ISSN: 2032-9393
Downloads: 110535
Submit Article
Submission Instructions
Open Access Information
Ethics and Malpractice Statement
Most Recent Issue
2021
Issue 27
2020
Issue 24Issue 26Issue 25Issue 23
2019
Issue 22Issue 21Issue 20Issue 19
2018
Issue 18Issue 17Issue 16Issue 15
2017
Issue 14Issue 13Issue 12Issue 11
2016
Issue 10Issue 9Issue 8Issue 7
2015
Issue 6Issue 5Issue 4Issue 3
2011
Issue 2Issue 1

EAI Endorsed Transactions on Security and Safety

Editor(s)-in-Chief: Sencun Zhu and David Mohaisen

Growing threats and increasingly also failures due to complexity may compromise the security and resilience of network and service infrastructures. Applications and services require security of data handling and we need new security architectures and scalable and interoperable security policies for this. There is a need to guarantee end-to-end security in data communications and storage, including identity management and authentication.

Moreover, we need technology to enable network security monitoring and tracing and to assess the trustworthiness of infrastructures and services. It must ensure the protection of personal data and privacy and to properly assign liability and risks, together with the appropriate governance models needed to do so. Furthermore this is applied to the settings of Public Safety in general.

  • Yao Liu (University of South Florida, USA)
  • Kai Zeng (George Mason University, USA)
  • Rui Zhang (University of Delaware, USA)
  • Linhai Song (Penn State University, USA)
  • Zhiguo Wan (Shangdong University, China)
  • Issa Khalil (Qatar Computing Research Institute, Qatar)
  • George Kesidis (Penn State University, USA)
  • Amro Awad (University of Central Florida, USA)
  • Eric Chan-Tin (Loyola University Chicago, USA)
  • Karim Elish (Florida Polytechnic University, USA)
  • Joongheon Kim (Korea University, Korea)
  • Eugene Vasserman (Kansas State University, USA)
  • An Wang (Case Western Reserve University, USA)
  • Jiawei Yuan (Embry-Riddle Aeronautical University, USA)
  • Mohammad Ashiqur Rahman (Florida International University, USA)
  • Sachin Shetty (Old Dominion University, USA)
  • Jeffrey Spaulding (Niagara University, USA)
  • Zhongshu Gu (IBM, USA)
  • Shujun Li (University of Kent, UK)
  • Heng Zhang (Western Sydney University, Australia)
  • Kaiqi Xiong (University of South Florida, USA)
  • Mohamed Amine Ferrag (Guelma University, Algeria)
  • Bo Luo (University of Kansas, USA)
  • Zhen Huang (DePaul University, USA)

Sencun Zhu1

Dr. Sencun Zhu is an associate professor of Department of Computer Science and Engineering at The Pennsylvania State University (PSU). He received the B.S. degree in precision instruments from Tsinghua University, , the M.S. degree in signal processing from the University of Science and Technology of China, Graduate School at Beijing, and the Ph.D. degree in information technology from George Mason University in 1996, 1999, and 2004, respectively. His research interests include wireless and mobile security, software and network security, fraud detection, and user online safety and privacy. . More details of his research can be found in http://www.cse.psu.edu/~sxz16/.

David Mohaisen2

University of Central Florida, USA


1: Department of Computer Science and Engineering and College of Information Sciences and Technology at The Pennsylvania State University (PSU)
2: University of Central Florida, USA

  • Privacy Preserving Collaborative Machine Learning

    Appears in:
    sesa 18: e3

    Authors:
    Zheyuan Liu, Rui Zhang

    Published:
    14th Jul 2021

    Abstract:
    Collaborative machine learning is a promising paradigm that allows multiple participants to jointly train a machine learning model without exposing their private datasets to other parties. Although collaborative machine learning is more privacy-friendly compared with conventiona…Collaborative machine learning is a promising paradigm that allows multiple participants to jointly train a machine learning model without exposing their private datasets to other parties. Although collaborative machine learning is more privacy-friendly compared with conventional machine learning methods, the intermediate model parameters exchanged among different participants in the training process may still reveal sensitive information about participants’ local datasets. In this paper, we introduce a novel privacy-preserving collaborative machine learning mechanism by utilizing two non-colluding servers to perform secure aggregation of the intermediate parameters from participants. Compared with other existing solutions, our solution can achieve the same level of accuracy while incurring significantly lower computational cost.
     more »

  • Side-channel Programming for Software Integrity Checking

    Appears in:
    sesa 18: e2

    Authors:
    Hong Liu, Eugene Y. Vasserman

    Published:
    2nd Jun 2021

    Abstract:
    Verifying software integrity for embedded systems, especially legacy and deployed systems, is very challenging. Ordinary integrity protection and verification methods rely on sophisticated processors or security hardware, and cannot be applied to many embedded systems due to …Verifying software integrity for embedded systems, especially legacy and deployed systems, is very challenging. Ordinary integrity protection and verification methods rely on sophisticated processors or security hardware, and cannot be applied to many embedded systems due to cost, energy consumption, and inability of update. Furthermore, embedded systems are often small computers on a single chip, making it more difficult to verify integrity without invasive access to the hardware. In this work, we propose “side-channel programming”, a novel method to assist with non-intrusive software integrity checking by transforming code in a functionality-preserving manner while making it possible to verify the internal state of a running device via side-channels. To do so, we first need to accurately profile the side-channel emanations of an embedded device. Using new black-box side-channel profiling techniques, we show that it is possible to build accurate side-channel models of a PIC microcontroller with no prior knowledge of the detailed microcontroller architecture. It even allows us to uncover undocumented behavior of the microcontroller. Then we show how to “side-channel program” the target device in a way that we can verify its internal state from simply measuring the passive side-channel emanations.
     more »

  • Impact of Personality Types and Matching Messaging on Password Strength

    Appears in:
    sesa 18: e1

    Authors:
    Anna Bakas, Anne Wagner, Spencer Johnston, Shelia Kennison, Eric Chan-Tin

    Published:
    1st Jun 2021

    Abstract:
    People often create passwords for their accounts that are insecure. An insecure password is often easy to guess– thus, hackers can easily access their victims’ accounts. It is important for users to know how to create and manage secure passwords so they can better protect themselves from hackers. I…People often create passwords for their accounts that are insecure. An insecure password is often easy to guess– thus, hackers can easily access their victims’ accounts. It is important for users to know how to create and manage secure passwords so they can better protect themselves from hackers. It is well-known that different users have different personality types, such as Big Five and True Colors. This research examines if there is any link between personality types and password security behavior. Each participant was shown either a matching or mismatching message based on their personality type, and it was measured whether their password security behavior changed a month later. Our results show that 66% of participants with a Green (knowledgeable and competent) personality type chose a strong password, compared to less than 50% of other personality types. Our results also demonstrate that messaging has a statistical impact on improving password security behavior.
     more »

  • Shoal: A Network Level Moving Target Defense Engine with Software Defined Networking

    Appears in:
    sesa 20(25): e5

    Author:
    Li Wang

    Published:
    1st Jun 2021

    Abstract:
    Moving Target Defense (MTD) was proposed as a promising defense paradigm to introduce various uncertainties into computer systems, which can greatly raise the bar for the attackers. Currently, there are two classes of MTD research over computer system, system level MTD and network leve…Moving Target Defense (MTD) was proposed as a promising defense paradigm to introduce various uncertainties into computer systems, which can greatly raise the bar for the attackers. Currently, there are two classes of MTD research over computer system, system level MTD and network level MTD. System level MTD research introduces uncertainties to various aspects of computer systems; while network level MTD research brings unpredictability of network properties to the target network. A lot of network level MTD research has been proposed, which covers various aspects of computer network. However, the existing MTD approaches usually target on one aspect of computer network, and most of them are designed against a certain network security threat. They can hardly defend against complex attacks or provide complicated protections. In this paper, we propose Shoal, a Moving Target Defense engine with multiple MTD strategies over SDN networks.By applying hybrid and multiple network level MTD methods, Shoal is capable of providing complicated protections and defending advanced attacks. We evaluate Shoal in two advanced protection scenarios, moving target surface and Crossfire attack. The evaluation results, in term of security effectiveness and performance cost, show the protection provided by Shoal’s hybrid MTD methods is effective and the performance cost is relatively low.
     more »

  • Characterizing and Leveraging Granger Causality in Cybersecurity: Framework and Case Study

    Appears in:
    sesa 20(25): e4

    Authors:
    Van Trieu-Do, Richard Garcia-Lebron, Maochao Xu, Shouhuai Xu, Yusheng Feng

    Published:
    11th May 2021

    Abstract:
    Causality is an intriguing concept that once tamed, can have many applications. While having been widely investigated in other domains, its relevance and usefulness in the cybersecurity domain has received little attention. In this paper, we present a systematic investigation of a particular approa…Causality is an intriguing concept that once tamed, can have many applications. While having been widely investigated in other domains, its relevance and usefulness in the cybersecurity domain has received little attention. In this paper, we present a systematic investigation of a particular approach to causality, known as Granger causality (G-causality), in cybersecurity. We propose a framework, dubbed Cybersecurity Granger Causality (CGC), for characterizing the presence of G-causality in cyber attack rate time series and for leveraging G-causality to predict (i.e., forecast) cyber attack rates. The framework offers a range of research questions, which can be adopted or adapted to study G-causality in other kinds of cybersecurity time series data. In order to demonstrate the usefulness of CGC, we present a case study by applying it to a particular cyber attack dataset collected at a honeypot. From this case study, we draw a number of insights into the usefulness and limitations of G-causality in the cybersecurity domain.
     more »

  • A study of user experiences and network analysis on anonymity and traceability of bitcoin transactions

    Appears in:
    sesa 20(25): e3

    Authors:
    M A Hannan Bin Azhar, Robert Vause Whitehead

    Published:
    30th Apr 2021

    Abstract:
    This paper investigates the anonymity of bitcoin transactions and significance of awareness of the technology by bitcoin users, alongside their experiences in tracing transactions. Bitcoin enables users to carry out transactions anonymously with the virtual currency without unveiling where th…This paper investigates the anonymity of bitcoin transactions and significance of awareness of the technology by bitcoin users, alongside their experiences in tracing transactions. Bitcoin enables users to carry out transactions anonymously with the virtual currency without unveiling where the real-world source of the income has come from. These transactions may occur without revealing locations or any personal identifiable information of the person who is sending or receiving bitcoins. While there are existing surveys which test bitcoin users’ awareness of the technology, they do not focus on bitcoin users’own experience using the technology in terms of tracing transactions and use of anti-forensic tools to increase the level of anonymity. This paper reports significance of users’ opinions on traceability and anonymity of bitcoin transactions and compares users’ viewpoints collected from a survey with experimental findings observed using network analysis tools.
     more »

  • Evaluating the Impact of Sandbox Applications on Live Digital Forensics Investigation

    Appears in:
    sesa 20(25): e2

    Authors:
    Reem Bashir, Helge Janicke, Wen Zeng

    Published:
    8th Apr 2021

    Abstract:
    Sandbox applications can be used as anti-forensics techniques to hide important evidence in the digital forensics investigation. There is limited research on sandboxing technologies, and the existing researches on sandboxing are focusing on the technology itself. The impact of sandbox…Sandbox applications can be used as anti-forensics techniques to hide important evidence in the digital forensics investigation. There is limited research on sandboxing technologies, and the existing researches on sandboxing are focusing on the technology itself. The impact of sandbox applications on live digital forensics investigation has not been systematically analysed and documented. In this study, we proposed a methodology to analyse sandbox applications on Windows systems. The impact of having standalone sandbox applications on Windows operating systems image was evaluated. Experiments were conducted to examine the artefacts of three sandbox applications: Sandboxie, BufferZone and ToolWiz Time Freeze on Windows 7, Windows Server12 R2 and Windows XP operating systems in 2018. We found that (1) only the installed applications can be found after deleting the ToolWiz Time Freeze content. Unlike Sandboxie, the data can be retrieved from the memory images even after deleting the application’s content if the system was not restated; (2) not all the sandbox applications data will be deleted after restarting the systems, e.g., BufferZone’s content can be retrieved even after restarting the system.
     more »

  • Is E-voting Systems based on Blockchain Technology Efficient in Nigeria General Elections?

    Appears in:
    sesa 20(25): e1

    Authors:
    Friday Ehi Ikuero, Vasileios Germanos, Laurence Brooks, Wen Zeng

    Published:
    10th Mar 2021

    Abstract:
    One of the most common problems of election in Nigeria is inefficient data management. All subsequent elections were blighted by inefficient data management that resulted in violence in the country and distrust among political parties. These flaws prompted the government at …One of the most common problems of election in Nigeria is inefficient data management. All subsequent elections were blighted by inefficient data management that resulted in violence in the country and distrust among political parties. These flaws prompted the government at different times to modify the nation’s electoral systems ranging from party systems to electoral management body reformation and electronics verification technologies. In this paper, we investigated the opinions of 71 Nigeria citizens about the Nigeria General Elections (NGEs) processes and data management in these processes. We found that the majority of the participants rated the existing voting system in Nigeria to be of low effectiveness and reliability. The majority of the participants believe that an e-voting system based on Blockchain technology has the capability to prevent alterations in the voting processes.
     more »

  • CLETer: A Character-level Evasion Technique Against Deep Learning DGA Classifiers

    Appears in:
    sesa 21(24): e5

    Authors:
    Wanping Liu, Zhoulan Zhang, Cheng Huang, Yong Fang

    Published:
    18th Feb 2021

    Abstract:
    The detection of pseudo-random domain names generated by Domain Generation Algorithms (DGAs) is one of the effective ways to find botnets. Study on the vulnerability of deep learning models to adversarial attacks can enhance the robustness of DGA detection mechanism. This paper proposes CLETer, an …The detection of pseudo-random domain names generated by Domain Generation Algorithms (DGAs) is one of the effective ways to find botnets. Study on the vulnerability of deep learning models to adversarial attacks can enhance the robustness of DGA detection mechanism. This paper proposes CLETer, an improved DGA that provides a character-level evasion technique against state-of-the-art DGA classifiers. Based on existing DGA domain names, CLETer can intelligently generate adversarial examples by quantifying the influence of every character to the classification result and then changing the important characters. Those improved domain names can easily evade being detected and show good transferability. The experimental results demonstrate that when modifying only two characters, CLETer can effectively lower the LSTM classifier’s recall from 99.76% to 1.29% and drop the CNN classifier’s recall from 99.36% to 3.64%. It is proved that adversarial retraining is a viable defense strategy to CLETer.
     more »

  • Authenticating Video Feeds using Electric Network Frequency Estimation at the Edge

    Appears in:
    sesa 21(24): e4

    Authors:
    Deeraj Nagothu, Yu Chen, Alexander Aved, Erik Blasch

    Published:
    4th Feb 2021

    Abstract:
    Large scale Internet of Video Things (IoVT) supports situation awareness for smart cities; however, the rapid development in artificial intelligence (AI) technologies enables fake video/audio streams and doctored images to fool smart city security operators. Authenticating visual/audi…Large scale Internet of Video Things (IoVT) supports situation awareness for smart cities; however, the rapid development in artificial intelligence (AI) technologies enables fake video/audio streams and doctored images to fool smart city security operators. Authenticating visual/audio feeds becomes essential for safety and security, from which an Electric Network Frequency (ENF) signal collected from the power grid is a prominent authentication mechanism. This paper proposes an ENF-based Video Authentication method using steady Superpixels (EVAS). Video superpixels group the pixels with uniform intensities and textures to eliminate the impacts from the fluctuations in the ENF estimation. An extensive experimental study validated the effectiveness of the EVAS system. Aiming at the environments with interconnected surveillance camera systems at the edge powered by an electricity grid, the proposed EVAS system achieved the design goal of detecting dissimilarities in the image sequences.
     more »

  • Toward A Network-Assisted Approach for Effective Ransomware Detection

    Appears in:
    sesa 21(24): e3

    Authors:
    Tianrou Xia, Yuanyi Sun, Sencun Zhu, Zeeshan Rasheed, Khurram Shafique

    Published:
    28th Jan 2021

    Abstract:
    Ransomware is one kind of malware using cryptography to prevent victims from normal use of their computers. As a result, victims lose the access to their files and desktops unless they pay the ransom to the attackers. By the end of 2019, ransomware attack had caused…Ransomware is one kind of malware using cryptography to prevent victims from normal use of their computers. As a result, victims lose the access to their files and desktops unless they pay the ransom to the attackers. By the end of 2019, ransomware attack had caused more than 10 billion dollars of financial loss to enterprises and individuals. In this work, we propose a Network-Assisted Approach (NAA), which contains local detection and network-level detection, to help user determine whether a machine has been infected by ransomware. To evaluate its performance, we built 100 containers in Docker to simulate network scenarios. A hybrid ransomware sample which is close to real-world ransomware is deployed on stimulative infected machines. The experiment results show that our network-level detection mechanisms are separately applicable to WAN and LAN scenarios for ransomware detection.
     more »

  • GIP3: Make Privacy Preserving be Easier on Cloud

    Appears in:
    sesa 21(27): e5

    Authors:
    Shiying Pan, Can Yang, Runmin Li

    Published:
    12th Jan 2021

    Abstract:
    The lack of data privacy preserving tools in the cloud is an urgent issue to solve today. To meet the needs of data sharing and data publishing, this paper proposed a cloud-oriented privacy preserving framework, in which we designed and implemented a SaaS data privacy preserving pla…The lack of data privacy preserving tools in the cloud is an urgent issue to solve today. To meet the needs of data sharing and data publishing, this paper proposed a cloud-oriented privacy preserving framework, in which we designed and implemented a SaaS data privacy preserving platform, called GIP3 (General Web Data Interface - Privacy Preserving Protocol). This platform supports a variety of mainstream privacy preserving approaches, and users can use them to implement data privacy preserving and evaluate the utility of data with different information loss metrics. This platform integrates with an general web data interface to perform a cloud-oriented multi-tenant data management, which provides a complete data service chain from system construction, collection, management and maintenance, privacy preserving, to publishing. In a word, it makes data privacy preserving be easier on the cloud.
     more »

  • A Rekeying Scheme for Encrypted Deduplication Storage based on NTRU

    Appears in:
    sesa 21(27): e4

    Authors:
    GuanXiong Ha, Hang Chen, Ruiqi Li, Wei Shao, Chunfu Jia

    Published:
    12th Jan 2021

    Abstract:
    Rekeying is a common way to protect outsourced data against key compromise and to enable data owners to enforce access control on their data. However, existing rekeying schemes are difficult to apply to the encryption dedu plication system which uses message-locked encryption for allowing the serve…Rekeying is a common way to protect outsourced data against key compromise and to enable data owners to enforce access control on their data. However, existing rekeying schemes are difficult to apply to the encryption dedu plication system which uses message-locked encryption for allowing the server to perform deduplication on users’ outsourced data. In this paper, we propose a new rekeying scheme named REEDBN, which leverages a proxy re-encryption based on NTRU to reduce thecommunicational cost for the system and the com putational overheads for clients during rekeying. We implement the prototype of our scheme and conduct testbed experiments. The results show that our system has much less communicational effort and computational overhead for clients than the previous scheme. Users can even rekey their outsourced data on some mobile terminals which only have limited computation power.
     more »

  • Mouse Underlaying: Global Key and Mouse Listener Based on an Almost Invisible Window with Local Listeners and Sophisticated Focus

    Appears in:
    sesa 18(15): e5

    Author:
    Tim Niklas Witte

    Downloads:
    13690

    Abstract:
    Keyloggers are serious threats for computer users both private and commercial. If an attacker is capable of installing this malware on the victim’s machine then he or she is able to monitor keystrokes of a user. This keylog contains login information. As a consequence, protection and detection tech…Keyloggers are serious threats for computer users both private and commercial. If an attacker is capable of installing this malware on the victim’s machine then he or she is able to monitor keystrokes of a user. This keylog contains login information. As a consequence, protection and detection techniques against keyloggers become increasingly better. This article presents the method of Mouse Underlaying for creating a new kind of software based keyloggers. This method is implemented in Java for testing countermeasures concerning keylogger protection, virtual keyboard, signatures and behavior detection by anti-virus programs. Products of various manufacturers are used for demonstration purposes. All of them failed without an exception. In addition, the reasons why these products failed are analyzed, and moreover, measures against Mouse Underlaying are developed based on the demonstration results.
     more »

  • A Deep Learning Approach for Network Intrusion Detection System

    Appears in:
    sesa 16(9): e2

    Authors:
    Ahmad Javaid, Quamar Niyaz, Weiqing Sun, Mansoor Alam

    Downloads:
    11674

    Abstract:
    A Network Intrusion Detection System (NIDS) helps system administrators to detect network security breaches in their organizations. However, many challenges arise while developing a flexible and efficient NIDS for unforeseen and unpredictable attacks. We propose a deep learning based approach for…A Network Intrusion Detection System (NIDS) helps system administrators to detect network security breaches in
    their organizations. However, many challenges arise while
    developing a flexible and efficient NIDS for unforeseen and unpredictable attacks. We propose a deep learning based approach for developing such an efficient and flexible NIDS.
    We use Self-taught Learning (STL), a deep learning based technique, on NSL-KDD - a benchmark dataset for network
    intrusion. We present the performance of our approach and compare it with a few previous work. Compared metrics include accuracy, precision, recall, and f-measure values.
     more »

  • Threats, Countermeasures and Attribution of Cyber Attacks on Critical Infrastructures

    Appears in:
    sesa 18(16): e1

    Authors:
    Leandros Maglaras, Mohamed Amine Ferrag, Abdelouahid Derhab, Mithun Mukherjee, Helge Janicke, Stylianos Rallis

    Downloads:
    4090

    Abstract:
    As Critical National Infrastructures are becoming more vulnerable to cyber attacks, their protection becomes a significant issue for any organization as well as a nation. Moreover, the ability to attribute is a vital element of avoiding impunity in cyberspace. In this article, we present main threat…As Critical National Infrastructures are becoming more vulnerable to cyber attacks, their protection becomes a significant issue for any organization as well as a nation. Moreover, the ability to attribute is a vital element of avoiding impunity in cyberspace. In this article, we present main threats to critical infrastructures along with protective measures that one nation can take, and which are classified according to legal, technical, organizational, capacity building, and cooperation aspects. Finally we provide an overview of current methods and practices regarding cyber attribution and cyber peace keeping.
     more »

  • Threat Modeling for Cloud Infrastructures

    Appears in:
    sesa 18(17): e5

    Authors:
    Nawaf Alhebaishi, Lingyu Wang, Anoop Singhal

    Downloads:
    2373

    Abstract:
    Today’s businesses are increasingly relying on the cloud as an alternative IT solution due to its flexibility and lower cost. Compared to traditional enterprise networks, a cloud infrastructure is typically much larger and more complex. Understanding the potential security threats in such infrastruc…Today’s businesses are increasingly relying on the cloud as an alternative IT solution due to its flexibility and lower cost. Compared to traditional enterprise networks, a cloud infrastructure is typically much larger and more complex. Understanding the potential security threats in such infrastructures is naturally more challenging than in traditional networks. This is evidenced by the fact that there are limited efforts on threat modeling for cloud infrastructures. In this paper, we conduct comprehensive threat modeling exercises based on two representative cloud infrastructures using several popular threat modeling methods, including attack surface, attack trees, attack graphs, and security metrics based on attack trees and attack graphs, respectively. Those threat modeling efforts may provide cloud providers useful lessons toward better understanding and improving the security of their cloud infrastructures. In addition, we show how hardening solution can be applied based on the threat models and security metrics through extended exercises. Such results may not only benefit the cloud provider but also embed more confidence in cloud tenants by providing them a clearer picture of the potential threats and mitigation solutions.
     more »

  • Evaluation of Cryptography Usage in Android Applications

    Appears in:
    sesa 16(9): e4

    Authors:
    Alexia Chatzikonstantinou, Christoforos Ntantogian, Georgios Karopoulos, Christos Xenakis

    Downloads:
    2308

    Abstract:
    Mobile application developers are using cryptography in their products to protect sensitive data like passwords, short messages, documents etc. In this paper, we study whether cryptography and related techniques are employed in a proper way, in order to protect these private data. To this end, we d…Mobile application developers are using cryptography in their products to protect sensitive data like passwords, short messages, documents etc. In this paper, we study whether cryptography and related techniques are employed in a proper way, in order to protect these private data. To this end, we downloaded 49 Android applications from the Google Play marketplace and performed static and dynamic analysis in an attempt to detect possible cryptographic misuses. The results showed that 87.8% of the applications present some kind of misuse, while for the rest of them no cryptography usage was detected during the analysis. Finally, we suggest countermeasures, mainly intended for developers, to alleviate the issues identified by the analysis.
     more »

  • Reviewing the book “Principles of Cyber-physical Systems” from a security perspective

    Appears in:
    sesa 15(4): e6

    Authors:
    Minghui Zhu, Peng Liu

    Downloads:
    2034

    Abstract:
    This is a review of the book “Principles of Cyber-physical Systems” authored by Rajeev Alur and published by the MIT Press at 2015.This is a review of the book “Principles of Cyber-physical Systems” authored by Rajeev Alur and published by the MIT Press at 2015.
     more »

  • A V2X Message Evaluation Methodology and Cross-Domain Modelling of Safety Applications in V2X-enabled E/E-Architectures

    Appears in:
    sesa 16(8): e1

    Authors:
    Harald Bucher, Marius-Florin Buciuman, Alexander Klimm, Oliver Sander, Jürgen Becker

    Downloads:
    1770

    Abstract:
    The introduction of Vehicular Ad-Hoc Networks (VANETs) enables great potential for improving road traffic flow and especially active safety applications such as cooperative adaptive cruise control (CACC). Such applications not only rely on continuous broadcast of vehicle state information (beacons)…The introduction of Vehicular Ad-Hoc Networks (VANETs) enables great potential for improving road traffic flow and especially active safety applications such as cooperative adaptive cruise control (CACC). Such applications not only rely on continuous broadcast of vehicle state information (beacons) of all vehicles, but also have strict real-time requirements. Regarding automotive E/E architectures this continuous broadcasting adds heavy internal E/E data traffic that needs to be processed in real-time by Electronic Control Units (ECUs).
    In this work we address this issue by proposing a novel cluster-based message evaluation methodology to significantly reduce internal E/E network traffic by discarding irrelevant messages. The approach is only depending on information received over beacons. It combines a vehicle clustering strategy as well as network and vehicle state monitoring capabilities in order to correctly evaluate messages under real-time constraints. The proposed methodology is modeled inside an abstract ECU. It is evaluated by simulating a model-based CACC application under different traffic scenarios. It is shown that a significant reduction of messages is achievable, while still guaranteeing accident-free behavior of CACC.
     more »

  • A Deep Learning Based DDoS Detection System in Software-Defined Networking (SDN)

    Appears in:
    sesa 17(12): e2

    Authors:
    Quamar Niyaz, Weiqing Sun, Ahmad Y. Javaid

    Downloads:
    1743

    Abstract:
    Distributed Denial of Service (DDoS) is one of the most prevalent attacks that an organizational network infrastructure comes across nowadays. Poor network management, low-priced Internet subscriptions, and readily available attack tools can be attributed to their rise. The recently emerged softwar…Distributed Denial of Service (DDoS) is one of the most prevalent attacks that an organizational network infrastructure comes across nowadays. Poor network management, low-priced Internet subscriptions, and readily available attack tools can be attributed to their rise. The recently emerged software-defined networking (SDN) and deep learning (DL) concepts promise to revolutionize their respective domains. SDN keeps the global view of the entire managed the network from a single point, i.e., the controller, thus making the network management easier. DL-based approaches improve feature extraction/reduction from a high-dimensional dataset such as network traffic headers. This work proposes a deep learning based multi-vector DDoS detection system in an SDN environment. The detection system is implemented as a network application on top of the SDN controller and can monitor the managed network traÿc. Performance evaluation is based on different metrics by applying the system on traÿc traces collected from different scenarios. A high accuracy with low false-positive rate is observed in attack detection for the proposed system.
     more »

  • Forget the Myth of the Air Gap: Machine Learning for Reliable Intrusion Detection in SCADA Systems

    Appears in:
    sesa 19(19): e3

    Authors:
    Rocio Lopez Perez, Florian Adamsky, Ridha Soua, Thomas Engel

    Downloads:
    1595

    Abstract:
    Since Critical Infrastructures (CIs) use systems and equipment that are separated by long distances, Supervisory Control And Data Acquisition (SCADA) systems are used to monitor their behaviour and to send commands remotely. For a long time, operator of CIs applied the air gap principle, a security…Since Critical Infrastructures (CIs) use systems and equipment that are separated by long distances, Supervisory Control And Data Acquisition (SCADA) systems are used to monitor their behaviour and to send commands remotely. For a long time, operator of CIs applied the air gap principle, a security strategy that physically isolates the control network from other communication channels. True isolation, however, is difficult nowadays due to the massive spread of
    connectivity: using open protocols and more connectivity opens new network attacks against CIs. To cope with this dilemma, sophisticated security measures are needed to address malicious intrusions, which are steadily increasing in number and
    variety. However, traditional Intrusion Detection Systems (IDSs) cannot detect attacks that are not already present in their databases. To this end, we assess in this paper Machine Learning (ML) techniques for anomaly detection in SCADA systems
    using a real data set collected from a gas pipeline system and provided by the Mississippi State University (MSU). The contribution of this paper is two-fold: 1) The evaluation of four techniques for missing data estimation and two techniques for data normalization, 2) The performances of Support Vector Machine (SVM), Random Forest (RF), Bidirectional Long
    Short Term Memory (BLSTM) are assessed in terms of accuracy, precision, recall and F1 score for intrusion detection. Two cases are differentiated: binary and categorical classifications. Our experiments reveal that RF and BLSTM detect intrusions effectively, with an F1 score of respectively > 99% and > 96%.
     more »

  • ITFComp: A Compression Algorithm for ARM Architecture Instruction Trace Files

    Appears in:
    sesa 16(8): e2

    Authors:
    Mohammad Qasem, Lukas Pustina

    Downloads:
    1499

    Abstract:
    Testing the performance of a new computational component is costly due to the need of prototyping different setups. Therefore, trace driven hardware simulations are used. Instruction Trace Files (ITFs) are files containing traces of executed instructions in a program's run and are used as an input …Testing the performance of a new computational component is costly due to the need of prototyping different setups. Therefore, trace driven hardware simulations are used. Instruction Trace Files (ITFs) are files containing traces of executed instructions in a program's run and are used as an input for hardware simulations. ITFs tend to be large in size, causing a storage challenge. Many trace reduction techniques exist to deal with the ITFs' storage challenge. In this paper we introduce ITFComp, a compression algorithm that combines general purpose compression methods with knowledge about ARM architecture ITFs' structure to reduce their size. ITFComp also works on compressing data memory addresses accessed by instructions within ITFs to further reduce an ITF size. Results show a reduction of 600 times on average when combined with LZMA compression algorithm. This reduction is 4 times better than when using LZMA alone, and 10 times better than when using DEFLATE. ITFComp introduces a negligible overhead in the decompression time (less than 1%).
     more »
Publisher
EAI
ISSN
2032-9393
Number of Volumes
8
Last Published
2021-01-12