Visible to the public Biblio

Found 3631 results

Filters: First Letter Of Last Name is S  [Clear All Filters]
A B C D E F G H I J K L M N O P Q R [S] T U V W X Y Z   [Show ALL]
Z
Zhang, Feng, Zhai, Jidong, Shen, Xipeng, Mutlu, Onur, Chen, Wenguang.  2018.  Zwift: A Programming Framework for High Performance Text Analytics on Compressed Data. Proceedings of the 2018 International Conference on Supercomputing. :195-206.
Today's rapidly growing document volumes pose pressing challenges to modern document analytics frameworks, in both space usage and processing time. Recently, a promising method, called text analytics directly on compressed data (TADOC), was proposed for improving both the time and space efficiency of text analytics. The main idea of the technique is to enable direct document analytics on compressed data. This paper focuses on the programming challenges for developing efficient TADOC programs. It presents Zwift, the first programming framework for TADOC, which consists of a Domain Specific Language, a compiler and runtime, and a utility library. Experiments show that Zwift significantly improves programming productivity, while effectively unleashing the power of TADOC, producing code that reduces storage usage by 90.8% and execution time by 41.0% on six text analytics problems.
Chen, Pin-Yu, Zhang, Huan, Sharma, Yash, Yi, Jinfeng, Hsieh, Cho-Jui.  2017.  ZOO: Zeroth Order Optimization Based Black-box Attacks to Deep Neural Networks Without Training Substitute Models. Proceedings of the 10th ACM Workshop on Artificial Intelligence and Security. :15–26.
Deep neural networks (DNNs) are one of the most prominent technologies of our time, as they achieve state-of-the-art performance in many machine learning tasks, including but not limited to image classification, text mining, and speech processing. However, recent research on DNNs has indicated ever-increasing concern on the robustness to adversarial examples, especially for security-critical tasks such as traffic sign identification for autonomous driving. Studies have unveiled the vulnerability of a well-trained DNN by demonstrating the ability of generating barely noticeable (to both human and machines) adversarial images that lead to misclassification. Furthermore, researchers have shown that these adversarial images are highly transferable by simply training and attacking a substitute model built upon the target model, known as a black-box attack to DNNs. Similar to the setting of training substitute models, in this paper we propose an effective black-box attack that also only has access to the input (images) and the output (confidence scores) of a targeted DNN. However, different from leveraging attack transferability from substitute models, we propose zeroth order optimization (ZOO) based attacks to directly estimate the gradients of the targeted DNN for generating adversarial examples. We use zeroth order stochastic coordinate descent along with dimension reduction, hierarchical attack and importance sampling techniques to efficiently attack black-box models. By exploiting zeroth order optimization, improved attacks to the targeted DNN can be accomplished, sparing the need for training substitute models and avoiding the loss in attack transferability. Experimental results on MNIST, CIFAR10 and ImageNet show that the proposed ZOO attack is as effective as the state-of-the-art white-box attack (e.g., Carlini and Wagner's attack) and significantly outperforms existing black-box attacks via substitute models.
Tang, R., Yang, Z., Li, Z., Meng, W., Wang, H., Li, Q., Sun, Y., Pei, D., Wei, T., Xu, Y. et al..  2020.  ZeroWall: Detecting Zero-Day Web Attacks through Encoder-Decoder Recurrent Neural Networks. IEEE INFOCOM 2020 - IEEE Conference on Computer Communications. :2479—2488.

Zero-day Web attacks are arguably the most serious threats to Web security, but are very challenging to detect because they are not seen or known previously and thus cannot be detected by widely-deployed signature-based Web Application Firewalls (WAFs). This paper proposes ZeroWall, an unsupervised approach, which works with an existing WAF in pipeline, to effectively detecting zero-day Web attacks. Using historical Web requests allowed by an existing signature-based WAF, a vast majority of which are assumed to be benign, ZeroWall trains a self-translation machine using an encoder-decoder recurrent neural network to capture the syntax and semantic patterns of benign requests. In real-time detection, a zero-day attack request (which the WAF fails to detect), not understood well by self-translation machine, cannot be translated back to its original request by the machine, thus is declared as an attack. In our evaluation using 8 real-world traces of 1.4 billion Web requests, ZeroWall successfully detects real zero-day attacks missed by existing WAFs and achieves high F1-scores over 0.98, which significantly outperforms all baseline approaches.

Samaniego, M., Deters, R..  2018.  Zero-Trust Hierarchical Management in IoT. 2018 IEEE International Congress on Internet of Things (ICIOT). :88-95.

Internet of Things (IoT) is experiencing exponential scalability. This scalability introduces new challenges regarding management of IoT networks. The question that emerges is how we can trust the constrained infrastructure that shortly is expected to be formed by millions of 'things.' The answer is not to trust. This research introduces Amatista, a blockchain-based middleware for management in IoT. Amatista presents a novel zero-trust hierarchical mining process that allows validating the infrastructure and transactions at different levels of trust. This research evaluates Amatista on Edison Arduino Boards.

Yang, Yang, Luo, Yadan, Chen, Weilun, Shen, Fumin, Shao, Jie, Shen, Heng Tao.  2016.  Zero-Shot Hashing via Transferring Supervised Knowledge. Proceedings of the 2016 ACM on Multimedia Conference. :1286–1295.

Hashing has shown its efficiency and effectiveness in facilitating large-scale multimedia applications. Supervised knowledge (\textbackslashemph\e.g.\, semantic labels or pair-wise relationship) associated to data is capable of significantly improving the quality of hash codes and hash functions. However, confronted with the rapid growth of newly-emerging concepts and multimedia data on the Web, existing supervised hashing approaches may easily suffer from the scarcity and validity of supervised information due to the expensive cost of manual labelling. In this paper, we propose a novel hashing scheme, termed \textbackslashemph\zero-shot hashing\ (ZSH), which compresses images of "unseen" categories to binary codes with hash functions learned from limited training data of "seen" categories. Specifically, we project independent data labels (i.e., 0/1-form label vectors) into semantic embedding space, where semantic relationships among all the labels can be precisely characterized and thus seen supervised knowledge can be transferred to unseen classes. Moreover, in order to cope with the semantic shift problem, we rotate the embedded space to more suitably align the embedded semantics with the low-level visual feature space, thereby alleviating the influence of semantic gap. In the meantime, to exert positive effects on learning high-quality hash functions, we further propose to preserve local structural property and discrete nature in binary codes. Besides, we develop an efficient alternating algorithm to solve the ZSH model. Extensive experiments conducted on various real-life datasets show the superior zero-shot image retrieval performance of ZSH as compared to several state-of-the-art hashing methods.

Kumar, S., Singh, C. Bhim Bhan.  2018.  A Zero-Day Resistant Malware Detection Method for Securing Cloud Using SVM and Sandboxing Techniques. 2018 Second International Conference on Inventive Communication and Computational Technologies (ICICCT). :1397–1402.

Cloud nowaday has become the backbone of the IT infrastructure. Whole of the infrastructure is now being shifted to the clouds, and as the cloud involves all of the networking schemes and the OS images, it inherits all of the vulnerabilities too. And hence securing them is one of our very prior concerns. Malwares are one of the many other problems that have ever growing and hence need to be eradicated from the system. The history of mal wares go long back in time since the advent of computers and hence a lot of techniques has also been already devised to tackle with the problem in some or other way. But most of them fall short in some or other way or are just too heavy to execute on a simple user machine. Our approach devises a 3 - phase exhaustive technique which confirms the detection of any kind of malwares from the host. It also works for the zero-day attacks that are really difficult to cover most times and can be of really high-risk at times. We have thought of a solution to keep the things light weight for the user.

Pallaprolu, S. C., Sankineni, R., Thevar, M., Karabatis, G., Wang, J..  2017.  Zero-Day Attack Identification in Streaming Data Using Semantics and Spark. 2017 IEEE International Congress on Big Data (BigData Congress). :121–128.

Intrusion Detection Systems (IDS) have been in existence for many years now, but they fall short in efficiently detecting zero-day attacks. This paper presents an organic combination of Semantic Link Networks (SLN) and dynamic semantic graph generation for the on the fly discovery of zero-day attacks using the Spark Streaming platform for parallel detection. In addition, a minimum redundancy maximum relevance (MRMR) feature selection algorithm is deployed to determine the most discriminating features of the dataset. Compared to previous studies on zero-day attack identification, the described method yields better results due to the semantic learning and reasoning on top of the training data and due to the use of collaborative classification methods. We also verified the scalability of our method in a distributed environment.

Al-Rushdan, Huthifh, Shurman, Mohammad, Alnabelsi, Sharhabeel H., Althebyan, Qutaibah.  2019.  Zero-Day Attack Detection and Prevention in Software-Defined Networks. 2019 International Arab Conference on Information Technology (ACIT). :278–282.
The zero-day attack in networks exploits an undiscovered vulnerability, in order to affect/damage networks or programs. The term “zero-day” refers to the number of days available to the software or the hardware vendor to issue a patch for this new vulnerability. Currently, the best-known defense mechanism against the zero-day attacks focuses on detection and response, as a prevention effort, which typically fails against unknown or new vulnerabilities. To the best of our knowledge, this attack has not been widely investigated for Software-Defined Networks (SDNs). Therefore, in this work we are motivated to develop anew zero-day attack detection and prevention mechanism, which is designed and implemented for SDN using a modified sandbox tool, named Cuckoo. Our experiments results, under UNIX system, show that our proposed design successfully stops zero-day malwares by isolating the infected client, and thus, prevents these malwares from infesting other clients.
Guha, Krishnendu, Saha, Debasri, Chakrabarti, Amlan.  2019.  Zero Knowledge Authentication for Reuse of IPs in Reconfigurable Platforms. TENCON 2019 - 2019 IEEE Region 10 Conference (TENCON). :2040–2045.
A key challenge of the embedded era is to ensure trust in reuse of intellectual properties (IPs), which facilitates reduction of design cost and meeting of stringent marketing deadlines. Determining source of the IPs or their authenticity is a key metric to facilitate safe reuse of IPs. Though physical unclonable functions solves this problem for application specific integrated circuit (ASIC) IPs, authentication strategies for reconfigurable IPs (RIPs) or IPs of reconfigurable hardware platforms like field programmable gate arrays (FPGAs) are still in their infancy. Existing authentication techniques for RIPs that relies on verification of proof of authentication (PoA) mark embedded in the RIP by the RIP producers, leak useful clues about the PoA mark. This results in replication and implantation of the PoA mark in fake RIPs. This not only causes loss to authorized second hand RIP users, but also poses risk to the reputation of the RIP producers. We propose a zero knowledge authentication strategy for safe reusing of RIPs. The PoA of an RIP producer is kept secret and verification is carried out based on traversal times from the initial point to several intermediate points of the embedded PoA when the RIPs configure an FPGA. Such delays are user specific and cannot be replicated as these depend on intrinsic properties of the base semiconductor material of the FPGA, which is unique and never same as that of another FPGA. Experimental results validate our proposed mechanism. High strength even for low overhead ISCAS benchmarks, considered as PoA for experimentation depict the prospects of our proposed methodology.
Shrestha, Babins, Mohamed, Manar, Saxena, Nitesh.  2019.  ZEMFA: Zero-Effort Multi-Factor Authentication based on Multi-Modal Gait Biometrics. 2019 17th International Conference on Privacy, Security and Trust (PST). :1–10.
In this paper, we consider the problem of transparently authenticating a user to a local terminal (e.g., a desktop computer) as she approaches towards the terminal. Given its appealing usability, such zero-effort authentication has already been deployed in the real-world where a computer terminal or a vehicle can be unlocked by the mere proximity of an authentication token (e.g., a smartphone). However, existing systems based on a single authentication factor contains one major security weakness - unauthorized physical access to the token, e.g., during lunch-time or upon theft, allows the attacker to have unfettered access to the terminal. We introduce ZEMFA, a zero-effort multi-factor authentication system based on multiple authentication tokens and multi-modal behavioral biometrics. Specifically, ZEMFA utilizes two types of authentication tokens, a smartphone and a smartwatch (or a bracelet) and two types of gait patterns captured by these tokens, mid/lower body movements measured by the phone and wrist/arm movements captured by the watch. Since a user's walking or gait pattern is believed to be unique, only that user (no impostor) would be able to gain access to the terminal even when the impostor is given access to both of the authentication tokens. We present the design and implementation of ZEMFA. We demonstrate that ZEMFA offers a high degree of detection accuracy, based on multi-sensor and multi-device fusion. We also show that ZEMFA can resist active attacks that attempt to mimic a user's walking pattern, especially when multiple devices are used.
Y
Zhang, Yiming, Fan, Yujie, Song, Wei, Hou, Shifu, Ye, Yanfang, Li, Xin, Zhao, Liang, Shi, Chuan, Wang, Jiabin, Xiong, Qi.  2019.  Your Style Your Identity: Leveraging Writing and Photography Styles for Drug Trafficker Identification in Darknet Markets over Attributed Heterogeneous Information Network. The World Wide Web Conference. :3448–3454.
Due to its anonymity, there has been a dramatic growth of underground drug markets hosted in the darknet (e.g., Dream Market and Valhalla). To combat drug trafficking (a.k.a. illicit drug trading) in the cyberspace, there is an urgent need for automatic analysis of participants in darknet markets. However, one of the key challenges is that drug traffickers (i.e., vendors) may maintain multiple accounts across different markets or within the same market. To address this issue, in this paper, we propose and develop an intelligent system named uStyle-uID leveraging both writing and photography styles for drug trafficker identification at the first attempt. At the core of uStyle-uID is an attributed heterogeneous information network (AHIN) which elegantly integrates both writing and photography styles along with the text and photo contents, as well as other supporting attributes (i.e., trafficker and drug information) and various kinds of relations. Built on the constructed AHIN, to efficiently measure the relatedness over nodes (i.e., traffickers) in the constructed AHIN, we propose a new network embedding model Vendor2Vec to learn the low-dimensional representations for the nodes in AHIN, which leverages complementary attribute information attached in the nodes to guide the meta-path based random walk for path instances sampling. After that, we devise a learning model named vIdentifier to classify if a given pair of traffickers are the same individual. Comprehensive experiments on the data collections from four different darknet markets are conducted to validate the effectiveness of uStyle-uID which integrates our proposed method in drug trafficker identification by comparisons with alternative approaches.
X
Sani, Abubakar Sadiq, Yuan, Dong, Bao, Wei, Yeoh, Phee Lep, Dong, Zhao Yang, Vucetic, Branka, Bertino, Elisa.  2019.  Xyreum: A High-Performance and Scalable Blockchain for IIoT Security and Privacy. 2019 IEEE 39th International Conference on Distributed Computing Systems (ICDCS). :1920–1930.
As cyber attacks to Industrial Internet of Things (IIoT) remain a major challenge, blockchain has emerged as a promising technology for IIoT security due to its decentralization and immutability characteristics. Existing blockchain designs, however, introduce high computational complexity and latency challenges which are unsuitable for IIoT. This paper proposes Xyreum, a new high-performance and scalable blockchain for enhanced IIoT security and privacy. Xyreum uses a Time-based Zero-Knowledge Proof of Knowledge (T-ZKPK) with authenticated encryption to perform Mutual Multi-Factor Authentication (MMFA). T-ZKPK properties are also used to support Key Establishment (KE) for securing transactions. Our approach for reaching consensus, which is a blockchain group decision-making process, is based on lightweight cryptographic algorithms. We evaluate our scheme with respect to security, privacy, and performance, and the results show that, compared with existing relevant blockchain solutions, our scheme is secure, privacy-preserving, and achieves a significant decrease in computation complexity and latency performance with high scalability. Furthermore, we explain how to use our scheme to strengthen the security of the REMME protocol, a blockchain-based security protocol deployed in several application domains.
Gupta, M. K., Govil, M. C., Singh, G., Sharma, P..  2015.  XSSDM: Towards detection and mitigation of cross-site scripting vulnerabilities in web applications. 2015 International Conference on Advances in Computing, Communications and Informatics (ICACCI). :2010–2015.

With the growth of the Internet, web applications are becoming very popular in the user communities. However, the presence of security vulnerabilities in the source code of these applications is raising cyber crime rate rapidly. It is required to detect and mitigate these vulnerabilities before their exploitation in the execution environment. Recently, Open Web Application Security Project (OWASP) and Common Vulnerabilities and Exposures (CWE) reported Cross-Site Scripting (XSS) as one of the most serious vulnerabilities in the web applications. Though many vulnerability detection approaches have been proposed in the past, existing detection approaches have the limitations in terms of false positive and false negative results. This paper proposes a context-sensitive approach based on static taint analysis and pattern matching techniques to detect and mitigate the XSS vulnerabilities in the source code of web applications. The proposed approach has been implemented in a prototype tool and evaluated on a public data set of 9408 samples. Experimental results show that proposed approach based tool outperforms over existing popular open source tools in the detection of XSS vulnerabilities.

Habibi, G., Surantha, N..  2020.  XSS Attack Detection With Machine Learning and n-Gram Methods. 2020 International Conference on Information Management and Technology (ICIMTech). :516–520.

Cross-Site Scripting (XSS) is an attack most often carried out by attackers to attack a website by inserting malicious scripts into a website. This attack will take the user to a webpage that has been specifically designed to retrieve user sessions and cookies. Nearly 68% of websites are vulnerable to XSS attacks. In this study, the authors conducted a study by evaluating several machine learning methods, namely Support Vector Machine (SVM), K-Nearest Neighbour (KNN), and Naïve Bayes (NB). The machine learning algorithm is then equipped with the n-gram method to each script feature to improve the detection performance of XSS attacks. The simulation results show that the SVM and n-gram method achieves the highest accuracy with 98%.

Raza, Ali, Zaki, Yasir, Pötsch, Thomas, Chen, Jay, Subramanian, Lakshmi.  2017.  xCache: Rethinking Edge Caching for Developing Regions. Proceedings of the Ninth International Conference on Information and Communication Technologies and Development. :5:1–5:11.

End-users in emerging markets experience poor web performance due to a combination of three factors: high server response time, limited edge bandwidth and the complexity of web pages. The absence of cloud infrastructure in developing regions and the limited bandwidth experienced by edge nodes constrain the effectiveness of conventional caching solutions for these contexts. This paper describes the design, implementation and deployment of xCache, a cloud-managed Internet caching architecture that aims to proactively profile popular web pages and maintain the liveness of popular content at software defined edge caches to enhance the cache hit rate with minimal bandwidth overhead. xCache uses a Cloud Controller that continuously analyzes active cloud-managed web pages and derives an object-group representation of web pages based on the objects of a page. Using this object-group representation, xCache computes a bandwidth-aware utility measure to derive the most valuable configuration for each edge cache. Our preliminary real-world deployment across university campuses in three developing regions demonstrates its potential compared to conventional caching by improving cache hit rates by about 15%. Our evaluations of xCache have also shown that it can be applied in conjunction with other web optimizations solutions like Shandian, and can improve page load times by more than 50%.

Jeong, Junho, Son, Yunsik, Oh, Seman.  2017.  The X86/64 Binary Code to Smart Intermediate Language Translation for Software Weakness. Proceedings of the International Conference on Advances in Image Processing. :129–134.

Today, the proportion of software in society as a whole is steadily increasing. In addition to size of software increasing, the number of cases dealing with personal information is also increasing. This shows the importance of weekly software security verification. However, software security is very difficult in cases where libraries do not have source code. To solve this problem, it is necessary to develop a technique for checking existing binary security weaknesses. To this end, techniques for analyzing security weaknesses using intermediate languages are actively being discussed. In this paper, we propose a system that translate binary code to intermediate language to effectively analyze existing security weaknesses within binary code.

Khanuja, H., Suratkar, S.S..  2014.  #x201C;Role of metadata in forensic analysis of database attacks #x201C;. Advance Computing Conference (IACC), 2014 IEEE International. :457-462.

With the spectacular increase in online activities like e-transactions, security and privacy issues are at the peak with respect to their significance. Large numbers of database security breaches are occurring at a very high rate on daily basis. So, there is a crucial need in the field of database forensics to make several redundant copies of sensitive data found in database server artifacts, audit logs, cache, table storage etc. for analysis purposes. Large volume of metadata is available in database infrastructure for investigation purposes but most of the effort lies in the retrieval and analysis of that information from computing systems. Thus, in this paper we mainly focus on the significance of metadata in database forensics. We proposed a system here to perform forensics analysis of database by generating its metadata file independent of the DBMS system used. We also aim to generate the digital evidence against criminals for presenting it in the court of law in the form of who, when, why, what, how and where did the fraudulent transaction occur. Thus, we are presenting a system to detect major database attacks as well as anti-forensics attacks by developing an open source database forensics tool. Eventually, we are pointing out the challenges in the field of forensics and how these challenges can be used as opportunities to stimulate the areas of database forensics.

Moukarzel, M., Eisenbarth, T., Sunar, B..  2017.  \#x03BC;Leech: A Side-Channel Evaluation Platform for IoT. 2017 IEEE 60th International Midwest Symposium on Circuits and Systems (MWSCAS). :25–28.

We propose $μ$Leech, a new embedded trusted platform module for next generation power scavenging devices. Such power scavenging devices are already widely deployed. For instance, the Square point-of-sale reader uses the microphone/speaker interface of a smartphone for communications and as power supply. While such devices are used as trusted devices in security critical applications in the wild, they have not been properly evaluated yet. $μ$Leech can securely store keys and provide cryptographic services to any connected smart phone. Our design also facilitates physical security analysis by providing interfaces to facilitate acquisition of power traces and clock manipulation attacks. Thus $μ$Leech empowers security researchers to analyze leakage in next generation embedded and IoT devices and to evaluate countermeasures before deployment.

Schürmann, D., Zengen, G. V., Priedigkeit, M., Wolf, L..  2017.  \#x003BC;DTNSec: A Security Layer for Disruption-Tolerant Networks on Microcontrollers. 2017 16th Annual Mediterranean Ad Hoc Networking Workshop (Med-Hoc-Net). :1–7.

We introduce $μ$DTNSec, the first fully-implemented security layer for Delay/Disruption-Tolerant Networks (DTN) on microcontrollers. It provides protection against eavesdropping and Man-in-the-Middle attacks that are especially easy in these networks. Following the Store-Carry-Forward principle of DTNs, an attacker can simply place itself on the route between source and destination. Our design consists of asymmetric encryption and signatures with Elliptic Curve Cryptography and hardware-backed symmetric encryption with the Advanced Encryption Standard. $μ$DTNSec has been fully implemented as an extension to $μ$DTN on Contiki OS and is based on the Bundle Protocol specification. Our performance evaluation shows that the choice of the curve (secp128r1, secp192r1, secp256r1) dominates the influence of the payload size. We also provide energy measurements for all operations to show the feasibility of our security layer on energy-constrained devices.

W
Mheisn, Alaa, Shurman, Mohammad, Al-Ma’aytah, Abdallah.  2020.  WSNB: Wearable Sensors with Neural Networks Located in a Base Station for IoT Environment. 2020 7th International Conference on Internet of Things: Systems, Management and Security (IOTSMS). :1—4.
The Internet of Things (IoT) is a system paradigm that recently introduced, which includes different smart devices and applications, especially, in smart cities, e.g.; manufacturing, homes, and offices. To improve their awareness capabilities, it is attractive to add more sensors to their framework. In this paper, we propose adding a new sensor as a wearable sensor connected wirelessly with a neural network located on the base station (WSNB). WSNB enables the added sensor to refine their labels through active learning. The new sensors achieve an average accuracy of 93.81%, which is 4.5% higher than the existing method, removing human support and increasing the life cycle for the sensors by using neural network approach in the base station.
Sarkisyan, A., Debbiny, R., Nahapetian, A..  2015.  WristSnoop: Smartphone PINs prediction using smartwatch motion sensors. 2015 IEEE International Workshop on Information Forensics and Security (WIFS). :1–6.

Smartwatches, with motion sensors, are becoming a common utility for users. With the increasing popularity of practical wearable computers, and in particular smartwatches, the security risks linked with sensors on board these devices have yet to be fully explored. Recent research literature has demonstrated the capability of using a smartphone's own accelerometer and gyroscope to infer tap locations; this paper expands on this work to demonstrate a method for inferring smartphone PINs through the analysis of smartwatch motion sensors. This study determines the feasibility and accuracy of inferring user keystrokes on a smartphone through a smartwatch worn by the user. Specifically, we show that with malware accessing only the smartwatch's motion sensors, it is possible to recognize user activity and specific numeric keypad entries. In a controlled scenario, we achieve results no less than 41% and up to 92% accurate for PIN prediction within 5 guesses.

Shastri, Ashka, Joshi, Jignesh.  2016.  A Wormhole Attack in Mobile Ad-hoc Network: Detection and Prevention. Proceedings of the Second International Conference on Information and Communication Technology for Competitive Strategies. :31:1–31:4.
In Mobile Ad hoc Network (MANET) is a self-organizing session of communication between wireless mobile nodes build up dynamically regardless of any established infrastructure or central authority. In MANET each node behaves as a sender, receiver and router which are connected directly with one another if they are within the range of communication or else will depend on intermediate node if nodes are not in the vicinity of each other (hop-to-hop). MANET, by nature are very open, dynamic and distributed which make it more vulnerable to various attacks such as sinkhole, jamming, selective forwarding, wormhole, Sybil attack etc. thus acute security problems are faced more related to rigid network. A Wormhole attack is peculiar breed of attack, which cause a consequential breakdown in communication by impersonating legitimate nodes by malicious nodes across a wireless network. This attack can even collapse entire routing system of MANET by specifically targeting route establishment process. Confidentiality and Authenticity are arbitrated as any cryptographic primitives are not required to launch the attack. Emphasizing on wormhole attack attributes and their defending mechanisms for detection and prevention are discussed in this paper.
Shastri, Ashka, Joshi, Jignesh.  2016.  A Wormhole Attack in Mobile Ad-hoc Network: Detection and Prevention. Proceedings of the Second International Conference on Information and Communication Technology for Competitive Strategies. :31:1–31:4.

In Mobile Ad hoc Network (MANET) is a self-organizing session of communication between wireless mobile nodes build up dynamically regardless of any established infrastructure or central authority. In MANET each node behaves as a sender, receiver and router which are connected directly with one another if they are within the range of communication or else will depend on intermediate node if nodes are not in the vicinity of each other (hop-to-hop). MANET, by nature are very open, dynamic and distributed which make it more vulnerable to various attacks such as sinkhole, jamming, selective forwarding, wormhole, Sybil attack etc. thus acute security problems are faced more related to rigid network. A Wormhole attack is peculiar breed of attack, which cause a consequential breakdown in communication by impersonating legitimate nodes by malicious nodes across a wireless network. This attack can even collapse entire routing system of MANET by specifically targeting route establishment process. Confidentiality and Authenticity are arbitrated as any cryptographic primitives are not required to launch the attack. Emphasizing on wormhole attack attributes and their defending mechanisms for detection and prevention are discussed in this paper.

Gayathri, S, Seetharaman, R., Subramanian, L.Harihara, Premkumar, S., Viswanathan, S., Chandru, S..  2019.  Wormhole Attack Detection using Energy Model in MANETs. 2019 2nd International Conference on Power and Embedded Drive Control (ICPEDC). :264—268.
The mobile ad-hoc networks comprised of nodes that are communicated through dynamic request and also by static table driven technique. The dynamic route discovery in AODV routing creates an unsecure transmission as well as reception. The reason for insecurity is the route request is given to all the nodes in the network communication. The possibility of the intruder nodes are more in the case of dynamic route request. Wormhole attacks in MANETs are creating challenges in the field of network analysis. In this paper the wormhole scenario is realized using high power transmission. This is implemented using energy model of ns2 simulator. The Apptool simulator identifies the energy level of each node and track the node of high transmission power. The performance curves for throughput, node energy for different encrypted values, packet drop ratio, and end to end delay are plotted.
Ross Koppel, University of Pennsylvania, Sean W. Smith, Dartmouth College, Jim Blythe, University of Southern California, Vijay Kothari, Dartmouth College.  2015.  Workarounds to Computer Access in Healthcare Organizations: You Want My Password or a Dead Patient? Information Technology and Communications in Health.

Workarounds to computer access in healthcare are sufficiently common that they often go unnoticed. Clinicians focus on patient care, not cybersecurity. We argue and demonstrate that understanding workarounds to healthcare workers’ computer access requires not only analyses of computer rules, but also interviews and observations with clinicians. In addition, we illustrate the value of shadowing clinicians and conducing focus groups to understand their motivations and tradeoffs for circumvention. Ethnographic investigation of the medical workplace emerges as a critical method of research because in the inevitable conflict between even well-intended people versus the machines, it’s the people who are the more creative, flexible, and motivated. We conducted interviews and observations with hundreds of medical workers and with 19 cybersecurity experts, CIOs, CMIOs, CTO, and IT workers to obtain their perceptions of computer security. We also shadowed clinicians as they worked. We present dozens of ways workers ingeniously circumvent security rules. The clinicians we studied were not “black hat” hackers, but just professionals seeking to accomplish their work despite the security technologies and regulations.