Your search keyword '"COMPUTER security"' showing total 19,987 results

1. Device Onboarding Using FDO and the Untrusted Installer Model.

Author

Cooper, Geoffrey H.

Subjects

*INTERNET of things, *COMPUTER security, *COMPUTER network protocols, *DATA structures, *WIRELESS Internet, *DATA encryption, *COMPUTER systems, *INSTALLATION of equipment

Abstract

The Internet of Things (IoT) market has expanded significantly, encompassing various sectors like home, retail, manufacturing, and transportation, with millions of devices and servers dedicated to monitoring real-world aspects. Regardless of the field, all IoT devices share the characteristic of transitioning from initial ownership to target application ownership to fulfill their intended functions, a process known as onboarding, which requires fast, reliable, and secure interaction between devices and servers. Two distinct approaches to onboarding, trusted and untrusted installers, exist, with trusted installers employing configurator tools to establish trust between devices and servers, while untrusted installers rely on mechanisms like ownership vouchers for authentication, offering scalability and parallel device onboarding.

Published

2024

2. How Flexible Is CXL's Memory Protection? Replacing a sledgehammer with a scalpel.

Author

STARK, SAMUEL W., MARKETTOS, A. THEODORE, and MOORE, SIMON W.

Subjects

*COMPUTER security, *COMPUTER storage devices

Abstract

The article discusses the efficacy of the computer memory protection provided by Intel's "Compute Express Link" (CXL). It describes research into CXL's mechanisms for protection, such as its use of memory management units. It outlines the flaws within the CXL protection model. It details approaches taken by the Capability Hardware Enhanced RISC Instructions (CHERI) project toward data security. It mentions the need for further investigation into the use of decentralized and distributed capability systems to enhance device-to-device security.

Published

2023

3. Adversarial attack detection framework based on optimized weighted conditional stepwise adversarial network.

Author

Barik, Kousik, Misra, Sanjay, and Fernandez-Sanz, Luis

Subjects

*COMPUTER security, *PARTICLE swarm optimization, *ARTIFICIAL intelligence, *PRINCIPAL components analysis, *FEATURE selection, *INTRUSION detection systems (Computer security)

Abstract

Artificial Intelligence (AI)-based IDS systems are susceptible to adversarial attacks and face challenges such as complex evaluation methods, elevated false positive rates, absence of effective validation, and time-intensive processes. This study proposes a WCSAN-PSO framework to detect adversarial attacks in IDS based on a weighted conditional stepwise adversarial network (WCSAN) with a particle swarm optimization (PSO) algorithm and SVC (support vector classifier) for classification. The Principal component analysis (PCA) and the least absolute shrinkage and selection operator (LASSO) are used for feature selection and extraction. The PSO algorithm optimizes the parameters of the generator and discriminator in WCSAN to improve the adversarial training of IDS. The study presented three distinct scenarios with quantitative evaluation, and the proposed framework is evaluated with adversarial training in balanced and imbalanced data. Compared with existing studies, the proposed framework accomplished an accuracy of 99.36% in normal and 98.55% in malicious traffic in adversarial attacks. This study presents a comprehensive overview for researchers interested in adversarial attacks and their significance in computer security. [ABSTRACT FROM AUTHOR]

Published

2024

4. Malware Detection with Artificial Intelligence: A Systematic Literature Review.

Author

Gaber, Matthew G., Ahmed, Mohiuddin, and Janicke, Helge

Published

2024

5. Integrated CPU Monitoring Using 2D Temperature Sensor Arrays Directly Printed on Heat Sinks.

Author

Huber, Robert, Belles, Daniel, Bücher, Tim, Franke, Leonard, Amrouch, Hussam, and Lemmer, Uli

Subjects

*COMPUTER security, *HEAT sinks, *TEMPERATURE sensors, *HUMAN fingerprints, *PRINTED electronics, *DIGITAL technology, *SENSOR arrays

Abstract

In today's digital world, the demand for computer security and system reliability is a crucial element. Monitoring the CPU temperature during operation provides valuable insights but is currently limited to the embedded on‐chip sensors. The implementation of an extra security layer based on temperature monitoring can detect anomalies in an early stage, identify malware, and help mitigate attacks. The approach of integrating more on‐chip temperature sensors into the silicon is avoided due to space, power limitations, and cost constraints. However, the field of printed electronics and sensor technology has recently seen significant progress. This is the first work that introduces a fully‐printed temperature sensor array integrated onto the cooling unit of a CPU. It offers a novel approach for the practical implementation of such sensors into an operational computer system. The present sensor array, consisting of 396 sensor pixels, detects local hotspots induced by the underneath CPU cores, leading to an individual thermal fingerprint. This unique method paves the way for addressing pivotal elements of computer security, as deviations from expected thermal behavior can signal malicious activities. Additionally, this innovation facilitates reliability optimization. The detailed thermal map garnered provides insights into which cores are subjected to significant stress over time. [ABSTRACT FROM AUTHOR]

Published

2024

6. Privacy preserving support vector machine based on federated learning for distributed IoT‐enabled data analysis.

Author

Chen, Yu‐Chi, Hsu, Song‐Yi, Xie, Xin, Kumari, Saru, Kumar, Sachin, Rodrigues, Joel, and Alzahrani, Bander A.

Subjects

*FEDERATED learning, *SUPPORT vector machines, *COMPUTER security, *ARTIFICIAL intelligence, *DATA analysis

Abstract

In a smart city, IoT devices are required to support monitoring of normal operations such as traffic, infrastructure, and the crowd of people. IoT‐enabled systems offered by many IoT devices are expected to achieve sustainable developments from the information collected by the smart city. Indeed, artificial intelligence (AI) and machine learning (ML) are well‐known methods for achieving this goal as long as the system framework and problem statement are well prepared. However, to better use AI/ML, the training data should be as global as possible, which can prevent the model from working only on local data. Such data can be obtained from different sources, but this induces the privacy issue where at least one party collects all data in the plain. The main focus of this article is on support vector machines (SVM). We aim to present a solution to the privacy issue and provide confidentiality to protect the data. We build a privacy‐preserving scheme for SVM (SecretSVM) based on the framework of federated learning and distributed consensus. In this scheme, data providers self‐organize and obtain training parameters of SVM without revealing their own models. Finally, experiments with real data analysis show the feasibility of potential applications in smart cities. This article is the extended version of that of Hsu et al. (Proceedings of the 15th ACM Asia Conference on Computer and Communications Security. ACM; 2020:904‐906). [ABSTRACT FROM AUTHOR]

Published

2024

7. The rise of "security and privacy": bibliometric analysis of computer privacy research.

Author

Ali, Auwal Shehu, Zaaba, Zarul Fitri, and Singh, Manmeet Mahinderjit

Subjects

*DATA privacy, *BIBLIOMETRICS, *COMPUTER security, *PRIVACY, *DATA protection, *WIRELESS Internet

Abstract

The study of security and computer privacy has become a significant focus in security and privacy research. To reflect a website's, service's, or app's privacy policies, they're frequently used as a beginning step for researchers investigating the reliability of stated data regulations, user comprehension of policy, or user control methods. It's challenging to collect information about privacy practices from Internet resources like websites and mobile applications for analysis because of the wide variations in the structure, presentation, and content. Most computer privacy studies attempt to test new methods for detecting, classifying, and analyzing computer privacy content. However, numerous papers have been published to promote research activities, and no trace of any bibliometric analysis work on computer privacy demonstrates research trends. By conducting a thorough analysis of computer privacy studies, it searches the Scopus database, which contains over 2000 papers published between 1976 and 2020. Using the bibliometric analysis technique, this study examines research activity in Europe, South America, and other continents. This work investigated the number of papers published, citations, research area, keywords, institutions, topics, and researchers in detail. An overview of the research efforts is followed by listing the words into a classification of computer privacy analysis tools, emphasizing the significance of a computer privacy research study. According to the investigation findings, there are numerous significant implications of research efforts in Europe compared to other continents. Finally, we summarize the review findings for each part by highlighting potential future research directions. [ABSTRACT FROM AUTHOR]

Published

2024

8. Social engineering: Methodologies to counter computer attacks on the web. Case: Barrio 26 de Septiembre, Portoviejo, Ecuador.

Author

Meza, Jonathan, Cedeño, Emilio, Zambrano, Michelle, Zambrano, Walter, and Zambrano, David

Subjects

*SOCIAL engineering (Fraud), *CYBERTERRORISM, *PERSONAL computers, *COMPUTER security, *IDENTITY theft

Abstract

Social Engineering refers to the set of activities that have the objective of manipulating human beings through deception with the sole purpose of obtaining private access or confidential information from the same people, companies. This study aims to determine in Social engineering, methodologies to counter computer attacks on the web in the Barrio 26 de Septiembre, Portoviejo, Ecuador. With the research carried out and what is currently experienced, it can be said that it is increasingly common to be a victim of computer attacks by Social Engineering, which is characterized by studying the exploitation of user trust to extract confidential information, The purpose of these techniques is to achieve the infiltration of people into organizations, homes, or any other place; also identity theft through deception, in order to seize information or data at your convenience. This research shows its importance within the branch of computer security, it is raised through a systematic review on Social Engineering. For the elaboration of this work, a Quantitative, Analytical, Descriptive and Bibliographical methodology was chosen; For the collection of information, a survey was applied to residents of the 26 de Septiembre neighborhood to find out what knowledge they have regarding Social Engineering, taking into consideration various aspects, such as: management of credentials, types of portals or applications that they use, information that is requested the most on web pages, configuration of smart equipment (laptops, mobile devices and desktop computers). As a result, it was possible to know that the majority of the people surveyed are unaware of Social Engineering techniques, therefore, they do not know what to do and how to act in case of an attack, therefore, a list with preventive methodologies that allow the user to identify malicious computer attacks. In conclusion, it was established that the methodologies that allow to mitigate and counteract computer attacks have to do with the development of security policies and plans, computer security training, Backup's or Security Copies of personal information, a correct authentication of the information when entering a website, as well as the periodic update of devices. [ABSTRACT FROM AUTHOR]

Published

2024

9. OSS Supply-Chain Security: What Will It Take?

Subjects

*OPEN source software, *COMPUTER security

Abstract

The article presents a discussion between several individuals on the topic of open source software (OSS) supply chain security, including George Neville-Neil, senior director of software supply chain security Maya Kaczorowski, quality standards and penetration testing team manager Falcon Momot, and applied scientist Chris McCubbin.

Published

2023

10. Protecting Autonomous Cars from Phantom Attacks.

Author

NASSI, BEN, MIRSKY, YISROEL, SHAMS, JACOB, BEN-NETANEL, RAZ, NASSI, DUDI, and ELOVICI, YUVAL

Subjects

*DRIVERLESS cars, *CYBERTERRORISM, *OBJECT recognition (Computer vision), *DRIVER assistance systems, *ARTIFICIAL intelligence, *COMPUTER security

Abstract

This article looks at the prevention of phantom attacks in autonomous (also known as driverless) cars and cars with advanced driver-assistance systems. Phantom attacks in advanced driver-assisted or driverless cars occur when phantoms, depth-less visual objects used to deceive object detection in computer vision, are purposely presented by cyber attackers to trigger a reaction such as an alarm or sudden automatic braking of the car. For prevention of these attacks the authors suggest extra focus on securing the artificial intelligence model and tips on evaluating the model’s enhanced security against phantom attacks. [EPC]

Published

2023

11. Adversarial mimicry attacks against image splicing forensics: An approach for jointly hiding manipulations and creating false detections.

Author

Boato, Giulia, De Natale, Francesco G.B., De Stefano, Gianluca, Pasquini, Cecilia, and Roli, Fabio

Subjects

*COMPUTER security, *DENIAL of service attacks, *MACHINE learning, *DETECTORS, *IMAGE encryption

Abstract

The term "mimicry attack" has been coined in computer security and used in adversarial machine learning: an attacker observes what a machine-learning system has learned and adjusts the malicious input so that it mimics a benign input. In this paper we extend this concept to image forensics, to allow an attacker modifying a manipulated image so that it appears pristine when analyzed by a target forensic detector. Recent work has shown that such attacks can be executed against detectors based on deep networks for hiding image tampering. We do more than that: our mimicry attack can force the target detector to identify arbitrary fictitious manipulations, while hiding the true ones. Accordingly, the user of the forensic detector is completely misled. From a methodological viewpoint, the proposed attack artificially alters the detector-specific intermediate representations according to the pixel distribution in the manipulated image, by applying a gradient-based optimization process. Experimental tests on different data sets and detectors demonstrate that our approach succeeds in jointly hiding manipulated areas and arbitrarily adding new ones, favorably comparing with the state-of-the-art in the first task. [Display omitted] • The proposed mimicry attack hides forgeries in images and introduces fictitious ones • It allows adversaries to introduce semantic biases and mislead the forensic detection • Its large-scale adoption may hinder the trust on forensic tools, akin to DoS attacks • Sequential detector-specific attacks enable tackling multiple detectors at once [ABSTRACT FROM AUTHOR]

Published

2024

12. Algorithms patrolling content: where's the harm?

Author

Horten, Monica

Subjects

*ONLINE social networks, *COMPUTER algorithms, *DECISION making, *COMPUTER security, *HUMAN rights

Abstract

At the heart of this paper is an examination of the colloquial concept of a 'shadow ban'. It reveals ways in which algorithms on the Facebook platform have the effect of suppressing content distribution without specifically targeting it for removal, and examines the consequential stifling of users' speech. It reveals how the Facebook shadow ban is implemented by blocking dissemination of content in News Feed. The decision-making criteria are based on 'behaviour', a term that relates to activity of the page that is identifiable through patterns in the data. It's a technique that is rooted in computer security, and raises questions about the balance between security and freedom of expression. The paper is situated in the field of responsibility of online platforms for content moderation. It studies the experience of the shadow ban on 20 UK-based Facebook Pages over the period from November 2019 to January 2021. The potential harm was evaluated using human rights standards and a comparative metric produced from Facebook Insights data. The empirical research is connected to recent legislative developments: the EU's Digital Services Act and the UK's Online Safety Bill. Its most salient contribution may be around 'behaviour' monitoring and its interpretation by legislators. [ABSTRACT FROM AUTHOR]

Published

2024

13. UnSafengine64: A Safengine Unpacker for 64-Bit Windows Environments and Detailed Analysis Results on Safengine 2.4.0.

Author

Choi, Seokwoo, Chang, Taejoo, and Park, Yongsu

Subjects

*DEBUGGING, *BINARY codes, *COMPUTER security, *MALWARE, *REVERSE engineering

Abstract

Despite recent remarkable advances in binary code analysis, malware developers still use complex anti-reversing techniques that make analysis difficult. Packers are used to protect malware, which are (commercial) tools that contain diverse anti-reversing techniques, including code encryption, anti-debugging, and code virtualization. In this study, we present UnSafengine64: a Safengine unpacker for 64-bit Windows. UnSafengine64 can correctly unpack packed executables using Safengine, which is considered one of the most complex commercial packers in Windows environments; to the best of our knowledge, there have been no published analysis results. UnSafengine64 was developed as a plug-in for Pin, which is one of the most widely used dynamic analysis tools for Microsoft Windows. In addition, we utilized Detect It Easy (DIE), IDA Pro, x64Dbg, and x64Unpack as auxiliary tools for deep analysis. Using UnSafengine64, we can analyze obfuscated calls for major application programming interface (API) functions or conduct fine-grained analyses at the instruction level. Furthermore, UnSafengine64 detects anti-debugging code chunks, captures a memory dump of the target process, and unpacks packed files. To verify the effectiveness of our scheme, experiments were conducted using Safengine 2.4.0. The experimental results show that UnSafengine64 correctly executes packed executable files and successfully produces an unpacked version. Based on this, we provided detailed analysis results for the obfuscated executable file generated using Safengine 2.4.0. [ABSTRACT FROM AUTHOR]

Published

2024

14. Can we quantify trust? Towards a trust-based resilient SIoT network.

Author

Sagar, Subhash, Mahmood, Adnan, Sheng, Quan Z., Zaib, Munazza, and Sufyan, Farhan

Subjects

*TRUST, *HUMAN behavior, *INTERNET of things, *SOCIAL networks, *COMPUTER security

Abstract

The emerging yet promising paradigm of the Social Internet of Things (SIoT) integrates the notion of the Internet of Things with human social networks. In SIoT, objects, i.e., things, have the capability to socialize with the other objects in the SIoT network and can establish their social network autonomously by modeling human behaviour. The notion of trust is imperative in realizing these characteristics of socialization in order to assess the reliability of autonomous collaboration. The perception of trust is evolving in the era of SIoT as an extension to traditional security triads in an attempt to offer secure and reliable services, and is considered as an imperative aspect of any SIoT system for minimizing the probable risk of autonomous decision-making. This research investigates the idea of trust quantification by employing trust measurement in terms of direct trust, indirect trust as a recommendation, and the degree of the SIoT relationships in terms of social similarities (community-of-interest, friendship, and co-work relationships). A weighted sum approach is subsequently employed to synthesize all the trust features in order to ascertain a single trust score. The experimental evaluation demonstrates the effectiveness of the proposed model in segregating the trustworthy and the untrustworthy objects, and illustrates the superior performance of the proposed trust model over state-of-the-art trust models. [ABSTRACT FROM AUTHOR]

Published

2024

15. A Knowledge Graph-Based Survey on Distributed Ledger Technology for IoT Verticals.

Author

RONGXIN XU, QIUJUN LAN, POKHREL, SHIVA RAJ, and GANG LI

Subjects

*BLOCKCHAINS, *ARTIFICIAL intelligence, *INTERNET of things, *DATA structures, *SCIENTIFIC literature, *COMPUTER security

Published

2024

16. Ciberseguridad en servicios de apoyo al médico ocupacional de la ciudad de Lima. Estudio piloto.

Author

Gomero-Cuadra, Raúl and Sánchez-Calle, David

Subjects

*DATA security, *COMPUTER software, *DATA security failures, *PILOT projects, *QUESTIONNAIRES, *DESCRIPTIVE statistics, *OCCUPATIONAL medicine, *PHYSICIANS, *HEALTH care industry, *INDUSTRIAL hygiene

Abstract

Recent investigations emphasize the importance of cybersecurity in the growing digital era; 83% of organizations experienced breaks in cyber security in 2022, spending a mean of 4,35 million dollars per incident. Cybersecurity in Peru is regulated by legal norms aimed at protecting data and providing informatic security. Objective: To describe cybersecurity in the support services to occupational physicians (SSOP) in the city of Lima. Methods: A non-validated survey was created and distributed to 11 SSOPs in Lima that provide a service to an important building project in Lima. Results: More than 80% of health care establishments had a response plan against cybernetic attacks; security copies of the data were done regularly storing them in a different place than the establishment and regularly updated security software's. Conclusion: The cybersecurity program is reactive. We discuss the importance of cybersecurity and analyze future challenges as well as emphasize the importance of preemptive preparedness in an environment of constant digital transformation. [ABSTRACT FROM AUTHOR]

Published

2024

17. Implementation of two-factor user authentication in computer systems.

Author

Tomić, Mihailo D. and Radojević, Olivera M.

Subjects

*COMPUTER access control, *MULTI-factor authentication, *COMPUTER security, *COMPUTER systems, *DATABASES, *VOCAL tract

Abstract

Introduction/purpose: The paper explores the implementation of two-factor authentication (2FA) in computer systems, addressing the increasing need for enhanced security. It highlights the vulnerabilities of password-based authentication and emphasizes the advantages of 2FA in mitigating digital threats. The development of the VoiceAuth application, integrating 2FA through a combination of password and voice authentication, serves as a practical illustration. Methods: The research adopts a three-tier architecture for the VoiceAuth application, encompassing a database, server-side REST API, and clientside single-page application. Speaker verification is employed for voice authentication, analyzing elements like pitch, rhythm, and vocal tract shapes.The paper also discusses possibilities for future upgrades, suggesting enhancements such as real-time voice verification and additional 2FA methods. Results: The application's implementation involves a detailed breakdown of the REST API architecture, Single Page Applications (SPAs), and the Speaker Verification service. Conclusion: The research underscores the crucial role of two-factor authentication (2FA) in bolstering the security of computer systems. The VoiceAuth application serves as a practical demonstration, showcasing the successful integration of 2FA through a combination of password and voice authentication. The modular architecture of the application allows for potential upgrades. [ABSTRACT FROM AUTHOR]

Published

2024

18. UNSW‐NB15 computer security dataset: Analysis through visualization.

Author

Zoghi, Zeinab and Serpen, Gursel

Subjects

*COMPUTER security, *DATA visualization, *SCATTER diagrams, *DATA mining

Abstract

Class imbalance refers to a major issue in data mining where data with unequal class distribution can deteriorate classification performance. Although it alone affects the performance of the classifiers, the joint‐effect of class imbalance and overlap is more damaging. Data overlap happens when multiple classes are assigned to a single data point causing the classifiers to misidentify the class boundaries. This study offers a deep insight into the intricacies of the UNSW‐NB15 dataset and two issues that may lead the data‐driven models to demonstrate poor performance. The most commonly used visualization methods such as bar chart, 3D and 2D scatter plots, intercluster distance map, and parallel coordinate diagram were employed to depict the data imbalanced and overlap. However, their limitations in capturing the overlapping issue led us to propose an accurate, easy‐to‐interpret, and scalable overlapping visualization method. The method clearly detects the data overlap and illustrates the effect of several data scalers in dealing with the data overlap. To verify the accuracy of the proposed method, a number of classifiers were implemented along with the scalers and the calculated AUC scores were compared to those calculated from the classifiers that were implemented on the original dataset. [ABSTRACT FROM AUTHOR]

Published

2024

19. Cryptology as a Way to Teach Advanced Discrete Mathematics.

Author

Bunde, David P. and Dooley, John F.

Subjects

*DISCRETE mathematics, *ABSTRACT algebra, *COMPUTER security, *NUMBER theory, *CRYPTOGRAPHY, *MATHEMATICS education

Abstract

We present a detailed description of a Cryptography and Computer Security course that has been offered at Knox College for the last 15 years. While the course is roughly divided into two sections, Cryptology and Computer Security, our emphasis here is on the Cryptology section. The course puts the cryptologic material into its historical context and also includes reference to ciphers used and discussed in literature. Through lectures and assignments on cryptanalysis, the course motivates students to learn a variety of topics in advanced discrete mathematics, including discrete probability, elementary statistics, number theory, and abstract algebra. The students have found this approach motivating and we believe our experiences are relevant to instructors teaching this material in a variety of different courses and institutions. [ABSTRACT FROM AUTHOR]

Published

2024

20. Shadow IT in higher education: survey and case study for cybersecurity.

Author

Orr, Selma Gomez, Bonyadi, Cyrus Jian, Golaszewski, Enis, Sherman, Alan T., Peterson, Peter A. H., Forno, Richard, Johns, Sydney, and Rodriguez, Jimmy

Subjects

*INFORMATION technology, *INFORMATION technology security, *COMPUTERS, *HIGHER education, *INTERNET security

Abstract

We explore shadow information technology (IT) at institutions of higher education through a two-tiered approach involving a detailed case study and comprehensive survey of IT professionals. In its many forms, shadow IT is the software or hardware present in a computer system or network that lies outside the typical review process of the responsible IT unit. We carry out a case study of an internally built legacy grants management system at the University of Maryland, Baltimore County that exemplifies the vulnerabilities, including cross-site scripting and SQL injection, typical of such unauthorized and ad-hoc software. We also conduct a survey of IT professionals at universities, colleges, and community colleges that reveals new and actionable information regarding the prevalence, usage patterns, types, benefits, and risks of shadow IT at their respective institutions. Further, we propose a security-based profile of shadow IT, involving a subset of elements from existing shadow IT taxonomies, which categorizes shadow IT from a security perspective. Based on this profile, survey respondents identified the predominant form of shadow IT at their institutions, revealing close similarities to findings from our case study. Through this work, we are the first to identify possible susceptibility factors associated with the occurrence of shadow IT related security incidents within academic institutions. Correlations of significance include the presence of certain graduate schools, the level of decentralization of the IT department, the types of shadow IT present, the percentage of security violations related to shadow IT, and the institution's overall attitude toward shadow IT. The combined elements of our case study, profile, and survey provide the first multifaceted view of shadow IT security at academic institutions, highlighting tension between its risks and benefits, and suggesting strategies for managing it successfully. [ABSTRACT FROM AUTHOR]

Published

2024

21. Coming of Age: Stressing the importance of threat models.

Author

Zanero, Stefano

Subjects

*COMPUTER security, *INTERNET security, *COMPUTER hacking, *RESEARCH, *COMPUTER security vulnerabilities

Abstract

The article describes the author's experiences in the field of computer security research, noting that many of his colleagues entered the field from a hacking background due to the limited academic resources at the time. He describes the thrill of offensive security research, which focuses on finding vulnerabilities and proposing mitigations, and highlights the fact that security evaluations often revolve around resilience to attacks and that offense-driven thinking is central to security defense. However, the author acknowledges that while this mindset is exciting, it falls short in teaching the public to think sensibly about security issues. He emphasizes the use of threat modeling as the key to effective security, since it involves understanding realistic threats and attack surfaces of systems. Despite the fascination with hacking, the author suggests that the cybersecurity community needs to communicate and prioritize defense, address vulnerabilities in context, and collaborate across disciplines to ensure resilient systems and a safer society.

Published

2023

22. From Zero to 100: Demystifying zero trust and its implications on enterprise people, process, and technology.

Author

BUSH, MATTHEW and MASHATAN, ATEFEH

Subjects

*INTERNET security, *COMPUTER security, *COMPUTER network security, *INFORMATION technology security, *FIREWALLS (Computer security)

Abstract

The article focuses on the history and development of the strategic approach to cybersecurity known as "zero trust." The authors discuss the use of firewalls and how they are no longer sufficient, examine data breaches at credit reporting company Equifax and financial company Capital One, and explore how zero trust can impact people, process, and technology (PPT).

Published

2023

23. PROTECT AND SECURE YOUR WINDOWS COMPUTER: A PRACTICAL GUIDE.

Subjects

*COMPUTER security, *RANSOMWARE, *MULTI-factor authentication, *ANTIVIRUS software, *COMPUTER files, *EXTERNAL hard disk drives

Abstract

This article provides a practical guide on how to protect and secure Windows computers. It emphasizes the importance of computer security in preventing unauthorized use, malware, and espionage, as well as data security to avoid losing irreplaceable files. The article recommends using antivirus software, keeping Windows and programs up to date, being cautious of potential malware sources, paying attention to admin permissions, backing up files, and encrypting sensitive files or the entire disk. It also suggests using a virtual machine for added security. [Extracted from the article]

Published

2024

24. Accelerating Cyber Leader Development: A Call to Action for Service War Colleges.

Author

Rodriguez III, Alfredo

Subjects

*INTERNET security, *COMPUTER security, *NATIONAL security, *MILITARY policy

Abstract

The article provides recommendations to war colleges to deliberately develop senior cyber leaders within the U.S. Department of Defense (DOD) to counter cyber attacks. Topics discussed include insight on the DOD Cyber Strategy, vulnerabilities in the cyber landscape, and information on the DOD Cyber Workforce Framework (DCWF).

Published

2024

25. Updates, Threats, and Risk Management: Revisiting a recent column considering security updates.

Author

Lipner, Steve and Pescatore, John

Subjects

*INTERNET security, *SOFTWARE upgrades, *COMPUTER security, *CYBERTERRORISM

Abstract

The authors offer a response to the article "Are software updates useless against advanced persistent threats?" by F. Massacci and G. di Tizio, which appeared in the January 2023 issue of the publication. They argue that software patches and updates continue to be an important component of an organization's cybersecurity effort. They express disagreement with the earlier article's view that a better cybersecurity policy would be to make software developers and vendors legally liable when vulnerabilities in their products allow for successful cyberattacks.

Published

2023

26. Wild Patterns Reloaded: A Survey of Machine Learning Security against Training Data Poisoning.

Author

CINÀ, ANTONIO EMANUELE, GROSSE, KATHRIN, DEMONTIS, AMBRA, VASCON, SEBASTIANO, ZELLINGER, WERNER, MOSER, BERNHARD A., OPREA, ALINA, BIGGIO, BATTISTA, PELILLO, MARCELLO, and ROLI, FABIO

Subjects

*MACHINE learning, *RESEARCH questions, *COMPUTER security, *OPEN-ended questions

Published

2023

27. Intrusion Detection System with an Ensemble Learning and Feature Selection Framework for IoT Networks.

Author

Rohini, G., Gnana Kousalya, C., and Bino, J.

Subjects

*FEATURE selection, *INTRUSION detection systems (Computer security), *OPTIMIZATION algorithms, *COMPUTER security, *CONVOLUTIONAL neural networks, *COMPUTER networks

Abstract

The Internet of Things (IoT) and its applications are currently the most popular research areas. The properties of IoT are easily adapted to real-life applications but they disclose threats. In computer security, the Intrusion Detection System (IDS) plays an essential role in identifying and repealing malicious deeds in computer networks. The main purpose of this work is motivated by IoT security enhancement for IDS development using ensemble learning and proposing suitable methods for classifier performance. Initially, the preprocessing strategy is used for data cleaning, encoding and normalization, which are conducted in the RPL-NIDDS17 dataset. After that, the Synthetic Minority Oversampling Technique (SMOTE) is used to balance the dataset. Secondly, the Convolution Neural Network (CNN) has been used to extract the features from the dataset. From the extracted features, the optimal features are selected by the proposed Arithmetic Optimization Algorithm (AOA). Finally, it is applied to the proposed weighted majority voting classifier. The AOA with the Butterfly Optimization Algorithm (BOA) is utilized to integrate the predictions of different classifiers to select the most vote class. This enhances the chances of perceived RF, kNN, SVM kernel, Bi-LSTM and GRU classifiers. The proposed method experiment is conducted in the MATLAB platform with the RPL-NIDDS17 dataset. The proposed scheme shows better performances in terms of accuracy, error, sensitivity, specificity, FPR, F1_score, Kappa and MCC, which are compared with the existing methods and algorithms. [ABSTRACT FROM AUTHOR]

Published

2023

28. Strengthening Our Intuitions About Hacking.

Author

VAGLE, JEFFREY L.

Subjects

*COMPUTER hacking, *COMPUTER security, *INTERNET security laws, *COMPUTER users, *JURISDICTION, *COMPUTER crimes, *CYBERCRIMINALS, *DATA security failures

Abstract

The computer trespass analogy has served us reasonably well as a basis for cybersecurity policies and related anti-hacking laws, but computers, and our uses of them, have changed significantly in ways that stretch the computer trespass metaphor beyond usefulness. This Essay proposes an approach to expanding and strengthening our intuitions about computer security that accounts for new computing paradigms, giving courts and lawmakers additional tools for interpreting and drafting effective anti-hacking laws. This Essay argues that many new and existing computer use scenarios leave courts unsure how existing anti-hacking laws might apply, increasing the possibility of under- or over-inclusive policies as well as uneven applications of these laws across jurisdictions. Improving our common understanding of computer security challenges can help courts reason more soundly about the laws and policies that apply to these challenges and can also help lawmakers draft cybersecurity legislation that more accurately reflects their policy goals. This Essay develops a new model for thinking about problems in cybersecurity law by borrowing concepts from the field of vulnerability theory with the aim of augmenting our existing computer trespass theories. [ABSTRACT FROM AUTHOR]

Published

2023

29. Identification of risk types in innovation projects.

Author

Walas-Trębacz, Jolanta and Bartusik, Katarzyna

Subjects

*EVIDENCE gaps, *EMPIRICAL research, *EMPLOYEES, *RISK managers, *COMPUTER security

Abstract

The purpose of the article is an attempt to fill a research gap in the field of issues re-lated to innovation projects and, in particular, to identify the types of risks associated with their implementation in organizations. Current identification and monitoring of the level of occurrence of various types of risk in in-novative projects is a key task for project managers in order to make effective decisions on how to eliminate or reduce them. The empirical verification is based on the methodology of our own research. The study developed and used a questionnaire for owners and managers imple-menting innovative projects. This research, and the results we obtained, make it possible to answer how innovation projects are treated in organizations, what the dynamics of the implementing various types of innovation projects in recent years has been, and the level at which various types of risk in in-novation projects have been assessed and identified. The literature review and research results show that the issue of risk in innovation projects is timely and important for many organizations, even more so for project managers looking for effective methods of identifying and managing it. Identifying the level of risk is crucial for the success of innovation projects because it reduces the negative impact of risk factors on a project's timeliness and budget, as well as its economic and technical-technological effects. The authors emphasize that it will be worth continuing the undertaken research and work towards identifying and evaluating all components of risk management sys-tems. Proper identification of risks in projects, and understanding their nature, is a kind of guar-antee of security for the organization implementing them. For the purpose of carrying out this empirical research, we adopted our own classification system of the types of risk associated with various innovation projects undertaken by organizations. Risk categories should be well-defined, corresponding to typical sources of risks for a type of innovation project in a given industry and the specificity of company's activity. The types of risk most frequently named by respondents across six types of projects were time, personnel and cost. [ABSTRACT FROM AUTHOR]

Published

2023

30. Interrupt Stack Protection for Linux Kernel in Hardware Virtualization Layer of ARM64 Architecture.

Author

Xiong, Chenglai, Yu, Xuejun, Yang, Jialing, and Xie, Guoqi

Subjects

*COMPUTER security, *COMPUTER systems, *RESEARCH personnel, *KERNEL operating systems

Abstract

Kernel security is of paramount importance in computer systems. As the number of vulnerabilities in the kernel continues to grow, computer systems security risks are increasing. To prevent the kernel interrupt stack from being attacked, researchers provide discussion over complete hypervisor supervision and kernel co-layer security domain techniques. Complete hypervisor supervision brings a heavy overhead and co-layer security domain techniques cannot achieve privilege-level isolation. We focus on memory-based security threats in kernel security vulnerabilities, protecting the kernel at a higher level by using virtualization technology. Compared with the existing work, our implementation method achieves a small performance loss to protect the interrupt stack. We have implemented our system on openEuler operating systems and Phytium processors. Although the deployment of protection code will result in increased kernel interrupt latency and processor overhead, experimental verification shows that the overall system overhead is acceptable. [ABSTRACT FROM AUTHOR]

Published

2023

31. The Empowerment of The Cyber Communities By The Indonesian Goverment From The Perspective of Total War Strategy.

Author

Lebo, Devis and Anwar, Syaiful

Subjects

*CYBERTERRORISM, *CYBERCRIMINALS, *CYBERCULTURE, *COMPUTER security, *INFORMATION theory

Abstract

The development of Information Technology and Computers (ICT) has made changes that affect the concept of security. The impact of these ICT developments poses a cyber threat to the National Critical Information Infrastructure (IIKN). The cyber community empowerment effort aims to help the government, institutions and private parties related to the ICT sector in safeguarding and securing IIKN from cyber attacks whose impact can collapse a country if it is not anticipated earlier. For that we need a strategy that is able to support the empowerment of the cyber community by the government in the perspective of universal war. In writing this article, the author uses a method by collecting data and information through the help of various materials contained in the literature (books) or also known as the type of phenomological research associated with qualitative descriptive. From the results of the literature research that the authors get, it is known that the cyber community has not fully helped the government in national defense, there are some cyber communities that have not been involved, it takes the role of government, institutions and private parties related to ICT to be able to realize cyber community empowerment by the Government in the perspective of Total war. [ABSTRACT FROM AUTHOR]

Published

2023

32. ADDP: Anomaly Detection Based on Denoising Pretraining.

Author

Xianlei Ge, Xiaoyan Li, and Zhipeng Zhang

Subjects

*ANOMALY detection (Computer security), *DECODERS (Electronics), *SIGNAL denoising, *IMAGE denoising, *COMPUTER security

Abstract

Acquiring labels in anomaly detection tasks is expensive and challenging. Therefore, as an effective way to improve efficiency, pretraining is widely used in anomaly detection models, which enriches the model's representation capabilities, thereby enhancing both performance and efficiency in anomaly detection. In most pretraining methods, the decoder is typically randomly initialized. Drawing inspiration from the diffusion model, this paper proposed to use denoising as a task to pretrain the decoder in anomaly detection, which is trained to reconstruct the original noise-free input. Denoising requires the model to learn the structure, patterns, and related features of the data, particularly when training samples are limited. This paper explored two approaches on anomaly detection: simultaneous denoising pretraining for encoder and decoder, denoising pretraining for only decoder. Experimental results demonstrate the effectiveness of this method on improving model's performance. Particularly, when the number of samples is limited, the improvement is more pronounced. [ABSTRACT FROM AUTHOR]

Published

2023

33. COMERCIO ELECTRÓNICO Y RIESGOS DE SEGURIDAD DE LA INFORMACIÓN DURANTE LA PANDEMIA DE COVID-19.

Author

Pozo Hernández, Clara Guadalupe, Reascos Pinchao, Raúl Saed, and Minaya Macías, Renelmo Wladimir

Subjects

*COMPUTER security

Abstract

Covid 19 was a pandemic that forced people, institutions and companies to change the way they work and due to the restrictions that were imposed, the internet became the fundamental tool for everyone to continue carrying out their activities virtually. The applications and services offered on the internet were of great benefit, especially for small businesses who saw in commerce an opportunity to reach their customers with their products and these, in turn, a safe way of supplying themselves; but it is important to keep in mind when using these technologies that there are threats and computer security risks that could affect if you are not protected. The objective of this investigation was to analyze the main computer security risks to which the inhabitants of the El Carmen canton are exposed when carrying out electronic commerce activities in times of pandemic; A quantitative investigation was applied to analyze the possible risks and their level of severity, a MAGERIT Risk analysis methodology was used, considering the protection of personal information as an asset, a bibliographical investigation was carried out to select the most common online security risks and Instruments were designed based on the ISO 27001 standard focused on evaluating the controls to avoid the selected risks; For the study, a survey was applied using an online form to a sample of 384 people, who have made purchases over the Internet. From the results obtained, it stands out that the most used platforms for electronic commerce are WhatsApp, Facebook and online stores, finding a higher level of risk in transactions with online stores, the security risks with the highest probability of risks found were: adware, phishing and baiting. [ABSTRACT FROM AUTHOR]

Published

2023

34. La inmunización de la red: la inteligencia artificial basada en Python como bloqueo contra los ciberataques.

Author

Guerrero Panchana, Johnny Fernando and Romero Ibarra, José Luis

Abstract

In an increasingly technology-dependent world, cybersecurity has become a critical concern. Cyberattacks, such as data theft and malware, can have devastating consequences for businesses, governments, and individuals. In this context, artificial intelligence (AI) emerges as a powerful tool to safeguard networks and computer systems. Network immunization leverages machine learning and real-time data analysis to identify patterns and anomalies in network traffic. AI can detect unusual behaviors that may indicate an ongoing cyberattack or intrusion attempt. Furthermore, it can adapt and continuously learn from new threats, thereby maintaining a more secure network over time. However, the implementation of network immunization requires careful consideration due to ethical and privacy challenges, involving constant monitoring of online activities. [ABSTRACT FROM AUTHOR]

Published

2023

35. Evolutionary Approaches for Adversarial Attacks on Neural Source Code Classifiers.

Author

Mercuri, Valeria, Saletta, Martina, and Ferretti, Claudio

Subjects

*COMPUTER security, *SOURCE code, *NEURAL codes, *CYBERTERRORISM, *EVOLUTIONARY algorithms

Abstract

As the prevalence and sophistication of cyber threats continue to increase, the development of robust vulnerability detection techniques becomes paramount in ensuring the security of computer systems. Neural models have demonstrated significant potential in identifying vulnerabilities; however, they are not immune to adversarial attacks. This paper presents a set of evolutionary techniques for generating adversarial instances to enhance the resilience of neural models used for vulnerability detection. The proposed approaches leverage an evolution strategy (ES) algorithm that utilizes as the fitness function the output of the neural network to deceive. By starting from existing instances, the algorithm evolves individuals, represented by source code snippets, by applying semantic-preserving transformations, while utilizing the fitness to invert their original classification. This iterative process facilitates the generation of adversarial instances that can mislead the vulnerability detection models while maintaining the original behavior of the source code. The significance of this research lies in its contribution to the field of cybersecurity by addressing the need for enhanced resilience against adversarial attacks in vulnerability detection models. The evolutionary approach provides a systematic framework for generating adversarial instances, allowing for the identification and mitigation of weaknesses in AI classifiers. [ABSTRACT FROM AUTHOR]

Published

2023

36. Deploying Decentralized, Privacy-Preserving Proximity Tracing.

Author

TRONCOSO, CARMELA, BOGDANOV, DAN, BUGNION, EDOUARD, CHATEL, SYLVAIN, CREMERS, CAS, GÜRSES, SEDA, HUBAUX, JEAN-PIERRE, JACKSON, DENNIS, LARUS, JAMES R., LUEKS, WOUTER, OLIVEIRA, RUI, PAYER, MATHIAS, PRENEEL, BART, PYRGELIS, APOSTOLOS, SALATHÉ, MARCEL, STADLER, THERESA, and VEALE, MICHAEL

Subjects

*CONTACT tracing, *COMMUNICABLE disease control, *APPLICATION software, *DATA privacy, *COMPUTER security, *COMPUTER operating systems

Abstract

This article explores developing a smartphone application, an app, to enable improved contact tracing to prevent the spread of infections. Topics include the key components of a digital contact tracing app- privacy-preserving systems, integration of the app into both the smartphone’s operating system and the public health system, and the challenges in app deployment.

Published

2022

37. Are Software Updates Useless against Advanced Persistent Threats? Considering the conundrum of software updates.

Author

Massacci, Fabio and di Tizio, Giorgio

Subjects

*SOFTWARE upgrades, *SOFTWARE maintenance, *CYBERTERRORISM, *MALWARE, *COMPUTER security

Abstract

The article addresses the topic of software updates and whether they protect against computer security threats or provide a conduit through which attacks can occur. It discusses Advanced Persistent Threats (APTs) which target specific individuals and companies but not necessarily through software vulnerabilities. Industry best practices promoted by software vendors to always update software provides minimal benefits, the article suggests..

Published

2023

38. Inside Risks: Toward Total-System Trustworthiness; Considering how to achieve the long-term goal to systemically reduce risks.

Author

Neumann, Peter G.

Subjects

*SYSTEM analysis, *TRUST, *COMPUTER science, *ARTIFICIAL intelligence, *CRYPTOGRAPHY, *COMPUTER security

Abstract

The author discusses the significance of total-system analysis in computer science, particularly trust in total-system analysis and the difficulty in achieving such trust and assurance. It examines artificial intelligence, cryptography, and multilevel security. The article also examines hierarchically layered designs and methods.

Published

2022

39. Set the Configuration for the Heart of the OS: On the Practicality of Operating System Kernel Debloating.

Author

Hsuan-Chi Kuo, Jianyan Chen, Mohan, Sibin, and Tianyin Xu

Subjects

*KERNEL operating systems, *COMPUTER security, *LINUX operating systems, *OPEN source software, *PROGRAMMING languages

Abstract

This paper presents a study on the practicality of operating system (OS) kernel debloating, that is, reducing kernel code that is not needed by the target applications. Despite their significant benefits regarding security (attack surface reduction) and performance (fast boot time and reduced memory footprints), the state-of-the-art OS kernel debloating techniques are not widely adopted in practice, especially in production environments. We identify the limitations of existing kernel debloating techniques that hinder their practical adoption, such as both accidental and essential ones. To understand these limitations, we build an advanced debloating framework named Cozart that enables us to conduct a number of experiments on different types of OS kernels (such as Linux and the L4 microkernel) with a wide variety of applications (such as HTTPD, Memcached, MySQL, NGINX, PHP, and Redis). Our experimental results reveal the challenges and opportunities in making OS kernel debloating practical. We share these insights and our experience to shed light on addressing the limitations of kernel debloating techniques in future research and development efforts. [ABSTRACT FROM AUTHOR]

Published

2022

40. Recommender Systems under European AI Regulations.

Author

NOIA, TOMMASO DI, TINTAREV, NAVA, FATOUROU, PANAGIOTA, and SCHEDL, MARKUS

Subjects

*COMPUTER laws, *ARTIFICIAL intelligence, *RECOMMENDER systems, *DISCRIMINATION in the civil service, *COMPUTER security, *DATA privacy, CHARTER of Fundamental Rights of the European Union (2000)

Abstract

The article scrutinizes the impact of European artificial intelligence regulations on recommender systems. The compliance of recommender systems with the European Union Charter of Fundamental Human Rights is debated along with the fairness of recommender systems. Strategies to mitigate alleged bias and preserve user security and privacy in recommender systems are presented.

Published

2022

41. STAY CONNECTED... WHEREVER YOU'RE GOING.

Author

DE LEON, NICHOLAS

Subjects

*IN-flight Internet services, *COMPUTER security, *IPHONE (Smartphone), *WIRELESS hotspots, *DIGITAL music, *DATA plans, *CELL phones

Abstract

With a laptop, you can find a list of available WiFi networks by clicking on the WiFi logo (which looks like arched waves radiating upward) on the top of the screen for Macs and the bottom of the screen for Windows laptops. The reason: When WiFi is turned on, your phone constantly checks to see which WiFi networks are available. But if you don't plan to use WiFi at all while you tour a city, you can eke out some extra minutes of battery life by temporarily turning off your phone's WiFi connectivity. [Extracted from the article]

Published

2023

42. IoTSim: Internet of Things-Oriented Binary Code Similarity Detection with Multiple Block Relations.

Author

Luo, Zhenhao, Wang, Pengfei, Xie, Wei, Zhou, Xu, and Wang, Baosheng

Subjects

*BINARY codes, *LANGUAGE models, *COMPUTER security, *INTERNET, *APPLICATION software

Abstract

Binary code similarity detection (BCSD) plays a crucial role in various computer security applications, including vulnerability detection, malware detection, and software component analysis. With the development of the Internet of Things (IoT), there are many binaries from different instruction architecture sets, which require BCSD approaches robust against different architectures. In this study, we propose a novel IoT-oriented binary code similarity detection approach. Our approach leverages a customized transformer-based language model with disentangled attention to capture relative position information. To mitigate out-of-vocabulary (OOV) challenges in the language model, we introduce a base-token prediction pre-training task aimed at capturing basic semantics for unseen tokens. During function embedding generation, we integrate directed jumps, data dependency, and address adjacency to capture multiple block relations. We then assign different weights to different relations and use multi-layer Graph Convolutional Networks (GCN) to generate function embeddings. We implemented the prototype of IoTSim. Our experimental results show that our proposed block relation matrix improves IoTSim with large margins. With a pool size of 10 3 , IoTSim achieves a recall@1 of 0.903 across architectures, outperforming the state-of-the-art approaches Trex, SAFE, and PalmTree. [ABSTRACT FROM AUTHOR]

Published

2023

43. Fuzzy CNN Autoencoder for Unsupervised Anomaly Detection in Log Data.

Author

Gorokhov, Oleg, Petrovskiy, Mikhail, Mashechkin, Igor, and Kazachuk, Maria

Subjects

*ANOMALY detection (Computer security), *DATA logging, *COMPUTER security, *COMPUTER systems, *DEEP learning, *FEATURE extraction, *FUZZY algorithms, *INTRUSION detection systems (Computer security)

Abstract

Currently, the task of maintaining cybersecurity and reliability in various computer systems is relevant. This problem can be solved by detecting anomalies in the log data, which are represented as a stream of textual descriptions of events taking place. For these purposes, reduction to a One-class classification problem is used. Standard One-class classification methods do not achieve good results. Deep learning approaches are more effective. However, they are not robust to outliers and require a lot of computational effort. In this paper, we propose a new robust approach based on a convolutional autoencoder using fuzzy clustering. The proposed approach uses a parallel convolution operation to feature extraction, which makes it more efficient than the currently popular Transformer architecture. In the course of the experiments, the proposed approach showed the best results for both the cybersecurity and the reliability problems compared to existing approaches. It was also shown that the proposed approach is robust to outliers in the training set. [ABSTRACT FROM AUTHOR]

Published

2023

44. MUHASEBE EĞİTİMİNDE DİJİTAL YETKİNLİKLER: TÜRK MUHASEBE MÜFREDATI ÜZERİNE BİR İNCELEME.

Author

ESKİN, İlknur and SARISOY, Özkan

Subjects

*ACCOUNTING education, *DIGITAL transformation, *DIGITAL technology, *UNDERGRADUATE programs, *COMPUTER security

Abstract

The digitalization experienced in accounting has also changed the competencies expected from accounting personnel in the sector. This situation has brought up the issue of the extent to which higher education institutions provide digital competencies in accounting education. The study's aim in this context is to determine the levels of digitalization of accounting undergraduate programs that provide accounting education and to investigate the role of existing courses in providing digital competencies. In this regard, the accounting and finance management departments of 17 Turkish universities that are directly based on accounting education, were investigated. In the study, first, digital application courses of undergraduate programs that provide accounting education were determined. Then, using the content analysis approach, 24 types of courses for digital practise were examined using the MAXQDA 2020 qualitative data analysis application. The findings of the study show that digital application courses have been added to the lesson plans considering the digital transformation of the accounting profession, but these courses are not sufficient. Additionally, it has been determined that these courses are insufficient in gaining competence regarding computer security and data protection and manufacturing activities and processes. [ABSTRACT FROM AUTHOR]

Published

2023

45. Strongly nonoutsourceable scratch-off puzzles in blockchain.

Author

Zeng, Gongxian, Huang, Zhengan, Wang, Yu, Mu, Xin, and Zhang, Cheng

Subjects

*COMPUTER security, *CONCRETE construction, *PUZZLES, *BLOCKCHAINS, *CRYPTOCURRENCIES, *BITCOIN, *REPUTATION

Abstract

Blockchain and its most selling point decentralization have attracted lots of attentions. However, the problem of centralized mining pools (also called outsourcing problem) is a serious threat to the fundamental security of Bitcoin and other blockchains that also use a scratch-off puzzle (Miller et al. in Proceedings of the 22nd ACM SIGSAC conference on computer and communications security, 2015). Although there are some solutions proposing "nonoutsourceable puzzles" to stop the pool operators in the centralized mining pools from outsourcing their mining work to others, we find that none of them can be adopted in real world to support strong nonoutsourceability. In other words, through some special means, e.g., legal prosecution or a tainted public reputation, the pool operator still can outsource his mining work. In this paper, we study the formal definition of strong nonoutsourceability and present constructions that support strong nonoutsourceability. The experimental results also show that our concrete construction is practical. [ABSTRACT FROM AUTHOR]

Published

2023

46. To what extent does time perspective predict online security behaviour?

Author

Taylor, Jill and van Schaik, Paul

Subjects

*PRIVACY, *COMPUTERS, *TIME, *MULTIPLE regression analysis, *CROSS-sectional method, *INFORMATION resources management, *BEHAVIOR, *SMARTPHONES, *CRONBACH'S alpha, *DATA security, *MEDICAL ethics, *QUESTIONNAIRES, *DESCRIPTIVE statistics, *INTENTION

Abstract

This research uniquely examines time perspective (TP) predictors of online security behaviour. Participants (N = 121) completed questionnaires assessing computer security use, security behaviour intentions, and time perspective. Stepwise multiple regression analysis revealed computer security use was positively by predicted by Future TP. Device Securement was positively predicted from Carpe Diem TP. Updating was positively predicted from a Carpe Diem TP and a Past Negative TP. Proactive Awareness was negatively predicted from Present Hedonism. As time perspective is malleable, an ability to switch effectively between the TPs may enhance aspects of online security. [ABSTRACT FROM AUTHOR]

Published

2023

47. Performance Evaluation of CNN and Pre-trained Models for Malware Classification.

Author

Habibi, Omar, Chemmakha, Mohammed, and Lazaar, Mohamed

Subjects

*RANSOMWARE, *MALWARE, *COMPUTER security, *DENIAL of service attacks, *INTERNET exchange points, *DEEP learning

Abstract

In recent years, with the technological evolution that the world of IT has known, there are billions of devices connected via the internet and exchange immense amount of data. This development has stimulated senior criminals or even Script kiddies—who can exploit a malware, that is already developed and widespreaded—to develop attacks such as ransomware or DOS attacks. This situation has forced the security experts to develop new technologies to face these threats. Despite this, these new technologies remain incapable in front of zero-day malware, or new types of obfuscation, polymorphism or metamorphism. This complicated situation calls for Deep Learning, which is commonly used to solve these computer security issues. Our study will focus on Deep Learning for malware classification by implementing CNN models and transfer learning (TL) in order to overcome common problem in DL-based models for malware detection including overfitting, high-resources consumption and failure to detect obfuscated malware. Then we will make a comparative study, in order to analyze the impact of the improvements made in our study, compared to the results by D. Noever and Samantha E. Miller Noever. In this work, we used 3 models, an implemented CNN model, and 2 transfer learning models: MobileNetV2 and ResNet-50 models which are pre-trained models. We used also a dataset that contains 51880 samples, 10 different families of samples, 9 classes of malware images, and one class of benign files images. The results show that our model classifies malware families with an accuracy of 99%. To test the robustness of our models, we implement them on MalImg dataset to test their performances on obfuscated malware detection; we find out that our models detect obfuscation with an accuracy of 100%. [ABSTRACT FROM AUTHOR]

Published

2023

48. A machine learning approach for digital watermarking.

Author

Nematollahi, Mohammad Ali

Subjects

*INFORMATION technology security, *MACHINE learning, *DIGITAL watermarking, *COMPUTER security, *DIGITAL learning, *DEEP learning, *COMPUTER software security

Abstract

Recently, machine learning (ML) has been applying in almost all scientific fields to model and simulate the behaviour of complex systems. At the same time, the number of the proposed watermarking techniques have been increasing every year. Although most of the researchers in the watermarking and data hiding field put all their effort to compete each other to develop more efficient algorithm, the selection of the most efficient one is almost impossible for industries or software developers. In other words, comparison among all the watermarking techniques in order to select one watermarking technique would be cumbersome task. Moreover, the computer security is becoming more advanced which a single watermark technique cannot fulfil all the required criteria and there is a chance that an anti-watermarking is developed to remove the embedded watermark from the host data. This gap of knowledge to use the watermarking technology for a highly secure application is a real nightmare for the information security engineers and software designers. In this paper, two new approaches are proposed to train deep learning and shallow learning models based on the state-of-the-arts watermarking techniques. For these proposed approaches, several ML algorithms are applied to model various watermarked data, which are watermarked by different watermarking techniques in various spectrums and domains. An experimental setup is constructed based on several speeches, audios, images and videos beside the Amazon Sagemaker as ML modelling to implement the proposed approach. The experimental results show that apart from an overall effectiveness of the model, it would resolve some ambiguities by applying the proposed ML approach as a general watermarking workflow. [ABSTRACT FROM AUTHOR]

Published

2023

49. Detecting impersonation episode using teaching learning‐based optimization and support vector machine techniques.

Author

Shukla, Alok Kumar

Subjects

*SUPPORT vector machines, *IMPERSONATION, *INTERNET security, *BURGLARY protection, *SECURITY systems, *SIMULATED annealing, *COMPUTER security

Abstract

Over the last few decades, computer and internet security has become a vital area because of eye‐opening numbers of data breaches, intruders on perilous infrastructure and malware attacks that are increasing day by day. In order to monitor abnormal activities and identify unusual attacks, several security solutions have been proposed in the recent past years. To protect computer system, intrusion detection system (IDS) opens up great opportunities to determine vulnerabilities and detect anomalies in security system. For detecting new attacks or building security solutions, in this study we present a new wrapper technique for security specialists that can help to detect more complicated attacks by combining teaching learning‐based optimization with opposition learning scheme and simulated annealing method. In order to address advance attack, firstly opposition learning strategy is used to update population generation of teaching learning‐based optimization that affect the robustness of the model after that simulated annealing is integrated into the teaching learning‐based optimization. In proposed method to choose the relevant features, we have used support vector machine as a fitness function that can be helped to recognize attacks precisely. The proposed algorithm is evaluated on three popular datasets namely NSL‐KDD, ISCX 2012 and UNSW‐NB15. Experimental results show that the proposed method is superior to other existing wrapper algorithms in terms of detection rate, accuracy and false alarm rates. [ABSTRACT FROM AUTHOR]

Published

2023

50. Adversarial-Aware Deep Learning System Based on a Secondary Classical Machine Learning Verification Approach.

Author

Alkhowaiter, Mohammed, Kholidy, Hisham, Alyami, Mnassar A., Alghamdi, Abdulmajeed, and Zou, Cliff

Subjects

*DEEP learning, *MACHINE learning, *ARTIFICIAL neural networks, *IMAGE recognition (Computer vision), *INSTRUCTIONAL systems, *COMPUTER security

Abstract

Deep learning models have been used in creating various effective image classification applications. However, they are vulnerable to adversarial attacks that seek to misguide the models into predicting incorrect classes. Our study of major adversarial attack models shows that they all specifically target and exploit the neural networking structures in their designs. This understanding led us to develop a hypothesis that most classical machine learning models, such as random forest (RF), are immune to adversarial attack models because they do not rely on neural network design at all. Our experimental study of classical machine learning models against popular adversarial attacks supports this hypothesis. Based on this hypothesis, we propose a new adversarial-aware deep learning system by using a classical machine learning model as the secondary verification system to complement the primary deep learning model in image classification. Although the secondary classical machine learning model has less accurate output, it is only used for verification purposes, which does not impact the output accuracy of the primary deep learning model, and, at the same time, can effectively detect an adversarial attack when a clear mismatch occurs. Our experiments based on the CIFAR-100 dataset show that our proposed approach outperforms current state-of-the-art adversarial defense systems. [ABSTRACT FROM AUTHOR]

Published

2023