Abstract: In recent years, SQL injection attacks have been identified as being prevalent against web applications. They affect network security and user data, which leads to a considerable loss of money and data every year. This paper presents the use of classification algorithms in machine learning using a method to classify the login data filtering inputs into "SQLi" or "Non-SQLi,” thus increasing the reliability and accuracy of results in terms of deciding whether an operation is an attack or a valid operation. A method as a Web-App is developed for auto-generated data replication to provide a twin of the targeted data structure. Shielding against SQLi attacks (WebAppShield) that verifies all users and prevents attackers (SQLi attacks) from entering and or accessing the database, which the machine learning module predicts as "Non-SQLi", has been developed. A special login form has been developed with a special instance of the data validation; this verification process secures the web application from its early stages. The system has been tested and validated, and up to 99% of SQLi attacks have been prevented.
Abstract: Smart contracts are computer protocols that facilitate, verify, and execute the negotiation or execution of a contract, or that render a contractual term unnecessary. Blockchain and smart contracts can be used to facilitate almost any financial transaction. Thanks to these smart contracts, the settlement of dividends and coupons could be automated. Smart contracts have become lucrative and profitable targets for attackers because they can hold a great amount of money. Smart contracts, although widely used in blockchain technology, are far from perfect due to security concerns. Although a series of attacks are listed, there is a lack of discussions and proposals on improving security. This survey takes stock of smart contract security from a more comprehensive perspective by correlating the level of vulnerability and systematic review of security levels in smart contracts.
Abstract: The Mobile field hospital is critical in terms of managing emergencies in crisis. It is a sub-section of the main hospitals and the health sector, tasked with delivering responsive, immediate, and efficient medical services during a crisis. With the aim to prevent further crisis, the assessment of the cyber assets follows different methods, to distinguish its strengths and weaknesses, and in turn achieve cyber resiliency. The work focuses on assessments of cyber resilience in field hospitals with trends growing in both the field hospital and the health sector in general. This creates opportunities for the adverse attackers and the response improvement objectives for attaining cyber resilience, as the assessments allow users and stakeholders to know the level of risks with regards to its cyber assets. Thus, the purpose is to show the possible threat vectors which open up opportunities, with contrast to current trends in the assessment of the mobile field hospitals’ cyber assets.
Abstract: Authentication protocols based on public key infrastructure (PKI) and trusted third party (TTP) are no longer adequate for industrial scale IoT networks thanks to issues such as low compute and power availability, the use of widely distributed and commercial off-the-shelf (COTS) systems, and the increasingly sophisticated attackers and attacks we now have to counter. For example, there is increasing concern about nation-state-based interference and future quantum computing capability. We have examined this space from first principles and have developed several approaches to group and point-to-point authentication for IoT that do not depend on the use of a centralised client-server model. We emphasise the use of quantum resistant primitives such as strong cryptographic hashing and the use multi-factor authentication.
Abstract: Evaluating the levels of cyber-security risks within an enterprise is most important in protecting its information system, services and all its digital assets against security incidents (e.g. accidents, malicious acts, massive cyber-attacks). The existing risk assessment methodologies (e.g. eBIOS, OCTAVE, CRAMM, NIST-800) adopt a technical approach considering as attack factors only the capability, intention and target of the attacker, and not paying attention to the attacker’s psychological profile and personality traits. In this paper, a socio-technical approach is proposed in cyber risk assessment, in order to achieve more realistic risk estimates by considering the personality traits of the attackers. In particular, based upon principles from investigative psychology and behavioural science, a multi-dimensional, extended, quantifiable model for an attacker’s profile is developed, which becomes an additional factor in the cyber risk level calculation.
Abstract: SQL injection is one of the most common types of attacks and has a very critical impact on web servers. In the worst case, an attacker can perform post-exploitation after a successful SQL injection attack. In the case of forensics web servers, web server analysis is closely related to log file analysis. But sometimes large file sizes and different log types make it difficult for investigators to look for traces of attackers on the server. The purpose of this paper is to help investigator take appropriate steps to investigate when the web server gets attacked. We use attack scenarios using SQL injection attacks including PHP backdoor injection as post-exploitation. We perform post-mortem analysis of web server logs based on Hypertext Transfer Protocol (HTTP) POST and HTTP GET method approaches that are characteristic of SQL injection attacks. In addition, we also propose structured analysis method between the web server application log file, database application, and other additional logs that exist on the webserver. This method makes the investigator more structured to analyze the log file so as to produce evidence of attack with acceptable time. There is also the possibility that other attack techniques can be detected with this method. On the other side, it can help web administrators to prepare their systems for the forensic readiness.
Abstract: Recent innovations in the field of technology led to the use of wireless sensor networks in various applications, which consists of a number of small, very tiny, low-cost, non-tamper proof and resource constrained sensor nodes. These nodes are often distributed and deployed in an unattended environment, so as to collaborate with each other to share data or information. Amidst various applications, wireless sensor network finds a major role in monitoring battle field in military applications. As these non-tamperproof nodes are deployed in an unattended location, they are vulnerable to many security attacks. Amongst many security attacks, the node replication attack seems to be more threatening to the network users. Node Replication attack is caused by an attacker, who catches one true node, duplicates the first certification and cryptographic materials, makes at least one or more copies of the caught node and spots them at certain key positions in the system to screen or disturb the network operations. Preventing the occurrence of such node replication attacks in network is a challenging task. In this survey article, we provide the classification of detection schemes and also explore the various schemes proposed in each category. Also, we compare the various detection schemes against certain evaluation parameters and also its limitations. Finally, we provide some suggestions for carrying out future research work against such attacks.
Abstract: Today’s internet world is highly prone to various online attacks, of which the most harmful attack is phishing. The attackers host the fake websites which are very similar and look alike. We propose an image based authentication using steganography and visual cryptography to prevent phishing. This paper presents a secure steganographic technique for true color (RGB) images and uses Discrete Cosine Transform to compress the images. The proposed method hides the secret data inside the cover image. The use of visual cryptography is to preserve the privacy of an image by decomposing the original image into two shares. Original image can be identified only when both qualified shares are simultaneously available. Individual share does not reveal the identity of the original image. Thus, the existence of the secret message is hard to be detected by the RS steganalysis.
Abstract: Control Flow Integrity (CFI) is one of the most
promising technique to defend Code-Reuse Attacks (CRAs).
Traditional CFI Systems and recent Context-Sensitive CFI use coarse
control flow graphs (CFGs) to analyze whether the control flow
hijack occurs, left vast space for attackers at indirect call-sites. Coarse
CFGs make it difficult to decide which target to execute at indirect
control-flow transfers, and weaken the existing CFI systems actually.
It is an unsolved problem to extract CFGs precisely and perfectly
from binaries now. In this paper, we present an algorithm to get a
more precise CFG from binaries. Parameters are analyzed at indirect
call-sites and functions firstly. By comparing counts of parameters
prepared before call-sites and consumed by functions, targets of
indirect calls are reduced. Then the control flow would be more
constrained at indirect call-sites in runtime. Combined with CCFI,
we implement our policy. Experimental results on some popular
programs show that our approach is efficient. Further analysis show
that it can mitigate COOP and other advanced attacks.
Abstract: This article attempts to analyse behavioural traits of
lone-wolves who struck and killed innocents in six different attacks
in Europe in last nine months. The main objective of this study is
to develop a profiling template in order to capture commonality of
characteristics of these attackers. This study tries to understand the
homogeneity of lone-wolves in terms of their social background and
state of mind. The commonality among them can possibly be used to
build a profiling template that could help detecting vulnerable persons
who are prone to be self-radicalised or radicalised by someone
else. The result of this study provides us an understanding of their
commonality in terms of their state of mind and social characteristics.
Abstract: This paper presents an approach for optimal cyber security decisions to protect instances of a federated Internet of Things (IoT) platform in the cloud. The presented solution implements the repeated Stackelberg Security Game (SSG) and a model called Stochastic Human behaviour model with AttRactiveness and Probability weighting (SHARP). SHARP employs the Subjective Utility Quantal Response (SUQR) for formulating a subjective utility function, which is based on the evaluations of alternative solutions during decision-making. We augment the repeated SSG (including SHARP and SUQR) with a reinforced learning algorithm called Naïve Q-Learning. Naïve Q-Learning belongs to the category of active and model-free Machine Learning (ML) techniques in which the agent (either the defender or the attacker) attempts to find an optimal security solution. In this way, we combine GT and ML algorithms for discovering optimal cyber security policies. The proposed security optimization components will be validated in a collaborative cloud platform that is based on the Industrial Internet Reference Architecture (IIRA) and its recently published security model.
Abstract: Android operating system has been recognized by most application developers because of its good open-source and compatibility, which enriches the categories of applications greatly. However, it has become the target of malware attackers due to the lack of strict security supervision mechanisms, which leads to the rapid growth of malware, thus bringing serious safety hazards to users. Therefore, it is critical to detect Android malware effectively. Generally, the permissions declared in the AndroidManifest.xml can reflect the function and behavior of the application to a large extent. Since current Android system has not any restrictions to the number of permissions that an application can request, developers tend to apply more than actually needed permissions in order to ensure the successful running of the application, which results in the abuse of permissions. However, some traditional detection methods only consider the requested permissions and ignore whether it is actually used, which leads to incorrect identification of some malwares. Therefore, a machine learning detection method based on the actually used permissions combination and API calls was put forward in this paper. Meanwhile, several experiments are conducted to evaluate our methodology. The result shows that it can detect unknown malware effectively with higher true positive rate and accuracy while maintaining a low false positive rate. Consequently, the AdaboostM1 (J48) classification algorithm based on information gain feature selection algorithm has the best detection result, which can achieve an accuracy of 99.8%, a true positive rate of 99.6% and a lowest false positive rate of 0.
Abstract: We investigate the large scale of networks in the
context of network survivability under attack. We use appropriate
techniques to evaluate and the attacker-based- and the defenderbased-
network survivability. The attacker is unaware of the operated
links by the defender. Each attacked link has some pre-specified
probability to be disconnected. The defender choice is so that to
maximize the chance of successfully sending the flow to the
destination node. The attacker however will select the cut-set with
the highest chance to be disabled in order to partition the network.
Moreover, we extend the problem to the case of selecting the best p
paths to operate by the defender and the best k cut-sets to target by
the attacker, for arbitrary integers p,k>1. We investigate some
variations of the problem and suggest polynomial-time solutions.
Abstract: Password authentication is one of the widely used
methods to achieve authentication for legal users of computers and
defense against attackers. There are many different ways to
authenticate users of a system and there are many password cracking
methods also developed. This paper proposes how best password
cracking can be performed on a CPU-GPGPU based system. The
main objective of this work is to project how quickly a password can
be cracked with some knowledge about the computer security and
password cracking if sufficient security is not incorporated to the
system.
Abstract: Wireless networks are built upon the open shared
medium which makes easy for attackers to conduct malicious
activities. Jamming is one of the most serious security threats to
information economy and it must be dealt efficiently. Jammer
prevents legitimate data to reach the receiver side and also it
seriously degrades the network performance. The objective of this
paper is to provide a general overview of jamming in wireless
network. It covers relevant works, different jamming techniques,
various types of jammers and typical prevention techniques.
Challenges associated with comparing several anti-jamming
techniques are also highlighted.
Abstract: The availability to deploy mobile applications for
health care is increasing daily thru different mobile app stores. But
within these capabilities the number of hacking attacks has also
increased, in particular into medical mobile applications. The security
vulnerabilities in medical mobile apps can be triggered by errors in
code, incorrect logic, poor design, among other parameters. This is
usually used by malicious attackers to steal or modify the users’
information. The aim of this research is to analyze the vulnerabilities
detected in mobile medical apps according to risk factor standards
defined by OWASP in 2014.
Abstract: This paper presents a novel algorithm for secure,
reliable and flexible transmission of big data in two hop wireless
networks using cooperative jamming scheme. Two hop wireless
networks consist of source, relay and destination nodes. Big data has
to transmit from source to relay and from relay to destination by
deploying security in physical layer. Cooperative jamming scheme
determines transmission of big data in more secure manner by
protecting it from eavesdroppers and malicious nodes of unknown
location. The novel algorithm that ensures secure and energy balance
transmission of big data, includes selection of data transmitting
region, segmenting the selected region, determining probability ratio
for each node (capture node, non-capture and eavesdropper node) in
every segment, evaluating the probability using binary based
evaluation. If it is secure transmission resume with the two- hop
transmission of big data, otherwise prevent the attackers by
cooperative jamming scheme and transmit the data in two-hop
transmission.
Abstract: One of the crucial parameters of digital cryptographic
systems is the selection of the keys used and their distribution. The
randomness of the keys has a strong impact on the system’s security
strength being difficult to be predicted, guessed, reproduced, or
discovered by a cryptanalyst. Therefore, adequate key randomness
generation is still sought for the benefit of stronger cryptosystems.
This paper suggests an algorithm designed to generate and test
pseudo random number sequences intended for cryptographic
applications. This algorithm is based on mathematically manipulating
a publically agreed upon information between sender and receiver
over a public channel. This information is used as a seed for
performing some mathematical functions in order to generate a
sequence of pseudorandom numbers that will be used for
encryption/decryption purposes. This manipulation involves
permutations and substitutions that fulfill Shannon’s principle of
“confusion and diffusion”. ASCII code characters were utilized in the
generation process instead of using bit strings initially, which adds
more flexibility in testing different seed values. Finally, the obtained
results would indicate sound difficulty of guessing keys by attackers.
Abstract: A Distributed Denial of Service (DDoS) attack is a
major threat to cyber security. It originates from the network layer or
the application layer of compromised/attacker systems which are
connected to the network. The impact of this attack ranges from the
simple inconvenience to use a particular service to causing major
failures at the targeted server. When there is heavy traffic flow to a
target server, it is necessary to classify the legitimate access and
attacks. In this paper, a novel method is proposed to detect DDoS
attacks from the traces of traffic flow. An access matrix is created
from the traces. As the access matrix is multi dimensional, Principle
Component Analysis (PCA) is used to reduce the attributes used for
detection. Two classifiers Naive Bayes and K-Nearest neighborhood
are used to classify the traffic as normal or abnormal. The
performance of the classifier with PCA selected attributes and actual
attributes of access matrix is compared by the detection rate and
False Positive Rate (FPR).
Abstract: Securing the confidential data transferred via wireless
network remains a challenging problem. It is paramount to ensure
that data are accessible only by the legitimate users rather than by the
attackers. One of the most serious threats to organization is jamming,
which disrupts the communication between any two pairs of nodes.
Therefore, designing an attack-defending scheme without any packet
loss in data transmission is an important challenge. In this paper,
Dependence based Malicious Route Defending DMRD Scheme has
been proposed in multi path routing environment to prevent jamming
attack. The key idea is to defend the malicious route to ensure
perspicuous transmission. This scheme develops a two layered
architecture and it operates in two different steps. In the first step,
possible routes are captured and their agent dependence values are
marked using triple agents. In the second step, the dependence values
are compared by performing comparator filtering to detect malicious
route as well as to identify a reliable route for secured data
transmission. By simulation studies, it is observed that the proposed
scheme significantly identifies malicious route by attaining lower
delay time and route discovery time; it also achieves higher
throughput.