The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
Applications are generally written assuming a predictable and well-behaved OS. In practice, they experience unpredictable misbehavior at the OS level and across OSes: different OSes can handle network events differently, APIs can behave differently across OSes, and OSes may be compromised or buggy. This unpredictability is challenging because its sources typically manifest during deployment and are...
The constraint condition affects the attack, but this impact is not considered by the existing decision algorithm. In order to make the decision algorithm more consistent with the actual situation, this paper gave an optimal attack decision method based on the correlation between vulnerability and constraint conditions. The method first establishes the attack logic graph according the attack template,...
The centralized zone data service (CZDS) was introduced by the Internet Corporation for Assigned Names and Numbers (ICANN) to facilitate sharing and access to zone data of the new generic Top-Level Domains (gTLDs). CZDS aims to improve the security and transparency of the naming system. In this paper, we investigate CZDS's transparency by measurement. By requesting access to zone data of all gTLDs...
This paper proposes a novel methodology FPGA Trust Zone (FTZ) to incorporate security into the design cycle to detect and isolate anomalies such as Hardware Trojans in the FPGA fabric. Anomalies are identified using violation to spatial correlation of process variation in FPGA fabric. Anomalies are isolated using Xilinx Isolation Design Flow (IDF) methodology. FTZ helps identify and partition the...
The main concern associated with biometric structures which are stored in a database is the security of the template storage system. A new technique which assembles the encryption key and biometric sample using a cryptographic means is the fuzzy vault. The fuzzy vault scheme provides supreme security to the templates which are stored in a database or smart card. Compared to an ordinary system which...
Traditional multi-step attack correlation approaches based on intrusion alerts face the challenge of recognizing attack scenarios because these approaches require complex pre-defined association rules as well as a high dependency on expert knowledge. Meanwhile, they barely consider the privacy issues. Under such circumstance, a novel algorithm is proposed to construct multi-step attack scenarios based...
The core vision of the smart grid concept is the realization of reliable two-way communications between smart devices (e.g., IEDs, PLCs, PMUs). The benefits of the smart grid also come with tremendous security risks and new challenges in protecting the smart grid systems from cyber threats. Particularly, the use of untrusted counterfeit smart grid devices represents a real problem. Consequences of...
The concept of pairing confidential-relevant variables (connected variables) using ridge regression and bootstrap sampling has recently been proposed for developing perturbation models to data privacy in cyber-physical systems. In this approach, a single set of perturbation parameters for all the pairs of connected variables has been used to achieve trade-off between data confidentiality and classification...
The exponential growth of unstructured messages generated by the computer systems and applications in modern computing environment poses a significant challenge in managing and using the information contained in the messages. Although these data contain a wealth of information that is useful for advanced threat detection, the sheer volume, variety, and complexity of data make it difficult to analyze...
In this paper, we contribute to a self-adaptive approach, namely interaction-awareness which adopts self-aware principles to dynamically manage and maintain the knowledge on the interactions between volunteer services in the volunteer computing paradigm. Such knowledge can inform the adaptation decisions, leading to increase in the precision of selecting and composing services. We evaluate the approaches...
This paper studies the secrecy performance of an untrusted amplify-and-forward relaying network where both the relaying and the direct links are used to convey the source's information. Since relays act as eavesdroppers, a source-based jamming technique is proposed to keep the source's message secret from these helper nodes. We analyze the secrecy capacity of partial relay selection based on outdated...
A technique has been presented to use ECG (Electrocardiogram) for human identification. Earlier researches were tested on PTB or MIT-BIH ECG data which was recorded once a person is at rest and will give erroneous results if the heart beat rate changes depending upon human activity. Hence time and amplitude normalization is necessary for identification. In this technique, R peaks of ECG signal are...
Information security management is a complicated task in cloud environment. Cloud service layers and multi-tenant architecture have created a complicated environment for developing and managing a monitoring and incident response environment in organizations. The main goal of this paper is to receive and analyze events from OpenStack environment. Events and system logs are received from OpenStack environment...
Data collection in wireless networked sensing systems (WNSS) is usually not reliable due to sensor faults and/or security attacks. This makes detection of an event (e.g., structural damage) through data aggregation unreliable. In this paper, we propose a trustworthy and protected data collection (TPDC) framework for event detection in WNSS. This framework facilitates reliable data for aggregation...
Security protocols have been commonly used to protect secure communication in networked systems. It is often assumed that individual wireless nodes or leaders in a system are sincere and use techniques (authentication, permission, etc.) of these protocols to have secure communications. We discover that such protocols may be leaked by a sophisticated collusion attack (a type of attacks in which a node...
With an ever-increasing trend of cybercrimes and incidents due to software vulnerabilities and exposures, effective and proactive vulnerability management becomes imperative in modern organisations regardless large or small. Forecasting models leveraging rich historical vulnerability disclosure data undoubtedly provide important insights to inform the cyber community with the anticipated risks. In...
Trust model has been suggested as an effective security mechanism in distributed network environment. Considerable researches have been done on trust evaluation and trust prediction. Traditional methods take the historical behavior data into consideration to predict the trust value of the network entity. However, the context of the network entity is seldom taken into account. It is obvious that the...
Compared to related traditional majors, the Internet of Things engineering major has greater integration and its own characteristics especially the extension characteristic. As for the industry hierarchy for Internet of Things, standardizations are still lacking for its layers. Hence, e-learning on Internet of Things engineering major is challenging with the development of related technologies. This...
In this short paper we present a socio-technical framework for integrating a security risk escalation maturity model into a security information and event management system. The objective of the framework is to develop the foundations for the next generation socio-technical security information and event management systems (ST-SIEMs) enabling socio-technical security operations centers (ST-SOCs)....
Security issues are important concerns of image hashing. A type of image hashing needs to randomly divide a given image into several parts, usually rectangles. However, the security problem arises due to the rectangular shapes. So, we propose a new method which enhances the randomness by dividing the image into zigzag blocks with random walk. Security analyses are provided, and experiments show our...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.