ISSN: 2032-9393
Downloads: 149950
Submit Article
Submission Instructions
Open Access Information
Ethics and Malpractice Statement
Most Recent Issue
2021
Issue 29Issue 28Issue 27
2020
Issue 24Issue 26Issue 25Issue 23
2019
Issue 22Issue 21Issue 20Issue 19
2018
Issue 18Issue 17Issue 16Issue 15
2017
Issue 14Issue 13Issue 12Issue 11
2016
Issue 10Issue 9Issue 8Issue 7
2015
Issue 6Issue 5Issue 4Issue 3
2011
Issue 2Issue 1

EAI Endorsed Transactions on Security and Safety

Visit the new journal website to submit and consult our contents: https://publications.eai.eu/index.php/sesa/index

Editor(s)-in-Chief: Sencun Zhu and Rui Zhang

Growing threats and increasingly also failures due to complexity may compromise the security and resilience of network and service infrastructures. Applications and services require security of data handling and we need new security architectures and scalable and interoperable security policies for this. There is a need to guarantee end-to-end security in data communications and storage, including identity management and authentication.

Moreover, we need technology to enable network security monitoring and tracing and to assess the trustworthiness of infrastructures and services. It must ensure the protection of personal data and privacy and to properly assign liability and risks, together with the appropriate governance models needed to do so. Furthermore this is applied to the settings of Public Safety in general.

  • Yao Liu (University of South Florida, USA)
  • Kai Zeng (George Mason University, USA)
  • Linhai Song (Penn State University, USA)
  • Zhiguo Wan (Shangdong University, China)
  • Issa Khalil (Qatar Computing Research Institute, Qatar)
  • George Kesidis (Penn State University, USA)
  • Amro Awad (University of Central Florida, USA)
  • Eric Chan-Tin (Loyola University Chicago, USA)
  • Karim Elish (Florida Polytechnic University, USA)
  • Joongheon Kim (Korea University, Korea)
  • Eugene Vasserman (Kansas State University, USA)
  • An Wang (Case Western Reserve University, USA)
  • Jiawei Yuan (Embry-Riddle Aeronautical University, USA)
  • Mohammad Ashiqur Rahman (Florida International University, USA)
  • Sachin Shetty (Old Dominion University, USA)
  • Jeffrey Spaulding (Niagara University, USA)
  • Zhongshu Gu (IBM, USA)
  • Shujun Li (University of Kent, UK)
  • Heng Zhang (Western Sydney University, Australia)
  • Kaiqi Xiong (University of South Florida, USA)
  • Mohamed Amine Ferrag (Guelma University, Algeria)
  • Bo Luo (University of Kansas, USA)
  • Zhen Huang (DePaul University, USA)

Sencun Zhu1

Dr. Sencun Zhu is an associate professor of Department of Computer Science and Engineering at The Pennsylvania State University (PSU). He received the B.S. degree in precision instruments from Tsinghua University, , the M.S. degree in signal processing from the University of Science and Technology of China, Graduate School at Beijing, and the Ph.D. degree in information technology from George Mason University in 1996, 1999, and 2004, respectively. His research interests include wireless and mobile security, software and network security, fraud detection, and user online safety and privacy. . More details of his research can be found in http://www.cse.psu.edu/~sxz16/.

Rui Zhang2

Rui Zhang received his Ph.D. degree in Electrical Engineering from the Arizona State University in 2013. He received the B.E. degree in Communication Engineering and the M.E. degree in Communication and Information Systems both from Huazhong University of Science and Technology, China, in 2001 and 2005, respectively. He was an assistant professor in the Department of Electrical Engineering at the University of Hawaii from 2013 to 2016 and a software engineer at UTStarcom, Shenzhen, from 2005 to 2007. He received the NSF CAREER Award in 2017.


1: Department of Computer Science and Engineering and College of Information Sciences and Technology at The Pennsylvania State University (PSU)
2: University of Delaware, USA

  • Comparing Online Surveys for Cybersecurity: SONA and MTurk

    Appears in:
    sesa 18: e3

    Authors:
    Anne Wagner, Anna Bakas, Shelia Kennison, Eric Chan-Tin

    Published:
    8th Feb 2022

    Abstract:
    People have many accounts and usually need to create a password for each. They tend to create insecure passwords and re-use passwords, which can lead to compromised data. This research examines if there is a link between personality type and password security among a variety of participants in tw…People have many accounts and usually need to create a password for each. They tend to create insecure
    passwords and re-use passwords, which can lead to compromised data. This research examines if there is a link
    between personality type and password security among a variety of participants in two groups of participants:
    SONA and MTurk. Each participant in both surveys answered questions based on password security and their
    personality type. Our results show that participants in the MTurk survey were more likely to choose a strong
    password and to exhibit better security behaviors and knowledge than participants in the SONA survey. This
    is mostly attributed to the age difference. However, the distribution of the results was similar for both MTurk
    and SONA. In the second part of our study, we found that security behaviors actually went down – this could
    be due to the pandemic or indicative of a need for more regular messaging/training.
     more »

  • Dynamic Risk Assessment and Analysis Framework for Large-Scale Cyber-Physical Systems

    Appears in:
    sesa 18: e2

    Authors:
    Adeel A. Malik, Deepak K. Tosh

    Published:
    25th Jan 2022

    Abstract:
    Cyberspace is growing at full tilt creating an amalgamation of disparate systems. This heterogeneity leads to increased system complexity and security flaws. It is crucial to understand and identify these flaws to prevent catastrophic events. However, the current state-of-the-art solutions are th…Cyberspace is growing at full tilt creating an amalgamation of disparate systems. This heterogeneity leads
    to increased system complexity and security flaws. It is crucial to understand and identify these flaws to
    prevent catastrophic events. However, the current state-of-the-art solutions are threat-specific and focus on
    either risk, vulnerabilities, or adversary emulation. In this work, we present a scalable Cyber-threats and
    Vulnerability Information Analyzer (CyVIA) framework. CyVIA analyzes cyber risks and abnormalities in
    real-time using multi-formatted knowledge bases derived from open-source vulnerability databases. CyVIA
    achieves the following goals: 1) assess the target network for risk and vulnerabilities, 2) map services and
    policies to network nodes, 3) classify nodes based on severity, and 4) provide consequences, mitigation, and
    relationships for the found vulnerabilities. We use CyVIA and other tools to examine a simulated network for
    threats and compare the results.
     more »

  • How data-sharing nudges influence people's privacy preferences: A machine learning-based analysis

    Appears in:
    sesa 18: e1

    Authors:
    Yang Lu, Shujun Li, Alex Freitas, Athina Ioannou

    Published:
    21st Dec 2021

    Abstract:
    INTRODUCTION: Many online services use data-sharing nudges to solicit personal data from their customers for personalized services. OBJECTIVES: This study aims to study people’s privacy preferences in sharing different types of personal data under different nudging conditions, how digital nudg…INTRODUCTION: Many online services use data-sharing nudges to solicit personal data from their customers for personalized services.


    OBJECTIVES: This study aims to study people’s privacy preferences in sharing different types of personal data under different nudging conditions, how digital nudging can change their data sharing willingness, and if people’s data sharing preferences can be predicted using their responses to a questionnaire.


    METHODS: This paper reports a machine learning-based analysis on people’s privacy preference patterns under four different data-sharing nudging conditions (without nudging, monetary incentives, non-monetary incentives, and privacy assurance). The analysis is based on data collected from 685 UK residents who participated in a panel survey. Their self-reported willingness levels towards sharing 23 different types of personal data were analyzed by using both unsupervised (clustering) and supervised (classification) machine learning algorithms.


    RESULTS: The results led to a better understanding of people’s privacy preference patterns across different data-sharing nudging conditions, e.g., our participants’ preferences are distributed in a space of 48 possible profiles more sparsely than we expected, and the unexpected observation that all the three data-sharing nudging strategies led to an overall negative effect: they led to a reduced level of self-reported willingness for more participants, comparing with the case of no nudging at all. Our experiments with supervised machine learning models also showed that people’s privacy (data-sharing) preference profiles can be automatically predicted with a good accuracy, even when a small questionnaire with just seven questions is used.


    CONCLUSION: Our work revealed a more complicated structure of people’s privacy preference profiles, which have some dependencies on the type of data nudging and the type of personal data shared.
    Such complicated privacy preference profiles can be effectively analyzed using machine learning methods,
    including automatic prediction based on a small questionnaire. The negative results on the overall effect of different data-sharing nudges imply that service providers should consider if and how to use such mechanisms to incentivise their consumers to share personal data. We believe that more consumer-centric and transparent methods and tools should be used to help improve trust between consumers and service providers.
     more »

  • Device Authentication Codes based on RF Fingerprinting using Deep Learning

    Appears in:
    sesa 21(29): e5

    Authors:
    Joshua Bassey, Xiangfang Li, Lijun Qian

    Published:
    30th Nov 2021

    Abstract:
    In this paper, we propose Device Authentication Code (DAC), a novel method for authenticating IoT devices with wireless interface, by exploiting their radio frequency (RF) signatures. The proposed DAC is based on RF fingerprinting, an information-theoretic method, feature learning, and the discrim…In this paper, we propose Device Authentication Code (DAC), a novel method for authenticating IoT devices
    with wireless interface, by exploiting their radio frequency (RF) signatures. The proposed DAC is based on RF fingerprinting, an information-theoretic method, feature learning, and the discriminatory power of deep learning. Specifically, an autoencoder is used to automatically extract features from the RF traces and the reconstruction error is used as the DAC, and this DAC is unique to each individual device. Then Kolmogorov-Smirnov (K-S) test is used to match the distribution of the reconstruction error generated by the receiver and the DAC in the received message, and the result will determine whether the device of interest is an intruder. We validate this concept on two experimentally collected RF traces from six ZigBee devices and five universal software defined radio peripheral devices, respectively. The traces span a range of Signal-to-Noise Ratio by varying locations, mobility of the devices, channel interference, and noise to ensure robustness of
    the model. Experimental results demonstrate that DAC is able to prevent device impersonation by extracting salient features that are unique to each wireless device of interest and can be used to identify radio frequency devices. Furthermore, the proposed method does not need the RF traces of the intruder during model training to be able to identify devices not seen during training, which makes it practical.
     more »

  • FedADMP: A Joint Anomaly Detection and Mobility Prediction Framework via Federated Learning

    Appears in:
    sesa 21(29): e4

    Authors:
    Zezhang Yang, Jian Li, Ping Yang

    Published:
    21st Oct 2021

    Abstract:
    With the proliferation of mobile devices and smart cameras, detecting anomalies and predicting their mobility are critical for enhancing safety in ubiquitous computing systems. Due to data privacy regulations and limited communication bandwidth, it is infeasible to collect, transmit, and store all …With the proliferation of mobile devices and smart cameras, detecting anomalies and predicting their mobility are critical for enhancing safety in ubiquitous computing systems. Due to data privacy regulations and limited communication bandwidth, it is infeasible to collect, transmit, and store all data from mobile devices at a central location. To overcome this challenge, we propose FedADMP, a federated learning based joint Anomaly Detection and Mobility Prediction framework. FedADMP adaptively splits the training process between the server and clients to reduce computation loads on clients. To protect the privacy of user data, clients in FedADMP upload only intermediate model parameters to the cloud server. We also develop a differential privacy method to prevent the cloud server and external attackers from inferring private information during the model upload procedure. Extensive experiments using real-world datasets show that FedADMP consistently outperforms existing methods.
     more »

  • A Comprehensive Survey on Intrusion Detection based Machine Learning for IoT Networks

    Appears in:
    sesa 21(29): e3

    Authors:
    Hela Mliki, Abir Hadj Kaceam, Lamia Chaari

    Published:
    6th Oct 2021

    Abstract:
    The Internet of things (IoT) is a new ubiquitous technology that relies on heterogeneous devices and protocols. The IoT technologies are expected to offer a new level of connectivity thanks to its smart devices able to enhance everyday tasks and facilitate smart decisions based on sensed data. Th…The Internet of things (IoT) is a new ubiquitous technology that relies on heterogeneous devices and protocols.
    The IoT technologies are expected to offer a new level of connectivity thanks to its smart devices able to
    enhance everyday tasks and facilitate smart decisions based on sensed data. The IoT could collect sensitive
    data and should be able to face attacks and privacy issues. The IoT security issue is a hot topic of research
    and industrial concern. Indeed, threats against IoT devices and services could cause security breaches and
    data leakage. Aiming to identify attempts to abuse the IoT systems and mitigate malicious events, this paper
    studied the Intrusion Detection Systems (IDS) based on Machine Learning (ML) techniques. The ML approach
    could provide good tools to detect novel intrusion activities in a timely manner. This paper, therefore,
    highlighted the related issues to develop secured and efficient IoT services. It tried to allow a comprehensive
    review of IoT features and design. It mainly focused on intrusion detection based on the machine learning
    schema and built a taxonomy of different IoT attacks and threats. This paper also compared between the
    different intrusion detection techniques and established a taxonomy of machine leaning methods for intrusion
    detection solutions.
     more »

  • Leveraging attention-based deep neural networks for security vetting of Android applications

    Appears in:
    sesa 21(29): e2

    Authors:
    Prabesh Pathak, Prabesh Poudel, Sankardas Roy, Doina Caragea

    Published:
    27th Sep 2021

    Abstract:
    Many traditional machine learning and deep learning algorithms work as a black box and lack interpretability. Attention-based mechanisms can be used to address the interpretability of such models by providing insights into the features that a model uses to make its decisions. Recent success of atte…Many traditional machine learning and deep learning algorithms work as a black box and lack interpretability. Attention-based mechanisms can be used to address the interpretability of such models by providing insights into the features that a model uses to make its decisions. Recent success of attention-based mechanisms in natural language processing motivates us to apply the idea for security vetting of Android apps. An Android app’s code contains API-calls that can provide clues regarding the malicious or benign nature of an app. By observing the pattern of the API-calls being invoked, we can interpret the predictions of a model trained to separate benign apps from malicious apps. In this paper, using the attention mechanism, we aim to find the API-calls that are predictive with respect to the maliciousness of Android apps. More specifically, we target to identify a set of API-calls that malicious apps exploit, which might help the community discover new signatures of malware. In our experiment, we work with two attention-based models: Bi-LSTM Attention
    and Self-Attention. Our classification models achieve high accuracy in malware detection. Using the attention weights, we also extract the top 200 API-calls (that reflect the malicious behavior of the apps) from each of these two models, and we observe that there is significant overlap between the top 200 API-calls identified by the two models. This result increases our confidence that the top 200 API-calls can be used to improve the interpretability of the models.
     more »

  • Binary Code Similarity Detection through LSTM and Siamese Neural Network

    Appears in:
    sesa 21(29): e1

    Authors:
    Zhengping Luo, Tao Hou, Xiangrong Zhou, Hui Zeng, Zhuo Lu

    Published:
    14th Sep 2021

    Abstract:
    Given the fact that many software projects are closed-source, analyzing security-related vulnerabilities at the binary level is quintessential to protect computer systems from attacks of malware. Binary code similarity detection is a potential solution for detecting malware from the binaries genera…Given the fact that many software projects are closed-source, analyzing security-related vulnerabilities at the binary level is quintessential to protect computer systems from attacks of malware. Binary code similarity detection is a potential solution for detecting malware from the binaries generated by the processor. In this paper, we proposed a malware detection mechanism based on the binaries using machine learning techniques. Through utilizing the Recurrent Neural Network (RNN), more specifically Long Short-Term Memory (LSTM) network, we generate the uniformed feature embedding of each binary file and further take advantage of the Siamese Neural Network to compute the similarity measure of the extracted features. Therefore, the security risks of the software projects can be evaluated through the similarity measure of the corresponding binaries with existing trained malware. Our real-world experimental results demonstrate a convincing performance in
    distinguishing out the outliers, and achieved slightly better performance compared with existing state-of-the-art methods.
     more »

  • Criticality based Optimal Cyber Defense Remediation in Energy Delivery Systems

    Appears in:
    sesa 21(28): e5

    Authors:
    Kamrul Hasan, Sachin Shetty, Md. Sharif Ullah, Amin Hassanzadeh, Tariqul Islam

    Published:
    10th Sep 2021

    Abstract:
    A prioritized cyber defense remediation plan is critical for effective risk management in Energy Delivery System (EDS). Due to the complexity of EDS in terms of heterogeneous nature blending Information Technology (IT) and Operation Technology (OT) and Industrial Control System (ICS), scale and c…A prioritized cyber defense remediation plan is critical for effective risk management in Energy Delivery
    System (EDS). Due to the complexity of EDS in terms of heterogeneous nature blending Information
    Technology (IT) and Operation Technology (OT) and Industrial Control System (ICS), scale and critical
    processes tasks, prioritized remediations should be applied gradually to protect critical assets. In this work,
    we propose a methodology for a prioritized cyber risk remediation plan by detecting and evaluating paths
    to critical nodes in EDS. We propose critical nodes characteristics evaluation based on nodes’ architectural
    positions, a measure of centrality based on nodes’ connectivity and frequency of network traffic, as well as the
    controlled amount of physical loads. The paper also examines the relationship between cost models of budget
    allocation for the removal of vulnerabilities on critical nodes and its impact on gradual readiness.
     more »

  • Automated Configuration Synthesis for Resilient Smart Metering Infrastructure

    Appears in:
    sesa 21(28): e4

    Authors:
    Mohammad Ashiqur Rahman, Amarjit Datta, Ehab Al-Shaer

    Published:
    10th Sep 2021

    Abstract:
    An Advanced Metering Infrastructure (AMI) comprises a large number of smart meters along with heterogeneous cyber-physical components that are interconnected through different communication media, protocols, and delivery modes for transmitting usage reports or control commands between meters and …An Advanced Metering Infrastructure (AMI) comprises a large number of smart meters along with
    heterogeneous cyber-physical components that are interconnected through different communication media,
    protocols, and delivery modes for transmitting usage reports or control commands between meters and
    the utility. Due to misconfigurations or lack of security controls, there can be operational disruptions
    leading to economic damage in an AMI. Therefore, the resiliency of an AMI is crucial. In this paper, we
    present an automated configuration synthesis framework that mitigates potential threats by eliminating
    misconfigurations and keeps the damage limited under contingencies by introducing robustness. We
    formally model AMI configurations, including operational integrity and robustness properties considering
    the interdependencies among AMI devices’ configurations, attacks or failures, and resiliency guidelines.
    We implement the model using Satisfiability Modulo Theories (SMT) and demonstrate its execution on an
    example case study that illustrates the synthesis of AMI configurations satisfying resiliency requirements. We
    also evaluate the framework on synthetic AMI networks.
     more »

  • Privacy Preserving Collaborative Machine Learning

    Appears in:
    sesa 21(28): e3

    Authors:
    Zheyuan Liu, Rui Zhang

    Published:
    14th Jul 2021

    Abstract:
    Collaborative machine learning is a promising paradigm that allows multiple participants to jointly train a machine learning model without exposing their private datasets to other parties. Although collaborative machine learning is more privacy-friendly compared with conventiona…Collaborative machine learning is a promising paradigm that allows multiple participants to jointly train a machine learning model without exposing their private datasets to other parties. Although collaborative machine learning is more privacy-friendly compared with conventional machine learning methods, the intermediate model parameters exchanged among different participants in the training process may still reveal sensitive information about participants’ local datasets. In this paper, we introduce a novel privacy-preserving collaborative machine learning mechanism by utilizing two non-colluding servers to perform secure aggregation of the intermediate parameters from participants. Compared with other existing solutions, our solution can achieve the same level of accuracy while incurring significantly lower computational cost.
     more »

  • Side-channel Programming for Software Integrity Checking

    Appears in:
    sesa 21(28): e2

    Authors:
    Hong Liu, Eugene Y. Vasserman

    Published:
    2nd Jun 2021

    Abstract:
    Verifying software integrity for embedded systems, especially legacy and deployed systems, is very challenging. Ordinary integrity protection and verification methods rely on sophisticated processors or security hardware, and cannot be applied to many embedded systems due to …Verifying software integrity for embedded systems, especially legacy and deployed systems, is very challenging. Ordinary integrity protection and verification methods rely on sophisticated processors or security hardware, and cannot be applied to many embedded systems due to cost, energy consumption, and inability of update. Furthermore, embedded systems are often small computers on a single chip, making it more difficult to verify integrity without invasive access to the hardware. In this work, we propose “side-channel programming”, a novel method to assist with non-intrusive software integrity checking by transforming code in a functionality-preserving manner while making it possible to verify the internal state of a running device via side-channels. To do so, we first need to accurately profile the side-channel emanations of an embedded device. Using new black-box side-channel profiling techniques, we show that it is possible to build accurate side-channel models of a PIC microcontroller with no prior knowledge of the detailed microcontroller architecture. It even allows us to uncover undocumented behavior of the microcontroller. Then we show how to “side-channel program” the target device in a way that we can verify its internal state from simply measuring the passive side-channel emanations.
     more »

  • Impact of Personality Types and Matching Messaging on Password Strength

    Appears in:
    sesa 21(28): e1

    Authors:
    Anna Bakas, Anne Wagner, Spencer Johnston, Shelia Kennison, Eric Chan-Tin

    Published:
    1st Jun 2021

    Abstract:
    People often create passwords for their accounts that are insecure. An insecure password is often easy to guess– thus, hackers can easily access their victims’ accounts. It is important for users to know how to create and manage secure passwords so they can better protect themselves from hackers. I…People often create passwords for their accounts that are insecure. An insecure password is often easy to guess– thus, hackers can easily access their victims’ accounts. It is important for users to know how to create and manage secure passwords so they can better protect themselves from hackers. It is well-known that different users have different personality types, such as Big Five and True Colors. This research examines if there is any link between personality types and password security behavior. Each participant was shown either a matching or mismatching message based on their personality type, and it was measured whether their password security behavior changed a month later. Our results show that 66% of participants with a Green (knowledgeable and competent) personality type chose a strong password, compared to less than 50% of other personality types. Our results also demonstrate that messaging has a statistical impact on improving password security behavior.
     more »

  • A Deep Learning Approach for Network Intrusion Detection System

    Appears in:
    sesa 16(9): e2

    Authors:
    Ahmad Javaid, Quamar Niyaz, Weiqing Sun, Mansoor Alam

    Downloads:
    15472

    Abstract:
    A Network Intrusion Detection System (NIDS) helps system administrators to detect network security breaches in their organizations. However, many challenges arise while developing a flexible and efficient NIDS for unforeseen and unpredictable attacks. We propose a deep learning based approach for…A Network Intrusion Detection System (NIDS) helps system administrators to detect network security breaches in
    their organizations. However, many challenges arise while
    developing a flexible and efficient NIDS for unforeseen and unpredictable attacks. We propose a deep learning based approach for developing such an efficient and flexible NIDS.
    We use Self-taught Learning (STL), a deep learning based technique, on NSL-KDD - a benchmark dataset for network
    intrusion. We present the performance of our approach and compare it with a few previous work. Compared metrics include accuracy, precision, recall, and f-measure values.
     more »

  • Mouse Underlaying: Global Key and Mouse Listener Based on an Almost Invisible Window with Local Listeners and Sophisticated Focus

    Appears in:
    sesa 18(15): e5

    Author:
    Tim Niklas Witte

    Downloads:
    14473

    Abstract:
    Keyloggers are serious threats for computer users both private and commercial. If an attacker is capable of installing this malware on the victim’s machine then he or she is able to monitor keystrokes of a user. This keylog contains login information. As a consequence, protection and detection tech…Keyloggers are serious threats for computer users both private and commercial. If an attacker is capable of installing this malware on the victim’s machine then he or she is able to monitor keystrokes of a user. This keylog contains login information. As a consequence, protection and detection techniques against keyloggers become increasingly better. This article presents the method of Mouse Underlaying for creating a new kind of software based keyloggers. This method is implemented in Java for testing countermeasures concerning keylogger protection, virtual keyboard, signatures and behavior detection by anti-virus programs. Products of various manufacturers are used for demonstration purposes. All of them failed without an exception. In addition, the reasons why these products failed are analyzed, and moreover, measures against Mouse Underlaying are developed based on the demonstration results.
     more »

  • Threats, Countermeasures and Attribution of Cyber Attacks on Critical Infrastructures

    Appears in:
    sesa 18(16): e1

    Authors:
    Leandros Maglaras, Mohamed Amine Ferrag, Abdelouahid Derhab, Mithun Mukherjee, Helge Janicke, Stylianos Rallis

    Downloads:
    4634

    Abstract:
    As Critical National Infrastructures are becoming more vulnerable to cyber attacks, their protection becomes a significant issue for any organization as well as a nation. Moreover, the ability to attribute is a vital element of avoiding impunity in cyberspace. In this article, we present main threat…As Critical National Infrastructures are becoming more vulnerable to cyber attacks, their protection becomes a significant issue for any organization as well as a nation. Moreover, the ability to attribute is a vital element of avoiding impunity in cyberspace. In this article, we present main threats to critical infrastructures along with protective measures that one nation can take, and which are classified according to legal, technical, organizational, capacity building, and cooperation aspects. Finally we provide an overview of current methods and practices regarding cyber attribution and cyber peace keeping.
     more »

  • Evaluation of Cryptography Usage in Android Applications

    Appears in:
    sesa 16(9): e4

    Authors:
    Alexia Chatzikonstantinou, Christoforos Ntantogian, Georgios Karopoulos, Christos Xenakis

    Downloads:
    3874

    Abstract:
    Mobile application developers are using cryptography in their products to protect sensitive data like passwords, short messages, documents etc. In this paper, we study whether cryptography and related techniques are employed in a proper way, in order to protect these private data. To this end, we d…Mobile application developers are using cryptography in their products to protect sensitive data like passwords, short messages, documents etc. In this paper, we study whether cryptography and related techniques are employed in a proper way, in order to protect these private data. To this end, we downloaded 49 Android applications from the Google Play marketplace and performed static and dynamic analysis in an attempt to detect possible cryptographic misuses. The results showed that 87.8% of the applications present some kind of misuse, while for the rest of them no cryptography usage was detected during the analysis. Finally, we suggest countermeasures, mainly intended for developers, to alleviate the issues identified by the analysis.
     more »

  • Threat Modeling for Cloud Infrastructures

    Appears in:
    sesa 18(17): e5

    Authors:
    Nawaf Alhebaishi, Lingyu Wang, Anoop Singhal

    Downloads:
    3273

    Abstract:
    Today’s businesses are increasingly relying on the cloud as an alternative IT solution due to its flexibility and lower cost. Compared to traditional enterprise networks, a cloud infrastructure is typically much larger and more complex. Understanding the potential security threats in such infrastruc…Today’s businesses are increasingly relying on the cloud as an alternative IT solution due to its flexibility and lower cost. Compared to traditional enterprise networks, a cloud infrastructure is typically much larger and more complex. Understanding the potential security threats in such infrastructures is naturally more challenging than in traditional networks. This is evidenced by the fact that there are limited efforts on threat modeling for cloud infrastructures. In this paper, we conduct comprehensive threat modeling exercises based on two representative cloud infrastructures using several popular threat modeling methods, including attack surface, attack trees, attack graphs, and security metrics based on attack trees and attack graphs, respectively. Those threat modeling efforts may provide cloud providers useful lessons toward better understanding and improving the security of their cloud infrastructures. In addition, we show how hardening solution can be applied based on the threat models and security metrics through extended exercises. Such results may not only benefit the cloud provider but also embed more confidence in cloud tenants by providing them a clearer picture of the potential threats and mitigation solutions.
     more »

  • Reviewing the book “Principles of Cyber-physical Systems” from a security perspective

    Appears in:
    sesa 15(4): e6

    Authors:
    Minghui Zhu, Peng Liu

    Downloads:
    2245

    Abstract:
    This is a review of the book “Principles of Cyber-physical Systems” authored by Rajeev Alur and published by the MIT Press at 2015.This is a review of the book “Principles of Cyber-physical Systems” authored by Rajeev Alur and published by the MIT Press at 2015.
     more »

  • A Deep Learning Based DDoS Detection System in Software-Defined Networking (SDN)

    Appears in:
    sesa 17(12): e2

    Authors:
    Quamar Niyaz, Weiqing Sun, Ahmad Y. Javaid

    Downloads:
    2234

    Abstract:
    Distributed Denial of Service (DDoS) is one of the most prevalent attacks that an organizational network infrastructure comes across nowadays. Poor network management, low-priced Internet subscriptions, and readily available attack tools can be attributed to their rise. The recently emerged softwar…Distributed Denial of Service (DDoS) is one of the most prevalent attacks that an organizational network infrastructure comes across nowadays. Poor network management, low-priced Internet subscriptions, and readily available attack tools can be attributed to their rise. The recently emerged software-defined networking (SDN) and deep learning (DL) concepts promise to revolutionize their respective domains. SDN keeps the global view of the entire managed the network from a single point, i.e., the controller, thus making the network management easier. DL-based approaches improve feature extraction/reduction from a high-dimensional dataset such as network traffic headers. This work proposes a deep learning based multi-vector DDoS detection system in an SDN environment. The detection system is implemented as a network application on top of the SDN controller and can monitor the managed network traÿc. Performance evaluation is based on different metrics by applying the system on traÿc traces collected from different scenarios. A high accuracy with low false-positive rate is observed in attack detection for the proposed system.
     more »

  • Forget the Myth of the Air Gap: Machine Learning for Reliable Intrusion Detection in SCADA Systems

    Appears in:
    sesa 19(19): e3

    Authors:
    Rocio Lopez Perez, Florian Adamsky, Ridha Soua, Thomas Engel

    Downloads:
    2196

    Abstract:
    Since Critical Infrastructures (CIs) use systems and equipment that are separated by long distances, Supervisory Control And Data Acquisition (SCADA) systems are used to monitor their behaviour and to send commands remotely. For a long time, operator of CIs applied the air gap principle, a security…Since Critical Infrastructures (CIs) use systems and equipment that are separated by long distances, Supervisory Control And Data Acquisition (SCADA) systems are used to monitor their behaviour and to send commands remotely. For a long time, operator of CIs applied the air gap principle, a security strategy that physically isolates the control network from other communication channels. True isolation, however, is difficult nowadays due to the massive spread of
    connectivity: using open protocols and more connectivity opens new network attacks against CIs. To cope with this dilemma, sophisticated security measures are needed to address malicious intrusions, which are steadily increasing in number and
    variety. However, traditional Intrusion Detection Systems (IDSs) cannot detect attacks that are not already present in their databases. To this end, we assess in this paper Machine Learning (ML) techniques for anomaly detection in SCADA systems
    using a real data set collected from a gas pipeline system and provided by the Mississippi State University (MSU). The contribution of this paper is two-fold: 1) The evaluation of four techniques for missing data estimation and two techniques for data normalization, 2) The performances of Support Vector Machine (SVM), Random Forest (RF), Bidirectional Long
    Short Term Memory (BLSTM) are assessed in terms of accuracy, precision, recall and F1 score for intrusion detection. Two cases are differentiated: binary and categorical classifications. Our experiments reveal that RF and BLSTM detect intrusions effectively, with an F1 score of respectively > 99% and > 96%.
     more »

  • A V2X Message Evaluation Methodology and Cross-Domain Modelling of Safety Applications in V2X-enabled E/E-Architectures

    Appears in:
    sesa 16(8): e1

    Authors:
    Harald Bucher, Marius-Florin Buciuman, Alexander Klimm, Oliver Sander, Jürgen Becker

    Downloads:
    2178

    Abstract:
    The introduction of Vehicular Ad-Hoc Networks (VANETs) enables great potential for improving road traffic flow and especially active safety applications such as cooperative adaptive cruise control (CACC). Such applications not only rely on continuous broadcast of vehicle state information (beacons)…The introduction of Vehicular Ad-Hoc Networks (VANETs) enables great potential for improving road traffic flow and especially active safety applications such as cooperative adaptive cruise control (CACC). Such applications not only rely on continuous broadcast of vehicle state information (beacons) of all vehicles, but also have strict real-time requirements. Regarding automotive E/E architectures this continuous broadcasting adds heavy internal E/E data traffic that needs to be processed in real-time by Electronic Control Units (ECUs).
    In this work we address this issue by proposing a novel cluster-based message evaluation methodology to significantly reduce internal E/E network traffic by discarding irrelevant messages. The approach is only depending on information received over beacons. It combines a vehicle clustering strategy as well as network and vehicle state monitoring capabilities in order to correctly evaluate messages under real-time constraints. The proposed methodology is modeled inside an abstract ECU. It is evaluated by simulating a model-based CACC application under different traffic scenarios. It is shown that a significant reduction of messages is achievable, while still guaranteeing accident-free behavior of CACC.
     more »

  • ITFComp: A Compression Algorithm for ARM Architecture Instruction Trace Files

    Appears in:
    sesa 16(8): e2

    Authors:
    Mohammad Qasem, Lukas Pustina

    Downloads:
    1805

    Abstract:
    Testing the performance of a new computational component is costly due to the need of prototyping different setups. Therefore, trace driven hardware simulations are used. Instruction Trace Files (ITFs) are files containing traces of executed instructions in a program's run and are used as an input …Testing the performance of a new computational component is costly due to the need of prototyping different setups. Therefore, trace driven hardware simulations are used. Instruction Trace Files (ITFs) are files containing traces of executed instructions in a program's run and are used as an input for hardware simulations. ITFs tend to be large in size, causing a storage challenge. Many trace reduction techniques exist to deal with the ITFs' storage challenge. In this paper we introduce ITFComp, a compression algorithm that combines general purpose compression methods with knowledge about ARM architecture ITFs' structure to reduce their size. ITFComp also works on compressing data memory addresses accessed by instructions within ITFs to further reduce an ITF size. Results show a reduction of 600 times on average when combined with LZMA compression algorithm. This reduction is 4 times better than when using LZMA alone, and 10 times better than when using DEFLATE. ITFComp introduces a negligible overhead in the decompression time (less than 1%).
     more »
Publisher
EAI
ISSN
2032-9393
Number of Volumes
8
Last Published
2021-11-30