The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
We present an analysis of how to determine security requirements for software that controls routing decisions in the distribution of discrete physical goods. Requirements are derived from stakeholder interests and threat scenarios. Three deployment scenarios are discussed: cloud and hybrid deployment as well as on-premise installation for legacy sites.
For over a decade now, cross-site request forgery (CSRF) has been persistently named one of the OWASP's top 10 Web vulnerabilities. Recently, a variant of CSRF — named cross-site framing attack (CSFA) — has also been identified. Both attacks are very simple to implement/execute while resulting in potentially devastating consequences for the victim. What distinguishes the two attacks is their ultimate...
We investigate the possibility of covert and secret key generation over a discrete memoryless channel model with one way public discussion. Protocols are required to conceal not only the key but also whether a protocol is being implemented. For some models, we show that covert secret key generation is possible and characterize the covert secret key capacity in special cases; in particular, the covert...
Large numbers of Internet of Things (IoT) devices are increasingly deployed in many aspects of modern life. Given their limited resources and computational power, verifying program integrity in such devices is a challenging issue. In this paper, we design MTRA, a Multiple-Tier Remote Attestation protocol, by exploiting differences in resources and computational power among various types of networked...
Security threats such as jamming and route manipulation can have significant consequences on the performance of modern wireless networks. To increase the efficacy and stealthiness of such threats, a number of extremely challenging, next-generation cross-layer attacks have been recently unveiled. Although existing research has thoroughly addressed many single-layer attacks, the problem of detecting...
A major limitation of mobile Crowd Sourcing (CS) applications is the generation of false (or spam) contributions due to selfish and malicious behaviors of users, or wrong perception of an event. Such false contributions induce loss of revenue through disbursement of undue incentives and also negatively affects the application's operational reliability. In this work, we propose a reputation model,...
This paper addresses the attack frequency estimation for networked control systems suffering from denial of service (DoS) attacks. First, the networked control systems (NCSs) subjecting to DoS attacks are modeled as switched systems between normal systems and attacked systems. Secondly, by considering the worst scenario of DoS attacks with energy constraints, the maximum allowable update interval...
In recent years, medicine has seen how technology was going day by day more present to become necessary. At the same time, security became a critical aspect, since private patient medical data are handled. In this field in which gather mobile technologies with medicine, security has great importance. Therefore, it is essential to conduct security audits to mobile applications which deal with private...
As threat detection systems become critical for protecting modern organizations, visualization has emerged as an essential tool for security analysts to understand network threats. However, there is currently little research in designing and evaluating effective network threat analysis visualizations. To address this problem, we take a user-centered approach, starting with designing an open source...
In this paper, we present a novel model and visualization approach for heterogeneous sources of data. We represent our data by using a model inspired by STIX. Then, we use clustering algorithms to select interesting information to explore in a visualization panel. The visualization is based on a 3D graph representation that highlights the link between malicious event and allows to focus on relevant...
In this paper, we introduce a new visualization tool for network-wide intrusion detection. It is based in multivariate anomaly detection with a combination between Principal Component Analysis (PCA) and a new variant called Group-wise PCA (GPCA). Combining these methodologies with the capabilities of interactive visualization, the resulting tool is a highly flexible and intuitive interface that allows...
Recent studies have shown that attackers can force deep learning models to misclassify so-called “adversarial examples:” maliciously generated images formed by making imperceptible modifications to pixel values. With growing interest in deep learning for security applications, it is important for security experts and users of machine learning to recognize how learning systems may be attacked. Due...
With the omnipresence of the Internet of Things and poorly secured devices with it in combination with high bandwidth networks, Distributed Denial of Service (DDoS) attacks have become one of the biggest threats for network security. With high bandwidth attacks flooding network infrastructure, the pressure to secure the attack targets shifts more and more to the network operators. Often without direct...
The reports from last years outline the fact that the web crawlers (robots, bots) activities generate more than a half of web traffic on Internet. Web robots can be good (used for example by search engines) or bad (for bypassing security solutions, scraping, spamming or hacking), but usually all take up the internet bandwidth and can cause damage to businesses that rely on web traffic or content....
Software-defined networking (SDN) is a key emerging technology that enables networks to be programmed and dynamically reconfigured through software-based network applications. This programability also significantly increases the exposure of these networks to software application faults, which can compromise or crash the underlying SDN network. It is thus imperative to detect subtle faulty or malicious...
Home automation has become increasingly popular, with new interconnected products being introduced on a regular basis. While the benefits of these devices are tantalizing, end users may not fully understand the complexities of setting up these devices, become frustrated with the process, or have incorrect installations. We performed an exploratory study to understand the barriers that they face in...
As the number and variety of cyber threats increase, it becomes more critical to share intelligence information in a fast and efficient manner. However, current cyber threat intelligence data do not contain sufficient information about how to specify countermeasures or how institutions should apply countermeasures automatically on their networks. A flexible and agile network architecture is required...
In this paper, a user-authentication scheme that is designed to ensure privacy and security of health-information exchange in cloud computing is proposed. The proposed system will allow health care centers and doctors to securely and efficiently monitor patients' health at their homes using secure integration of medical devices and healthcare systems such as: body sensor networks, wearable devices,...
In world one out of two people is using a smart device. These devices those protect the personal data, those have people do their payments are targeted by attackers. Mobile applications include so many security threats all over inside the web traffic and the server that they communicate. Threats created by attackers can be divided to two titles which are direct attacks and indirect attacks. In this...
It is normally hard to believe in software security claim if we do not know what is meant exactly by "secure" and the reasons to support the claim are not sufficiently provided. Security cases—which document the rationale for believing that a system is adequately secure—are intended to address both these issues. However, due to lack of practical construction method...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.