Biblio

Industrial control systems (ICS) are systems used in critical infrastructures for supervisory control, data acquisition, and industrial automation. ICS systems have complex, component-based architectures with many different hardware, software, and human factors interacting in real time. Despite the importance of security concerns in industrial control systems, there has not been a comprehensive study that examined common security architectural weaknesses in this domain. Therefore, this paper presents the first in-depth analysis of 988 vulnerability advisory reports for Industrial Control Systems developed by 277 vendors. We performed a detailed analysis of the vulnerability reports to measure which components of ICS have been affected the most by known vulnerabilities, which security tactics were affected most often in ICS and what are the common architectural security weaknesses in these systems. Our key findings were: (1) Human-Machine Interfaces, SCADA configurations, and PLCs were the most affected components, (2) 62.86% of vulnerability disclosures in ICS had an architectural root cause, (3) the most common architectural weaknesses were “Improper Input Validation”, followed by “Im-proper Neutralization of Input During Web Page Generation” and “Improper Authentication”, and (4) most tactic-related vulnerabilities were related to the tactics “Validate Inputs”, “Authenticate Actors” and “Authorize Actors”.

Lately, we are facing the Malware crisis due to various types of malware or malicious programs or scripts available in the huge virtual world - the Internet. But, what is malware? Malware can be a malicious software or a program or a script which can be harmful to the user's computer. These malicious programs can perform a variety of functions, including stealing, encrypting or deleting sensitive data, altering or hijacking core computing functions and monitoring users' computer activity without their permission. There are various entry points for these programs and scripts in the user environment, but only one way to remove them is to find them and kick them out of the system which isn't an easy job as these small piece of script or code can be anywhere in the user system. This paper involves the understanding of different types of malware and how we will use Machine Learning to detect these malwares.

In this paper, we propose a deep learning framework for malware classification. There has been a huge increase in the volume of malware in recent years which poses a serious security threat to financial institutions, businesses and individuals. In order to combat the proliferation of malware, new strategies are essential to quickly identify and classify malware samples so that their behavior can be analyzed. Machine learning approaches are becoming popular for classifying malware, however, most of the existing machine learning methods for malware classification use shallow learning algorithms (e.g. SVM). Recently, Convolutional Neural Networks (CNN), a deep learning approach, have shown superior performance compared to traditional learning algorithms, especially in tasks such as image classification. Motivated by this success, we propose a CNN-based architecture to classify malware samples. We convert malware binaries to grayscale images and subsequently train a CNN for classification. Experiments on two challenging malware classification datasets, Malimg and Microsoft malware, demonstrate that our method achieves better than the state-of-the-art performance. The proposed method achieves 98.52% and 99.97% accuracy on the Malimg and Microsoft datasets respectively.

This computer era leads human to interact with computers and networks but there is no such solution to get rid of security problems. Securities threats misleads internet, we are sometimes losing our hope and reliability with many server based access. Even though many more crypto algorithms are coming for integrity and authentic data in computer access still there is a non reliable threat penetrates inconsistent vulnerabilities in networks. These vulnerable sites are taking control over the user's computer and doing harmful actions without user's privileges. Though Firewalls and protocols may support our browsers via setting certain rules, still our system couldn't support for data reliability and confidentiality. Since these problems are based on network access, lets we consider TCP/IP parameters as a dataset for analysis. By doing preprocess of TCP/IP packets we can build sovereign model on data set and clump cluster. Further the data set gets classified into regular traffic pattern and anonymous pattern using KNN classification algorithm. Based on obtained pattern for normal and threats data sets, security devices and system will set rules and guidelines to learn by it to take needed stroke. This paper analysis the computer to learn security actions from the given data sets which already exist in the previous happens.

The Internet of Things (IoT) is one of the emerging technologies that has seized the attention of researchers, the reason behind that was the IoT expected to be applied in our daily life in the near future and human will be wholly dependent on this technology for comfort and easy life style. Internet of things is the interconnection of internet enabled things or devices to connect with each other and to humans in order to achieve some goals or the ability of everyday objects to connect to the Internet and to send and receive data. However, the Internet of Things (IoT) raises significant challenges that could stand in the way of realizing its potential benefits. This paper discusses access control area as one of the most crucial aspect of security and privacy in IoT and proposing a new way of access control that would decide who is allowed to access what and who is not to the IoT subjects and sensors.

Monitoring systems are essential to understand and control the behaviour of systems and networks. Cyber-physical systems (CPS) are particularly delicate under that perspective since they involve real-time constraints and physical phenomena that are not usually considered in common IT solutions. Therefore, there is a need for publicly available monitoring tools able to contemplate these aspects. In this poster/demo, we present our initiative, called CPS-MT, towards a versatile, real-time CPS monitoring tool, with a particular focus on security research. We first present its architecture and main components, followed by a MiniCPS-based case study. We also describe a performance analysis and preliminary results. During the demo, we will discuss CPS-MT's capabilities and limitations for security applications.

Over the past decade, the reliance on Unmanned Aerial Systems (UAS) to carry out critical missions has grown drastically. With an increased reliance on UAS as mission assets and the dependency of UAS on cyber resources, cyber security of UAS must be improved by adopting sound security principles and relevant technologies from the computing community. On the other hand, the traditional avionics community, being aware of the importance of cyber security, is looking at new architecture and designs that can accommodate both the traditional safety oriented principles as well as the cyber security principles and techniques. It is with the effective and timely convergence of these domains that a holistic approach and co-design can meet the unique requirements of modern systems and operations. In this paper, authors from both the cyber security and avionics domains describe our joint effort and insights obtained during the course of designing secure and resilient embedded avionics systems.

This paper presents a computational platform for dynamic security assessment (DSA) of large electricity grids, developed as part of the iTesla project. It leverages High Performance Computing (HPC) to analyze large power systems, with many scenarios and possible contingencies, thus paving the way for pan-European operational stability analysis. The results of the DSA are summarized by decision trees of 11 stability indicators. The platform's workflow and parallel implementation architecture is described in detail, including the way commercial tools are integrated into a plug-in architecture. A case study of the French grid is presented, with over 8000 scenarios and 1980 contingencies. Performance data of the case study (using 10,000 parallel cores) is analyzed, including task timings and data flows. Finally, the generated decision trees are compared with test data to quantify the functional performance of the DSA platform.

Intrusion Prevention System (IPS) is a tool for securing networks from any malicious packet that could be sent from specific host. IPS can be installed on SDN network that has centralized logic architecture, so that IPS doesnt need to be installed on lots of nodes instead it has to be installed alongside the controller as center of logic network. IPS still has a flaw and that is the block duration would remain the same no matter how often a specific host attacks. For this reason, writer would like to make a system that not only integrates IPS on the SDN, but also designs an adaptive IPS by utilizing a fuzzy logic that can decide how long blocks are based on the frequency variable and type of attacks. From the results of tests that have been done, SDN network that has been equipped with adaptive IPS has the ability to detect attacks and can block the attacker host with the duration based on the frequency and type of attacks. The final result obtained is to make the SDN network safer by adding 0.228 milliseconds as the execute time required for the fuzzy algorithm in one process.

Web attacks have increased rapidly in recent years. However, traditional methods are useless to track web attackers. Browser fingerprint, as a stateless tracking technique, can be used to solve this problem. Given browser fingerprint changes easily and frequently, it is easy to lose track. Therefore, we need to improve the stability of browser fingerprint by linking the new one to the previous chain. In this paper, we propose LSTM model to learn the potential relationship of browser fingerprint evolution. In addition, we adjust the input feature vector to time series and construct training set to train the model. The results show that our model can construct the tracking chain perfectly well with average ownership up to 99.3%.

The development of Vehicular Ad-hoc NETwork (VANET) has brought many conveniences to human beings, but also brings a very prominent security problem. The traditional solution to the security problem is based on centralized approach which requires a trusted central entity which exists a single point of failure problem. Moreover, there is no approach of technical level to ensure security of data. Therefore, this paper proposes a security architecture of VANET based on blockchain and mobile edge computing. The architecture includes three layers, namely perception layer, edge computing layer and service layer. The perception layer ensures the security of VANET data in the transmission process through the blockchain technology. The edge computing layer provides computing resources and edge cloud services to the perception layer. The service layer uses the combination of traditional cloud storage and blockchain to ensure the security of data.

Collaborative smart services provide functionalities which exploit data collected from different sources to provide benefits to a community of users. Such data, however, might be privacy sensitive and their disclosure has to be avoided. In this paper, we present a distributed multi-tier framework intended for smart-environment management, based on usage control for policy evaluation and enforcement on devices belonging to different collaborating entities. The proposed framework exploits secure multi-party computation to evaluate policy conditions without disclosing actual value of evaluated attributes, to preserve privacy. As reference example, a smart-grid use case is presented.

In spite of numerous advantages of biometrics-based personal authentication systems over traditional security systems based on token or knowledge, they are vulnerable to attacks that can decrease their security considerably. In this paper, we propose a new hardware solution to protect biometric templates such as fingerprint. The proposed scheme is based on chaotic N × N grid multi-scroll system and it is implemented on Xilinx FPGA. The hardware implementation is achieved by applying numerical solution methods in our study, we use EM (Euler Method). Simulation and experimental results show that the proposed scheme allows a low cost image encryption for embedded systems while still providing a good trade-off between performance and hardware resources. Indeed, security analysis performed to the our scheme, is strong against known different attacks, such as: brute force, statistical, differential, and entropy. Therefore, the proposed chaos-based multiscroll encryption algorithm is suitable for use in securing embedded biometric systems.

This paper presents a review on how to benefit from software-defined networking (SDN) to enhance smart grid security. For this purpose, the attacks threatening traditional smart grid systems are classified according to availability, integrity, and confidentiality, which are the main cyber-security objectives. The traditional smart grid architecture is redefined with SDN and a conceptual model for SDN-based smart grid systems is proposed. SDN based solutions to the mentioned security threats are also classified and evaluated. Our conclusions suggest that SDN helps to improve smart grid security by providing real-time monitoring, programmability, wide-area security management, fast recovery from failures, distributed security and smart decision making based on big data analytics.

Information Centric Networking (ICN) changed the communication model from host-based to content-based to cope with the high volume of traffic due to the rapidly increasing number of users, data objects, devices, and applications. ICN communication model requires new security solutions that will be integrated with ICN architectures. In this paper, we present a security framework to manage ICN traffic by detecting, preventing, and responding to ICN attacks. The framework consists of three components: availability, access control, and privacy. The availability component ensures that contents are available for legitimate users. The access control component allows only legitimate users to get restrictedaccess contents. The privacy component prevents attackers from knowing content popularities or user requests. We also show our specific solutions as examples of the framework components.

Cloud computing is the major paradigm in today's IT world with the capabilities of security management, high performance, flexibility, scalability. Customers valuing these features can better benefit if they use a cloud environment built using HPC fabric architecture. However, security is still a major concern, not only on the software side but also on the hardware side. There are multiple studies showing that the malicious users can affect the regular customers through the hardware if they are co-located on the same physical system. Therefore, solving possible security concerns on the HPC fabric architecture will clearly make the fabric industries leader in this area. In this paper, we propose an autonomic HPC fabric architecture that leverages both resilient computing capabilities and adaptive anomaly analysis for further security.

Risk Assessment is a foundation of decision-making about a future project behaviour or action. The related decision made might entail further analyzes to perform risk- reduction. The risk is a general phenomenon that takes different depicts and types. Static risk and its circumstances do not significantly change over time while dynamic risk arises out of the changes in interrelated circumstances. A Multi-Agent System (MAS) approach has become a popular tool to tackle different problems that relate to risk. The MAS helps in the decision aid processes and when responding to the consequences of the risk. This paper surveys some of the existing methods and techniques of risk assessment in different application domains. The survey focuses on the employment of MAS approach in risk assessment. The survey outcomes an illustration of the roles and contributions of the MAS in the Dynamic Risk Assessment (DRA) field.

Design for Testability (DfT) techniques allow devices to be tested at various levels of the manufacturing process. Scan architecture is a dominantly used DfT technique, which supports a high level of fault coverage, observability and controllability. However, scan architecture can be used by hardware attackers to gain critical information stored within the device. The security threats due to an unrestricted access provided by scan architecture has to be addressed to ensure hardware security. In this work, a solution based on the Clock and Data Recovery (CDR) method has been presented to authenticate users and limit the access to the scan architecture to authorized users. As compared to the available solution the proposed method presents a robust performance and reduces the area overhead by more than 10%.

Software Defined Network (SDN) architecture is a new and novel way of network management mechanism. In SDN, switches do not process the incoming packets like conventional network computing environment. They match for the incoming packets in the forwarding tables and if there is none it will be sent to the controller for processing which is the operating system of the SDN. A Distributed Denial of Service (DDoS) attack is a biggest threat to cyber security in SDN network. The attack will occur at the network layer or the application layer of the compromised systems that are connected to the network. In this paper a machine learning based intelligent method is proposed which can detect the incoming packets as infected or not. The different machine learning algorithms adopted for accomplishing the task are Naive Bayes, K-Nearest neighbor (KNN) and Support vector machine (SVM) to detect the anomalous behavior of the data traffic. These three algorithms are compared according to their performances and KNN is found to be the suitable one over other two. The performance measure is taken here is the detection rate of infected packets.

Among the threats to information systems of state institutions, enterprises and financial organizations of particular importance are those originating from organized criminal groups that specialize in obtaining unauthorized access to the computer information protected by law. Criminal groups often possess a material base including financial, technical, human and other resources that allow to perform targeted attacks on information resources as secretly as possible. The principal features of such targeted attacks are the use of software created or modified specifically for use in illegal purposes with respect to specific organizations. Due to these circumstances, the detection of such attacks is quite difficult, and their prevention is even more complicated. In this regard, the task of identifying and analyzing such threats is very relevant. One effective way to solve it is to implement the Honeypot system, which allows to research the strategy and tactics of the attackers. In the present article, there is proposed the original architecture of the Honeypot system designed to study targeted attacks on information systems of criminogenic objects. The architectural design includes such basic elements as the functional component, the registrar of events occurring in the system and the protector. The key features of the proposed Honeypot system are considered, and the functional purpose of its main components is described. The proposed system can find its application in providing information security of institutions, organizations and enterprises, it can be used in the development of information security systems.

The need to process the verity, volume and velocity of data generated by today's Internet of Things (IoT) devices has pushed both academia and the industry to investigate new architectural alternatives to support the new challenges. As a result, Edge Computing (EC) has emerged to address these issues, by placing part of the cloud resources (e.g., computation, storage, logic) closer to the edge of the network, which allows faster and context dependent data analysis and storage. However, as EC infrastructures grow, different providers who do not necessarily trust each other need to collaborate in order serve different IoT devices. In this context, EC infrastructures, IoT devices and the data transiting the network all need to be subject to identity and provenance checks, in order to increase trust and accountability. Each device/data in the network needs to be identified and the provenance of its actions needs to be tracked. In this paper, we propose a blockchain container based architecture that implements the W3C-PROV Data Model, to track identities and provenance of all orchestration decisions of a business network. This architecture provides new forms of interaction between the different stakeholders, which supports trustworthy transactions and leads to a new decentralized interaction model for IoT based applications.

Ubiquitous Healthcare System (U-Healthcare) is a well-known application of wireless sensor networking (WSN). In this system, the sensors take less power for operating the function. As the data transfers between sensor and other stations is sensitive so there needs to provide a security scheme. Due to the low life of sensor nodes in Wireless Sensor Networks (WSN), asymmetric key based security (AKS) architecture is always considered as unsuitable for these types of networks. Several papers have been published in recent past years regarding how to incorporate AKS in WSN, Haque et al's Asymmetric key based Architecture (AKA) is one of them. But later it is found that this system has authentication problem and therefore prone to man-in-the-middle (MITM) attack, furthermore it is not a truly asymmetric based scheme. We address these issues in this paper and proposed a complete asymmetric approach using PEKS-PM (proposed by Pham in [8]) to remove impersonation attack. We also found some other vulnerabilities in the original AKA system and proposed solutions, therefore making it a better and enhanced asymmetric key based architecture.

User Generated Videos (UGV) are the dominating content stored in scattered caches to meet end-user Content Delivery Networks (CDN) requests with quality of service. End-User behaviour leads to a highly variable UGV popularity. This aspect can be exploited to efficiently utilize the limited storage of the caches, and improve the hit ratio of UGVs. In this paper, we propose a new architecture for Data Analytics in Cloud-based CDN to derive UGVs popularity online. This architecture uses RESTful web services to gather CDN logs, store them through generic collections in a NoSQL database, and calculate related popular UGVs in a real time fashion. It uses a dynamic model training and prediction services to provide each CDN with related popular videos to be cached based on the latest trained model. The proposed architecture is implemented with k-means clustering prediction model and the obtained results are 99.8% accurate.

Edge computing can potentially play a crucial role in enabling user authentication and monitoring through context-aware biometrics in military/battlefield applications. For example, in Internet of Military Things (IoMT) or Internet of Battlefield Things (IoBT),an increasing number of ubiquitous sensing and computing devices worn by military personnel and embedded within military equipment (combat suit, instrumented helmets, weapon systems, etc.) are capable of acquiring a variety of static and dynamic biometrics (e.g., face, iris, periocular, fingerprints, heart-rate, gait, gestures, and facial expressions). Such devices may also be capable of collecting operational context data. These data collectively can be used to perform context-adaptive authentication in-the-wild and continuous monitoring of soldier's psychophysical condition in a dedicated edge computing architecture.

Recently, the armed forces want to bring the Internet of Things technology to improve the effectiveness of military operations in battlefield. So the Internet of Battlefield Things (IoBT) has entered our view. And due to the high processing latency and low reliability of the “combat cloud” network for IoBT in the battlefield environment, in this paper , a novel “combat cloud-fog” network architecture for IoBT is proposed. The novel architecture adds a fog computing layer which consists of edge network equipment close to the users in the “combat-cloud” network to reduce latency and enhance reliability. Meanwhile, since the computing capability of the fog equipment are weak, it is necessary to implement distributed computing in the “combat cloud-fog” architecture. Therefore, the distributed computing load balancing problem of the fog computing layer is researched. Moreover, a distributed generalized diffusion strategy is proposed to decrease latency and enhance the stability and survivability of the “combat cloud-fog” network system. The simulation result indicates that the load balancing strategy based on generalized diffusion algorithm could decrease the task response latency and support the efficient processing of battlefield information effectively, which is suitable for the “combat cloud- fog” network architecture.