Visible to the public Biblio

Found 673 results

Filters: Keyword is security of data  [Clear All Filters]
2019-06-24
Mavroeidis, V., Vishi, K., Jøsang, A..  2018.  A Framework for Data-Driven Physical Security and Insider Threat Detection. 2018 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM). :1108–1115.
This paper presents PSO, an ontological framework and a methodology for improving physical security and insider threat detection. PSO can facilitate forensic data analysis and proactively mitigate insider threats by leveraging rule-based anomaly detection. In all too many cases, rule-based anomaly detection can detect employee deviations from organizational security policies. In addition, PSO can be considered a security provenance solution because of its ability to fully reconstruct attack patterns. Provenance graphs can be further analyzed to identify deceptive actions and overcome analytical mistakes that can result in bad decision-making, such as false attribution. Moreover, the information can be used to enrich the available intelligence (about intrusion attempts) that can form use cases to detect and remediate limitations in the system, such as loosely-coupled provenance graphs that in many cases indicate weaknesses in the physical security architecture. Ultimately, validation of the framework through use cases demonstrates and proves that PS0 can improve an organization's security posture in terms of physical security and insider threat detection.
Izurieta, C., Kimball, K., Rice, D., Valentien, T..  2018.  A Position Study to Investigate Technical Debt Associated with Security Weaknesses. 2018 IEEE/ACM International Conference on Technical Debt (TechDebt). :138–142.
Context: Managing technical debt (TD) associated with potential security breaches found during design can lead to catching vulnerabilities (i.e., exploitable weaknesses) earlier in the software lifecycle; thus, anticipating TD principal and interest that can have decidedly negative impacts on businesses. Goal: To establish an approach to help assess TD associated with security weaknesses by leveraging the Common Weakness Enumeration (CWE) and its scoring mechanism, the Common Weakness Scoring System (CWSS). Method: We present a position study with a five-step approach employing the Quamoco quality model to operationalize the scoring of architectural CWEs. Results: We use static analysis to detect design level CWEs, calculate their CWSS scores, and provide a relative ranking of weaknesses that help practitioners identify the highest risks in an organization with a potential to impact TD. Conclusion: CWSS is a community agreed upon method that should be leveraged to help inform the ranking of security related TD items.
Mohammad, Z., Qattam, T. A., Saleh, K..  2019.  Security Weaknesses and Attacks on the Internet of Things Applications. 2019 IEEE Jordan International Joint Conference on Electrical Engineering and Information Technology (JEEIT). :431–436.
Internet of Things (IoT) is a contemporary concept for connecting the existing things in our environment with the Internet for a sake of making the objects information are accessible from anywhere and anytime to support a modern life style based on the Internet. With the rapid development of the IoT technologies and widely spreading in most of the fields such as buildings, health, education, transportation and agriculture. Thus, the IoT applications require increasing data collection from the IoT devices to send these data to the applications or servers which collect or analyze the data, so it is a very important to secure the data and ensure that do not reach a malicious adversary. This paper reviews some attacks in the IoT applications and the security weaknesses in the IoT environment. In addition, this study presents the challenges of IoT in terms of hardware, network and software. Moreover, this paper summarizes and points to some attacks on the smart car, smart home, smart campus, smart farm and healthcare.
Gonzalez, D., Alhenaki, F., Mirakhorli, M..  2019.  Architectural Security Weaknesses in Industrial Control Systems (ICS) an Empirical Study Based on Disclosed Software Vulnerabilities. 2019 IEEE International Conference on Software Architecture (ICSA). :31–40.
Industrial control systems (ICS) are systems used in critical infrastructures for supervisory control, data acquisition, and industrial automation. ICS systems have complex, component-based architectures with many different hardware, software, and human factors interacting in real time. Despite the importance of security concerns in industrial control systems, there has not been a comprehensive study that examined common security architectural weaknesses in this domain. Therefore, this paper presents the first in-depth analysis of 988 vulnerability advisory reports for Industrial Control Systems developed by 277 vendors. We performed a detailed analysis of the vulnerability reports to measure which components of ICS have been affected the most by known vulnerabilities, which security tactics were affected most often in ICS and what are the common architectural security weaknesses in these systems. Our key findings were: (1) Human-Machine Interfaces, SCADA configurations, and PLCs were the most affected components, (2) 62.86% of vulnerability disclosures in ICS had an architectural root cause, (3) the most common architectural weaknesses were “Improper Input Validation”, followed by “Im-proper Neutralization of Input During Web Page Generation” and “Improper Authentication”, and (4) most tactic-related vulnerabilities were related to the tactics “Validate Inputs”, “Authenticate Actors” and “Authorize Actors”.
2019-06-17
Garae, J., Ko, R. K. L., Apperley, M..  2018.  A Full-Scale Security Visualization Effectiveness Measurement and Presentation Approach. 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE). :639–650.
What makes a security visualization effective? How do we measure visualization effectiveness in the context of investigating, analyzing, understanding and reporting cyber security incidents? Identifying and understanding cyber-attacks are critical for decision making - not just at the technical level, but also the management and policy-making levels. Our research studied both questions and extends our Security Visualization Effectiveness Measurement (SvEm) framework by providing a full-scale effectiveness approach for both theoretical and user-centric visualization techniques. Our framework facilitates effectiveness through interactive three-dimensional visualization to enhance both single and multi-user collaboration. We investigated effectiveness metrics including (1) visual clarity, (2) visibility, (3) distortion rates and (4) user response (viewing) times. The SvEm framework key components are: (1) mobile display dimension and resolution factor, (2) security incident entities, (3) user cognition activators and alerts, (4) threat scoring system, (5) working memory load and (6) color usage management. To evaluate our full-scale security visualization effectiveness framework, we developed VisualProgger - a real-time security visualization application (web and mobile) visualizing data provenance changes in SvEm use cases. Finally, the SvEm visualizations aims to gain the users' attention span by ensuring a consistency in the viewer's cognitive load, while increasing the viewer's working memory load. In return, users have high potential to gain security insights in security visualization. Our evaluation shows that viewers perform better with prior knowledge (working memory load) of security events and that circular visualization designs attract and maintain the viewer's attention span. These discoveries revealed research directions for future work relating to measurement of security visualization effectiveness.
Yang, J., Jeong, J. P..  2018.  An Automata-based Security Policy Translation for Network Security Functions. 2018 International Conference on Information and Communication Technology Convergence (ICTC). :268–272.
This paper proposes the design of a security policy translator in Interface to Network Security Functions (I2NSF) framework. Also, this paper shows the benefits of designing security policy translations. I2NSF is an architecture for providing various Network Security Functions (NSFs) to users. I2NSF user should be able to use NSF even if user has no overall knowledge of NSFs. Generally, policies which are generated by I2NSF user contain abstract data because users do not consider the attributes of NSFs when creating policies. Therefore, the I2NSF framework requires a translator that automatically finds the NSFs which is required for policy when Security Controller receives a security policy from the user and translates it for selected NSFs. We satisfied the above requirements by modularizing the translator through Automata theory.
2019-06-10
Nathezhtha, T., Yaidehi, V..  2018.  Cloud Insider Attack Detection Using Machine Learning. 2018 International Conference on Recent Trends in Advance Computing (ICRTAC). :60-65.
Security has always been a major issue in cloud. Data sources are the most valuable and vulnerable information which is aimed by attackers to steal. If data is lost, then the privacy and security of every cloud user are compromised. Even though a cloud network is secured externally, the threat of an internal attacker exists. Internal attackers compromise a vulnerable user node and get access to a system. They are connected to the cloud network internally and launch attacks pretending to be trusted users. Machine learning approaches are widely used for cloud security issues. The existing machine learning based security approaches classify a node as a misbehaving node based on short-term behavioral data. These systems do not differentiate whether a misbehaving node is a malicious node or a broken node. To address this problem, this paper proposes an Improvised Long Short-Term Memory (ILSTM) model which learns the behavior of a user and automatically trains itself and stores the behavioral data. The model can easily classify the user behavior as normal or abnormal. The proposed ILSTM not only identifies an anomaly node but also finds whether a misbehaving node is a broken node or a new user node or a compromised node using the calculated trust factor. The proposed model not only detects the attack accurately but also reduces the false alarm in the cloud network.
Sokolov, A. N., Pyatnitsky, I. A., Alabugin, S. K..  2018.  Research of Classical Machine Learning Methods and Deep Learning Models Effectiveness in Detecting Anomalies of Industrial Control System. 2018 Global Smart Industry Conference (GloSIC). :1-6.
Modern industrial control systems (ICS) act as victims of cyber attacks more often in last years. These attacks are hard to detect and their consequences can be catastrophic. Cyber attacks can cause anomalies in the work of the ICS and its technological equipment. The presence of mutual interference and noises in this equipment significantly complicates anomaly detection. Moreover, the traditional means of protection, which used in corporate solutions, require updating with each change in the structure of the industrial process. An approach based on the machine learning for anomaly detection was used to overcome these problems. It complements traditional methods and allows one to detect signal correlations and use them for anomaly detection. Additional Tennessee Eastman Process Simulation Data for Anomaly Detection Evaluation dataset was analyzed as example of industrial process. In the course of the research, correlations between the signals of the sensors were detected and preliminary data processing was carried out. Algorithms from the most common techniques of machine learning (decision trees, linear algorithms, support vector machines) and deep learning models (neural networks) were investigated for industrial process anomaly detection task. It's shown that linear algorithms are least demanding on computational resources, but they don't achieve an acceptable result and allow a significant number of errors. Decision tree-based algorithms provided an acceptable accuracy, but the amount of RAM, required for their operations, relates polynomially with the training sample volume. The deep neural networks provided the greatest accuracy, but they require considerable computing power for internal calculations.
Farooq, H. M., Otaibi, N. M..  2018.  Optimal Machine Learning Algorithms for Cyber Threat Detection. 2018 UKSim-AMSS 20th International Conference on Computer Modelling and Simulation (UKSim). :32-37.
With the exponential hike in cyber threats, organizations are now striving for better data mining techniques in order to analyze security logs received from their IT infrastructures to ensure effective and automated cyber threat detection. Machine Learning (ML) based analytics for security machine data is the next emerging trend in cyber security, aimed at mining security data to uncover advanced targeted cyber threats actors and minimizing the operational overheads of maintaining static correlation rules. However, selection of optimal machine learning algorithm for security log analytics still remains an impeding factor against the success of data science in cyber security due to the risk of large number of false-positive detections, especially in the case of large-scale or global Security Operations Center (SOC) environments. This fact brings a dire need for an efficient machine learning based cyber threat detection model, capable of minimizing the false detection rates. In this paper, we are proposing optimal machine learning algorithms with their implementation framework based on analytical and empirical evaluations of gathered results, while using various prediction, classification and forecasting algorithms.
Clemente, C. J., Jaafar, F., Malik, Y..  2018.  Is Predicting Software Security Bugs Using Deep Learning Better Than the Traditional Machine Learning Algorithms? 2018 IEEE International Conference on Software Quality, Reliability and Security (QRS). :95-102.
Software insecurity is being identified as one of the leading causes of security breaches. In this paper, we revisited one of the strategies in solving software insecurity, which is the use of software quality metrics. We utilized a multilayer deep feedforward network in examining whether there is a combination of metrics that can predict the appearance of security-related bugs. We also applied the traditional machine learning algorithms such as decision tree, random forest, naïve bayes, and support vector machines and compared the results with that of the Deep Learning technique. The results have successfully demonstrated that it was possible to develop an effective predictive model to forecast software insecurity based on the software metrics and using Deep Learning. All the models generated have shown an accuracy of more than sixty percent with Deep Learning leading the list. This finding proved that utilizing Deep Learning methods and a combination of software metrics can be tapped to create a better forecasting model thereby aiding software developers in predicting security bugs.
Su, H., Zwolinski, M., Halak, B..  2018.  A Machine Learning Attacks Resistant Two Stage Physical Unclonable Functions Design. 2018 IEEE 3rd International Verification and Security Workshop (IVSW). :52-55.
Physical Unclonable Functions (PUFs) have been designed for many security applications such as identification, authentication of devices and key generation, especially for lightweight electronics. Traditional approaches to enhancing security, such as hash functions, may be expensive and resource dependent. However, modelling attacks using machine learning (ML) show the vulnerability of most PUFs. In this paper, a combination of a 32-bit current mirror and 16-bit arbiter PUFs in 65nm CMOS technology is proposed to improve resilience against modelling attacks. Both PUFs are vulnerable to machine learning attacks and we reduce the output prediction rate from 99.2% and 98.8% individually, to 60%.
Liu, D., Li, Y., Tang, Y., Wang, B., Xie, W..  2018.  VMPBL: Identifying Vulnerable Functions Based on Machine Learning Combining Patched Information and Binary Comparison Technique by LCS. 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE). :800-807.
Nowadays, most vendors apply the same open source code to their products, which is dangerous. In addition, when manufacturers release patches, they generally hide the exact location of the vulnerabilities. So, identifying vulnerabilities in binaries is crucial. However, just searching source program has a lower identifying accuracy of vulnerability, which requires operators further to differentiate searched results. Under this context, we propose VMPBL to enhance identifying the accuracy of vulnerability with the help of patch files. VMPBL, compared with other proposed schemes, uses patched functions according to its vulnerable functions in patch file to further distinguish results. We establish a prototype of VMPBL, which can effectively identify vulnerable function types and get rid of safe functions from results. Firstly, we get the potential vulnerable-patched functions by binary comparison technique based on K-Trace algorithm. Then we combine the functions with vulnerability and patch knowledge database to classify these function pairs and identify the possible vulnerable functions and the vulnerability types. Finally, we test some programs containing real-world CWE vulnerabilities, and one of the experimental results about CWE415 shows that the results returned from only searching source program are about twice as much as the results from VMPBL. We can see that using VMPBL can significantly reduce the false positive rate of discovering vulnerabilities compared with analyzing source files alone.
Ponmaniraj, S., Rashmi, R., Anand, M. V..  2018.  IDS Based Network Security Architecture with TCP/IP Parameters Using Machine Learning. 2018 International Conference on Computing, Power and Communication Technologies (GUCON). :111-114.
This computer era leads human to interact with computers and networks but there is no such solution to get rid of security problems. Securities threats misleads internet, we are sometimes losing our hope and reliability with many server based access. Even though many more crypto algorithms are coming for integrity and authentic data in computer access still there is a non reliable threat penetrates inconsistent vulnerabilities in networks. These vulnerable sites are taking control over the user's computer and doing harmful actions without user's privileges. Though Firewalls and protocols may support our browsers via setting certain rules, still our system couldn't support for data reliability and confidentiality. Since these problems are based on network access, lets we consider TCP/IP parameters as a dataset for analysis. By doing preprocess of TCP/IP packets we can build sovereign model on data set and clump cluster. Further the data set gets classified into regular traffic pattern and anonymous pattern using KNN classification algorithm. Based on obtained pattern for normal and threats data sets, security devices and system will set rules and guidelines to learn by it to take needed stroke. This paper analysis the computer to learn security actions from the given data sets which already exist in the previous happens.
Saifuddin, K. M., Ali, A. J. B., Ahmed, A. S., Alam, S. S., Ahmad, A. S..  2018.  Watchdog and Pathrater based Intrusion Detection System for MANET. 2018 4th International Conference on Electrical Engineering and Information Communication Technology (iCEEiCT). :168–173.
Mobile Ad Hoc Network (MANET) is pretty vulnerable to attacks because of its broad distribution and open nodes. Hence, an effective Intrusion Detection System (IDS) is vital in MANET to deter unwanted malicious attacks. An IDS has been proposed in this paper based on watchdog and pathrater method as well as evaluation of its performance has been presented using Dynamic Source Routing (DSR) and Ad-hoc On-demand Distance Vector (AODV) routing protocols with and without considering the effect of the sinkhole attack. The results obtained justify that the proposed IDS is capable of detecting suspicious activities and identifying the malicious nodes. Moreover, it replaces the fake route with a real one in the routing table in order to mitigate the security risks. The performance appraisal also suggests that the AODV protocol has a capacity of sending more packets than DSR and yields more throughput.
2019-05-20
Hu, W., Ardeshiricham, A., Gobulukoglu, M. S., Wang, X., Kastner, R..  2018.  Property Specific Information Flow Analysis for Hardware Security Verification. 2018 {IEEE}/{ACM International Conference} on {Computer}-{Aided Design} ({ICCAD}). :1-8.
Hardware information flow analysis detects security vulnerabilities resulting from unintended design flaws, timing channels, and hardware Trojans. These information flow models are typically generated in a general way, which includes a significant amount of redundancy that is irrelevant to the specified security properties. In this work, we propose a property specific approach for information flow security. We create information flow models tailored to the properties to be verified by performing a property specific search to identify security critical paths. This helps find suspicious signals that require closer inspection and quickly eliminates portions of the design that are free of security violations. Our property specific trimming technique reduces the complexity of the security model; this accelerates security verification and restricts potential security violations to a smaller region which helps quickly pinpoint hardware security vulnerabilities.
Goncharov, N. I., Goncharov, I. V., Parinov, P. A., Dushkin, A. V., Maximova, M. M..  2019.  Modeling of Information Processes for Modern Information System Security Assessment. 2019 {IEEE Conference} of {Russian Young Researchers} in {Electrical} and {Electronic Engineering} ({EIConRus}). :1758-1763.
A new approach of a formalism of hybrid automatons has been proposed for the analysis of conflict processes between the information system and the information's security malefactor. An example of probability-based assessment on malefactor's victory has been given and the possibility to abstract from a specific type of probability density function for the residence time of parties to the conflict in their possible states. A model of the distribution of destructive informational influences in the information system to connect the process of spread of destructive information processes and the process of changing subjects' states of the information system has been proposed. An example of the destructive information processes spread analysis has been given.
Sutradhar, M. R., Sultana, N., Dey, H., Arif, H..  2018.  A New Version of Kerberos Authentication Protocol Using ECC and Threshold Cryptography for Cloud Security. 2018 Joint 7th International Conference on Informatics, Electronics Vision (ICIEV) and 2018 2nd International Conference on Imaging, Vision Pattern Recognition (icIVPR). :239–244.
Dependency on cloud computing are increasing day by day due to its beneficial aspects. As day by day we are relying on cloud computing, the securities issues are coming up. There are lots of security protocols but now-a-days those protocol are not secured enough to provide a high security. One of those protocols which were once highly secured, is Kerberos authentication protocol. With the advancement of technology, Kerberos authentication protocol is no longer as secured as it was before. Many authors have thought about the improvement of Kerberos authentication protocol and consequently they have proposed different types of protocol models by using a renowned public key cryptography named RSA cryptography. Though RSA cryptography is good to some extent but this cryptography has some flaws that make this cryptography less secured as well as less efficient. In this paper, we are combining Elliptic Curve Cryptography (ECC) as well as Threshold Cryptography to create a new version of Kerberos authentication protocol. Our proposed model will provide secure transaction of data which will not only be hard to break but also increase memory efficiency, cost efficiency, and reduce the burden of computation.
Prokofiev, A. O., Smirnova, Y. S., Surov, V. A..  2018.  A method to detect Internet of Things botnets. 2018 IEEE Conference of Russian Young Researchers in Electrical and Electronic Engineering (EIConRus). :105–108.
The main security problems, typical for the Internet of Things (IoT), as well as the purpose of gaining unauthorized access to the IoT, are considered in this paper. Common characteristics of the most widespread botnets are provided. A method to detect compromised IoT devices included into a botnet is proposed. The method is based on a model of logistic regression. The article describes a developed model of logistic regression which allows to estimate the probability that a device initiating a connection is running a bot. A list of network protocols, used to gain unauthorized access to a device and to receive instructions from common and control (C&C) server, is provided too.
Caminha, J., Perkusich, A., Perkusich, M..  2018.  A smart middleware to detect on-off trust attacks in the Internet of Things. 2018 IEEE International Conference on Consumer Electronics (ICCE). :1–2.
Security is a key concern in Internet of Things (IoT) designs. In a heterogeneous and complex environment, service providers and service requesters must trust each other. On-off attack is a sophisticated trust threat in which a malicious device can perform good and bad services randomly to avoid being rated as a low trust node. Some countermeasures demands prior level of trust knowing and time to classify a node behavior. In this paper, we introduce a Smart Middleware that automatically assesses the IoT resources trust, evaluating service providers attributes to protect against On-off attacks.
Chu, G., Lisitsa, A..  2018.  Penetration Testing for Internet of Things and Its Automation. 2018 IEEE 20th International Conference on High Performance Computing and Communications; IEEE 16th International Conference on Smart City; IEEE 4th International Conference on Data Science and Systems (HPCC/SmartCity/DSS). :1479–1484.
The Internet of Things (IoT) is an emerging technology, an extension of the traditional Internet which make everything is connected each other based on Radio Frequency Identification (RFID), Sensor, GPS or Machine to Machine technologies, etc. The security issues surrounding IoT have been of detrimental impact to its development and has consequently attracted research interest. However, there are very few approaches which assess the security of IoT from the perspective of an attacker. Penetration testing is widely used to evaluate traditional internet or systems security to date and it normally spends numerous cost and time. In this paper, we analyze the security problems of IoT and propose a penetration testing approach and its automation based on belief-desire-intention (BDI) model to evaluate the security of the IoT.
2019-05-09
Zhang, Z., Chang, C., Lv, Z., Han, P., Wang, Y..  2018.  A Control Flow Anomaly Detection Algorithm for Industrial Control Systems. 2018 1st International Conference on Data Intelligence and Security (ICDIS). :286-293.
Industrial control systems are the fundamental infrastructures of a country. Since the intrusion attack methods for industrial control systems have become complex and concealed, the traditional protection methods, such as vulnerability database, virus database and rule matching cannot cope with the attacks hidden inside the terminals of industrial control systems. In this work, we propose a control flow anomaly detection algorithm based on the control flow of the business programs. First, a basic group partition method based on key paths is proposed to reduce the performance burden caused by tabbed-assert control flow analysis method through expanding basic research units. Second, the algorithm phases of standard path set acquisition and path matching are introduced. By judging whether the current control flow path is deviating from the standard set or not, the abnormal operating conditions of industrial control can be detected. Finally, the effectiveness of a control flow anomaly detection (checking) algorithm based on Path Matching (CFCPM) is demonstrated by anomaly detection ability analysis and experiments.
Ivanov, A. V., Sklyarov, V. A..  2018.  The Urgency of the Threats of Attacks on Interfaces and Field-Layer Protocols in Industrial Control Systems. 2018 XIV International Scientific-Technical Conference on Actual Problems of Electronics Instrument Engineering (APEIE). :162-165.
The paper is devoted to analysis of condition of executing devices and sensors of Industrial Control Systems information security. The work contains structures of industrial control systems divided into groups depending on system's layer. The article contains the analysis of analog interfaces work and work features of data transmission protocols in industrial control system field layer. Questions about relevance of industrial control systems information security, both from the point of view of the information security occurring incidents, and from the point of view of regulators' reaction in the form of normative legal acts, are described. During the analysis of the information security systems of industrial control systems a possibility of leakage through technical channels of information leakage at the field layer was found. Potential vectors of the attacks on devices of field layer and data transmission network of an industrial control system are outlined in the article. The relevance analysis of the threats connected with the attacks at the field layer of an industrial control system is carried out, feature of this layer and attractiveness of this kind of attacks is observed.
Hata, K., Sasaki, T., Mochizuki, A., Sawada, K., Shin, S., Hosokawa, S..  2018.  Collaborative Model-Based Fallback Control for Secured Networked Control Systems. IECON 2018 - 44th Annual Conference of the IEEE Industrial Electronics Society. :5963-5970.
The authors have proposed the Fallback Control System (FCS) as a countermeasure after cyber-attacks happen in Industrial Control Systems (ICSs). For increased robustness against cyber-attacks, introducing multiple countermeasures is desirable. Then, an appropriate collaboration is essential. This paper introduces two FCSs in ICS: field network signal is driven FCS and analog signal driven FCS. This paper also implements a collaborative FCS by a collaboration function of the two FCSs. The collaboration function is that the analog signal driven FCS estimates the state of the other FCS. The collaborative FCS decides the countermeasure based on the result of the estimation after cyber-attacks happen. Finally, we show practical experiment results to analyze the effectiveness of the proposed method.
Li, Y., Liu, X., Tian, H., Luo, C..  2018.  Research of Industrial Control System Device Firmware Vulnerability Mining Technology Based on Taint Analysis. 2018 IEEE 9th International Conference on Software Engineering and Service Science (ICSESS). :607-610.
Aiming at the problem that there is little research on firmware vulnerability mining and the traditional method of vulnerability mining based on fuzzing test is inefficient, this paper proposed a new method of mining vulnerabilities in industrial control system firmware. Based on taint analysis technology, this method can construct test cases specifically for the variables that may trigger vulnerabilities, thus reducing the number of invalid test cases and improving the test efficiency. Experiment result shows that this method can reduce about 23 % of test cases and can effectively improve test efficiency.
2019-05-08
Meng, F., Lou, F., Fu, Y., Tian, Z..  2018.  Deep Learning Based Attribute Classification Insider Threat Detection for Data Security. 2018 IEEE Third International Conference on Data Science in Cyberspace (DSC). :576–581.
With the evolution of network threat, identifying threat from internal is getting more and more difficult. To detect malicious insiders, we move forward a step and propose a novel attribute classification insider threat detection method based on long short term memory recurrent neural networks (LSTM-RNNs). To achieve high detection rate, event aggregator, feature extractor, several attribute classifiers and anomaly calculator are seamlessly integrated into an end-to-end detection framework. Using the CERT insider threat dataset v6.2 and threat detection recall as our performance metric, experimental results validate that the proposed threat detection method greatly outperforms k-Nearest Neighbor, Isolation Forest, Support Vector Machine and Principal Component Analysis based threat detection methods.