proposes a dual-system design scheme for terminal active immunity based on trusted computing. In this scheme, the terminal node in UEIoT is composed of two parts: computing part and trusted protection part. The computing component and the trusted protection component are logically independent of each other, forming a trusted computing active immune dual-system structure with both computing and protection functions. The Trusted Network Connection extends the trusted state of the terminal to the network, thus providing a solution for terminal secure access in the UEIoT.
2021-06-24
Abirami, R., Wise, D. C. Joy Winnie, Jeeva, R., Sanjay, S..  2020.  Detecting Security Vulnerabilities in Website using Python. 2020 International Conference on Electronics and Sustainable Communication Systems (ICESC). :844–846.
On the current website, there are many undeniable conditions and there is the existence of new plot holes. If data link is normally extracted on each of the websites, it becomes difficult to evaluate each vulnerability, with tolls such as XS S, SQLI, and other such existing tools for vulnerability assessment. Integrated testing criteria for vulnerabilities are met. In addition, the response should be automated and systematic. The primary value of vulnerability Buffer will be made of predefined and self-formatted code written in python, and the software is automated to send reports to their respective users. The vulnerabilities are tried to be classified as accessible. OWASP is the main resource for developing and validating web security processes.
2021-02-15
Myasnikova, N., Beresten, M. P., Myasnikova, M. G..  2020.  Development of Decomposition Methods for Empirical Modes Based on Extremal Filtration. 2020 Moscow Workshop on Electronic and Networking Technologies (MWENT). :1–4.
The method of extremal filtration implementing the decomposition of signals into alternating components is considered. The history of the method development is described, its mathematical substantiation is given. The method suggests signal decomposition based on the removal of known components locally determined by their extrema. The similarity of the method with empirical modes decomposition in terms of the result is shown, and their comparison is also carried out. The algorithm of extremal filtration has a simple mathematical basis that does not require the calculation of transcendental functions, which provides it with higher performance with comparable results. The advantages and disadvantages of the extremal filtration method are analyzed, and the possibility of its application for solving various technical problems is shown, i.e. the formation of diagnostic features, rapid analysis of signals, spectral and time-frequency analysis, etc. The methods for calculating spectral characteristics are described: by the parameters of the distinguished components, based on the approximation on the extrema by bell-shaped pulses. The method distribution in case of wavelet transform of signals is described. The method allows obtaining rapid evaluation of the frequencies and amplitudes (powers) of the components, which can be used as diagnostic features in solving problems of recognition, diagnosis and monitoring. The possibility of using extremal filtration in real-time systems is shown.
2021-08-02
Thapar, Shruti, Sharma, Sudhir Kumar.  2020.  Direct Trust-based Detection Algorithm for Preventing Jellyfish Attack in MANET. 2020 4th International Conference on Electronics, Communication and Aerospace Technology (ICECA). :749–753.
The dynamic and adaptable characteristics of mobile ad hoc networks have made it a significant field for deploying various applications in wireless sensor networks. Increasing popularity of the portable devices is the main reason for the development of mobile ad hoc networks. Furthermore, the network does not require a fixed architecture and it is easy to deploy. This type of network is highly vulnerable to cyber-attacks as the nodes communicate with each other through a Wireless medium. The most critical attack in ad hoc network is jellyfish attack. In this research we have proposed a Direct Trust-based Detection Algorithm to detect and prevent jellyfish attack in MANET.
2021-02-23
Kumar, M., Singh, A. K..  2020.  Distributed Intrusion Detection System using Blockchain and Cloud Computing Infrastructure. 2020 4th International Conference on Trends in Electronics and Informatics (ICOEI)(48184). :248—252.
Intrusion Detection System is a well-known term in the domain of Network and Information Security. It's one of the important components of the Network and Information Security infrastructure. Host Intrusion Detection System (HIDS) helps to detect unauthorized use, abnormal and malicious activities on the host, whereas Network Intrusion Detection System (NIDS) helps to detect attacks and intrusion on networks. Various researchers are actively working on different approaches to improving the IDS performance and many improvements have been achieved. However, development in many other technologies and newly emerging techniques always opens the doors of opportunity to add a sharp edge to IDS and to make it more robust and reliable. This paper proposes the development of Distributed Intrusion Detection System (DIDS) using emerging and promising technologies like Blockchain upon a stable platform like cloud infrastructure.
2021-02-15
Lakshmanan, S. K., Shakkeera, L., Pandimurugan, V..  2020.  Efficient Auto key based Encryption and Decryption using GICK and GDCK methods. 2020 3rd International Conference on Intelligent Sustainable Systems (ICISS). :1102–1106.
Security services and share information is provided by the computer network. The computer network is by default there is not security. The Attackers can use this provision to hack and steal private information. Confidentiality, creation, changes, and truthful of data is will be big problems in the network. Many types of research have given many methods regarding this, from these methods Generating Initial Chromosome Key called Generating Dynamic Chromosome Key (GDCK), which is a novel approach. With the help of the RSA (Rivest Shamir Adleman) algorithm, GICK and GDCK have created an initial key. The proposed method has produced new techniques using genetic fitness function for the sender and receiver. The outcome of GICK and GDCK has been verified by NIST (National Institute of Standards Technology) tools and analyzes randomness of auto-generated keys with various methods. The proposed system has involved three examines; it has been yield better P-Values 6.44, 7.05, and 8.05 while comparing existing methods.
2021-02-08
Kumar, B. M., Sri, B. R. S., Katamaraju, G. M. S. A., Rani, P., Harinadh, N., Saibabu, C..  2020.  File Encryption and Decryption Using DNA Technology. 2020 2nd International Conference on Innovative Mechanisms for Industry Applications (ICIMIA). :382–385.
Cryptography is the method of transforming the original texted message into an unknown form and in reverse also. It is the process of hiding and forwarding the data in an appropriate form so that only authorized persons can know and can process it. Cryptographic process secures the data from hijacking or transmutation, it is mainly used for users data security. This paper justifies the encryption and decryption using DNA(Deoxyribo Nucleic Acid) sequence. This process includes several intermediate steps, the perception of binary-coded form and generating of arbitrary keys is used to encrypt the message. A common key should be established between the sender and receiver for encryption and decryption process. The common key provides more security to the sequence. In this paper, both the process of binary-coded form and generating of arbitrary keys are used to encrypt the message. It is widely used in an institution and by every individual to hide their data from the muggers and hijackers and provides the data securely, and confidentially over the transmission of information.
2021-01-15
Maksutov, A. A., Morozov, V. O., Lavrenov, A. A., Smirnov, A. S..  2020.  Methods of Deepfake Detection Based on Machine Learning. 2020 IEEE Conference of Russian Young Researchers in Electrical and Electronic Engineering (EIConRus). :408—411.
Nowadays, people faced an emerging problem of AI-synthesized face swapping videos, widely known as the DeepFakes. This kind of videos can be created to cause threats to privacy, fraudulence and so on. Sometimes good quality DeepFake videos recognition could be hard to distinguish with people eyes. That's why researchers need to develop algorithms to detect them. In this work, we present overview of indicators that can tell us about the fact that face swapping algorithms were used on photos. Main purpose of this paper is to find algorithm or technology that can decide whether photo was changed with DeepFake technology or not with good accuracy.
2021-02-08
Jain, S., Sharma, S., Chandavarkar, B. R..  2020.  Mitigating Man-in-the-Middle Attack in Digital Signature. 2020 11th International Conference on Computing, Communication and Networking Technologies (ICCCNT). :1–5.
We all are living in the digital era, where the maximum of the information is available online. The digital world has made the transfer of information easy and provides the basic needs of security like authentication, integrity, nonrepudiation, etc. But, with the improvement in security, cyber-attacks have also increased. Security researchers have provided many techniques to prevent these cyber-attacks; one is a Digital Signature (DS). The digital signature uses cryptographic key pairs (public and private) to provide the message's integrity and verify the sender's identity. The private key used in the digital signature is confidential; if attackers find it by using various techniques, then this can result in an attack. This paper presents a brief introduction about the digital signature and how it is vulnerable to a man-in-the-middle attack. Further, it discusses a technique to prevent this attack in the digital signature.
2021-08-31
Sundar, Agnideven Palanisamy, Li, Feng, Zou, Xukai, Hu, Qin, Gao, Tianchong.  2020.  Multi-Armed-Bandit-based Shilling Attack on Collaborative Filtering Recommender Systems. 2020 IEEE 17th International Conference on Mobile Ad Hoc and Sensor Systems (MASS). :347–355.
Collaborative Filtering (CF) is a popular recommendation system that makes recommendations based on similar users' preferences. Though it is widely used, CF is prone to Shilling/Profile Injection attacks, where fake profiles are injected into the CF system to alter its outcome. Most of the existing shilling attacks do not work on online systems and cannot be efficiently implemented in real-world applications. In this paper, we introduce an efficient Multi-Armed-Bandit-based reinforcement learning method to practically execute online shilling attacks. Our method works by reducing the uncertainty associated with the item selection process and finds the most optimal items to enhance attack reach. Such practical online attacks open new avenues for research in building more robust recommender systems. We treat the recommender system as a black box, making our method effective irrespective of the type of CF used. Finally, we also experimentally test our approach against popular state-of-the-art shilling attacks.
2021-07-27
Fan, Wenshu, Li, Hongwei, Jiang, Wenbo, Xu, Guowen, Lu, Rongxing.  2020.  A Practical Black-Box Attack Against Autonomous Speech Recognition Model. GLOBECOM 2020 - 2020 IEEE Global Communications Conference. :1–6.
With the wild applications of machine learning (ML) technology, automatic speech recognition (ASR) has made great progress in recent years. Despite its great potential, there are various evasion attacks of ML-based ASR, which could affect the security of applications built upon ASR. Up to now, most studies focus on white-box attacks in ASR, and there is almost no attention paid to black-box attacks where attackers can only query the target model to get output labels rather than probability vectors in audio domain. In this paper, we propose an evasion attack against ASR in the above-mentioned situation, which is more feasible in realistic scenarios. Specifically, we first train a substitute model by using data augmentation, which ensures that we have enough samples to train with a small number of times to query the target model. Then, based on the substitute model, we apply Differential Evolution (DE) algorithm to craft adversarial examples and implement black-box attack against ASR models from the Speech Commands dataset. Extensive experiments are conducted, and the results illustrate that our approach achieves untargeted attacks with over 70% success rate while still maintaining the authenticity of the original data well.
2021-03-01
Zhang, Y., Groves, T., Cook, B., Wright, N. J., Coskun, A. K..  2020.  Quantifying the impact of network congestion on application performance and network metrics. 2020 IEEE International Conference on Cluster Computing (CLUSTER). :162–168.
In modern high-performance computing (HPC) systems, network congestion is an important factor that contributes to performance degradation. However, how network congestion impacts application performance is not fully understood. As Aries network, a recent HPC network architecture featuring a dragonfly topology, is equipped with network counters measuring packet transmission statistics on each router, these network metrics can potentially be utilized to understand network performance. In this work, by experiments on a large HPC system, we quantify the impact of network congestion on various applications' performance in terms of execution time, and we correlate application performance with network metrics. Our results demonstrate diverse impacts of network congestion: while applications with intensive MPI operations (such as HACC and MILC) suffer from more than 40% extension in their execution times under network congestion, applications with less intensive MPI operations (such as Graph500 and HPCG) are mostly not affected. We also demonstrate that a stall-to-flit ratio metric derived from Aries network counters is positively correlated with performance degradation and, thus, this metric can serve as an indicator of network congestion in HPC systems.
2021-02-22
Si, Y., Zhou, W., Gai, J..  2020.  Research and Implementation of Data Extraction Method Based on NLP. 2020 IEEE 14th International Conference on Anti-counterfeiting, Security, and Identification (ASID). :11–15.
In order to accurately extract the data from unstructured Chinese text, this paper proposes a rule-based method based on natural language processing and regular expression. This method makes use of the language expression rules of the data in the text and other related knowledge to form the feature word lists and rule template to match the text. Experimental results show that the accuracy of the designed algorithm is 94.09%.
2021-02-01
Papadopoulos, A. V., Esterle, L..  2020.  Situational Trust in Self-aware Collaborating Systems. 2020 IEEE International Conference on Autonomic Computing and Self-Organizing Systems Companion (ACSOS-C). :91–94.
Trust among humans affects the way we interact with each other. In autonomous systems, this trust is often predefined and hard-coded before the systems are deployed. However, when systems encounter unfolding situations, requiring them to interact with others, a notion of trust will be inevitable. In this paper, we discuss trust as a fundamental measure to enable an autonomous system to decide whether or not to interact with another system, whether biological or artificial. These decisions become increasingly important when continuously integrating with others during runtime.
2021-07-02
Yao, Xiaoyong, Pei, Yuwen, Wu, Pingdong, Huang, Man-ling.  2020.  Study on Integrative Control between the Stereoscopic Image and the Tactile Feedback in Augmented Reality. 2020 IEEE 3rd International Conference on Electronics and Communication Engineering (ICECE). :177—180.
The precise integrative control between the stereoscopic image and the tactile feedback is very essential in augmented reality[1]-[4]. In order to study this question, this paper will introduce a stereoscopic-imaging and tactile integrative augmented-reality system, and a stereoscopic-imaging and tactile integrative algorithm. The system includes a stereoscopic-imaging part and a string-based tactile part. The integrative algorithm is used to precisely control the interaction between the two parts. The results for testing the system and the algorithm demonstrate the system to be perfect through 5 testers' operation and will be presented in the last part of the paper.
2021-09-07
Lessio, Nadine, Morris, Alexis.  2020.  Toward Design Archetypes for Conversational Agent Personality. 2020 IEEE International Conference on Systems, Man, and Cybernetics (SMC). :3221–3228.
Conversational agents (CAs), often referred to as chatbots, are being widely deployed within existing commercial frameworks and online service websites. As society moves further into incorporating data rich systems, like the internet of things (IoT), into daily life, it is expected that conversational agents will take on an increasingly important role to help users manage these complex systems. In this, the concept of personality is becoming increasingly important, as we seek for more human-friendly ways to interact with these CAs. In this work a conceptual framework is proposed that considers how existing standard psychological and persona models could be mapped to different kinds of CA functionality outside of strictly dialogue. As CAs become more diverse in their abilities, and more integrated with different kinds of systems, it is important to consider how function can be impacted by the design of agent personality, whether intentionally designed or not. Based on this framework, derived archetype classes of CAs are presented as starting points that can hopefully aid designers, developers, and the curious, into thinking about how to work toward better CA personality development.
2021-01-11
Kuperberg, M..  2020.  Towards Enabling Deletion in Append-Only Blockchains to Support Data Growth Management and GDPR Compliance. 2020 IEEE International Conference on Blockchain (Blockchain). :393–400.
Conventional blockchain implementations with append-only semantics do not support deleting or overwriting data in confirmed blocks. However, many industry-relevant use cases require the ability to delete data, especially when personally identifiable information is stored or when data growth has to be constrained. Existing attempts to reconcile these contradictions compromise on core qualities of the blockchain paradigm, as they include backdoor-like approaches such as central authorities with elevated rights or usage of specialized chameleon hash algorithms in chaining of the blocks. The contribution of this paper is a novel architecture for the blockchain ledger and consensus, which uses a tree of context chains with simultaneous validity. A context chain captures the transactions of a closed group of entities and persons, thus structuring blocks in a precisely defined way. The resulting context isolation enables consensus-steered deletion of an entire context without side effects to other contexts. We show how this architecture supports truncation, data rollover and separation of concerns, how the GDPR regulations can be fulfilled by this architecture and how it differs from sidechains and state channels.
2021-04-27
H, R. M., Shet, U. Harshitha, Shetty, R. D., Shrinivasa, J, A. N., S, K. R. N..  2020.  Triggering and Auditing the Event During Intrusion Detections in WSN’s Defence Application. 2020 3rd International Conference on Intelligent Sustainable Systems (ICISS). :1328–1332.
WSNs are extensively used in defence application for monitoring militant activities in various ways in large unknown territories. Here WSNs has to have large set of distributed systems in the form as sensors nodes. Along with security concerns, False Alarming is also a factor which may interrupt the service and downgrade the application further. Thus in our work we have made sure that when a trigger is raised to an event, images can be captured from the connected cameras so that it will be helpful for both auditing the event as well as capturing the scene which led to the triggering of the event.
2021-05-13
Jain, Harsh, Vikram, Aditya, Mohana, Kashyap, Ankit, Jain, Ayush.  2020.  Weapon Detection using Artificial Intelligence and Deep Learning for Security Applications. 2020 International Conference on Electronics and Sustainable Communication Systems (ICESC). :193—198.
Security is always a main concern in every domain, due to a rise in crime rate in a crowded event or suspicious lonely areas. Abnormal detection and monitoring have major applications of computer vision to tackle various problems. Due to growing demand in the protection of safety, security and personal properties, needs and deployment of video surveillance systems can recognize and interpret the scene and anomaly events play a vital role in intelligence monitoring. This paper implements automatic gun (or) weapon detection using a convolution neural network (CNN) based SSD and Faster RCNN algorithms. Proposed implementation uses two types of datasets. One dataset, which had pre-labelled images and the other one is a set of images, which were labelled manually. Results are tabulated, both algorithms achieve good accuracy, but their application in real situations can be based on the trade-off between speed and accuracy.
2021-03-01
Nasir, J., Norman, U., Bruno, B., Dillenbourg, P..  2020.  When Positive Perception of the Robot Has No Effect on Learning. 2020 29th IEEE International Conference on Robot and Human Interactive Communication (RO-MAN). :313–320.
Humanoid robots, with a focus on personalised social behaviours, are increasingly being deployed in educational settings to support learning. However, crafting pedagogical HRI designs and robot interventions that have a real, positive impact on participants' learning, as well as effectively measuring such impact, is still an open challenge. As a first effort in tackling the issue, in this paper we propose a novel robot-mediated, collaborative problem solving activity for school children, called JUSThink, aiming at improving their computational thinking skills. JUSThink will serve as a baseline and reference for investigating how the robot's behaviour can influence the engagement of the children with the activity, as well as their collaboration and mutual understanding while working on it. To this end, this first iteration aims at investigating (i) participants' engagement with the activity (Intrinsic Motivation Inventory-IMI), their mutual understanding (IMIlike) and perception of the robot (Godspeed Questionnaire); (ii) participants' performance during the activity, using several performance and learning metrics. We carried out an extensive user-study in two international schools in Switzerland, in which around 100 children participated in pairs in one-hour long interactions with the activity. Surprisingly, we observe that while a teams' performance significantly affects how team members evaluate their competence, mutual understanding and task engagement, it does not affect their perception of the robot and its helpfulness, a fact which highlights the need for baseline studies and multi-dimensional evaluation metrics when assessing the impact of robots in educational activities.
2021-02-08
Liu, S., Kosuru, R., Mugombozi, C. F..  2020.  A Moving Target Approach for Securing Secondary Frequency Control in Microgrids. 2020 IEEE Canadian Conference on Electrical and Computer Engineering (CCECE). :1–6.
Microgrids' dependency on communication links exposes the control systems to cyber attack threats. In this work, instead of designing reactive defense approaches, a proacitve moving target defense mechanism is proposed for securing microgrid secondary frequency control from denial of service (DoS) attack. The sensor data is transmitted by following a Markov process, not in a deterministic way. This uncertainty will increase the difficulty for attacker's decision making and thus significantly reduce the attack space. As the system parameters are constantly changing, a gain scheduling based secondary frequency controller is designed to sustain the system performance. Case studies of a microgrid with four inverter-based DGs show the proposed moving target mechanism can enhance the resiliency of the microgrid control systems against DoS attacks.