Visible to the public Biblio

Found 401 results

Filters: First Letter Of Last Name is I  [Clear All Filters]
In Press
Ignacio X. Dominguez, Jayant Dhawan, Robert St. Amant, David L. Roberts.  In Press.  Exploring the Effects of Different Text Stimuli on Typing Behavior. International Conference on Cognitive Modeling.

In this work we explore how different cognitive processes af- fected typing patterns through a computer game we call The Typing Game. By manipulating the players’ familiarity with the words in our game through their similarity to dictionary words, and by allowing some players to replay rounds, we found that typing speed improves with familiarity with words, and also with practice, but that these are independent of the number of mistakes that are made when typing. We also found that users who had the opportunity to replay rounds exhibited different typing patterns even before replaying the rounds. 

2020
Islam, M., Rahaman, S., Meng, N., Hassanshahi, B., Krishnan, P., Yao, D. D..  2020.  Coding Practices and Recommendations of Spring Security for Enterprise Applications. 2020 IEEE Secure Development (SecDev). :49—57.
Spring security is tremendously popular among practitioners for its ease of use to secure enterprise applications. In this paper, we study the application framework misconfiguration vulnerabilities in the light of Spring security, which is relatively understudied in the existing literature. Towards that goal, we identify 6 types of security anti-patterns and 4 insecure vulnerable defaults by conducting a measurement-based approach on 28 Spring applications. Our analysis shows that security risks associated with the identified security anti-patterns and insecure defaults can leave the enterprise application vulnerable to a wide range of high-risk attacks. To prevent these high-risk attacks, we also provide recommendations for practitioners. Consequently, our study has contributed one update to the official Spring security documentation while other security issues identified in this study are being considered for future major releases by Spring security community.
Illing, B., Westhoven, M., Gaspers, B., Smets, N., Brüggemann, B., Mathew, T..  2020.  Evaluation of Immersive Teleoperation Systems using Standardized Tasks and Measurements. 2020 29th IEEE International Conference on Robot and Human Interactive Communication (RO-MAN). :278—285.

Despite advances regarding autonomous functionality for robots, teleoperation remains a means for performing delicate tasks in safety critical contexts like explosive ordnance disposal (EOD) and ambiguous environments. Immersive stereoscopic displays have been proposed and developed in this regard, but bring about their own specific problems, e.g., simulator sickness. This work builds upon standardized test environments to yield reproducible comparisons between different robotic platforms. The focus was placed on testing three optronic systems of differing degrees of immersion: (1) A laptop display showing multiple monoscopic camera views, (2) an off-the-shelf virtual reality headset coupled with a pantilt-based stereoscopic camera, and (3) a so-called Telepresence Unit, providing fast pan, tilt, yaw rotation, stereoscopic view, and spatial audio. Stereoscopic systems yielded significant faster task completion only for the maneuvering task. As expected, they also induced Simulator Sickness among other results. However, the amount of Simulator Sickness varied between both stereoscopic systems. Collected data suggests that a higher degree of immersion combined with careful system design can reduce the to-be-expected increase of Simulator Sickness compared to the monoscopic camera baseline while making the interface subjectively more effective for certain tasks.

Sabu, R., Yasuda, K., Kato, R., Kawaguchi, S., Iwata, H..  2020.  Does visual search by neck motion improve hemispatial neglect?: An experimental study using an immersive virtual reality system 2020 IEEE International Conference on Systems, Man, and Cybernetics (SMC). :262—267.

Unilateral spatial neglect (USN) is a higher cognitive dysfunction that can occur after a stroke. It is defined as an impairment in finding, reporting, reacting to, and directing stimuli opposite the damaged side of the brain. We have proposed a system to identify neglected regions in USN patients in three dimensions using three-dimensional virtual reality. The objectives of this study are twofold: first, to propose a system for numerically identifying the neglected regions using an object detection task in a virtual space, and second, to compare the neglected regions during object detection when the patient's neck is immobilized (‘fixed-neck’ condition) versus when the neck can be freely moved to search (‘free-neck’ condition). We performed the test using an immersive virtual reality system, once with the patient's neck fixed and once with the patient's neck free to move. Comparing the results of the study in two patients, we found that the neglected areas were similar in the fixed-neck condition. However, in the free-neck condition, one patient's neglect improved while the other patient’s neglect worsened. These results suggest that exploratory ability affects the symptoms of USN and is crucial for clinical evaluation of USN patients.

Susanto, Stiawan, D., Arifin, M. A. S., Idris, M. Y., Budiarto, R..  2020.  IoT Botnet Malware Classification Using Weka Tool and Scikit-learn Machine Learning. 2020 7th International Conference on Electrical Engineering, Computer Sciences and Informatics (EECSI). :15—20.

Botnet is one of the threats to internet network security-Botmaster in carrying out attacks on the network by relying on communication on network traffic. Internet of Things (IoT) network infrastructure consists of devices that are inexpensive, low-power, always-on, always connected to the network, and are inconspicuous and have ubiquity and inconspicuousness characteristics so that these characteristics make IoT devices an attractive target for botnet malware attacks. In identifying whether packet traffic is a malware attack or not, one can use machine learning classification methods. By using Weka and Scikit-learn analysis tools machine learning, this paper implements four machine learning algorithms, i.e.: AdaBoost, Decision Tree, Random Forest, and Naïve Bayes. Then experiments are conducted to measure the performance of the four algorithms in terms of accuracy, execution time, and false positive rate (FPR). Experiment results show that the Weka tool provides more accurate and efficient classification methods. However, in false positive rate, the use of Scikit-learn provides better results.

Chalkiadakis, Nikolaos, Deyannis, Dimitris, Karnikis, Dimitris, Vasiliadis, Giorgos, Ioannidis, Sotiris.  2020.  The Million Dollar Handshake: Secure and Attested Communications in the Cloud. 2020 IEEE 13th International Conference on Cloud Computing (CLOUD). :63—70.

The number of applications and services that are hosted on cloud platforms is constantly increasing. Nowadays, more and more applications are hosted as services on cloud platforms, co-existing with other services in a mutually untrusted environment. Facilities such as virtual machines, containers and encrypted communication channels aim to offer isolation between the various applications and protect sensitive user data. However, such techniques are not always able to provide a secure execution environment for sensitive applications nor they offer guarantees that data are not monitored by an honest but curious provider once they reach the cloud infrastructure. The recent advancements of trusted execution environments within commodity processors, such as Intel SGX, provide a secure reverse sandbox, where code and data are isolated even from the underlying operating system. Moreover, Intel SGX provides a remote attestation mechanism, allowing the communicating parties to verify their identity as well as prove that code is executed on hardware-assisted software enclaves. Many approaches try to ensure code and data integrity, as well as enforce channel encryption schemes such as TLS, however, these techniques are not enough to achieve complete isolation and secure communications without hardware assistance or are not efficient in terms of performance. In this work, we design and implement a practical attestation system that allows the service provider to offer a seamless attestation service between the hosted applications and the end clients. Furthermore, we implement a novel caching system that is capable to eliminate the latencies introduced by the remote attestation process. Our approach allows the parties to attest one another before each communication attempt, with improved performance when compared to a standard TLS handshake.

Hachimi, Marouane, Kaddoum, Georges, Gagnon, Ghyslain, Illy, Poulmanogo.  2020.  Multi-stage Jamming Attacks Detection using Deep Learning Combined with Kernelized Support Vector Machine in 5G Cloud Radio Access Networks. 2020 International Symposium on Networks, Computers and Communications (ISNCC). :1—5.

In 5G networks, the Cloud Radio Access Network (C-RAN) is considered a promising future architecture in terms of minimizing energy consumption and allocating resources efficiently by providing real-time cloud infrastructures, cooperative radio, and centralized data processing. Recently, given their vulnerability to malicious attacks, the security of C-RAN networks has attracted significant attention. Among various anomaly-based intrusion detection techniques, the most promising one is the machine learning-based intrusion detection as it learns without human assistance and adjusts actions accordingly. In this direction, many solutions have been proposed, but they show either low accuracy in terms of attack classification or they offer just a single layer of attack detection. This research focuses on deploying a multi-stage machine learning-based intrusion detection (ML-IDS) in 5G C-RAN that can detect and classify four types of jamming attacks: constant jamming, random jamming, deceptive jamming, and reactive jamming. This deployment enhances security by minimizing the false negatives in C-RAN architectures. The experimental evaluation of the proposed solution is carried out using WSN-DS (Wireless Sensor Networks DataSet), which is a dedicated wireless dataset for intrusion detection. The final classification accuracy of attacks is 94.51% with a 7.84% false negative rate.

Idhom, M., Wahanani, H. E., Fauzi, A..  2020.  Network Security System on Multiple Servers Against Brute Force Attacks. 2020 6th Information Technology International Seminar (ITIS). :258—262.

Network security is critical to be able to maintain the information, especially on servers that store a lot of information; several types of attacks can occur on servers, including brute force and DDoS attacks; in the case study in this research, there are four servers used so that a network security system that can synchronize with each other so that when one server detects an attack, another server can take precautions before the same attack occurs on another server.fail2ban is a network security tool that uses the IDPS (Intrusion Detection and Prevention System) method which is an extension of the IDS (Intrusion Detection System) combined with IP tables so that it can detect and prevent suspicious activities on a network, fail2ban automatically default can only run on one server without being able to synchronize on other servers. With a network security system that can run on multiple servers, the attack prevention process can be done faster because when one server detects an attack, another server will take precautions by retrieving the information that has entered the collector database synchronizing all servers other servers can prevent attacks before an attack occurs on that server.

Ghazo, A. T. Al, Ibrahim, M., Ren, H., Kumar, R..  2020.  A2G2V: Automatic Attack Graph Generation and Visualization and Its Applications to Computer and SCADA Networks. IEEE Transactions on Systems, Man, and Cybernetics: Systems. 50:3488–3498.
Securing cyber-physical systems (CPS) and Internet of Things (IoT) systems requires the identification of how interdependence among existing atomic vulnerabilities may be exploited by an adversary to stitch together an attack that can compromise the system. Therefore, accurate attack graphs play a significant role in systems security. A manual construction of the attack graphs is tedious and error-prone, this paper proposes a model-checking-based automated attack graph generator and visualizer (A2G2V). The proposed A2G2V algorithm uses existing model-checking tools, an architecture description tool, and our own code to generate an attack graph that enumerates the set of all possible sequences in which atomic-level vulnerabilities can be exploited to compromise system security. The architecture description tool captures a formal representation of the networked system, its atomic vulnerabilities, their pre-and post-conditions, and security property of interest. A model-checker is employed to automatically identify an attack sequence in the form of a counterexample. Our own code integrated with the model-checker parses the counterexamples, encodes those for specification relaxation, and iterates until all attack sequences are revealed. Finally, a visualization tool has also been incorporated with A2G2V to generate a graphical representation of the generated attack graph. The results are illustrated through application to computer as well as control (SCADA) networks.
Inshi, S., Chowdhury, R., Elarbi, M., Ould-Slimane, H., Talhi, C..  2020.  LCA-ABE: Lightweight Context-Aware Encryption for Android Applications. 2020 International Symposium on Networks, Computers and Communications (ISNCC). :1—6.

The evolving of context-aware applications are becoming more readily available as a major driver of the growth of future connected smart, autonomous environments. However, with the increasing of security risks in critical shared massive data capabilities and the increasing regulation requirements on privacy, there is a significant need for new paradigms to manage security and privacy compliances. These challenges call for context-aware and fine-grained security policies to be enforced in such dynamic environments in order to achieve efficient real-time authorization between applications and connected devices. We propose in this work a novel solution that aims to provide context-aware security model for Android applications. Specifically, our proposition provides automated context-aware access control model and leverages Attribute-Based Encryption (ABE) to secure data communications. Thorough experiments have been performed and the evaluation results demonstrate that the proposed solution provides an effective lightweight adaptable context-aware encryption model.

Bakhtiyor, Abdurakhimov, Zarif, Khudoykulov, Orif, Allanov, Ilkhom, Boykuziev.  2020.  Algebraic Cryptanalysis of O'zDSt 1105:2009 Encryption Algorithm. 2020 International Conference on Information Science and Communications Technologies (ICISCT). :1—7.
In this paper, we examine algebraic attacks on the O'zDSt 1105:2009. We begin with a brief review of the meaning of algebraic cryptanalysis, followed by an algebraic cryptanalysis of O'zDSt 1105:2009. Primarily O'zDSt 1105:2009 encryption algorithm is decomposed and each transformation in it is algebraic described separately. Then input and output of each transformation are expressed with other transformation, encryption key, plaintext and cipher text. Created equations, unknowns on it and degree of unknowns are analyzed, and then overall result is given. Based on experimental results, it is impossible to save all system of equations that describes all transformations in O'zDSt 1105:2009 standard. Because, this task requires 273 bytes for the second round. For this reason, it is advisable to evaluate the parameters of the system of algebraic equations, representing the O'zDSt 1105:2009 standard, theoretically.
Maswood, Mirza Mohd Shahriar, Uddin, Md Ashif, Dey, Uzzwal Kumar, Islam Mamun, Md Mainul, Akter, Moriom, Sonia, Shamima Sultana, Alharbi, Abdullah G..  2020.  A Novel Sensor Design to Sense Liquid Chemical Mixtures using Photonic Crystal Fiber to Achieve High Sensitivity and Low Confinement Losses. 2020 11th IEEE Annual Information Technology, Electronics and Mobile Communication Conference (IEMCON). :0686—0691.
Chemical sensing is an important issue in food, water, environment, biomedical, and pharmaceutical field. Conventional methods used in laboratory for sensing the chemical are costly, time consuming, and sometimes wastes significant amount of sample. Photonic Crystal Fiber (PCF) offers high compactness and design flexibility and it can be used as biosensor, chemical sensor, liquid sensor, temperature sensor, mechanical sensor, gas sensor, and so on. In this work, we designed PCF to sense different concentrations of different liquids by one PCF structure. We designed different structure for silica cladding hexagonal PCF to sense different concentrations of benzene-toluene and ethanol-water mixer. Core diameter, air hole diameter, and air hole diameter to lattice pitch ratio are varied to get the optimal result as well to explore the effect of core size, air hole size and the pitch on liquid chemical sensing. Performance of the chemical sensors was examined based on confinement loss and sensitivity. The performance of the sensor varied a lot and basically it depends not only on refractive index of the liquid but also on sensing wavelengths. Our designed sensor can provide comparatively high sensitivity and low confinement loss.
Iskhakov, A., Jharko, E..  2020.  Approach to Security Provision of Machine Vision for Unmanned Vehicles of “Smart City”. 2020 International Conference on Industrial Engineering, Applications and Manufacturing (ICIEAM). :1—5.

By analogy to nature, sight is the main integral component of robotic complexes, including unmanned vehicles. In this connection, one of the urgent tasks in the modern development of unmanned vehicles is the solution to the problem of providing security for new advanced systems, algorithms, methods, and principles of space navigation of robots. In the paper, we present an approach to the protection of machine vision systems based on technologies of deep learning. At the heart of the approach lies the “Feature Squeezing” method that works on the phase of model operation. It allows us to detect “adversarial” examples. Considering the urgency and importance of the target process, the features of unmanned vehicle hardware platforms and also the necessity of execution of tasks on detecting of the objects in real-time mode, it was offered to carry out an additional simple computational procedure of localization and classification of required objects in case of crossing a defined in advance threshold of “adversarial” object testing.

Issa, H., Tar, J. K..  2020.  Tackling Actuator Saturation in Fixed Point Iteration-based Adaptive Control. 2020 IEEE 14th International Symposium on Applied Computational Intelligence and Informatics (SACI). :000221–000226.
The limited output of various drives means a challenge in controller design whenever the acceleration need of the "nominal trajectory to be tracked" temporarily exceeds the abilities of the saturated control system. The prevailing control design methods can tackle this problem either in a single theoretical step or in two consecutive steps. In this latter case in the first step the design happens without taking into account the actuator constraints, then apply a saturation compensator if the phenomenon of windup is observed. In the Fixed Point Iteration- based Adaptive Control (FPIAC) that has been developed as an alternative of the Lyapunov function-based approach the actuator saturation causes problems in its both elementary levels: in the kinematic/kinetic level where the desired acceleration is calculated, and in the iterative process that compensates the effects of modeling errors of the dynamic system under control and that of the external disturbances. The here presented approach tackles this problem in both levels by relatively simple considerations. To illustrate the method's efficiency simulation investigations were done in the FPIAC control of a modification of the van der Pol oscillator to which an additional strongly nonlinear term was added.
Javed, M. U., Jamal, A., Javaid, N., Haider, N., Imran, M..  2020.  Conditional Anonymity enabled Blockchain-based Ad Dissemination in Vehicular Ad-hoc Network. 2020 International Wireless Communications and Mobile Computing (IWCMC). :2149—2153.

Advertisement sharing in vehicular network through vehicle-to-vehicle (V2V) and vehicle-to-infrastructure (V2I) communication is a fascinating in-vehicle service for advertisers and the users due to multiple reasons. It enable advertisers to promote their product or services in the region of their interest. Also the users get to receive more relevant ads. Usually, users tend to contribute in dissemination of ads if their privacy is preserved and if some incentive is provided. Recent researches have focused on enabling both of the parameters for the users by developing fair incentive mechanism which preserves privacy by using Zero-Knowledge Proof of Knowledge (ZKPoK) (Ming et al., 2019). However, the anonymity provided by ZKPoK can introduce internal attacker scenarios in the network due to which authenticated users can disseminate fake ads in the network without payment. As the existing scheme uses certificate-less cryptography, due to which malicious users cannot be removed from the network. In order to resolve these challenges, we employed conditional anonymity and introduced Monitoring Authority (MA) in the system. In our proposed scheme, the pseudonyms are assigned to the vehicles while their real identities are stored in Certification Authority (CA) in encrypted form. The pseudonyms are updated after a pre-defined time threshold to prevent behavioural privacy leakage. We performed security and performance analysis to show the efficiency of our proposed system.

Reddy, C. b Manjunath, reddy, U. k, Brumancia, E., Gomathi, R. M., Indira, K..  2020.  Integrative Approach Of Big Data And Network Attacks Analysis In Cloud Environment. 2020 4th International Conference on Trends in Electronics and Informatics (ICOEI)(48184). :314—317.

Lately mining of information from online life is pulling in more consideration because of the blast in the development of Big Data. In security, Big Data manages an assortment of immense advanced data for investigating, envisioning and to draw the bits of knowledge for the expectation and anticipation of digital assaults. Big Data Analytics (BDA) is the term composed by experts to portray the art of dealing with, taking care of and gathering a great deal of data for future evaluation. Data is being made at an upsetting rate. The quick improvement of the Internet, Internet of Things (IoT) and other creative advances are the rule liable gatherings behind this proceeded with advancement. The data made is an impression of the earth, it is conveyed out of, along these lines can use the data got away from structures to understand the internal exercises of that system. This has become a significant element in cyber security where the objective is to secure resources. Moreover, the developing estimation of information has made large information a high worth objective. Right now, investigate ongoing exploration works in cyber security comparable to huge information and feature how Big information is secured and how huge information can likewise be utilized as a device for cyber security. Simultaneously, a Big Data based concentrated log investigation framework is actualized to distinguish the system traffic happened with assailants through DDOS, SQL Injection and Bruce Force assault. The log record is naturally transmitted to the brought together cloud server and big information is started in the investigation process.

Stanković, I., Brajović, M., Daković, M., Stanković, L., Ioana, C..  2020.  Quantization Effect in Nonuniform Nonsparse Signal Reconstruction. 2020 9th Mediterranean Conference on Embedded Computing (MECO). :1–4.
This paper examines the influence of quantization on the compressive sensing theory applied to the nonuniformly sampled nonsparse signals with reduced set of randomly positioned measurements. The error of the reconstruction will be generalized to exact expected squared error expression. The aim is to connect the generalized random sampling strategy with the quantization effect, finding the resulting error of the reconstruction. Small sampling deviations correspond to the imprecisions of the sampling strategy, while completely random sampling schemes causes large sampling deviations. Numerical examples provide an agreement between the statistical results and theoretical values.
Ilsenstein, Lisa, Koch, Manfred, Steinhart, Heinrich.  2020.  Definition of Attack Vectors to detect possible Cyber-Attacks on Electrical Machines. PCIM Europe digital days 2020; International Exhibition and Conference for Power Electronics, Intelligent Motion, Renewable Energy and Energy Management. :1—7.
System safety and cyber security have a great effect on the availability of devices that are interconnected. With the rising interconnection of critical infrastructures new risks occur, which have to be detected and warded. Therefore, attack vectors are defined to determine deviations to the nominal values of a cyber-physical system in this paper. Through an elaborated cyber security concept, the tasks of a simple motor protecting switch and additional tasks to detect cyber-attacks can be implemented. The simulative result of an exemplary overvoltage shows the impact on the RMS and phase voltages of a monitored drive.
Nakadai, N., Iseki, T., Hayashi, M..  2020.  Improving the Security Strength of Iseki’s Fully Homomorphic Encryption. 2020 35th International Technical Conference on Circuits/Systems, Computers and Communications (ITC-CSCC). :299–304.
This paper proposes a method that offers much higher security for Iseki's fully homomorphic encryption (FHE), a recently proposed secure computation scheme. The key idea is re-encrypting already encrypted data. This second encryption is executed using new common keys, whereby two or more encryptions offer much stronger security.
Samuel, C., Alvarez, B. M., Ribera, E. Garcia, Ioulianou, P. P., Vassilakis, V. G..  2020.  Performance Evaluation of a Wormhole Detection Method using Round-Trip Times and Hop Counts in RPL-Based 6LoWPAN Networks. 2020 12th International Symposium on Communication Systems, Networks and Digital Signal Processing (CSNDSP). :1–6.
The IPv6 over Low-power Wireless Personal Area Network (6LoWPAN) has been standardized to support IP over lossy networks. RPL (Routing Protocol for Low-Power and Lossy Networks) is the common routing protocol for 6LoWPAN. Among various attacks on RPL-based networks, the wormhole attack may cause severe network disruption and is one of the hardest to detect. We have designed and implemented in ContikiOS a wormhole detection technique for 6LoWPAN, that uses round-trip times and hop counts. In addition, the performance of this technique has been evaluated in terms of power, CPU, memory, and communication overhead.
Arjoune, Y., Salahdine, F., Islam, M. S., Ghribi, E., Kaabouch, N..  2020.  A Novel Jamming Attacks Detection Approach Based on Machine Learning for Wireless Communication. 2020 International Conference on Information Networking (ICOIN). :459–464.
Jamming attacks target a wireless network creating an unwanted denial of service. 5G is vulnerable to these attacks despite its resilience prompted by the use of millimeter wave bands. Over the last decade, several types of jamming detection techniques have been proposed, including fuzzy logic, game theory, channel surfing, and time series. Most of these techniques are inefficient in detecting smart jammers. Thus, there is a great need for efficient and fast jamming detection techniques with high accuracy. In this paper, we compare the efficiency of several machine learning models in detecting jamming signals. We investigated the types of signal features that identify jamming signals, and generated a large dataset using these parameters. Using this dataset, the machine learning algorithms were trained, evaluated, and tested. These algorithms are random forest, support vector machine, and neural network. The performance of these algorithms was evaluated and compared using the probability of detection, probability of false alarm, probability of miss detection, and accuracy. The simulation results show that jamming detection based random forest algorithm can detect jammers with a high accuracy, high detection probability and low probability of false alarm.
Injadat, M., Moubayed, A., Shami, A..  2020.  Detecting Botnet Attacks in IoT Environments: An Optimized Machine Learning Approach. 2020 32nd International Conference on Microelectronics (ICM). :1—4.

The increased reliance on the Internet and the corresponding surge in connectivity demand has led to a significant growth in Internet-of-Things (IoT) devices. The continued deployment of IoT devices has in turn led to an increase in network attacks due to the larger number of potential attack surfaces as illustrated by the recent reports that IoT malware attacks increased by 215.7% from 10.3 million in 2017 to 32.7 million in 2018. This illustrates the increased vulnerability and susceptibility of IoT devices and networks. Therefore, there is a need for proper effective and efficient attack detection and mitigation techniques in such environments. Machine learning (ML) has emerged as one potential solution due to the abundance of data generated and available for IoT devices and networks. Hence, they have significant potential to be adopted for intrusion detection for IoT environments. To that end, this paper proposes an optimized ML-based framework consisting of a combination of Bayesian optimization Gaussian Process (BO-GP) algorithm and decision tree (DT) classification model to detect attacks on IoT devices in an effective and efficient manner. The performance of the proposed framework is evaluated using the Bot-IoT-2018 dataset. Experimental results show that the proposed optimized framework has a high detection accuracy, precision, recall, and F-score, highlighting its effectiveness and robustness for the detection of botnet attacks in IoT environments.

Iorga, Denis, Corlătescu, Dragos, Grigorescu, Octavian, Săndescu, Cristian, Dascălu, Mihai, Rughiniş, Razvan.  2020.  Early Detection of Vulnerabilities from News Websites using Machine Learning Models. 2020 19th RoEduNet Conference: Networking in Education and Research (RoEduNet). :1–6.
The drawbacks of traditional methods of cybernetic vulnerability detection relate to the required time to identify new threats, to register them in the Common Vulnerabilities and Exposures (CVE) records, and to score them with the Common Vulnerabilities Scoring System (CVSS). These problems can be mitigated by early vulnerability detection systems relying on social media and open-source data. This paper presents a model that aims to identify emerging cybernetic vulnerabilities in cybersecurity news articles, as part of a system for automatic detection of early cybernetic threats using Open Source Intelligence (OSINT). Three machine learning models were trained on a novel dataset of 1000 labeled news articles to create a strong baseline for classifying cybersecurity articles as relevant (i.e., introducing new security threats), or irrelevant: Support Vector Machines, a Multinomial Naïve Bayes classifier, and a finetuned BERT model. The BERT model obtained the best performance with a mean accuracy of 88.45% on the test dataset. Our experiments support the conclusion that Natural Language Processing (NLP) models are an appropriate choice for early vulnerability detection systems in order to extract relevant information from cybersecurity news articles.
Kushal, T. R. B., Gao, Z., Wang, J., Illindala, M. S..  2020.  Causal Chain of Time Delay Attack on Synchronous Generator Control. 2020 IEEE Power Energy Society General Meeting (PESGM). :1—5.

Wide integration of information and communication technology (ICT) in modern power grids has brought many benefits as well as the risk of cyber attacks. A critical step towards defending grid cyber security is to understand the cyber-physical causal chain, which describes the progression of intrusion in cyber-space leading to the formation of consequences on the physical power grid. In this paper, we develop an attack vector for a time delay attack at load frequency control in the power grid. Distinct from existing works, which are separately focused on cyber intrusion, grid response, or testbed validation, the proposed attack vector for the first time provides a full cyber-physical causal chain. It targets specific vulnerabilities in the protocols, performs a denial-of-service (DoS) attack, induces the delays in control loop, and destabilizes grid frequency. The proposed attack vector is proved in theory, presented as an attack tree, and validated in an experimental environment. The results will provide valuable insights to develop security measures and robust controls against time delay attacks.

Enkhtaivan, B., Inoue, A..  2020.  Mediating Data Trustworthiness by Using Trusted Hardware between IoT Devices and Blockchain. 2020 IEEE International Conference on Smart Internet of Things (SmartIoT). :314–318.
In recent years, with the progress of data analysis methods utilizing artificial intelligence (AI) technology, concepts of smart cities collecting data from IoT devices and creating values by analyzing it have been proposed. However, making sure that the data is not tampered with is of the utmost importance. One way to do this is to utilize blockchain technology to record and trace the history of the data. Park and Kim proposed ensuring the trustworthiness of the data by utilizing an IoT device with a trusted execution environment (TEE). Also, Guan et al. proposed authenticating an IoT device and mediating data using a TEE. For the authentication, they use the physically unclonable function of the IoT device. Usually, IoT devices suffer from the lack of resources necessary for creating transactions for the blockchain ledger. In this paper, we present a secure protocol in which a TEE acts as a proxy to the IoT devices and creates the necessary transactions for the blockchain. We use an authenticated encryption method on the data transmission between the IoT device and TEE to authenticate the device and ensure the integrity and confidentiality of the data generated by the IoT devices.