Visible to the public Biblio

Found 12254 results

2021-05-05
Tabiban, Azadeh, Jarraya, Yosr, Zhang, Mengyuan, Pourzandi, Makan, Wang, Lingyu, Debbabi, Mourad.  2020.  Catching Falling Dominoes: Cloud Management-Level Provenance Analysis with Application to OpenStack. 2020 IEEE Conference on Communications and Network Security (CNS). :1—9.

The dynamicity and complexity of clouds highlight the importance of automated root cause analysis solutions for explaining what might have caused a security incident. Most existing works focus on either locating malfunctioning clouds components, e.g., switches, or tracing changes at lower abstraction levels, e.g., system calls. On the other hand, a management-level solution can provide a big picture about the root cause in a more scalable manner. In this paper, we propose DOMINOCATCHER, a novel provenance-based solution for explaining the root cause of security incidents in terms of management operations in clouds. Specifically, we first define our provenance model to capture the interdependencies between cloud management operations, virtual resources and inputs. Based on this model, we design a framework to intercept cloud management operations and to extract and prune provenance metadata. We implement DOMINOCATCHER on OpenStack platform as an attached middleware and validate its effectiveness using security incidents based on real-world attacks. We also evaluate the performance through experiments on our testbed, and the results demonstrate that DOMINOCATCHER incurs insignificant overhead and is scalable for clouds.

Nienhuis, Kyndylan, Joannou, Alexandre, Bauereiss, Thomas, Fox, Anthony, Roe, Michael, Campbell, Brian, Naylor, Matthew, Norton, Robert M., Moore, Simon W., Neumann, Peter G. et al..  2020.  Rigorous engineering for hardware security: Formal modelling and proof in the CHERI design and implementation process. 2020 IEEE Symposium on Security and Privacy (SP). :1003—1020.

The root causes of many security vulnerabilities include a pernicious combination of two problems, often regarded as inescapable aspects of computing. First, the protection mechanisms provided by the mainstream processor architecture and C/C++ language abstractions, dating back to the 1970s and before, provide only coarse-grain virtual-memory-based protection. Second, mainstream system engineering relies almost exclusively on test-and-debug methods, with (at best) prose specifications. These methods have historically sufficed commercially for much of the computer industry, but they fail to prevent large numbers of exploitable bugs, and the security problems that this causes are becoming ever more acute.In this paper we show how more rigorous engineering methods can be applied to the development of a new security-enhanced processor architecture, with its accompanying hardware implementation and software stack. We use formal models of the complete instruction-set architecture (ISA) at the heart of the design and engineering process, both in lightweight ways that support and improve normal engineering practice - as documentation, in emulators used as a test oracle for hardware and for running software, and for test generation - and for formal verification. We formalise key intended security properties of the design, and establish that these hold with mechanised proof. This is for the same complete ISA models (complete enough to boot operating systems), without idealisation.We do this for CHERI, an architecture with hardware capabilities that supports fine-grained memory protection and scalable secure compartmentalisation, while offering a smooth adoption path for existing software. CHERI is a maturing research architecture, developed since 2010, with work now underway on an Arm industrial prototype to explore its possible adoption in mass-market commercial processors. The rigorous engineering work described here has been an integral part of its development to date, enabling more rapid and confident experimentation, and boosting confidence in the design.

Pawar, Shrikant, Stanam, Aditya.  2020.  Scalable, Reliable and Robust Data Mining Infrastructures. 2020 Fourth World Conference on Smart Trends in Systems, Security and Sustainability (WorldS4). :123—125.

Mining of data is used to analyze facts to discover formerly unknown patterns, classifying and grouping the records. There are several crucial scalable statistics mining platforms that have been developed in latest years. RapidMiner is a famous open source software which can be used for advanced analytics, Weka and Orange are important tools of machine learning for classifying patterns with techniques of clustering and regression, whilst Knime is often used for facts preprocessing like information extraction, transformation and loading. This article encapsulates the most important and robust platforms.

Zelenbaba, Stefan, Löschenbrand, David, Hofer, Markus, Dakić, Anja, Rainer, Benjamin, Humer, Gerhard, Zemen, Thomas.  2020.  A Scalable Mobile Multi-Node Channel Sounder. 2020 IEEE Wireless Communications and Networking Conference (WCNC). :1—6.

The advantages of measuring multiple wireless links simultaneously has been gaining attention due to the growing complexity of wireless communication systems. Analyzing vehicular communication systems presents a particular challenge due to their rapid time-varying nature. Therefore multi-node channel sounding is crucial for such endeavors. In this paper, we present the architecture and practical implementation of a scalable mobile multi-node channel sounder, optimized for use in vehicular scenarios. We perform a measurement campaign with three moving nodes, which includes a line of sight (LoS) connection on two links and non LoS(NLoS) conditions on the third link. We present the results on the obtained channel delay and Doppler characteristics, followed by the assessment of the degree of correlation of the analyzed channels and time-variant channel rates, hence investigating the suitability of the channel's physical attributes for relaying. The results show low cross-correlation between the transfer functions of the direct and the relaying link, while a higher rate is calculated for the relaying link.

Tang, Sirui, Liu, Zhaoxi, Wang, Lingfeng.  2020.  Power System Reliability Analysis Considering External and Insider Attacks on the SCADA System. 2020 IEEE/PES Transmission and Distribution Conference and Exposition (T D). :1—5.

Cybersecurity of the supervisory control and data acquisition (SCADA) system, which is the key component of the cyber-physical systems (CPS), is facing big challenges and will affect the reliability of the smart grid. System reliability can be influenced by various cyber threats. In this paper, the reliability of the electric power system considering different cybersecurity issues in the SCADA system is analyzed by using Semi-Markov Process (SMP) and mean time-to-compromise (MTTC). External and insider attacks against the SCADA system are investigated with the SMP models and the results are compared. The system reliability is evaluated by reliability indexes including loss of load probability (LOLP) and expected energy not supplied (EENS) through Monte Carlo Simulations (MCS). The lurking threats of the cyberattacks are also analyzed in the study. Case studies were conducted on the IEEE Reliability Test System (RTS-96). The results show that with the increase of the MTTCs of the cyberattacks, the LOLP values decrease. When insider attacks are considered, both the LOLP and EENS values dramatically increase owing to the decreased MTTCs. The results provide insights into the establishment of the electric power system reliability enhancement strategies.

Zheng, Tian, Hong, Qiao, Xi, Li, Yizheng, Sun, Jie, Deng.  2020.  A Security Defense Model for SCADA System Based on Game Theory. 2020 12th International Conference on Measuring Technology and Mechatronics Automation (ICMTMA). :253—258.

With the increase of the information level of SCADA system in recent years, the attacks against SCADA system are also increasing. Therefore, more and more scholars are beginning to study the safety of SCADA systems. Game theory is a balanced decision involving the main body of all parties. In recent years, domestic and foreign scholars have applied game theory to SCADA systems to achieve active defense. However, their research often focuses on the entire SCADA system, and the game theory is solved for the entire SCADA system, which is not flexible enough, and the calculation cost is also high. In this paper, a dynamic local game model (DLGM) for power SCADA system is proposed. This model first obtains normal data to form a whitelist, then dynamically detects each attack of the attacker's SCADA system, and through white list to determine the node location of the SCADA system attacked by the attacker, then obtains the smallest system attacked by SCADA system, and finally performs a local dynamic game algorithm to find the best defense path. Experiments show that DLGM model can find the best defense path more effectively than other game strategies.

Bulle, Bruno B., Santin, Altair O., Viegas, Eduardo K., dos Santos, Roger R..  2020.  A Host-based Intrusion Detection Model Based on OS Diversity for SCADA. IECON 2020 The 46th Annual Conference of the IEEE Industrial Electronics Society. :691—696.

Supervisory Control and Data Acquisition (SCADA) systems have been a frequent target of cyberattacks in Industrial Control Systems (ICS). As such systems are a frequent target of highly motivated attackers, researchers often resort to intrusion detection through machine learning techniques to detect new kinds of threats. However, current research initiatives, in general, pursue higher detection accuracies, neglecting the detection of new kind of threats and their proposal detection scope. This paper proposes a novel, reliable host-based intrusion detection for SCADA systems through the Operating System (OS) diversity. Our proposal evaluates, at the OS level, the SCADA communication over time and, opportunistically, detects, and chooses the most appropriate OS to be used in intrusion detection for reliability purposes. Experiments, performed through a variety of SCADA OSs front-end, shows that OS diversity provides higher intrusion detection scope, improving detection accuracy by up to 8 new attack categories. Besides, our proposal can opportunistically detect the most reliable OS that should be used for the current environment behavior, improving by up to 8%, on average, the system accuracy when compared to a single OS approach, in the best case.

Lee, Jae-Myeong, Hong, Sugwon.  2020.  Host-Oriented Approach to Cyber Security for the SCADA Systems. 2020 6th IEEE Congress on Information Science and Technology (CiSt). :151—155.
Recent cyberattacks targeting Supervisory Control and Data Acquisition (SCADA)/Industrial Control System(ICS) exploit weaknesses of host system software environment and take over the control of host processes in the host of the station network. We analyze the attack path of these attacks, which features how the attack hijacks the host in the network and compromises the operations of field device controllers. The paper proposes a host-based protection method, which can prevent malware penetration into the process memory by code injection attacks. The method consists of two protection schemes. One is to prevent file-based code injection such as DLL injection. The other is to prevent fileless code injection. The method traces changes in memory regions and determine whether the newly allocated memory is written with malicious codes. For this method, we show how a machine learning method can be adopted.
Hossain, Md. Turab, Hossain, Md. Shohrab, Narman, Husnu S..  2020.  Detection of Undesired Events on Real-World SCADA Power System through Process Monitoring. 2020 11th IEEE Annual Ubiquitous Computing, Electronics Mobile Communication Conference (UEMCON). :0779—0785.
A Supervisory Control and Data Acquisition (SCADA) system used in controlling or monitoring purpose in industrial process automation system is the process of collecting data from instruments and sensors located at remote sites and transmitting data at a central site. Most of the existing works on SCADA system focused on simulation-based study which cannot always mimic the real world situations. We propose a novel methodology that analyzes SCADA logs on offline basis and helps to detect process-related threats. This threat takes place when an attacker performs malicious actions after gaining user access. We conduct our experiments on a real-life SCADA system of a Power transmission utility. Our proposed methodology will automate the analysis of SCADA logs and systemically identify undesired events. Moreover, it will help to analyse process-related threats caused by user activity. Several test study suggest that our approach is powerful in detecting undesired events that might caused by possible malicious occurrence.
Hallaji, Ehsan, Razavi-Far, Roozbeh, Saif, Mehrdad.  2020.  Detection of Malicious SCADA Communications via Multi-Subspace Feature Selection. 2020 International Joint Conference on Neural Networks (IJCNN). :1—8.
Security maintenance of Supervisory Control and Data Acquisition (SCADA) systems has been a point of interest during recent years. Numerous research works have been dedicated to the design of intrusion detection systems for securing SCADA communications. Nevertheless, these data-driven techniques are usually dependant on the quality of the monitored data. In this work, we propose a novel feature selection approach, called MSFS, to tackle undesirable quality of data caused by feature redundancy. In contrast to most feature selection techniques, the proposed method models each class in a different subspace, where it is optimally discriminated. This has been accomplished by resorting to ensemble learning, which enables the usage of multiple feature sets in the same feature space. The proposed method is then utilized to perform intrusion detection in smaller subspaces, which brings about efficiency and accuracy. Moreover, a comparative study is performed on a number of advanced feature selection algorithms. Furthermore, a dataset obtained from the SCADA system of a gas pipeline is employed to enable a realistic simulation. The results indicate the proposed approach extensively improves the detection performance in terms of classification accuracy and standard deviation.
Osaretin, Charles Aimiuwu, Zamanlou, Mohammad, Iqbal, M. Tariq, Butt, Stephen.  2020.  Open Source IoT-Based SCADA System for Remote Oil Facilities Using Node-RED and Arduino Microcontrollers. 2020 11th IEEE Annual Information Technology, Electronics and Mobile Communication Conference (IEMCON). :0571—0575.
An open source and low-cost Supervisory Control and Data Acquisition System based on Node-RED and Arduino microcontrollers is presented in this paper. The system is designed for monitoring, supervision, and remotely controlling motors and sensors deployed for oil and gas facilities. The Internet of Things (IoT) based SCADA system consists of a host computer on which a server is deployed using the Node-RED programming tool and two terminal units connected to it: Arduino Uno and Arduino Mega. The Arduino Uno collects and communicates the data acquired from the temperature, flowrate, and water level sensors to the Node-Red on the computer through the serial port. It also uses a local liquid crystal display (LCD) to display the temperature. Node-RED on the computer retrieves the data from the voltage, current, rotary, accelerometer, and distance sensors through the Arduino Mega. Also, a web-based graphical user interface (GUI) is created using Node-RED and hosted on the local server for parsing the collected data. Finally, an HTTP basic access authentication is implemented using Nginx to control the clients' access from the Internet to the local server and to enhance its security and reliability.
Rathod, Jash, Joshi, Chaitali, Khochare, Janavi, Kazi, Faruk.  2020.  Interpreting a Black-Box Model used for SCADA Attack detection in Gas Pipelines Control System. 2020 IEEE 17th India Council International Conference (INDICON). :1—7.
Various Machine Learning techniques are considered to be "black-boxes" because of their limited interpretability and explainability. This cannot be afforded, especially in the domain of Cyber-Physical Systems, where there can be huge losses of infrastructure of industries and Governments. Supervisory Control And Data Acquisition (SCADA) systems need to detect and be protected from cyber-attacks. Thus, we need to adopt approaches that make the system secure, can explain predictions made by model, and interpret the model in a human-understandable format. Recently, Autoencoders have shown great success in attack detection in SCADA systems. Numerous interpretable machine learning techniques are developed to help us explain and interpret models. The work presented here is a novel approach to use techniques like Local Interpretable Model-Agnostic Explanations (LIME) and Layer-wise Relevance Propagation (LRP) for interpretation of Autoencoder networks trained on a Gas Pipelines Control System to detect attacks in the system.
Mnushka, Oksana, Savchenko, Volodymyr.  2020.  Security Model of IOT-based Systems. 2020 IEEE 15th International Conference on Advanced Trends in Radioelectronics, Telecommunications and Computer Engineering (TCSET). :398—401.
The increasing using of IoT technologies in the industrial sector creates new challenges for the information security of such systems. Using IoT-devices for building SCADA systems cause standard protocols and public networks for data transmitting. Commercial off-the-shelf devices and systems are a new base for industrial control systems, which have high-security risks. There are some useful models are exist for security analysis of information systems, but they do not take into account IoT architecture. The nested attributed metagraph model for the security of IoT-based solutions is proposed and discussed.
Zhang, Qiao-Jia, Ye, Qing, Yuan, Zhi-Min, Li, Liang.  2020.  Fast HEVC Selective Encryption Scheme Based on Improved CABAC Coding Algorithm. 2020 IEEE 6th International Conference on Computer and Communications (ICCC). :1022—1028.

Context-based adaptive binary arithmetic coding (CABAC) is the only entropy coding method in HEVC. According to statistics, CABAC encoders account for more than 25% of the high efficiency video coding (HEVC) coding time. Therefore, the improved CABAC algorithm can effectively improve the coding speed of HEVC. On this basis, a selective encryption scheme based on the improved CABAC algorithm is proposed. Firstly, the improved CABAC algorithm is used to optimize the regular mode encoding, and then the cryptographic algorithm is used to selectively encrypt the syntax elements in bypass mode encoding. The experimental results show that the encoding time is reduced by nearly 10% when there is great interference to the video information. The scheme is both safe and effective.

Lu, Xinjin, Lei, Jing, Li, Wei.  2020.  A Physical Layer Encryption Algorithm Based on Length-Compatible Polar Codes. 2020 IEEE 92nd Vehicular Technology Conference (VTC2020-Fall). :1—7.
The code length and rate of length-compatible polar codes can be adaptively adjusted and changed because of the special coding structure. In this paper, we propose a method to construct length-compatible polar codes by employing physical layer encryption technology. The deletion way of frozen bits and generator matrix are random, which makes polar codes more flexible and safe. Simulation analysis shows that the proposed algorithm can not only effectively improve the performance of length-compatible polar codes but also realize the physical layer security encryption of the system.
Elvira, Clément, Herzet, Cédric.  2020.  Short and Squeezed: Accelerating the Computation of Antisparse Representations with Safe Squeezing. ICASSP 2020 - 2020 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP). :5615—5619.
Antisparse coding aims at spreading the information uniformly over representation coefficients and can be expressed as the solution of an ℓ∞-norm regularized problem. In this paper, we propose a new methodology, coined "safe squeezing", accelerating the computation of antisparse representations. The idea consists in identifying saturated entries of the solution via simple tests and compacting their contribution to achieve some form of dimensionality reduction. Numerical experiments show that the proposed approach leads to significant computational gain.
Block, Matthew, Barcaskey, Benjamin, Nimmo, Andrew, Alnaeli, Saleh, Gilbert, Ian, Altahat, Zaid.  2020.  Scalable Cloud-Based Tool to Empirically Detect Vulnerable Code Patterns in Large-Scale System. 2020 IEEE International Conference on Electro Information Technology (EIT). :588—592.
Open-source development is a well-accepted model by software development communities from both academia and industry. Many companies and corporations adopt and use open source systems daily as a core component in their business activities. One of the most important factors that will determine the success of this model is security. The security of software systems is a combination of source code quality, stability, and vulnerabilities. Software vulnerabilities can be introduced by many factors, some of which are the way that programmers write their programs, their background on security standards, and safe programming practices. This paper describes a cloud-based software tool developed by the authors that can help our computing communities in both academia and research to evaluate their software systems on the source code level to help them identify and detect some of the well-known source code vulnerability patterns that can cause security issues if maliciously exploited. The paper also presents an empirical study on the prevalence of vulnerable C/C++ coding patterns inside three large-scale open-source systems comprising more than 42 million lines of source code. The historical data for the studied systems is presented over five years to uncover some historical trends to highlight the changes in the system analyzed over time concerning the presence of some of the source code vulnerabilities patterns. The majority of results show the continued usage of known unsafe functions.
Rana, Krishan, Dasagi, Vibhavari, Talbot, Ben, Milford, Michael, Sünderhauf, Niko.  2020.  Multiplicative Controller Fusion: Leveraging Algorithmic Priors for Sample-efficient Reinforcement Learning and Safe Sim-To-Real Transfer. 2020 IEEE/RSJ International Conference on Intelligent Robots and Systems (IROS). :6069—6076.
Learning-based approaches often outperform hand-coded algorithmic solutions for many problems in robotics. However, learning long-horizon tasks on real robot hardware can be intractable, and transferring a learned policy from simulation to reality is still extremely challenging. We present a novel approach to model-free reinforcement learning that can leverage existing sub-optimal solutions as an algorithmic prior during training and deployment. During training, our gated fusion approach enables the prior to guide the initial stages of exploration, increasing sample-efficiency and enabling learning from sparse long-horizon reward signals. Importantly, the policy can learn to improve beyond the performance of the sub-optimal prior since the prior's influence is annealed gradually. During deployment, the policy's uncertainty provides a reliable strategy for transferring a simulation-trained policy to the real world by falling back to the prior controller in uncertain states. We show the efficacy of our Multiplicative Controller Fusion approach on the task of robot navigation and demonstrate safe transfer from simulation to the real world without any fine-tuning. The code for this project is made publicly available at https://sites.google.com/view/mcf-nav/home.
Zhao, Bushi, Zhang, Hao, Luo, Yixi.  2020.  Automatic Error Correction Technology for the Same Field in the Same Kind of Power Equipment Account Data. 2020 IEEE 3rd International Conference of Safe Production and Informatization (IICSPI). :153—157.
Account data of electrical power system is the link of all businesses in the whole life cycle of equipment. It is of great significance to improve the data quality of power equipment account data for improving the information level of power enterprises. In the past, there was only the error correction technology to check whether it was empty and whether it contained garbled code. The error correction technology for same field of the same kind of power equipment account data is proposed in this paper. Combined with the characteristics of production business, the possible similar power equipment can be found through the function location type and other fields of power equipment account data. Based on the principle of search scoring, the horizontal comparison is used to search and score in turn. Finally, the potential spare parts and existing data quality are identified according to the scores. And judge whether it is necessary to carry out inspection maintenance.
Konwar, Kishori M., Kumar, Saptaparni, Tseng, Lewis.  2020.  Semi-Fast Byzantine-tolerant Shared Register without Reliable Broadcast. 2020 IEEE 40th International Conference on Distributed Computing Systems (ICDCS). :743—753.
Shared register emulations on top of message-passing systems provide an illusion of a simpler shared memory system which can make the task of a system designer easier. Numerous shared register applications have a considerably high read-to-write ratio. Thus, having algorithms that make reads more efficient than writes is a fair trade-off.Typically, such algorithms for reads and writes are asymmetric and sacrifice the stringent consistency condition atomicity, as it is impossible to have fast reads for multi-writer atomicity. Safety is a consistency condition that has has gathered interest from both the systems and theory community as it is weaker than atomicity yet provides strong enough guarantees like "strong consistency" or read-my-write consistency. One requirement that is assumed by many researchers is that of the reliable broadcast (RB) primitive, which ensures the "all or none" property during a broadcast. One drawback is that such a primitive takes 1.5 rounds to complete and requires server-to-server communication.This paper implements an efficient multi-writer multi-reader safe register without using a reliable broadcast primitive. Moreover, we provide fast reads or one-shot reads – our read operations can be completed in one round of client-to-server communication. Of course, this comes with the price of requiring more servers when compared to prior solutions assuming reliable broadcast. However, we show that this increased number of servers is indeed necessary as we prove a tight bound on the number of servers required to implement Byzantine-fault tolerant safe registers in a system without reliable broadcast.We extend our results to data stored using erasure coding as well. We present an emulation of single-writer multi-reader safe register based on MDS codes. The usage of MDS codes reduces storage and communication costs. On the negative side, we also show that to use MDS codes and at the same time achieve one-shot reads, we need even more servers.
Jana, Angshuman, Maity, Dipendu.  2020.  Code-based Analysis Approach to Detect and Prevent SQL Injection Attacks. 2020 11th International Conference on Computing, Communication and Networking Technologies (ICCCNT). :1—6.

Now-a-days web applications are everywhere. Usually these applications are developed by database program which are often written in popular host programming languages such as C, C++, C\#, Java, etc., with embedded Structured Query Language (SQL). These applications are used to access and process crucial data with the help of Database Management System (DBMS). Preserving the sensitive data from any kind of attacks is one of the prime factors that needs to be maintained by the web applications. The SQL injection attacks is one of the important security threat for the web applications. In this paper, we propose a code-based analysis approach to automatically detect and prevent the possible SQL Injection Attacks (SQLIA) in a query before submitting it to the underlying database. This approach analyses the user input by assigning a complex number to each input element. It has two part (i) input clustering and (ii) safe (non-malicious) input identification. We provide a details discussion of the proposal w.r.t the literature on security and execution overhead point of view.

Herrera, Adrian.  2020.  Optimizing Away JavaScript Obfuscation. 2020 IEEE 20th International Working Conference on Source Code Analysis and Manipulation (SCAM). :215—220.

JavaScript is a popular attack vector for releasing malicious payloads on unsuspecting Internet users. Authors of this malicious JavaScript often employ numerous obfuscation techniques in order to prevent the automatic detection by antivirus and hinder manual analysis by professional malware analysts. Consequently, this paper presents SAFE-DEOBS, a JavaScript deobfuscation tool that we have built. The aim of SAFE-DEOBS is to automatically deobfuscate JavaScript malware such that an analyst can more rapidly determine the malicious script's intent. This is achieved through a number of static analyses, inspired by techniques from compiler theory. We demonstrate the utility of SAFE-DEOBS through a case study on real-world JavaScript malware, and show that it is a useful addition to a malware analyst's toolset.

Rizvi, Syed R, Lubawy, Andrew, Rattz, John, Cherry, Andrew, Killough, Brian, Gowda, Sanjay.  2020.  A Novel Architecture of Jupyterhub on Amazon Elastic Kubernetes Service for Open Data Cube Sandbox. IGARSS 2020 - 2020 IEEE International Geoscience and Remote Sensing Symposium. :3387—3390.

The Open Data Cube (ODC) initiative, with support from the Committee on Earth Observation Satellites (CEOS) System Engineering Office (SEO) has developed a state-of-the-art suite of software tools and products to facilitate the analysis of Earth Observation data. This paper presents a short summary of our novel architecture approach in a project related to the Open Data Cube (ODC) community that provides users with their own ODC sandbox environment. Users can have a sandbox environment all to themselves for the purpose of running Jupyter notebooks that leverage the ODC. This novel architecture layout will remove the necessity of hosting multiple users on a single Jupyter notebook server and provides better management tooling for handling resource usage. In this new layout each user will have their own credentials which will give them access to a personal Jupyter notebook server with access to a fully deployed ODC environment enabling exploration of solutions to problems that can be supported by Earth observation data.

Đuranec, A., Gruičić, S., Žagar, M..  2020.  Forensic analysis of Windows 10 Sandbox. 2020 43rd International Convention on Information, Communication and Electronic Technology (MIPRO). :1224—1229.

With each Windows operating system Microsoft introduces new features to its users. Newly added features present a challenge to digital forensics examiners as they are not analyzed or tested enough. One of the latest features, introduced in Windows 10 version 1909 is Windows Sandbox; a lightweight, temporary, environment for running untrusted applications. Because of the temporary nature of the Sandbox and insufficient documentation, digital forensic examiners are facing new challenges when examining this newly added feature which can be used to hide different illegal activities. Throughout this paper, the focus will be on analyzing different Windows artifacts and event logs, with various tools, left behind as a result of the user interaction with the Sandbox feature on a clear virtual environment. Additionally, the setup of testing environment will be explained, the results of testing and interpretation of the findings will be presented, as well as open-source tools used for the analysis.

Kishore, Pushkar, Barisal, Swadhin Kumar, Prasad Mohapatra, Durga.  2020.  JavaScript malware behaviour analysis and detection using sandbox assisted ensemble model. 2020 IEEE REGION 10 CONFERENCE (TENCON). :864—869.

Whenever any internet user visits a website, a scripting language runs in the background known as JavaScript. The embedding of malicious activities within the script poses a great threat to the cyberworld. Attackers take advantage of the dynamic nature of the JavaScript and embed malicious code within the website to download malware and damage the host. JavaScript developers obfuscate the script to keep it shielded from getting detected by the malware detectors. In this paper, we propose a novel technique for analysing and detecting JavaScript using sandbox assisted ensemble model. We extract the payload using malware-jail sandbox to get the real script. Upon getting the extracted script, we analyse it to define the features that are needed for creating the dataset. We compute Pearson's r between every feature for feature extraction. An ensemble model consisting of Sequential Minimal Optimization (SMO), Voted Perceptron and AdaBoost algorithm is used with voting technique to detect malicious JavaScript. Experimental results show that our proposed model can detect obfuscated and de-obfuscated malicious JavaScript with an accuracy of 99.6% and 0.03s detection time. Our model performs better than other state-of-the-art models in terms of accuracy and least training and detection time.