Search results for: zero-day attacks
335 Challenges in Anti-Counterfeiting of Cyber-Physical Systems
Authors: Daniel Kliewe, Arno Kühn, Roman Dumitrescu, Jürgen Gausemeier
Abstract:
This paper examines the system protection for cyber-physical systems (CPS). CPS are particularly characterized by their networking system components. This means they are able to adapt to the needs of their users and its environment. With this ability, CPS have new, specific requirements on the protection against anti-counterfeiting, know-how loss and manipulation. They increase the requirements on system protection because piracy attacks can be more diverse, for example because of an increasing number of interfaces or through the networking abilities. The new requirements were identified and in a next step matched with existing protective measures. Due to the found gap the development of new protection measures has to be forced to close this gap. Moreover a comparison of the effectiveness between selected measures was realized and the first results are presented in the paper.Keywords: anti-counterfeiting, cyber physical systems, intellectual property (IP), knowledge management, system protection
Procedia PDF Downloads 498334 Towards a Conscious Design in AI by Overcoming Dark Patterns
Authors: Ayse Arslan
Abstract:
One of the important elements underpinning a conscious design is the degree of toxicity in communication. This study explores the mechanisms and strategies for identifying toxic content by avoiding dark patterns. Given the breadth of hate and harassment attacks, this study explores a threat model and taxonomy to assist in reasoning about strategies for detection, prevention, mitigation, and recovery. In addition to identifying some relevant techniques such as nudges, automatic detection, or human-ranking, the study suggests the use of major metrics such as the overhead and friction of solutions on platforms and users or balancing false positives (e.g., incorrectly penalizing legitimate users) against false negatives (e.g., users exposed to hate and harassment) to maintain a conscious design towards fairness.Keywords: AI, ML, algorithms, policy, system design
Procedia PDF Downloads 121333 Implementation of Achterbahn-128 for Images Encryption and Decryption
Authors: Aissa Belmeguenai, Khaled Mansouri
Abstract:
In this work, an efficient implementation of Achterbahn-128 for images encryption and decryption was introduced. The implementation for this simulated project is written by MATLAB.7.5. At first two different original images are used for validate the proposed design. Then our developed program was used to transform the original images data into image digits file. Finally, we used our implemented program to encrypt and decrypt images data. Several tests are done for proving the design performance including visual tests and security analysis; we discuss the security analysis of the proposed image encryption scheme including some important ones like key sensitivity analysis, key space analysis, and statistical attacks.Keywords: Achterbahn-128, stream cipher, image encryption, security analysis
Procedia PDF Downloads 532332 Insider Theft Detection in Organizations Using Keylogger and Machine Learning
Authors: Shamatha Shetty, Sakshi Dhabadi, Prerana M., Indushree B.
Abstract:
About 66% of firms claim that insider attacks are more likely to happen. The frequency of insider incidents has increased by 47% in the last two years. The goal of this work is to prevent dangerous employee behavior by using keyloggers and the Machine Learning (ML) model. Every keystroke that the user enters is recorded by the keylogging program, also known as keystroke logging. Keyloggers are used to stop improper use of the system. This enables us to collect all textual data, save it in a CSV file, and analyze it using an ML algorithm and the VirusTotal API. Many large companies use it to methodically monitor how their employees use computers, the internet, and email. We are utilizing the SVM algorithm and the VirusTotal API to improve overall efficiency and accuracy in identifying specific patterns and words to automate and offer the report for improved monitoring.Keywords: cyber security, machine learning, cyclic process, email notification
Procedia PDF Downloads 57331 A Contribution to Blockchain Privacy
Authors: Malika Yaici, Feriel Lalaoui, Lydia Belhoul
Abstract:
As a new distributed point-to-point (P2P) technology, blockchain has become a very broad field of research, addressing various challenges including privacy preserving as is the case in all other technologies. In this work, a study of the existing solutions to the problems related to private life in general and in blockchains in particular is performed. User anonymity and transaction confidentiality are the two main challenges for the protection of privacy in blockchains. Mixing mechanisms and cryptographic solutions respond to this problem but remain subject to attacks and suffer from shortcomings. Taking into account these imperfections and the synthesis of our study, we present a mixing model without trusted third parties, based on group signatures allowing reinforcing the anonymity of the users, the confidentiality of the transactions, with minimal turnaround time and without mixing costs.Keywords: anonymity, blockchain, mixing coins, privacy
Procedia PDF Downloads 10330 An Analytical Metric and Process for Critical Infrastructure Architecture System Availability Determination in Distributed Computing Environments under Infrastructure Attack
Authors: Vincent Andrew Cappellano
Abstract:
In the early phases of critical infrastructure system design, translating distributed computing requirements to an architecture has risk given the multitude of approaches (e.g., cloud, edge, fog). In many systems, a single requirement for system uptime / availability is used to encompass the system’s intended operations. However, when architected systems may perform to those availability requirements only during normal operations and not during component failure, or during outages caused by adversary attacks on critical infrastructure (e.g., physical, cyber). System designers lack a structured method to evaluate availability requirements against candidate system architectures through deep degradation scenarios (i.e., normal ops all the way down to significant damage of communications or physical nodes). This increases risk of poor selection of a candidate architecture due to the absence of insight into true performance for systems that must operate as a piece of critical infrastructure. This research effort proposes a process to analyze critical infrastructure system availability requirements and a candidate set of systems architectures, producing a metric assessing these architectures over a spectrum of degradations to aid in selecting appropriate resilient architectures. To accomplish this effort, a set of simulation and evaluation efforts are undertaken that will process, in an automated way, a set of sample requirements into a set of potential architectures where system functions and capabilities are distributed across nodes. Nodes and links will have specific characteristics and based on sampled requirements, contribute to the overall system functionality, such that as they are impacted/degraded, the impacted functional availability of a system can be determined. A machine learning reinforcement-based agent will structurally impact the nodes, links, and characteristics (e.g., bandwidth, latency) of a given architecture to provide an assessment of system functional uptime/availability under these scenarios. By varying the intensity of the attack and related aspects, we can create a structured method of evaluating the performance of candidate architectures against each other to create a metric rating its resilience to these attack types/strategies. Through multiple simulation iterations, sufficient data will exist to compare this availability metric, and an architectural recommendation against the baseline requirements, in comparison to existing multi-factor computing architectural selection processes. It is intended that this additional data will create an improvement in the matching of resilient critical infrastructure system requirements to the correct architectures and implementations that will support improved operation during times of system degradation due to failures and infrastructure attacks.Keywords: architecture, resiliency, availability, cyber-attack
Procedia PDF Downloads 108329 A Security Study for Smart Metering Systems
Authors: Musaab Hasan, Farkhund Iqbal, Patrick C. K. Hung, Benjamin C. M. Fung, Laura Rafferty
Abstract:
In modern societies, the smart cities concept raised simultaneously with the projection towards adopting smart devices. A smart grid is an essential part of any smart city as both consumers and power utility companies benefit from the features provided by the power grid. In addition to advanced features presented by smart grids, there may also be a risk when the grids are exposed to malicious acts such as security attacks performed by terrorists. Considering advanced security measures in the design of smart meters could reduce these risks. This paper presents a security study for smart metering systems with a prototype implementation of the user interfaces for future works.Keywords: security design, smart city, smart meter, smart grid, smart metering system
Procedia PDF Downloads 336328 TRNG Based Key Generation for Certificateless Signcryption
Authors: S.Balaji, R.Sujatha, M. Ramakrishnan
Abstract:
Signcryption is a cryptographic primitive that fulfills both the functions of digital signature and public key encryption simultaneously in low cost when compared with the traditional signature-then-encryption approach. In this paper, we propose a novel mouse movement based key generation technique to generate secret keys which is secure against the outer and insider attacks. Tag Key Encapsulation Mechanism (KEM) process is implemented using True Random Number Generator (TRNG) method. This TRNG based key is used for data encryption in the Data Encapsulation Mechanism (DEM). We compare the statistical reports of the proposed system with the previous methods which implements TKEM based on pseudo random number generatorKeywords: pseudo random umber generator, signcryption, true random number generator, node deployment
Procedia PDF Downloads 341327 An Enhanced Digital Forensic Model for Internet of Things Forensic
Authors: Tina Wu, Andrew Martin
Abstract:
The expansion of the Internet of Things (IoT) brings a new level of threat. Attacks on IoT are already being used by criminals to form botnets, launch Distributed Denial of Service (DDoS) and distribute malware. This opens a whole new digital forensic arena to develop forensic methodologies in order to have the capability to investigate IoT related crimes. However, existing proposed IoT forensic models are still premature requiring further improvement and validation, many lack details on the acquisition and analysis phase. This paper proposes an enhanced theoretical IoT digital forensic model focused on identifying and acquiring the main sources of evidence in a methodical way. In addition, this paper presents a theoretical acquisition framework of the different stages required in order to be capable of acquiring evidence from IoT devices.Keywords: acquisition, Internet of Things, model, zoning
Procedia PDF Downloads 271326 UV Resistibility of a Carbon Nanofiber Reinforced Polymer Composite
Authors: A. Evcin, N. Çiçek Bezir, R. Duman, N. Duman
Abstract:
Nowadays, a great concern is placed on the harmfulness of ultraviolet radiation (UVR) which attacks human bodies. Nanocarbon materials, such as carbon nanotubes (CNTs), carbon nanofibers (CNFs) and graphene, have been considered promising alternatives to shielding materials because of their excellent electrical conductivities, very high surface areas and low densities. In the present work, carbon nanofibers have been synthesized from solutions of Polyacrylonitrile (PAN)/ N,N-dimethylformamide (DMF) by electrospinning method. The carbon nanofibers have been stabilized by oxidation at 250 °C for 2 h in air and carbonized at 750 °C for 1 h in H2/N2. We present the fabrication and characterization of transparent and ultraviolet (UV) shielding CNF/polymer composites. The content of CNF filler has been varied from 0.2% to 0.6 % by weight. UV Spectroscopy has been performed to study the effect of composition on the transmittance of polymer composites.Keywords: electrospinning, carbon nanofiber, characterization, composites, nanofiber, ultraviolet radiation
Procedia PDF Downloads 225325 Cryptographic Protocol for Secure Cloud Storage
Authors: Luvisa Kusuma, Panji Yudha Prakasa
Abstract:
Cloud storage, as a subservice of infrastructure as a service (IaaS) in Cloud Computing, is the model of nerworked storage where data can be stored in server. In this paper, we propose a secure cloud storage system consisting of two main components; client as a user who uses the cloud storage service and server who provides the cloud storage service. In this system, we propose the protocol schemes to guarantee against security attacks in the data transmission. The protocols are login protocol, upload data protocol, download protocol, and push data protocol, which implement hybrid cryptographic mechanism based on data encryption before it is sent to the cloud, so cloud storage provider does not know the user's data and cannot analysis user’s data, because there is no correspondence between data and user.Keywords: cloud storage, security, cryptographic protocol, artificial intelligence
Procedia PDF Downloads 357324 Hyperchaos-Based Video Encryption for Device-To-Device Communications
Authors: Samir Benzegane, Said Sadoudi, Mustapha Djeddou
Abstract:
In this paper, we present a software development of video streaming encryption for Device-to-Device (D2D) communications by using Hyperchaos-based Random Number Generator (HRNG) implemented in C#. The software implements and uses the proposed HRNG to generate key stream for encrypting and decrypting real-time video data. The used HRNG consists of Hyperchaos Lorenz system which produces four signal outputs taken as encryption keys. The generated keys are characterized by high quality randomness which is confirmed by passing standard NIST statistical tests. Security analysis of the proposed encryption scheme confirms its robustness against different attacks.Keywords: hyperchaos Lorenz system, hyperchaos-based random number generator, D2D communications, C#
Procedia PDF Downloads 371323 Mutual Authentication for Sensor-to-Sensor Communications in IoT Infrastructure
Authors: Shadi Janbabaei, Hossein Gharaee Garakani, Naser Mohammadzadeh
Abstract:
Internet of things is a new concept that its emergence has caused ubiquity of sensors in human life, so that at any time, all data are collected, processed and transmitted by these sensors. In order to establish a secure connection, the first challenge is authentication between sensors. However, this challenge also requires some features so that the authentication is done properly. Anonymity, untraceability, and being lightweight are among the issues that need to be considered. In this paper, we have evaluated the authentication protocols and have analyzed the security vulnerabilities found in them. Then an improved light weight authentication protocol for sensor-to-sensor communications is presented which uses the hash function and logical operators. The analysis of protocol shows that security requirements have been met and the protocol is resistant against various attacks. In the end, by decreasing the number of computational cost functions, it is argued that the protocol is lighter than before.Keywords: anonymity, authentication, Internet of Things, lightweight, un-traceability
Procedia PDF Downloads 293322 Secure E-Pay System Using Steganography and Visual Cryptography
Authors: K. Suganya Devi, P. Srinivasan, M. P. Vaishnave, G. Arutperumjothi
Abstract:
Today’s internet world is highly prone to various online attacks, of which the most harmful attack is phishing. The attackers host the fake websites which are very similar and look alike. We propose an image based authentication using steganography and visual cryptography to prevent phishing. This paper presents a secure steganographic technique for true color (RGB) images and uses Discrete Cosine Transform to compress the images. The proposed method hides the secret data inside the cover image. The use of visual cryptography is to preserve the privacy of an image by decomposing the original image into two shares. Original image can be identified only when both qualified shares are simultaneously available. Individual share does not reveal the identity of the original image. Thus, the existence of the secret message is hard to be detected by the RS steganalysis.Keywords: image security, random LSB, steganography, visual cryptography
Procedia PDF Downloads 330321 Probabilistic-Based Design of Bridges under Multiple Hazards: Floods and Earthquakes
Authors: Kuo-Wei Liao, Jessica Gitomarsono
Abstract:
Bridge reliability against natural hazards such as floods or earthquakes is an interdisciplinary problem that involves a wide range of knowledge. Moreover, due to the global climate change, engineers have to design a structure against the multi-hazard threats. Currently, few of the practical design guideline has included such concept. The bridge foundation in Taiwan often does not have a uniform width. However, few of the researches have focused on safety evaluation of a bridge with a complex pier. Investigation of the scouring depth under such situation is very important. Thus, this study first focuses on investigating and improving the scour prediction formula for a bridge with complicated foundation via experiments and artificial intelligence. Secondly, a probabilistic design procedure is proposed using the established prediction formula for practical engineers under the multi-hazard attacks.Keywords: bridge, reliability, multi-hazards, scour
Procedia PDF Downloads 374320 Analysis of Cracked Beams with Spalling Having Different Arrangements of the Reinforcement Bars Using Finite Element Analysis (FEA)
Authors: Rishabh Shukla, Achin Agrawal, Anupam Saxena, S. Mandal
Abstract:
The existence of a crack, affects the mechanical behaviour and various properties of a structure to a great degree. This paper focuses on recognizing the parameters that gets changed due to the formation of cracks and have a great impact on the performance of the structure. Spalling is a major concern as it leaves the reinforcement bars more susceptible to environmental attacks. Beams of cross section 300 mm × 500 mm are designed and for a calculated area of steel, two different arrangements of reinforced bars are analysed. Results are prepared for different stages of cracking for each arrangement of rebars. The parameters for both arrangements are then compared. The Finite Element Analysis (FEA) is carried out and changes in the properties like flexural strength, Elasticity and modal frequency are reported. The conclusions have been drawn by comparing the results.Keywords: cracks, elasticity, spalling, FEA
Procedia PDF Downloads 279319 Symmetric Arabic Language Encryption Technique Based on Modified Playfair Algorithm
Authors: Fairouz Beggas
Abstract:
Due to the large number of exchanges in the networks, the security of communications is essential. Most ways of keeping communication secure rely on encryption. In this work, a symmetric encryption technique is offered to encrypt and decrypt simple Arabic scripts based on a multi-level security. A proposed technique uses an idea of Playfair encryption with a larger table size and an additional layer of encryption to ensure more security. The idea of the proposed algorithm aims to generate a dynamic table that depends on a secret key. The same secret key is also used to create other secret keys to over-encrypt the plaintext in three steps. The obtained results show that the proposed algorithm is faster in terms of encryption/decryption speed and can resist to many types of attacks.Keywords: arabic data, encryption, playfair, symmetric algorithm
Procedia PDF Downloads 88318 Benign Recurrent Unilateral Abducens (6th) Nerve Palsy in 14 Months Old Girl: A Case Report
Authors: Khaled Alabduljabbar
Abstract:
Background: Benign, isolated, recurrent sixth nerve palsy is very rare in children. Here we report a case of recurrent abducens nerve palsy with no obvious etiology. It is a diagnosis of exclusion. A recurrent benign form of 6th nerve palsy, a rarer still palsy, has been described in the literature, and it is of most likely secondary to inflammatory causes, e.g, following viral and bacterial infections. Purpose: To present a case of 14 months old girl with recurrent attacks of isolated left sixth cranial nerve palsy following upper respiratory tract infection. Observation: The patient presented to opthalmology clinic with sudden onset of inward deviation (esotropia) of the left eye with a compensatory left face turn one week following signs of upper respiratory tract infection. Ophthalmological examination revealed large angle esotropia of the left eye in primary position, with complete limitation of abduction of the left eye, no palpebral fissure changes, and abnormal position of the head (left face turn). Visual acuity was normal, and no significant refractive error on cycloplegic refraction for her age. Fundus examination was normal with no evidence of papilledema. There was no relative afferent pupillary defect (RAPD) and no anisocoria. Past medical history and family history were unremarkable, with no history of convulsion attacks or head trauma. Additional workout include CBC. Erythrocyte sedimentation rate, Urgent magnetic resonance imaging (MRI), and angiography of the brain were performed and demonstrated the absence of intracranial and orbital lesions. Referral to pediatric neurologist was also done and concluded no significant finding. The patient showed improvement of the left sixth cranial nerve palsy and left face turn over a period of two months. Seven months since the first attack, she experienced a recurrent attack of left eye esotropia with left face turn concurrent with URTI. The rest of eye examination was again unremarkable. CT scan and MRI scan of brain and orbit were performed and showed only signs of sinusitis with no intracranial pathology. The palsy resolved spontaneously within two months. A third episode of left 6th nerve palsy occurred 6 months later, whichrecovered over one month. Examination and neuroimagingwere unremarkable. A diagnosis of benign recurrent left 6th cranial nerve palsy was made. Conclusion: Benign sixth cranial nerve palsy is always a diagnosis of exclusion given the more serious and life-threatening alternative causes. It seems to have a good prognosis with only supportive measures. The likelihood of benign 6th cranial nerve palsy to resolve completely and spontaneously is high. Observation for at least 6 months without intervention is advisable.Keywords: 6th nerve pasy, abducens nerve pasy, recurrent nerve palsy, cranial nerve palsy
Procedia PDF Downloads 89317 Concealed Objects Detection in Visible, Infrared and Terahertz Ranges
Authors: M. Kowalski, M. Kastek, M. Szustakowski
Abstract:
Multispectral screening systems are becoming more popular because of their very interesting properties and applications. One of the most significant applications of multispectral screening systems is prevention of terrorist attacks. There are many kinds of threats and many methods of detection. Visual detection of objects hidden under clothing of a person is one of the most challenging problems of threats detection. There are various solutions of the problem; however, the most effective utilize multispectral surveillance imagers. The development of imaging devices and exploration of new spectral bands is a chance to introduce new equipment for assuring public safety. We investigate the possibility of long lasting detection of potentially dangerous objects covered with various types of clothing. In the article we present the results of comparative studies of passive imaging in three spectrums – visible, infrared and terahertzKeywords: terahertz, infrared, object detection, screening camera, image processing
Procedia PDF Downloads 357316 Ethereum Based Smart Contracts for Trade and Finance
Authors: Rishabh Garg
Abstract:
Traditionally, business parties build trust with a centralized operating mechanism, such as payment by letter of credit. However, the increase in cyber-attacks and malicious hacking has jeopardized business operations and finance practices. Emerging markets, owing to their higher banking risks and bigger presence of digital financing, are looking forward to technology-driven solutions, financial inclusion and innovative working paradigms. Blockchain has the potential to enhance transaction transparency and supply chain traceability. It has captured a vast landscape with 200 million crypto users worldwide. Fintech and blockchain products are popping up across brokerage, digital wallets, exchanges, post-trade clearance, settlement, middleware, infrastructure, and base protocols.Keywords: blockchain, distributed ledger technology, decentralized applications, ethereum, smart contracts, trade finance
Procedia PDF Downloads 153315 Computational Fluid Dynamics Analysis of an RC Airplane Wing Using a NACA 2412 Profile at Different Angle of Attacks
Authors: Huseyin Gokberk, Shian Gao
Abstract:
CFD analysis of the relationship between the coefficients of lift and drag with respect to the angle of attack on a NACA 2412 wing section of an RC plane is conducted. Both the 2D and 3D models are investigated with the turbulence model. The 2D analysis has a free stream velocity of 10m/s at different AoA of 0°, 2°, 5°, 10°, 12°, and 15°. The induced drag and drag coefficient increased throughout the changes in angles even after the critical angle had been exceeded, whereas the lift force and coefficient of lift increased but had a limit at the critical stall angle, which results in values to reduce sharply. Turbulence flow characteristics are analysed around the aerofoil with the additions caused due to a finite 3D model. 3D results highlight how wing tip vortexes develop and alter the flow around the wing with the effects of the tapered configuration.Keywords: CFD, turbulence modelling, aerofoil, angle of attack
Procedia PDF Downloads 225314 Survey on Securing the Optimized Link State Routing (OLSR) Protocol in Mobile Ad-hoc Network
Authors: Kimaya Subhash Gaikwad, S. B. Waykar
Abstract:
The mobile ad-hoc network (MANET) is collection of various types of nodes. In MANET various protocols are used for communication. In OLSR protocol, a node is selected as multipoint relay (MPR) node which broadcast the messages. As the MANET is open kind of network any malicious node can easily enter into the network and affect the performance of the network. The performance of network mainly depends on the components which are taking part into the communication. If the proper nodes are not selected for the communication then the probability of network being attacked is more. Therefore, it is important to select the more reliable and secure components in the network. MANET does not have any filtering so that only selected nodes can be used for communication. The openness of the MANET makes it easier to attack the communication. The most of the attack are on the Quality of service (QoS) of the network. This paper gives the overview of the various attacks that are possible on OLSR protocol and some solutions. The papers focus mainly on the OLSR protocol.Keywords: communication, MANET, OLSR, QoS
Procedia PDF Downloads 450313 The Role of Social Media in the Rise of Islamic State in India: An Analytical Overview
Authors: Yasmeen Cheema, Parvinder Singh
Abstract:
The evolution of Islamic State (acronym IS) has an ultimate goal of restoring the caliphate. IS threat to the global security is main concern of international community but has also raised a factual concern for India about the regular radicalization of IS ideology among Indian youth. The incident of joining Arif Ejaz Majeed, an Indian as ‘jihadist’ in IS has set strident alarm in law & enforcement agencies. On 07.03.2017, many people were injured in an Improvised Explosive Device (IED) blast on-board of Bhopal Ujjain Express. One perpetrator of this incident was killed in encounter with police. But, the biggest shock is that the conspiracy was pre-planned and the assailants who carried out the blast were influenced by the ideology perpetrated by the Islamic State. This is the first time name of IS has cropped up in a terror attack in India. It is a red indicator of violent presence of IS in India, which is spreading through social media. The IS have the capacity to influence the younger Muslim generation in India through its brutal and aggressive propaganda videos, social media apps and hatred speeches. It is a well known fact that India is on the radar of IS, as well on its ‘Caliphate Map’. IS uses Twitter, Facebook and other social media platforms constantly. Islamic State has used enticing videos, graphics, and articles on social media and try to influence persons from India & globally that their jihad is worthy. According to arrested perpetrator of IS in different cases in India, the most of Indian youths are victims to the daydreams which are fondly shown by IS. The dreams that the Muslim empire as it was before 1920 can come back with all its power and also that the Caliph and its caliphate can be re-established are shown by the IS. Indian Muslim Youth gets attracted towards these euphemistic ideologies. Islamic State has used social media for disseminating its poisonous ideology, recruitment, operational activities and for future direction of attacks. IS through social media inspired its recruits & lone wolfs to continue to rely on local networks to identify targets and access weaponry and explosives. Recently, a pro-IS media group on its Telegram platform shows Taj Mahal as the target and suggested mode of attack as a Vehicle Born Improvised Explosive Attack (VBIED). Islamic State definitely has the potential to destroy the Indian national security & peace, if timely steps are not taken. No doubt, IS has used social media as a critical mechanism for recruitment, planning and executing of terror attacks. This paper will therefore examine the specific characteristics of social media that have made it such a successful weapon for Islamic State. The rise of IS in India should be viewed as a national crisis and handled at the central level with efficient use of modern technology.Keywords: ideology, India, Islamic State, national security, recruitment, social media, terror attack
Procedia PDF Downloads 230312 A Survey on Smart Security Mechanism Using Graphical Passwords
Authors: Aboli Dhanavade, Shweta Bhimnath, Rutuja Jumale, Ajay Nadargi
Abstract:
Security to any of our personal thing is our most basic need. It is not possible to directly apply that standard Human-computer—interaction approaches. Important usability goal for authentication system is to support users in selecting best passwords. Users often select text-passwords that are easy to remember, but they are more open for attackers to guess. The human brain is good in remembering pictures rather than textual characters. So the best alternative is being designed that is Graphical passwords. However, Graphical passwords are still immature. Conventional password schemes are also vulnerable to Shoulder-surfing attacks, many shoulder-surfing resistant graphical passwords schemes have been proposed. Next, we have analyzed the security and usability of the proposed scheme, and show the resistance of the proposed scheme to shoulder-surfing and different accidental logins.Keywords: shoulder-surfing, security, authentication, text-passwords
Procedia PDF Downloads 362311 A Survey on Genetic Algorithm for Intrusion Detection System
Authors: Prikhil Agrawal, N. Priyanka
Abstract:
With the increase of millions of users on Internet day by day, it is very essential to maintain highly reliable and secured data communication between various corporations. Although there are various traditional security imparting techniques such as antivirus software, password protection, data encryption, biometrics and firewall etc. But still network security has become the main issue in various leading companies. So IDSs have become an essential component in terms of security, as it can detect various network attacks and respond quickly to such occurrences. IDSs are used to detect unauthorized access to a computer system. This paper describes various intrusion detection techniques using GA approach. The intrusion detection problem has become a challenging task due to the conception of miscellaneous computer networks under various vulnerabilities. Thus the damage caused to various organizations by malicious intrusions can be mitigated and even be deterred by using this powerful tool.Keywords: genetic algorithm (GA), intrusion detection system (IDS), dataset, network security
Procedia PDF Downloads 297310 Evaluation of Toxicity of Some Fungicides Against the Pathogen Fusarium sp.
Authors: M. Djekoun, H. Berrebah, M. R. Djebar
Abstract:
Fusarium wilt attacks the plants of major economic interest including wheat. This disease causes many problems for farmers and economic loss resulting are often very heavy. Chemical control is currently one of the most effective ways to fight against these diseases. In this study, the efficacy of three fungicides (tebuconazole, thiram and fludioxonil - difenoconazole mixture) was tested, in vitro, on the phytopathogenic Fusarium sp. isolated from seeds of wheat. The active ingredients were tested at different concentrations: 0.06, 1.39, 2.79, 5.58, and 11.16 mg/l for tebuconazole, 0.035, 0.052, 0.105, 0.21, and 0.42 mg/l for thiram and finally, for the mixture fludioxonil- difenoconazole 4 concentrations were tested : 0.05, 0.1, 0.5, and 1 mg/l. Toxicity responses were expressed as the effective concentration, which inhibits mycelial growth by 50%, (EC50). Of the three selected fungicides, thirame proved to be the most effective with EC50 value of the order of 0,15 mg/l followed by the mixture of fludioxonil- difenoconazole with 0,27 mg/l and finally tebuconazole with a value of 3.79 mg/l.Keywords: Fusarium sp, thiram, tebuconazole, fludioxonil, difenoconazole, EC50
Procedia PDF Downloads 544309 Software Quality Assurance in Network Security using Cryptographic Techniques
Authors: Sidra Shabbir, Ayesha Manzoor, Mehreen Sirshar
Abstract:
The use of the network communication has imposed serious threats to the security of assets over the network. Network security is getting more prone to active and passive attacks which may result in serious consequences to data integrity, confidentiality and availability. Various cryptographic techniques have been proposed in the past few years to combat with the concerned problem by ensuring quality but in order to have a fully secured network; a framework of new cryptosystem was needed. This paper discusses certain cryptographic techniques which have shown far better improvement in the network security with enhanced quality assurance. The scope of this research paper is to cover the security pitfalls in the current systems and their possible solutions based on the new cryptosystems. The development of new cryptosystem framework has paved a new way to the widespread network communications with enhanced quality in network security.Keywords: cryptography, network security, encryption, decryption, integrity, confidentiality, security algorithms, elliptic curve cryptography
Procedia PDF Downloads 733308 Evaluation of Gesture-Based Password: User Behavioral Features Using Machine Learning Algorithms
Authors: Lakshmidevi Sreeramareddy, Komalpreet Kaur, Nane Pothier
Abstract:
Graphical-based passwords have existed for decades. Their major advantage is that they are easier to remember than an alphanumeric password. However, their disadvantage (especially recognition-based passwords) is the smaller password space, making them more vulnerable to brute force attacks. Graphical passwords are also highly susceptible to the shoulder-surfing effect. The gesture-based password method that we developed is a grid-free, template-free method. In this study, we evaluated the gesture-based passwords for usability and vulnerability. The results of the study are significant. We developed a gesture-based password application for data collection. Two modes of data collection were used: Creation mode and Replication mode. In creation mode (Session 1), users were asked to create six different passwords and reenter each password five times. In replication mode, users saw a password image created by some other user for a fixed duration of time. Three different duration timers, such as 5 seconds (Session 2), 10 seconds (Session 3), and 15 seconds (Session 4), were used to mimic the shoulder-surfing attack. After the timer expired, the password image was removed, and users were asked to replicate the password. There were 74, 57, 50, and 44 users participated in Session 1, Session 2, Session 3, and Session 4 respectfully. In this study, the machine learning algorithms have been applied to determine whether the person is a genuine user or an imposter based on the password entered. Five different machine learning algorithms were deployed to compare the performance in user authentication: namely, Decision Trees, Linear Discriminant Analysis, Naive Bayes Classifier, Support Vector Machines (SVMs) with Gaussian Radial Basis Kernel function, and K-Nearest Neighbor. Gesture-based password features vary from one entry to the next. It is difficult to distinguish between a creator and an intruder for authentication. For each password entered by the user, four features were extracted: password score, password length, password speed, and password size. All four features were normalized before being fed to a classifier. Three different classifiers were trained using data from all four sessions. Classifiers A, B, and C were trained and tested using data from the password creation session and the password replication with a timer of 5 seconds, 10 seconds, and 15 seconds, respectively. The classification accuracies for Classifier A using five ML algorithms are 72.5%, 71.3%, 71.9%, 74.4%, and 72.9%, respectively. The classification accuracies for Classifier B using five ML algorithms are 69.7%, 67.9%, 70.2%, 73.8%, and 71.2%, respectively. The classification accuracies for Classifier C using five ML algorithms are 68.1%, 64.9%, 68.4%, 71.5%, and 69.8%, respectively. SVMs with Gaussian Radial Basis Kernel outperform other ML algorithms for gesture-based password authentication. Results confirm that the shorter the duration of the shoulder-surfing attack, the higher the authentication accuracy. In conclusion, behavioral features extracted from the gesture-based passwords lead to less vulnerable user authentication.Keywords: authentication, gesture-based passwords, machine learning algorithms, shoulder-surfing attacks, usability
Procedia PDF Downloads 107307 CybeRisk Management in Banks: An Italian Case Study
Authors: E. Cenderelli, E. Bruno, G. Iacoviello, A. Lazzini
Abstract:
The financial sector is exposed to the risk of cyber-attacks like any other industrial sector. Furthermore, the topic of CybeRisk (cyber risk) has become particularly relevant given that Information Technology (IT) attacks have increased drastically in recent years, and cannot be stopped by single organizations requiring a response at international and national level. IT risk is never a matter purely for the IT manager, although he clearly plays a key role. A bank's risk management function requires a thorough understanding of the evolving risks as well as the tools and practical techniques available to address them. Upon the request of European and national legislation regarding CybeRisk in the financial system, banks are therefore called upon to strengthen the operational model for CybeRisk management. This will require an important change with a more intense collaboration with the structures that deal with information security for the development of an ad hoc system for the evaluation and control of this type of risk. The aim of the work is to propose a framework for the management and control of CybeRisk that will bridge the gap in the literature regarding the understanding and consideration of CybeRisk as an integral part of business management. The IT function has a strong relevance in the management of CybeRisk, which is perceived mainly as operational risk, but with a positive tendency on the part of risk management to the identification of CybeRisk assessment methods that are increasingly complete, quantitative and able to better describe the possible impacts on the business. The paper provides answers to the research questions: Is it possible to define a CybeRisk governance structure able to support the comparison between risk and security? How can the relationships between IT assets be integrated into a cyberisk assessment framework to guarantee a system of protection and risks control? From a methodological point of view, this research uses a case study approach. The choice of “Monte dei Paschi di Siena” was determined by the specific features of one of Italy’s biggest lenders. It is chosen to use an intensive research strategy: an in-depth study of reality. The case study methodology is an empirical approach to explore a complex and current phenomenon that develops over time. The use of cases has also the advantage of allowing the deepening of aspects concerning the "how" and "why" of contemporary events, on which the scholar has little control. The research bases on quantitative data and qualitative information obtained through semi-structured interviews of an open-ended nature and questionnaires to directors, members of the audit committee, risk, IT and compliance managers, and those responsible for internal audit function and anti-money laundering. The added value of the paper can be seen in the development of a framework based on a mapping of IT assets from which it is possible to identify their relationships for purposes of a more effective management and control of cyber risk.Keywords: bank, CybeRisk, information technology, risk management
Procedia PDF Downloads 232306 Black-Box-Base Generic Perturbation Generation Method under Salient Graphs
Authors: Dingyang Hu, Dan Liu
Abstract:
DNN (Deep Neural Network) deep learning models are widely used in classification, prediction, and other task scenarios. To address the difficulties of generic adversarial perturbation generation for deep learning models under black-box conditions, a generic adversarial ingestion generation method based on a saliency map (CJsp) is proposed to obtain salient image regions by counting the factors that influence the input features of an image on the output results. This method can be understood as a saliency map attack algorithm to obtain false classification results by reducing the weights of salient feature points. Experiments also demonstrate that this method can obtain a high success rate of migration attacks and is a batch adversarial sample generation method.Keywords: adversarial sample, gradient, probability, black box
Procedia PDF Downloads 104