Biblio

In the Internet of Things (IoT), it is feasible to interconnect networks of different devices and all these different devices, such as smartphones, sensor devices, and vehicles, are controlled according to a particular user. These different devices are delivered and accept the information on the network. This thing is to motivate us to do work on IoT and the devices used are sensor nodes. The validation of data delivery completely depends on the checks of count data forwarding in each node. In this research, we propose the Link Hop Value-based Intrusion Detection System (L-IDS) against the blackhole attack in the IoT with the assist of WSN. The sensor nodes are connected to other nodes through the wireless link and exchange data routing, as well as data packets. The LHV value is identified as the attacker's presence by integrating the data delivery in each hop. The LHV is always equivalent to the Actual Value (AV). The RPL routing protocol is used IPv6 to address the concept of routing. The Routing procedure is interrupted by an attacker by creating routing loops. The performance of the proposed L-IDS is compared to the RPL routing security scheme based on existing trust. The proposed L-IDS procedure is validating the presence of the attacker at every source to destination data delivery. and also disables the presence of the attacker in the network. Network performance provides better results in the existence of a security scheme and also fully represents the inoperative presence of black hole attackers in the network. Performance metrics show better results in the presence of expected IDS and improve network reliability.

Intrusion Detection Systems (IDS) are the systems that detect and block any potential threats (e.g. DDoS attacks) in the network. In this project, we explore the performance of several machine learning techniques when used as parts of an IDS. We experiment with the CICIDS2017 dataset, one of the biggest and most complete IDS datasets in terms of having a realistic background traffic and incorporating a variety of cyber attacks. The techniques we present are applicable to any IDS dataset and can be used as a basis for deploying a real time IDS in complex environments.

We consider information leakage to the user in private information retrieval (PIR) systems. Information leakage can be measured in terms of individual message leakage or total leakage. Individual message leakage, or simply individual leakage, is defined as the amount of information that the user can obtain on any individual message that is not being requested, and the total leakage is defined as the amount of information that the user can obtain about all the other messages except the one being requested. In this work, we characterize the tradeoff between the minimum download cost and the individual leakage, and that for the total leakage, respectively. Coding schemes are proposed to achieve these optimal tradeoffs, which are also shown to be optimal in terms of the message size. We further characterize the optimal tradeoff between the minimum amount of common randomness and the total leakage. Moreover, we show that under individual leakage, common randomness is in fact unnecessary when there are more than two messages.

Cloud security is one of the major issues that worry individuals and organizations about cloud computing. Therefore, defending cloud systems against attacks such asinsiders' attacks has become a key demand. This paper investigates insider threat in cloud relational database systems(cloud RDMS). It discusses some vulnerabilities in cloud computing structures that may enable insiders to launch attacks, and shows how load balancing across multiple availability zones may facilitate insider threat. To prevent such a threat, the paper suggests three models, which are Peer-to-Peer model, Centralized model and Mobile-Knowledgebase model, and addresses the conditions under which they work well.

Insider threat makes great damage to the security of information system, traditional security methods are extremely difficult to work. Insider attack identification plays an important role in insider threat detection. Monitoring user's abnormal behavior is an effective method to detect impersonation, this method is applied to insider threat identification, to built user's behavior attribute information database based on weights changeable feedback tree augmented Bayes network, but data is massive, using the dimensionality reduction based on rough set, to establish the process information model of user's behavior attribute. Using the minimum risk Bayes decision can effectively identify the real identity of the user when user's behavior departs from the characteristic model.

Substantial portions of attacks on the security of enterprises are perpetrated by Insiders having authorized privileges. Thus insider threat and attack detection is an important aspect of Security management. In the published literature, efforts are on to model the insider threats based on the behavioral traits of employees. The psycho-social behaviors are hard to encode in the software systems. Also, in some cases, there are privacy issues involved. In this paper, the human and non-human agents in a system are described in a novel unified model. The enterprise is described as an automaton and its states are classified secure, safe, unsafe and compromised. The insider agents and threats are modeled on the basis of the automaton and the model is validated using a case study.

This paper explores low cost technical solutions that can help organizations prevent, detect, and respond to insider incidents. Features and functionality associated with insider risk mitigation are presented. A taxonomy for high-level categories of insider threat tools is presented. A discussion of the relationship between the types of tools points out the nuances of insider threat control deployment, and considerations for selecting, implementing, and operating insider threat tools are provided.

The lack of standardization of the terms insider and insider threat has been a noted problem for researchers in the insider threat field. This paper describes the investigation of 42 different definitions of the terms insider and insider threat, with the goal of better understanding the current conceptual model of insider threat and facilitating communication in the research community.

This paper describes results of a study seeking to identify observable events related to insider sabotage. We collected information from actual insider threat cases, created chronological timelines of the incidents, identified key points in each timeline such as when attack planning began, measured the time between key events, and looked for specific observable events or patterns that insiders held in common that may indicate insider sabotage is imminent or likely. Such indicators could be used by security experts to potentially identify malicious activity at or before the time of attack. Our process included critical steps such as identifying the point of damage to the organization as well as any malicious events prior to zero hour that enabled the attack but did not immediately cause harm. We found that nearly 71% of the cases we studied had either no observable malicious action prior to attack, or had one that occurred less than one day prior to attack. Most of the events observed prior to attack were behavioral, not technical, especially those occurring earlier in the case timelines. Of the observed technical events prior to attack, nearly one third involved installation of software onto the victim organizations IT systems.

The information-theoretic approach to security entails harnessing the correlated randomness available in nature to establish security. It uses tools from information theory and coding and yields provable security, even against an adversary with unbounded computational power. However, the feasibility of this approach in practice depends on the development of efficiently implementable schemes. In this paper, we review a special class of practical schemes for information-theoretic security that are based on 2-universal hash families. Specific cases of secret key agreement and wiretap coding are considered, and general themes are identified. The scheme presented for wiretap coding is modular and can be implemented easily by including an extra preprocessing layer over the existing transmission codes.

Infrastructural systems such as the electricity grid, healthcare, and transportation networks today rely increasingly on the joint functioning of networked information systems and physical components, in short, on cyber-physical architectures. Despite tremendous advances in cryptography, physical-layer security and authentication, information attacks, both passive such as eavesdropping, and active such as unauthorized data injection, continue to thwart the reliable functioning of networked systems. In systems with joint cyber-physical functionality, the ability of an adversary to monitor transmitted information or introduce false information can lead to sensitive user data being leaked or result in critical damages to the underlying physical system. This paper investigates two broad challenges in information security in cyber-physical systems (CPSs): preventing retrieval of internal physical system information through monitored external cyber flows, and limiting the modification of physical system functioning through compromised cyber flows. A rigorous analytical framework grounded on information-theoretic security is developed to study these challenges in a general stochastic control system abstraction-a theoretical building block for CPSs-with the objectives of quantifying the fundamental tradeoffs between information security and physical system performance, and through the process, designing provably secure controller policies. Recent results are presented that establish the theoretical basis for the framework, in addition to practical applications in timing analysis of anonymous systems, and demand response systems in a smart electricity grid.

Quantitative analysis of security properties in wireless communication systems is an important issue; it helps us get a comprehensive view of security and can be used to compare the security performance of different systems. This paper analyzes the security of future wireless communication system from an information-theoretic point of view and proposes an overall security metric. We demonstrate that the proposed metric is more reasonable than some existing metrics and it is highly sensitive to some basic parameters and helpful to do fine-grained tuning of security performance.

This paper studies Wireless Information-Theoretic Security for low-speed mobility in autonomic networks. More specifically, the impact of user movement on the Probability of Non-Zero Secrecy Capacity and Outage Secrecy Capacity for different channel conditions has been investigated. This is accomplished by establishing a link between different user locations and the boundaries of information-theoretic secure communication. Human mobility scenarios are considered, and its impact on physical layer security is examined, considering quasi-static Rayleigh channels for the fading phenomena. Simulation results have shown that the Secrecy Capacity depends on the relative distance of legitimate and illegitimate (eavesdropper) users in reference to the given transmitter.

Automatically generating exploits for attacks receives much attention in security testing and auditing. However, little is known about the continuous effect of automatic attack generation and detection. In this paper, we develop an analytic model to understand the cost-benefit tradeoffs in light of the process of vulnerability discovery. We develop a three-phased model, suggesting that the cumulative malware detection has a productive period before the rate of gain flattens. As the detection mechanisms co-evolve, the gain will likely increase. We evaluate our analytic model by using an anti-virus tool to detect the thousands of Trojans automatically created. The anti-virus scanning results over five months show the validity of the model and point out future research directions.

Security and usability are two essential aspects of a system, but they usually move in opposite directions. Sometimes, to achieve security, usability has to be compromised, and vice versa. Password-based authentication systems require both security and usability. However, to increase password security, absurd rules are introduced, which often drive users to compromise the usability of their passwords. Users tend to forget complex passwords and use techniques such as writing them down, reusing them, and storing them in vulnerable ways. Enhancing the strength while maintaining the usability of a password has become one of the biggest challenges for users and security experts. In this paper, we define the pronounceability of a password as a means to measure how easy it is to memorize - an aspect we associate with usability. We examine a dataset of more than 7 million passwords to determine whether the usergenerated passwords are secure. Moreover, we convert the usergenerated passwords into phonemes and measure the pronounceability of the phoneme-based representations. We then establish a relationship between the two and suggest how password creation strategies can be adapted to better align with both security and usability.

In this work, communication secrecy in cooperative and multi-hop wireless communications for various radio frequencies are examined. Attenuation lines and ranges of both detection and ultimate secrecy regions were calculated for cooperative communication channel and multi-hop channel with various number of hops. From results, frequency ranges with the highest potential to apply bandwidth saving method known as frequency reuse were determined and compared to point-to-point channel. Frequencies with the highest attenuation were derived and their ranges of both detection and ultimate secrecy are calculated. Point-to-point, cooperative and multi-hop channels were compared in terms of ultimate secrecy ranges. Multi-hop channel measurements were made with different number of hops and the relation between the number of hops and communication security is examined. Ultimate secrecy ranges were calculated up to 1 Terahertz and found to be less than 13 meters between 550-565 GHz frequency range. Therefore, for short-range wireless communication systems such as indoor and in-device communication systems (board-to-board or chip-to-chip communications), it is shown that various bands in the Terahertz band can be used to reuse the same frequency in different locations to obtain high security and high bandwidth.

Code randomization is considered as the basis of mitigation against code reuse attacks, fundamentally supporting some recent proposals such as execute-only memory (XOM) that aims at dynamic return-oriented programming (ROP) attacks. However, existing code randomization methods are hard to achieve a good balance between high-randomization entropy and semantic consistency. In particular, they always ignore code semantic consistency, incurring performance loss and incompatibility with current security schemes, e.g., control flow integrity (CFI). In this paper, we present an enhanced code randomization method termed as HCRESC, which can improve the randomization entropy significantly, meanwhile ensure the semantic consistency between variants and the original code. HCRESC reschedules instructions within the range of functions rather than basic blocks, thus producing more variants of the original code and preserving the code's semantic. We implement HCRESC on Linux platform of x86-64 architecture and demonstrate that HCRESC can increase the randomization entropy of x86-64 code over than 120% compared with existing methods while ensuring control flow and size of the code unaltered.

Currently, little attention has been carried out to address the feasibility of in-network caching in Information-Centric Networking (ICN) for the design and real-world deployment of future networks. Towards this line, in this paper, we propose a beneficial caching scheme in ICN by storing no more than a specific number of replicas for each content. Particularly, to realize an optimal content distribution for deploying caches in ICN, a content can be cached either partially or as a full-object corresponding to its request arrival rate and data traffic. Also, we employ a utility-based replacement in each content node to keep the most recent and popular content items in the ICN interconnections. The evaluation results show that the proposal improves the cache hit rate and cache diversity considerably, and acts as a beneficial caching approach for network and service providers in ICN. Specifically, the proposed caching mechanism is easy to deploy, robust, and relevant for the content-based providers by enabling them to offer users high Quality of Service (QoS) and gain benefits at the same time.

Proliferation of the Internet usage is rapidly increasing, and it is necessary to support the performance requirements for multimedia applications, including lower latency, improved security, faster content retrieval, and adjustability to the traffic load. Nevertheless, because the current Internet architecture is a host-oriented one, it often fails to support the necessary demands such as fast content delivery. A promising networking paradigm called Information-Centric Networking (ICN) focuses on the name of the content itself rather than the location of that content. A distinguished alternative to this ICN concept is Content-Centric Networking (CCN) that exploits more of the performance requirements by using in-network caching and outperforms the current Internet in terms of content transfer time, traffic load control, mobility support, and efficient network management. In this paper, instead of using the saturated method of validating a theory by simulation, we present a testbed-based performance evaluation of the ICN network. We used several new functions of the proposed testbed to improve the performance of the basic CCN. In this paper, we also show that the proposed testbed architecture performs better in terms of content delivery time compared to the basic CCN architecture through graphical results.

A Cyber Physical System (CPS) is a smart network system with actuators, embedded sensors, and processors to interact with the physical world by guaranteeing the performance and supporting real-time operations of safety critical applications. These systems drive innovation and are a source of competitive advantage in today’s challenging world. By observing the behavior of physical processes and activating actions, CPS can alter its behavior to make the physical environment perform better and more accurately. By definition, CPS basically has two major components including cyber systems and physical processes. Examples of CPS include autonomous transportation systems, robotics systems, medical monitoring, automatic pilot avionics, and smart grids. Advances in CPS will empower scalability, capability, usability, and adaptability, which will go beyond the simple systems of today. At the same time, CPS has also increased cybersecurity risks and attack surfaces. Cyber attackers can harm such systems from multiple sources while hiding their identities. As a result of sophisticated threat matrices, insufficient knowledge about threat patterns, and industrial network automation, CPS has become extremely insecure. Since such infrastructure is networked, attacks can be prompted easily without much human participation from remote locations, thereby making CPS more vulnerable to sophisticated cyber-attacks. In turn, large-scale data centers managing a huge volume of CPS data become vulnerable to cyber-attacks. To secure CPS, the role of security analytics and intelligence is significant. It brings together huge amounts of data to create threat patterns, which can be used to prevent cyber-attacks in a timely fashion. The primary objective of this Special Section in IEEE A CCESS is to collect a complementary and diverse set of articles, which demonstrate up-to-date information and innovative developments in the domain of security analytics and intelligence for CPS.

Since remote ages, queues and delays have been a rather exasperating reality of human daily life. Today, they pursue us everywhere: in technical, social, socio-technical, and even control systems, dramatically deteriorating their performance. In this variety, it is the computer systems that are sure to cause the growing anxiety in our digital era. Although for our everyday Internet surfing, experiencing long-lasting and annoying delays is an unpleasant but not dangerous situation, for industrial control systems, especially those dealing with critical infrastructures, such behavior is unacceptable. The article presents a deterministic approach to solving some digital control system problems associated with delays and backlogs. Being based on Network calculus, in contrast to statistical methods of Queuing theory, it provides worst-case results, which are eminently desirable for critical infrastructures. The article covers the basics of a theory of deterministic queuing systems Network calculus, its evolution regarding the relationship between backlog bound and delay, and a technique for handling empirical data. The problems being solved by the deterministic approach: standard calculation of network performance measures, estimation of database maximum updating time, and cybersecurity assessment including such issues as the CIA triad representation, operational technology influence, and availability understanding focusing on its correlation with a delay are thoroughly discussed as well.

Social Internet of Things (SIoT) is an extension of Internet of Things (IoT) that converges with Social networking concepts to create Social networks of interconnected smart objects. This convergence allows the enrichment of the two paradigms, resulting into new ecosystems. While IoT follows two interaction paradigms, human-to-human (H2H) and thing-to-thing (T2T), SIoT adds on human-to-thing (H2T) interactions. SIoT enables smart “Social objects” that intelligently mimic the social behavior of human in the daily life. These social objects are equipped with social functionalities capable of discovering other social objects in the surroundings and establishing social relationships. They crawl through the social network of objects for the sake of searching for services and information of interest. The notion of trust and trustworthiness in social communities formed in SIoT is still new and in an early stage of investigation. In this paper, our contributions are threefold. First, we present the fundamentals of SIoT and trust concepts in SIoT, clarifying the similarities and differences between IoT and SIoT. Second, we categorize the trust management solutions proposed so far in the literature for SIoT over the last six years and provide a comprehensive review. We then perform a comparison of the state of the art trust management schemes devised for SIoT by performing comparative analysis in terms of trust management process. Third, we identify and discuss the challenges and requirements in the emerging new wave of SIoT, and also highlight the challenges in developing trust and evaluating trustworthiness among the interacting social objects.

Recognising user's risky behaviours in real-time is an important element of providing appropriate solutions and recommending suitable actions for responding to cybersecurity threats. Employing user modelling and machine learning can make this process automated by requires high-performance intelligent agent to create the user security profile. User profiling is the process of producing a profile of the user from historical information and past details. This research tries to identify the monitoring factors and suggests a novel observation solution to create high-performance sensors to generate the user security profile for a home user concerning the user's privacy. This observer agent helps to create a decision-making model that influences the user's decision following real-time threats or risky behaviours.

Computer networks and surging advancements of innovative information technology construct a critical infrastructure for network transactions of business entities. Information exchange and data access though such infrastructure is scrutinized by adversaries for vulnerabilities that lead to cyber-attacks. This paper presents an agent-based system modelling to conceptualize and extract explicit and latent structure of the complex enterprise systems as well as human interactions within the system to determine common vulnerabilities of the entity. The model captures emergent behavior resulting from interactions of multiple network agents including the number of workstations, regular, administrator and third-party users, external and internal attacks, defense mechanisms for the network setting, and many other parameters. A risk-based approach to modelling cybersecurity of a business entity is utilized to derive the rate of attacks. A neural network model will generalize the type of attack based on network traffic features allowing dynamic state changes. Rules of engagement to generate self-organizing behavior will be leveraged to appoint a defense mechanism suitable for the attack-state of the model. The effectiveness of the model will be depicted by time-state chart that shows the number of affected assets for the different types of attacks triggered by the entity risk and the time it takes to revert into normal state. The model will also associate a relevant cost per incident occurrence that derives the need for enhancement of security solutions.

Cyber attacks and the associated costs made cybersecurity a vital part of any system. User behavior and decisions are still a major part in the coping with these risks. We developed a model of optimal investment and human decisions with security measures, given that the effectiveness of each measure depends partly on the performance of the others. In an online experiment, participants classified events as malicious or non-malicious, based on the value of an observed variable. Prior to making the decisions, they had invested in three security measures - a firewall, an IDS or insurance. In three experimental conditions, maximal investment in only one of the measures was optimal, while in a fourth condition, participants should not have invested in any of the measures. A previous paper presents the analysis of the investment decisions. This paper reports users' classifications of events when interacting with these systems. The use of security mechanisms helped participants gain higher scores. Participants benefited in particular from purchasing IDS and/or Cyber Insurance. Participants also showed higher sensitivity and compliance with the alerting system when they could benefit from investing in the IDS. Participants, however, did not adjust their behavior optimally to the security settings they had chosen. The results demonstrate the complex nature of risk-related behaviors and the need to consider human abilities and biases when designing cyber security systems.