Visible to the public Biblio

Found 151 results

Filters: Keyword is cyber security  [Clear All Filters]
2019-10-15
Coleman, M. S., Doody, D. P., Shields, M. A..  2018.  Machine Learning for Real-Time Data-Driven Security Practices. 2018 29th Irish Signals and Systems Conference (ISSC). :1–6.

The risk of cyber-attacks exploiting vulnerable organisations has increased significantly over the past several years. These attacks may combine to exploit a vulnerability breach within a system's protection strategy, which has the potential for loss, damage or destruction of assets. Consequently, every vulnerability has an accompanying risk, which is defined as the "intersection of assets, threats, and vulnerabilities" [1]. This research project aims to experimentally compare the similarity-based ranking of cyber security information utilising a recommendation environment. The Memory-Based Collaborative Filtering technique was employed, specifically the User-Based and Item-Based approaches. These systems utilised information from the National Vulnerability Database, specifically for the identification and similarity-based ranking of cyber-security vulnerability information, relating to hardware and software applications. Experiments were performed using the Item-Based technique, to identify the optimum system parameters, evaluated through the AUC evaluation metric. Once identified, the Item-Based technique was compared with the User-Based technique which utilised the parameters identified from the previous experiments. During these experiments, the Pearson's Correlation Coefficient and the Cosine similarity measure was used. From these experiments, it was identified that utilised the Item-Based technique which employed the Cosine similarity measure, an AUC evaluation metric of 0.80225 was achieved.

2019-08-26
Araujo, F., Taylor, T., Zhang, J., Stoecklin, M..  2018.  Cross-Stack Threat Sensing for Cyber Security and Resilience. 2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W). :18-21.

We propose a novel cross-stack sensor framework for realizing lightweight, context-aware, high-interaction network and endpoint deceptions for attacker disinformation, misdirection, monitoring, and analysis. In contrast to perimeter-based honeypots, the proposed method arms production workloads with deceptive attack-response capabilities via injection of booby-traps at the network, endpoint, operating system, and application layers. This provides defenders with new, potent tools for more effectively harvesting rich cyber-threat data from the myriad of attacks launched by adversaries whose identities and methodologies can be better discerned through direct engagement rather than purely passive observations of probe attempts. Our research provides new tactical deception capabilities for cyber operations, including new visibility into both enterprise and national interest networks, while equipping applications and endpoints with attack awareness and active mitigation capabilities.

Santos, Bernardo, Do, Van Thuan, Feng, Boning, van Do, Thanh.  2018.  Identity Federation for Cellular Internet of Things. Proceedings of the 2018 7th International Conference on Software and Computer Applications. :223-228.

Although the vision of 5G is to accommodate billions IoT devices and applications, its success depends very much on its ability to provide enhanced and affordable security. This paper introduces an Identity Federation solution which reuses the SIM authentication for cellular IoT devices enabling single-sign-on. The proposed solution alleviates the IoT provider's burden of device identity management at the same time as the operational costs are reduced considerably. The proposed solution is realized by open source software for LTE, identity management and IoT.

2019-08-05
Randhawa, Suneel, Turnbull, Benjamin, Yuen, Joseph, Dean, Jonathan.  2018.  Mission-Centric Automated Cyber Red Teaming. Proceedings of the 13th International Conference on Availability, Reliability and Security. :1:1–1:11.
Cyberspace is ubiquitous and is becoming increasingly critical to many societal, commercial, military, and national functions as it emerges as an operational space in its own right. Within this context, decision makers must achieve mission continuity when operating in cyberspace. One aspect of any comprehensive security program is the use of penetration testing; the use of scanning, enumeration and offensive techniques not unlike those used by a potential adversary. Effective penetration testing provides security insight into the network as a system in its entirety. Often though, this systemic view is lost in reporting outcomes, instead becoming a list of vulnerable or exploitable systems that are individually evaluated for remediation priority. This paper introduces Trogdor; a mission-centric automated cyber red-teaming system. Trogdor undertakes model based Automated Cyber Red Teaming (ACRT) and critical node analysis to visually present the impact of vulnerable resources to cyber dependent missions. Specifically, this work discusses the purpose of Trogdor, outlines its architecture, design choices and the technologies it employs. This paper describes an application of Trogdor to an enterprise network scenario; specifically, how Trogdor provides an understanding of potential mission impacts arising from cyber vulnerabilities and mission or business-centric decision support in selecting possible strategies to mitigate those impacts.
Headrick, W. J., Dlugosz, A., Rajcok, P..  2018.  Information Assurance in modern ATE. 2018 IEEE AUTOTESTCON. :1–4.

For modern Automatic Test Equipment (ATE) one of the most daunting tasks is now Information Assurance (IA). What was once at most a secondary item consisting mainly of installing an Anti-Virus suite is now becoming one of the most important aspects of ATE. Given the current climate of IA it has become important to ensure ATE is kept safe from any breaches of security or loss of information. Even though most ATE are not on the Internet (or even on a network for many) they are still vulnerable to some of the same attack vectors plaguing common computers and other electronic devices. This paper will discuss some of the processes and procedures which must be used to ensure that modern ATE can continue to be used to test and detect faults in the systems they are designed to test. The common items that must be considered for ATE are as follows: The ATE system must have some form of Anti-Virus (as should all computers). The ATE system should have a minimum software footprint only providing the software needed to perform the task. The ATE system should be verified to have all the Operating System (OS) settings configured pursuant to the task it is intended to perform. The ATE OS settings should include password and password expiration settings to prevent access by anyone not expected to be on the system. The ATE system software should be written and constructed such that it in itself is not readily open to attack. The ATE system should be designed in a manner such that none of the instruments in the system can easily be attacked. The ATE system should insure any paths to the outside world (such as Ethernet or USB devices) are limited to only those required to perform the task it was designed for. These and many other common configuration concerns will be discussed in the paper.

2019-07-01
Urias, V. E., Stout, M. S. William, Leeuwen, B. V..  2018.  On the Feasibility of Generating Deception Environments for Industrial Control Systems. 2018 IEEE International Symposium on Technologies for Homeland Security (HST). :1–6.

The cyber threat landscape is a constantly morphing surface; the need for cyber defenders to develop and create proactive threat intelligence is on the rise, especially on critical infrastructure environments. It is commonly voiced that Supervisory Control and Data Acquisition (SCADA) systems and Industrial Control Systems (ICS) are vulnerable to the same classes of threats as other networked computer systems. However, cyber defense in operational ICS is difficult, often introducing unacceptable risks of disruption to critical physical processes. This is exacerbated by the notion that hardware used in ICS is often expensive, making full-scale mock-up systems for testing and/or cyber defense impractical. New paradigms in cyber security have focused heavily on using deception to not only protect assets, but also gather insight into adversary motives and tools. Much of the work that we see in today's literature is focused on creating deception environments for traditional IT enterprise networks; however, leveraging our prior work in the domain, we explore the opportunities, challenges and feasibility of doing deception in ICS networks.

Kolosok, I., Korkina, E., Mahnitko, A., Gavrilovs, A..  2018.  Supporting Cyber-Physical Security of Electric Power System by the State Estimation Technique. 2018 IEEE 59th International Scientific Conference on Power and Electrical Engineering of Riga Technical University (RTUCON). :1–6.

Security is one of the most important properties of electric power system (EPS). We consider the state estimation (SE) tool as a barrier to the corruption of data on current operating conditions of the EPS. An algorithm for a two-level SE on the basis of SCADA and WAMS measurements is effective in terms of detection of malicious attacks on energy system. The article suggests a methodology to identify cyberattacks on SCADA and WAMS.

de Lima, Davi Ferreira, Bezerra, José Roberto, de Macedo Costa da Silva, Jorge Fredericson.  2018.  Privacy and Integrity Protection of Data in SCADA Systems. Proceedings of the 10th Latin America Networking Conference. :110–114.
The critical infrastructure of a country, due to its relevance and complexity, demands systems to facilitate the user interaction to correctly deal and share the information related to the monitored processes. The systems currently applied to monitor such infrastructures are based on SCADA architecture. The advent of the Internet jointly to the needs of fast information exchange at any place in order to support accurate decision-making processes, demands increasing interconnection among SCADA and management systems. However, such interconnection may expose sensitive data manipulated by such systems to hackers which may cause massive damages, financial loses, threats to human lives among others. Therefore, unprotected data may expose the systems to cyber-criminals by affecting any of the cyber-security principles, Confidentiality, Integrity, and Authenticity. This article presents four study cases using Wireshark to analyze a popular SCADA software to check user authentication process. The result of this research was the reading in plain text of the user authentication data used to access the control and monitoring system. As an immediate and minimal solution, this work presents low cost, easy setup and open source solutions are proposed using VPN and protocol obfuscator to improve security applying cryptography and hide the data passing through Virtual Private Network.
2019-06-17
Garae, J., Ko, R. K. L., Apperley, M..  2018.  A Full-Scale Security Visualization Effectiveness Measurement and Presentation Approach. 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE). :639–650.
What makes a security visualization effective? How do we measure visualization effectiveness in the context of investigating, analyzing, understanding and reporting cyber security incidents? Identifying and understanding cyber-attacks are critical for decision making - not just at the technical level, but also the management and policy-making levels. Our research studied both questions and extends our Security Visualization Effectiveness Measurement (SvEm) framework by providing a full-scale effectiveness approach for both theoretical and user-centric visualization techniques. Our framework facilitates effectiveness through interactive three-dimensional visualization to enhance both single and multi-user collaboration. We investigated effectiveness metrics including (1) visual clarity, (2) visibility, (3) distortion rates and (4) user response (viewing) times. The SvEm framework key components are: (1) mobile display dimension and resolution factor, (2) security incident entities, (3) user cognition activators and alerts, (4) threat scoring system, (5) working memory load and (6) color usage management. To evaluate our full-scale security visualization effectiveness framework, we developed VisualProgger - a real-time security visualization application (web and mobile) visualizing data provenance changes in SvEm use cases. Finally, the SvEm visualizations aims to gain the users' attention span by ensuring a consistency in the viewer's cognitive load, while increasing the viewer's working memory load. In return, users have high potential to gain security insights in security visualization. Our evaluation shows that viewers perform better with prior knowledge (working memory load) of security events and that circular visualization designs attract and maintain the viewer's attention span. These discoveries revealed research directions for future work relating to measurement of security visualization effectiveness.
2019-06-10
Farooq, H. M., Otaibi, N. M..  2018.  Optimal Machine Learning Algorithms for Cyber Threat Detection. 2018 UKSim-AMSS 20th International Conference on Computer Modelling and Simulation (UKSim). :32-37.

With the exponential hike in cyber threats, organizations are now striving for better data mining techniques in order to analyze security logs received from their IT infrastructures to ensure effective and automated cyber threat detection. Machine Learning (ML) based analytics for security machine data is the next emerging trend in cyber security, aimed at mining security data to uncover advanced targeted cyber threats actors and minimizing the operational overheads of maintaining static correlation rules. However, selection of optimal machine learning algorithm for security log analytics still remains an impeding factor against the success of data science in cyber security due to the risk of large number of false-positive detections, especially in the case of large-scale or global Security Operations Center (SOC) environments. This fact brings a dire need for an efficient machine learning based cyber threat detection model, capable of minimizing the false detection rates. In this paper, we are proposing optimal machine learning algorithms with their implementation framework based on analytical and empirical evaluations of gathered results, while using various prediction, classification and forecasting algorithms.

2019-05-01
Enoch, S. Yusuf, Hong, J. B., Kim, D. S..  2018.  Time Independent Security Analysis for Dynamic Networks Using Graphical Security Models. 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE). :588–595.

It is technically challenging to conduct a security analysis of a dynamic network, due to the lack of methods and techniques to capture different security postures as the network changes. Graphical Security Models (e.g., Attack Graph) are used to assess the security of network systems, but it typically captures a snapshot of a network state to carry out the security analysis. To address this issue, we propose a new Graphical Security Model named Time-independent Hierarchical Attack Representation Model (Ti-HARM) that captures security of multiple network states by taking into account the time duration of each network state and the visibility of network components (e.g., hosts, edges) in each state. By incorporating the changes, we can analyse the security of dynamic networks taking into account all the threats appearing in different network states. Our experimental results show that the Ti-HARM can effectively capture and assess the security of dynamic networks which were not possible using existing graphical security models.

2019-04-05
Bapat, R., Mandya, A., Liu, X., Abraham, B., Brown, D. E., Kang, H., Veeraraghavan, M..  2018.  Identifying Malicious Botnet Traffic Using Logistic Regression. 2018 Systems and Information Engineering Design Symposium (SIEDS). :266-271.

An important source of cyber-attacks is malware, which proliferates in different forms such as botnets. The botnet malware typically looks for vulnerable devices across the Internet, rather than targeting specific individuals, companies or industries. It attempts to infect as many connected devices as possible, using their resources for automated tasks that may cause significant economic and social harm while being hidden to the user and device. Thus, it becomes very difficult to detect such activity. A considerable amount of research has been conducted to detect and prevent botnet infestation. In this paper, we attempt to create a foundation for an anomaly-based intrusion detection system using a statistical learning method to improve network security and reduce human involvement in botnet detection. We focus on identifying the best features to detect botnet activity within network traffic using a lightweight logistic regression model. The network traffic is processed by Bro, a popular network monitoring framework which provides aggregate statistics about the packets exchanged between a source and destination over a certain time interval. These statistics serve as features to a logistic regression model responsible for classifying malicious and benign traffic. Our model is easy to implement and simple to interpret. We characterized and modeled 8 different botnet families separately and as a mixed dataset. Finally, we measured the performance of our model on multiple parameters using F1 score, accuracy and Area Under Curve (AUC).

2019-03-28
Varga, S., Brynielsson, J., Franke, U..  2018.  Information Requirements for National Level Cyber Situational Awareness. 2018 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM). :774-781.

As modern societies become more dependent on IT services, the potential impact both of adversarial cyberattacks and non-adversarial service management mistakes grows. This calls for better cyber situational awareness-decision-makers need to know what is going on. The main focus of this paper is to examine the information elements that need to be collected and included in a common operational picture in order for stakeholders to acquire cyber situational awareness. This problem is addressed through a survey conducted among the participants of a national information assurance exercise conducted in Sweden. Most participants were government officials and employees of commercial companies that operate critical infrastructure. The results give insight into information elements that are perceived as useful, that can be contributed to and required from other organizations, which roles and stakeholders would benefit from certain information, and how the organizations work with creating cyber common operational pictures today. Among findings, it is noteworthy that adversarial behavior is not perceived as interesting, and that the respondents in general focus solely on their own organization.

Stavrou, E..  2018.  Enhancing Cyber Situational Awareness: A New Perspective of Password Auditing Tools. 2018 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA). :1-4.

Password auditing can enhance the cyber situational awareness of defenders, e.g. cyber security/IT professionals, with regards to the strength of text-based authentication mechanisms utilized in an organization. Auditing results can proactively indicate if weak passwords exist in an organization, decreasing the risks of compromisation. Password cracking is a typical and time-consuming way to perform password auditing. Given that defenders perform password auditing within a specific evaluation timeframe, the cracking process needs to be optimized to yield useful results. Existing password cracking tools do not provide holistic features to optimize the process. Therefore, the need arises to build new password auditing toolkits to assist defenders to achieve their task in an effective and efficient way. Moreover, to maximize the benefits of password auditing, a security policy should be utilized. Currently the efforts focus on the specification of password security policies, providing rules on how to construct passwords. This work proposes the functionality that should be supported by next-generation password auditing toolkits and provides guidelines to drive the specification of a relevant password auditing policy.

2019-03-22
Teoh, T. T., Chiew, G., Franco, E. J., Ng, P. C., Benjamin, M. P., Goh, Y. J..  2018.  Anomaly Detection in Cyber Security Attacks on Networks Using MLP Deep Learning. 2018 International Conference on Smart Computing and Electronic Enterprise (ICSCEE). :1-5.

Malicious traffic has garnered more attention in recent years, owing to the rapid growth of information technology in today's world. In 2007 alone, an estimated loss of 13 billion dollars was made from malware attacks. Malware data in today's context is massive. To understand such information using primitive methods would be a tedious task. In this publication we demonstrate some of the most advanced deep learning techniques available, multilayer perceptron (MLP) and J48 (also known as C4.5 or ID3) on our selected dataset, Advanced Security Network Metrics & Non-Payload-Based Obfuscations (ASNM-NPBO) to show that the answer to managing cyber security threats lie in the fore-mentioned methodologies.

Duan, J., Zeng, Z., Oprea, A., Vasudevan, S..  2018.  Automated Generation and Selection of Interpretable Features for Enterprise Security. 2018 IEEE International Conference on Big Data (Big Data). :1258-1265.

We present an effective machine learning method for malicious activity detection in enterprise security logs. Our method involves feature engineering, or generating new features by applying operators on features of the raw data. We generate DNF formulas from raw features, extract Boolean functions from them, and leverage Fourier analysis to generate new parity features and rank them based on their highest Fourier coefficients. We demonstrate on real enterprise data sets that the engineered features enhance the performance of a wide range of classifiers and clustering algorithms. As compared to classification of raw data features, the engineered features achieve up to 50.6% improvement in malicious recall, while sacrificing no more than 0.47% in accuracy. We also observe better isolation of malicious clusters, when performing clustering on engineered features. In general, a small number of engineered features achieve higher performance than raw data features according to our metrics of interest. Our feature engineering method also retains interpretability, an important consideration in cyber security applications.

Ali, Syed Ahmed, Memon, Shahzad, Sahito, Farhan.  2018.  Challenges and Solutions in Cloud Forensics. Proceedings of the 2018 2Nd International Conference on Cloud and Big Data Computing. :6-10.

Cloud computing is cutting-edge platform in this information age, where organizations are shifting their business due to its elasticity, ubiquity, cost-effectiveness. Unfortunately the cyber criminals has used these characteristics for the criminal activities and victimizing multiple users at the same time, by their single exploitation which was impossible in before. Cloud forensics is a special branch of digital forensics, which aims to find the evidences of the exploitation in order to present these evidences in the court of law and bring the culprit to accountability. Collection of evidences in the cloud is not as simple as the traditional digital forensics because of its complex distributed architecture which is scattered globally. In this paper, various issues and challenges in the field of cloud forensics research and their proposed solutions have been critically reviewed, summarized and presented.

2019-03-18
Gunduz, M. Z., Das, R..  2018.  A comparison of cyber-security oriented testbeds for IoT-based smart grids. 2018 6th International Symposium on Digital Forensic and Security (ISDFS). :1–6.

Combining conventional power networks and information communication technologies forms smart grid concept. Researches on the evolution of conventional power grid system into smart grid continue thanks to the development of communication and information technologies hopefully. Testing of smart grid systems is usually performed in simulation environments. However, achieving more effective real-world implementations, a smart grid application needs a real-world test environment, called testbed. Smart grid, which is the combination of conventional electricity line with information communication technologies, is vulnerable to cyber-attacks and this is a key challenge improving the smart grid. The vulnerabilities to cyber-attacks in smart grid arise from information communication technologies' nature inherently. Testbeds, which cyber-security researches and studies can be performed, are needed to find effective solutions against cyber-attacks capabilities in smart grid practices. In this paper, an evaluation of existing smart grid testbeds with the capability of cyber security is presented. First, background, domains, research areas and security issues in smart grid are introduced briefly. Then smart grid testbeds and features are explained. Also, existing security-oriented testbeds and cyber-attack testing capabilities of testbeds are evaluated. Finally, we conclude the study and give some recommendations for security-oriented testbed implementations.

Demirci, S., Sagiroglu, S..  2018.  Software-Defined Networking for Improving Security in Smart Grid Systems. 2018 7th International Conference on Renewable Energy Research and Applications (ICRERA). :1021–1026.

This paper presents a review on how to benefit from software-defined networking (SDN) to enhance smart grid security. For this purpose, the attacks threatening traditional smart grid systems are classified according to availability, integrity, and confidentiality, which are the main cyber-security objectives. The traditional smart grid architecture is redefined with SDN and a conceptual model for SDN-based smart grid systems is proposed. SDN based solutions to the mentioned security threats are also classified and evaluated. Our conclusions suggest that SDN helps to improve smart grid security by providing real-time monitoring, programmability, wide-area security management, fast recovery from failures, distributed security and smart decision making based on big data analytics.

Albarakati, A., Moussa, B., Debbabi, M., Youssef, A., Agba, B. L., Kassouf, M..  2018.  OpenStack-Based Evaluation Framework for Smart Grid Cyber Security. 2018 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids (SmartGridComm). :1–6.

The rapid evolution of the power grid into a smart one calls for innovative and compelling means to experiment with the upcoming expansions, and analyze their behavioral response under normal circumstances and when targeted by attacks. Such analysis is fundamental to setting up solid foundations for the smart grid. Smart grid Hardware-In-the-Loop (HIL) co-simulation environments serve as a key approach to answer questions on the systems components, functionality, security concerns along with analysis of the system outcome and expected behavior. In this paper, we introduce a HIL co-simulation framework capable of simulating the smart grid actions and responses to attacks targeting its power and communication components. Our testbed is equipped with a real-time power grid simulator, and an associated OpenStack-based communication network. Through the utilized communication network, we can emulate a multitude of attacks targeting the power system, and evaluating the grid response to those attacks. Moreover, we present different illustrative cyber attacks use cases, and analyze the smart grid behavior in the presence of those attacks.

2019-03-15
Kettani, Houssain, Cannistra, Robert M..  2018.  On Cyber Threats to Smart Digital Environments. Proceedings of the 2Nd International Conference on Smart Digital Environment. :183-188.
Cyber threats and attacks have significantly increased in complexity and quantity throughout this past year. In this paper, the top fifteen cyber threats and trends are articulated in detail to provide awareness throughout the community and raising awareness. Specific attack vectors, mitigation techniques, kill chain and threat agents addressing Smart Digital Environments (SDE), including Internet of Things (IoT), are discussed. Due to the rising number of IoT and embedded firmware devices within ubiquitous computing environments such as smart homes, smart businesses and smart cities, the top fifteen cyber threats are being used in a comprehensive manner to take advantage of vulnerabilities and launch cyber operations using multiple attack vectors. What began as ubiquitous, or pervasive, computing is now matured to smart environments where the vulnerabilities and threats are widespread.
Deliu, I., Leichter, C., Franke, K..  2018.  Collecting Cyber Threat Intelligence from Hacker Forums via a Two-Stage, Hybrid Process Using Support Vector Machines and Latent Dirichlet Allocation. 2018 IEEE International Conference on Big Data (Big Data). :5008-5013.

Traditional security controls, such as firewalls, anti-virus and IDS, are ill-equipped to help IT security and response teams keep pace with the rapid evolution of the cyber threat landscape. Cyber Threat Intelligence (CTI) can help remediate this problem by exploiting non-traditional information sources, such as hacker forums and "dark-web" social platforms. Security and response teams can use the collected intelligence to identify emerging threats. Unfortunately, when manual analysis is used to extract CTI from non-traditional sources, it is a time consuming, error-prone and resource intensive process. We address these issues by using a hybrid Machine Learning model that automatically searches through hacker forum posts, identifies the posts that are most relevant to cyber security and then clusters the relevant posts into estimations of the topics that the hackers are discussing. The first (identification) stage uses Support Vector Machines and the second (clustering) stage uses Latent Dirichlet Allocation. We tested our model, using data from an actual hacker forum, to automatically extract information about various threats such as leaked credentials, malicious proxy servers, malware that evades AV detection, etc. The results demonstrate our method is an effective means for quickly extracting relevant and actionable intelligence that can be integrated with traditional security controls to increase their effectiveness.

2019-02-25
Essa, A., Al-Shoura, T., Nabulsi, A. Al, Al-Ali, A. R., Aloul, F..  2018.  Cyber Physical Sensors System Security: Threats, Vulnerabilities, and Solutions. 2018 2nd International Conference on Smart Grid and Smart Cities (ICSGSC). :62-67.
A Cyber Physical Sensor System (CPSS) consists of a computing platform equipped with wireless access points, sensors, and actuators. In a Cyber Physical System, CPSS constantly collects data from a physical object that is under process and performs local real-time control activities based on the process algorithm. The collected data is then transmitted through the network layer to the enterprise command and control center or to the cloud computing services for further processing and analysis. This paper investigates the CPSS' most common cyber security threats and vulnerabilities and provides countermeasures. Furthermore, the paper addresses how the CPSS are attacked, what are the leading consequences of the attacks, and the possible remedies to prevent them. Detailed case studies are presented to help the readers understand the CPSS threats, vulnerabilities, and possible solutions.
2019-02-13
Prakash, A., Priyadarshini, R..  2018.  An Intelligent Software defined Network Controller for preventing Distributed Denial of Service Attack. 2018 Second International Conference on Inventive Communication and Computational Technologies (ICICCT). :585–589.

Software Defined Network (SDN) architecture is a new and novel way of network management mechanism. In SDN, switches do not process the incoming packets like conventional network computing environment. They match for the incoming packets in the forwarding tables and if there is none it will be sent to the controller for processing which is the operating system of the SDN. A Distributed Denial of Service (DDoS) attack is a biggest threat to cyber security in SDN network. The attack will occur at the network layer or the application layer of the compromised systems that are connected to the network. In this paper a machine learning based intelligent method is proposed which can detect the incoming packets as infected or not. The different machine learning algorithms adopted for accomplishing the task are Naive Bayes, K-Nearest neighbor (KNN) and Support vector machine (SVM) to detect the anomalous behavior of the data traffic. These three algorithms are compared according to their performances and KNN is found to be the suitable one over other two. The performance measure is taken here is the detection rate of infected packets.

2019-02-08
Lihet, M., Dadarlat, P. D. V..  2018.  Honeypot in the Cloud Five Years of Data Analysis. 2018 17th RoEduNet Conference: Networking in Education and Research (RoEduNet). :1-6.

The current paper is a continuation of a published article and is about the results of implementing a Honeypot in the Cloud. A five years period of raw data is analyzed and explained in the current Cyber Security state and landscape.