Visible to the public Biblio

Found 859 results

Filters: First Letter Of Last Name is A  [Clear All Filters]
[A] B C D E F G H I J K L M N O P Q R S T U V W X Y Z   [Show ALL]
A
Abdelraheem, Mohamed Ahmed, Gehrmann, Christian, Lindström, Malin, Nordahl, Christian.  2016.  Executing Boolean Queries on an Encrypted Bitmap Index. Proceedings of the 2016 ACM on Cloud Computing Security Workshop. :11–22.

We propose a simple and efficient searchable symmetric encryption scheme based on a Bitmap index that evaluates Boolean queries. Our scheme provides a practical solution in settings where communications and computations are very constrained as it offers a suitable trade-off between privacy and performance.

Abdelwahed, N., Letaifa, A. Ben, Asmi, S. El.  2018.  Content Based Algorithm Aiming to Improve the WEB\_QoE Over SDN Networks. 2018 32nd International Conference on Advanced Information Networking and Applications Workshops (WAINA). :153–158.
Since the 1990s, the concept of QoE has been increasingly present and many scientists take it into account within different fields of application. Taking for example the case of video streaming, the QoE has been well studied in this case while for the web the study of its QoE is relatively neglected. The Quality of Experience (QoE) is the set of objective and subjective characteristics that satisfy retain or give confidence to a user through the life cycle of a service. There are researches that take the different measurement metrics of QoE as a subject, others attack new ways to improve this QoE in order to satisfy the customer and gain his loyalty. In this paper, we focus on the web QoE that is declined by researches despite its great importance given the complexity of new web pages and their utility that is increasingly critical. The wealth of new web pages in images, videos, audios etc. and their growing significance prompt us to write this paper, in which we discuss a new method that aims to improve the web QoE in a software-defined network (SDN). Our proposed method consists in automating and making more flexible the management of the QoE improvement of the web pages and this by writing an algorithm that, depending on the case, chooses the necessary treatment to improve the web QoE of the page concerned and using both web prefetching and caching to accelerate the data transfer when the user asks for it. The first part of the paper discusses the advantages and disadvantages of existing works. In the second part we propose an automatic algorithm that treats each case with the appropriate solution that guarantees its best performance. The last part is devoted to the evaluation of the performance.
Abdelzaher, T., Ayanian, N., Basar, T., Diggavi, S., Diesner, J., Ganesan, D., Govindan, R., Jha, S., Lepoint, T., Marlin, B. et al..  2018.  Toward an Internet of Battlefield Things: A Resilience Perspective. Computer. 51:24—36.

The Internet of Battlefield Things (IoBT) might be one of the most expensive cyber-physical systems of the next decade, yet much research remains to develop its fundamental enablers. A challenge that distinguishes the IoBT from its civilian counterparts is resilience to a much larger spectrum of threats.

Abdeslam, W. Oulad, Tabii, Y., El Kadiri, K. E..  2017.  Adaptive Appearance Model in Particle Filter Based Visual Tracking. Proceedings of the 2Nd International Conference on Big Data, Cloud and Applications. :85:1–85:5.

Visual Tracking methods based on particle filter framework uses frequently the state space information of the target object to calculate the observation model, However this often gives a poor estimate if unexpected motions happen, or under conditions of cluttered backgrounds illumination changes, because the model explores the state space without any additional information of current state. In order to avoid the tracking failure, we address in this paper, Particle filter based visual tracking, in which the target appearance model is represented through an adaptive conjunction of color histogram, and space based appearance combining with velocity parameters, then the appearance models is estimated using particles whose weights, are incrementally updated for dynamic adaptation of the cue parametrization.

Abdessalem, Marwa Ben, Zribi, Amin, Matsumoto, Tadashi, Bouallègue, Ammar.  2018.  LDPC-based Joint Source-Channel-Network Coding for the Multiple Access Relay Channel. 2018 6th International Conference on Wireless Networks and Mobile Communications (WINCOM). :1–6.
In this work, we investigate the MARC (Multiple Access Relay Channel) setup, in which two Markov sources communicate to a single destination, aided by one relay, based on Joint Source Channel Network (JSCN) LDPC codes. In addition, the two source nodes compress the information sequences with an LDPC source code. The compressed symbols are directly transmitted to both a relay and a destination nodes in two transportation phases. Indeed, the relay performs the concatenation of the received compressed sequences to obtain a recovered sequence, which is encoded with an LDPC channel code, before being forwarded to the destination. At the receiver, we propose an iterative joint decoding algorithm that exploits the correlation between the two sources-relay data and takes into account the errors occurring in the sources-relay links to estimate the source data. We show based on simulation results that the JSCN coding and decoding scheme into a MARC setup achieves a good performance with a gain of about 5 dB compared to a conventional LDPC code.
Abdi, Fardin, Tabish, Rohan, Rungger, Matthias, Zamani, Majid, Caccamo, Marco.  2017.  Application and System-level Software Fault Tolerance Through Full System Restarts. Proceedings of the 8th International Conference on Cyber-Physical Systems. :197–206.

Due to the growing performance requirements, embedded systems are increasingly more complex. Meanwhile, they are also expected to be reliable. Guaranteeing reliability on complex systems is very challenging. Consequently, there is a substantial need for designs that enable the use of unverified components such as real-time operating system (RTOS) without requiring their correctness to guarantee safety. In this work, we propose a novel approach to design a controller that enables the system to restart and remain safe during and after the restart. Complementing this controller with a switching logic allows the system to use complex, unverified controller to drive the system as long as it does not jeopardize safety. Such a design also tolerates faults that occur in the underlying software layers such as RTOS and middleware and recovers from them through system-level restarts that reinitialize the software (middleware, RTOS, and applications) from a read-only storage. Our approach is implementable using one commercial off-the-shelf (COTS) processing unit. To demonstrate the efficacy of our solution, we fully implement a controller for a 3 degree of freedom (3DOF) helicopter. We test the system by injecting various types of faults into the applications and RTOS and verify that the system remains safe.

Abdolahi, Mahssa, Jiang, Hao, Kaminska, Bozena.  2019.  Robust data retrieval from high-security structural colour QR codes via histogram equalization and decorrelation stretching. 2019 IEEE 10th Annual Ubiquitous Computing, Electronics Mobile Communication Conference (UEMCON). :0340–0346.
In this work, robust readout of the data (232 English characters) stored in high-security structural colour QR codes, was achieved by using multiple image processing techniques, specifically, histogram equalization and decorrelation stretching. The decoded structural colour QR codes are generic diffractive RGB-pixelated periodic nanocones selectively activated by laser exposure to obtain the particular design of interest. The samples were imaged according to the criteria determined by the diffraction grating equation for the lighting and viewing angles given the red, green, and blue periodicities of the grating. However, illumination variations all through the samples, cross-module and cross-channel interference effects result in acquiring images with dissimilar lighting conditions which cannot be directly retrieved by the decoding script and need significant preprocessing. According to the intensity plots, even if the intensity values are very close (above 200) at some typical regions of the images with different lighting conditions, their inconsistencies (below 100) at the pixels of one representative region may lead to the requirement for using different methods for recovering the data from all red, green, and blue channels. In many cases, a successful data readout could be achieved by downscaling the images to 300-pixel dimensions (along with bilinear interpolation resampling), histogram equalization (HE), linear spatial low-pass mean filtering, and gamma function, each used either independently or with other complementary processes. The majority of images, however, could be fully decoded using decorrelation stretching (DS) either as a standalone or combinational process for obtaining a more distinctive colour definition.
Abdollahpouri, Himan, Burke, Robin, Mobasher, Bamshad.  2017.  Recommender Systems As Multistakeholder Environments. Proceedings of the 25th Conference on User Modeling, Adaptation and Personalization. :347–348.

Recommender systems are typically evaluated on their ability to provide items that satisfy the needs and interests of the end user. However, in many real world applications, users are not the only stakeholders involved. There may be a variety of individuals or organizations that benefit in different ways from the delivery of recommendations. In this paper, we re-define the recommender system as a multistakeholder environment in which different stakeholders are served by delivering recommendations, and we suggest a utility-based approach to evaluating recommendations in such an environment that is capable of distinguishing among the distributions of utility delivered to different stakeholders.

Abdul Raman, Razman Hakim.  2019.  Enhanced Automated-Scripting Method for Improved Management of SQL Injection Penetration Tests on a Large Scale. 2019 IEEE 9th Symposium on Computer Applications Industrial Electronics (ISCAIE). :259–266.
Typically, in an assessment project for a web application or database with a large scale and scope, tasks required to be performed by a security analyst are such as SQL injection and penetration testing. To carry out these large-scale tasks, the analyst will have to perform 100 or more SQLi penetration tests on one or more target. This makes the process much more complex and much harder to implement. This paper attempts to compare large-scale SQL injections performed with Manual Methods, which is the benchmark, and the proposed SQLiAutoScript Method. The SQLiAutoScript method uses sqlmap as a tool, in combination with sqlmap scripting and logging features, to facilitate a more effective and manageable approach within a large scale of hundreds or thousands of SQL injection penetration tests. Comparison of the test results for both Manual and SQLiAutoScript approaches and their benefits is included in the comparative analysis. The tests were performed over a scope of 24 SQL injection (SQLi) tests that comprises over 100,000 HTTP requests and injections, and within a total testing run-time period of about 50 hours. The scope of testing also covers both SQLiAutoScript and Manual methods. In the SQLiAutoScript method, each SQL injection test has its own sub-folder and files for data such as results (output), progress (traffic logs) and logging. In this way across all SQLi tests, the results, data and details related to SQLi tests are logged, available, traceable, accurate and not missed out. Available and traceable data also facilitates traceability of failed SQLi tests, and higher recovery and reruns of failed SQLi tests to maximize increased attack surface upon the target.
Abdulhammed, R., Faezipour, M., Musafer, H., Abuzneid, A..  2019.  Efficient Network Intrusion Detection Using PCA-Based Dimensionality Reduction of Features. 2019 International Symposium on Networks, Computers and Communications (ISNCC). :1—6.

Designing a machine learning based network intrusion detection system (IDS) with high-dimensional features can lead to prolonged classification processes. This is while low-dimensional features can reduce these processes. Moreover, classification of network traffic with imbalanced class distributions has posed a significant drawback on the performance attainable by most well-known classifiers. With the presence of imbalanced data, the known metrics may fail to provide adequate information about the performance of the classifier. This study first uses Principal Component Analysis (PCA) as a feature dimensionality reduction approach. The resulting low-dimensional features are then used to build various classifiers such as Random Forest (RF), Bayesian Network, Linear Discriminant Analysis (LDA) and Quadratic Discriminant Analysis (QDA) for designing an IDS. The experimental findings with low-dimensional features in binary and multi-class classification show better performance in terms of Detection Rate (DR), F-Measure, False Alarm Rate (FAR), and Accuracy. Furthermore, in this paper, we apply a Multi-Class Combined performance metric Combi ned Mc with respect to class distribution through incorporating FAR, DR, Accuracy, and class distribution parameters. In addition, we developed a uniform distribution based balancing approach to handle the imbalanced distribution of the minority class instances in the CICIDS2017 network intrusion dataset. We were able to reduce the CICIDS2017 dataset's feature dimensions from 81 to 10 using PCA, while maintaining a high accuracy of 99.6% in multi-class and binary classification.

Abdulkarem, H. S., Dawod, A..  2020.  DDoS Attack Detection and Mitigation at SDN Data Plane Layer. 2020 2nd Global Power, Energy and Communication Conference (GPECOM). :322—326.
In the coming future, Software-defined networking (SDN) will become a technology more responsive, fully automated, and highly secure. SDN is a way to manage networks by separate the control plane from the forwarding plane, by using software to manage network functions through a centralized control point. A distributed denial-of-service (DDoS) attack is the most popular malicious attempt to disrupt normal traffic of a targeted server, service, or network. The problem of the paper is the DDoS attack inside the SDN environment and how could use SDN specifications through the advantage of Open vSwitch programmability feature to stop the attack. This paper presents DDoS attack detection and mitigation in the SDN data-plane by applying a written SDN application in python language, based on the malicious traffic abnormal behavior to reduce the interference with normal traffic. The evaluation results reveal detection and mitigation time between 100 to 150 sec. The work also sheds light on the programming relevance with the open daylight controller over an abstracted view of the network infrastructure.
Abdulla, Parosh Aziz, Aiswarya, C., Atig, Mohamed Faouzi, Montali, Marco, Rezine, Othmane.  2016.  Recency-Bounded Verification of Dynamic Database-Driven Systems. Proceedings of the 35th ACM SIGMOD-SIGACT-SIGAI Symposium on Principles of Database Systems. :195–210.

We propose a formalism to model database-driven systems, called database manipulating systems (DMS). The actions of a (DMS) modify the current instance of a relational database by adding new elements into the database, deleting tuples from the relations and adding tuples to the relations. The elements which are modified by an action are chosen by (full) first-order queries. (DMS) is a highly expressive model and can be thought of as a succinct representation of an infinite state relational transition system, in line with similar models proposed in the literature. We propose monadic second order logic (MSO-FO) to reason about sequences of database instances appearing along a run. Unsurprisingly, the linear-time model checking problem of (DMS) against (MSO-FO) is undecidable. Towards decidability, we propose under-approximate model checking of (DMS), where the under-approximation parameter is the "bound on recency". In a k-recency-bounded run, only the most recent k elements in the current active domain may be modified by an action. More runs can be verified by increasing the bound on recency. Our main result shows that recency-bounded model checking of (DMS) against (MSO-FO) is decidable, by a reduction to the satisfiability problem of MSO over nested words.

Abdullah Akce, University of Illinois at Urbana-Champaign, James Norton, University of Illinois at Urbana-Champaign, Timothy Bretl, University of Illinois at Urbana-Champaign.  2012.  A Brain-Machine Interface to Navigate Mobile Robots Along Human-Like Paths Amidst Obstacles. IEEE/RSJ International Conference on Intelligent Robots and Systems (IROS).

This paper presents an interface that allows a human user to specify a desired path for a mobile robot in a planar workspace with noisy binary inputs that are obtained at low bit-rates through an electroencephalograph (EEG). We represent desired paths as geodesics with respect to a cost function that is defined so that each path-homotopy class contains exactly one (local) geodesic. We apply max-margin structured learning to recover a cost function that is consistent with observations of human walking paths. We derive an optimal feedback communication protocol to select a local geodesic— equivalently, a path-homotopy class—using a sequence of noisy bits. We validate our approach with experiments that quantify both how well our learned cost function characterizes human walking data and how well human subjects perform with the resulting interface in navigating a simulated robot with EEG.

Abdullah, Ghazi Muhammad, Mehmood, Quzal, Khan, Chaudry Bilal Ahmad.  2018.  Adoption of Lamport signature scheme to implement digital signatures in IoT. 2018 International Conference on Computing, Mathematics and Engineering Technologies (iCoMET). :1–4.
The adoption of Internet of Things (IoT) technology is increasing at a fast rate. With improving software technologies and growing security threats, there is always a need to upgrade the firmware in the IoT devices. Digital signatures are an integral part of digital communication to cope with the threat of these devices being exploited by attackers to run malicious commands, codes or patches on them. Digital Signatures measure the authenticity of the transmitted data as well as are a source of record keeping (repudiation). This study proposes the adoption of Lamport signature scheme, which is quantum resistant, for authentication of data transmission and its feasibility in IoT devices.
Abdulqadder, I. H., Zou, D., Aziz, I. T., Yuan, B..  2017.  Modeling software defined security using multi-level security mechanism for SDN environment. 2017 IEEE 17th International Conference on Communication Technology (ICCT). :1342–1346.

Software Defined Networking (SDN) support several administrators for quicker access of resources due to its manageability, cost-effectiveness and adaptability. Even though SDN is beneficial it also exists with security based challenges due to many vulnerable threats. Participation of such threats increases their impact and risk level. In this paper a multi-level security mechanism is proposed over SDN architecture design. In each level the flow packet is analyzed using different metric and finally it reaches a secure controller for processing. Benign flow packets are differentiated from non-benign flow by means of the packet features. Initially routers verify user, secondly policies are verified by using dual-fuzzy logic design and thirdly controllers are authenticated using signature based authentication before assigning flow packets. This work aims to enhance entire security of developed SDN environment. SDN architecture is implemented in OMNeT++ simulation tool that supports OpenFlow switches and controllers. Finally experimental results show better performances in following performance metrics as throughput, time consumption and jitter.

Abdulrahman, Hasan, Chaumont, Marc, Montesinos, Philippe, Magnier, Baptiste.  2016.  Color Image Steganalysis Based On Steerable Gaussian Filters Bank. Proceedings of the 4th ACM Workshop on Information Hiding and Multimedia Security. :109–114.

This article deals with color images steganalysis based on machine learning. The proposed approach enriches the features from the Color Rich Model by adding new features obtained by applying steerable Gaussian filters and then computing the co-occurrence of pixel pairs. Adding these new features to those obtained from Color-Rich Models allows us to increase the detectability of hidden messages in color images. The Gaussian filters are angled in different directions to precisely compute the tangent of the gradient vector. Then, the gradient magnitude and the derivative of this tangent direction are estimated. This refined method of estimation enables us to unearth the minor changes that have occurred in the image when a message is embedded. The efficiency of the proposed framework is demonstrated on three stenographic algorithms designed to hide messages in images: S-UNIWARD, WOW, and Synch-HILL. Each algorithm is tested using different payload sizes. The proposed approach is compared to three color image steganalysis methods based on computation features and Ensemble Classifier classification: the Spatial Color Rich Model, the CFA-aware Rich Model and the RGB Geometric Color Rich Model.

Abdulwahab, Walled Khalid, Abdulrahman Kadhim, Abdulkareem.  2018.  Comparative Study of Channel Coding Schemes for 5G. 2018 International Conference on Advanced Science and Engineering (ICOASE). :239–243.
In this paper we look into 5G requirements for channel coding and review candidate channel coding schemes for 5G. A comparative study is presented for possible channel coding candidates of 5G covering Convolutional, Turbo, Low Density Parity Check (LDPC), and Polar codes. It seems that polar code with Successive Cancellation List (SCL) decoding using small list length (such as 8) is a promising choice for short message lengths (≤128 bits) due to its error performance and relatively low complexity. Also adopting non-binary LDPC can provide good performance on the expense of increased complexity but with better spectral efficiency. Considering the implementation, polar code with decoding algorithms based on SCL required small area and low power consumption when compared to LDPC codes. For larger message lengths (≥256 bits) turbo code can provide better performance at low coding rates (\textbackslashtextless;1/2).
Abe, Ryosuke, Nakamura, Keita, Teramoto, Kentaro, Takahashi, Misato.  2018.  Attack Incentive and Security of Exchanging Tokens on Proof-of-Work Blockchain. Proceedings of the Asian Internet Engineering Conference. :32–37.

In a consensus algorithm based on Proof-of-Work, miners are motivated by crypto rewards. Furthermore, security is guaranteed because a cost of a 50% attack chance is higher than the potential rewards. However, because of the sudden price jump of cryptocurrencies and cheap prices of mining machines like ASICs, the cost and profit were on equilibrium for Bitcoin in 2017. In this situation, attackers are motivated by the balance between hash power and profits. In this paper, we describe that there is relevance between mining power on the network and price of tokens that can be taken securely on a blockchain. Users who exchange tokens on the PoW blockchain should monitor mining power and exchange tokens cheaper than the attack cost so that profit and cost of the attacker are not in equilibrium.

Abedin, N. F., Bawm, R., Sarwar, T., Saifuddin, M., Rahman, M. A., Hossain, S..  2020.  Phishing Attack Detection using Machine Learning Classification Techniques. 2020 3rd International Conference on Intelligent Sustainable Systems (ICISS). :1125—1130.

Phishing attacks are the most common form of attacks that can happen over the internet. This method involves attackers attempting to collect data of a user without his/her consent through emails, URLs, and any other link that leads to a deceptive page where a user is persuaded to commit specific actions that can lead to the successful completion of an attack. These attacks can allow an attacker to collect vital information of the user that can often allow the attacker to impersonate the victim and get things done that only the victim should have been able to do, such as carry out transactions, or message someone else, or simply accessing the victim's data. Many studies have been carried out to discuss possible approaches to prevent such attacks. This research work includes three machine learning algorithms to predict any websites' phishing status. In the experimentation these models are trained using URL based features and attempted to prevent Zero-Day attacks by using proposed software proposal that differentiates the legitimate websites and phishing websites by analyzing the website's URL. From observations, the random forest classifier performed with a precision of 97%, a recall 99%, and F1 Score is 97%. Proposed model is fast and efficient as it only works based on the URL and it does not use other resources for analysis, as was the case for past studies.

Abedin, Zain Ul, Guan, Zhitao, Arif, Asad Ullah, Anwar, Usman.  2019.  An Advance Cryptographic Solutions in Cloud Computing Security. 2019 2nd International Conference on Computing, Mathematics and Engineering Technologies (iCoMET). :1–6.

Cryptographically cloud computing may be an innovative safe cloud computing design. Cloud computing may be a huge size dispersed computing model that ambitious by the economy of the level. It integrates a group of inattentive virtualized animatedly scalable and managed possessions like computing control storage space platform and services. External end users will approach to resources over the net victimization fatal particularly mobile terminals, Cloud's architecture structures are advances in on-demand new trends. That are the belongings are animatedly assigned to a user per his request and hand over when the task is finished. So, this paper projected biometric coding to boost the confidentiality in Cloud computing for biometric knowledge. Also, this paper mentioned virtualization for Cloud computing also as statistics coding. Indeed, this paper overviewed the safety weaknesses of Cloud computing and the way biometric coding will improve the confidentiality in Cloud computing atmosphere. Excluding this confidentiality is increased in Cloud computing by victimization biometric coding for biometric knowledge. The novel approach of biometric coding is to reinforce the biometric knowledge confidentiality in Cloud computing. Implementation of identification mechanism can take the security of information and access management in the cloud to a higher level. This section discusses, however, a projected statistics system with relation to alternative recognition systems to date is a lot of advantageous and result oriented as a result of it does not work on presumptions: it's distinctive and provides quick and contact less authentication. Thus, this paper reviews the new discipline techniques accustomed to defend methodology encrypted info in passing remote cloud storage.

Abera, Tigist, Asokan, N., Davi, Lucas, Ekberg, Jan-Erik, Nyman, Thomas, Paverd, Andrew, Sadeghi, Ahmad-Reza, Tsudik, Gene.  2016.  C-FLAT: Control-Flow Attestation for Embedded Systems Software. Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. :743–754.

Remote attestation is a crucial security service particularly relevant to increasingly popular IoT (and other embedded) devices. It allows a trusted party (verifier) to learn the state of a remote, and potentially malware-infected, device (prover). Most existing approaches are static in nature and only check whether benign software is initially loaded on the prover. However, they are vulnerable to runtime attacks that hijack the application's control or data flow, e.g., via return-oriented programming or data-oriented exploits. As a concrete step towards more comprehensive runtime remote attestation, we present the design and implementation of Control-FLow ATtestation (C-FLAT) that enables remote attestation of an application's control-flow path, without requiring the source code. We describe a full prototype implementation of C-FLAT on Raspberry Pi using its ARM TrustZone hardware security extensions. We evaluate C-FLAT's performance using a real-world embedded (cyber-physical) application, and demonstrate its efficacy against control-flow hijacking attacks.

Abeykoon, I., Feng, X..  2019.  Challenges in ROS Forensics. 2019 IEEE SmartWorld, Ubiquitous Intelligence Computing, Advanced Trusted Computing, Scalable Computing Communications, Cloud Big Data Computing, Internet of People and Smart City Innovation (SmartWorld/SCALCOM/UIC/ATC/CBDCom/IOP/SCI). :1677—1682.

The usage of robot is rapidly growth in our society. The communication link and applications connect the robots to their clients or users. This communication link and applications are normally connected through some kind of network connections. This network system is amenable of being attached and vulnerable to the security threats. It is a critical part for ensuring security and privacy for robotic platforms. The paper, also discusses about several cyber-physical security threats that are only for robotic platforms. The peer to peer applications use in the robotic platforms for threats target integrity, availability and confidential security purposes. A Remote Administration Tool (RAT) was introduced for specific security attacks. An impact oriented process was performed for analyzing the assessment outcomes of the attacks. Tests and experiments of attacks were performed in simulation environment which was based on Gazbo Turtlebot simulator and physically on the robot. A software tool was used for simulating, debugging and experimenting on ROS platform. Integrity attacks performed for modifying commands and manipulated the robot behavior. Availability attacks were affected for Denial-of-Service (DoS) and the robot was not listened to Turtlebot commands. Integrity and availability attacks resulted sensitive information on the robot.

Abeysekara, P., Dong, H., Qin, A. K..  2019.  Machine Learning-Driven Trust Prediction for MEC-Based IoT Services. 2019 IEEE International Conference on Web Services (ICWS). :188—192.

We propose a distributed machine-learning architecture to predict trustworthiness of sensor services in Mobile Edge Computing (MEC) based Internet of Things (IoT) services, which aligns well with the goals of MEC and requirements of modern IoT systems. The proposed machine-learning architecture models training a distributed trust prediction model over a topology of MEC-environments as a Network Lasso problem, which allows simultaneous clustering and optimization on large-scale networked-graphs. We then attempt to solve it using Alternate Direction Method of Multipliers (ADMM) in a way that makes it suitable for MEC-based IoT systems. We present analytical and simulation results to show the validity and efficiency of the proposed solution.

Abgrall, E., le Traon, Y., Gombault, S., Monperrus, M..  2014.  Empirical Investigation of the Web Browser Attack Surface under Cross-Site Scripting: An Urgent Need for Systematic Security Regression Testing. Software Testing, Verification and Validation Workshops (ICSTW), 2014 IEEE Seventh International Conference on. :34-41.

One of the major threats against web applications is Cross-Site Scripting (XSS). The final target of XSS attacks is the client running a particular web browser. During this last decade, several competing web browsers (IE, Netscape, Chrome, Firefox) have evolved to support new features. In this paper, we explore whether the evolution of web browsers is done using systematic security regression testing. Beginning with an analysis of their current exposure degree to XSS, we extend the empirical study to a decade of most popular web browser versions. We use XSS attack vectors as unit test cases and we propose a new method supported by a tool to address this XSS vector testing issue. The analysis on a decade releases of most popular web browsers including mobile ones shows an urgent need of XSS regression testing. We advocate the use of a shared security testing benchmark as a good practice and propose a first set of publicly available XSS vectors as a basis to ensure that security is not sacrificed when a new version is delivered.

Abhilash, Goyal, Divyansh, Gupta.  2018.  Intrusion Detection and Prevention in Software Defined Networking. 2018 IEEE International Conference on Advanced Networks and Telecommunications Systems (ANTS). :1–4.
Software defined networking is a concept proposed to replace traditional networks by separating control plane and data plane. It makes the network more programmable and manageable. As there is a single point of control of the network, it is more vulnerable to intrusion. The idea is to train the network controller by machine learning algorithms to let it make the intelligent decisions automatically. In this paper, we have discussed our approach to make software defined networking more secure from various malicious attacks by making it capable of detecting and preventing such attacks.