# Biblio

Found 544 results

Filters: First Letter Of Last Name is Z  [Clear All Filters]
Z
.  2018.  2018 11th International Conference on IT Security Incident Management IT Forensics (IMF). :115-133.

To manage cybersecurity risks in practice, a simple yet effective method to assess suchs risks for individual systems is needed. With time-to-compromise (TTC), McQueen et al. (2005) introduced such a metric that measures the expected time that a system remains uncompromised given a specific threat landscape. Unlike other approaches that require complex system modeling to proceed, TTC combines simplicity with expressiveness and therefore has evolved into one of the most successful cybersecurity metrics in practice. We revisit TTC and identify several mathematical and methodological shortcomings which we address by embedding all aspects of the metric into the continuous domain and the possibility to incorporate information about vulnerability characteristics and other cyber threat intelligence into the model. We propose $\beta$-TTC, a formal extension of TTC which includes information from CVSS vectors as well as a continuous attacker skill based on a $\beta$-distribution. We show that our new metric (1) remains simple enough for practical use and (2) gives more realistic predictions than the original TTC by using data from a modern and productively used vulnerability database of a national CERT.

.  2018.  2018 11th International Conference on IT Security Incident Management IT Forensics (IMF). :115–133.

To manage cybersecurity risks in practice, a simple yet effective method to assess suchs risks for individual systems is needed. With time-to-compromise (TTC), McQueen et al. (2005) introduced such a metric that measures the expected time that a system remains uncompromised given a specific threat landscape. Unlike other approaches that require complex system modeling to proceed, TTC combines simplicity with expressiveness and therefore has evolved into one of the most successful cybersecurity metrics in practice. We revisit TTC and identify several mathematical and methodological shortcomings which we address by embedding all aspects of the metric into the continuous domain and the possibility to incorporate information about vulnerability characteristics and other cyber threat intelligence into the model. We propose β-TTC, a formal extension of TTC which includes information from CVSS vectors as well as a continuous attacker skill based on a β-distribution. We show that our new metric (1) remains simple enough for practical use and (2) gives more realistic predictions than the original TTC by using data from a modern and productively used vulnerability database of a national CERT.

.  2017.  Proceedings of the 12th International Conference on Availability, Reliability and Security. :55:1–55:7.

Besides its enormous benefits to the industry and community the Internet of Things (IoT) has introduced unique security challenges to its enablers and adopters. As the trend in cybersecurity threats continue to grow, it is likely to influence IoT deployments. Therefore it is eminent that besides strengthening the security of IoT systems we develop effective digital forensics techniques that when breaches occur we can track the sources of attacks and bring perpetrators to the due process with reliable digital evidence. The biggest challenge in this regard is the heterogeneous nature of devices in IoT systems and lack of unified standards. In this paper we investigate digital forensics from IoT perspectives. We argue that besides traditional digital forensics practices it is important to have application-specific forensics in place to ensure collection of evidence in context of specific IoT applications. We consider top three IoT applications and introduce a model which deals with not just traditional forensics but is applicable in digital as well as application-specific forensics process. We believe that the proposed model will enable collection, examination, analysis and reporting of forensically sound evidence in an IoT application-specific digital forensics investigation.

.  2014.  Transportation Electrification Asia-Pacific (ITEC Asia-Pacific), 2014 IEEE Conference and Expo. :1-5.

With the application and promotion of electric vehicles, vehicle security problems caused by actuator reliability have become increasingly prominent. Firstly, the paper analyses and sums motor failure modes and their effects of permanent magnet synchronous motor (PMSM) , which is commonly used on electric vehicles. And then design a hierarchical structure of the vehicle control strategies and the corresponding algorithms, and adjust based on the different failure modes. Finally conduct simulation conditions in CarSim environment. Verify the control strategy and algorithm can maintain vehicle stability and reduce the burden on driver under motor failure conditions.

.  2015.  Dependable and Secure Computing, IEEE Transactions on. 12:31-44.

Smart grid is a cyber-physical system that integrates power infrastructures with information technologies. To facilitate efficient information exchange, wireless networks have been proposed to be widely used in the smart grid. However, the jamming attack that constantly broadcasts radio interference is a primary security threat to prevent the deployment of wireless networks in the smart grid. Hence, spread spectrum systems, which provide jamming resilience via multiple frequency and code channels, must be adapted to the smart grid for secure wireless communications, while at the same time providing latency guarantee for control messages. An open question is how to minimize message delay for timely smart grid communication under any potential jamming attack. To address this issue, we provide a paradigm shift from the case-by-case methodology, which is widely used in existing works to investigate well-adopted attack models, to the worst-case methodology, which offers delay performance guarantee for smart grid applications under any attack. We first define a generic jamming process that characterizes a wide range of existing attack models. Then, we show that in all strategies under the generic process, the worst-case message delay is a U-shaped function of network traffic load. This indicates that, interestingly, increasing a fair amount of traffic can in fact improve the worst-case delay performance. As a result, we demonstrate a lightweight yet promising system, transmitting adaptive camouflage traffic (TACT), to combat jamming attacks. TACT minimizes the message delay by generating extra traffic called camouflage to balance the network load at the optimum. Experiments show that TACT can decrease the probability that a message is not delivered on time in order of magnitude.

.  2014.  INFOCOM, 2014 Proceedings IEEE. :1501-1509.

A botnet in mobile networks is a collection of compromised nodes due to mobile malware, which are able to perform coordinated attacks. Different from Internet botnets, mobile botnets do not need to propagate using centralized infrastructures, but can keep compromising vulnerable nodes in close proximity and evolving organically via data forwarding. Such a distributed mechanism relies heavily on node mobility as well as wireless links, therefore breaks down the underlying premise in existing epidemic modeling for Internet botnets. In this paper, we adopt a stochastic approach to study the evolution and impact of mobile botnets. We find that node mobility can be a trigger to botnet propagation storms: the average size (i.e., number of compromised nodes) of a botnet increases quadratically over time if the mobility range that each node can reach exceeds a threshold; otherwise, the botnet can only contaminate a limited number of nodes with average size always bounded above. This also reveals that mobile botnets can propagate at the fastest rate of quadratic growth in size, which is substantially slower than the exponential growth of Internet botnets. To measure the denial-of-service impact of a mobile botnet, we define a new metric, called last chipper time, which is the last time that service requests, even partially, can still be processed on time as the botnet keeps propagating and launching attacks. The last chipper time is identified to decrease at most on the order of 1/√B, where B is the network bandwidth. This result reveals that although increasing network bandwidth can help with mobile services; at the same time, it can indeed escalate the risk for services being disrupted by mobile botnets.

.  2014.  Computers, IEEE Transactions on. 63:1580-1593.

Wireless security has been an active research area since the last decade. A lot of studies of wireless security use cryptographic tools, but traditional cryptographic tools are normally based on computational assumptions, which may turn out to be invalid in the future. Consequently, it is very desirable to build cryptographic tools that do not rely on computational assumptions. In this paper, we focus on a crucial cryptographic tool, namely 1-out-of-2 oblivious transfer. This tool plays a central role in cryptography because we can build a cryptographic protocol for any polynomial-time computable function using this tool. We present a novel 1-out-of-2 oblivious transfer protocol based on wireless channel characteristics, which does not rely on any computational assumption. We also illustrate the potential broad applications of this protocol by giving two applications, one on private communications and the other on privacy preserving password verification. We have fully implemented this protocol on wireless devices and conducted experiments in real environments to evaluate the protocol. Our experimental results demonstrate that it has reasonable efficiency.

.  2019.  2019 International Conference on Computer, Information and Telecommunication Systems (CITS). :1–5.
Encryption schemes for network security usually require a key distribution center to share or distribute the secret keys, which is difficult to deploy in wireless networks without fixed infrastructure. A novel key generation scheme based on the physical layer can generate a shared key between a pair of correlated parties by sharing random sources. The existing physical layer key generation scheme is based on the half-duplex mode with time division duplex (TDD) mode, which makes it impossible for the correlated communication parties to detect the channel simultaneously in order to improve the channel coherence. In this paper, we propose a full-duplex physical layer key generation scheme, which allows each legal communication nodes to transmit and receive signals at the same time, in order to reduce channel probing time and increase channel coherence performance. The simulation experiments show that the proposed scheme can much outperform some typical existing schemes in terms of the key performance evaluation indicators, key disagreement rate, key generation rate, entropy of the scheme improved, and the randomness of generated keys passed the National Institute of Standards and Technology (NIST) test.
.  2019.  2019 International Conference on Information Networking (ICOIN). :1–6.
More and more industrial devices are expected to connect to the internet seamlessly. IPv6-based industrial wireless network can solve the address resources limitation problem. It is a challenge about how to ensure the wireless node join security after introducing the IPv6. In this paper, we propose a multiple nodes join mechanism, which includes a timeslot allocation method and secure join process for the IPv6 over IEEE 802.15.4e network. The timeslot allocation method is designed in order to configure communication resources in the join process for the new nodes. The test platform is implemented to verify the feasibility of the mechanism. The result shows that the proposed mechanism can reduce the communication cost for multiple nodes join process and improve the efficiency.
.  2018.  Proceedings of the 2Nd International Conference on Computer Science and Application Engineering. :151:1-151:5.

As a valuable source of information, Word Of Mouth1 has always been valued by consumers and business marketers. The Internet provides a new medium for Word Of Mouth communication. Consumers share their views and comments on products, services, brands and enterprises through online platforms, thus forming Internet Word Of Mouth, which will be of great importance to B2C enterprises. However, disturbing and even false information as well as uncertainties and risks existing in the online communication environment lead to the crisis of online trust. Accordingly, this study constructs a trust mechanism model of Internet Word Of Mouth effect, which shows that the professionalism of communicators, online relationship strength, communication channels, and product involvement are key factors significantly affecting the Word Of Mouth effect. This model can provide theoretical guidance in the word-of-mouth marketing and the operation of B2C e-commerce enterprises.

.  2017.  2017 IEEE Conference on Dependable and Secure Computing. :493–500.

Peer-to-peer (P2P) botnets have become one of the major threats in network security for serving as the infrastructure that responsible for various of cyber-crimes. Though a few existing work claimed to detect traditional botnets effectively, the problem of detecting P2P botnets involves more challenges. In this paper, we present PeerHunter, a community behavior analysis based method, which is capable of detecting botnets that communicate via a P2P structure. PeerHunter starts from a P2P hosts detection component. Then, it uses mutual contacts as the main feature to cluster bots into communities. Finally, it uses community behavior analysis to detect potential botnet communities and further identify bot candidates. Through extensive experiments with real and simulated network traces, PeerHunter can achieve very high detection rate and low false positives.

.  2016.  Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. :767–778.

Malware detection increasingly relies on machine learning techniques, which utilize multiple features to separate the malware from the benign apps. The effectiveness of these techniques primarily depends on the manual feature engineering process, based on human knowledge and intuition. However, given the adversaries' efforts to evade detection and the growing volume of publications on malware behaviors, the feature engineering process likely draws from a fraction of the relevant knowledge. We propose an end-to-end approach for automatic feature engineering. We describe techniques for mining documents written in natural language (e.g. scientific papers) and for representing and querying the knowledge about malware in a way that mirrors the human feature engineering process. Specifically, we first identify abstract behaviors that are associated with malware, and then we map these behaviors to concrete features that can be tested experimentally. We implement these ideas in a system called FeatureSmith, which generates a feature set for detecting Android malware. We train a classifier using these features on a large data set of benign and malicious apps. This classifier achieves a 92.5% true positive rate with only 1% false positives, which is comparable to the performance of a state-of-the-art Android malware detector that relies on manually engineered features. In addition, FeatureSmith is able to suggest informative features that are absent from the manually engineered set and to link the features generated to abstract concepts that describe malware behaviors.

Zhu, Ziming.  2019.  2019 International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob). :360–365.

This paper presents a novel game theoretic attack-defence decision making framework for cyber-physical system (CPS) security. Game theory is a powerful tool to analyse the interaction between the attacker and the defender in such scenarios. In the formulation of games, participants are usually assumed to be rational. They will always choose the action to pursuit maximum payoff according to the knowledge of the strategic situation they are in. However, in reality the capacity of rationality is often bounded by the level of intelligence, computational resources and the amount of available information. This paper formulates the concept of bounded rationality into the decision making process, in order to optimise the defender's strategy considering that the defender and the attacker have incomplete information of each other and limited computational capacity. Under the proposed framework, the defender can often benefit from deviating from the minimax Nash Equilibrium strategy, the theoretically expected outcome of rational game playing. Numerical results are presented and discussed in order to demonstrate the proposed technique.

.  2020.  2020 7th IEEE International Conference on Cyber Security and Cloud Computing (CSCloud)/2020 6th IEEE International Conference on Edge Computing and Scalable Cloud (EdgeCom). :258—263.

At present, the on-site safety problems of substations and critical power equipment are mainly through inspection methods. Still, manual inspection is difficult, time-consuming, and uninterrupted inspection is not possible. The current safety management is mainly guaranteed by rules and regulations and standardized operating procedures. In the on-site environment, it is very dependent on manual execution and confirmation, and the requirements for safety supervision and operating personnel are relatively high. However, the reliability, the continuity of control and patrol cannot be fully guaranteed, and it is easy to cause security vulnerabilities and cause security accidents due to personnel slackness. In response to this shortcoming, this paper uses edge computing and image processing techniques to discover security risks in time and designs a deep convolution attention mechanism network to perform image processing. Then the network is cropped and compressed so that it can be processed at the edge, and the results are aggregated to the cloud for unified management. A comprehensive security assessment module is designed in the cloud to conduct an overall risk assessment of the results reported by all edges, and give an alarm prompt. The experimental results in the real environment show the effectiveness of this method.

.  2018.  2018 IEEE 18th International Conference on Communication Technology (ICCT). :870–874.
Comparing with the traditional Internet, the space-ground integration information network has more complicated topology, wider coverage area and is more difficult to find the source of attacks. In this paper, a cyber attack attribution framework is proposed to trace the attack source in space-ground integration information network. First, we constructs a cyber security knowledge graph for space-ground integration information network. An automated attributing framework for cyber-attack is proposed. It attributes the source of the attack by querying the cyber security knowledge graph we constructed. Experiments show that the proposed framework can attribute network attacks simply, effectively, and automatically.
.  2019.  2019 18th European Control Conference (ECC). :1760–1765.
In this paper, we propose and address the problem of supervisor obfuscation against actuator enablement attack, in a common setting where the actuator attacker can eavesdrop the control commands issued by the supervisor. We propose a method to obfuscate an (insecure) supervisor to make it resilient against actuator enablement attack in such a way that the behavior of the original closed-loop system is preserved. An additional feature of the obfuscated supervisor, if it exists, is that it has exactly the minimum number of states among the set of all the resilient and behavior-preserving supervisors. Our approach involves a simple combination of two basic ideas: 1) a formulation of the problem of computing behavior-preserving supervisors as the problem of computing separating finite state automata under controllability and observability constraints, which can be tackled by using SAT solvers, and 2) the use of a recently proposed technique for the verification of attackability in our setting, with a normality assumption imposed on both the actuator attackers and supervisors.
.  2018.  Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. :2324-2326.

Machine learning algorithms including Deep Neural Networks (DNNs) have shown great success in many different areas. However, they are frequently susceptible to adversarial examples, which are maliciously crafted inputs to fool machine learning classifiers. On the other hand, humans cannot distinguish between non-adversarial and adversarial inputs. In this work, we focus on creating adversarial examples to change the polarity of positive and negative reviews with Amazon product review dataset. We introduce a simple heuristics algorithm to construct adversarial product reviews by replacing words with semantically and synthetically similar synonyms. We evaluate our approach against the state-of-the-art CNN-BLSTM classifier. Our preliminary results show the performance drop of the classifier against the adversarial examples. We also present the defense mechanism using adversarial training.

.  2017.  Proceedings of the 25th ACM SIGSPATIAL International Conference on Advances in Geographic Information Systems. :68:1–68:4.

This paper is the first work to perform spatio-temporal mapping of human activity using the visual content of geo-tagged videos. We utilize a recent deep-learning based video analysis framework, termed hidden two-stream networks, to recognize a range of activities in YouTube videos. This framework is efficient and can run in real time or faster which is important for recognizing events as they occur in streaming video or for reducing latency in analyzing already captured video. This is, in turn, important for using video in smart-city applications. We perform a series of experiments to show our approach is able to map activities both spatially and temporally.

.  2019.  2019 IEEE International Conference on Services Computing (SCC). :90–99.

Today's extensive use of Internet creates huge volumes of data by users in both client and server sides. Normally users don't want to store all the data in local as well as keep archive in the server. For some unwanted data, such as trash, cache and private data, needs to be deleted periodically. Explicit deletion could be applied to the local data, while it is a troublesome job. But there is no transparency to users on the personal data stored in the server. Since we have no knowledge of whether they're cached, copied and archived by the third parties, or sold by the service provider. Our research seeks to provide an automatic data sanitization system to make data could be self-destructing. Specifically, we give data a life cycle, which would be erased automatically when at the end of its life, and the destroyed data cannot be recovered by any effort. In this paper, we present FlashGhost, which is a system that meets this challenge through a novel integration of cryptography techniques with the frequent colliding hash table. In this system, data will be unreadable and rendered unrecoverable by overwriting multiple times after its validity period has expired. Besides, the system reliability is enhanced by threshold cryptography. We also present a mathematical model and verify it by a number of experiments, which demonstrate theoretically and experimentally our system is practical to use and meet the data auto-sanitization goal described above.

.  2019.  2019 IEEE 43rd Annual Computer Software and Applications Conference (COMPSAC). 2:103–109.

With the advent of the big data era, information systems have exhibited some new features, including boundary obfuscation, system virtualization, unstructured and diversification of data types, and low coupling among function and data. These features not only lead to a big difference between big data technology (DT) and information technology (IT), but also promote the upgrading and evolution of network security technology. In response to these changes, in this paper we compare the characteristics between IT era and DT era, and then propose four DT security principles: privacy, integrity, traceability, and controllability, as well as active and dynamic defense strategy based on "propagation prediction, audit prediction, dynamic management and control". We further discuss the security challenges faced by DT and the corresponding assurance strategies. On this basis, the big data security technologies can be divided into four levels: elimination, continuation, improvement, and innovation. These technologies are analyzed, combed and explained according to six categories: access control, identification and authentication, data encryption, data privacy, intrusion prevention, security audit and disaster recovery. The results will support the evolution of security technologies in the DT era, the construction of big data platforms, the designation of security assurance strategies, and security technology choices suitable for big data.

.  2020.  2020 Joint Conference of the IEEE International Frequency Control Symposium and International Symposium on Applications of Ferroelectrics (IFCS-ISAF). :1–2.
This work reviews various methods which improve the effective coupling coefficient ( k2eff) of non-bulk acoustic wave (BAW) aluminum nitride (AlN) based RF MEMS resonators, mainly focusing on the innovative structural design of the resonators. k2eff is the key parameter for a resonator in communication applications because it measures the achievable fractional bandwidth of the filter constructed. The resonator's configuration, dimension, material stack and the fabrication process will all have impact on its k2eff. In this paper, the authors will review the efforts in improving the k2eff of piezoelectric MEMS resonators from research community in the past 15 years, mainly from the following three approaches: coupling lateral wave with vertical wave, exciting two-dimensional (2-D) lateral wave, as well as coupling 2-D lateral wave with vertical wave. The material will be limited to AlN family, which is proven to be manageable for manufacturing. The authors will also try to make recommendations to the effectiveness of various approaches and the path forward.
.  2016.  Proceedings of the 2016 ACM on International Workshop on Security And Privacy Analytics. :9–16.

Collaborative filtering plays an essential role in a recommender system, which recommends a list of items to a user by learning behavior patterns from user rating matrix. However, if an attacker has some auxiliary knowledge about a user purchase history, he/she can infer more information about this user. This brings great threats to user privacy. Some methods adopt differential privacy algorithms in collaborative filtering by adding noises to a rating matrix. Although they provide theoretically private results, the influence on recommendation accuracy are not discussed. In this paper, we solve the privacy problem in recommender system in a different way by applying the differential privacy method into the procedure of recommendation. We design two differentially private recommender algorithms with sampling, named Differentially Private Item Based Recommendation with sampling (DP-IR for short) and Differentially Private User Based Recommendation with sampling(DP-UR for short). Both algorithms are based on the exponential mechanism with a carefully designed quality function. Theoretical analyses on privacy of these algorithms are presented. We also investigate the accuracy of the proposed method and give theoretical results. Experiments are performed on real datasets to verify our methods.

.  2019.  The Journal of Engineering. 2019:6608–6611.
From the point of view of statistical signal processing, the dynamic range for one-bit quantisers with time-varying thresholds is studied. Maximum tolerable amplitudes, minimum detectable amplitudes and dynamic ranges of this one-bit sampling approach and uniform quantisers, such as N-bits analogue-to-digital converters (ADCs), are derived and simulated. The results reveal that like conventional ADCs, the dynamic ranges of one-bit sampling approach are linearly proportional to the Gaussian noise standard deviations, while one-bit sampling's dynamic ranges are lower than N-bits ADC under the same noise levels.
.  2017.  2017 International Conference on Cloud and Autonomic Computing (ICCAC). :69–79.

The Internet of Things (IoT) will connect not only computers and mobile devices, but it will also interconnect smart buildings, houses, and cities, as well as electrical grids, gas plants, and water networks, automobiles, airplanes, etc. IoT will lead to the development of a wide range of advanced information services that are pervasive, cost-effective, and can be accessed from anywhere and at any time. However, due to the exponential number of interconnected devices, cyber-security in the IoT is a major challenge. It heavily relies on the digital identity concept to build security mechanisms such as authentication and authorization. Current centralized identity management systems are built around third party identity providers, which raise privacy concerns and present a single point of failure. In addition, IoT unconventional characteristics such as scalability, heterogeneity and mobility require new identity management systems to operate in distributed and trustless environments, and uniquely identify a particular device based on its intrinsic digital properties and its relation to its human owner. In order to deal with these challenges, we present a Blockchain-based Identity Framework for IoT (BIFIT). We show how to apply our BIFIT to IoT smart homes to achieve identity self-management by end users. In the context of smart home, the framework autonomously extracts appliances signatures and creates blockchain-based identifies for their appliance owners. It also correlates appliances signatures (low level identities) and owners identifies in order to use them in authentication credentials and to make sure that any IoT entity is behaving normally.

.  2019.  2019 9th International Conference on Information Science and Technology (ICIST). :485—490.
Air-gap attacks and mimic defense are two emerging techniques in the field of network attack and defense, respectively. However, direct confrontation between them has not yet appeared in the real world. Who will be the winner, if air-gap attacks encounter mimic defense? To this end, a preliminary analysis is conducted for exploring the possible the strategy space of game according to the core principles of air-gap attacks and mimic defense. On this basis, an architecture model is proposed, which combines some detectors for air-gap attacks and mimic defense devices. First, a Dynamic Heterogeneous Redundancy (DHR) structure is employed to be on guard against malicious software of air-gap attacks. Second, some detectors for air-gap attacks are used to detect some signal sent by air-gap attackers' transmitter. Third, the proposed architecture model is obtained by organizing the DHR structure and the detectors for air-gap attacks with some logical relationship. The simulated experimental results preliminarily confirm the power of the new model.