Visible to the public Integrated Security

SoS Newsletter- Advanced Book Block

SoS Logo

Integrated Security

Cybersecurity often has spent the past two decades largely as a “bolt on” product added as an afterthought. To get to composability, built-in, integrated security will be a key factor. The research cited here addresses issues in integrated security technologies and were presented in 2014.

  • Severi, S.; Sottile, F.; Abreu, G.; Pastrone, C.; Spirito, M.; Berens, F., "M2M technologies: Enablers for a pervasive Internet of Things," Networks and Communications (EuCNC), 2014 European Conference on, pp. 1, 5, 23-26 June 2014. doi: 10.1109/EuCNC.2014.6882661 We survey the state-of-the-art on the Internet-of-Things (IoT) from a wireless communications point of view, as a result of the European FP7 project BUTLER which has its focus on pervasiveness, context-awareness and security for IoT. In particular, we describe the efforts to develop so-called (wireless) enabling technologies, aimed at circumventing the many challenges involved in extending the current set of domains (“verticals”) of IoT applications towards a “horizontal” (i.e. integrated) vision of the IoT. We start by illustrating current research effort in machine-to-machine (M2M), which is mainly focused on vertical domains, and we discuss some of them in details, depicting then the necessary horizontal vision for the future intelligent daily routine (“Smart Life”). We then describe the technical features of the most relevant heterogeneous communications technologies on which the IoT relies, under the light of the on-going M2M service layer standardization. Finally we identify and present the key aspects, within three major cross-vertical categories, under which M2M technologies can function as enablers for the horizontal vision of the IoT.
    Keywords: {Internet of Things; ubiquitous computing; European FP7 project BUTLER; Internet of Things security; M2M service layer standardization;M2M technology; context-awareness; pervasive Internet of Things; wireless communications; Communications technology; Conferences; Security; Smart homes; Telecommunication standards (ID#:14-3166)
  • Barclay, C., "Sustainable Security Advantage In A Changing Environment: The Cybersecurity Capability Maturity Model (CM2)," ITU Kaleidoscope Academic Conference: Living in a Converged World - Impossible Without Standards, Proceedings of the 2014, pp.275,282, 3-5 June 2014. doi: 10.1109/Kaleidoscope.2014.6858466 With the rapid advancement in technology and the growing complexities in the interaction of these technologies and networks, it is even more important for countries and organizations to gain sustainable security advantage. Security advantage refers to the ability to manage and respond to threats and vulnerabilities with a proactive security posture. This is accomplished through effectively planning, managing, responding to and recovering from threats and vulnerabilities. However not many organizations and even countries, especially in the developing world, have been able to equip themselves with the necessary and sufficient know-how or ability to integrate knowledge and capabilities to achieve security advantage within their environment. Having a structured set of requirements or indicators to aid in progressively attaining different levels of maturity and capabilities is one important method to determine the state of cybersecurity readiness. The research introduces the Cybersecurity Capability Maturity Model (CM2), a 6-step process of progressive development of cybersecurity maturity and knowledge integration that ranges from a state of limited awareness and application of security controls to pervasive optimization of the protection of critical assets.
    Keywords: security of data; CM2 model; critical asset protection; cybersecurity capability maturity model; cybersecurity readiness; knowledge integration; proactive security posture; security controls; sustainable security advantage; Capability maturity model; Computer crime; Context; Education; Organizations; CM2; capabilities; cybersecurity Capability Maturity Model; privacy; security; security advantage (ID#:14-3166)
  • Cerqueira Ferreira, H.G.; de Sousa, R.T.; Gomes de Deus, F.E.; Dias Canedo, E., "Proposal of a Secure, Deployable And Transparent Middleware for Internet of Things," Information Systems and Technologies (CISTI), 2014 9th Iberian Conference on, pp.1, 4, 18-21 June 2014. doi: 10.1109/CISTI.2014.6877069 This paper proposes a security architecture for an IoT transparent middleware. Focused on bringing real life objects to the virtual realm, the proposed architecture is deployable and comprises protection measures based on existent technologies for security such as AES, TLS and oAuth. This way, privacy, authenticity, integrity and confidentiality on data exchange services are integrated to provide security for generated smart objects and for involved users and services in a reliable and deployable manner.
    Keywords: Internet of Things; data integrity; data privacy; electronic data interchange; middleware; security of data; AES; Internet of Things; IoT transparent middleware; TLS; data exchange service authenticity; data exchange service confidentiality; data exchange service integrity; data exchange service privacy; deployable middleware; oAuth; protection measures; secure middleware; security architecture; smart objects; Authentication; Authorization; Computer architecture; Internet of Things; Middleware; Zigbee; Internet of Things; Security; Transparent Middleware (ID#:14-3166)
  • Kholidy, Hisham A.; Erradi, Abdelkarim; Abdelwahed, Sherif; Azab, Abdulrahman, "A Finite State Hidden Markov Model for Predicting Multistage Attacks in Cloud Systems," Dependable, Autonomic and Secure Computing (DASC), 2014 IEEE 12th International Conference on, pp.14,19, 24-27 Aug. 2014 doi: 10.1109/DASC.2014.12 Cloud computing significantly increased the security threats because intruders can exploit the large amount of cloud resources for their attacks. However, most of the current security technologies do not provide early warnings about such attacks. This paper presents a Finite State Hidden Markov prediction model that uses an adaptive risk approach to predict multi-staged cloud attacks. The risk model measures the potential impact of a threat on assets given its occurrence probability. The attacks prediction model was integrated with our autonomous cloud intrusion detection framework (ACIDF) to raise early warnings about attacks to the controller so it can take proactive corrective actions before the attacks pose a serious security risk to the system. According to our experiments on DARPA 2000 dataset, the proposed prediction model has successfully fired the early warning alerts 39.6 minutes before the launching of the LLDDoS1.0 attack. This gives the auto response controller ample time to take preventive measures.
    Keywords: Correlation; Hidden Markov models; Prediction algorithms; Predictive models; Security; Sensors; Vectors; Cloud computing; HMM; intrusion prevention; prediction of multi-staged attacks; risk assessment (ID#:14-3166)
  • Guizani, S., "Security applications challenges of RFID technology and possible countermeasures," Computing, Management and Telecommunications (ComManTel), 2014 International Conference on, pp. 291, 297, 27-29 April 2014. doi: 10.1109/ComManTel.2014.6825620 Radio Frequency IDentification (RFID) is a technique for speedy and proficient identification system, it has been around for more than 50 years and was initially developed for improving warfare machinery. RFID technology bridges two technologies in the area of Information and Communication Technologies (ICT), namely Product Code (PC) technology and Wireless technology. This broad-based rapidly expanding technology impacts business, environment and society. The operating principle of an RFID system is as follows. The reader starts a communication process by radiating an electromagnetic wave. This wave will be intercepted by the antenna of the RFID tag, placed on the item to be identified. An induced current will be created at the tag and will activate the integrated circuit, enabling it to send back a wave to the reader. The reader redirects information to the host where it will be processed. RFID is used for wide range of applications in almost every field (Health, education, industry, security, management ...). In this review paper, we will focus on agricultural and environmental applications.
    Keywords: frequency allocation; information technology; radiofrequency identification; telecommunication security; ICT; RFID reader; RFID tag; information and communication technology; product code technology; radiofrequency identification; warfare machinery; wireless technology; Antennas; Communication channels; ISO standards ;Integrated circuits; Radiofrequency identification; Security; Intelligent systems; Management; Product Code; RFID (ID#:14-3166)
  • Hassen, H.; Khemakhem, M., "A Secured Distributed OCR System In A Pervasive Environment With Authentication As A Service in the Cloud," Multimedia Computing and Systems (ICMCS), 2014 International Conference on, pp.1200, 1205, 14-16 April 2014. doi: 10.1109/ICMCS.2014.6911137 In this paper we explore the potential for securing a distributed Arabic Optical Character Recognition (OCR) system via cloud computing technology in a pervasive and mobile environment. The goal of the system is to achieve full accuracy, high speed and security when taking into account large vocabularies and amounts of documents. This issue has been resolved by integrating the recognition process and the security issue with multiprocessing and distributed computing technologies.
    Keywords: cloud computing; mobile computing; natural language processing; optical character recognition; security of data; authentication as a service; cloud computing technology; distributed Arabic optical character recognition; distributed computing technologies; mobile environment; multiprocessing; pervasive environment; recognition process; secured distributed OCR system; security issue; vocabularies; Authentication; Cloud computing; Computational modeling; Mobile communication; Optical character recognition software; Pattern recognition; Authentication; Cloud computing; Distributed OCR system; Security (ID#:14-3166)
  • Del Rosso, Alberto; Min, Liang; Jing, Chaoyang, "High Performance Computation Tools For Real-Time Security Assessment," PES General Meeting, Conference & Exposition, 2014 IEEE, pp.1, 1, 27-31 July 2014. doi: 10.1109/PESGM.2014.6939091 This paper presents an overview of the research project “High-Performance Hybrid Simulation/Measurement-Based Tools for Proactive Operator Decision-Support”, performed under the auspices of the U.S. Department of Energy grant DE-OE0000628. The objective of this project is to develop software tools to provide enhanced real-time situational awareness to support the decision making and system control actions of transmission operators. The integrated tool will combine high-performance dynamic simulation with synchrophasor measurement data to assess in real time system dynamic performance and operation security risk. The project includes: (i) The development of high-performance dynamic simulation software; (ii) the development of new computationally effective measurement-based tools to estimate operating margins of a power system in real time using measurement data from synchrophasors and SCADA; (iii) the development a hybrid framework integrating measurement-based and simulation-based approaches, and (iv) the use of cutting-edge visualization technology to display various system quantities and to visually process the results of the hybrid measurement-base/simulation-based security-assessment tool. Parallelization and high performance computing are utilized to enable ultrafast transient stability analysis that can be used in a real-time environment to quickly perform “what-if” simulations involving system dynamics phenomena. EPRI's Extended Transient Midterm Simulation Program (ETMSP) is modified and enhanced for this work. The contingency analysis is scaled for large-scale contingency analysis using MPI-based parallelization. Simulations of thousands of contingencies on a high performance computing machine are performed, and results show that parallelization over contingencies with MPI provides good scalability and computational gains. Different ways to reduce the I/O bottleneck have been also exprored. Thread-parallelization of the spa- se linear solve is explored also through use of the SuperLU_MT library. Based on performance profiling results for the implicit method, the majority of CPU time is spent on the integration steps. Hence, in order to further improve the ETMSP performance, a variable time step control scheme for the original trapezoidal integration method has been developed and implemented. The Adams-Bashforth-Moulton predictor-corrector method was introduced and designed for ETMSP. Test results show superior performance with this method.
    Keywords: Computational modeling; Hybrid power systems; Power measurement; Power system dynamics; Real-time systems; Software measurement; Time measurement (ID#:14-3166)
  • Cioranesco, J.-M.; Danger, J.-L.; Graba, T.; Guilley, S.; Mathieu, Y.; Naccache, D.; Xuan Thuy Ngo, "Cryptographically secure shields," Hardware-Oriented Security and Trust (HOST), 2014 IEEE International Symposium on, pp.25,31, 6-7 May 2014. doi: 10.1109/HST.2014.6855563 Probing attacks are serious threats on integrated circuits. Security products often include a protective layer called shield that acts like a digital fence. In this article, we demonstrate a new shield structure that is cryptographically secure. This shield is based on the newly proposed SIMON lightweight block cipher and independent mesh lines to ensure the security against probing attacks of the hardware located behind the shield. Such structure can be proven secure against state-of-the-art invasive attacks. For the first time in the open literature, we describe a chip designed with a digital shield, and give an extensive report of its cost, in terms of power, metal layer(s) to sacrifice and of logic (including the logic to connect it to the CPU). Also, we explain how “Through Silicon Vias” (TSV) technology can be used for the protection against both frontside and backside probing.
    Keywords: cryptography; integrated circuit design; three-dimensional integrated circuits; SIMON lightweight block cipher; TSV technology; chip design; cryptographical secure shield; digital fence; digital shield; integrated circuit; invasive attacks; mesh lines; metal layer; probing attacks; protective layer; security product; shield structure; through silicon vias; Ciphers; Integrated circuits; Metals; Registers; Routing; Cryptographically secure shield; Focused Ion Beam (FIB); SIMON block cipher; Through Silicon Vias (TSV) (ID#:14-3166)
  • Jindal, M.; Dave, M., "Data Security Protocol For Cloudlet Based Architecture," Recent Advances and Innovations in Engineering (ICRAIE), 2014, pp.1,5, 9-11 May 2014. doi: 10.1109/ICRAIE.2014.6909186 Mobile cloud computing is a combination of mobile computing and cloud computing that provides a platform for mobile users to offload heavy tasks and data on the cloud, thus, helping them to overcome the limitations of their mobile devices. However, while utilizing the mobile cloud computing technology users lose physical control of their data; this ultimately calls for the need of a data security protocol. Although, numerous such protocols have been proposed,none of them consider a cloudlet based architecture. A cloudlet is a reliable, resource-rich computer/cluster which is well-connected to the internet and is available to nearby mobile devices. In this paper, we propose a data security protocol for a distributed cloud architecture having cloudlet integrated with the base station, using the property of perfect forward secrecy. Our protocol not only protects data from any unauthorized user, but also prevents exposure of data to the cloud owner.
    Keywords: cloud computing; cryptographic protocols; mobile computing; Internet; cloudlet based architecture; data security protocol; distributed cloud architecture; mobile cloud computing technology; mobile devices; resource-rich computer; unauthorized user; Computer architecture; Computers; Encryption; Mobile communication; cloud storage; cloudlet; mobile cloud computing; security (ID#:14-3166)
  • Gong Bei; Zhang Jianbiao; Ye Xiaolie; Shen Changxiang, "A Trusted Measurement Scheme Suitable For The Clients In The Trusted Network," Communications, China, vol. 11, no.4, pp. 143, 153, April 2014. doi: 10.1109/CC.2014.6827576 The trusted network connection is a hot spot in trusted computing field and the trust measurement and access control technology are used to deal with network security threats in trusted network. But the trusted network connection lacks fine-grained states and real-time measurement support for the client and the authentication mechanism is difficult to apply in the trusted network connection, it is easy to cause the loss of identity privacy. In order to solve the above-described problems, this paper presents a trust measurement scheme suitable for clients in the trusted network, the scheme integrates the following attributes such as authentication mechanism, state measurement, and real-time state measurement and so on, and based on the authentication mechanism and the initial state measurement, the scheme uses the real-time state measurement as the core method to complete the trust measurement for the client. This scheme presented in this paper supports both static and dynamic measurements. Overall, the characteristics of this scheme such as fine granularity, dynamic, real-time state measurement make it possible to make more fine-grained security policy and therefore it overcomes inadequacies existing in the current trusted network connection.
    Keywords: authorisation; data privacy; message authentication; trusted computing; access control technology; authentication mechanism; dynamic measurement; fine granularity; fine-grained security policy; fine-grained states; identity privacy; network security threat; real-time measurement support; real-time state measurement; static measurement; trust measurement scheme; trusted computing field; trusted measurement scheme; trusted network connection; Area measurement; Complexity theory; Gold; Polynomials; Real-time systems; authentication; real-time measurement; state measurement; trusted computing; trusted network (ID#:14-3167)
  • Janiuk, J.; Macker, A.; Graffi, K., "Secure Distributed Data Structures For Peer-To-Peer-Based Social Networks," Collaboration Technologies and Systems (CTS), 2014 International Conference on, pp.396,405, 19-23 May 2014. doi: 10.1109/CTS.2014.6867595 Online social networks are attracting billions of nowadays, both on a global scale as well as in social enterprise networks. Using distributed hash tables and peer-to-peer technology allows online social networks to be operated securely and efficiently only by using the resources of the user devices, thus alleviating censorship or data misuse by a single network operator. In this paper, we address the challenges that arise in implementing reliably and conveniently to use distributed data structures, such as lists or sets, in such a distributed hash-table-based online social network. We present a secure, distributed list data structure that manages the list entries in several buckets in the distributed hash table. The list entries are authenticated, integrity is maintained and access control for single users and also groups is integrated. The approach for secure distributed lists is also applied for prefix trees and sets, and implemented and evaluated in a peer-to-peer framework for social networks. Evaluation shows that the distributed data structure is convenient and efficient to use and that the requirements on security hold.
    Keywords: authorisation; file organisation; peer-to-peer computing; social networking (online); trees (mathematics);access control; distributed hash table; distributed list data structure; global scale; online social network; peer-to-peer technology; prefix trees; secure distributed data structure; social enterprise network; Access control; Data structures; Peer-to-peer computing; Public key; Social network services; Distributed social networks; distributed data management; network security; peer-to-peer networks (ID#:14-3168)
  • Potkonjak, M.; Goudar, V., "Public Physical Unclonable Functions," Proceedings of the IEEE , vol.102, no. 8, pp.1142, 1156, Aug. 2014. doi: 10.1109/JPROC.2014.2331553 A physical unclonable function (PUF) is an integrated circuit (IC) that serves as a hardware security primitive due to its complexity and the unpredictability between its outputs and the applied inputs. PUFs have received a great deal of research interest and significant commercial activity. Public PUFs (PPUFs) address the crucial PUF limitation of being a secret-key technology. To some extent, the first generation of PPUFs are similar to SIMulation Possible, but Laborious (SIMPL) systems and one-time hardware pads, and employ the time gap between direct execution and simulation. The second PPUF generation employs both process variation and device aging which results in matched devices that are excessively difficult to replicate. The third generation leaves the analog domain and employs reconfigurability and device aging to produce digital PPUFs. We survey representative PPUF architectures, related public protocols and trusted information flows, and related testing issues. We conclude by identifying the most important, challenging, and open PPUF-related problems.
    Keywords: {cryptographic protocols; private key cryptography; analog domain; crucial PUF limitation; device aging; digital PPUF; direct execution; hardware security; integrated circuit; laborious systems; one-time hardware pads; process variation; public PUF; public physical unclonable functions; public protocols; representative PPUF architectures; second PPUF generation; secret-key technology; simulation possible; time gap; trusted information flows; Cryptography; Hardware; Integrated circuit modeling; Logic gates; Protocols; Public key; Cryptographic protocols; physical unclonable function (PUF); public PUF (PPUF) (ID#:14-3169)
  • Lu, Z.; Wang, W.; Wang, C., "Camouflage Traffic: Minimizing Message Delay for Smart Grid Applications under Jamming," Dependable and Secure Computing, IEEE Transactions on, vol. PP, no.99, pp.1, 1, April 2014. doi: 10.1109/TDSC.2014.2316795 Smart grid is a cyber-physical system that integrates power infrastructures with information technologies. To facilitate efficient information exchange, wireless networks have been proposed to be widely used in the smart grid. However, the jamming attack that constantly broadcasts radio interference is a primary security threat to prevent the deployment of wireless networks in the smart grid. Hence, spread spectrum systems, which provide jamming resilience via multiple frequency and code channels, must be adapted to the smart grid for secure wireless communications, while at the same time providing latency guarantee for control messages. An open question is how to minimize message delay for timely smart grid communication under any potential jamming attack. To address this issue, we provide a paradigm shift from the case-by-case methodology, which is widely used in existing works to investigate well adopted attack models, to the worst-case methodology, which offers delay performance guarantee for smart grid applications under any attack. We first define a generic jamming process that characterizes a wide range of existing attack models. Then, we show that in all strategies under the generic process, the worst-case message delay is a U-shaped function of network traffic load. This indicates that, interestingly, increasing a fair amount of traffic can in fact improve the worst-case delay performance. As a result, we demonstrate a lightweight yet promising system, TACT (transmitting adaptive camouflage traffic), to combat jamming attacks. TACT minimizes the message delay by generating extra traffic called camouflage to balance the network load at the optimum. Experiments show that TACT can decrease the probability that a message is not delivered on time in order of magnitude. (ID#:14-3170)
  • Srivastava, P.; Pande, S.S., "A Novel Architecture For Identity Management System Using Virtual Appliance Technology," Contemporary Computing (IC3), 2014 Seventh International Conference on, pp.171, 175, 7-9 Aug. 2014. doi: 10.1109/IC3.2014.6897168 Identity management system has gained significance for any organization today for not only storing details of its employees but securing its sensitive information and safely managing access to its resources. This system being an enterprise based application has time taking deployment process, involving many complex and error prone steps. Also being globally used, its continuous running on servers lead to large carbon emissions. This paper proposes a novel architecture that integrates the Identity management system together with virtual appliance technology to reduce the overall deployment time of the system. It provides an Identity management system as pre-installed, pre-configured and ready to go solution that can be easily deployed even by a common user. The proposed architecture is implemented and the results have shown that there is decrease in deployment time and decrease in number of steps required in previous architecture. The hardware required by the application is also reduced as its deployed on virtual machine monitor platform, which can be installed on already used servers. This contributes to the green computing practices and gives costs benefits for enterprises. Also there is ease of migration of system from one server to another and the enterprises which do not want to depend on third party cloud for security and cost reasons, can easily deploy their identity management system in their own premises.
    Keywords: green computing; security of data; virtual machines; cost benefit; enterprise based application; green computing practices; identity management system; information security; third party cloud; virtual appliance technology; virtual machine monitor platform; Computer architecture; Hardware; Home appliances; Identity management systems; Servers; Virtual machining; Virtualization; Identity management; Identity management system architecture; virtual appliance (ID#:14-3171)
  • Mashima, D.; Herberg, U.; Wei-Peng Chen, "Enhancing Demand Response Signal Verification In Automated Demand Response Systems," Innovative Smart Grid Technologies Conference (ISGT), 2014 IEEE PES, pp.1,5, 19-22 Feb. 2014. doi: 10.1109/ISGT.2014.6816403 Demand Response (DR) is a promising technology for meeting the world's ever increasing energy demands without corresponding increase in energy generation, and for providing a sustainable alternative for integrating renewables into the power grid. As a result, interest in automated DR is increasing globally and has led to the development of OpenADR, an internationally recognized standard. In this paper, we propose security-enhancement mechanisms to provide DR participants with verifiable information that they can use to make informed decisions about the validity of received DR event information.
    Keywords: power grids; power system security; OpenADR; automated DR; automated demand response system; demand response signal verification enhancement; energy demands; Integrating renewables; power grid; received DR event information; security-enhancement mechanism; Power System Security; Privacy (ID#:14-3172)
  • Zheng, Jason X.; Li, Dongfang; Potkonjak, Miodrag, "A Secure And Unclonable Embedded System Using Instruction-Level PUF Authentication," Field Programmable Logic and Applications (FPL), 2014 24th International Conference on , vol., no., pp.1,4, 2-4 Sept. 2014. doi: 10.1109/FPL.2014.6927428 In this paper we present a secure and unclonable embedded system design that can target either an FPGA or an ASIC technology. The premise of the security is that the executed machine code and the executing environment (the embedded processor) will authenticate each other at a per-instruction basis using Physical Unclonable Functions (PUFs) that are built into the processor. The PUFs ensure that the execution of the binary code may only proceed if the binary is compiled with the correct intrinsic knowledge of the PUFs, and that such intrinsic knowledge is virtually unique to each processor and therefore unclonable. We will explain how to implement and integrate the PUFs into the processor's execution environment such that each instruction is authenticated and de-obfuscated on-demand and how to transform an ordinary binary executable into PUF-aware, obfuscated binaries. We will also present a prototype system on a Xilinx Spartan6-based FPGA board.
    Keywords: Benchmark testing; Delays; Embedded systems; Field programmable gate arrays; Security (ID#:14-3173)
  • Varadarajan, P.; Crosby, G., "Implementing IPsec in Wireless Sensor Networks," New Technologies, Mobility and Security (NTMS), 2014 6th International Conference on, pp.1, 5, March 30 2014-April 2 2014. doi: 10.1109/NTMS.2014.6814024 There is an increasing need for wireless sensor networks (WSNs) to be more tightly integrated with the Internet. Several real world deployment of stand-alone wireless sensor networks exists. A number of solutions have been proposed to address the security threats in these WSNs. However, integrating WSNs with the Internet in such a way as to ensure a secure End-to-End (E2E) communication path between IPv6 enabled sensor networks and the Internet remains an open research issue. In this paper, the 6LoWPAN adaptation layer was extended to support both IPsec's Authentication Header (AH) and Encapsulation Security Payload (ESP). Thus, the communication endpoints in WSNs are able to communicate securely using encryption and authentication. The proposed AH and ESP compressed headers performance are evaluated via test-bed implementation in 6LoWPAN for IPv6 communications on IEEE 802.15.4 networks. The results confirm the possibility of implementing E2E security in IPv6 enabled WSNs to create a smooth transition between WSNs and the Internet. This can potentially play a big role in the emerging "Internet of Things" paradigm.
    Keywords: IP networks; Internet; Zigbee; computer network security; cryptography; wireless sensor networks;6LoWPAN adaptation layer;AH;E2E security; ESP compressed header performance; IEEE 802.15.4 networks; IPsec authentication header; IPv6 enabled sensor networks; Internet; Internet of Things paradigm; WSNs; communication endpoints; encapsulation security payload; encryption; end-to-end communication path; security threats; stand-alone wireless sensor networks; Authentication; IEEE 802.15 Standards; IP networks; Internet; Payloads; Wireless sensor networks (ID#:14-3174)
  • Han, Lansheng; Qian, Mengxiao; Xu, Xingbo; Fu, Cai; Kwisaba, Hamza, "Malicious Code Detection Model Based On Behavior Association," Tsinghua Science and Technology, vol.19, no.5, pp.508,515, Oct. 2014 doi: 10.1109/TST.2014.6919827 Malicious applications can be introduced to attack users and services so as to gain financial rewards, individuals' sensitive information, company and government intellectual property, and to gain remote control of systems. However, traditional methods of malicious code detection, such as signature detection, behavior detection, virtual machine detection, and heuristic detection, have various weaknesses which make them unreliable. This paper presents the existing technologies of malicious code detection and a malicious code detection model is proposed based on behavior association. The behavior points of malicious code are first extracted through API monitoring technology and integrated into the behavior; then a relation between behaviors is established according to data dependence. Next, a behavior association model is built up and a discrimination method is put forth using pushdown automation. Finally, the exact malicious code is taken as a sample to carry out an experiment on the behavior's capture, association, and discrimination, thus proving that the theoretical model is viable.
    Keywords: Automation; Computers; Grammar; Monitoring; Trojan horses; Virtual machining; behavior association; behavior monitor; malicious code; pushdown automation (ID#:14-3175)


Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.