Visible to the public Biblio

Filters: Keyword is survey  [Clear All Filters]
2020-05-26
Chatterjee, Tanusree, Ruj, Sushmita, Bit, Sipra Das.  2018.  Security Issues in Named Data Networks. Computer. 51:66–75.
Today's IP and content distribution networks are unable to fulfill all data distribution and security requirements. The named data network (NDN) has emerged as a promising candidate to cope with the Internet usage of the 21st century. Although the NDN has many built-in security features, this survey reviews several pressing security issues and open research areas.
2020-03-31
2020-01-20
Bharathy, A M Viswa, Umapathi, N, Prabaharan, S.  2019.  An Elaborate Comprehensive Survey on Recent Developments in Behaviour Based Intrusion Detection Systems. 2019 International Conference on Computational Intelligence in Data Science (ICCIDS). :1–5.

Intrusion detection system is described as a data monitoring, network activity study and data on possible vulnerabilities and attacks in advance. One of the main limitations of the present intrusion detection technology is the need to take out fake alarms so that the user can confound with the data. This paper deals with the different types of IDS their behaviour, response time and other important factors. This paper also demonstrates and brings out the advantages and disadvantages of six latest intrusion detection techniques and gives a clear picture of the recent advancements available in the field of IDS based on the factors detection rate, accuracy, average running time and false alarm rate.

2019-11-26
Acharjamayum, Irani, Patgiri, Ripon, Devi, Dhruwajita.  2018.  Blockchain: A Tale of Peer to Peer Security. 2018 IEEE Symposium Series on Computational Intelligence (SSCI). :609-617.

The underlying or core technology of Bitcoin cryptocurrency has become a blessing for human being in this era. Everything is gradually changing to digitization in this today's epoch. Bitcoin creates virtual money using Blockchain that's become popular over the world. Blockchain is a shared public ledger, and it includes all transactions which are confirmed. It is almost impossible to crack the hidden information in the blocks of the Blockchain. However, there are certain security and technical challenges like scalability, privacy leakage, selfish mining, etc. which hampers the wide application of Blockchain. In this paper, we briefly discuss this emerging technology namely Blockchain. In addition, we extrapolate in-depth insight on Blockchain technology.

2019-10-02
Santo, Walter E., de B. Salgueiro, Ricardo J. P., Santos, Reneilson, Souza, Danilo, Ribeiro, Admilson, Moreno, Edward.  2018.  Internet of Things: A Survey on Communication Protocol Security. Proceedings of the Euro American Conference on Telematics and Information Systems. :17:1–17:5.

This paper presents a survey on the main security problems that affect the communication protocols in the context of Internet of Things, in order to identify possible threats and vulnerabilities. The protocols RFID, NFC, 6LoWPAN, 6TiSCH, DTSL, CoAP and MQTT, for a better organization, were explored and categorized in layers according to the TCP / IP reference model. At the end, a summary is presented in tabular form with the security modes used for each protocol is used.

2019-01-31
Wong, Sunny, Woepse, Anne.  2018.  Software Development Challenges with Air-Gap Isolation. Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering. :815–820.

While existing research has explored the trade-off between security and performance, these efforts primarily focus on software consumers and often overlook the effectiveness and productivity of software producers. In this paper, we highlight an established security practice, air-gap isolation, and some challenges it uniquely instigates. To better understand and start quantifying the impacts of air-gap isolation on software development productivity, we conducted a survey at a commercial software company: Analytical Graphics, Inc. Based on our insights of dealing with air-gap isolation daily, we suggest some possible directions for future research. Our goal is to bring attention to this neglected area of research and to start a discussion in the SE community about the struggles faced by many commercial and governmental organizations.

2018-09-28
Han, Meng, Li, Lei, Peng, Xiaoqing, Hong, Zhen, Li, Mohan.  2017.  Information Privacy of Cyber Transportation System: Opportunities and Challenges. Proceedings of the 6th Annual Conference on Research in Information Technology. :23–28.
The Cyber Transport Systems (CTSs) have made significant advancement along with the development of the information technology and transportation industries worldwide. The rapid proliferation of cyber transportation technology provides rich information and infinite possibilities for our society to understand and use the complex inherent mechanism, which governs the novel intelligence world. In addition, applying information technology to cyber transportation applications open a range of new application scenarios, such as vehicular safety, energy efficiency, reduced pollution, and intelligent maintenance services. However, while enjoying the services and convenience provided by CTS, users, vehicles, even the systems might lose privacy during information transmitting and processing. This paper summarizes the state-of-art research findings on information privacy issues in a broad range. We firstly introduce the typical types of information and the basic mechanisms of information communication in CTS. Secondly, considering the information privacy issues of CTS, we present the literature on information privacy issues and privacy protection approaches in CTS. Thirdly, we discuss the emerging challenges and the opportunities for the information technology community in CTS.
2018-05-01
Maleki, Hoda, Rahaeimehr, Reza, van Dijk, Marten.  2017.  SoK: RFID-Based Clone Detection Mechanisms for Supply Chains. Proceedings of the 2017 Workshop on Attacks and Solutions in Hardware Security. :33–41.

Clone product injection into supply chains causes serious problems for industry and customers. Many mechanisms have been introduced to detect clone products in supply chains which make use of RFID technologies. This article gives an overview of these mechanisms, categorizes them by hardware change requirements, and compares their attributes.

2018-03-05
Hauger, W. K., Olivier, M. S..  2017.  Forensic Attribution in NoSQL Databases. 2017 Information Security for South Africa (ISSA). :74–82.

NoSQL databases have gained a lot of popularity over the last few years. They are now used in many new system implementations that work with vast amounts of data. This data will typically also include sensitive information that needs to be secured. NoSQL databases are also underlying a number of cloud implementations which are increasingly being used to store sensitive information by various organisations. This has made NoSQL databases a new target for hackers and other state sponsored actors. Forensic examinations of compromised systems will need to be conducted to determine what exactly transpired and who was responsible. This paper examines specifically if NoSQL databases have security features that leave relevant traces so that accurate forensic attribution can be conducted. The seeming lack of default security measures such as access control and logging has prompted this examination. A survey into the top ranked NoSQL databases was conducted to establish what authentication and authorisation features are available. Additionally the provided logging mechanisms were also examined since access control without any auditing would not aid forensic attribution tremendously. Some of the surveyed NoSQL databases do not provide adequate access control mechanisms and logging features that leave relevant traces to allow forensic attribution to be done using those. The other surveyed NoSQL databases did provide adequate mechanisms and logging traces for forensic attribution, but they are not enabled or configured by default. This means that in many cases they might not be available, leading to insufficient information to perform accurate forensic attribution even on those databases.

2017-11-20
Costin, Andrei.  2016.  Security of CCTV and Video Surveillance Systems: Threats, Vulnerabilities, Attacks, and Mitigations. Proceedings of the 6th International Workshop on Trustworthy Embedded Devices. :45–54.

Video surveillance, closed-circuit TV and IP-camera systems became virtually omnipresent and indispensable for many organizations, businesses, and users. Their main purpose is to provide physical security, increase safety, and prevent crime. They also became increasingly complex, comprising many communication means, embedded hardware and non-trivial firmware. However, most research to date focused mainly on the privacy aspects of such systems, and did not fully address their issues related to cyber-security in general, and visual layer (i.e., imagery semantics) attacks in particular. In this paper, we conduct a systematic review of existing and novel threats in video surveillance, closed-circuit TV and IP-camera systems based on publicly available data. The insights can then be used to better understand and identify the security and the privacy risks associated with the development, deployment and use of these systems. We study existing and novel threats, along with their existing or possible countermeasures, and summarize this knowledge into a comprehensive table that can be used in a practical way as a security checklist when assessing cyber-security level of existing or new CCTV designs and deployments. We also provide a set of recommendations and mitigations that can help improve the security and privacy levels provided by the hardware, the firmware, the network communications and the operation of video surveillance systems. We hope the findings in this paper will provide a valuable knowledge of the threat landscape that such systems are exposed to, as well as promote further research and widen the scope of this field beyond its current boundaries.

2017-10-25
Amin, Maitri.  2016.  A Survey of Financial Losses Due to Malware. Proceedings of the Second International Conference on Information and Communication Technology for Competitive Strategies. :145:1–145:4.

General survey stat that the main damage malware can cause is to slow down their PCs and perhaps crash some websites which is quite wrong, The Russian antivirus software developer teamed up with B2B International for a study worldwide recently, shown 36% of users lose money online as a result of a malware attack. Currently malware can't be detected by traditional way based anti-malware tools due to their polymorphic and/or metamorphic nature. Here we have improvised a current detection technique of malware based on mining Application Programming Interface (API) calls and developed the first public dataset to promote malware research. • In survey of cyber-attacks 6.2% financial attacks are due to malware which increase to 1.3 % in 2013 compared to 2012. • Financial data theft causes 27.6% to reach 28,400,000. Victims abused by this targeting malware countered 3,800,000, which is 18.6% greater than previous year. • Finance-committed malware, associated with Bitcoin has demonstrated the most dynamic development. Where's, Zeus is still top listed for playing important roles to steal banking credentials. Solutionary study stats that companies are spending a staggering amount of money in the aftermath of damaging attack: DDoS attacks recover \$6,500 per hour from malware and more than \$3,000 each time for up to 30 days to moderate and improve from malware attacks. [1]

Mondal, Tamal, Roy, Jaydeep, Bhattacharya, Indrajit, Chakraborty, Sandip, Saha, Arka, Saha, Subhanjan.  2016.  Smart Navigation and Dynamic Path Planning of a Micro-jet in a Post Disaster Scenario. Proceedings of the Second ACM SIGSPATIALInternational Workshop on the Use of GIS in Emergency Management. :14:1–14:8.

Small sized unmanned aerial vehicles (UAV) play major roles in variety of applications for aerial explorations and surveillance, transport, videography/photography and other areas. However, some other real life applications of UAV have also been studied. One of them is as a 'Disaster Response' component. In a post disaster situation, the UAVs can be used for search and rescue, damage assessment, rapid response and other emergency operations. However, in a disaster response situation it is very challenging to predict whether the climatic conditions are suitable to fly the UAV. Also it is necessary for an efficient dynamic path planning technique for effective damage assessment. In this paper, such dynamic path planning algorithms have been proposed for micro-jet, a small sized fixed wing UAV for data collection and dissemination in a post disaster situation. The proposed algorithms have been implemented on paparazziUAV simulator considering different environment simulators (wind speed, wind direction etc.) and calibration parameters of UAV like battery level, flight duration etc. The results have been obtained and compared with baseline algorithm used in paparazziUAV simulator for navigation. It has been observed that, the proposed navigation techniques work well in terms of different calibration parameters (flight duration, battery level) and can be effective not only for shelter point detection but also to reserve battery level, flight time for micro-jet in a post disaster scenario. The proposed techniques take approximately 20% less time and consume approximately 19% less battery power than baseline navigation technique. From analysis of produced results, it has been observed that the proposed work can be helpful for estimating the feasibility of flying UAV in a disaster response situation. Finally, the proposed path planning techniques have been carried out during field test using a micro-jet. It has been observed that, our proposed dynamic path planning algorithms give proximate results compare to simulation in terms of flight duration and battery level consumption.

2017-09-06
Rahman, Akond, Partho, Asif, Meder, David, Williams, Laurie.  2017.  Which Factors Influence Practitioners' Usage of Build Automation Tools? Proceedings of the 3rd International Workshop on Rapid Continuous Software Engineering. :20–26.

Even though build automation tools help to reduce errors and rapid releases of software changes, use of build automation tools is not widespread amongst software practitioners. Software practitioners perceive build automation tools as complex, which can hinder the adoption of these tools. How well founded such perception is, can be determined by systematic exploration of adoption factors that influence usage of build automation tools. The goal of this paper is to aid software practitioners in increasing their usage of build automation tools by identifying the adoption factors that influence usage of these tools. We conducted a survey to empirically identify the adoption factors that influence usage of build automation tools. We obtained survey responses from 268 software professionals who work at NestedApps, Red Hat, as well as contribute to open source software. We observe that adoption factors related to complexity do not have the strongest influence on usage of build automation tools. Instead, we observe compatibility-related adoption factors, such as adjustment with existing tools, and adjustment with practitioner's existing workflow, to have influence on usage of build automation tools with greater importance. Findings from our paper suggest that usage of build automation tools might increase if: build automation tools fit well with practitioners' existing workflow and tool usage; and usage of build automation tools are made more visible among practitioners' peers.

2017-05-30
Sainju, Arpan Man, Atkison, Travis.  2017.  An Experimental Analysis of Windows Log Events Triggered by Malware. Proceedings of the SouthEast Conference. :195–198.

According to the 2016 Internet Security Threat Report by Symantec, there are around 431 million variants of malware known. This effort focuses on malware used for spying on user's activities, remotely controlling devices, and identity and credential theft within a Windows based operating system. As Windows operating systems create and maintain a log of all events that are encountered, various malware are tested on virtual machines to determine what events they trigger in the Windows logs. The observations are compiled into Operating System specific lookup tables that can then be used to find the tested malware on other computers with the same Operating System.

2017-03-20
Ur Rahman, Akond Ashfaque, Williams, Laurie.  2016.  Software Security in DevOps: Synthesizing Practitioners' Perceptions and Practices. Proceedings of the International Workshop on Continuous Software Evolution and Delivery. :70–76.

In organizations that use DevOps practices, software changes can be deployed as fast as 500 times or more per day. Without adequate involvement of the security team, rapidly deployed software changes are more likely to contain vulnerabilities due to lack of adequate reviews. The goal of this paper is to aid software practitioners in integrating security and DevOps by summarizing experiences in utilizing security practices in a DevOps environment. We analyzed a selected set of Internet artifacts and surveyed representatives of nine organizations that are using DevOps to systematically explore experiences in utilizing security practices. We observe that the majority of the software practitioners have expressed the potential of common DevOps activities, such as automated monitoring, to improve the security of a system. Furthermore, organizations that integrate DevOps and security utilize additional security activities, such as security requirements analysis and performing security configurations. Additionally, these teams also have established collaboration between the security team and the development and operations teams.

Ur Rahman, Akond Ashfaque, Williams, Laurie.  2016.  Software Security in DevOps: Synthesizing Practitioners' Perceptions and Practices. Proceedings of the International Workshop on Continuous Software Evolution and Delivery. :70–76.

In organizations that use DevOps practices, software changes can be deployed as fast as 500 times or more per day. Without adequate involvement of the security team, rapidly deployed software changes are more likely to contain vulnerabilities due to lack of adequate reviews. The goal of this paper is to aid software practitioners in integrating security and DevOps by summarizing experiences in utilizing security practices in a DevOps environment. We analyzed a selected set of Internet artifacts and surveyed representatives of nine organizations that are using DevOps to systematically explore experiences in utilizing security practices. We observe that the majority of the software practitioners have expressed the potential of common DevOps activities, such as automated monitoring, to improve the security of a system. Furthermore, organizations that integrate DevOps and security utilize additional security activities, such as security requirements analysis and performing security configurations. Additionally, these teams also have established collaboration between the security team and the development and operations teams.

2014-09-26
Becher, M., Freiling, F.C., Hoffmann, J., Holz, T., Uellenbeck, S., Wolf, C..  2011.  Mobile Security Catching Up? Revealing the Nuts and Bolts of the Security of Mobile Devices Security and Privacy (SP), 2011 IEEE Symposium on. :96-111.

We are currently moving from the Internet society to a mobile society where more and more access to information is done by previously dumb phones. For example, the number of mobile phones using a full blown OS has risen to nearly 200% from Q3/2009 to Q3/2010. As a result, mobile security is no longer immanent, but imperative. This survey paper provides a concise overview of mobile network security, attack vectors using the back end system and the web browser, but also the hardware layer and the user as attack enabler. We show differences and similarities between "normal" security and mobile security, and draw conclusions for further research opportunities in this area.