Search results for: Cyber Attacks

Authors: Jeyaseelan Maria Michael

Abstract:

This study investigated the prevalence of cyberbullying among college female students and its effects on their psychological well-being. The respondents were from the age group of 17 and 18, doing the first-year college in Tamilnadu, India. In this study, 110 participants were selected through simple random sampling. The standardized questionnaire of David Alvare-Garcia’s Cybervictimization Questionnaire for Adolescents (CYVIC) and Ryff’s Psychological Well-Being (PWB) were administered for data collection. CYVIC has four subdomains namely, impersonation, visual-sexual cybervictimization, written-verbal cybervictimization, online exclusion. Ryff’s PWB has six domains namely, autonomy, environmental mastery, personal growth, positive relations with others, purpose in life, and self- acceptance. The collected data were analyzed by SPSS v.23. The results indicate that cyberbullying prevails among college female students (M=1.24, SD= .21). Among the participants, 17 are scored one standard deviation above the mean (1.45). Among the subdomains of the CYVIC, the respondents have the highest score (M=1.40, SD= .38) in written-verbal cybervictimization. Cyber victimization has a significant correlation at the 0.01 level with psychological well-being.

Keywords: college students, cyberbullying, cyber victimization, psychological well-being

Procedia PDF Downloads 114

Authors: Behrooz Daneshmand

Abstract:

Software Defined Networking (SDN) is designed to meet the future needs of 5G mobile networks. The SDN architecture offers a new solution that involves separating the control plane from the data plane, which is usually paired together. Network functions traditionally performed on specific hardware can now be abstracted and virtualized on any device, and a centralized software-based administration approach is based on a central controller, facilitating the development of modern applications and services. These plan standards clear the way for a more adaptable, speedier, and more energetic network beneath computer program control compared with a conventional network. We accept SDN gives modern inquire about openings to security, and it can significantly affect network security research in numerous diverse ways. Subsequently, the SDN architecture engages systems to effectively screen activity and analyze threats to facilitate security approach modification and security benefit insertion. The segregation of the data planes and control and, be that as it may, opens security challenges, such as man-in-the-middle attacks (MIMA), denial of service (DoS) attacks, and immersion attacks. In this paper, we analyze security threats to each layer of SDN - application layer - southbound interfaces/northbound interfaces - controller layer and data layer. From a security point of see, the components that make up the SDN architecture have a few vulnerabilities, which may be abused by aggressors to perform noxious activities and hence influence the network and its administrations. Software-defined network assaults are shockingly a reality these days. In a nutshell, this paper highlights architectural weaknesses and develops attack vectors at each layer, which leads to conclusions about further progress in identifying the consequences of attacks and proposing mitigation strategies.

Keywords: software-defined networking, security, SDN, 5G/IMT-2020

Procedia PDF Downloads 83

Authors: Madhuka G. P. D. Udantha, Gihan V. Dias, Surangika Ranathunga

Abstract:

Today Websites contain very interesting applications. But there are only few methodologies to analyze User navigations through the Websites and formulating if the Website is put to correct use. The web logs are only used if some major attack or malfunctioning occurs. Web Logs contain lot interesting dealings on users in the system. Analyzing web logs has become a challenge due to the huge log volume. Finding interesting patterns is not as easy as it is due to size, distribution and importance of minor details of each log. Web logs contain very important data of user and site which are not been put to good use. Retrieving interesting information from logs gives an idea of what the users need, group users according to their various needs and improve site to build an effective and efficient site. The model we built is able to detect attacks or malfunctioning of the system and anomaly detection. Logs will be more complex as volume of traffic and the size and complexity of web site grows. Unsupervised techniques are used in this solution which is fully automated. Expert knowledge is only used in validation. In our approach first clean and purify the logs to bring them to a common platform with a standard format and structure. After cleaning module web session builder is executed. It outputs two files, Web Sessions file and Indexed URLs file. The Indexed URLs file contains the list of URLs accessed and their indices. Web Sessions file lists down the indices of each web session. Then DBSCAN and EM Algorithms are used iteratively and recursively to get the best clustering results of the web sessions. Using homogeneity, completeness, V-measure, intra and inter cluster distance and silhouette coefficient as parameters these algorithms self-evaluate themselves to input better parametric values to run the algorithms. If a cluster is found to be too large then micro-clustering is used. Using Cluster Signature Module the clusters are annotated with a unique signature called finger-print. In this module each cluster is fed to Associative Rule Learning Module. If it outputs confidence and support as value 1 for an access sequence it would be a potential signature for the cluster. Then the access sequence occurrences are checked in other clusters. If it is found to be unique for the cluster considered then the cluster is annotated with the signature. These signatures are used in anomaly detection, prevent cyber attacks, real-time dashboards that visualize users, accessing web pages, predict actions of users and various other applications in Finance, University Websites, News and Media Websites etc.

Keywords: anomaly detection, clustering, pattern recognition, web sessions

Procedia PDF Downloads 274

Authors: Basel Halak, Christian Hall, Syed Abdul Father, Nelson Chow Wai Kit, Ruwaydah Widaad Raymode

Abstract:

The attack surface on computing devices is becoming very sophisticated, driven by the sheer increase of interconnected devices, reaching 50B in 2025, which makes it easier for adversaries to have direct access and perform well-known physical attacks. The impact of increased security vulnerability of electronic systems is exacerbated for devices that are part of the critical infrastructure or those used in military applications, where the likelihood of being targeted is very high. This continuously evolving landscape of security threats calls for a new generation of defense methods that are equally effective and adaptive. This paper proposes an intelligent defense mechanism to protect from physical tampering, it consists of a tamper detection system enhanced with machine learning capabilities, which allows it to recognize normal operating conditions, classify known physical attacks and identify new types of malicious behaviors. A prototype of the proposed system has been implemented, and its functionality has been successfully verified for two types of normal operating conditions and further four forms of physical attacks. In addition, a systematic threat modeling analysis and security validation was carried out, which indicated the proposed solution provides better protection against including information leakage, loss of data, and disruption of operation.

Keywords: anti-tamper, hardware, machine learning, physical security, embedded devices, ioT

Procedia PDF Downloads 136

Authors: Desislav Andreev, Veselin Stanev

Abstract:

Linux operating system continues to gain popularity with every passed year. This is due to its open-source license and a great number of distributions, covering users’ needs. At first glance it seems that Linux can be integrated in every type of systems – it is already present in personal computers, smartphones and even in some embedded systems like Raspberry Pi. However, Linux still does not meet the performance and security requirements to run effectively on a real-time system. Real-time systems are very time-restricted – their processes have to execute and finish at strict time intervals. The Completely Fair Scheduler present in Linux does not have such scheduling capabilities and it is not able to ensure that critical-time processes will execute on time. One of the ways to solve this problem is implementing an Adaptive Partition Scheduler solution similar to that present in QNX Neutrino operating system. This type of scheduling divides the CPU in multiple adaptive partitions where each partition holds a percentage of CPU usage called budget, which allows optimal usage of the CPU resources and also provides protection against cyber attacks such as Denial of Service. This approach will also benefit systems, where functional safety is highly demanded, such as the instrumental clusters in the Automotive industry. The purpose of this paper is to present a concept of Adaptive Partition Scheduler designed for Linux-based operating systems.

Keywords: adaptive partitions, Linux kernel modules, real-time systems, scheduling

Procedia PDF Downloads 85

Authors: Umar Mujahid, Greatzel Unabia, Hongsik Choi, Binh Tran

Abstract:

Radio Frequency Identification (RFID) is one of the most commonly used technologies in IoTs and Wireless Sensor Networks which makes the devices identification and tracking extremely easy to manage. Since RFID uses wireless channel for communication, which is open for all types of adversaries, researchers have proposed many Ultralightweight Mutual Authentication Protocols (UMAPs) to ensure security and privacy in a cost-effective manner. These UMAPs involve simple bitwise logical operators such as XOR, AND, OR & Rot, etc., to design the protocol messages. However, most of these UMAPs were later reported to be vulnerable against many malicious attacks. In this paper, we have presented a detailed overview of some eminent UMAPs and also discussed the many security attacks on them. Finally, some recommendations and suggestions have been discussed, which can improve the design of the UMAPs.

Keywords: RFID, Ultralightweight, UMAP, SASI

Procedia PDF Downloads 134

Authors: Ebrahim Alrashed

Abstract:

Wireless sensor networks are vulnerable to attacks from adversaries attempting to disrupt their operations. Sink-hole attacks are a type of attack where an adversary node drops data forwarded through it and hence affecting the reliability and accuracy of the network. Since sensor nodes have limited battery power, it is essential that any solution to the sinkhole attack problem be very energy-aware. In this paper, we present a reliable and energy efficient scheme to forward data from source nodes to the base station while under sink-hole attack. The scheme also detects sink-hole attack nodes and avoid paths that includes them.

Keywords: energy-aware routing, reliability, sink-hole attack, WSN

Procedia PDF Downloads 379

Authors: Daniel Alati

Abstract:

Recent high-profile terrorist events in Canada, the United Kingdom and Europe – the London Bridge attacks, the terrorist attacks in Nice, France and Barcelona, Spain, the 2014 Ottawa Parliament attacks and the 2017 attacks in Edmonton – have all raised levels of public and academic concern with so-called “lone-wolf” and “radicalized” terrorism. Similarly, several countries outside of the “Western” world have been dealing with radicalization to violent extremism for several years. Many South East Asian countries, including Indonesia, Malaysia, Singapore and the Philippines have all had experience with what might be described as ISIS or extremist-inspired acts of terrorism. Indeed, it appears the greatest strength of groups such as ISIS has been their ability to spread a global message of violent extremism that has led to radicalization in markedly different jurisdictions throughout the world. These markedly different jurisdictions have responded with counter-radicalization strategies that warrant further comparative analysis. This paper utilizes an inter-disciplinary legal methodology. In doing so, it compares legal, political, cultural and historical aspects of the counter-radicalization strategies employed by Canada, the United Kingdom and several South East Asian countries (Indonesia, Malaysia, Singapore and the Philippines). Whilst acknowledging significant legal and political differences between these jurisdictions, the paper engages in these analyses with an eye towards understanding which best practices might be shared between the jurisdictions. In doing so, it presents valuable findings of a comparative nature that are useful to both academic and practitioner audiences in several jurisdictions.

Keywords: Canada, United Kingdom and South East Asia, comparative law and politics, radicalization to violent extremism, terrorism

Procedia PDF Downloads 328

Authors: Niyi Adegoke, Saanumi Jimmy Omolou

Abstract:

The prevalence rate of youth involving in cybercrime is alarming, which calls for concern among the government, parents, NGO and religious bodies, hence this paper aims at examining youth involvement in cybercrime in Nigeria. Achievement motivation theory was used to explain the activities of cyber-criminals in Nigerian society. A descriptive survey method was adopted for the study. The sample for the study was one hundred and fifty (150) respondents randomly selected from the population of the study. A questionnaire was used to gather information and data from the respondents. Data collected through the questionnaire were analyzed using percentage tool for the respondents’ bio-data while chi-square was employed to test the hypotheses. Findings from the study have revealed that parental negligence, unemployment, peer influence, and quest for materialism were responsible for cyber-crimes in Nigeria. The study concludes with the following recommendations among which are: creating employment opportunities for the youths and ensure good governance and accountability among other things will go a long way to solve the problem of cybercrime in our society.

Keywords: cybercrime, youth, Nigeria, unemployment, information communication technology

Procedia PDF Downloads 203

Authors: Angsumalin Puntho

Abstract:

Disruptive technology has had a great influence on our everyday lives and the existence of an organization. Geologists in the public sector need to keep up with digital technology and be able to work and collaborate in a more effective manner. The result from SWOT and 7S McKinsey analyses suggest that there are inadequate IT personnel, no individual digital literacy development plan, and a misunderstanding of management policies. The Office of Civil Service Commission develops digital literacy skills that civil servants and government officers should possess in order to work effectively; it consists of nine dimensions, including computer skills, internet skills, cyber security awareness, word processing, spreadsheets, presentation programs, online collaboration, graphics editors and cyber security practices; and six steps of digital literacy development including self-assessment, individual development plan, self-learning, certified test, learning reflection, and practices. Geologists can use digital literacy as a learning tool to develop themselves for better career opportunities.

Keywords: disruptive technology, digital technology, digital literacy, computer skills

Procedia PDF Downloads 96

Authors: Nicole Bandow, Peter Emmermacher, Oliver Wienert, Steffen Masik, Kerstin Witte

Abstract:

Karate-kumite is a fast sport where a good perception and anticipation of movements is needed in order to respond appropriately. Perception and anticipation are therefore essential for an efficient and precise movement control and a limiting factor in karate kumite. Previous studies only used 2D video technologies combined with the occlusion technique to study anticipation in sports. These studies showed limitations in the usage of 2D video footage in regards to realism and the presentation of depth information. To overcome these issues a virtual 3D environment was developed to create a similar to real life environment. The aim of this study was to compare the differences in responses of intermediate and expert karate athletes towards temporally and spatially occluded virtual karate attacks from two attackers. Five male expert and five intermediate karate athletes responded physically to nine (3 temporal combined with 3 spatial) occluded attacks of the Gyaku-Zuki of each attacker in the 3D virtual environment. The responses were evaluated in regards to correct point of time and appropriate response technique. Significant differences between the expertises’ responses for the attackers were found. Experts respond more often correct to early information of attacks than novices.

Keywords: anticipation, karate, occlusion, virtual reality

Procedia PDF Downloads 456

Authors: Yohannes Haile, Dipo Onipede, Jr., Omar Ashour

Abstract:

The main thrust of our research is to determine Industry 4.0 readiness of small and mid-size manufacturing companies in our region and assist them to implement Cyber Physical Production System (CPPS) capabilities. Adopting CPPS capabilities will help organizations realize improved quality, order delivery, throughput, new value creation, and reduced idle time of machines and work centers of their manufacturing operations. The key metrics for the assessment include the level of intelligence, internal and external connections, responsiveness to internal and external environmental changes, capabilities for customization of products with reference to cost, level of additive manufacturing, automation, and robotics integration, and capabilities to manufacture hybrid products in the near term, where near term is defined as 0 to 18 months. In our initial evaluation of several manufacturing firms which are profitable and successful in what they do, we found low level of Physical-Digital-Physical (PDP) loop in their manufacturing operations, whereas 100% of the firms included in this research have specialized manufacturing core competencies that have differentiated them from their competitors. The level of automation and robotics integration is low to medium range, where low is defined as less than 30%, and medium is defined as 30 to 70% of manufacturing operation to include automation and robotics. However, there is a significant drive to include these capabilities at the present time. As it pertains to intelligence and connection of manufacturing systems, it is observed to be low with significant variance in tying manufacturing operations management to Enterprise Resource Planning (ERP). Furthermore, it is observed that the integration of additive manufacturing in general, 3D printing, in particular, to be low, but with significant upside of integrating it in their manufacturing operations in the near future. To hasten the readiness of the local and regional manufacturing companies to Industry 4.0 and transitions towards CPPS capabilities, our working group (ADMAR Working Group) in partnership with our university have been engaged with the local and regional manufacturing companies. The goal is to increase awareness, share know-how and capabilities, initiate joint projects, and investigate the possibility of establishing the Center for Cyber Physical Production Systems Innovation (C2P2SI). The center is intended to support the local and regional university-industry research of implementing intelligent factories, enhance new value creation through disruptive innovations, the development of hybrid and data enhanced products, and the creation of digital manufacturing enterprises. All these efforts will enhance local and regional economic development and educate students that have well developed knowledge and applications of cyber physical manufacturing systems and Industry 4.0.

Keywords: automation, cyber-physical production system, digital manufacturing enterprises, disruptive innovation, new value creation, physical-digital-physical loop

Procedia PDF Downloads 120

Authors: V. Reyes, P. Ferreira

Abstract:

In response to high levels of competitiveness, industrial systems have evolved to improve productivity. As a consequence, a rapid increase in volume production and simultaneously, a customization process require lower costs, more variety, and accurate quality of products. Reducing time-cycle production, enabling customizability, and ensure continuous quality improvement are key features in advance intelligent industry. In this scenario, customers and producers will be able to participate in the ongoing production life cycle through real-time interaction. To achieve this vision, transparency, predictability, and adaptability are key features that provide the industrial systems the capability to adapt to customer demands modifying the manufacturing process through an autonomous response and acting preventively to avoid errors. The industrial system incorporates a diversified number of components that in advanced industry are expected to be decentralized, end to end communicating, and with the capability to make own decisions through feedback. The evolving process towards advanced intelligent industry defines a set of stages to empower components of intelligence and enhancing efficiency to achieve the decision-making stage. The integrated system follows an industrial cyber-physical system (CPS) architecture whose real-time integration, based on a set of enabler technologies, links the physical and virtual world generating the digital twin (DT). This instance allows incorporating sensor data from real to virtual world and the required transparency for real-time monitoring and control, contributing to address important features of the advanced intelligent industry and simultaneously improve sustainability. Assuming the industrial CPS as the core technology toward the latest advanced intelligent industry stage, this paper reviews and highlights the correlation and contributions of the enabler technologies for the operationalization of each stage in the path toward advanced intelligent industry. From this research, a real-time integration architecture for a cyber-physical system with applications to collaborative robotics is proposed. The required functionalities and issues to endow the industrial system of adaptability are identified.

Keywords: cyber-physical systems, digital twin, sensor data, system integration, virtual model

Procedia PDF Downloads 103

Authors: Kianoosh Samimi, Farhad Estakhr, Mahdi Mahdikhani, Faramaz Moodi

Abstract:

Due to their fluidity and simplicity of use, self-compacting concretes (SCCs) have undeniable advantages. In recent years, the role of metakaolin as a one of pozzolanic materials in concrete has been considered by researchers. It can modify various properties of concrete, due to high pozzolanic reactions and also makes a denser microstructure. The objective of this paper is to examine the influence of three type of Portland cement and metakaolin on fresh state, compressive strength and sulfuric acid attacks in self- consolidating concrete at early age up to 90 days of curing in lime water. Six concrete mixtures were prepared with three types of different cement as Portland cement type II, Portland Slag Cement (PSC), Pozzolanic Portland Cement (PPC) and 15% substitution of metakaolin by every cement. The results show that the metakaolin admixture increases the viscosity and the demand amount of superplasticizer. According to the compressive strength results, the highest value of compressive strength was achieved for PSC and without any metakaolin at age of 90 days. Conversely, the lowest level of compressive strength at all ages of conservation was obtained for PPC and containing 15% metakaolin. According to this study, the total substitution of PSC and PPC by Portland cement type II is beneficial to the increasing in the chemical resistance of the SCC with respect to the sulfuric acid attack. On the other hand, this increase is more noticeable by the use of 15% of metakaolin. Therefore, it can be concluded that metakaolin has a positive effect on the chemical resistance of SCC containing of Portland cement type II, PSC, and PPC.

Keywords: SCC, metakaolin, cement type, durability, compressive strength, sulfuric acid attacks

Procedia PDF Downloads 175

Authors: G. Usha, S. Kannimuthu, K. Mahalakshmi

Abstract:

Mobile Adhoc Network (MANET) is one of the most promising technologies that have applications ranging from various portable devices to military networks. MANET has no fixed infrastructure and the security of such network is a big concern. Therefore, in order to operate MANET’s securely, the misbehavior and intrusions should be detected before the attackers affect the network communication. In this article, we make a comprehensive survey against black hole attack that is a serious threat against MANET that exploits the routing behavior of the MANET. We have given broad survey solutions that detect black hole attacks in MANET. This is achieved by analyzing the techniques involved in detecting the attacks in each scheme. Furthermore, we examine about the challenges to the researchers for constructing an in-depth solution against black hole attack.

Keywords: AODV, cross layer security, mobile Adhoc network (MANET), packet delivery ratio, single layer security

Procedia PDF Downloads 391

Authors: Damola O. Lawal, David W. Gresty, Diane E. Gan, Louise Hewitt

Abstract:

This paper investigates the feasibility of using a programmable USB such as the O.MG Cable to perform a file tampering attack. Here, the O.MG Cable, an apparently harmless mobile device charger, is used in an unauthorized way to alter the content of a file (accounts record-January_Contributions.xlsx). The aim is to determine if a forensics analyst can reliably determine who has altered the target file; the O.MG Cable or the user of the machine. This work highlights some of the traces of the O.MG Cable left behind on the target computer itself, such as the Product ID (PID) and Vendor ID (ID). Also discussed is the O.MG Cable’s behavior during the experiments. We determine if a forensics analyst could identify if any evidence has been left behind by the programmable device on the target file once it has been removed from the computer to establish if the analyst would be able to link the traces left by the O.MG Cable to the file tampering. It was discovered that the forensic analyst might mistake the actions of the O.MG Cable for the computer users. Experiments carried out in this work could further the discussion as to whether an innocent user could be punished for the unauthorized changes made by a programmable device.

Keywords: O.MG cable, programmable USB, file tampering attack, digital evidence credibility, miscarriage of justice, cyber fraud

Procedia PDF Downloads 140

Authors: Sai Rajeev Reddy, Ishita Roy, M. Anji Reddy

Abstract:

The paper describes the importance of preventive measures and immediate Emergency logistics during accidents and unfortunate Disasters for the Hyderabad Metro Rails in their various stages of construction. This is the need of the modern generation where accidents, explosions, attacks and sudden crisis are frequent casualties which take huge tolls of life in the present world. The paper utilizes the workflow and application of Geographical information System (GIS) to provide information about problems and crisis structures for efficient Metro Transportation in the city. The study analyzes the difficulties and problems which cause accidents during operation and maintenance stages of the Metro Rail. The paper focuses upon the intermediate and firsthand information of Crisis with the help of GIS technology to share Disaster data for effective measures by the Cyber Police stations, Emergency Responders, Hospitals and First Aid Centre to act immediately and save lives. The results and conclusions have nevertheless proved very informative and useful for the safety board authorities of the Hyderabad Metro Rail. The operation and Maintenance are integral stages in the development of any Multipurpose transportation Projects and are usually prone to various Disasters and tragedies. Hence, the GIS technologies help in distribution of information among the masses with the web Technologies and advanced software developed to prevent and manage crisis widely and in a cost-benefits manner.

Keywords: Geographical Information System, emergency assessment, accident zones, surveillance

Procedia PDF Downloads 553

Authors: Michael I. Okereke, Ambrose I. Akpoyomare

Abstract:

This paper presents a numerical study of the impact mechanic of metallic and sandwich structures incorporate with blast resistance enhancements. The study focuses on structures that have been exposed to improvised explosives devices (IEDs) attacks. The results show numerical conclusions on mechanisms to ensure blast resistance enhancement for the applications studied in this work. The work has identified optimal panel configuration both in geometry and configurations to ensure optimal blast resistance response to such IEDs discharges. Findings from this work will drive improvements in especially military and civilian vehicles in countries where blast attacks on vehicular occupants are quite rampant like Pakistan and Afghanistan.

Keywords: blast resistance, blast enhancement, explosives, material behavior

Procedia PDF Downloads 357

Authors: Atma Sahu

Abstract:

After 9/11, there will only be cyberwars. The cyberwars increase in intensity the country's cybersecurity workforce's hiring and retention issues. Currently, many organizations have unfilled cybersecurity positions, and to a lesser degree, their cybersecurity teams are understaffed. Therefore, there is a critical need to develop a new program to help meet the market demand for cybersecurity engineers (CYSE) and personnel. Coppin State University in the United States was responsible for developing a cybersecurity engineering BS degree program. The CYSE curriculum design methodology consisted of three parts. First, the ACM Cross-Cutting Concepts standard's pervasive framework helped curriculum designers and students explore connections among the core courses' knowledge areas and reinforce the security mindset conveyed in them. Second, the core course context was created to assist students in resolving security issues in authentic cyber situations involving cyber security systems in various aspects of industrial work while adhering to the NIST standards framework. The last part of the CYSE curriculum design aspect was the institutional student learning outcomes (SLOs) integrated and aligned in content courses, representing more detailed outcomes and emphasizing what learners can do over merely what they know. The CYSE program's core courses express competencies and learning outcomes using action verbs from Bloom's Revised Taxonomy. This aspect of the CYSE BS degree program's design is based on these three pillars: the ACM, NIST, and SLO standards, which all CYSE curriculum designers should know. This unique CYSE curriculum design methodology will address how students and the CYSE program will be assessed and evaluated. It is also critical that educators, program managers, and students understand the importance of staying current in this fast-paced CYSE field.

Keywords: cyber security, cybersecurity engineering, systems engineering, NIST standards, physical systems

Procedia PDF Downloads 67

Authors: Naghmeh Moradpoor Sheykhkanloo

Abstract:

Structured Query Language Injection (SQLI) attack is a code injection technique in which malicious SQL statements are inserted into a given SQL database by simply using a web browser. Losing data, disclosing confidential information or even changing the value of data are the severe damages that SQLI attack can cause on a given database. SQLI attack has also been rated as the number-one attack among top ten web application threats on Open Web Application Security Project (OWASP). OWASP is an open community dedicated to enabling organisations to consider, develop, obtain, function, and preserve applications that can be trusted. In this paper, we propose an effective pattern recognition neural network model for detection and classification of SQLI attacks. The proposed model is built from three main elements of: a Uniform Resource Locator (URL) generator in order to generate thousands of malicious and benign URLs, a URL classifier in order to: 1) classify each generated URL to either a benign URL or a malicious URL and 2) classify the malicious URLs into different SQLI attack categories, and an NN model in order to: 1) detect either a given URL is a malicious URL or a benign URL and 2) identify the type of SQLI attack for each malicious URL. The model is first trained and then evaluated by employing thousands of benign and malicious URLs. The results of the experiments are presented in order to demonstrate the effectiveness of the proposed approach.

Keywords: neural networks, pattern recognition, SQL injection attacks, SQL injection attack classification, SQL injection attack detection

Procedia PDF Downloads 449

Authors: Lazgeen Mohammed

Abstract:

The greatest advantage of acupuncture over western medicine is that it is safe . Unlike synthetic drugs, acupuncture has virtually no side effects, and the procedures for treating headaches are much less invasive. Migraine headaches are usually one-sided, pulsating or throbbing, and moderate or severe in intensity.. Some patients also experience auras, a neurological symptom that develops gradually over 5-20 minutes. The patient may see brief flashes or waves of light, or changes in their vision. Other common features of auras include vertigo, imbalance, confusion and numbness.Acupuncture had been used to treat 50 patients suffering from migraine ,topiramat (topamax) given to prevent the attacks, duration of treatment is 10 weeks , the patients were fallowed up for one year .Topiramat is called an anticonvulsant.Topiramat is also used to prevent migraine headaches in adults and teenagers who are at least 12 years old. This medicine will only prevent migraine headaches or reduce the number of attacks. It will not treat a headache that has already begun.

Keywords: acpuncture, migraine, topiramat, headache

Procedia PDF Downloads 58

Authors: Veniamin Boiarkin, Bruno Bogaz Zarpelão, Muttukrishnan Rajarajan

Abstract:

The manufacturing sector is a vital component of most economies, which leads to a large number of cyberattacks on organisations, whereas disruption in operation may lead to significant economic consequences. Adversaries aim to disrupt the production processes of manufacturing companies, gain financial advantages, and steal intellectual property by getting unauthorised access to sensitive data. Access to sensitive data helps organisations to enhance the production and management processes. However, the majority of the existing data-sharing mechanisms are either susceptible to different cyber attacks or heavy in terms of computation overhead. In this paper, a privacy-preserving data-sharing scheme for smart utilities is proposed. First, a customer’s privacy adjustment mechanism is proposed to make sure that end-users have control over their privacy, which is required by the latest government regulations, such as the General Data Protection Regulation. Secondly, a local differential privacy-based mechanism is proposed to ensure the privacy of the end-users by hiding real data based on the end-user preferences. The proposed scheme may be applied to different industrial control systems, whereas in this study, it is validated for energy utility use cases consisting of smart, intelligent devices. The results show that the proposed scheme may guarantee the required level of privacy with an expected relative error in utility.

Keywords: data-sharing, local differential privacy, manufacturing, privacy-preserving mechanism, smart utility

Procedia PDF Downloads 59

Authors: Faisal Al Yahmadi, Muhammad R. Ahmed

Abstract:

Electric power is a fundamental necessity in the 21^st century. Consequently, any break in electric power is probably going to affect the general activity. To make the power supply smooth and efficient, a smart grid network is introduced which uses communication technology. In any communication network, security is essential. It has been observed from several recent incidents that adversary causes an interruption to the operation of networks. In order to resolve the issues, it is vital to understand the threats and vulnerabilities associated with the smart grid networks. In this paper, we have investigated the threats and vulnerabilities in Smart Grid Networks (SGN) and the few solutions in the literature. Proposed solutions showed developments in electricity theft countermeasures, Denial of services attacks (DoS) and malicious injection attacks detection model, as well as malicious nodes detection using watchdog like techniques and other solutions.

Keywords: smart grid network, security, threats, vulnerabilities

Procedia PDF Downloads 121

Authors: Mehrshad Khosraviani, Faramarz Abbaspour Leyl Abadi

Abstract:

The fundamental component of the computer network of modern information society will be considered. These networks are connected to the network of the internet generally. Due to the fact that the primary purpose of the Internet is not designed for, in recent decades, none of these networks in many of the attacks has been very important. Today, for the provision of security, different security tools and systems, including intrusion detection systems are used in the network. A common diagnosis system based on artificial immunity, the designer, the Adhasaz Foundation has been evaluated. The idea of using artificial safety methods in the diagnosis of abnormalities in computer networks it has been stimulated in the direction of their specificity, there are safety systems are similar to the common needs of m, that is non-diagnostic. For example, such methods can be used to detect any abnormalities, a variety of attacks, being memory, learning ability, and Khodtnzimi method of artificial immune algorithm pointed out. Diagnosis of the common system of education offered in this paper using only the normal samples is required for network and any additional data about the type of attacks is not. In the proposed system of positive selection and negative selection processes, selection of samples to create a distinction between the colony of normal attack is used. Copa real data collection on the evaluation of ij indicates the proposed system in the false alarm rate is often low compared to other ir methods and the detection rate is in the variations.

Keywords: artificial immune system, abnormality detection, intrusion detection, computer networks

Procedia PDF Downloads 341

Authors: Zhiyong Shan, Preethi Santhanam, Vinod Namboodiri, Rajiv Bagai

Abstract:

In recent years, the emerging network worms and attacks have distributive characteristics, which can spread globally in a very short time. Security management crossing networks to co-defense network-wide attacks and improve the efficiency of security administration is urgently needed. We propose a hierarchical distributed network security management system (HD-NSMS), which can integrate security management across multiple networks. First, we describe the system in macrostructure and microstructure; then discuss three key problems when building HD-NSMS: device model, alert mechanism, and emergency response mechanism; lastly, we describe the implementation of HD-NSMS. The paper is valuable for implementing NSMS in that it derives from a practical network security management system (NSMS).

Keywords: network security management, device organization, emergency response, cross-network

Procedia PDF Downloads 150

Authors: Diane H. Dotson, Shari L. Rodriguez

Abstract:

Habitat for predators is on the decline worldwide, which often brings humans and predators into conflict over remaining shared space and common resources. While the direct impacts of human predator conflict on humans (i.e., attacks on livestock or humans resulting in injury or death) are well documented, the indirect impacts of conflict on humans (i.e., downstream effects such as fear, stress, opportunity costs, PTSD) have not been addressed. We interviewed 437 people living in 54 villages on the periphery of Kanha National Park, India, to assess the amount and severity of direct and indirect impacts of predator conflict. ​While 58% of livestock owners believed that predator attacks on livestock guards occurred frequently and 62% of those who collect forest products believed that predator attacks on those collecting occurred frequently, less than 20% of all participants knew of someone who had experienced an attack. Data related to indirect impacts suggest that such impacts are common; 76% of participants indicated they were afraid a predator will physically injure them. Livestock owners reported that livestock guarding took time away from their primary job (61%) and getting enough sleep (73%), and believed that it increased their vulnerability to illnesses (80%). These results suggest that the perceptions of risk of predator attack are likely inflated, yet the costs of human predator impacts may be substantially higher than previously estimated, particularly related to human well-being, making the implementation of appropriate and effective conservation and conflict mitigation strategies and policies increasingly urgent.

Keywords: direct impacts, indirect impacts, human-predator conflict, India

Procedia PDF Downloads 142

Authors: Massimo Miccoli, Luca Marangoni, Alberto Aniello Scaringi, Alessandro Marceddu, Alessandro Amicone

Abstract:

The susceptibility of deep neural networks (DNNs) to adversarial manipulations is a recognized challenge within the computer vision domain. Adversarial examples, crafted by adding subtle yet malicious alterations to benign images, exploit this vulnerability. Various defense strategies have been proposed to safeguard DNNs against such attacks, stemming from diverse research hypotheses. Building upon prior work, our approach involves the utilization of autoencoder models. Autoencoders, a type of neural network, are trained to learn representations of training data and reconstruct inputs from these representations, typically minimizing reconstruction errors like mean squared error (MSE). Our autoencoder was trained on a dataset of benign examples; learning features specific to them. Consequently, when presented with significantly perturbed adversarial examples, the autoencoder exhibited high reconstruction errors. The architecture of the autoencoder was tailored to the dimensions of the images under evaluation. We considered various image sizes, constructing models differently for 256x256 and 512x512 images. Moreover, the choice of the computer vision model is crucial, as most adversarial attacks are designed with specific AI structures in mind. To mitigate this, we proposed a method to replace image-specific dimensions with a structure independent of both dimensions and neural network models, thereby enhancing robustness. Our multi-modal autoencoder reconstructs the spectral representation of images across the red-green-blue (RGB) color channels. To validate our approach, we conducted experiments using diverse datasets and subjected them to adversarial attacks using models such as ResNet50 and ViT_L_16 from the torch vision library. The autoencoder extracted features used in a classification model, resulting in an MSE (RGB) of 0.014, a classification accuracy of 97.33%, and a precision of 99%.

Keywords: adversarial attacks, malicious images detector, binary classifier, multimodal transformer autoencoder

Procedia PDF Downloads 92

Authors: Bander Alzahrani, Mohammed Alreshoodi

Abstract:

Information-centric networking (ICN) using architectures such as the Publish-Subscribe Internet Technology (PURSUIT) has been proposed as a new networking model that aims at replacing the current used end-centric networking model of the Internet. This emerged model focuses on what is being exchanged rather than which network entities are exchanging information, which gives the control plane functions such as routing and host location the ability to be specified according to the content items. The forwarding plane of the PURSUIT ICN architecture uses a simple and light mechanism based on Bloom filter technologies to forward the packets. Although this forwarding scheme solve many problems of the today’s Internet such as the growth of the routing table and the scalability issues, it is vulnerable to brute force attacks which are starting point to distributed- denial-of-service (DDoS) attacks. In this work, we design and analyze a novel source-routing and information delivery technique that keeps the simplicity of using Bloom filter-based forwarding while being able to deter different attacks such as denial of service attacks at the ingress of the network. To achieve this, special forwarding nodes called Edge-FW are directly attached to end user nodes and used to perform a security test for malicious injected random packets at the ingress of the path to prevent any possible attack brute force attacks at early stage. In this technique, a core entity of the PURSUIT ICN architecture called topology manager, that is responsible for finding shortest path and creating a forwarding identifiers (FId), uses a cryptographically secure hash function to create a 64-bit hash, h, over the formed FId for authentication purpose to be included in the packet. Our proposal restricts the attacker from injecting packets carrying random FIds with a high amount of filling factor ρ, by optimizing and reducing the maximum allowed filling factor ρm in the network. We optimize the FId to the minimum possible filling factor where ρ ≤ ρm, while it supports longer delivery trees, so the network scalability is not affected by the chosen ρm. With this scheme, the filling factor of any legitimate FId never exceeds the ρm while the filling factor of illegitimate FIds cannot exceed the chosen small value of ρm. Therefore, injecting a packet containing an FId with a large value of filling factor, to achieve higher attack probability, is not possible anymore. The preliminary analysis of this proposal indicates that with the designed scheme, the forwarding function can detect and prevent malicious activities such DDoS attacks at early stage and with very high probability.

Keywords: forwarding identifier, filling factor, information centric network, topology manager

Procedia PDF Downloads 136

Authors: Michael Zimba

Abstract:

A duplicated image region may be subjected to a number of attacks such as noise addition, compression, reflection, rotation, and scaling with the intention of either merely mating it to its targeted neighborhood or preventing its detection. In this paper, we present an effective and robust method of detecting duplicated regions inclusive of those affected by the various attacks. In order to reduce the dimension of the image, the proposed algorithm firstly performs discrete wavelet transform, DWT, of a suspicious image. However, unlike most existing copy move image forgery (CMIF) detection algorithms operating in the DWT domain which extract only the low frequency sub-band of the DWT of the suspicious image thereby leaving valuable information in the other three sub-bands, the proposed algorithm simultaneously extracts features from all the four sub-bands. The extracted features are not only more accurate representation of image regions but also robust to additive noise, JPEG compression, and affine transformation. Furthermore, principal component analysis-eigenvalue decomposition, PCA-EVD, is applied to reduce the dimension of the features. The extracted features are then sorted using the more computationally efficient Radix Sort algorithm. Finally, same affine transformation selection, SATS, a duplication verification method, is applied to detect duplicated regions. The proposed algorithm is not only fast but also more robust to attacks compared to the related CMIF detection algorithms. The experimental results show high detection rates.

Keywords: affine transformation, discrete wavelet transform, radix sort, SATS

Procedia PDF Downloads 216

Authors: Kang Huang, Wanting Zhou, Shiwei Yuan, Lei Li

Abstract:

Since information technology develops rapidly, the security issue has become an increasingly critical for computer system. In particular, as cloud computing and the Internet of Things (IoT) continue to gain widespread adoption, computer systems need to new security threats and attacks. The Root of Trust (RoT) is the foundation for providing basic trusted computing, which is used to verify the security and trustworthiness of other components. Design a reliable Root of Trust and guarantee its own security are essential for improving the overall security and credibility of computer systems. In this paper, we discuss the implementation of self-security technology based on the RISC-V Root of Trust at the hardware level. To effectively safeguard the security of the Root of Trust, researches on security safeguard technology on the Root of Trust have been studied. At first, a lightweight and secure boot framework is proposed as a secure mechanism. Secondly, two kinds of memory protection mechanism are built to against memory attacks. Moreover, hardware implementation of proposed method has been also investigated. A series of experiments and tests have been carried on to verify to effectiveness of the proposed method. The experimental results demonstrated that the proposed approach is effective in verifying the integrity of the Root of Trust’s own boot rom, user instructions, and data, ensuring authenticity and enabling the secure boot of the Root of Trust’s own system. Additionally, our approach provides memory protection against certain types of memory attacks, such as cache leaks and tampering, and ensures the security of root-of-trust sensitive information, including keys.

Keywords: root of trust, secure boot, memory protection, hardware security

Procedia PDF Downloads 173