Visible to the public Biblio

Found 540 results

Filters: Keyword is Cyber-physical systems  [Clear All Filters]
2022-07-29
Zhou, Runfu, Peng, Minfang, Gao, Xingle.  2021.  Vulnerability Assessment of Power Cyber-Physical System Considering Nodes Load Capacity. 2021 6th International Conference on Intelligent Computing and Signal Processing (ICSP). :1438—1441.
The power cyber-physical system combines the cyber network with the traditional electrical power network, which can monitor and control the operation of the power grid stably and efficiently. Since the system's structure and function is complicated and large, it becomes fragile as a result. Therefore, establishing a reasonable and effective CPS model and discussing its vulnerability performance under external attacks is essential and vital for power grid operation. This paper uses the theory of complex networks to establish a independent system model by IEEE-118-node power network and 200-node scale-free information network, introducing information index to identify and sort important nodes in the network, and then cascade model of the power cyber-physical system based on the node load capacity is constructed and the vulnerability assessment analysis is carried out. The simulation shows that the disintegration speed of the system structure under deliberate attacks is faster than random attacks; And increasing the node threshold can effectively inhibit the propagation of failure.
Chen, Keren, Zheng, Nan, Cai, Qiyuan, Li, Yinan, Lin, Changyong, Li, Yuanfei.  2021.  Cyber-Physical Power System Vulnerability Analysis Based on Complex Network Theory. 2021 6th Asia Conference on Power and Electrical Engineering (ACPEE). :482—486.
The vulnerability assessment of the cyber-physical power system based on complex network theory is applied in this paper. The influence of the power system statistics upon the system vulnerability is studied based on complex network theory. The electrical betweenness is defined to suitably describe the power system characteristics. The real power systems are utilized as examples to analyze the distribution of the degree and betweenness of the power system as a complex network. The topology model of the cyber-physical power system is formed, and the static analysis is implemented to the study of the cyber-physical power system structural vulnerability. The IEEE 300 bus test system is selected to verify the model.
2022-07-14
Kaur, Amanpreet, Singh, Gurpreet.  2021.  Encryption Algorithms based on Security in IoT (Internet of Things). 2021 6th International Conference on Signal Processing, Computing and Control (ISPCC). :482–486.
The Internet is evolving everywhere and expanding its entity globally. The IoT(Internet of things) is a new and interesting concept introduced in this world of internet. Generally it is interconnected computing device which can be embedded in our daily routine objects through which we can send and receive data. It is beyond connecting computers and laptops only although it can connect billion of devices. It can be described as reliable method of communication that also make use of other technologies like wireless sensor, QR code etc. IoT (Internet of Things) is making everything smart with use of technology like smart homes, smart cities, smart watches. In this chapter, we will study the security algorithms in IoT (Internet of Things) which can be achieved with encryption process. In the world of IoT, data is more vulnerable to threats. So as to protect data integrity, data confidentiality, we have Light weight Encryption Algorithms like symmetric key cryptography and public key cryptography for secure IoT (Internet of Things) named as Secure IoT. Because it is not convenient to use full encryption algorithms that require large memory size, large program code and larger execution time. Light weight algorithms meet all resource constraints of small memory size, less execution time and efficiency. The algorithms can be measured in terms of key size, no of blocks and algorithm structure, chip size and energy consumption. Light Weight Techniques provides security to smart object networks and also provides efficiency. In Symmetric Key Cryptography, two parties can have identical keys but has some practical difficulty. Public Key Cryptography uses both private and public key which are related to each other. Public key is known to everyone while private key is kept secret. Public Key cryptography method is based on mathematical problems. So, to implement this method, one should have a great expertise.
Jiang, Qingwei.  2021.  An Image Hiding Algorithm based on Bit Plane and Two-Dimensional Code. 2021 Third International Conference on Intelligent Communication Technologies and Virtual Mobile Networks (ICICV). :851–854.
An image hiding algorithm based on bit plane and two-dimensional code is proposed in this paper. The main characteristic of information hiding is to use the information redundant data of the existing image, to embed the information into these redundant data by the information hiding algorithm, or to partially replace redundant information with information to be embedded to achieve a visual invisible purpose. We first analyze the color index usage frequency of the block index matrix in the algorithm, and calculate the distance between the color of the block index matrix with only one color and the other color in the palette that is closest to the color. Then, the QR model and the compression model are applied to improve the efficiency. We compare the proposed model with the stateof-the-art models.
Papaspirou, Vassilis, Maglaras, Leandros, Ferrag, Mohamed Amine, Kantzavelou, Ioanna, Janicke, Helge, Douligeris, Christos.  2021.  A novel Two-Factor HoneyToken Authentication Mechanism. 2021 International Conference on Computer Communications and Networks (ICCCN). :1–7.
The majority of systems rely on user authentication on passwords, but passwords have so many weaknesses and widespread use that easily raise significant security concerns, regardless of their encrypted form. Users hold the same password for different accounts, administrators never check password files for flaws that might lead to a successful cracking, and the lack of a tight security policy regarding regular password replacement are a few problems that need to be addressed. The proposed research work aims at enhancing this security mechanism, prevent penetrations, password theft, and attempted break-ins towards securing computing systems. The selected solution approach is two-folded; it implements a two-factor authentication scheme to prevent unauthorized access, accompanied by Honeyword principles to detect corrupted or stolen tokens. Both can be integrated into any platform or web application with the use of QR codes and a mobile phone.
Sintyaningrum, Desti Eka, Muladi, Ashar, Muhammad.  2021.  The Encryption of Electronic Professional Certificate by Using Digital Signature and QR Code. 2021 International Conference on Converging Technology in Electrical and Information Engineering (ICCTEIE). :19–24.
In Indonesia, there have been many certificates forgery happened. The lack of security system for the certificate and the difficulty in verification process toward the authenticity certificate become the main factor of the certificate forgery cases happen. The aim of this research is to improve the security system such digital signature and QR code to authenticate the authenticity certificate and to facilitate the user in verify their certificate and also to minimize the certificate forgery cases. The aim of this research is to improve the security system such digital signature and QR code to authenticate the authenticity certificate and to facilitate the user in verify their certificate and also to minimize the certificate forgery cases. The application is built in web system to facilitate the user to access it everywhere and any time. This research uses Research and Development method for problem analysis and to develop application using Software Development Life Cycle method with waterfall approach. Black box testing is chosen as testing method for each function in this system. The result of this research is creatcate application that’s designed to support the publishing and the verification of the electronic authenticity certificate by online. There are two main schemes in system: the scheme in making e-certificate and the scheme of verification QR Code. There is the electronic professional certificate application by applying digital signature and QR Code. It can publish e-certificate that can prevent from criminal action such certificate forgery, that’s showed in implementation and can be proven in test.
Mittal, Sonam, Kaur, Prabhjot, Ramkumar, K.R..  2021.  Achieving Privacy and Security Using QR-Code through Homomorphic Encryption and Steganography. 2021 9th International Conference on Reliability, Infocom Technologies and Optimization (Trends and Future Directions) (ICRITO). :1–6.
Security is a most concerning matter for client's data in today's emerging technological world in each field, like banking, management, retail, shopping, communication, education, etc. Arise in cyber-crime due to the black hat community, there is always a need for a better way to secure the client's sensitive information, Security is the key point in online banking as the threat of unapproved online access to a client's data is very significant as it ultimately danger to bank reputation. The more secure and powerful methods can allow a client to work with untrusted parties. Paper is focusing on how secure banking transaction system can work by using homomorphic encryption and steganography techniques. For data encryption NTRU, homomorphic encryption can be used and to hide details through the QR code, a cover image can be embed using steganography techniques.
Ismail, Safwati, Alkawaz, Mohammed Hazim, Kumar, Alvin Ebenazer.  2021.  Quick Response Code Validation and Phishing Detection Tool. 2021 IEEE 11th IEEE Symposium on Computer Applications & Industrial Electronics (ISCAIE). :261–266.
A Quick Response (QR) Code is a type of barcode that can be read by the digital devices and which stores the information in a square-shaped. The QR Code readers can extract data from the patterns which are presented in the QR Code matrix. A QR Code can be acting as an attack vector that can harm indirectly. In such case a QR Code can carry malicious or phishing URLs and redirect users to a site which is well conceived by the attacker and pretends to be an authorized one. Once the QR Code is decoded the commands are triggered and executed, causing damage to information, operating system and other possible sequence the attacker expects to gain. In this paper, a new model for QR Code authentication and phishing detection has been presented. The proposed model will be able to detect the phishing and malicious URLs in the process of the QR Code validation as well as to prevent the user from validating it. The development of this application will help to prevent users from being tricked by the harmful QR Codes.
Ahmad, Lina, Al-Sabha, Rania, Al-Haj, Ali.  2021.  Design and Implementation of a Secure QR Payment System Based on Visual Cryptography. 2021 7th International Conference on Information Management (ICIM). :40–44.
In this paper, we will describe the design and implementation of a secure payment system based on QR codes. These QR codes have been extensively used in recent years since they speed up the payment process and provide users with ultimate convenience. However, as convenient as they may sound, QR-based online payment systems are vulnerable to different types of attacks. Therefore, transaction processing needs to be secure enough to protect the integrity and confidentiality of every payment process. Moreover, the online payment system must provide authenticity for both the sender and receiver of each transaction. In this paper, the security of the proposed QR-based system is provided using visual cryptography. The proposed system consists of a mobile application and a payment gateway server that implements visual cryptography. The application provides a simple and user-friendly interface for users to carry out payment transactions in user-friendly secure environment.
Nagata, Daiya, Hayashi, Yu-ichi, Mizuki, Takaaki, Sone, Hideaki.  2021.  QR Bar-Code Designed Resistant against EM Information Leakage. 2021 XXXIVth General Assembly and Scientific Symposium of the International Union of Radio Science (URSI GASS). :1–4.
A threat of eavesdropping display screen image of information device is caused by unintended EM leakage emanation. QR bar-code is capable of error correction, and its information is possibly read from a damaged screen image from EM leakage. A new design of QR bar-code proposed in this paper uses selected colors in consideration of correlation between the EM wave leakage and display color. Proposed design of QR bar-code keeps error correction of displayed image, and makes it difficult to read information on the eavesdropped image.
Razaque, Abdul, Alexandrov, Vladislav, Almiani, Muder, Alotaibi, Bandar, Alotaibi, Munif, Al-Dmour, Ayman.  2021.  Comparative Analysis of Digital Signature and Elliptic Curve Digital Signature Algorithms for the Validation of QR Code Vulnerabilities. 2021 Eighth International Conference on Software Defined Systems (SDS). :1–7.
Quick response (QR) codes are currently used ubiq-uitously. Their interaction protocol design is initially unsecured. It forces users to scan QR codes, which makes it harder to differentiate a genuine code from a malicious one. Intruders can change the original QR code and make it fake, which can lead to phishing websites that collect sensitive data. The interaction model can be improved and made more secure by adding some modifications to the backend side of the application. This paper addresses the vulnerabilities of QR codes and recommends improvements in security design. Furthermore, two state-of-the-art algorithms, Digital Signature (DS) and Elliptic Curve Digital Signature (ECDS), are analytically compared to determine their strengths in QR code security.
Lei Lei, Joanna Tan, Chuin, Liew Siau, Ernawan, Ferda.  2021.  An Image Watermarking based on Multi-level Authentication for Quick Response Code. 2021 International Conference on Software Engineering & Computer Systems and 4th International Conference on Computational Science and Information Management (ICSECS-ICOCSIM). :417–422.
This research presented a digital watermarking scheme using multi-level authentication for protecting QR code images in order to provide security and authenticity. This research focuses on the improved digital watermarking scheme for QR code security that can protect the confidentiality of the information stored in QR code images from the public. Information modification, malicious attack, and copyright violation may occur due to weak security and disclosure pattern of QR code. Digital watermarking can be a solution to reduce QR code imitation and increase QR code security and authenticity. The objectives of this research are to provide QR code image authentication and security, tamper localization, and recovery scheme on QR code images. This research proposed digital watermarking for QR code images based on multi-level authentication with Least Significant Bit (LSB) and SHA-256 hash function. The embedding and extracting watermark utilized region of Interest (ROI) and Region of Non-Interest (RONI) in the spatial domain for improving the depth and width of QR code application in the anti-counterfeiting field. The experiments tested the reversibility and robustness of the proposed scheme after a tempered watermarked QR code image. The experimental results show that the proposed scheme provides multi-level security, withstands tampered attacks and it provided high imperceptibility of QR code image.
2022-07-13
Chattha, Haseeb Ahmed, Rehman, Muhammad Miftah Ur, Mustafa, Ghulam, Khan, Abdul Qayyum, Abid, Muhammad, Haq, Ehtisham Ul.  2021.  Implementation of Cyber-Physical Systems with Modbus Communication for Security Studies. 2021 International Conference on Cyber Warfare and Security (ICCWS). :45—50.
Modbus is a popular industrial communication protocol supported by most automation devices. Despite its popularity, it is not a secure protocol because when it was developed, security was not a concern due to closed environments of industrial control systems. With the convergence of information technology and operational technology in recent years, the security of industrial control systems has become a serious concern. Due to the high availability requirements, it is not practical or feasible to do security experimentation of production systems. We present an implementation of cyber-physical systems with Modbus/TCP communication for real-time security testing. The proposed architecture consists of a process simulator, an IEC 61131-3 compliant programmable logic controller, and a human-machine interface, all communicating via Modbus/TCP protocol. We use Simulink as the process simulator. It does not have built-in support for the Modbus protocol. A contribution of the proposed work is to extend the functionality of Simulink with a custom block to enable Modbus communication. We use two case studies to demonstrate the utility of the cyber-physical system architecture. We can model complex industrial processes with this architecture, can launch cyber-attacks, and develop protection mechanisms.
2022-07-12
Pelissero, Nicolas, Laso, Pedro Merino, Jacq, Olivier, Puentes, John.  2021.  Towards modeling of naval systems interdependencies for cybersecurity. OCEANS 2021: San Diego – Porto. :1—7.
To ensure a ship’s fully operational status in a wide spectrum of missions, as passenger transportation, international trade, and military activities, numerous interdependent systems are essential. Despite the potential critical consequences of misunderstanding or ignoring those interdependencies, there are very few documented approaches to enable their identification, representation, analysis, and use. From the cybersecurity point of view, if an anomaly occurs on one of the interdependent systems, it could eventually impact the whole ship, jeopardizing its mission success. This paper presents a proposal to identify the main dependencies of layers within and between generic ship’s functional blocks. An analysis of one of these layers, the platform systems, is developed to examine a naval cyber-physical system (CPS), the water management for passenger use, and its associated dependencies, from an intrinsic perspective. This analysis generates a three layers graph, on which dependencies are represented as oriented edges. Each abstraction level of the graph represents the physical, digital, and system variables of the examined CPS. The obtained result confirms the interest of graphs for dependencies representation and analysis. It is an operational depiction of the different systems interdependencies, on which can rely a cybersecurity evaluation, like anomaly detection and propagation assessment.
Pelissero, Nicolas, Laso, Pedro Merino, Puentes, John.  2021.  Model graph generation for naval cyber-physical systems. OCEANS 2021: San Diego – Porto. :1—5.
Naval vessels infrastructures are evolving towards increasingly connected and automatic systems. Such accelerated complexity boost to search for more adapted and useful navigation devices may be at odds with cybersecurity, making necessary to develop adapted analysis solutions for experts. This paper introduces a novel process to visualize and analyze naval Cyber-Physical Systems (CPS) using oriented graphs, considering operational constraints, to represent physical and functional connections between multiple components of CPS. Rapid prototyping of interconnected components is implemented in a semi-automatic manner by defining the CPS’s digital and physical systems as nodes, along with system variables as edges, to form three layers of an oriented graph, using the open-source Neo4j software suit. The generated multi-layer graph can be used to support cybersecurity analysis, like attacks simulation, anomaly detection and propagation estimation, applying existing or new algorithms.
T⊘ndel, Inger Anne, Vefsnmo, Hanne, Gjerde, Oddbj⊘rn, Johannessen, Frode, Fr⊘ystad, Christian.  2021.  Hunting Dependencies: Using Bow-Tie for Combined Analysis of Power and Cyber Security. 2020 2nd International Conference on Societal Automation (SA). :1—8.
Modern electric power systems are complex cyber-physical systems. The integration of traditional power and digital technologies result in interdependencies that need to be considered in risk analysis. In this paper we argue the need for analysis methods that can combine the competencies of various experts in a common analysis focusing on the overall system perspective. We report on our experiences on using the Vulnerability Analysis Framework (VAF) and bow-tie diagrams in a combined analysis of the power and cyber security aspects in a realistic case. Our experiences show that an extended version of VAF with increased support for interdependencies is promising for this type of analysis.
2022-07-05
Zhang, Guangdou, Li, Jian, Bamisile, Olusola, Zhang, Zhenyuan, Cai, Dongsheng, Huang, Qi.  2021.  A Data Driven Threat-Maximizing False Data Injection Attack Detection Method with Spatio-Temporal Correlation. 2021 IEEE/IAS Industrial and Commercial Power System Asia (I&CPS Asia). :318—325.
As a typical cyber-physical system, the power system utilizes advanced information and communication technologies to transmit crucial control signals in communication channels. However, many adversaries can construct false data injection attacks (FDIA) to circumvent traditional bad data detection and break the stability of the power grid. In this paper, we proposed a threat-maximizing FDIA model from the view of attackers. The proposed FDIA can not only circumvent bad data detection but can also cause a terrible fluctuation in the power system. Furthermore, in order to eliminate potential attack threats, the Spatio-temporal correlations of measurement matrices are considered. To extract the Spatio-temporal features, a data-driven detection method using a deep convolutional neural network was proposed. The effectiveness of the proposed FDIA model and detection are assessed by a simulation on the New England 39 bus system. The results show that the FDIA can cause a negative effect on the power system’s stable operation. Besides, the results reveal that the proposed FDIA detection method has an outstanding performance on Spatio-temporal features extraction and FDIA recognition.
2022-06-14
Kawanishi, Yasuyuki, Nishihara, Hideaki, Yoshida, Hirotaka, Hata, Yoichi.  2021.  A Study of The Risk Quantification Method focusing on Direct-Access Attacks in Cyber-Physical Systems. 2021 IEEE Intl Conf on Dependable, Autonomic and Secure Computing, Intl Conf on Pervasive Intelligence and Computing, Intl Conf on Cloud and Big Data Computing, Intl Conf on Cyber Science and Technology Congress (DASC/PiCom/CBDCom/CyberSciTech). :298–305.

Direct-access attacks were initially considered as un-realistic threats in cyber security because the attacker can more easily mount other non-computerized attacks like cutting a brake line. In recent years, some research into direct-access attacks have been conducted especially in the automotive field, for example, research on an attack method that makes the ECU stop functioning via the CAN bus. The problem with existing risk quantification methods is that direct-access attacks seem not to be recognized as serious threats. To solve this problem, we propose a new risk quantification method by applying vulnerability evaluation criteria and by setting metrics. We also confirm that direct-access attacks not recognized by conventional methods can be evaluated appropriately, using the case study of an automotive system as an example of a cyber-physical system.

2022-06-10
Bures, Tomas, Gerostathopoulos, Ilias, Hnětynka, Petr, Seifermann, Stephan, Walter, Maximilian, Heinrich, Robert.  2021.  Aspect-Oriented Adaptation of Access Control Rules. 2021 47th Euromicro Conference on Software Engineering and Advanced Applications (SEAA). :363–370.
Cyber-physical systems (CPS) and IoT systems are nowadays commonly designed as self-adaptive, endowing them with the ability to dynamically reconFigure to reflect their changing environment. This adaptation concerns also the security, as one of the most important properties of these systems. Though the state of the art on adaptivity in terms of security related to these systems can often deal well with fully anticipated situations in the environment, it becomes a challenge to deal with situations that are not or only partially anticipated. This uncertainty is however omnipresent in these systems due to humans in the loop, open-endedness and only partial understanding of the processes happening in the environment. In this paper, we partially address this challenge by featuring an approach for tackling access control in face of partially unanticipated situations. We base our solution on special kind of aspects that build on existing access control system and create a second level of adaptation that addresses the partially unanticipated situations by modifying access control rules. The approach is based on our previous work where we have analyzed and classified uncertainty in security and trust in such systems and have outlined the idea of access-control related situational patterns. The aspects that we present in this paper serve as means for application-specific specialization of the situational patterns. We showcase our approach on a simplified but real-life example in the domain of Industry 4.0 that comes from one of our industrial projects.
Kropp, Alexander, Schwalbe, Mario, Tsokalo, Ievgenii A., Süβkraut, Martin, Schmoll, Robert-Steve, Fitzek, Frank H.P..  2021.  Reliable Control for Robotics - Hardware Resilience Powered by Software. 2021 IEEE 18th Annual Consumer Communications Networking Conference (CCNC). :1–2.
Industry 4.0 is now much more than just a buzzword. However, with the advancement of automation through digitization and softwarization of dedicated hardware, applications are also becoming more susceptible to random hardware errors in the calculation. This cyber-physical demonstrator uses a robotic application to show the effects that even single bit flips can have in the real world due to hardware errors. Using the graphical user interface including the human machine interface, the audience can generate hardware errors in the form of bit flips and see their effects live on the robot. In this paper we will be showing a new technology, the SIListra Safety Transformer (SST), that makes it possible to detect those kind of random hardware errors, which can subsequently make safety-critical applications more reliable.
Fitzek, Frank H.P., Li, Shu-Chen, Speidel, Stefanie, Strufe, Thorsten, Seeling, Patrick.  2021.  Frontiers of Transdisciplinary Research in Tactile Internet with Human-in-the-Loop. 2021 17th International Symposium on Wireless Communication Systems (ISWCS). :1–6.
Recent technological advances in developing intelligent telecommunication networks, ultra-compact bendable wireless transceiver chips, adaptive wearable sensors and actuators, and secure computing infrastructures along with the progress made in psychology and neuroscience for understanding neu-rocognitive and computational principles of human behavior combined have paved the way for a new field of research: Tactile Internet with Human-in-the-Loop (TaHiL). This emerging field of transdisciplinary research aims to promote next generation digitalized human-machine interactions in perceived real time. To achieve this goal, mechanisms and principles of human goal-directed multisensory perception and action need to be integrated into technological designs for breakthrough innovations in mobile telecommunication, electronics and materials engineering, as well as computing. This overview highlights key challenges and the frontiers of research in the new field of TaHiL. Revolutionizing the current Internet as a digital infrastructure for sharing visual and auditory information globally, the TaHiL research will enable humans to share tactile and haptic information and thus veridically immerse themselves into virtual, remote, or inaccessible real environments to exchange skills and expertise with other humans or machines for applications in medicine, industry, and the Internet of Skills.
2022-06-09
Ali, Jokha.  2021.  Intrusion Detection Systems Trends to Counteract Growing Cyber-Attacks on Cyber-Physical Systems. 2021 22nd International Arab Conference on Information Technology (ACIT). :1–6.
Cyber-Physical Systems (CPS) suffer from extendable vulnerabilities due to the convergence of the physical world with the cyber world, which makes it victim to a number of sophisticated cyber-attacks. The motives behind such attacks range from criminal enterprises to military, economic, espionage, political, and terrorism-related activities. Many governments are more concerned than ever with securing their critical infrastructure. One of the effective means of detecting threats and securing their infrastructure is the use of Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS). A number of studies have been conducted and proposed to assess the efficacy and effectiveness of IDS through the use of self-learning techniques, especially in the Industrial Control Systems (ICS) era. This paper investigates and analyzes the utilization of IDS systems and their proposed solutions used to enhance the effectiveness of such systems for CPS. The targeted data extraction was from 2011 to 2021 from five selected sources: IEEE, ACM, Springer, Wiley, and ScienceDirect. After applying the inclusion and exclusion criteria, 20 primary studies were selected from a total of 51 studies in the field of threat detection in CPS, ICS, SCADA systems, and the IoT. The outcome revealed the trends in recent research in this area and identified essential techniques to improve detection performance, accuracy, reliability, and robustness. In addition, this study also identified the most vulnerable target layer for cyber-attacks in CPS. Various challenges, opportunities, and solutions were identified. The findings can help scholars in the field learn about how machine learning (ML) methods are used in intrusion detection systems. As a future direction, more research should explore the benefits of ML to safeguard cyber-physical systems.
2022-05-19
Aljubory, Nawaf, Khammas, Ban Mohammed.  2021.  Hybrid Evolutionary Approach in Feature Vector for Ransomware Detection. 2021 International Conference on Intelligent Technology, System and Service for Internet of Everything (ITSS-IoE). :1–6.

Ransomware is one of the most serious threats which constitute a significant challenge in the cybersecurity field. The cybercriminals use this attack to encrypts the victim's files or infect the victim's devices to demand ransom in exchange to restore access to these files and devices. The escalating threat of Ransomware to thousands of individuals and companies requires an urgent need for creating a system capable of proactively detecting and preventing ransomware. In this research, a new approach is proposed to detect and classify ransomware based on three machine learning algorithms (Random Forest, Support Vector Machines , and Näive Bayes). The features set was extracted directly from raw byte using static analysis technique of samples to improve the detection speed. To offer the best detection accuracy, CF-NCF (Class Frequency - Non-Class Frequency) has been utilized for generate features vectors. The proposed approach can differentiate between ransomware and goodware files with a detection accuracy of up to 98.33 percent.

Perrone, Paola, Flammini, Francesco, Setola, Roberto.  2021.  Machine Learning for Threat Recognition in Critical Cyber-Physical Systems. 2021 IEEE International Conference on Cyber Security and Resilience (CSR). :298–303.

Cybersecurity has become an emerging challenge for business information management and critical infrastructure protection in recent years. Artificial Intelligence (AI) has been widely used in different fields, but it is still relatively new in the area of Cyber-Physical Systems (CPS) security. In this paper, we provide an approach based on Machine Learning (ML) to intelligent threat recognition to enable run-time risk assessment for superior situation awareness in CPS security monitoring. With the aim of classifying malicious activity, several machine learning methods, such as k-nearest neighbours (kNN), Naïve Bayes (NB), Support Vector Machine (SVM), Decision Tree (DT) and Random Forest (RF), have been applied and compared using two different publicly available real-world testbeds. The results show that RF allowed for the best classification performance. When used in reference industrial applications, the approach allows security control room operators to get notified of threats only when classification confidence will be above a threshold, hence reducing the stress of security managers and effectively supporting their decisions.

2022-05-10
Bezzateev, S. V., Fomicheva, S. G., Zhemelev, G. A..  2021.  Agent-based ZeroLogon Vulnerability Detection. 2021 Wave Electronics and its Application in Information and Telecommunication Systems (WECONF). :1–5.
Intrusion detection systems installed on the information security devices that control the internal and external perimeter of the demilitarized zones are not able to detect the vulnerability of ZeroLogon after the successful penetration of the intruder into the zone. Component solution for ZeroLogon control is offered. The paper presents the research results of the capabilities for built-in Active Directory audit mechanisms and open source intrusion detection/prevention systems, which allow identification of the critical vulnerability CVE-2020-1472. These features can be used to improve the quality of cyber-physical systems management, to perform audits, as well as to check corporate domains for ZeroLogon vulnerabilities.