Visible to the public Biblio

Found 228 results

Filters: Keyword is Testing  [Clear All Filters]
2023-01-13
Yee, George O. M..  2022.  Improving the Derivation of Sound Security Metrics. 2022 IEEE 46th Annual Computers, Software, and Applications Conference (COMPSAC). :1804—1809.
We continue to tackle the problem of poorly defined security metrics by building on and improving our previous work on designing sound security metrics. We reformulate the previous method into a set of conditions that are clearer and more widely applicable for deriving sound security metrics. We also modify and enhance some concepts that led to an unforeseen weakness in the previous method that was subsequently found by users, thereby eliminating this weakness from the conditions. We present examples showing how the conditions can be used to obtain sound security metrics. To demonstrate the conditions' versatility, we apply them to show that an aggregate security metric made up of sound security metrics is also sound. This is useful where the use of an aggregate measure may be preferred, to more easily understand the security of a system.
2022-12-23
Softić, Jasmin, Vejzović, Zanin.  2022.  Windows 10 Operating System: Vulnerability Assessment and Exploitation. 2022 21st International Symposium INFOTEH-JAHORINA (INFOTEH). :1–5.
The study focused on assessing and testing Windows 10 to identify possible vulnerabilities and their ability to withstand cyber-attacks. CVE data, alongside other vulnerability reports, were instrumental in measuring the operating system's performance. Metasploit and Nmap were essential in penetration and intrusion experiments in a simulated environment. The study applied the following testing procedure: information gathering, scanning and results analysis, vulnerability selection, launch attacks, and gaining access to the operating system. Penetration testing involved eight attacks, two of which were effective against the different Windows 10 versions. Installing the latest version of Windows 10 did not guarantee complete protection against attacks. Further research is essential in assessing the system's vulnerabilities are recommending better solutions.
ISSN: 2767-9470
2022-11-18
Mezhuev, Pavel, Gerasimov, Alexander, Privalov, Petr, Butkevich, Veronika.  2021.  A dynamic algorithm for source code static analysis. 2021 Ivannikov Memorial Workshop (IVMEM). :57–60.
A source code static analysis became an industrial standard for program source code issues early detection. As one of requirements to such kind of analysis is high performance to provide response of automatic code checking tool as early as possible as far as such kind of tools integrates to Continuous testing and Integration systems. In this paper we propose a source code static analysis algorithm for solving performance issue of source code static analysis tool in general way.
2022-10-13
Barlow, Luke, Bendiab, Gueltoum, Shiaeles, Stavros, Savage, Nick.  2020.  A Novel Approach to Detect Phishing Attacks using Binary Visualisation and Machine Learning. 2020 IEEE World Congress on Services (SERVICES). :177—182.
Protecting and preventing sensitive data from being used inappropriately has become a challenging task. Even a small mistake in securing data can be exploited by phishing attacks to release private information such as passwords or financial information to a malicious actor. Phishing has now proven so successful, it is the number one attack vector. Many approaches have been proposed to protect against this type of cyber-attack, from additional staff training, enriched spam filters to large collaborative databases of known threats such as PhishTank and OpenPhish. However, they mostly rely upon a user falling victim to an attack and manually adding this new threat to the shared pool, which presents a constant disadvantage in the fight back against phishing. In this paper, we propose a novel approach to protect against phishing attacks using binary visualisation and machine learning. Unlike previous work in this field, our approach uses an automated detection process and requires no further user interaction, which allows faster and more accurate detection process. The experiment results show that our approach has high detection rate.
M, Yazhmozhi V., Janet, B., Reddy, Srinivasulu.  2020.  Anti-phishing System using LSTM and CNN. 2020 IEEE International Conference for Innovation in Technology (INOCON). :1—5.
Users prefer to do e-banking and e-shopping now-a-days because of the exponential growth of the internet. Because of this paradigm shift, hackers are finding umpteen ways to steal our personal information and critical details like details of debit and credit cards, by disguising themselves as reputed websites, just by changing the spelling or making minor modifications to the URL. Identifying whether an URL is benign or malicious is a challenging job, because it makes use of the weakness of the user. While there are several works carried out to detect phishing websites, they only use heuristic methods and list based techniques and therefore couldn't avoid phishing effectively. In this paper an anti-phishing system was proposed to protect the users. It uses an ensemble model that uses both LSTM and CNN with a massive data set containing nearly 2,00,000 URLs, that is balanced. After analyzing the accuracy of different existing approaches, it has been found that the ensemble model that uses both LSTM and CNN performed better with an accuracy of 96% and the precision is 97% respectively which is far better than the existing solutions.
2022-08-26
Rangnau, Thorsten, Buijtenen, Remco v., Fransen, Frank, Turkmen, Fatih.  2020.  Continuous Security Testing: A Case Study on Integrating Dynamic Security Testing Tools in CI/CD Pipelines. 2020 IEEE 24th International Enterprise Distributed Object Computing Conference (EDOC). :145–154.
Continuous Integration (CI) and Continuous Delivery (CD) have become a well-known practice in DevOps to ensure fast delivery of new features. This is achieved by automatically testing and releasing new software versions, e.g. multiple times per day. However, classical security management techniques cannot keep up with this quick Software Development Life Cycle (SDLC). Nonetheless, guaranteeing high security quality of software systems has become increasingly important. The new trend of DevSecOps aims to integrate security techniques into existing DevOps practices. Especially, the automation of security testing is an important area of research in this trend. Although plenty of literature discusses security testing and CI/CD practices, only a few deal with both topics together. Additionally, most of the existing works cover only static code analysis and neglect dynamic testing methods. In this paper, we present an approach to integrate three automated dynamic testing techniques into a CI/CD pipeline and provide an empirical analysis of the introduced overhead. We then go on to identify unique research/technology challenges the DevSecOps communities will face and propose preliminary solutions to these challenges. Our findings will enable informed decisions when employing DevSecOps practices in agile enterprise applications engineering processes and enterprise security.
Zhang, Yuchen, Dong, Zhao Yang, Xu, Yan, Su, Xiangjing, Fu, Yang.  2020.  Impact Analysis of Intra-Interval Variation on Dynamic Security Assessment of Wind-Energy Power Systems. 2020 IEEE Power & Energy Society General Meeting (PESGM). :1–5.
Dynamic security assessment (DSA) is to ensure the power system being operated under a secure condition that can withstand potential contingencies. DSA normally proceeds periodically on a 5 to 15 minutes basis, where the system security condition over a complete time interval is merely determined upon the system snapshot captured at the beginning of the interval. With high wind power penetration, the minute-to-minute variations of wind power can lead to more volatile power system states within a single DSA time interval. This paper investigates the intra-interval variation (IIV) phenomenon in power system online DSA and analyze whether the IIV problem is deserved attention in future DSA research and applications. An IIV-contaminated testing environment based on hierarchical Monte-Carlo simulation is developed to evaluate the practical IIV impacts on power system security and DSA performance. The testing results show increase in system insecurity risk and significant degradation in DSA accuracy in presence of IIV. This result draws attention to the IIV phenomenon in DSA of wind-energy power systems and calls for more robust DSA approach to mitigate the IIV impacts.
2022-08-10
Singh, Ritesh, Khandelia, Kishan.  2021.  Web-based Computational Tools for Calculating Optimal Testing Pool Size for Diagnostic Tests of Infectious Diseases. 2021 International Conference on Computational Intelligence and Computing Applications (ICCICA). :1—4.
Pooling together samples and testing the resulting mixture is gaining considerable interest as a potential method to markedly increase the rate of testing for SARS-CoV-2, given the resource limited conditions. Such pooling can also be employed for carrying out large scale diagnostic testing of other infectious diseases, especially when the available resources are limited. Therefore, it has become important to design a user-friendly tool to assist clinicians and policy makers, to determine optimal testing pool and sub-pool sizes for their specific scenarios. We have developed such a tool; the calculator web application is available at https://riteshsingh.github.io/poolsize/. The algorithms employed are described and analyzed in this paper, and their application to other scientific fields is also discussed. We find that pooling always reduces the expected number of tests in all the conditions, at the cost of test sensitivity. The No sub-pooling optimal pool size calculator will be the most widely applicable one, because limitations of sample quantity will restrict sub-pooling in most conditions.
2022-08-04
[Anonymous].  2021.  Secure Hardware Design: Starting from the Roots of Trust. 2021 IEEE European Test Symposium (ETS). :i—i.
Summary form only given, as follows. The complete presentation was not made available for publication as part of the conference proceedings. What is “hardware” security? The network designer relies on the security of the router box. The software developer relies on the TPM (Trusted Platform Module). The circuit designer worries about side-channel attacks. At the same time, electronics shrink: sensor nodes, IOT devices, smart devices are becoming more and more available. Adding security and cryptography to these often very resource constraint devices is a challenge. This presentation will focus on Physically Unclonable Functions and True Random Number Generators, two roots of trust, and their security testing.
2022-07-29
Makarova, Mariia S., Maksutov, Artem A..  2021.  Methods of Detecting and Neutralizing Potential DHCP Rogue Servers. 2021 IEEE Conference of Russian Young Researchers in Electrical and Electronic Engineering (ElConRus). :522—525.
In the continuously evolving environment, computer security has become a convenient challenge because of the rapid rise and expansion of the Internet. One of the most significant challenges to networks is attacks on network resources caused by inadequate network security. DHCP is defenseless to a number of attacks, such as DHCP rogue server attacks. This work is focused on developing a method of detecting these attacks and granting active host protection on GNU/Linux operating systems. Unauthorized DHCP servers can be easily arranged and compete with the legitimate server on the local network that can be the result of distributing incorrect IP addresses, malicious DNS server addresses, invalid routing information to unsuspecting clients, intercepting and eavesdropping on communications, and so on. The goal is to prevent the situations described above by recognizing untrusted DHCP servers and providing active host protection on the local network.
2022-07-28
Ami, Amit Seal, Kafle, Kaushal, Nadkarni, Adwait, Poshyvanyk, Denys, Moran, Kevin.  2021.  µSE: Mutation-Based Evaluation of Security-Focused Static Analysis Tools for Android. 2021 IEEE/ACM 43rd International Conference on Software Engineering: Companion Proceedings (ICSE-Companion). :53—56.
This demo paper presents the technical details and usage scenarios of μSE: a mutation-based tool for evaluating security-focused static analysis tools for Android. Mutation testing is generally used by software practitioners to assess the robustness of a given test-suite. However, we leverage this technique to systematically evaluate static analysis tools and uncover and document soundness issues.μSE's analysis has found 25 previously undocumented flaws in static data leak detection tools for Android.μSE offers four mutation schemes, namely Reachability, Complex-reachability, TaintSink, and ScopeSink, which determine the locations of seeded mutants. Furthermore, the user can extend μSE by customizing the API calls targeted by the mutation analysis.μSE is also practical, as it makes use of filtering techniques based on compilation and execution criteria that reduces the number of ineffective mutations.
2022-06-09
Fadhlillah, Aghnia, Karna, Nyoman, Irawan, Arif.  2021.  IDS Performance Analysis using Anomaly-based Detection Method for DOS Attack. 2020 IEEE International Conference on Internet of Things and Intelligence System (IoTaIS). :18–22.
Intrusion Detection System (IDS) is a system that could detect suspicious activity in a network. Two approaches are known for IDS, namely signature-based and anomaly-based. The anomaly-based detection method was chosen to detect suspicious and abnormal activity for the system that cannot be performed by the signature-based method. In this study, attack testing was carried out using three DoS tools, namely the LOIC, Torshammer, and Xerxes tools, with a test scenario using IDS and without IDS. From the test results that have been carried out, IDS has successfully detected the attacks that were sent, for the delivery of the most consecutive attack packages, namely Torshammer, Xerxes, and LOIC. In the detection of Torshammer attack tools on the target FTP Server, 9421 packages were obtained, for Xerxes tools as many as 10618 packages and LOIC tools as many as 6115 packages. Meanwhile, attacks on the target Web Server for Torshammer tools were 299 packages, for Xerxes tools as many as 530 packages, and for LOIC tools as many as 103 packages. The accuracy of the IDS performance results is 88.66%, the precision is 88.58% and the false positive rate is 63.17%.
2022-06-08
Sun, Yue, Dong, Bin, Chen, Wei, Xu, Xiaotian, Si, Guanlin, Jing, Sen.  2021.  Research on Security Evaluation Technology of Intelligent Video Terminal. 2021 2nd International Symposium on Computer Engineering and Intelligent Communications (ISCEIC). :339–342.
The application of intelligent video terminal has spread in all aspects of production and life, such as urban transportation, enterprises, hospitals, banks, and families. In recent years, intelligent video terminals, video recorders and other video monitoring system components are frequently exposed to high risks of security vulnerabilities, which is likely to threaten the privacy of users and data security. Therefore, it is necessary to strengthen the security research and testing of intelligent video terminals, and formulate reinforcement and protection strategies based on the evaluation results, in order to ensure the confidentiality, integrity and availability of data collected and transmitted by intelligent video terminals.
2022-05-24
Leong Chien, Koh, Zainal, Anazida, Ghaleb, Fuad A., Nizam Kassim, Mohd.  2021.  Application of Knowledge-oriented Convolutional Neural Network For Causal Relation Extraction In South China Sea Conflict Issues. 2021 3rd International Cyber Resilience Conference (CRC). :1–7.
Online news articles are an important source of information for decisions makers to understand the causal relation of events that happened. However, understanding the causality of an event or between events by traditional machine learning-based techniques from natural language text is a challenging task due to the complexity of the language to be comprehended by the machines. In this study, the Knowledge-oriented convolutional neural network (K-CNN) technique is used to extract the causal relation from online news articles related to the South China Sea (SCS) dispute. The proposed K-CNN model contains a Knowledge-oriented channel that can capture the causal phrases of causal relationships. A Data-oriented channel that captures the position information was added to the K-CNN model in this phase. The online news articles were collected from the national news agency and then the sentences which contain relation such as causal, message-topic, and product-producer were extracted. Then, the extracted sentences were annotated and converted into lower form and base form followed by transformed into the vector by looking up the word embedding table. A word filter that contains causal keywords was generated and a K-CNN model was developed, trained, and tested using the collected data. Finally, different architectures of the K-CNN model were compared to find out the most suitable architecture for this study. From the study, it was found out that the most suitable architecture was the K-CNN model with a Knowledge-oriented channel and a Data-oriented channel with average pooling. This shows that the linguistic clues and the position features can improve the performance in extracting the causal relation from the SCS online news articles. Keywords-component; Convolutional Neural Network, Causal Relation Extraction, South China Sea.
2022-05-19
Basu, Subhashree, Kule, Malay, Rahaman, Hafizur.  2021.  Detection of Hardware Trojan in Presence of Sneak Path in Memristive Nanocrossbar Circuits. 2021 International Symposium on Devices, Circuits and Systems (ISDCS). :1–4.
Memristive nano crossbar array has paved the way for high density memories but in a very low power environment. But such high density circuits face multiple problems at the time of implementation. The sneak path problem in crossbar array is one such problem which causes difficulty in distinguishing the logical states of the memristors. On the other hand, hardware Trojan causes malfunctioning of the circuit or performance degradation. If any of these are present in the nano crossbar, it is difficult to identify whether the performance degradation is due to the sneak path problem or due to that of Hardware Trojan.This paper makes a comparative study of the sneak path problem and the hardware Trojan to understand the performance difference between both. It is observed that some parameters are affected by sneak path problem but remains unaffected in presence of Hardware Trojan and vice versa. Analyzing these parameters, we can classify whether the performance degradation is due to sneak path or due to Hardware Trojan. The experimental results well establish the proposed methods of detection of hardware Trojan in presence of sneak path in memristive nano crossbar circuits.
Baniya, Babu Kaji.  2021.  Intrusion Representation and Classification using Learning Algorithm. 2021 23rd International Conference on Advanced Communication Technology (ICACT). :279–284.
At present, machine learning (ML) algorithms are essential components in designing the sophisticated intrusion detection system (IDS). They are building-blocks to enhance cyber threat detection and help in classification at host-level and network-level in a short period. The increasing global connectivity and advancements of network technologies have added unprecedented challenges and opportunities to network security. Malicious attacks impose a huge security threat and warrant scalable solutions to thwart large-scale attacks. These activities encourage researchers to address these imminent threats by analyzing a large volume of the dataset to tackle all possible ranges of attack. In this proposed method, we calculated the fitness value of each feature from the population by using a genetic algorithm (GA) and selected them according to the fitness value. The fitness values are presented in hierarchical order to show the effectiveness of problem decomposition. We implemented Support Vector Machine (SVM) to verify the consistency of the system outcome. The well-known NSL-knowledge discovery in databases (KDD) was used to measure the performance of the system. From the experiments, we achieved a notable classification accuracies using a SVM of the current state of the art intrusion detection.
2022-05-10
priyadharshini, C Subha, Rajeswari, A, Sharmila, P, Gayathri, M, Randhisha, K, Yazhini, M C.  2021.  Design of Visible Light Communication System Using Ask Modulation. 2021 International Conference on Computing, Communication, and Intelligent Systems (ICCCIS). :894–899.
A Visible Light Communication (VLC) is a fast growing technology became ubiquitous in the Optical wireless communication domain. It has the benefits of high security, high bandwidth, less power consumption, free from Electro Magnetic radiation hazards. VLC can help to address the looming spectrum crunch problem with secure communication in an unlimited spectrum. VLC provides extensive wireless connectivity with larger data densities than Wi-Fi along with added security features that annihilate unwanted external network invasion. The problem such as energy consumption and infrastructure complexity has been reduced by integrating the illumination and data services. The objective is to provide fast data communication with uninterrupted network connectivity and high accuracy to the user. In this paper, a proposed visible light communication system for transmitting text information using amplitude shift keying modulation (ASK) has been presented. Testing of transmitter and receiver block based on frequency, power and distance has been analyzed. The results show that the receiver is capable of receiving input data with minimum length under direct communication with the transmitter.
2022-05-05
Singh, Praneet, P, Jishnu Jaykumar, Pankaj, Akhil, Mitra, Reshmi.  2021.  Edge-Detect: Edge-Centric Network Intrusion Detection using Deep Neural Network. 2021 IEEE 18th Annual Consumer Communications Networking Conference (CCNC). :1—6.
Edge nodes are crucial for detection against multitudes of cyber attacks on Internet-of-Things endpoints and is set to become part of a multi-billion industry. The resource constraints in this novel network infrastructure tier constricts the deployment of existing Network Intrusion Detection System with Deep Learning models (DLM). We address this issue by developing a novel light, fast and accurate `Edge-Detect' model, which detects Distributed Denial of Service attack on edge nodes using DLM techniques. Our model can work within resource restrictions i.e. low power, memory and processing capabilities, to produce accurate results at a meaningful pace. It is built by creating layers of Long Short-Term Memory or Gated Recurrent Unit based cells, which are known for their excellent representation of sequential data. We designed a practical data science pipeline with Recurring Neural Network to learn from the network packet behavior in order to identify whether it is normal or attack-oriented. The model evaluation is from deployment on actual edge node represented by Raspberry Pi using current cybersecurity dataset (UNSW2015). Our results demonstrate that in comparison to conventional DLM techniques, our model maintains a high testing accuracy of 99% even with lower resource utilization in terms of cpu and memory. In addition, it is nearly 3 times smaller in size than the state-of-art model and yet requires a much lower testing time.
2022-04-25
Nguyen, Huy Hoang, Ta, Thi Nhung, Nguyen, Ngoc Cuong, Bui, Van Truong, Pham, Hung Manh, Nguyen, Duc Minh.  2021.  YOLO Based Real-Time Human Detection for Smart Video Surveillance at the Edge. 2020 IEEE Eighth International Conference on Communications and Electronics (ICCE). :439–444.
Recently, smart video surveillance at the edge has become a trend in developing security applications since edge computing enables more image processing tasks to be implemented on the decentralised network note of the surveillance system. As a result, many security applications such as behaviour recognition and prediction, employee safety, perimeter intrusion detection and vandalism deterrence can minimise their latency or even process in real-time when the camera network system is extended to a larger degree. Technically, human detection is a key step in the implementation of these applications. With the advantage of high detection rates, deep learning methods have been widely employed on edge devices in order to detect human objects. However, due to their high computation costs, it is challenging to apply these methods on resource limited edge devices for real-time applications. Inspired by the You Only Look Once (YOLO), residual learning and Spatial Pyramid Pooling (SPP), a novel form of real-time human detection is presented in this paper. Our approach focuses on designing a network structure so that the developed model can achieve a good trade-off between accuracy and processing time. Experimental results show that our trained model can process 2 FPS on Raspberry PI 3B and detect humans with accuracies of 95.05 % and 96.81 % when tested respectively on INRIA and PENN FUDAN datasets. On the human COCO test dataset, our trained model outperforms the performance of the Tiny-YOLO versions. Additionally, compare to the SSD based L-CNN method, our algorithm achieves better accuracy than the other method.
2022-04-19
Wang, Pei, Bangert, Julian, Kern, Christoph.  2021.  If It’s Not Secure, It Should Not Compile: Preventing DOM-Based XSS in Large-Scale Web Development with API Hardening. 2021 IEEE/ACM 43rd International Conference on Software Engineering (ICSE). :1360–1372.
With tons of efforts spent on its mitigation, Cross-site scripting (XSS) remains one of the most prevalent security threats on the internet. Decades of exploitation and remediation demonstrated that code inspection and testing alone does not eliminate XSS vulnerabilities in complex web applications with a high degree of confidence. This paper introduces Google's secure-by-design engineering paradigm that effectively prevents DOM-based XSS vulnerabilities in large-scale web development. Our approach, named API hardening, enforces a series of company-wide secure coding practices. We provide a set of secure APIs to replace native DOM APIs that are prone to XSS vulnerabilities. Through a combination of type contracts and appropriate validation and escaping, the secure APIs ensure that applications based thereon are free of XSS vulnerabilities. We deploy a simple yet capable compile-time checker to guarantee that developers exclusively use our hardened APIs to interact with the DOM. We make various of efforts to scale this approach to tens of thousands of engineers without significant productivity impact. By offering rigorous tooling and consultant support, we help developers adopt the secure coding practices as seamlessly as possible. We present empirical results showing how API hardening has helped reduce the occurrences of XSS vulnerabilities in Google's enormous code base over the course of two-year deployment.
2022-04-13
Ahmad Riduan, Nuraqilah Haidah, Feresa Mohd Foozy, Cik, Hamid, Isredza Rahmi A, Shamala, Palaniappan, Othman, Nur Fadzilah.  2021.  Data Wiping Tool: ByteEditor Technique. 2021 3rd International Cyber Resilience Conference (CRC). :1–6.
This Wiping Tool is an anti-forensic tool that is built to wipe data permanently from laptop's storage. This tool is capable to ensure the data from being recovered with any recovery tools. The objective of building this wiping tool is to maintain the confidentiality and integrity of the data from unauthorized access. People tend to delete the file in normal way, however, the file face the risk of being recovered. Hence, the integrity and confidentiality of the deleted file cannot be protected. Through wiping tools, the files are overwritten with random strings to make the files no longer readable. Thus, the integrity and the confidentiality of the file can be protected. Regarding wiping tools, nowadays, lots of wiping tools face issue such as data breach because the wiping tools are unable to delete the data permanently from the devices. This situation might affect their main function and a threat to their users. Hence, a new wiping tool is developed to overcome the problem. A new wiping tool named Data Wiping tool is applying two wiping techniques. The first technique is Randomized Data while the next one is enhancing wiping technique, known as ByteEditor. ByteEditor is a combination of two different techniques, byte editing and byte deletion. With the implementation of Object-Oriented methodology, this wiping tool is built. This methodology consists of analyzing, designing, implementation and testing. The tool is analyzed and compared with other wiping tools before the designing of the tool start. Once the designing is done, implementation phase take place. The code of the tool is created using Visual Studio 2010 with C\# language and being tested their functionality to ensure the developed tool meet the objectives of the project. This tool is believed able to contribute to the development of wiping tools and able to solve problems related to other wiping tools.
2022-03-23
Singhal, Abhinav, Maan, Akash, Chaudhary, Daksh, Vishwakarma, Dinesh.  2021.  A Hybrid Machine Learning and Data Mining Based Approach to Network Intrusion Detection. 2021 International Conference on Artificial Intelligence and Smart Systems (ICAIS). :312–318.
This paper outlines an approach to build an Intrusion detection system for a network interface device. This research work has developed a hybrid intrusion detection system which involves various machine learning techniques along with inference detection for a comparative analysis. It is explained in 2 phases: Training (Model Training and Inference Network Building) and Detection phase (Working phase). This aims to solve all the current real-life problem that exists in machine learning algorithms as machine learning techniques are stiff they have their respective classification region outside which they cease to work properly. This paper aims to provide the best working machine learning technique out of the many used. The machine learning techniques used in comparative analysis are Decision Tree, Naïve Bayes, K-Nearest Neighbors (KNN) and Support Vector Machines (SVM) along with NSLKDD dataset for testing and training of our Network Intrusion Detection Model. The accuracy recorded for Decision Tree, Naïve Bayes, K-Nearest Neighbors (KNN) and Support Vector Machines(SVM) respectively when tested independently are 98.088%, 82.971%, 95.75%, 81.971% and when tested with inference detection model are 98.554%, 66.687%, 97.605%, 93.914%. Therefore, it can be concluded that our inference detection model helps in improving certain factors which are not detected using conventional machine learning techniques.
2022-03-15
Baluta, Teodora, Chua, Zheng Leong, Meel, Kuldeep S., Saxena, Prateek.  2021.  Scalable Quantitative Verification for Deep Neural Networks. 2021 IEEE/ACM 43rd International Conference on Software Engineering: Companion Proceedings (ICSE-Companion). :248—249.
Despite the functional success of deep neural networks (DNNs), their trustworthiness remains a crucial open challenge. To address this challenge, both testing and verification techniques have been proposed. But these existing techniques pro- vide either scalability to large networks or formal guarantees, not both. In this paper, we propose a scalable quantitative verification framework for deep neural networks, i.e., a test-driven approach that comes with formal guarantees that a desired probabilistic property is satisfied. Our technique performs enough tests until soundness of a formal probabilistic property can be proven. It can be used to certify properties of both deterministic and randomized DNNs. We implement our approach in a tool called PROVERO1 and apply it in the context of certifying adversarial robustness of DNNs. In this context, we first show a new attack- agnostic measure of robustness which offers an alternative to purely attack-based methodology of evaluating robustness being reported today. Second, PROVERO provides certificates of robustness for large DNNs, where existing state-of-the-art verification tools fail to produce conclusive results. Our work paves the way forward for verifying properties of distributions captured by real-world deep neural networks, with provable guarantees, even where testers only have black-box access to the neural network.
2022-03-08
Melati, Seshariana Rahma, Yovita, Leanna Vidya, Mayasari, Ratna.  2021.  Caching Performance of Named Data Networking with NDNS. 2021 International Conference on Information Networking (ICOIN). :261–266.
Named Data Networking, a future internet network architecture design that can change the network's perspective from previously host-centric to data-centric. It can reduce the network load, especially on the server part, and can provide advantages in multicast cases or re-sending of content data to users due to transmission errors. In NDN, interest messages are sent to the router, and if they are not immediately found, they will continue to be forwarded, resulting in a large load. NDNS or a DNS-Like Name Service for NDN is needed to know exactly where the content is to improve system performance. NDNS is a database that provides information about the zone location of the data contained in the network. In this study, a simulation was conducted to test the NDNS mechanism on the NDN network to support caching on the NDN network by testing various topologies with changes in the size of the content store and the number of nodes used. NDNS is outperform compared to NDN without NDNS for cache hit ratio and load parameters.
2022-03-01
Huang, Shanshi, Peng, Xiaochen, Jiang, Hongwu, Luo, Yandong, Yu, Shimeng.  2021.  Exploiting Process Variations to Protect Machine Learning Inference Engine from Chip Cloning. 2021 IEEE International Symposium on Circuits and Systems (ISCAS). :1–5.
Machine learning inference engine is of great interest to smart edge computing. Compute-in-memory (CIM) architecture has shown significant improvements in throughput and energy efficiency for hardware acceleration. Emerging nonvolatile memory (eNVM) technologies offer great potentials for instant on and off by dynamic power gating. Inference engine is typically pre-trained by the cloud and then being deployed to the field. There is a new security concern on cloning of the weights stored on eNVM-based CIM chip. In this paper, we propose a countermeasure to the weight cloning attack by exploiting the process variations of the periphery circuitry. In particular, we use weight fine-tuning to compensate the analog-to-digital converter (ADC) offset for a specific chip instance while inducing significant accuracy drop for cloned chip instances. We evaluate our proposed scheme on a CIFAR-10 classification task using a VGG- 8 network. Our results show that with precisely chosen transistor size on the employed SAR-ADC, we could maintain 88% 90% accuracy for the fine-tuned chip while the same set of weights cloned on other chips will only have 20 40% accuracy on average. The weight fine-tune could be completed within one epoch of 250 iterations. On average only 0.02%, 0.025%, 0.142% of cells are updated for 2-bit, 4-bit, 8-bit weight precisions in each iteration.